Risk management is an essential element of Defence’s good governance and internal control environment. We maintain a system of risk oversight and management to support the achievement of Defence’s outcomes and meet its risk management obligations in accordance with the PGPA Act.

In 2019–20, Defence reviewed and updated its system of enterprise risk management to improve alignment of risk management with corporate planning and to enhance enterprise risk reporting. Key achievements included:

• publication of the updated Defence Risk Management Policy, which outlines a principles-based approach to the management of risk
• development of guidelines to support Defence’s risk management framework
• reporting to senior committees on the effectiveness of enterprise risk management
• a pilot program of deep dives into enterprise risk and control management
• a review of legislative compliance arrangements to enhance visibility of significant legislative compliance issues across the Defence enterprise.

In 2019–20, Defence continued to mature its business continuity program to enable delivery of key outcomes for Government during a disruptive incident, including planning in response to COVID-19.