Risk Oversight and Management
Corporate Plan 2020-2021
The Federal Court entity promotes an enterprise-wide risk management framework that supports the identification, analysis, assessment, treatment, monitoring and review of all strategic, professional, reputational, personnel, political and operational risks. These include risks to our stakeholders and emerging risks.
The Risk Management Plan has been developed in accordance with the methodology set out in Australian/New Zealand Risk Management Standard (AS/NZS ISO 31000:2009) and the Commonwealth Risk Management Policy 2014.
Risk management priorities
We have adopted seven broad criteria for establishing risk management priorities:
- Strategic risks—risks that affect performance against identified strategic priorities.
- Financial risks—risks that affect the financial outcomes of the entity or have detrimental financial impact.
- Risks to reputation—risks that affect the reputation of the entity and its ability to perform, or which may impair the community’s trust with the Courts and the judicial system.
- Operational risks—risks that affect the CEO and Principal Registrar’s management of and accountability for performance, including the entity’s service delivery obligations, regulatory framework and business relationships.
- Legal and compliance risks—risks arising from statutory and other compliance and reporting obligations as well as current or pending litigation to which the entity is a party.
- People risks—risks that affect staff ethical behaviour, the integrity of decisions, processes and information, or affect the work, health and safety of personnel.
- Information Management and Information Technology—risks associated with information services and the delivery of those services, programs and functions and includes business continuity, disaster recovery and external events impacting on the entity’s ability to deliver services.
Risks are reviewed at least each quarter and the risk register is updated after each review. Managing risks effectively and efficiently allows the entity to achieve its objectives. The importance of training and awareness programs in risk management is recognised, and consequently, the entity is committed to ensuring all staff receive regular training and information on risk management and their responsibilities.
The entity participates in Comcover’s annual Risk Management Benchmarking Program, which is designed to assess the maturity of a risk framework against the nine elements of the Commonwealth Risk Management Policy (the Policy), using a risk maturity model.
Additionally, Comcover’s annual Risk Management Benchmarking Survey benchmarks the entity’s risk management framework and capabilities against other participating agencies. The overall performance of the entity’s risk management program has improved over the last two years and is fit for purpose.
Oversight
The Audit Committee is established in accordance with s 45 of the Public Governance, Performance and Accountability Act 2013.
The CEO and Principal Registrar must establish and maintain an Audit Committee, with the functions and responsibilities required by s 17 of the Public Governance, Performance and Accountability Rule 2014.
The functions of the committee are to:
- provide independent assurance of the effectiveness of the entity’s Risk Management Framework
- review compliance with the entity’s Risk Management Policy
- monitor the implementation of the entity’s Risk Management Plan
- review compliance with finance law, including financial and performance reporting
- review risk reports periodically (quarterly and annual reports)
- review the internal control programs and advise whether key controls are appropriate and are operating effectively
- monitor and understand the potential impact of emerging risks on the entity’s ability to achieve its objectives, and
- provide assurance that the entity has well-designed business continuity and disaster recovery arrangements in place and are tested periodically.
The Enterprise Risk Management Committee is accountable to and supports the Accountable Authority by advising the Audit Committee and making recommendations concerning the development, implementation and operation of:
- the entity Risk Management Framework including the policy and plan
- the Accountable Authority’s Enterprise Risk Appetite Statement
- the Enterprise Wide Risk Register, and
- Risk treatment strategies and action plans.
The Enterprise Risk Management Committee also has responsibility to monitor the effectiveness of controls where the entity’s risk appetite has been exceeded. This will generally be where residual risk is assessed as High or Extreme, and determine which risks which are highlighted in the Enterprise Wide Risk Register.
As part of the entity’s continuous improvement approach and adopting best practices, the Risk Management Plan undergoes a periodic internal audit, either in its totality or specific sections (for example, fraud). The audit findings and recommendations are then reviewed and action plans are put in place to address the areas for improvement. The Audit Committee monitors quarterly, the implementation of the audit recommendations and respective action plans and advises on the suitability of the action plans proposed by management.
The table below provides some examples of the risks faced by the Courts and the Tribunal.
RISKS | AREA OF RISK | RISK DESCRIPTION | MITIGATION STRATEGY |
---|---|---|---|
Strategic | Disconnected future strategies | Risk for the Courts and Tribunal of conflicting strategic agendas with government |
|
Financial | Funding/ financial resources | Insufficient financial resources to support the essential requirements of the Courts and the Tribunal to deliver services to the customers |
|
Reputation | Inadequate guidance provided to judicial staff regarding media liaison practices | Reputational damage to the Courts which could lead to a lack of public confidence in the judicial system |
|
Operations (Technological) | Technological management | Information Technology (IT) tools and systems are unable or unavailable to support the judiciary, staff and customers of the Courts and the Tribunal |
|
Legal and compliance | Legal compliance | The Courts and the Tribunal are subject to litigation |
|
Operations (Security) | Security management | Attacks/threats to staff, judges and members of the public |
|
People | Calibre of personnel | Difficulty in recruiting skilled/experienced professional support staff, registrars and family consultants and the loss of key personnel |
|