The effective management of risk is integral to achieving our priorities and supporting our purpose over the life of this plan. We embed risk management into business-as-usual practices and in the management of our financial, environmental and social responsibilities. Our approach ensures clear oversight, management and control of risks, and meets our obligations under the Public Governance, Performance and Accountability Act 2013.
The Risk Management Framework identifies specific responsibilities for key personnel across our organisation. Our enterprise risk register assigns owners and tolerances for identified enterprise-level risk.
Our overall risk appetite is moderate, which reflects the importance of being able to engage with risk to pursue opportunity. However, our risk appetite is low in relation to dishonest, deceptive and fraudulent conduct, the unauthorised disclosure of official information, and the health, safety and wellbeing of our employees.
We will provide regular monitoring and reporting to our Audit and Risk Management Committee and our Executive Committee.
Currently, we have identified four enterprise risks, which we manage in line with our Risk Management Framework. These enterprise risks are:
- Failure to meet our statutory obligations under the Public Service Act.
- Data integrity.
- Failure to deliver on key outcomes and to be a valued, credible and trusted partner to APS agencies.
- Inability to attract, develop and retain required workforce capabilities.