Risk Oversight and Management


We are committed to developing and promoting a culture of proactive risk management, supported by robust and transparent governance and oversight. Our Risk Appetite Statement supports effective risk management and decision-making processes through clear articulation of the level of risk that we are willing to accept as an organisation. This supports our commitment to better practice risk management, in alignment with s.16 of the Public Governance, Performance and Accountability Act 2013 and the Commonwealth Risk Management Policy.


We take a continuous improvement approach towards risk management that aligns with best practice principles, consistent with the International Standard ISO 31000:2018 Risk Management – Guidelines.

Through the implementation of our Risk Management Standard, as a part of the Governance, Risk and Compliance Framework, we embed risk management practices into our organisational frameworks to identify and treat risks to within acceptable levels. Our day-to-day operational risks are managed in accordance with the risk management processes that are embedded into our organisational frameworks. These clearly articulate the accountability, responsibility and delegation for managing risks within each risk domain.

We have also established appropriate and effective mechanisms to communicate, escalate and report risk information for management attention and decision-making. Our risk management approach comprises three layers of risk management activity as illustrated below.


We perform an integral role in the Australian aviation industry and operate in an inherently volatile, uncertain and complex environment, as evidenced by impacts of the COVID-19 pandemic. While exposure to risk is a key part of our operations, effective risk management contributes to enhanced risk-based decision-making. Our external risk considerations include our regulators, emerging technology trends, changes to the domestic and international economic environment, and our role in the broader commercial aviation industry. On a daily basis, we proactively manage a wide range of risks associated with our operational activities.

Responding to these diverse risks requires us to ensure the integrity of our safety and environment management systems and service delivery to maintain long-term sustainability. We continuously improve our operating systems, embrace innovation to unlock economic growth, and invest in new services, infrastructure and technologies to support the recovery of the domestic and international aviation industry.

The key risks and how they will be managed in the Enterprise Risk Profile include:

  • Strategic risks including responding to the changing geopolitical, global and domestic economic environments, aligning our services to industry needs whilst balancing community and owner expectations and developing internal capabilities required to execute of our strategy.
  • Business risks such as the delivery of safe, efficient and environmentally responsible air traffic management and aviation rescue fire fighting services, as well as the provision of supporting functions that enable service delivery.
  • Transitional risks such as the delivery of our OneSKY Program, ongoing management of per- and poly-fluoroalkyl substances (PFAS) contamination, management of aviation noise, and implementation of a modernised telecommunications environment.

These risks will be managed through the delivery of the Corporate Plan.


The Enterprise Governance, Risk and Compliance Report is presented to the Executive Committee each quarter. The report draws together the pillars of good governance, risk intelligence, and compliance management from our operational and functional risks, supported by a range of assurance activities, internal insights and external trends. In addition, deep dives into enterprise risks are also presented monthly, driving risk transparency, constructive challenging and a positive risk culture from the top.

A quarterly report is presented to the Board Audit and Risk Committee for review and oversight. Effective reporting and oversight helps our leaders make strategic decisions to address major threats and to seize opportunities in a timely manner.

In addition, we apply the 3 lines assurance model to provide comfort that our key controls are effective in managing risk. Assurance activities are layered across the 3 lines and embedded within our organisational frameworks. These assurance activities provide confidence to the leadership team, the Board Audit and Risk Committee and our stakeholders that risks are being managed, control deficiencies are being addressed, compliance obligations are being met and corporate objectives are being achieved.