Risk Oversight and Management

Corporate Plan 2020-2021

The Federal Court entity promotes an enterprise-wide risk management framework that supports the identification, analysis, assessment, treatment, monitoring and review of all strategic, professional, reputational, personnel, political and operational risks. These include risks to our stakeholders and emerging risks.

The Risk Management Plan has been developed in accordance with the methodology set out in Australian/New Zealand Risk Management Standard (AS/NZS ISO 31000:2009) and the Commonwealth Risk Management Policy 2014.

Risk management priorities

We have adopted seven broad criteria for establishing risk management priorities:

  1. Strategic risks—risks that affect performance against identified strategic priorities.
  2. Financial risks—risks that affect the financial outcomes of the entity or have detrimental financial impact.
  3. Risks to reputation—risks that affect the reputation of the entity and its ability to perform, or which may impair the community’s trust with the Courts and the judicial system.
  4. Operational risks—risks that affect the CEO and Principal Registrar’s management of and accountability for performance, including the entity’s service delivery obligations, regulatory framework and business relationships.
  5. Legal and compliance risks—risks arising from statutory and other compliance and reporting obligations as well as current or pending litigation to which the entity is a party.
  6. People risks—risks that affect staff ethical behaviour, the integrity of decisions, processes and information, or affect the work, health and safety of personnel.
  7. Information Management and Information Technology—risks associated with information services and the delivery of those services, programs and functions and includes business continuity, disaster recovery and external events impacting on the entity’s ability to deliver services.

Risks are reviewed at least each quarter and the risk register is updated after each review. Managing risks effectively and efficiently allows the entity to achieve its objectives. The importance of training and awareness programs in risk management is recognised, and consequently, the entity is committed to ensuring all staff receive regular training and information on risk management and their responsibilities.

The entity participates in Comcover’s annual Risk Management Benchmarking Program, which is designed to assess the maturity of a risk framework against the nine elements of the Commonwealth Risk Management Policy (the Policy), using a risk maturity model.

Additionally, Comcover’s annual Risk Management Benchmarking Survey benchmarks the entity’s risk management framework and capabilities against other participating agencies. The overall performance of the entity’s risk management program has improved over the last two years and is fit for purpose.


The Audit Committee is established in accordance with s 45 of the Public Governance, Performance and Accountability Act 2013.

The CEO and Principal Registrar must establish and maintain an Audit Committee, with the functions and responsibilities required by s 17 of the Public Governance, Performance and Accountability Rule 2014.

The functions of the committee are to:

  • provide independent assurance of the effectiveness of the entity’s Risk Management Framework
  • review compliance with the entity’s Risk Management Policy
  • monitor the implementation of the entity’s Risk Management Plan
  • review compliance with finance law, including financial and performance reporting
  • review risk reports periodically (quarterly and annual reports)
  • review the internal control programs and advise whether key controls are appropriate and are operating effectively
  • monitor and understand the potential impact of emerging risks on the entity’s ability to achieve its objectives, and
  • provide assurance that the entity has well-designed business continuity and disaster recovery arrangements in place and are tested periodically.

The Enterprise Risk Management Committee is accountable to and supports the Accountable Authority by advising the Audit Committee and making recommendations concerning the development, implementation and operation of:

  • the entity Risk Management Framework including the policy and plan
  • the Accountable Authority’s Enterprise Risk Appetite Statement
  • the Enterprise Wide Risk Register, and
  • Risk treatment strategies and action plans.

The Enterprise Risk Management Committee also has responsibility to monitor the effectiveness of controls where the entity’s risk appetite has been exceeded. This will generally be where residual risk is assessed as High or Extreme, and determine which risks which are highlighted in the Enterprise Wide Risk Register.

As part of the entity’s continuous improvement approach and adopting best practices, the Risk Management Plan undergoes a periodic internal audit, either in its totality or specific sections (for example, fraud). The audit findings and recommendations are then reviewed and action plans are put in place to address the areas for improvement. The Audit Committee monitors quarterly, the implementation of the audit recommendations and respective action plans and advises on the suitability of the action plans proposed by management.

The table below provides some examples of the risks faced by the Courts and the Tribunal.






Disconnected future strategies

Risk for the Courts and Tribunal of conflicting strategic agendas with government

  • Communication and consultation with key stakeholders, particularly the Minister, Attorney-General’s Department, Department of Finance, and key government agencies.


Funding/ financial resources

Insufficient financial resources to support the essential requirements of the Courts and the Tribunal to deliver services to the customers

  • Robust budgeting and disciplined financial management practices.
  • Communication/consultation with key stakeholders, particularly the Minister, Attorney-General’s Department, Department of Finance and key government agencies.
  • Continued refinement of e-services to drive work practice efficiencies and better, quicker, less expensive services to customers.


Inadequate guidance provided to judicial staff regarding media liaison practices

Reputational damage to the Courts which could lead to a lack of public confidence in the judicial system

  • Guidance provided to judicial and other relevant staff regarding media liaison practices.
  • A media management guide is provided to assist judges, their staff and registry staff in handling situations where there is media interest.
  • Official statements are reviewed prior to release.

Operations (Technological)

Technological management

Information Technology (IT) tools and systems are unable or unavailable to support the judiciary, staff and customers of the Courts and the Tribunal

  • Ongoing refinements to the Electronic Court File (ECF) improving functionality (diminishing risks arising from double handling of data and not recording properly).
  • Business continuity and IT disaster recovery plans in place
  • Continued and active investigation of transformational opportunities, such as ECF, electronic consent orders and examination of how the Courts’ case management procedures could be more robust through IT support.
  • Ongoing review of systems (including case management applications) across the Courts and the Tribunal to ensure they are technically sound and operate with a high level of data integrity.

Legal and compliance

Legal compliance

The Courts and the Tribunal are subject to litigation

  • Procurement and contract management is carefully undertaken and supervised to protect the entity.
  • Internal policies and procedures about how to comply with federal and state legislation, as well as the procedural rules of the Courts and the Tribunal are in place and are easy to understand and obtain.

Operations (Security)

Security management

Attacks/threats to staff, judges and members of the public

  • Ensure staff are aware of safety and security protocols.
  • Sheriff and Marshal oversee security functions.
  • Building Management Committee oversees security function at each location.
  • X-ray and/or metal detection and security cameras at each court.
  • Limited access to the secure areas in each building.
  • Higher cyber security awareness and enhanced protective security measures.


Calibre of personnel

Difficulty in recruiting skilled/experienced professional support staff, registrars and family consultants and the loss of key personnel

  • Performance reporting and monitoring of resources.
  • Implement workforce planning and an integrated learning and development framework. This includes specialist services and culturally competent staff to assist carry out necessary functions.