Risk management consultancy and training services

Call Us:

(+61) 400 666 142


Canberra ACT 2600

Risk Management and the PGPA – is your agency prepared?

Risk Management and the PGPA – is your agency prepared?

The Public Governance, Performance and Accountability Act 2013 (PGPA Act) will replace the FMA Act and the CAC Act on 1 July 2014.

Included in the PGPA Act is a requirement for all entities to:

  • Establish and maintain an appropriate system of risk oversight and management for the entity; and
  • Establish and maintain an appropriate system of internal control for the entity.

The PGPA Draft Risk Management Policy sets out the Key Principles for Managing Risk in the Commonwealth and seven Risk Management Policy Elements.

So what can you do to make sure that your Agency is in a position to be compliant with the Risk Management requirements of the PGPA?

The Paladin Risk Management Services Diploma of Risk Management and Business Continuity and Advanced Diploma in Governance, Risk and Compliance addresses all of these Key Principles and Policy Elements which makes it an absolute must for all Agencies.

Policy Element 1 – Risk Management Policy and Objectives

  • Each entity must develop and maintain a written risk management policy.
  • This policy must be endorsed by the entity’s accountable authority and contain a statement expressing this support.
  • The policy must define the linkage between the entity’s approach to the management of risk and its strategic plans and objectives.
  • The policy must contain an outline of key accountabilities and responsibilities for managing risk and implementing the entity’s risk management framework.

Policy Element 2 – Accountability and Responsibility

An entity must clearly define responsibility for managing risk, including:

a. responsibility for the implementation of the entity’s risk management framework;
b. the roles of, and expectations for, staff within the entity with accountability for managing individual risks;
c. how responsibility for the management of risk controls is determined, assigned and monitored;
d. the role of those entity functions with specific responsibilities for supporting and reviewing the effectiveness of the entity’s risk management framework, e.g. audit and/or risk committees; and
e. responsibilities for building risk capability through the implementation of development and training programs (e.g. risk training).

Policy Element 3 – Integration

An entity must ensure that their risk management framework is integrated with other business processes

Without effective risk management, none of the organisational programs listed below (see diagram) will be as effective:

Organisational Programs

Policy Element 4 – Positive Risk Culture

An entity must determine and describe the attributes of the risk culture that it seeks to develop.  To encourage a positive risk culture, an entity’s risk management policy and framework needs to emphasise the benefits and opportunities of managing risk in achieving its objectives.

Policy Element 5 – Communication and Consultation

Each entity must implement arrangements to ensure the effective communication and reporting of risk, both within the entity and with relevant external stakeholders

Policy Element 6 – Risk Management Capability and Resourcing

Each entity must assess and maintain sufficient capability and resourcing to both implement the entity’s risk management framework and manage its risks.

Policy Element 7 – Continuous Evaluation and Improvement

  • Each entity must review its risk management framework, the application of its risk management practices, and its risks on a regular basis.
  • Risk management reviews must be effectively documented and endorsed at the appropriate level within the entity

Ensure your agency is prepared for the implementation of PGPA by participating in one of the Paladin Risk Management Courses.

Every Policy Element is covered in the Diploma of Risk Management and Business Continuity and the Advanced Diploma of Governance, Risk and Compliance.

Diploma of Risk Management and Business Continuity Advanced Diploma in Governance,
Risk and Compliance
The Diploma Course which has been endorsed by the Risk Management Institution of Australasia, this is the only broad based risk management diploma in the country and is fully accredited by the Australian Skills Quality Authority (ASQA).The Diploma Program is aimed at risk management and business continuity professionals or those aspiring to fill roles in these industries. The Advanced Diploma of Governance, Risk and Compliance is the only vocational GRC course in the country and is fully accredited by ASQA. This course will is aimed at Executives in a myriad of roles including (but not limited to):

  • Chief Executive Officer
  • General Manager/Managing Director
  • Director
  • Chief Risk Officer
  • Chair/Member Audit and Risk Committee
  • Compliance Manager
Written by Leena Renkauskas

Rod is an accomplished risk consultant with extensive experience in the delivery of professional consultancy services to government, corporate and not-for-profit sectors. Rod takes every opportunity available to ensure his risk management knowledge remains at the ‘cutting edge’ of the discipline. Rod’s Risk Management expertise is highly sought after as is the insight he provides in his risk management training and workshop facilitation. Rod was recognised by the Risk Management Institution of Australia as the 2016 Risk Consultant of the Year and one of the first five Certified Chief Risk Officers in Australasia.