How to find things on our refreshed website >>
Explore
The link between organisational performance and risk maturity - header

The link between organisational performance and risk maturity

What does it mean to perform well?

What does it mean to perform well?

Fundamentally, it’s about achieving your objectives and fulfilling your remit as a public sector organisation. So,

  • defining the objectives of the organisation
  • managing obstacles to achieving them in your internal and external context
  • putting in place people and the resources and systems that'll make it possible for you to achieve those objectives.

These points are about the effectiveness of your organisation. Ideally an organisation should also carry out its functions and activities efficiently, with the minimum resources to do the work to the desired standards and without waste.

There's also an ethical dimension. People must be accountable, systems of governance must be transparent, decisions must be consistent and fair. All employees in the public sector must commit to the Victorian Government’s Code of Conduct(opens in a new window).

Responsible bodies and executives have specific obligations under legislation, such as the Corporations Act(opens in a new window), Public Administration Act(opens in a new window) or the Climate Change Act(opens in a new window), and responsibilities with legal impacts.

Managing risk = improving performance

Each of these dimensions of performance is clearly a risk management proposition.

Risk is the effect of uncertainty on your objectives.

Assessing risks to your objectives is how you identify and analyse obstacles, threats or opportunities, so you can put in place what is needed to perform well and act ethically.

As part of the risk assessment you evaluate risk, which is crucial in deciding how to use available resources, insure against loss, and justify decisions about expenditure. This puts risk management at the heart of sound financial management.

Organisations that perform well also do what they can to control the type and amount of uncertainty in their internal and external context so that their people, resources and systems can work as effectively as possible.

If you know the organisation’s appetite for risk you can confidently pursue objectives and use the organisation’s resources wisely to control risk.

Finally, organisations that manage risk are able to perform well across the broad range of situations, from the predictable to the chaotic, because they are capable, resilient and innovative.

What this shows is that that risk management, when done well, helps you achieves your objectives.

Risk management is critical to the performance of the organisation

This is why your risk management framework must be embedded into the governance and operation of your organisation so that all decision-makers are thinking about risk when they make decisions.

Your responsible body and executive team have a particular role to play in demonstrating good risk management practice in their own decision-making and communicating to other decision-makers about its value.

Use the following tools and links to show how strong performance depends on effective risk management.

Continuous improvement

Your organisation’s responsible body is accountable for continuously improving the performance of the organisation, which means they are responsible for continuously improving how it manages risk.

This means you need to work with your responsible body to

  • define the outcomes you are aiming for when it comes to managing risk
  • develop improvement plans
  • show how you'll evaluate whether your actions have achieved the desired outcomes.

Risk Maturity Benchmark

The Risk Maturity Benchmark (RMB) was developed as a self-assessment to help you put in place frameworks, processes and culture to manage risk effectively. It uses the concept of ‘risk maturity’ as a way of gauging your risk management performance and growth.

We encourage you to use it to

  • assess the elements of your risk framework, processes and culture objectively
  • determine the level of maturity that's right for your organisation
  • identify improvement opportunities that will help you reach that level of maturity.
risk maturity cycle

Deciding priorities

Start with the improvement opportunities that'll bring you in to line with the mandatory requirements of the Victorian Government Risk Management Framework (VGRMF)(opens in a new window).

For the rest, look at what will bring you most value in reaching your desired level of maturity, for example:

  • What will reinforce the benefits you get from actions to meet the mandatory requirements?
  • What will help you address specific areas of weakness in your frameworks, processes and culture?
  • What will help you manage specific risks that matter most to your responsible body?

Also note the effort it'll require to meet the priority. A high-effort action to meet a low priority isn't a good use of your organisation’s time.

Defining detailed and specific actions

The improvement opportunities suggest types of actions. For example,

“Consider integrating risk management into agency performance management programs. For example, examine what are expected risk behaviours, linking rewards programs to risk management, standard contract terms etc”

Your improvement plan will need to define specific actions, assign responsibility and resources, and set timeframes. For example,

ActionResponsibilityTimeframeResources
Design a program to reward decision-makers across the organisation for exemplary risk management behaviours and actions

Director, Human Resources

Enterprise Risk Manager

December 202XUse existing staff to design a program and manage it through to implementation.

What now?

RMB is an effective tool to help you put frameworks and processes for managing risk in place and embed them in the practices and culture of the organisation.

We encourage you to make it part of your own continuous improvement cycle and change management practices.

Updated