Accendo Reliability

Your Reliability Engineering Professional Development Site

  • Home
  • About
    • Contributors
    • About Us
    • Colophon
    • Survey
  • Reliability.fm
  • Articles
    • CRE Preparation Notes
    • NoMTBF
    • on Leadership & Career
      • Advanced Engineering Culture
      • ASQR&R
      • Engineering Leadership
      • Managing in the 2000s
      • Product Development and Process Improvement
    • on Maintenance Reliability
      • Aasan Asset Management
      • AI & Predictive Maintenance
      • Asset Management in the Mining Industry
      • CMMS and Maintenance Management
      • CMMS and Reliability
      • Conscious Asset
      • EAM & CMMS
      • Everyday RCM
      • History of Maintenance Management
      • Life Cycle Asset Management
      • Maintenance and Reliability
      • Maintenance Management
      • Plant Maintenance
      • Process Plant Reliability Engineering
      • RCM Blitz®
      • ReliabilityXperience
      • Rob’s Reliability Project
      • The Intelligent Transformer Blog
      • The People Side of Maintenance
      • The Reliability Mindset
    • on Product Reliability
      • Accelerated Reliability
      • Achieving the Benefits of Reliability
      • Apex Ridge
      • Field Reliability Data Analysis
      • Metals Engineering and Product Reliability
      • Musings on Reliability and Maintenance Topics
      • Product Validation
      • Reliability by Design
      • Reliability Competence
      • Reliability Engineering Insights
      • Reliability in Emerging Technology
      • Reliability Knowledge
    • on Risk & Safety
      • CERM® Risk Insights
      • Equipment Risk and Reliability in Downhole Applications
      • Operational Risk Process Safety
    • on Systems Thinking
      • Communicating with FINESSE
      • The RCA
    • on Tools & Techniques
      • Big Data & Analytics
      • Experimental Design for NPD
      • Innovative Thinking in Reliability and Durability
      • Inside and Beyond HALT
      • Inside FMEA
      • Institute of Quality & Reliability
      • Integral Concepts
      • Learning from Failures
      • Progress in Field Reliability?
      • R for Engineering
      • Reliability Engineering Using Python
      • Reliability Reflections
      • Statistical Methods for Failure-Time Data
      • Testing 1 2 3
      • The Manufacturing Academy
  • eBooks
  • Resources
    • Accendo Authors
    • FMEA Resources
    • Glossary
    • Feed Forward Publications
    • Openings
    • Books
    • Webinar Sources
    • Podcasts
  • Courses
    • Your Courses
    • Live Courses
      • Introduction to Reliability Engineering & Accelerated Testings Course Landing Page
      • Advanced Accelerated Testing Course Landing Page
    • Integral Concepts Courses
      • Reliability Analysis Methods Course Landing Page
      • Applied Reliability Analysis Course Landing Page
      • Statistics, Hypothesis Testing, & Regression Modeling Course Landing Page
      • Measurement System Assessment Course Landing Page
      • SPC & Process Capability Course Landing Page
      • Design of Experiments Course Landing Page
    • The Manufacturing Academy Courses
      • An Introduction to Reliability Engineering
      • Reliability Engineering Statistics
      • An Introduction to Quality Engineering
      • Quality Engineering Statistics
      • FMEA in Practice
      • Process Capability Analysis course
      • Root Cause Analysis and the 8D Corrective Action Process course
      • Return on Investment online course
    • Industrial Metallurgist Courses
    • FMEA courses Powered by The Luminous Group
    • Foundations of RCM online course
    • Reliability Engineering for Heavy Industry
    • How to be an Online Student
    • Quondam Courses
  • Calendar
    • Call for Papers Listing
    • Upcoming Webinars
    • Webinar Calendar
  • Login
    • Member Home
  • Barringer Process Reliability Introduction Course Landing Page
  • Upcoming Live Events
You are here: Home / Articles / Victoria’s New Risk Management Framework

by Greg Hutchins Leave a Comment

Victoria’s New Risk Management Framework

Victoria’s New Risk Management Framework

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Enterprise Risk Management (ERM) is considered an important management tool and part of good public sector governance in Australia. The Commonwealth of Australia and the states of Victoria and New South Wales have implemented ERM. In addition, the states of Tasmania and Western Australia have issued good governance frameworks which include risk management.  This piece will provide a historical overview of the risk management approach used by the Australian State of Victoria. It will then discuss the changes made in the 2020 revisions to its 2018 Victorian Government Risk Management Framework.

Risk Management in Victoria

In 2003, the Auditor-General’s Office conducted an audit of 61 public sector organizations to determine how well risk management was being implemented. The audit found that risk management was not well established in most agencies. It recommended that an enterprise wide approach to risk management be established.

In 2007, the Victorian Government Risk Management Framework was issued. The framework is based on the International Organization for Standards risk management guide, 31000.

Also, that year, the Auditor-General’s Office conducted another risk management audit. It examined how consistent 25 government organizations were in applying the framework.

The audit determined that there was a need for improvement. It recommended the following.

  • Have central agencies issue Enterprise Risk Management (ERM) guidelines.
  • Strengthen risk management practices by linking risk assessment with corporate goals.
  • Apply risk management standards rigorously. (1)

As a result of the audit, the Victoria Managed Insurance Authority (VMIA) in conjunction with the Department of Treasury and Finance develop risk management guides and monitor their implementation.

In 2013 a follow up audit was conducted to determine how well the implementation process was progressing. While noting that agencies were generally complying with the requirement of the risk management framework, there were problems. Consequently, a number of recommendations were made. Several are listed below.

  • The Department of Treasury and Finance work with the VMIA to update the Victorian Government Risk Management Framework to clearly articulate minimum requires that agencies need to meet to demonstrate they are effectively managing risks. This includes improving the coverage of interagency and statewide risk, updating attestation requirements, and better describe the frameworks intent and key risk concepts.
  • Review the 2007 Audit recommendations to ensure they were addressed. Take action to address them.
  • The Department of Treasury and Finance work with VMIA to develop, clearly communicate and monitor the effectiveness of a whole-of-government framework for managing interagency and statewide risks with the intended outcomes. (2)

As noted above, the Victorian Government Risk Management Framework (VGRMF) was updated in 2015 and 2018. Each revision has sought to improve the framework. The most recent revision in 2020 is no exception. But, before changes are reviewed, there are some items that were reinforced. These were:

  • Each department and agency must provide an annual attestation of compliance with the requirements of the Financial Management Act 1994, which through a standing directive now includes incorporation of the Government Risk Management Framework.
  • The Responsible Body is responsible for the accuracy and completeness of the attestation. The Responsible Body is either the Governing Body or the Responsible Authority if there is not governing body.
  • Agency audit committee responsibility includes reviewing and providing oversight of the agency’s risk culture to ensure consistency with expectations of the agency’s responsible body. (3)

Thus, while the VMIA has responsibility for assisting with implementation and compliance, it is the specific responsibility of the Governing Body and the individual designated as the Responsible Authority who must attest to compliance. However, attestation of compliance with the 2020 VGRMF does not become effective until July 1, 2021. Until then, attestation is against the 2018 VGRMF.

Beginning with fiscal year 2021-22, there will be several changes.

Changes in the 2020 VGRMF

The revisions to 2020 VGRMF include several mandates. These are:

  • The risk management framework in place must be consistent with AS ISO 31000:2018 Risk Management – Guidelines.
  • The risk management framework is to be reviewed annually.
  • The agency must demonstrate a positive risk management culture.
  • The agency has a defined risk appetite.
  • Shared risks are to be identified and managed through communication, collaboration and/or coordination with impacted agencies.
  • Strategic and business planning and decision-making processes embed risk management and demonstrate consideration of the agency’s material risks. (4)

The changes required by the 2020 revision reinforce the need to follow the ISO 31000:2018 guidelines and review progress annually. It also identified some specific issues that need greater attention. These are the need to specifically define risk appetites, shared risks need to be identified and managed through collaborations and coordination. Finally, risk management needs to be imbedded in the agency’s strategic and business plans.

Analysis

For those public officials interested in implementing ERM, the state of Victoria’s experience is useful. It shows that Enterprise Risk Management, as guided by ISO 31000:2018, is being applied in a comprehensive manner. However, the application process is taking time. Despite an early start, Victorian state agencies are still having problems with implementation. Consequently, mandates have been issued to better facilitate ERM’s integration into the business and strategic planning process, the development and articulation of the agency’s risk appetite, and to identify and coordinate the management of interagency and statewide risks.

Thus, when starting out, it is best to specify as thoroughly a possible, in the ERM implementation framework, the minimum expectations, and requirements. It is also important to assign responsibility for implementation and for any annual attestation or report. This is to be followed up by a regular compliance audit, which ensures that the ERM implementation process is being followed.

The lessons learned from the Australian state of Victoria, should make the ERM implementation process easier.  It can also help improve the ability of the organization to anticipate and deal with risks that can adversely impact business plans and the meeting of strategic goals.

Endnotes

  1. Victorian Auditor-General, 2007, Managing Risk Across the Public Sector Toward Good Practice, https://www.audit.vic.gov.au/sites/default/files/20070621-Public -Sector-Managing-Risks.pdf
  2. .Victorian Auditor-General, 2013, Implementation of the Government Risk Management Framework, October, https://www.audit.vic.au/sites/default/file/20131030-Risk-Framework.pdf
  3. Department of Treasury and Finance, 2020, Victorian Government Risk Management Framework, August, https://www.vic.gov.au/sites/default/files/document/Victorian%20Government%20Risk%20Management%20Framework%20
  4. Victorian Management Insurance Authority, 2020, Key changes in the revised Victorian Government Risk Management Framework, August, https://www.vmia.vic.gov.au/-/media/Internet/content-Document-Documents/Risk/Tools-guide-kits/VGRMF-key-chanes-guide.ashx

BIO:

James J. Kline, Ph.D., CERM, is the author of numerous articles on quality in government and risk analysis. He is a senior member of the American Society for Quality and Six Sigma Green Belt with experience consulting for the private sector and local governments. His recent book, Enterprise Risk Management in Government: Implementing ISO 31000:2018, is available on Amazon. He can be reached at jeffreyk12011@live.com.

Filed Under: Articles, CERM® Risk Insights, on Risk & Safety

About Greg Hutchins

Greg Hutchins PE CERM is the evangelist of Future of Quality: Risk®. He has been involved in quality since 1985 when he set up the first quality program in North America based on Mil Q 9858 for the natural gas industry. Mil Q became ISO 9001 in 1987

He is the author of more than 30 books. ISO 31000: ERM is the best-selling and highest-rated ISO risk book on Amazon (4.8 stars). Value Added Auditing (4th edition) is the first ISO risk-based auditing book.

« Pressure Flange Seal For Liquid Filter Pressure Vessel
Post-Its: Their Love/Hate Relationship with RCA »

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CERM® Risk Insights series Article by Greg Hutchins, Editor and noted guest authors

Join Accendo

Receive information and updates about articles and many other resources offered by Accendo Reliability by becoming a member.

It’s free and only takes a minute.

Join Today

Recent Articles

  • Leadership Values in Maintenance and Operations
  • Today’s Gremlin – It’ll never work here
  • How a Mission Statement Drives Behavioral Change in Organizations
  • Gremlins today
  • The Power of Vision in Leadership and Organizational Success

© 2025 FMS Reliability · Privacy Policy · Terms of Service · Cookies Policy