Go to top of page

Risk Management Framework

Effective risk management supports IPFA’s agility and responsiveness to the demands placed on it.

IPFA takes an integrated approach to risk, which applies to all strategic and operational activities and team members. It informs business decisions, corporate governance arrangements and the business planning and performance reporting processes.

Our approach to risk management and oversight is contained in IPFA’s Risk Management Policy and Risk Management Framework and has been developed in accordance with the Commonwealth Risk Management Policy. Guidance is also provided to team members through IPFA’s AAI focused on Managing Risk and Internal Accountability.

The Risk Management Framework includes systems, policies, guidelines and processes to ensure the integration of a risk aware and managed culture across our operations and practices. It provides the basis to identify, prevent or mitigate the impact of uncertainty on the achievement of IPFA’s purposes as stated in our Corporate Plan. Identified strategic and operational risks are categorised under key strategic focus areas of clients, people and organisational.

IPFA maintains a Risk Management Framework and Policy. These are regularly reviewed by our Audit Committee. IPFA has a robust risk evaluation and management strategy. High-level strategic risks are identified and categorised under key areas of:

IPFA Strategic areas of risk


Strategic Risk

Risk mitigation strategies

  • IPFA does not deliver quality/timely service
  • IPFA is unable to maintain its independence
  • IPFA services are not trusted, sought or valued

IPFA continues to remain client and service focused, whilst being independent with a view to the right outcome.

Our responsibilities and accountabilities are clearly defined, we have robust internal processes and are always seeking continuous improvement.

We continue to engage and build quality relationships with our stakeholders, ensuring they have a clear understanding of our role, confidence when engaging with us and the opportunity to provide feedback.

We conduct regular stakeholder and client surveys to confirm our services remain responsive to the needs of our Australian Government clients.


  • IPFA cannot attract, retain or motivate the right people to ensure it can deliver its outcome
  • IPFA lacks capacity and appropriate skills to deliver as expected/required

IPFA’s ability to support the Australian Government in making commercially astute decisions on nationally significant infrastructure projects and programs is dependent on our people and culture.

We invest in our people by providing structured professional and employee development programs, formal training and secondment opportunities to build our internal capability. All team members commit to a performance and development plan, with clear expectations regarding effective performance. We offer flexible workplace arrangements and ensure team members are engaged at all levels.

We attract and retain the best possible people through strategies to build a reputation as a great place to work and develop and where team members are valued.


  • IPFA is exposed to fraud and/or corruption
  • IPFA suffers reputational damage
  • IPFA does not use information appropriately, loss of information
  • IPFA lacks financial resource to deliver its output
  • IPFA’s shared services arrangements – failure, or impact of changes in policies of provider agencies

IPFA takes its corporate and governance arrangements seriously, which is why it is now defined as a KPI.

The Audit Committee supports our governance arrangements through the provision of independent advice and assistance on the appropriateness of IPFA’s financial and performance reporting responsibilities, risk oversight and management, and systems of internal control.

We manage and strengthen our corporate and governance arrangements through implementation and regular review of our integrated Risk Management Framework and legislative requirements. There is regular and structured discussion of corporate and governance requirements at internal leadership team, and broader IPFA team meetings.

All team members are briefed and provided training on policy, legislative and compliance requirements across IPFA’s suite of governance policies.

Memorandums of Understanding with performance expectations are in place with service providers. These are frequently monitored.

Strategic and operational risk assessments have been undertaken to develop strategies to mitigate each risk. In many parts of our operations, with risk comes opportunity, and to that end, risk mitigation strategies are designed to ensure that opportunities are not missed. The treatment of identified risks takes into account IPFA’s defined risk appetite in its Risk Management Policy.

Continuous improvement is incorporated in the Risk Management Framework through regular review as well as formal and informal evaluation mechanisms. All risks are reviewed on an ongoing basis, including by the leadership team and also benefit from review and input by the Audit Committee. The Audit Committee also assesses the effectiveness of risk procedures against IPFA’s risk appetite.

Our focus on continuous improvement ensures we effectively manage risk and opportunities learning from our experiences.

This figure illustrates the key components of IPFA’s Risk Management Framework.

Risk Management Framework

Systems and structures

Appropriate frameworks are in place to manage, monitor and mitigate risk

A leadership and management environment and structure which is supported by an effective delegations schedule and a culture of ethical conduct driven from IPFA’s leadership team

Policies and procedures

Policies and procedures which support compliance with legislative and administrative requirement

An audit program which aligns with our Risk Management Framework


The fostering of a positive risk management culture that is built into our day to day practices

Enabling our people to engage with reasonable levels of risk within appropriate frameworks and behaviours


Education and awareness raising for all our people in respect of risk management and compliance obligations

An enterprise risk register which enables active identification, monitoring and management of key risks