In September 2014 the Director-General approved the Directorate’s new Risk Management Policy.
A draft Risk Management Plan and associated framework was developed by PricewaterhouseCoopers during the previous reporting period, with the policy finalised this year following further consultations with the Executive and independent members of the Audit Committee.
The policy contains eight strategic risks—four identified as being high and four identified as being medium—including operational, reputational and financial risks.
The policy seeks to encourage an environment with:
- a culture where management and staff are willing to deal with risk, be accountable and take responsibility, including appropriate support mechanisms where things go wrong
- a governance framework where risk is managed proactively, and through decisions that are informed by timely and accurate information, including reporting of emerging risks and early reporting when things go wrong or are off track
- open and honest consistent discussion of risk and a proactive attitude towards risk by management and staff, including an awareness of everyone’s risk management responsibilities.
To ensure the policy is effectively implemented, the Executive has agreed to the development of branch/division Risk Treatment Plans across the Directorate, the active oversight of risk management including the review of high and extreme risks on a quarterly basis, and the listing of emerging risks as a standing agenda item for Executive meetings.