Risk management is the systematic and scalable approach used by officials to make risk-informed decisions and take appropriate actions in relation to known events, issues or incidents that may affect achieving CER’s objectives.

The agency takes a risk-based approach to decision making, underpinned by our risk appetite and risk management framework. The framework outlines our system of risk management and oversight and is aligned to the Commonwealth Risk Management Policy and the ISO 31000: 2018 Risk Management Guidelines. The agency operates in a complex environment and recognises that risk and uncertainty is inherent in all that we do. The risk appetite of the agency articulates an appropriate and balanced view of its strategic risk environment related to the achievement of CER’s objectives. The Board regularly considers this position as it recognises the need to be willing and able to adapt the risk appetite if required, noting that global events are complex and matters can change rapidly.

The agency is continuing to mature its risk management capability and approach, embedding risk principles into organisational culture. A key element of this approach is increasing the risk capability at all levels of the organisation. To achieve this, it is educating and empowering staff to provide them with the knowledge, judgement and confidence to make more informed risk-based decisions. Our current strategic risks articulate the high-level risks to achieving our objectives and are identified as:

  • CER does not effectively manage its programs.
  • CER’s advice, insights and data are not of high quality.
  • CER does not adapt.

Effective management of the agency's risk is underpinned by controls that support:

  • streamlining regulatory processes across and within the schemes we administer,
  • targeting resources towards areas of highest risk, and
  • effectively and efficiently delivering the specific objectives of relevant legislation.