CMTEDD is committed to leading the public sector and working collaboratively both within government and with the community to achieve ‘Government Outcomes.’ Effective risk management practices underpin the delivery of our services at all levels, strategic, business and operational. This enables the directorate to ensure that strategic risks or risks to the successful delivery of our services are identified and managed.
The directorate’s approach to risk management is based on the Australian Risk Management Standard (AS ISO 31000:2018) (the Standard). Standards Australia and the International Standards Organisation (ISO) updated the Standard during the period. The ACT Insurance Authority (ACTIA), a business unit within CMTEDD, incorporated the changes in the Standard into the ACT Government Risk Management Policy 2019, which provides the policy position for managing risk within the ACT.
The directorate’s risk policies, Risk Management Framework and Policy Statement (risk framework), Risk Management Plan (risk plan), and Business Continuity and Disaster Recovery Framework (BC framework) are reviewed at least every two years, to ensure that risk management is effective and continues to support organisational performance. The policy documents were reviewed, updated and endorsed during the period, incorporating changes in the Standard and ACT Government Risk Management Policy 2019.
The CMTEDD Audit and Risk Committee and Executive Management Group had oversight of risk management activities within the directorate. Existing risks were monitored, reviewed and reported on as part of the directorate’s regular review process. Emerging risks were identified and reviewed, to determine if they should be included in the directorate Strategic Risk Register.
Training across the directorate assisted with ensuring that there was a consistent, appropriate application of the risk framework and risk plan, and assisted in increasing the risk management maturity across CMTEDD. Training offered to staff included: Introduction to Risk Management; and Managing Risks in Projects. Specific area, project or program risk workshops were also conducted with a number of areas.
Business continuity management is a risk control that supports CMTEDD’s commitment to the ongoing delivery of the directorate’s critical business functions where a business interruption risk has been realised. The directorate, in conjunction with external partners, has designed and implemented a comprehensive testing schedule for testing and reviewing the business continuity and disaster recovery plans for the directorate.
Ultimately, the testing schedule provides practice and opportunity to build and improve resilience and capability across all areas of the directorate. Eight tests were conducted in the period in accordance with the CMTEDD Testing Schedule. The test exercises included desktop scenarios for business continuity and disaster recovery, a restoration from backup exercise and a live walk-through business continuity exercise. The scenarios tested included: loss of building or loss of access to the ordinary place of work; loss of critical systems required to deliver essential services; damage to the ACT Government Network and a security incident resulting in sustained network outage.
Further information can be obtained from
Robert Wright
Executive Group Manager
Corporate
+61 2 6207 0569
Robert.Wright@act.gov.au