Core Requirement 1.2 of NSW Treasury’s Internal Audit and Risk Management Policy for the NSW Public Sector (TPP 15-03) requires department heads and governing boards of statutory bodies to establish and maintain a risk management process that is consistent with the current Australian/New Zealand (AS/NZS standard on risk management).  Standards Australia has adopted the international standard (ISO 31000), which it is has titled AS/NZS ISO 31000: 2009 Risk management – Principles and guidelines.

ISO 31000 consists of a set of principles, frameworks and processes aimed at improving decision making about risks and their management by reducing uncertainty and increasing the likelihood that organisational objectives will be achieved.  It is not a compliance standard, but instead provides principles-based guidance on best practice.

Risk management, like other management systems, should be designed to meet an agency’s specific needs.  NSW Treasury has developed a Risk Management Toolkit (NSW Treasury Policy & Guidelines Paper TPP 12-03) to support agencies to develop and implement their risk management framework and processes. The Toolkit provides detailed and practical advice on the various elements of ISO 31000, templates and some worked examples based on a hypothetical agency.

The NSW Treasury Risk Management Toolkit is comprised of:

Executive Guide (TPP 12-03a)

Volume 1 – Guidance for Agencies (TPP 12-03b)

Volume 2 – Templates, Examples and Case Study (TPP 12-03c)

The Executive Guide has been developed to provide an overview and navigation aid to the Toolkit.

In addition, a number of the templates are available for download in Excel worksheet format so that agencies can tailor the templates to their own needs:

Consequence Tables

Likelihood Tables

Risk Matrix

Risk Tolerance Table

Risk Assessment Template

Risk Registers

Significant Risks Monitoring Table

Risk Report

Risk Management Performance Maturity Matrix

Risk Management Capability Matrix

Stakeholder Analysis Matrix

Risk Management Communication Needs Analysis

Risk Management Communication Strategy