CRC Communique 18 September 2025

The Committee received an update from the Department of Home Affairs on the Australian Cyber Security Strategy. Part of phase two of the strategy involves identifying and rating Systems of Government Significance (SoGS) to prioritise cyber threats for key vulnerabilities. The Committee were asked to review and provide feedback on the risk assessment process for identifying SoGS. 

• The chair of the COO Committee gave a verbal update on COOs’ strategic priorities following their committee planning session.
• The new COO Committee Representative on CRC will be the Chief Operating Officer, Department of Veterans’ Affairs.
• Key messages from the COO Committee 2025 strategy session included:
  • Growing government expectation that the APS should be proactive in generating ideas.
  • Emphasis on re-prioritising resources.
  • Shifting appetite for risk, including increasing appetite for proposals to Ministers who can make informed decisions on appropriate risk/reward balance.
  • COOs’ forward work plan was also discussed which will assist CRC to ensure its 2026 forward work plan support the COO Committee priorities.

• The Committee was briefed on the outcomes of the biennial Risk Management Benchmarking Program, which measures the risk capability of entities across the Commonwealth. The average maturity rating across Commonwealth entities was "Embedded"; an increase of up 3.7% from 2023.
• Culture and Capability remain the lowest areas of focus.
• Key findings of the 2025 program will be reported to the COO Committee.

The Committee discussed its evolving role, including proposals on how to best meet its core objectives. If you would like to provide feedback on evolving the role of the Commonwealth Risk Committee please forward your comments to: Commonwealthriskcommittee@finance.gov.au. 

The next meeting is scheduled for 17 November 2025.