Enterprise management

Direction and guidance on the frameworks, procedures and standards designed to ensure compliance with department objectives in relation to enterprise risk management, legislative compliance, business continuity, enterprise data governance, evaluation, and fraud and corruption control.

Audience

All staff, contractors and consultants engaged by the department.

Version Date Description of changes Approved by
V04.0.0

26/07/2024

Under the 2023 Policy and procedure review program, this policy is consolidated with the Evaluation, Enterprise Data, Business Continuity Management, Legislative Compliance and the Fraud and corruption control policies. Policy name changed from Enterprise risk management, converted into new template and improved readability.

Chief Risk Officer

Document history

2022 Oct 17 - updated the policy statement and the Enterprise Risk Management Framework to more closely align to ISO31000:2018 Risk Management Guidelines.

2021 May 07 - updated policy in line with international standard ISO31000:2018 and NSW Treasury TPP-20-08 Internal Audit and Risk Management Policy for the General Government Sector. Updated to clarify the risk hierarchy and reporting cadence.

Removed implementation document: Enterprise Risk Management Procedures, which was replaced by: Enterprise Risk Management Framework.

2019 Aug - made typographical changes and updated contact details to policy statement.

2019 Jun - updated reference to the new Strategy and Delivery division and deputy secretary as well as to the revised risk standard ISO31000 (no significant changes).

2017 Jun update:

  • improved clarification of roles and responsibilities and included requirement to use the risk matrix to ensure consistency in risk ratings across the department
  • simplified and shortened procedures, and simplified risk matrix.

Previous title: Enterprise Risk Management in the Department of Education and Communities.

Superseded documents

Enterprise Risk Management Procedures - 7/5/21

Risk Management Policy, 91/090 (S.062), 24/4/91

  1. Policy statement
    1. Effective risk management arrangements support the department to achieve its objectives by identifying and managing risks to increase the likelihood and impact of positive events (opportunities) and mitigate the likelihood and impact of negative events (risks).
    2. The following principles outlined in the enterprise risk management framework must be incorporated into day-to-day processes to enable the department to manage the effects of uncertainty on its objectives:
      1. Risk management must be integrated in all the department’s activities.
      2. The department must take a structured and comprehensive approach to risk management to achieve consistent and comparable results.
      3. The risk management framework and process must be customised to the department’s needs and its internal and external context.
      4. The risk management framework and process must be inclusive of relevant stakeholders’ knowledge, views and perceptions in managing risks.
      5. The risk management process must be dynamic and allow changes to be considered and actioned in an appropriate and timely manner.
      6. The inputs to risk management based on historic and current information, as well as on future expectation and therefore the best available information. Risk management explicitly takes into account any limitations and uncertainties associated with such information and expectations. Information should be timely, clear and available to relevant stakeholders to support timely decisions.
      7. Human and cultural factors significantly influence risk management across the department and must be considered at all stages of the risk management process.
      8. Risk management must continually be improved through learning and experience.
    3. The department is responsible for applying and implementing key legislation. The responsible officer of the relevant business unit has primary responsibility for legislative compliance.
    4. The department must build organisational resilience and enhance continuity of critical business services at an acceptable level by being able to anticipate, prepare for, respond to, recover from and adapt to disruptions.
    5. Data and information the department collects or acquires must be stored and effectively managed.
    6. Department programs, projects, strategies, policies and initiatives must be evaluated for their effectiveness in improving education outcomes for students and supporting the effective, efficient, appropriate and transparent use of public resources.
    7. The department must apply risk management principles and develop, implement and maintain an effective fraud and corruption control system, incorporating prevention, early detection and effective responses to fraud and corruption events in ways that achieve optimal outcomes for the department.
  2. Context
    1. The following procedures support this policy:
      1. Enterprise data standards
      2. Enterprise risk management framework
      3. Evaluation
      4. Fraud and corruption control procedures and framework
      5. Legislative compliance
      6. Resilience and business continuity management
    2. The relevant legislation, standards and guidelines include:
  3. Policy contact
    1. Enterprise risk management
      Chief Risk Officer
      Chiefriskoffice@det.nsw.edu.au

      Legislative compliance
      Manager, Privacy & Compliance, Legal Services
      legal@det.nsw.edu.au

      Resilience and business continuity management
      Director, Controls Monitoring Advisory
      Chiefriskoffice@det.nsw.edu.au

      Enterprise data
      Manager Data Governance
      Centre for Education Statistics and Evaluation
      CESEPolicy@det.nsw.edu.au

      Evaluation
      Director, Evaluation and Effectiveness, Centre for Education Statistics and Evaluation
      info@cese.nsw.gov.au

      Fraud and corruption control
      Director, Controls Monitoring Advisory
      Chiefriskoffice@det.nsw.edu.au
  4. Monitoring the policy
    1. The relevant responsible officers and policy owners as outlined in section 3 monitor the implementation of the relevant policy, regularly review its contents to ensure relevance and accuracy, and update it as needed.
Return to top of page Back to top