Risk management is the systematic and scalable approach used by officials to make risk-informed decisions and take appropriate actions in relation to known events, issues or incidents that may affect achieving the CER’s objectives.
The CER takes a risk-informed approach to decision-making, underpinned by our risk appetite and tolerance, and risk management framework. The framework outlines our system of risk management and oversight and is aligned to the Commonwealth Risk Management Policy and the ISO 31000: 2018 Risk Management Guidelines. We operate in a complex environment and recognise risk and uncertainty are inherent in all we do. The CER’s risk appetite and tolerance articulates an appropriate and balanced view of its risk environment related to the achievement of our objectives. The Board regularly considers this position as it recognises the need to be willing and able to adapt the risk appetite and tolerance if required, noting global events are complex, and conditions can change rapidly.
The CER is continuing to mature its risk management capability and approach, embedding risk principles into organisational culture. A key element of this approach is increasing the risk capability at all levels of the organisation. To achieve this, it is educating and empowering staff to provide them with the knowledge, judgement and confidence to make decisions that are adequately risk informed. Our strategic risks articulate the high-level risks to achieving our objectives and are identified as:
- CER does not effectively manage its programs.
- CER’s advice, insights and data are not of high quality.
- CER does not adapt.
Effective risk management is underpinned by controls that support:
- Streamlining regulatory processes across and within the schemes we administer.
- Targeting resources towards areas of highest risk.
- Effectively and efficiently delivering the specific objectives of relevant legislation.
We have embedded a program to test the effectiveness of key risk controls, complementing the work of our internal audits, which provides an additional level of independent and objective assurance that the controls designed to manage the agency’s risks are working as intended.