B.4 Risk Management

B.4 Risk Management

CMTEDD is committed to ensuring that all business and operational processes are underpinned by effective risk management. The directorate’s approach to risk management is based on the Australian and New Zealand Risk Management Standard (AS/NZS ISO 31000:2009) (‘The Standard’). The Directorate’s risk policies, Risk Management Framework and Policy Statement (risk framework), Risk Management Plan (risk plan), and Business Continuity and Disaster Recovery Framework (BC framework) are reviewed every two years to ensure that risk management is effective and continues to support organisational performance. The policy documents were reviewed, updated and endorsed during the period, following consultation with the directorate’s business areas, senior managers and executive.

Existing risks were monitored, reviewed and reported on, as part of the directorate’s regular review process. Emerging risks were identified and reviewed, to determine if they should be included in the directorate Strategic Risk Register. The CMTEDD Audit and Risk Committee, and Executive Management Group had oversight of risk management activities within the Directorate. Training across the directorate assisted with ensuring that there was a consistent, appropriate application of the risk framework and risk plan, and assisted in increasing the risk management maturity across CMTEDD. Training offered to staff included: Induction; Introduction to Risk Management; and Managing Risks in Projects. Specific area, project or program risk workshops were also conducted with a number of areas.

Business continuity management is a risk control that supports CMTEDD’s commitment to the ongoing delivery of the directorate’s critical business functions where a business interruption risk has been realised. The process to comprehensively review and update the directorate’s business continuity plans (BCPs) and disaster recovery plan (DRP) continued. Five tests were conducted in the period in accordance with the CMTEDD Testing Schedule – scenarios tested included: a desktop shut-down of a business critical system; an opportunity to test the relocation of critical staff during a building evacuation; and three sessions which involved a walk-through of a case study to confirm roles and responsibilities and potential improvements to plans and procedures.

Further information can be obtained from

Robert Wright
Executive Director
Corporate
+61 2 6207 0569
Robert.Wright@act.gov.au