Breadcrumbs (trail to this page)

Risk management guidelines


The Risk Management: Developing and Implementing a Risk Management Framework guide was originally developed in 2008 based on the AS/NZS 4360:2004 and the Draft ISO 31000 Risk Standard. This version has been updated to reflect changes to the Risk Standard, notably the adoption of ISO 31000 as the Australian Standard. Guide for developing and implementing your risk management framework cover

The original guide was developed in consultation with a broad range of stakeholders, including entities with responsibility for co-ordinating risk management in the Victorian Public Sector and a range of Victorian departments and selected agencies.

The guide aligns with the Australian/New Zealand Standard: Risk management – Principles and guidelines (AS/NZS ISO 31000:2009) which was released 20 November 2009.

The  Guide to Developing and Implementing a Risk Management Framework [PDF, 2.05 Mb] also seeks to support and to strengthen risk management through these key elements:

  1. All risk management frameworks and processes must as a minimum requirement, be consistent with the key principles of the Standard, or designated equivalent.
  2. An attestation from agency heads in annual reports that:  
    • risk management processes are in place consistent with the Standard
    • an internal control system is in place that enables the executive to understand, manage and satisfactorily control risk exposures
    • the risk profile of the department or agency has been critically reviewed within the last 12 months
    • a responsible body or audit committee verifies that view.
  3. The framework also promotes the need to address interagency and statewide risks when developing and implementing risk management processes.

Document structure

Topics covered in Risk Management Framework Guide diagram 

The “Guide for developing and implementing your risk management framework” comprises of three key sections:

  • Developing a risk management framework.
  • Implementing the risk management framework.
  • Monitoring and enhancing the risk management framework.

Developing and implementing your risk management framework

Document structure for Risk Management Framework Guide diagram

More information

For more information about our risk management guides and publications, email to contact our Risk Management Team.

VAGO report

The Victorian Auditor General has outlined a range of risks and challenges facing the state from a whole of government perspective.