Each DELWP agency is responsible for developing and implementing a risk management process that:

  • is tailored to its purpose, functions and powers
  • complies with its risk management obligations and good public sector governance practice.

Victorian Government Risk Management Framework

The Victorian Government Risk Management Framework (VGRMF) sets out the minimum risk management requirements, including insurance requirements, for the Victorian public sector.

The framework is legally binding on DELWP agencies that are subject to the Financial Management Act 1994 (FMA).  Most major DELWP agencies are subject to the FMA*.   DELWP recommends that even if your agency is not subject to the FMA it should apply the risk management requirements in the framework, which are good public sector governance practice.  

* An agency that is subject to the FMA must submit an annual report that is tabled or reported in Parliament and comply with the financial management obligations, including risk management obligations, in the Standing Directions of the Minster for Finance 2016.

Key risk management duties

Some key risk management duties under the framework include:

  • Your agency must have a risk management policy and related documentation in place that is consistent with the framework
  • Your agency must demonstrate that it is managing risk effectively, including having processes in place to address inter-agency and state significant risk
  • Your agency’s risk management process must be integrated into its corporate (strategic) and business (operational) planning processes
  • As part of financial management compliance, the board of the agency must attest in its annual report that the agency manages its risks in accordance with the framework.  

Australian and New Zealand Standard

The framework adopts Australian and New Zealand standard AS/NZS ISO 31000:2009: Risk Management – Principles and Guidelines.  Your agency’s risk management approach should be consistent with this standard and include:

  • Communication and consultation with internal/external stakeholders during risk assessment and treatment
  • Identifying the risk
  • Analysing the risk
  • Evaluating the risk
  • Treating the risk
  • Ongoing monitoring and review of risk exposure and of the effectiveness of risk controls.

Assistance from VMIA

To assist public sector agencies to understand and comply with their risk management obligations and good practice, the Victorian Managed Insurance Authority (VMIA) offers a range of free resources, including:

Practice Guide

The free VGRMF Practice Guide includes a practical explanation of key risk management concepts and practical tips on how to improve capability and align with the Australian and New Zealand Standard (AS/NZS ISO 31000:2009).  Your agency can adapt the guide to suit its needs.

Practice notes

Free practice notes, for example:

  • Incorporating risk into your agency’s planning process
  • Interagency and state significant risks
  • Risk culture
  • Attestation practice.


Free templates, including:

  • Risk management policy template
  • Other risk templates – e.g. Communication plan, Risk assessment, Risk register, Sources of risk, Risk rating criteria, and Risk treatment plan.
  • Insurance templates – e.g. Insurance register, Indemnities register, Incident and claims register, Incident notification form, and Guide to managing indemnities.


Free workshops and seminars for those agencies which are insured with VMIA:


Board members and staff of your agency can arrange to attend VMIA’s standard seminars and workshops


In addition, DELWP may be able to arrange with VMIA for a free seminar or workshop that is tailored to your agency’s needs – e.g. relevant case studies.

To ask whether this service, which is operating as a pilot project between DELWP and VMIA, can be offered for your agency, type of agency, and/or geographic location, contact your agency’s DELWP relationship team.

For those DELWP agencies which are not insured with VMIA but are interested in VMIA workshops, seminars or other training, please contact your agency’s DELWP relationship team.

eLearning module

A free online learning module on the Victorian Government Risk Management Framework.

Peer network

A Risk Professionals Community of Practice is open to those who have a current Institute of Public Administration Australia membership or who have attended a VMIA risk workshop.

Governance links

Related support modules

DELWP offers related support modules on:

Useful links

Below are direct links to this topic on external websites:

Background Information

Risk appetite

An agency’s risk appetite is the amount and type of risk an organisation is willing to accept in delivering its mandate.  An agency’s risk appetite statement should take into account the agency’s purpose, functions and powers, its legal and other obligations, government expectations, and other relevant factors in the agency’s internal and external environment.   For example, your agency’s risk appetite statement might include low tolerance for risks that may compromise its Code of Conduct, zero tolerance for fraudulent and corrupt behaviour, etc.

Risk management requirements

Risk management requirements include:

Page last updated: 23/10/18