Risk management is integral to the AOFM’s activities and is the responsibility of all staff. The Executive Group fosters a strong risk‑aware culture and supports staff in making appropriate risk‑informed decisions. The risk and assurance functions guide staff on the design, implementation and effective operation of appropriate risk treatments and controls.
The enterprise risk management framework is consistent with the Commonwealth Risk Management Policy and provides for the active and transparent management of uncertainty (threats and opportunities). Key reflection points are provided quarterly (at Executive Group meetings), and these are an established feature of annual corporate planning activities. Risk assessments are used as key inputs to strategy development and decisions on operational activities including any forthcoming significant changes. The enterprise risk management framework captures information that is used to identify emerging matters of note and key risks to be managed and monitored. This approach is used at both enterprise (‘top‑down’, outward focussed) and business unit (‘bottom‑up’, inward focussed) levels. Staff understand that risks are to be managed in line with the AOFM’s risk appetite and tolerance statements.
The AOFM’s enterprise risks are classified into three broad categories:
- Strategic risks — opportunities and exposures that impact the AOFM’s medium to long term objectives. These risks are monitored and reviewed by the Executive Group on a semi‑annual basis, with a comprehensive review of the context in which the AOFM operates undertaken as part of the annual corporate planning process,
- Portfolio risks — impact on portfolio management, investment and debt issuance activities. These risks are managed pursuant to the AOFM’s financial risk management framework and reviewed at least quarterly, and
- Operational risks — relate to business processes and corporate activities of the AOFM. They generally deal with matters of compliance, the availability, integrity and/or actions of staff, providers, systems and internal processes. These risks are reviewed at least quarterly.
The key areas of risk to achievement of the AOFM’s purpose and objectives arise from uncertainty relating to external factors (most notably the potential for sudden changes in the financing task, and/or economic or financial market conditions), or the implementation of major business initiatives. Key entity risks under management include the:
- potential negative impact of market trends or disruptive technologies on the successful issuance of AGS necessary to meet funding requirements;
- ongoing management of actions and messaging by the AOFM to maintain AGS investor confidence, as well as a positive view of the AGS market; and
- potential disruptions to third party suppliers or failure of internal systems and controls, which may negatively impact the AOFM’s ability to deliver outcomes in accordance with its objectives.
In 2019, the AOFM commissioned a risk culture review to assess maturity relative to benchmark results established from the previous review (conducted in 2017). The findings identified that AOFM’s policies, procedures and process‑led operations continued to help reinforce a strong risk‑aware environment. Staff demonstrated strong appreciation of risk as an enabler of business and viewed the Enterprise Risk and Assurance Group as a strategic business partner.