The purpose of the Treasury Risk Maturity Assessment Tool (Tool) is to support the improvement of risk management, culture and capability across the NSW public sector. The tool provides agencies with a systematic, uniform approach for self-assessment that will allow agencies to measure risk maturity, identify areas to improve and communicate results to leadership teams (agency and cluster) and Audit and Risk Committees.
The key benefits of the tool include:
- helping agencies to assess their own maturity level
- identifying specific areas to improve risk culture and capability
- supporting whole of government improvements to risk management through a uniform tool, and
- allowing agencies to compare their results over time.
The use of the Tool provides further assistance to agencies to meet their obligations under section 3.6 of the Government Sector Finance Act 2018, which requires the Accountable Authority (i.e. Secretaries and agency heads) “to establish, maintain and keep under review effective systems for risk management … that are appropriate systems for the agency.”
The tool has been developed through a collaborative process sponsored by NSW Treasury. This involved collaboration from a working group comprised of cluster and other key agency chief risk officers and risk managers, as well as input from Protiviti. These contributions are gratefully acknowledged.
Treasury Risk Maturity Assessment Tool
The Treasury Risk Maturity Assessment Tool is comprised of:
- Treasury Risk Maturity Assessment Tool Guidance Paper (TPP20-06)
- Treasury Risk Maturity Assessment Tool A3 Matrix
- Treasury Risk Maturity Assessment Tool Spreadsheet.
The Guidance Paper includes the Risk Maturity Matrix and supporting methodology and information.
NSW Agency Risk Operating Model
The Tool is based on the NSW Agency Risk Operating Model below which is the supporting methodology for the risk maturity assessment. It ensures that when users of the Tool conduct an assessment, all aspects contributing to the management of risk throughout an agency are considered.
The Model demonstrates how agencies should consider the wider context of their agency when conducting a risk maturity assessment. This is through the outside sections of the Model reflecting the different aspects that contribute to managing risk including the minimum regulations and standards that apply to agencies, the relevant risk classes applicable to the agency and the various levels and divisions of an agency which manage risk including the ‘Three lines Model.’ These factors should be considered when assessing the three elements and nine attributes contained in the Risk Maturity Matrix to determine the agency’s maturity level.
The accompanying Treasury Risk Maturity Assessment Tool Spreadsheet (link below) enables Agencies to conduct a self-assessment using the Tool and produce a summary of their risk maturity assessment. This includes presenting a current maturity state and a program of activities to reach the target maturity state.
For further information on the Treasury Risk Maturity Assessment Tool, contact Treasury’s Financial Management Governance & Analytics team at firstname.lastname@example.org