Our positive risk culture
Our board’s risk appetite statement supports effective risk management and decision-making through clear articulation of the level of risk that we are willing to accept and tolerate in pursuit of our strategic objectives. This supports our commitment to achieving best-practice risk management, in alignment with s.16 of the Public Governance, Performance and Accountability Act 2013 and the Commonwealth Risk Management Policy.
Our approach to risk
We take a dynamic and continuous improvement approach towards risk management that aligns with better practice principles and is consistent with the International Standard ISO 31000:2018 Risk Management – Guidelines.
We review our enterprise risks as our operating environment evolves, to ensure that they correctly reflect the most significant business risks and opportunities which have the potential to impact on achievement of our strategic objectives. We incorporate sound risk intelligence into our decision-making as we pursue both our business-as-usual activities and our transformation agenda. We have established effective mechanisms to communicate, escalate and report risk information for management attention and decision-making.
The risk management framework encompasses the risk governance structure that operates across Airservices, our risk appetite, risk culture and supporting standards and processes governing risk assessment, monitoring, and reporting.
Our risk environment
We perform an integral role in the Australian aviation industry and continue to operate in an inherently volatile, uncertain, and complex environment.
This environment creates both risk and opportunity for our business, as we invest in our people, systems, and assets to ensure delivery of safe, efficient, reliable, and environmentally responsible services to the aviation industry and to the broader community.
In the face of our ever-changing operating environment, our external risk considerations include evolving regulations, emerging technology trends and disruption, changes to the domestic and international economic environment, and other external shocks. We manage a wide range of risks associated with our operational activities, including air navigation safety, physical and cyber security risks, and risks related to our people. In addition, we identify, monitor, and manage the risks associated with our change program, as our organisation evolves to meet new demands and opportunities. We also maintain vigilance in relation to emerging risks so that we can be ready to bring them within our active risk management activities as they develop.
We manage a wide range of risks associated with our operational activities, including air navigation safety, physical and cyber security risks, and risks related to our people.
Risk oversight and assurance
Monthly enterprise governance, risk and compliance reporting to the Executive draws together the pillars of good governance, risk intelligence, and compliance management across our lines of business, performance outcomes and change programs, supported by a range of assurance activities, to provide data and insights in relation to our organisational risk performance and external risk trends.
The Board Audit and Risk Committee (The Committee) assists the Board to discharge its responsibility to ensure that an appropriate system of risk oversight and management (including effective internal controls), is maintained, and is operating effectively. The Committee receives regular reporting on matters such as governance, risk and compliance, fraud and other integrity matters, insurances, and business continuity, as well as focused ‘deep dive’ reports on specific risks and other matters within its Terms of Reference.
We use a ‘3 lines’ approach designed to ensure that our day-to-day risks are managed in accordance with our risk management framework, that risk management assurance is delivered by our internal specialist policy and assurance teams and that a further layer of assurance comes from internal and external audit processes.
Assurance activities are layered and embedded within our organisation. While working closely with the second line risk function to ensure that risk and compliance information is appropriately shared and audit activity is appropriately focused, our third line internal audit function provides a separate layer of assurance that our risk management, governance, and internal control processes are operating effectively. The effective operation of these assurance activities provides the means by which our stakeholders can be informed that risks are being appropriately managed, controls are effective and operating as designed, and compliance obligations are being met.
Airservices and the Department of Infrastructure, Transport, Regional Development, Communications and the Arts have established a shared risk register. The shared risks and controls are reviewed and monitored on a regular basis.