Each DEECA agency is responsible for developing and implementing a risk management process that:
- is tailored to its purpose, functions and powers
- complies with its risk management obligations and good public sector governance practice.
Victorian Government Risk Management Framework
The Victorian Government Risk Management Framework (VGRMF) sets out the minimum risk management requirements, including insurance requirements, for the Victorian public sector.
The framework is legally binding on DEECA agencies that are subject to the Financial Management Act 1994 (FMA). Most major DEECA agencies are subject to the FMA*.
Even if your agency is not subject to the FMA it is good public sector governance practice to apply the risk management requirements in the framework.
* An agency that is subject to the FMA must submit an annual report that is tabled or reported in Parliament and comply with the financial management obligations, including risk management obligations in the Standing Directions 2018 and related Instructions issued under the FMA.
Key risk management duties
Some key risk management duties under the framework include:
- Your agency must have a risk management framework in place consistent with AS ISO 31000:2018 Risk Management – Guidelines that is reviewed annually and remains current
- Your agency must define its risk appetite, which is the type and amount of risk that your agency is prepared to accept in pursuing strategic objectives and business plan
- Your agency must demonstrate a positive risk culture
- Your agency must demonstrate that it is managing risk effectively, including having processes in place to identify and manage shared risks and state significant risks, as appropriate
- Your agency’s risk management process must be embedded into its corporate (strategic) and business (operational) planning and decision-making processes
- As part of financial management compliance, the board of the agency must attest in its annual report that the agency complies with requirements of the Financial Management Act, including that it manages its risks in accordance with the framework
Australian and New Zealand Standard
The framework adopts Australian and international standard AS ISO 31000:2018 Risk Management – Guidelines. Your agency’s risk management approach should be consistent with this standard and include:
- Communicating and consulting with internal/external stakeholders during risk assessment and treatment
- establishing the scope, context and criteria for the risk management process
- identifying the risk
- analysing the risk
- evaluating the risk
- treating the risk
- ongoing monitoring and review of risk exposure and of the effectiveness of risk controls
- recording and reporting risk management activities.
Assistance from VMIA
To assist public sector agencies to understand and comply with their risk management obligations and good practice, the Victorian Managed Insurance Authority (VMIA) offers a range of free tools, resources and expertise to better manage risk.
Practical guidance
The VMIA offers practical guidance and support materials for managing risks, improving capability and aligning with the VGRMF and AS ISO 31000. Your agency can adapt the guidance to suit its needs.
Risk maturity benchmark
The VMIA offers an online risk maturity self-assessment service to help you review, understand and improve internal risk management practices.
Risk management tools
Free tools and templates to support you in managing risks, including:
- Managing risk day to day
- Developing risk management frameworks
- Supporting your board
- Minimising insurable risk and managing claims
- Managing risk with other organisations
Workshops
Free workshops and seminars for those agencies which are insured with VMIA:
Standard | Board members and staff of your agency can arrange to attend VMIA’s standard seminars and workshops. |
|---|---|
Tailored | In addition, DEECA may be able to arrange with VMIA for a free seminar or workshop that is tailored to your agency’s needs – e.g. relevant case studies. |
For those DEECA agencies which are not insured with VMIA but are interested in VMIA workshops, seminars or other training, please contact your agency’s DEECA relationship team.
Other guidance and resources
Managing climate change risk
The Victorian Public Sector Commission (VPSC) has issued guidance for Victorian public sector board directors on managing climate-related risks in public entities.
Director’s duties with respect to climate risk
Useful links
Below are direct links to this topic on external websites:
- Victorian Managed Insurance Authority.
- As part of their watchdog role, the Victorian Ombudsman, the Victorian Auditor-General’s Office, and the Independent Broad-based Anti-corruption Commission (IBAC) can investigate and report on matters such as a public sector agency failing to properly manage its risk obligations.
Background Information
Risk appetite
An agency’s risk appetite is the type and amount of risk an organisation is willing to accept in pursuing its objectives. An agency’s risk appetite statement should:
- align with your risk management policy
- drive your risk management strategy and procedures
- be demonstrated in the contents of your risk register through risk tolerance and key risk indicators.
Risk management requirements
Risk management requirements include:
- the Standing Directions 2018 (and related Instructions) issued under s 8 of the Financial Management Act 1994, for example: Managing Risk (3.7); Oversight and assurance (3.2), and Internal control system (3.4)
- item 2.4 of the Code of Conduct for Directors of Victorian Public Entities (board members)
- any specific requirements in the agency's establishing Act.
Reviewed 23 August 2024
Page last updated: 27/08/24