Risk oversight and management
The ABS implemented a new Risk Management Framework in 2018–19. While risk management continues to centre on the vigilance and initiative of staff and managers, the ABS has adopted a layered approach to risk that ensures an appropriate level of monitoring and oversight at both the business unit and enterprise levels. While our most complex projects and business critical functions adopt a very active stance on risk, other aspects of our business that are less exposed to irregular and uncertain environmental forces adopt a less intensive model that is, nevertheless, equally fit-for-purpose.
Our new Risk Governance and Accountability Arrangements have established a comprehensive set of responsibilities and accountabilities for staff and managers and allocated clear roles to specialist subject-matter committees for close oversight of relevant risk categories. The Terms of Reference for all internal committees have been reviewed and updated as necessary to ensure risk management responsibilities are both prominent and unambiguous. The ABS uses 11 risk categories, with tailored risk appetite levels, to give structure to our risk analyses and reporting.
The ABS continues to apply the ‘3 Lines of Defence’ model for our risk management, which combines: suitably trained and attentive business-unit level staff and managers; appropriately skilled and accessible corporate risk advisors and third party consultants; and independent expert external auditors. This proven model is further reinforced for our high-risk projects, such as Census 2021, with dedicated staff and advisors who can facilitate and sustain a level of focused risk management appropriate to the activity.
The Executive Board has continued to play an active role in shaping and overseeing the strategic risk appreciation process. In addition to quarterly routine risk reports, the Board actively solicits risk ‘deep dives’ for areas of significant or emerging risk. This is further reinforced through the use of senior executive level project boards that maintain active oversight of major project risks. As in past years, the Executive Board has been active in communicating the importance of improved risk consciousness within the business. In ‘town hall’ presentations to the organisation, and in Group-level gatherings, individual members of the Board have routinely stressed the importance of continuing to work on further maturing our risk capability.
The ABS Audit Committee has also played a critical role in sharpening the focus on risk assessment and management. This injection of external independent advice continues to provide the ABS with insight into better practice and is a trusted source of positive critique for the Australian Statistician and the wider Executive Board on the effectiveness of our risk management framework and risk culture.