We are committed to both a culture and practice of proactive risk management, supported by robust and transparent governance and reporting.
Our proactive risk culture
Our Board’s risk appetite statement supports effective risk management and decision-making through clear articulation of the level of risk that we are willing to accept in pursuit of our strategic objectives. This supports our commitment to achieving best-practice risk management, in alignment with s.16 of the Public Governance, Performance and Accountability Act 2013 and the Commonwealth Risk Management Policy.
Our approach to risk
We take a dynamic and continuous improvement approach towards risk management that aligns with better practice principles and is consistent with the International Standard ISO 31000:2018 Risk management – Guidelines.
We review our enterprise risks as our operating environment evolves, to ensure that they correctly reflect the significant business risks and opportunities that have the potential to impact on achievement of our strategic objectives.
We incorporate sound risk intelligence into our decision-making as we pursue both our business- as-usual activities and our transformation agenda. We have established effective mechanisms to communicate, escalate and report risk information for management attention and decision-making.
We apply best practices to maintain and evolve our risk appetite, risk culture and the supporting standards and processes governing risk assessment, monitoring and reporting.
Our risk environment
We perform an integral role in the Australian aviation industry and continue to operate in an inherently volatile, uncertain, and complex environment.
This environment creates both risk and opportunity for our business, as we invest in our people, systems, and assets to ensure delivery of safe, efficient, reliable, and environmentally responsible services to the aviation industry and to the broader community.
We manage a wide range of risks associated with our operational activities, including air navigation safety, physical and cyber-security risks, and risks related to our people. In addition, we identify, monitor and manage the risks associated with our transformation agenda, as our organisation evolves to meet new demands and opportunities. We also maintain vigilance in relation to emerging risks so that we can bring them within our active risk-management activities as they develop.
We manage a wide range of risks associated with our operational activities, including air navigation safety, physical and cyber-security risks, and risks related to our people.
Risk oversight and assurance
Quarterly reports to the Executive on enterprise governance, risk and compliance demonstrate the principles of good governance, risk intelligence and compliance management being implemented across our business lines, performance outcomes, and transformation agenda. These reports are supported by various assurance activities and provide data and insights on our organisational risk performance and external risk trends.
The Audit and Risk Committee assists the Board in ensuring an appropriate system of risk oversight and management (including effective internal controls) is maintained and operating effectively. The committee receives regular reporting on matters such as governance, risk and compliance, fraud and other integrity matters, insurances, and business continuity, as well as focused ‘deep dive’ reports on specific risks and other aspects within its terms of reference.
We use a ‘3 lines’ approach to manage our daily risks according to our risk-management strategy. This approach includes risk management by our internal specialist policy and assurance teams and an additional layer of assurance provided by internal and external audits.
Assurance activities are layered and embedded within our organisation. Our third-line internal audit function (sharing risk and compliance information with the second-line risk function to ensure appropriate focus for audit activity) provides a separate layer of assurance that our risk management, governance and internal control processes are operating effectively. The effective operation of these assurance activities informs our stakeholders that risks are being appropriately managed, controls are effective and operating as designed, and compliance obligations are being met.
Airservices and the Department of Infrastructure, Transport, Regional Development, Communications and the Arts have established a shared risk register. The shared risks and controls are reviewed and monitored on a regular basis.