Risk Appetite Statement
The ACMA will take actions that involve identified and managed risks where those actions improve or accelerate the achievement of the ACMA’s purpose, strategies and actions.
ACMA staff are encouraged to seek out and take advantage of opportunities to improve regulatory practice and operational efficiency.
There are limits to our organisation’s risk appetite. The ACMA will not accept a risk that:
- puts the safety and wellbeing of ACMA staff or any member of the Australian public in danger
- would be inconsistent with our legal obligations
- sees ACMA staff operating outside of the normal process and expectations of the APS or the Australian Government
- jeopardises achievement of our purpose
- is taken without a decision made at the appropriate level within the ACMA.
The ACMA recognises that not all the risks we face will be within our control, and we accept this as an unavoidable reality of our operating environment. However, we seek to mitigate the potential adverse impacts by regularly monitoring these risks and responding quickly when incidents occur.
Our Risk Management Framework
We have established and maintain systems of risk oversight, management and internal controls in accordance with section 16 of the PGPA Act and the Commonwealth Risk Management Policy. Our risk reporting framework helps us to build a shared understanding of the pressures we face and to make plans for future action.
We regularly review our governance systems, as a whole, and take steps to improve on our existing strong foundations. Our Audit Committee and internal auditors give us expert advice in the interests of continual improvement.
We draw insights into better practice through advice taken from other Commonwealth entities and consultation with the regulated community.
Our framework is adaptive and designed to allow staff the freedom to innovatively manage risk within strong boundaries of support and oversight.
Our risk environment
We manage risks that face us as an organisation, and risks that face the Australian community, economy and communications landscape.
At the highest level we face three strategic risks:
- Failure to provide efficient and effective safeguards for the Australian community.
- Failure to facilitate the efficient allocation and use of public resources.
- Failure to meet our responsibilities as a Commonwealth regulator.
We have varying levels of control over our risk environment. Broadly, we divide our risk environment into three categories, all of which will be the subject of mitigation strategies:
- External events under the control of others.
- Risks we can influence.
- Risks we can control.