Risk oversight and management

Risk management in the Federal Court Entity identifies and addresses the uncertainty in achieving our purposes. The outcome of good risk management is to appropriately mitigate risk and assist with identifying opportunities, thereby enhancing our ability to respond to the Heads of Jurisdiction requirements, Australian Government policy and legislative change, and to provide the public with efficient and effective delivery of justice.

Success depends upon developing our people, strengthening and adapting systems, and forging strong relationships with stakeholders. By carefully applying appropriate risk management principles that have been recognised by our Internal Auditors as fit for purpose, we will maximise the efficiency and effectiveness of planning, decision-making, managing uncertainty and our use of resources to achieve the desired outcomes.

Our risk framework is designed to:

  • ensure risk management supports our purposes
  • support a culture which encourages people to report incidents and take ownership of problems
  • ensure risk management thinking is embedded in all activities; enabling the achievement of better outcomes
  • ensure stakeholders are consulted to enable the consideration of a broader perspective
  • identify and manage both Entity-wide strategic risks and program or project-specific risks
  • promote sharing of risk information and experiences within the Entity and across the Australian Government Community of Practices to develop more consistent approaches to managing risk, and
  • align with the Public Governance, Performance and Accountability Act 2013 and the Australian Government’s expectations as detailed in the Commonwealth Risk Management Policy.

The Risk Management Framework and Plan, developed in accordance with the methodology set out in Commonwealth Risk Management Policy 2014 and the Australian/New Zealand Risk Management Standard (AS/NZS ISO 31000:2018), has been recently reviewed by Internal Audit which confirmed the framework and plan are fit for purpose.

Risk management priorities:

Strategic risks

risks that affect performance against identified strategic objectives.

Financial risks

risks that affect the financial outcomes of the Entity or have detrimental financial impact.

Risks to reputation

risks that affect the reputation of the Entity and its ability to perform, or which may impair the community’s trust with the Courts and the judicial system.

Operational risks

risks that affect the management of and accountability for performance, including the Entity’s service delivery obligations, regulatory framework and business relationships.

Legal and compliance risks

risks arising from statutory and other compliance and reporting obligations as well as current or pending litigation to which the Entity is a party.

People risks

risks that affect staff ethical behaviour, the integrity of decisions, processes and information, or affect the work, health and safety of personnel.

Information Management and Information Technology

risks associated with information and communication services and the delivery of those services, programs and functions and includes business continuity, IT disaster recovery and external events, including cyber-attacks, impacting on the Entity’s ability to deliver services.


The Audit and Risk Committee is established in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013 (Cth) and provides specific functions to assist the Accountable Authority in meeting their obligations.

The functions of the Audit and Risk Committee are to:

  • provide independent assurance of the effectiveness of the Entity’s Risk Management Framework
  • review compliance with the Entity’s Risk Management Policy and monitor and understand the potential impact of emerging risks on the Entity’s ability to achieve its objectives
  • monitor the implementation of the Entity’s Risk Management Plan
  • review compliance with finance law, including financial and performance reporting, risk reports periodically (quarterly and annual reports) and the internal control programs and advise whether key controls are appropriate and are operating effectively, and
  • provide assurance that the Entity has well-designed business continuity and disaster recovery arrangements in place and are tested periodically.

The Enterprise Risk Management Committee is accountable to and supports the Accountable Authority by making recommendations concerning the development, implementation and operation of:

  • the Entity Risk Management Framework including the policy and plan
  • the Accountable Authority’s Enterprise Risk Appetite Statement
  • the Enterprise Wide Risk Register, and
  • risk treatment strategies and action plans.

The Enterprise Risk Management Committee also has responsibility for monitoring the effectiveness of controls where the Entity’s risk appetite has been exceeded. This will generally be where residual risk is assessed as High or Extreme, and determine which risks which are highlighted in the Enterprise Wide Risk Register.

Figure 2: Federal Court Entity risk management structure

Federal Court Entity risk management structure figure

Table 1 provides some examples of the risks faced by the Courts and the National Native Title Tribunal.

Table 1: Risks faced by the Courts and the National Native Title Tribunal





Strategic (Technology)

Information protection

Failure to identify, categorise, classify and protect data assets across the entity.

  • Consult with key stakeholders, internally and externally, to better understand the available data assets and current control measures, and how the stakeholder needs are best met.
  • Develop a plan to improve data controls resulting in improved security of data and minimise cyber risks related to data exposure.
  • Build capacity and capability to deploy data loss prevention tools.
  • Modernising electronic court files and the Courts’ Casetrack case management system on a single core platform across the Courts and Tribunals.


Funding/ financial


Insufficient financial resources to support the essential requirements of the Courts and the National Native Title Tribunal to deliver services to the customers.

  • Robust budgeting and disciplined financial management practices.
  • Communication/consultation with key stakeholders, particularly the Minister, Attorney-General’s Department, Department of Finance and key government agencies.
  • Continued refinement of e-services to drive work practice efficiencies and better, quicker and less expensive services to customers.


Case management

Increased workload, in addition to the backlog of cases, increases case load management.

  • A strategic review of the increased workload in new case management, and managing the backlog, has allowed the Federal Court to identify and develop national practice areas and refined case management strategies.
  • More effective, efficient and consistent management of different caseloads within the current and changing legislative environment.

Operational (Security)

Travel security

Failure to have in place robust travel related security practices and processes to minimise any loss of information or assets.

  • Increased staff awareness and training of safety and security protocols during travel interstate or international.


Workplace Health and Safety

Failure to implement effective controls, Work Health and Safety incidents and near misses.

  • The continuous successful use of risk assessments and incident reporting (including near misses).
  • Timely and appropriate incident investigation and intervention to reduce frequency of incidents and positively manage WorkCover insurance premiums.