We have prepared answers to some important questions you may have about the Victorian Government Risk Management Framework, We will continue to develop our FAQs and other support material and we encourage you to continue to check the resources on our website or send us an email at firstname.lastname@example.org
- What is the new framework and why has it been updated?
- When is the framework update effective?
- What are the reporting requirements for 2015-2016?
- What happens if my agency does not comply?
- What is Ministerial Standing Direction 4.5.5 and where do I find a copy?
- If my agency is not obligated to report in the Annual Financial Report for the State of Victoria do the framework requirements apply?
- What are the key changes in the updated framework?
- What is interagency risk?
- What is a state significant risk?
- What happens if an interagency or state significant risk is brought to the attention of my agency?
- What support will VMIA provide?
- Where can I find out more?
- What if I have further questions or need help?
The Department of Treasury and Finance has released the updated Victorian Government Risk Management Framework in May 2015.
Originally issued in 2007, the framework has been updated to improve clarity on expectations and to reflect better practice approaches to risk management. The framework also outlines obligations and accountabilities for risk management and insurance for public sector departments and agencies.
Back to top
The update was released on Wednesday 13 May 2015.
Under Ministerial Standing Direction 4.5.5 – Risk Management Framework and Processes departments and agencies must provide an annual attestation of compliance. The Responsible Body is responsible for the accuracy and completeness of attestation and should utilise audit committees or other internal governance bodies, where available, to support the view expressed. All entities with specific roles and responsibilities under the VGRMF must fully comply with the requirements of Ministerial Standing Direction 4.5.5 and are responsible for appropriately identifying, assessing and managing all risks to which they are exposed. Agencies should establish and maintain effective risk governance that includes an appropriate internal management structure and oversight arrangements for managing risk. The responsible bodies are directly accountable for their organisations’ risk management obligations. Under section 13 A of the Public Administration Act 2004, the department head (Secretary) has responsibilities for advising the portfolio Minister on matters relating to relevant public entities (as defined in the Public Administration Act 2004) and for working with and providing guidance to these public entities. Consistent with this role, department heads are expected to advise the portfolio Minister on any significant risks relating to the relevant public entities.
Back to top
What happens if my agency does not comply?
If an agency is unable to attest to all requirements Departments and Agencies may amend the wording of the attestation having regard to their risk profile, risk management maturity and operating context. Where an agency has only partially complied with the Direction, the attestation must include an explanation of remedial actions to address areas of partial compliance. Please refer to Attestation Practice Notes [PDF, 471KB] for more detail.
Back to top
Ministerial Standing Directions have also been updated to align with the revised Framework.
The revised Standing Direction 4.5.5 replaces the previous Directions 4.5.5 - Risk Management and 22.214.171.124 - Insurance.
A copy of the updated Directions can be accessed in Standing Directions of the Minister for Finance
If my agency is not obligated to report in the Annual Financial Report for the State of Victoria do the framework requirements apply?
You are not required to comply with the framework requirements but it is recommended the framework is adopted as it reflects better practice risk management. Adopting the framework also supports attestation requirements for community service organisations funded through a Department of Health Human Services or Department of Education and Training service agreement. Please refer to VMIA VGRMF Resources page for more information.
Back to top
We have summarised the mandatory requirements for risk management and insurance in the table below to help you understand your risk obligations and accountabilities.
See the Victorian Government Risk Management Framework for all requirements
| Your agency must be satisfied that risk management is adequately resourced and that its risk management framework:
|| Your agency must arrange all of its insurance with VMIA (unless exempted) and as part of your annual insurance renewal process:
Interagency risk is a risk that is shared by two or more agencies that require coordinated management by more than one agency and may include systemic risks.
The responsibility for managing an interagency risk is shared by all the relevant agencies and will benefit from a coordinated response where one agency takes a lead role. Please refer to Interagency and State Significant Risk Practice Notes [PDF, 490KB] for additional practical support, advice and guidance.
Back to top
A state significant risk is risk where the potential consequences or impacts of the risk on the community, Government and the private sector are so large as to be of state significance.
A state significant risk can be the extension of an existing agency risk which, beyond a certain threshold, becomes severe enough to have state wide implications or it could be the aggregation of many agency specific risks. An agency’s responsibility is to ensure that a state significant risk is considered by decision makers at the appropriate level of government. Agencies are also responsible for contributing to management of the risks identified.
Back to top
If an interagency or state significant risk is brought to the attention of your agency, you are expected to work collaboratively with the identifying agency in analysing and evaluating the risk and to contribute, as appropriate, to the management of the risk. Please refer to Interagency and State Significant Risk Practice Notes [PDF, 490KB] for additional practical support, advice and guidance.
Back to top
Our work is to help public sector agencies be prepared for risk and to do so effectively and efficiently. We can provide you with risk advice, thought leadership and a coordination point for risk prevention, recovery and assurance. Our work is about:
- Education: building the skills and capabilities of your team to better respond to risks.We will work with public sector agencies to further develop risk concepts and how to comply with the mandatory requirements. As we develop these insights we will share this information. Over time, we will develop additional support material and learning programs.
- Advice: providing expert advice and consulting services to assist you in tackling your issues, guiding action and decision making.
- Insight: helping you turn information into knowledge, to know what’s important and guide your action.
- Learn: reflecting on what’s gone wrong to make changes for the future.
A range of resources are available from our VGRMF Resources page including Practice Notes, templates and e-Learn.