The revised Victorian Government Risk Management Framework (VGRMF), sets out the minimum requirements when it comes to managing risk—it’s the recommended baseline for all organisations across the Victorian public sector.

It’s important for decision makers to see how they can protect and create value for the people, places and systems in their care. With guidance and tools, decision makers will be able to confidently implement procedures and processes that are right for their organisation.


The purpose of this project is to explain important VGRMF concepts, and translate the framework to practical guidance that is easy-to-apply settings within your organisation. To support you in managing risk within your organisation, we’re opening design sessions and invite you to collaborate on tools and topics. These topics will be released over the next few months.

We invite you to check in on this project from time to time to explore the topics that may be of interest to you. Follow us on LinkedIn and Twitter, for future design lab topics and updates.

A revised VGRMF – effective 1 July 2021

The revised VGRMF comes into effect on 1 July 2021. From that date, all agencies must attest to the revised VGRMF. To view the revised framework, visit the Department of Treasury and Finance website.

We’ve also summarised information that you need to know on our key changes to the revised VGRMF page.


The topics are primarily targeted at risk practitioners across the Victorian public sector. We also welcome decision makers within your organisation to explore the topics to build foundational knowledge and practise good decision making.

Where to start

Select the topics that interest you and explore the related tools. Please then submit your feedback on your experience via the survey. We’ll use your response to improve future iterations of the resources and guidance materials.

Guides and tools for managing risk

Have your say on the new guides and tools to ensure they support you in effectively managing risk within your organisation.


Defining your organisation’s risk appetite

Establishing your organisation’s risk appetite can help you determine where your organisation stands on risks and how to control them.


The link between organisational performance and risk maturity

By working towards a higher risk maturity level, your planning will lead to improvements in your risk management and overall organisational performance.


Developing a foundation-level framework for your organisation

Explore the core elements required to adequately manage risks in the internal and external context.


Designing processes to manage risk

What are the critical processes for all decision makers and how do you measure their effectiveness?


Making decisions in situations of uncertainty

Managing risk is not about removing uncertainty but about learning to make good decisions in spite of it.


What is risk?

A good understanding of risk will help you see how managing it can protect and create value for your organisation.


Identifying, analysing and evaluating risks

Every decision maker should use these three steps to assess risks to their organisation’s objectives.


Attesting to VGRMF requirements

Attestation is an opportunity to examine your risk management framework and assure the public that you are taking steps to manage risk.


Building your risk management framework

An effective framework starts with a thorough analysis of your internal and external context.