Risk Oversight and Management

With unprecedented disruption, effective risk management is integral to our success.


Our Positive Risk Culture

We are committed to developing and promoting a culture of active risk management supported by robust and transparent governance oversight. Our Board Risk Appetite Statement promotes risk-based decision making driven by a sound understanding of our risk environment. This supports our commitment to better practice risk management and to meeting our obligations according to s.16 of the Public Governance, Performance and Accountability Act 2013 (Cth) and in accordance with the Commonwealth Risk Management Policy.

Our Approach to Risk

We take a continuous improvement approach towards risk management that aligns with best practice principles and is consistent with the International Standard ISO 31000:2018 Risk Management – Guidelines. The Board’s Risk Appetite Statement supports effective risk management and decision-making processes through clear articulation of risk tolerance and the level of risk that we are willing to accept as an organisation. To keep pace with the exponential change within the aviation industry, during the last fiscal period we refreshed and released our new enterprise risk matrix. This aligns with our risk appetite for embracing innovation and taking advantage of new opportunities while maintaining safety as our most important consideration.

Through the implementation of our Risk Management Standard, as a part of the Governance, Risk and Compliance Framework, we proactively embed and integrate risk management practices into our organisational frameworks to identify and treat risks to within acceptable tolerances.

Our day-to-day operational risks are managed in accordance with the risk management processes we have embedded in our organisational frameworks. These clearly articulate the accountability, responsibility and delegation for managing risks. We have established appropriate and effective mechanisms to communicate and escalate risk information for management attention and decision making.

Our risk management approach comprises three layers of risk management activities. This is illustrated below.

Our Risk Environment

We perform an integral role in the Australian aviation industry and operate in an inherently complex environment. While exposure to risk is a key part of our operations, effective risk management contributes to enhanced risk-based decision making. Our external risk considerations include our regulators, emerging technologies, changes to the domestic and international economic environment, and our role in the broader commercial aviation industry. We have a wide range of risks associated with our operational activities.

Responding to these diverse risks requires us to ensure the integrity of our safety and environment management systems and service delivery to maintain long term sustainability. We continuously improve our operating systems, embrace innovation and engage with technology to remain responsive to changes.

Risks identified in the 2019-20 Enterprise Risk Profile include:

Strategic risks

Such as delivery of value to customers, geopolitical uncertainties and innovation opportunities arising from technological disruption.


Business risks

Such as the delivery of safe, efficient and environmentally responsible air traffic management and aviation rescue firefighting services, as well as provision of supporting functions which enable service delivery.


Transitional risks

Such as delivery of our OneSKY Program and ongoing management of PFAS contamination.


Risk Oversight and Assurance

The Enterprise Risk Report is reviewed by the Chief Executive Officer and Executive Team each quarter. The report draws risk intelligence from a range of assurance activities, internal insights and external trends.

A quarterly governance, risk and compliance report containing enterprise risk information is also presented to the Board Audit and Risk Committee (BARC) for review and oversight. Effective reporting and oversight helps our leaders make strategic decisions to address major threats and to seize opportunities openly and transparently.

In addition, we apply the three lines of defence model to provide assurance that our key controls are effective in managing risk. Assurance activities are layered across the three lines of defence and embedded into our processes. These assurance activities provide the leadership team, the BARC and our stakeholders with a high level of comfort that risks are being managed, compliance obligations are being met and corporate objectives are being achieved.