Risk Oversight and Management

Our Positive Risk Culture

We are committed to developing and promoting a culture of active risk management supported by robust and transparent governance oversight. Our Board Risk Appetite Statement supports effective risk management and decision-making processes through clear articulation of the level of risk that we are willing to accept as an organisation. This supports our commitment to better practice risk management, in alignment with s.16 of the Public Governance, Performance and Accountability Act 2013 and the Commonwealth Risk Management Policy.

Our Approach to Risk

We take a continuous improvement approach towards risk management that aligns with best practice principles and is consistent with the International Standard ISO 31000:2018 Risk Management–Guidelines.

Through the implementation of our Risk Management Standard, as a part of the Governance, Risk and Compliance (GRC) Framework, we proactively embed and integrate risk management practices into our organisational frameworks to identify and treat risks to within acceptable levels.

Our day-to-day operational risks are managed in accordance with the risk management processes that are embedded into our organisational frameworks. These clearly articulate the accountability, responsibility and delegation for managing risks within each risk domain. We have also established appropriate and effective mechanisms to communicate, escalate and report risk information for management attention and decision-making. Our risk management approach comprises three layers of risk management activities. This is illustrated below.

Our Risk Environment

We perform an integral role in the Australian aviation industry and operate in an inherently volatile, uncertain and complex environment. While exposure to risk is a key part of our operations, effective risk management contributes to enhanced risk-based decision making. Our external risk considerations include our regulators, emerging technology trends, changes to the domestic and international economic environment, and our role in the broader commercial aviation industry. On a daily basis, we proactively manage a wide range of risks associated with our operational activities.

Responding to these diverse risks requires us to ensure the integrity of our safety and environment management systems and service delivery to maintain long-term sustainability. We continuously improve our operating systems, embrace innovation to unlock economic growth through delivery of new and innovative commercial services, and invest in new services, infrastructure and technologies to support forecast industry growth in an efficient manner.

Risks identified in the 2020–21 Enterprise Risk Profile
include:

  • Strategic risks such as the delivery of value to customers, geopolitical uncertainties and innovation opportunities arising from technological disruption.
  • Business risks such as the delivery of safe, efficient and environmentally responsible air traffic management and aviation rescue fire fighting services, as well as the provision of supporting functions which enable service delivery.
  • Transitional risks such as the delivery of our OneSKY Program, ongoing management of per- and poly-fluoroalkyl substances (PFAS) contamination, management of flight path changes and aviation noise, and implementation of a modernised telecommunications environment.

Risk Oversight and Assurance

The Enterprise Risk Report is reviewed by the Executive team each quarter. The report draws risk intelligence from our operational and functional risks, supported by a range of assurance activities, internal insights and external trends. In addition, risk deep dives are presented to the monthly Executive Safety and Risk Oversight Committee, driving risk transparency, constructive challenging and a positive risk culture from our leadership.

A quarterly Chief Safety and Risk Officer report is presented to the Board Audit and Risk Committee (BARC) for review and oversight. Effective reporting and oversight helps our leaders make strategic decisions to address major threats and to seize opportunities in a timely manner.

In addition, we apply the three lines of defence model to provide assurance that our key controls are effective in managing risk. Assurance activities are layered across the three lines of defence and embedded within our organisational frameworks. These assurance activities provide confidence to the leadership team, the BARC and our stakeholders that risks are being managed, control deficiencies are being addressed, compliance obligations are being met and corporate objectives are being achieved.