The Commonwealth Risk Management Policy Review

The Commonwealth Risk Management Policy (the Policy) was introduced on 1 July 2014. The Policy was developed to support section 16 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), which requires accountable authorities to maintain systems of risk oversight, management and internal control.

Since the introduction of the Policy in 2014, there has been a steady improvement in the management of risk in relation to establishing appropriate frameworks for managing risk.

The Independent Review into the Public Governance, Performance and Accountability Act 2013 and Rule recommended Finance ‘ review and determine whether any aspect of the Commonwealth Risk Management Policy and the Comcover Benchmarking Survey Tool require changes to be made to improve coherence and operation’.

In line with this recommendation, a review of the Policy was undertaken this year. The review was over seen by a Committee comprising of senior executives from key Commonwealth agencies.

The review led to a revised draft policy that focuses on strengthening risk culture and behaviours to improve the risk maturity of entities within the following five areas:

  1. Culture, leadership and behaviour
  2. Shared risk
  3. Engagement with risk
  4. Effectiveness of risk controls
  5. Communication and the appropriate escalation of risk.

If you would like to provide feedback on the draft Policy, please contact for further information.

Did you find this content useful?