Core Requirement 1.2 of NSW Treasury’s Internal Audit and Risk Management Policy for the NSW Public Sector (TPP20-08) requires Accountable Authorities to establish and maintain a risk management process that is consistent with the Australian Standard AS ISO 31000:2018 Risk Management Framework.

ISO 31000 consists of a set of principles, frameworks and processes aimed at improving decision making about risks and their management by reducing uncertainty and increasing the likelihood that organisational objectives will be achieved.  It is not a compliance standard, but instead provides principles-based guidance on best practice.

Risk Management Resources

Adapt NSW

Adapt NSW

Adapt NSW

Risk Education eXpress

Office of Energy and Climate Change

iCare (

Risk Management Toolkit

Risk Management Toolkit

Executive Guide | Volume 1 | Volume 2

Cyber Security

Cyber Security Icon

Digital NSW


Composition of the Toolkit

The Risk Management Toolkit TPP12-03 is currently under review, new resources coming in 2023.

Risk management, like other management systems, should be designed to meet an agency’s specific needs. NSW Treasury has developed a Risk Management Toolkit (NSW Treasury Policy & Guidelines Paper TPP 12-03) to support agencies to develop and implement their risk management framework and processes. The Toolkit provides detailed and practical advice on the various elements of ISO 31000, templates and some worked examples based on a hypothetical agency.

Last updated: 01/02/2024