Risk oversight and management

Risk management in the Listed Entity identifies and addresses the uncertainty in achieving our purpose. The goal of risk management is to appropriately mitigate risk and assist with identifying opportunities, thereby enhancing our ability to respond to the Heads of Jurisdiction requirements, Australian Government policy and legislative change, and to assist in providing the public with efficient and effective delivery of justice.

Success depends upon developing our people, strengthening and adapting systems, and forging strong relationships with stakeholders. By carefully applying appropriate risk management principles that have been recognised by our Internal Auditors as fit for purpose, we will maximise the efficiency and effectiveness of planning, decision-making, managing uncertainty and our use of resources to achieve the desired outcomes.

The risk management framework supports the identification, analysis, assessment, treatment, monitoring, and review of all strategic, financial, reputational, personnel, political and operational risks. These include risks to our stakeholders and emerging risks.

The Listed Entity’s risk framework is designed to:

  • ensure risk management supports our purpose
  • support a culture which encourages people to report incidents and take ownership of problems
  • ensure risk management thinking is embedded in all activities; enabling the achievement of better outcomes
  • ensure stakeholders are consulted to enable the consideration of a broader perspective
  • identify and manage entity-wide strategic risks and program or project-specific risks
  • promote sharing of risk information and experiences within the Listed Entity and across the Australian Government Community of Practices to develop more consistent approaches to managing risk, and
  • align with the PGPA Act and the Australian Government’s expectations as detailed in the Commonwealth Risk Management Policy.

The Risk Management Framework and Plan, developed in accordance with the methodology set out in Commonwealth Risk Management Policy 2014 and the Australian/New Zealand Risk Management Standard (AS/NZS ISO 31000:2018), have been recently reviewed by Internal Audit which confirmed the framework and plan are fit for purpose.

Risk management priorities

The Listed Entity’s risk management priorities are established based on seven broad risk categories:

1. Strategic risks – risks that affect performance against identified strategic objectives.

2. Financial risks – risks that affect the financial outcomes of the Listed Entity or have detrimental financial impact.

3. Risks to reputation – risks that affect the reputation of the Listed Entity and its ability to perform, or which may impair the community’s trust with the Courts, Tribunal and the judicial system.

4. Operational risks – risks that affect the management of and accountability for performance, including the Listed Entity’s service delivery obligations, regulatory framework and business relationships.

5. Legal and compliance risks – risks arising from statutory and other compliance and reporting obligations as well as current or pending litigation to which the Listed Entity is a party.

6. People risks – risks that affect staff ethical behaviour, the integrity of decisions, processes and information, or affect the work, health and safety and wellbeing of our personnel, including psychosocial risks.

7. Information Management and Information Technology – risks associated with information and communication services and the delivery of those services, programs, and functions and includes business continuity, IT disaster recovery and external events, including cyber-attacks, impacting on the Listed Entity’s ability to deliver services.

Oversight

The Audit Committee is established in accordance with section 45 of the PGPA Act and provides specific functions to assist with meeting the Accountable Authority obligations.

The functions of the committee are to:

  • provide independent assurance of the effectiveness of the Listed Entity’s Risk Management Framework
  • review compliance with the Listed Entity’s Risk Management Policy and monitor and understand the potential impact of emerging risks on the Listed Entity’s ability to achieve its objectives
  • monitor the implementation of the Listed Entity’s Risk Management Plan
  • review compliance with finance law, including financial and performance reporting, risk reports periodically (quarterly and annual reports) and the internal control programs and advise whether key controls are appropriate and are operating effectively, and
  • provide assurance that the Listed Entity has well-designed business continuity and IT disaster recovery arrangements in place and that these are tested periodically.

The Enterprise Risk Management Committee (ERMC) was established to provide oversight of the implementation and operation of the Listed Entity Risk Management Plan and is accountable to and supports the Accountable Authority by making recommendations concerning:

  • the Listed Entity Risk Management Framework including the policy and plan
  • the Accountable Authority’s Enterprise Risk Appetite Statement
  • the Enterprise Wide Risk Register, and
  • risk treatment strategies and action plans.

The ERMC also has responsibility for monitoring the effectiveness of controls where the Entity’s risk appetite has been exceeded.

Risk management oversight, together with broader responsibility for governance and compliance matters, has now been consolidated into a single Governance, Risk and Compliance area within Corporate Services.A diagram showing the risk management structure of the Federal Court Listed Entity. This is a complex diagram and may require specific support for visually impaired people. Please contact query@fedcourt.gov.au if required.

Figure 1. Federal Court Listed Entity risk management structure.

A diagram showing the risk management structure of the Federal Court Listed Entity. This is a complex diagram and may require specific support for visually impaired people. Please contact query@fedcourt.gov.au if required.

Table 1. Risk faced by the Listed Entity.

Risks

Area of risk

Risk description

Mitigation strategy

Strategic (Technology)

Information and/or Information system compromise.

Risks from all threat types to ICT assets which impact either the financial, operational, reputation, confidentiality, integrity and availability of information technology systems.

  • Centrally manage the detection and response to cyber security incidents.
  • Information Security policies, procedures, plans.
  • Improved cyber security culture with focused cyber awareness campaigns.
  • Cyber Security Certification and Accreditation.

Financial

Funding insufficient at Entity, Outcome or Program levels.

Insufficient Commonwealth funding levels or reductions to funding.

  • Robust budgeting and disciplined financial management practices.
  • Ongoing communication and consultation with Commonwealth key stakeholders and key government agencies.
  • Revision of the Court’s outcomes and related performance indicators and reporting.

Operational (Security)

Failure of protective security.

Substantial breakdown of security arrangements critical to foster a positive security culture.

  • Entity wide Security Framework, Policy Plan and procedures.
  • Dedicated security resources including contracted security services (guards).
  • Fit-for-purpose Commonwealth Protective Security Policy Framework requirements.
  • Entity wide security personnel policies.

People

Employee health, safety, and wellbeing.

Failure to meet employee safety and wellbeing obligations.

  • Work Health and Safety consultative committees.
  • Work Health and Safety policies
    fit-for-purpose.
  • Regular communications and consultation with staff of the Listed Entity.
  • Availability of online sessions for mindfulness, stress reduction exercises, and yoga.

Was this page useful?

What did you like about it?

If you would like the Court to contact you about your website feedback enter your email address in the box below. If you need help with a Court matter, visit the Contact Us pages or go to Live Chat.

How can we make it better?

If you would like the Court to contact you about your website feedback enter your email address in the box below. If you need help with a Court matter, visit the Contact Us pages or go to Live Chat.

* This online submission is protected by captcha