Risk and Continuity Management

Risk Management

Risk is inherent in everything we do and risk management is a continuous function affecting all facets of our lives and is something we act upon either consciously or subconsciously. From an organisational viewpoint, systematic management of risk is crucial at all levels whether it be from a strategic viewpoint or in our day-to-day operations.

We have continued to adopt the Portfolio-wide Risk Management Policy first developed in 2018 and our risk management approach aligns with the context within which we operate, taking account of regulatory, financial, safety, political and economic compliance requirements; reputational exposures; community expectations; and other governance needs. We capture this approach in our Risk Management Procedure developed in accordance with AS ISO 31000:2018 Risk Management – Guidelines. It provides guidance across the organisation on undertaking risk assessment and management activities.

Integrating risk management into our operations where possible, ensures that it is not a separate discrete activity, but an essential part of business processes where everyone is involved in the management of risk.

We have embedded corporate strategic risk assessment in our corporate business planning process enabling resources to focus on risk management as opposed to risk administration. Each year we facilitate strategic risk workshops for all directorates and Corporate Executive.

Project risk management is a part of our project management tools, methodologies and the Enterprise Project Management system. Through risk management workshops and quality audits we ensure that the correct reviews and controls are in place.

This diagram outlines the annual risk process.

flow chart showing the risk process

The following table shows our principal risks and opportunities, aligned against material issues.

Risk Theme Material Issues Key Resources Impacted

Strategic Alignment

  • Failure to embed new operating models to achieve strategic objectives

Good public policy

Procurement practices

Labour management relations

Customers Know-how Assets


  • Failure to coordinate and implement key infrastructure projects
  • Inability to improve congestion management outcomes
  • Inability to identify and adopt emerging technologies

Road safety

Congestion and freight productivity

Regional presence and development

Indigenous heritage and native title

Value for money

Customer privacy

Climate change

Energy and emissions


Network performance Assets Customers Our people Know-how


  • Inadequate strategic asset management approach
  • Inability to optimise funding opportunities
  • Failure to build and retain the skills and capabilities to meet objectives and changing needs
  • Failure to effectively embed a culture that enables adaptability to changes

Congestion and freight productivity

Regional presence and development

Value for money

Know-how Our people Assets Financial capital


  • Ineffective engagement with stakeholders

Local communities

Good public policy

Customers Network performance Our people

Business Continuity Management

The Public Sector Commissioner’s Circular 2015–03 and Treasurer’s Instruction 825 (Risk Management and Security) require agencies to ensure Business Continuity Plans are in place enabling the agency to respond to, and recover from, any business disruption. Business Continuity Management supports the values, principles and corporate focus of the agency’s Risk Management Policy.

Benefits include:

  • increasing ability to minimise the consequences of any outage
  • ensuring timely resumption of vital services
  • providing greater protection of agency reputation and public image
  • allocating and using assets, finances and resources effectively and efficiently
  • ensuring good corporate governance.

Because of the COVID-19 pandemic, we found that whilst our Business Continuity Plans were adequate for loss of buildings, loss of services and more traditional approaches there were gaps when it came to dealing with a global pandemic.

As the seriousness of the pandemic become apparent, we quickly reviewed our plans to ensure that they would be appropriate in the event of a widespread loss of staff due to illness or requirements to self-isolate. This involved mobilising resources to ensure that we could operate from non-traditional locations, including home, increasing mobility of IT based devices and identifying ‘at risk’ teams to ensure continuity through split shifts and isolation between teams.

It was a good opportunity to test the resilience and agility of the organisation. Throughout the height of the initial State of Emergency, we were able to continue to deliver services across the state and support other agencies during this time.
All areas have a Business Continuity Action Plan in place and function within an overarching Business Continuity Management Procedure.