Treasury's approach to risk management seeks to clarify our environmental context, understand the drivers of uncertainty that arise in the delivery of our outcomes, facilitate informed decisions based on relevant and timely information, prepare our workforce to be measured yet agile in our response to emerging issues, and pursue opportunities for innovation where evidence demonstrates its contribution to improved outcomes for the Australian people.
Treasury's risk policy, framework and tools provide direction and support to all staff on effective risk management practices. These are maintained to ensure they remain fit-for-purpose and compliant with the Commonwealth Risk Management Policy and the requirements of the PGPA Act. Our risk management program embeds a strong risk culture through four elements:
The Executive Committee monitors the strategic risk environment and regularly discusses it in the context of Treasury's priorities, operating environment, resourcing and capability needs.
Treasury has a Chief Risk Officer and Risk Working Group members embedded within each group to drive consistent risk processes and attitudes.
All senior leaders set the tone from the top and empower staff by:
- Defining and communicating Treasury's risk appetite and behavioural expectations.
- Integrating risk management into strategic planning and decision making.
- Understanding business risks and opportunities and guiding staff to manage them.
Systems and oversight
Systems of risk reporting are in place to enable the Audit Committee and the Executive Committee to monitor critical and emerging risks and the shifting nature of Treasury's risk profile.
Treasury's Internal Audit Plan, updated annually, is designed to test the rigour of Treasury's risk controls and mitigation strategies.
At the operational level, risk management plans and reports are fit-for-purpose and relative to the level of complexity involved, avoiding unnecessary red tape or risk aversion.
Treasury promotes and recognises the behaviours which underpin our desired culture including support for:
- Evidence-based planning, advice and decision-making.
- Exercising sound judgment as to how risk is managed and pursued.
- Courage to progress new and different ways of doing things where it makes good business sense.
- Sharing learning from successes, near misses and failures.
- Actively working with stakeholders to manage shared risks.
Staff develop risk capability on-the-job through a number of formal and informal development options:
- A risk toolkit provides a suite of practical resources for all staff.
- Targeted development opportunities for senior leaders, managers, entry level and new staff.
- An enterprise risk team to provide support and advice.
- Risk champions embedded within the business to promote consistent risk practices.