Risk oversight and management
The effective management of risk is integral to achieving our priorities and supporting our purpose over the life of this plan. We embed risk management into business-as-usual practices and in the management of our financial, environmental and social responsibilities. Our approach ensures clear oversight, management and control of risks, and meets our obligations under the Public Governance, Performance and Accountability Act 2013.
Delivering the priorities of the Commission in a complex, challenging and uncertain environment requires us to pro-actively assess and manage risks and embrace and foster a positive risk culture.
The Risk Management Framework identifies why and how we undertake risk management. The Risk Management Framework allocates certain roles, functions and responsibilities to specific individuals to ensure risks are identified, assessed and managed.
Our overall risk appetite is moderate, which reflects the importance of being able to engage with risk to pursue opportunity. However, our risk appetite is low in relation to dishonest, deceptive and fraudulent conduct, the unauthorised disclosure of official information, and the health, safety and wellbeing of our employees.
We regularly monitor and report our risks to the Commission’s Audit and Risk Management Committee and Executive Board.
The Commission has identified four enterprise risks, which we manage in line with our Risk Management Framework. These enterprise risks are:
- Failure to meet our statutory obligations under the Public Service Act
- Data integrity
- Failure to deliver on key outcomes and to be a valued, credible and trusted partner to APS agencies
- Inability to attract, develop and retain required workforce capabilities