Policy. VBA Enterprise Risk Management. Governance Unit



Similar documents
ENTERPRISE RISK MANAGEMENT POLICY


Victorian Government Risk Management Framework. March 2015

Risk Management Policy

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Council Meeting Agenda 27/07/15

Risk Management Policy

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

The New Zealand Human Services Quality Framework - ISO9002:2008 to 2012

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

Policy (Board Approved)

Council Policy Business Continuity Management

ESKISP Conduct security testing, under supervision

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Compliance Policy AGL Energy Limited

Compliance and Enforcement Policy. November 2013

Council Policy: Asset Management

ENTERPRISE RISK M A NAGEMENT POLICY

Business Continuity Management

RISK MANAGEMENT FRAMEWORK

Performance Development Framework. NSW Public Sector

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

Document and Record Control Procedures

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Third party Web hosting services security Policy

Integrated Risk Management Policy

information Records Management Checklist business people security preservation accountability Foreword Introduction Purpose of the checklist

GLASGOW SCHOOL OF ART OCCUPATIONAL HEALTH AND SAFETY POLICY. 1. Occupational Health and Safety Policy Statement 1

FSPAMFPI06 Complete reports for mortgage and/or financial planning clients

West Sussex County Council Resilience Policy

Secretary Approval Cardiac Arrest frequently asked questions

Overview TECHIS Carry out security testing activities

Business Continuity Management Policy

Director of Asset Management and Repairs

Risk Management. Policy

South Norfolk Council Business Continuity Policy

INTERNAL AUDIT CHARTER AND TERMS OF REFERENCE

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe

EPSRC Policy Document

Engineering Manager. Basic details. Date: July Reporting & peers. Other reporting relationships:

CONTROLLED DOCUMENT. Traffic Management Policy

Audit of the Test of Design of Entity-Level Controls

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

ESKISP Direct security testing

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

Compliance. Group Standard

HEALTH, SAFETY, ENVIRONMENT AND COMMUNITY MANAGEMENT STANDARDS. OCTOBER ISSUE No 01. Doc No: HSEC MS 001

ENTERPRISE RISK MANAGEMENT FRAMEWORK

The Victorian Public Sector values dictate the way we interact with each other, with our the market and guide the way that we make decisions.

Job Description: Head of Finance and Business Administration

Health and Safety Management Standards

University of New England Compliance Management Framework and Procedures

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

POSITION DESCRIPTION

CHIEF EXECUTIVE INFORMATION PACK

Emergency Management and Business Continuity Policy

HEALTH SAFETY & ENVIRONMENT MANAGEMENT SYSTEM

TOTAL QUALITY MANAGEMENT II QUALITY AUDIT

august09 tpp Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

Essex County Council Policy for Information Management and Security

Policy (Board Approved)

CFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements

CORPORATE GOVERNANCE. Deviations from the Dutch corporate governance code

Business Resilience and Risk Management

Information Management Policy for The Tax Information Authority

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Information Governance Strategy & Policy

Succession Planning Policy and Procedure

Avondale College Limited Enterprise Risk Management Framework

POSITION DESCRIPTION COUNTRY DIRECTOR, CHILDFUND MYANMAR

IPDS. Green Book Employees. An Integrated Performance Management, Pay and Grading System. Technical 2. Making West Midlands Safer.

NHS Commissioning Board: Information governance policy

Internal Audit Terms of Reference

Job Description. 5. To ensure recruitment, retention and achievement of learners are fully supported and facilitated.

Records Management Checklist. preservation. accountability. information. security. peoplep. A tool to improve records management

The Mid Yorkshire Hospitals NHS Trust. Job Description

PS 170 Business Continuity Management Policy

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

Highland Council Information Security Policy

CHANCELLOR'S COMMUNICATION

National Occupational Standards. Compliance

PERSONAL INSOLVENCY PRACTITIONERS INFORMATION

Document and Records Management Systems

ASBESTOS POLICY MANAGEMENT PLAN

Policy Document Control Page

Section 75 Policy Screening Form

Leicestershire Police Incident Response Policy

Supervisory responsibilities: Nil

FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

Data Governance. Policy FINAL (Approved)

SOMERSET PARTNERSHIP NHS FOUNDATION TRUST RECORDS MANAGEMENT STRATEGY. Report to the Trust Board 22 September Information Governance Manager

Information Management Policy for The Treasury Department

SAI GLOBAL LIMITED Risk Management Policy

Governance Document Management Framework

Locking Stumps Community Primary School. School Business Manager Job Description

Performance Expectations:

People Strategy 2013/17

SOUTHERN RURAL WATER POLICY RISK MANAGEMENT POLICY

QSS 0: Products and Services without Bespoke Contracts.

Victorian Government Information and Communication Technology (ICT) Governance

Transcription:

Policy VBA Enterprise Risk Management Governance Unit Keywords: Policy; risk; governance. ID: Version no: Status: VBAPOL-0074 2.0 Final Issue date: Date of effect: Next review date: 14/07/2015 14/07/2015 14/07/2016 Business Unit: TRIM: Governance Unit DOC/15/77668

Version history Policy history Version Date Author Brief description of change Reviewed Date of authorisation Board authorised Date Board authorised 1 24/02/2014 Governance 20/03/2014 20/03/2014 20/03/2014 2 12/06/2015 Governance Update June 2015 14/07/2015 14/07/2015 14/07/2015 TRIM: DOC/15/77668 Page 2 of 6

Contents Policy history... 2 Policy... 4 Policy purpose and intent... 4 Principles... 4 Scope... 4 Responsibility... 4 Monitoring and evaluation... 5 Standards... 5 Statement of standard one... 5 Statement of standard two... 6 TRIM: DOC/15/77668 Page 3 of 6

Policy Policy purpose and intent VBA recognises that operational risk management is an integral part of good management practice and a significant aspect of public sector governance. The effective management of risk provides an essential contribution towards the achievement of government and the VBA s objectives and outcomes. The principles contained in this policy enable the VBA to identify, assess and prioritise risk in a manner that: is compliant with legislative and statutory requirements, including: o the Public Administration Act 2004 o the Financial Management Act 1994 o the Victorian Government Risk Management Framework (VGRMF) 2015; enables an organisation that is risk aware at all levels; enables decision making with comprehensive and up to date information on current and future risks; and supports the VBA s strategic objectives. Principles Principle 1: VBA risk management is organised and systematic VBA s Enterprise Risk Management Framework (framework) is coordinated, integrated, systematic and proactively managed. Principle 2: VBA risk management is compliant The framework is compliant with legislative requirements and is consistent with best practice, standards, VBA s vision, mission and strategic objectives. Principle 3: The VBA s organisational culture risk aware The VBA promotes a risk management culture that is risk aware, enabling consideration of risk in all levels of decision making. Scope This policy applies without limitation to all staff within the VBA. Responsibility The operation of this policy is the responsibility of the Director, Office of the CEO through the Governance Unit. TRIM: DOC/15/77668 Page 4 of 6

Monitoring and evaluation The policy is expected to deliver the following benefits to the VBA: decisions are made with increased consideration of relevant risks; decision makers have more access to up-to-date information on current and future risks; increased efficiency; VBA employees have an increased risk awareness; increased likelihood to deliver objectives; improved governance; and improved organisational resilience. Standards The following standards are required to comply with the principles of this policy: 1. an internal control system to enable the VBA s Executives to understand, manage and satisfactorily control risk; and 2. the VBA s Chairman and Chief Commissioner attests to the VBA s compliance with the framework every 12 months. Statement of standard one An internal control system to enable the VBA s Executives to understand, manage and satisfactorily control risk Requirements The following is required to comply with this standard: 1. use of ISO 31000:2009 as the methodology used for risk in the VBA; 2. adherence to the framework; and 3. adherence to the VBA s risk management process. Overview This standard complies with the directions issued under the Financial Management Act 1994 and also the governance principles set out in the Public Administration Act 2004. Rationale Having an internal risk management system will: provide a consistent way to identify and manage risk; aid organisational governance; and allow decision makers to understand, manage and control risk. TRIM: DOC/15/77668 Page 5 of 6

Derivation This standard is derived from the following element of the risk management principles: Principle 1: VBA risk management is organised and systematic; Principle 2: VBA risk management is compliant; and Principle 3: The VBA s organisational culture is risk aware. Scope Use of this standard is mandated to all employees within the VBA. Reporting: Business units must report on compliance with the standard as part of the risk attestation process. Statement of standard two The VBA completes a risk attestation every 12 months. Requirements The following is required to comply with this standard: 1. review the organisation s risk profile at least every 12 months; 2. the CEO of the VBA provides a risk attestation every 12 months; and 3. the VBA s Board approves the attestation on the advice and verification of the Audit and Risk Committee every 12 months. Overview Reviewing the VBA s risk profile at least every 12 months will allow the VBA to comply with directions issued under the Victorian Government Risk Management Framework 2015. (VGRMF). Rationale Reviewing the organisation s risk profile and completing an attestation every 12 months will enable: the VBA to meet its statutory requirements; and good organisational governance. Derivation This standard is derived from the following element of the risk management principles: Principle 2: VBA Risk Management is compliant. Scope Use of this standard is mandated to all employees within the VBA. Reporting: The Governance unit must report on compliance with the standard annually. TRIM: DOC/15/77668 Page 6 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information