Implementing the Commonwealth Risk Management Policy (RMG 211)


This guide:

  • provides practical advice to assist Commonwealth officials to implement the requirements of the 2023 Commonwealth Risk Management Policy. 
  • is designed to be used as a learning resource and is not mandatory.

It is important that entities develop risk management frameworks and systems that are tailored to their needs. Entities may elect to adapt the concepts contained in this Guide to suit their specific needs or use alternative methodologies.

What is risk management?

Risk is the effect of uncertainty on objectives. The effect can be a positive and/or negative deviation from the expected outcome. Risk is often expressed in terms of a combination of an event (including changes in circumstances or knowledge) and the associated likelihood of occurrence. It is valuable to note that this definition does not refer solely to negative or down-side risk. It is applicable to both opportunity and threat.

Risk management is the coordinated activities to direct and control an organisation with regard to risk. These activities include the identification, monitoring, communication and reporting of risks.

What are the benefits of risk management?

  • improved ability to identify, evaluate, and manage threats and opportunities
  • improved accountability and better governance
  • better management of complex and shared risks
  • improved financial management
  • improved and informed decision-making
  • improved organisational performance and resilience.

Did you find this content useful?