Risk management and internal controls

Risk management

You role as a manager or executive in the Queensland Government is to understand the risks associated with achieving business objectives.

By understanding risks and implementing treatment strategies, you will increase the chances of achieving your objectives and build effective internal controls to meet legislative and regulatory obligations.

To manage risk well, you should:

  • promote the view that we are all risk managers and encourage staff to develop risk management skills
  • integrate risk management practices into everyday business activities
  • identify potential risks and develop mitigation strategies
  • escalate risk that cannot be managed at your level of authority.
  • review the government’s Guide to risk management.

Internal controls

Sound management of internal business controls ensures the integrity of business information.

Managers need to be aware of the government’s financial accountability handbook. This provides guidance on designing and implementing internal controls and systems.

When promoting and managing internal controls, you should:

  • contribute to the annual management assurance report to clients by completing regular compliance checklists for relevant internal controls.
  • implement strategies to improve the performance of the control environment
  • make the outcomes of compliance checks and evidence of corrective action available to internal audit
  • promote awareness of your team’s business continuity plan
  • contribute to the review of business continuity plans
  • regularly refresh training in information security
  • determine an authorising system and physical access requirements for your staff
  • ensure information security risks are identified, assessed and managed.