A NSW Government website
Senior Executive Fundamentals

Audit and risk

Understanding the audit and risk management frameworks for your agency and your role in implementing those frameworks is important. 

By successfully managing risk within your agency, you will increase the likelihood that it will achieve its short-and long-term objectives.

Robust internal audit and risk management processes across the NSW public sector support the achievement of outcomes, promote integrity in allocating and managing the state’s resources and contribute to an environment of effective governance and informed decision making.

Roles and responsibilities

Your agency head is responsible for your agency’s internal audit function and system of internal controls. They also have ultimate responsibility for implementing effective risk management practices within their agency.

Most agencies have an Audit and Risk Committee that provides independent advice to the agency head, drawing on their findings from monitoring and reviewing the effectiveness and integrity of the agency’s internal audit function, risk management and control frameworks. 

Familiarise yourself with your:

  • agency risk management framework 
  • internal audit and risk policies procedures
  • key contacts with your agency including the Chief Risk Officer and the Chief Audit executive, these two roles could be held by the same person.

Internal Audit and Risk Management Policy

Internal audit provides assurance to the agency head that risks are being managed appropriately, by independently reviewing the design and effectiveness of an agency’s controls.

The Internal Audit and Risk Management Policy for the NSW General Government Sector (TPP 20-08) requires in scope agencies to comply with a number of requirements relating to their risk management frameworks, internal audit functions and Audit and Risk Committees. All agencies are required to maintain effective systems for risk management and internal controls.

The policy also requires that agencies establish and maintain a risk management framework consistent with the current standard on risk management (AS ISO 31000:2018). In scope agencies must also attest their compliance with the policy to Treasury each year and publish the attestation in the agency’s annual report.

Risk Management toolkit

Treasury developed the Risk Management Toolkit for NSW Public Sector Agencies (TPP 12-03) to help agencies develop and implement their risk management frameworks and processes, consistent with the Australian Standards AS ISO 31000:2018 Risk management guidelines. This toolkit is useful if you are a senior risk official in your agency.  

Risk management systems, like other management systems, should be designed to meet an agency’s specific needs. The toolkit provides detailed and practical advice on the various elements of the risk management standard (AS ISO 31000:2018) together with useful templates and some worked hypothetical examples.

There are a variety of courses on risk management available for NSW public sector employees through icare’s Risk Education Express (REX).

Audit and Risk Committees

Your agency may have an Audit and Risk Committee who work with your agency head by monitoring, reviewing and providing advice about governance processes, risk management and control frameworks, and external accountability obligations.

As a senior executive you may be required to provide reports to your Audit and Risk Committee on the progress of your work, provide advice to the committee or answer question they may have about your work.  

The Internal Audit and Risk Management Policy requires that all ARC members be independent and appointed via the Prequalification Scheme. The scheme provides a list of prequalified, independent chairs and members who may serve on Audit and Risk Committees in NSW public sector agencies.

The Audit Office of NSW

The Audit Office of NSW is established under the Government Sector Audit Act 1983. They deliver audits that help Parliament hold agencies accountable for the use of public resources. They conduct both financial and performance audits of agencies. Financial audits provide an independent opinion on an agency’s financial statements. Performance audits review whether public money is being spent effectively, effectively, economically and in accordance with the law. 

As a senior executive you may be required to cooperate with the Audit Office while they are conducting audits in your agency.