We have prepared answers to some important questions you may have about the Victorian Government Risk Management Framework, We will continue to develop our FAQs and other support material and we encourage you to continue to check the resources on our website or send us an email at contact@vmia.vic.gov.au

What is the new framework and why has it been updated?

The Department of Treasury and Finance has released the updated Victorian Government Risk Management Framework in May 2015.

Originally issued in 2007, the framework has been updated to improve clarity on expectations and to reflect better practice approaches to risk management. The framework also outlines obligations and accountabilities for risk management and insurance for public sector departments and agencies.
Back to top

When is the framework update effective?

The update was released on Wednesday 13 May 2015. 

What are the reporting requirements for 2015-2016?

Under Ministerial Standing Direction 4.5.5 – Risk Management Framework and Processes departments and agencies must provide an annual attestation of compliance. The Responsible Body is responsible for the accuracy and completeness of attestation and should utilise audit committees or other internal governance bodies, where available, to support the view expressed. All entities with specific roles and responsibilities under the VGRMF must fully comply with the requirements of Ministerial Standing Direction 4.5.5 and are responsible for appropriately identifying, assessing and managing all risks to which they are exposed. Agencies should establish and maintain effective risk governance that includes an appropriate internal management structure and oversight arrangements for managing risk. The responsible bodies are directly accountable for their organisations’ risk management obligations. Under section 13 A of the Public Administration Act 2004, the department head (Secretary) has responsibilities for advising the portfolio Minister on matters relating to relevant public entities (as defined in the Public Administration Act 2004) and for working with and providing guidance to these public entities. Consistent with this role, department heads are expected to advise the portfolio Minister on any significant risks relating to the relevant public entities. 
Back to top

What happens if my agency does not comply?

If an agency is unable to attest to all requirements Departments and Agencies may amend the wording of the attestation having regard to their risk profile, risk management maturity and operating context.  Where an agency has only partially complied with the Direction, the attestation must include an explanation of remedial actions to address areas of partial compliance. Please refer to Attestation Practice Notes [PDF, 471KB] for more detail.
Back to top

What is Ministerial Standing Direction 4.5.5 and where do I find a copy?

Ministerial Standing Directions have also been updated to align with the revised Framework.

The revised Standing Direction 4.5.5 replaces the previous Directions 4.5.5 - Risk Management and 4.5.5.1 - Insurance.

A copy of the updated Directions can be accessed in Standing Directions of the Minister for Finance 

If my agency is not obligated to report in the Annual Financial Report for the State of Victoria do the framework requirements apply?

You are not required to comply with the framework requirements but it is recommended the framework is adopted as it reflects better practice risk management. Adopting the framework also supports attestation requirements for community service organisations funded through a Department of Health Human Services or Department of Education and Training service agreement. Please refer to VMIA VGRMF Resources page for more information.
Back to top

What are the key changes in the updated framework? 

We have summarised the mandatory requirements for risk management and insurance in the table below to help you understand your risk obligations and accountabilities.

See the Victorian Government Risk Management Framework for all requirements

Risk Management Insurance
Your agency must be satisfied that risk management is adequately resourced and that its risk management framework:
  • Is consistent with Australian and New Zealand Standards.
  • Supports the development of a positive risk culture.
  • Is reviewed annually
  • Includes processes that effectively manage risk.
  • Makes it clear who is responsible for managing each risk.
  • Addresses the management of inter-agency risks and state-significant risks.
  • Demonstrates that business planning activities incorporate risk management.
Your agency must arrange all of its insurance with VMIA (unless exempted) and as part of your annual insurance renewal process:
  • Consult with VMIA to determine appropriate insurance levels
  • Maintain a register of insurance and indemnities
  • Provide information on claims management capability, resources, structures and processes for any self-insured risks

Please refer to the Attestation Practice Notes [PDF, 471KB] for more information and guidance on the mandatory requirements. 
Back to top

What is interagency risk?

Interagency risk is a risk that is shared by two or more agencies that require coordinated management by more than one agency and may include systemic risks.

The responsibility for managing an interagency risk is shared by all the relevant agencies and will benefit from a coordinated response where one agency takes a lead role. Please refer to Interagency and State Significant Risk Practice Notes [PDF, 490KB] for additional practical support, advice and guidance.
Back to top

What is a state significant risk?

A state significant risk is risk where the potential consequences or impacts of the risk on the community, Government and the private sector are so large as to be of state significance.

A state significant risk can be the extension of an existing agency risk which, beyond a certain threshold, becomes severe enough to have state wide implications or it could be the aggregation of many agency specific risks. An agency’s responsibility is to ensure that a state significant risk is considered by decision makers at the appropriate level of government. Agencies are also responsible for contributing to management of the risks identified.
Back to top

What happens if an interagency or state significant risk is brought to the attention of my agency?

If an interagency or state significant risk is brought to the attention of your agency, you are expected to work collaboratively with the identifying agency in analysing and evaluating the risk and to contribute, as appropriate, to the management of the risk. Please refer to Interagency and State Significant Risk Practice Notes [PDF, 490KB] for additional practical support, advice and guidance.
Back to top

What support will VMIA provide?

Our work is to help public sector agencies be prepared for risk and to do so effectively and efficiently. We can provide you with risk advice, thought leadership and a coordination point for risk prevention, recovery and assurance. Our work is about:

  • Education: building the skills and capabilities of your team to better respond to risks.We will work with public sector agencies to further develop risk concepts and how to comply with the mandatory requirements. As we develop these insights we will share this information. Over time, we will develop additional support material and learning programs.
  • Advice: providing expert advice and consulting services to assist you in tackling your issues, guiding action and decision making.
  • Insight: helping you turn information into knowledge, to know what’s important and guide your action.
  • Learn: reflecting on what’s gone wrong to make changes for the future.

We have also developed a Practice Guide and supporting Practice Notes to help agencies meet their obligations. Please visit our VGRMF Resources page. 
Back to top

Where can I find out more?

A range of resources are available from our VGRMF Resources page including Practice Notes, templates and e-Learn.    

What if I have further questions or need help?

Please email us at contact@vmia.vic.gov.au or phone (03) 9270 6900.
Back to top

Page last updated: 7 August 2017