Enterprise management
Direction and guidance on the frameworks, procedures and standards designed to ensure compliance with department objectives in relation to enterprise risk management, legislative compliance, business continuity, enterprise data governance, evaluation, and fraud and corruption control.
Audience
All staff including temporary and casual staff, contractors and volunteers.
| Version | Date | Description of changes | Approved by |
|---|---|---|---|
V04.0.1 |
28/11/2025 |
Clarified information and improved readability. Updated policy owner and references. |
Executive Director, Chief Risk Office Transition Support and Chief Audit Executive |
| V04.0.0 | 26/07/2024 |
Under the 2023 Policy and procedure review program, this policy is consolidated with the Evaluation, Enterprise Data, Business Continuity Management, Legislative Compliance and the Fraud and corruption control policies. Policy name changed from Enterprise risk management, converted into new template and improved readability. |
Chief Risk Officer |
Document history
2022 Oct 17 - updated the policy statement and the Enterprise Risk Management Framework to more closely align to ISO31000:2018 Risk Management Guidelines.
2021 May 07 - updated policy in line with international standard ISO31000:2018 and NSW Treasury TPP-20-08 Internal Audit and Risk Management Policy for the General Government Sector. Updated to clarify the risk hierarchy and reporting cadence.
Removed implementation document: Enterprise Risk Management Procedures, which was replaced by: Enterprise Risk Management Framework.
2019 Aug - made typographical changes and updated contact details to policy statement.
2019 Jun - updated reference to the new Strategy and Delivery division and deputy secretary as well as to the revised risk standard ISO31000 (no significant changes).
2017 Jun update:
- improved clarification of roles and responsibilities and included requirement to use the risk matrix to ensure consistency in risk ratings across the department
- simplified and shortened procedures, and simplified risk matrix.
Previous title: Enterprise Risk Management in the Department of Education and Communities.
Superseded documents
Enterprise Risk Management Procedures - 7/5/21
Risk Management Policy, 91/090 (S.062), 24/4/91
- Policy statement
- Effective risk management supports the achievement of objectives by identifying and managing risks. All employees must manage risk in their roles and in accordance with the enterprise risk management framework and relevant policies and procedures.
- The department is responsible for applying and implementing key legislation. The responsible officer of the relevant business unit has primary responsibility for legislative compliance.
- The department must build organisational resilience and enhance continuity of critical business services at an acceptable level by being able to anticipate, prepare for, respond to, recover from and adapt to disruptions.
- Data and information the department collects or acquires must be stored and effectively managed.
- Department programs, projects, strategies, policies and initiatives must be evaluated for their effectiveness in improving education outcomes for students and supporting the effective, efficient, appropriate and transparent use of public resources.
- The department must apply risk management principles and develop, implement and maintain an effective fraud and corruption control system, incorporating prevention, early detection and effective responses to fraud and corruption events in ways that achieve optimal outcomes for the department.
- Context
- The following procedures support this policy:
- Enterprise data standards
- Enterprise risk management framework
- Evaluation
- Fraud and corruption control procedures and framework
- Legislative compliance
- Resilience and business continuity management.
- The relevant legislation, standards and guidelines include:
- NSW Treasury Policy Paper TPP20-08 Internal Audit and Risk Management Policy for the General Government Sector
- International Standard, ISO 31000:2018 Risk Management – Guidelines
- International Standard, ISO 22301 Business Continuity Management Systems
- NSW Treasury Evaluation Guidelines
- NSW Treasury Circular TC18-02 NSW Fraud and Corruption Control Policy
- Australian Standard AS 8001:2021 Fraud and corruption control
- Independent Commission Against Corruption Act 1988 (NSW)
- Public Interest Disclosures Act 2022 (NSW)
- Climate Change (Net Zero Future) Act 2023 (NSW)
- Government Sector Finance Act 2018 (NSW) – (has a regulation stating agencies must prepare climate-related disclosures that include risk management).
- The following procedures support this policy:
- Policy contact
- Enterprise risk management
Executive Director, Chief Risk Office Transition Support
Chiefriskoffice@det.nsw.edu.au
Legislative compliance
Manager, Compliance and Privacy, Legal Services
LegislativeCompliance@det.nsw.edu.au
Resilience and business continuity management
Director, Controls Monitoring Advisory
Chiefriskoffice@det.nsw.edu.au
Enterprise data
Manager Data Governance,
Centre for Education Statistics and Evaluation
CESEPolicy@det.nsw.edu.au
Evaluation
Director, Evaluation and Effectiveness, Centre for Education Statistics and Evaluation
info@cese.nsw.gov.au
Fraud and corruption control
Director, Controls Monitoring Advisory
Chiefriskoffice@det.nsw.edu.au
- Enterprise risk management
- Monitoring the policy
- The Executive Director, Chief Risk Office Transition Support and Chief Audit Executive monitors the implementation of this policy, regularly reviews its contents to ensure relevance and accuracy, and updates it as needed.