B.4 Risk Management
CMTEDD identified and managed risk at the strategic and divisional levels. The CMTEDD Audit and Risk Committee and Executive Management Group had oversight of risk management within the directorate.
The directorate’s approach to risk management is set out in CMTEDD Risk Management Framework and Policy Statement and the CMTEDD Risk Management Plan. Risk management in CMTEDD is based on the Australian and New Zealand Risk Management Standard (AS/NZS ISO 31000:2009) (‘The Standard’).
An internal review and update of the framework and plan was conducted in line with requirements of the Standard. The framework and plan will be reviewed every two years to ensure risk management is effective and continues to support organisational performance.
Existing risks were monitored and reported on utilising risk treatment action plans while emerging risks were identified, reported and reviewed to determine if they should be included in the directorate Strategic Risk Register.
Executive and Senior Managers from each Division participated in risk management reviews to ensure that all relevant risks are identified and managed. Individual Divisional risk registers are utilised to capture the risk profile of the directorate.
Training across the directorate assisted with ensuring that there was a consistent, appropriate application of the risk framework and plan, and assisted in increasing the risk management maturity across CMTEDD
During the year a comprehensive review and updating program of CMTEDD’s Business Continuity Plans (BCP) continued. CMTEDD also maintains a BCP testing schedule and tests plans utilising scenario walkthrough exercises and emergency simulations, eight BCPs were tested during 2015-16.
The top level BCP developed at the directorate level is a directional document providing centralised operational functions, guidance, management and oversight of the business unit level BCPs if activated.
For further information contact:
+61 2 62070569