Breadcrumbs (trail to this page)

Risk attestation

Departments and agencies are required to provide an attestation, or a written confirmation, as part of their report of operations that they understand, manage and control key risk or exposure.

The Victorian Government Risk Management Framework

The Department of Treasury and Finance released the Victorian Government Risk Management Framework originally in 2007 with an update in 2011. The framework provides for a minimum risk standard across State entities and outlines their roles and responsibilities. Attestation, for example, is required in annual reports.

We recommend that all public sector agencies adopt the framework, however it is compulsory for those agencies that report in the Annual Financial Report for the State of Victoria.

Elements of the Framework

One significant requirement under the framework is the need for accountable officers to ‘attest’ in their organisation’s annual report, that:

risk management processes consistent with the AS/NZS ISO 31000:2009 Standard are in place
an internal control system is in place that enables the executive to understand, manage and satisfactorily control risk exposures
the audit committee/board verify the assurance made and that the risk profile has been critically reviewed within the last 12 months.

The attestation process ensures that organisation-wide risk management culture, processes and structures are embedded across the business, so that risk management is relevant, effective, efficient and sustained.

^ Back to the Top