In May 2018, PSR worked with consultants Noetic to conduct a risk assessment of its activities, covering both strategic and operational risks. PSR has invested significantly in the development of a robust risk management framework.
This investment has continued with the annual Risk Management Workshop and review of PSR’s Risk Management Plan.
The Risk Management Workshop involved all staff, the chair and members of PSR’s Audit and Risk Committee, and included a review of PSR’s Risk Management Plan. Outcomes from the workshop provided an opportunity for the agency to consider any risks or compliance issues in the context of developing PSR’s annual Internal Audit Plan.
The PSR Risk Management Plan summarises the strategic risk context and operational risk assessment for the agency. The plan also outlines key mitigation strategies to be implemented, and roles and responsibilities for monitoring and reviewing risks.
In addition, Noetic worked with PSR to review its approach to tracking and managing risks. The 2018–19 Risk Action Plan identifies and prioritises further opportunities for improvement in risk management, taking into account both the maturity of the agency’s risk management practices, and its capacity for developing and implementing further change.
The maturity assessment was undertaken by Noetic at a high level, drawing on its risk management knowledge, and experience in the private and Australian Government sectors. It was based on what would reasonably be expected of an organisation of PSR’s size, nature and complexity.
The findings from this annual review have provided input into the assessment of future improvement initiatives.
The improvement priorities identified include:
· reviewing policy documents
· streamlining risk monitoring and reporting
· more effectively linking risk management and business planning
· ensuring staff engagement
· outsourcing risk management advice or related services where appropriate.
The risk assessment will also be used to prepare PSR’s annual Internal Audit Plan. The Internal Audit Plan includes provision for additional audits should circumstances change during the year. The preparation of the risk assessment is based on a methodology that recognises inherent risk and control effectiveness.
PSR reports on the Internal Audit Plan and provides regular updates on the status of audit recommendations to the PSR Audit and Risk Committee.
Although risk management and internal controls are overseen by the Audit and Risk Committee, primary responsibility for managing risk and internal controls rests with managers, who are required to ensure that risks are identified and managed within their units.