Risk management guidelines
The Risk Management: Developing and Implementing a Risk Management Framework guide was originally developed in 2008 based on the AS/NZS 4360:2004 and the Draft ISO 31000 Risk Standard. This version has been updated to reflect changes to the Risk Standard, notably the adoption of ISO 31000 as the Australian Standard.
The original guide was developed in consultation with a broad range of stakeholders, including entities with responsibility for co-ordinating risk management in the Victorian Public Sector and a range of Victorian departments and selected agencies.
The guide aligns with the Australian/New Zealand Standard: Risk management – Principles and guidelines (AS/NZS ISO 31000:2009) which was released 20 November 2009.
The Guide to Developing and Implementing a Risk Management Framework [PDF, 2.05 Mb] also seeks to support and to strengthen risk management through these key elements:
- All risk management frameworks and processes must as a minimum requirement, be consistent with the key principles of the Standard, or designated equivalent.
- An attestation from agency heads in annual reports that:
- risk management processes are in place consistent with the Standard
- an internal control system is in place that enables the executive to understand, manage and satisfactorily control risk exposures
- the risk profile of the department or agency has been critically reviewed within the last 12 months
- a responsible body or audit committee verifies that view.
- The framework also promotes the need to address interagency and statewide risks when developing and implementing risk management processes.
The “Guide for developing and implementing your risk management framework” comprises of three key sections:
- Developing a risk management framework.
- Implementing the risk management framework.
- Monitoring and enhancing the risk management framework.
Developing and implementing your risk management framework
Templates from the Risk Management Guidelines
Appendix A - Risk Management Glossary [PDF, 63KB]
Appendix B - Risk Management Strategy Template [DOC, 52KB]
Appendix C - Risk Management Policy Template [DOC, 62KB]
Appendix D - Risk Management Procedure Template [DOC, 1MB]
Appendix E - Risk Rating Criteria Template [DOC, 47KB]
Appendix F - Common risk categories for the public sector [PPT, 1MB]
Appendix G - Communication and consultation plan template [DOC, 62KB]
Appendix H - Risk Training Slides [PPT, 1MB]
Appendix I - Common Example Risks [DOC, 87KB]
Appendix J - Risk Assessment Template [DOC, 61KB]
Appendix K - Risk Register Template [XLS, 29KB]
Appendix L - Risk Management Register Template [XLS, 62KB]
Appendix M - Risk Reporting Criteria Template [DOC, 222KB]
Appendix N - Risk Management Checklist [XLS, 35KB]
Appendix O - Risk Management Information Systems Checklist [XLS, 23KB]
Appendix P - Good Practice Guide - Managing risk across the public sector [PDF, 295KB]
^ Back to the top