Risk oversight and management
Risk management in the Federal Court Entity identifies and addresses the uncertainty in achieving our purposes. The outcome of good risk management is to appropriately mitigate risk and assist with identifying opportunities, thereby enhancing our ability to respond to the Heads of Jurisdiction requirements, Australian Government policy and legislative change, and to provide the public with efficient and effective delivery of justice.
Success depends upon developing our people, strengthening and adapting systems, and forging strong relationships with stakeholders. By carefully applying appropriate risk management principles that have been recognised by our Internal Auditors as fit for purpose, we will maximise the efficiency and effectiveness of planning, decision-making, managing uncertainty and our use of resources to achieve the desired outcomes.
Our risk framework is designed to:
- ensure risk management supports our purposes
- support a culture which encourages people to report incidents and take ownership of problems
- ensure risk management thinking is embedded in all activities; enabling the achievement of better outcomes
- ensure stakeholders are consulted to enable the consideration of a broader perspective
- identify and manage both Entity-wide strategic risks and program or project-specific risks
- promote sharing of risk information and experiences within the Entity and across the Australian Government Community of Practices to develop more consistent approaches to managing risk, and
- align with the Public Governance, Performance and Accountability Act 2013 and the Australian Government’s expectations as detailed in the Commonwealth Risk Management Policy.
The Risk Management Framework and Plan, developed in accordance with the methodology set out in Commonwealth Risk Management Policy 2014 and the Australian/New Zealand Risk Management Standard (AS/NZS ISO 31000:2018), has been recently reviewed by Internal Audit which confirmed the framework and plan are fit for purpose.
Risk management priorities:
risks that affect performance against identified strategic objectives.
risks that affect the financial outcomes of the Entity or have detrimental financial impact.
Risks to reputation
risks that affect the reputation of the Entity and its ability to perform, or which may impair the community’s trust with the Courts and the judicial system.
risks that affect the management of and accountability for performance, including the Entity’s service delivery obligations, regulatory framework and business relationships.
Legal and compliance risks
risks arising from statutory and other compliance and reporting obligations as well as current or pending litigation to which the Entity is a party.
risks that affect staff ethical behaviour, the integrity of decisions, processes and information, or affect the work, health and safety of personnel.
Information Management and Information Technology
risks associated with information and communication services and the delivery of those services, programs and functions and includes business continuity, IT disaster recovery and external events, including cyber-attacks, impacting on the Entity’s ability to deliver services.
The Audit and Risk Committee is established in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013 (Cth) and provides specific functions to assist the Accountable Authority in meeting their obligations.
The functions of the Audit and Risk Committee are to:
- provide independent assurance of the effectiveness of the Entity’s Risk Management Framework
- review compliance with the Entity’s Risk Management Policy and monitor and understand the potential impact of emerging risks on the Entity’s ability to achieve its objectives
- monitor the implementation of the Entity’s Risk Management Plan
- review compliance with finance law, including financial and performance reporting, risk reports periodically (quarterly and annual reports) and the internal control programs and advise whether key controls are appropriate and are operating effectively, and
- provide assurance that the Entity has well-designed business continuity and disaster recovery arrangements in place and are tested periodically.
The Enterprise Risk Management Committee is accountable to and supports the Accountable Authority by making recommendations concerning the development, implementation and operation of:
- the Entity Risk Management Framework including the policy and plan
- the Accountable Authority’s Enterprise Risk Appetite Statement
- the Enterprise Wide Risk Register, and
- risk treatment strategies and action plans.
The Enterprise Risk Management Committee also has responsibility for monitoring the effectiveness of controls where the Entity’s risk appetite has been exceeded. This will generally be where residual risk is assessed as High or Extreme, and determine which risks which are highlighted in the Enterprise Wide Risk Register.
Figure 2: Federal Court Entity risk management structure
Table 1 provides some examples of the risks faced by the Courts and the National Native Title Tribunal.
Table 1: Risks faced by the Courts and the National Native Title Tribunal
AREA OF RISK
Failure to identify, categorise, classify and protect data assets across the entity.
Insufficient financial resources to support the essential requirements of the Courts and the National Native Title Tribunal to deliver services to the customers.
Increased workload, in addition to the backlog of cases, increases case load management.
Failure to have in place robust travel related security practices and processes to minimise any loss of information or assets.
Workplace Health and Safety
Failure to implement effective controls, Work Health and Safety incidents and near misses.