Skip to main content.

Effective risk management under PGPA


The Public Governance, Performance and Accountability Act 2013 (the PGPA Act) requires Commonwealth entities to take a mature approach to managing risk. The Act places an obligation on entities to ensure they have appropriate arrangements for the management and oversight of risk.

The Act provides the foundations for a system of earned autonomy for Commonwealth entities and will see a risk-based approach taken to financial framework regulation. The level of oversight and regulation will depend on the level of the entity’s risks and the effectiveness of its approach to managing those risks.

Broadleaf offers a range of services to assist entities to manage risks to the standards required by the Act. These services include:

  • Risk management training for executives
  • Risk management training for managers and risk management practitioners
  • Mentoring of risk management experts (champions)
  • Benchmarking assessment and gap analysis of risk management frameworks.

Risk management training

Broadleaf’s courses address risk management requirements of the PGPA Act. Our training packages range from high-level executive briefings and orientation, to detailed courses for managers and practitioners.

Broadleaf offers general PGPA-focused risk management training courses and can also deliver workshops, courses and tutorials to meet an entity’s specific needs, tailored to its risk management framework. The content and duration of training packages can be customised to meet particular requirements or constraints.

Training can also be delivered and assessed as part of national risk management competency requirements and contribute towards formal qualifications.

For Commonwealth entities, Broadleaf offers two specific risk management courses addressing the PGPA Act.

Risk management for executives

This is an intensive and interactive half-day course for senior executives who need to understand their risk management obligations under the PGPA Act and require a sound knowledge of risk management using the Standard AS/NZS ISO 31000:2009.

This course covers:

  • Foundations of risk and risk management
  • Risk management in government and the PGPA Act
  • The guidelines and principles of effective risk management in AS/NZS ISO 31000:2009
  • Executives responsibilities for risk management
  • The risk management framework, its role, development and enhancement.

Risk management for managers

This is an intensive and interactive two-day course for managers and risk management practitioners who need to develop a detailed understanding of the risk management requirements of the PGPA Act, who require a detailed knowledge of modern day risk management based on AS/NZS ISO 31000:2009, and who require skills to develop, enhance and maintain a risk management framework for their organisation.

This course covers:

  • Foundations of risk and risk management
  • Managing risk within government Agencies
  • PGPA and its implications for how entities manage risk
  • The principles and attributes of effective risk management
  • Practical application of the risk management process
  • Integration into decision making and planning
  • The risk management framework, its role, development and enhancement in Government
  • Governance, approaches to oversight and creating value through reporting

The two-day course will include syndicate exercises and workshops using a case study relevant to the entity.

Mentoring of risk management champions

One of the most important elements of a framework that supports effective risk management is the appointment and support of risk management champions. Their enhanced risk management skills enable them to assist the entity in the practical implementation of the risk management process. Champions in turn draw support from a community of practice, a forum for mutual support and skills enhancement.

Broadleaf offers on-going mentoring and support of risk management champions through a coaching and training program, typically through monthly or quarterly forums that are tailored to the entity’s needs. These develop champions’ risk management skills, provide them with access to practical advice and approaches that have worked elsewhere, as well as enabling them to enhance the depth of their understanding of risk management by being introduced to advanced processes and techniques.

A typical risk management champions mentoring program would include regular coaching sessions on:

  • Expected changes to local and international Standards and the impact on Commonwealth entities
  • Emerging trends and best practice from Australian and international risk management activities
  • Lessons learned from within the entity itself and other comparable organisations on risk management activities
  • Discussions and feedback on improvements to the entity’s risk management framework and its guidance documents
  • Further training on more advanced risk management processes and techniques.

Risk management gap analysis and effectiveness evaluation

Commonwealth entities need assurance that they are managing risk effectively and that their approach satisfies the requirements of the PGPA Act. If they are not, they may not attain the level of earned autonomy they require.

Broadleaf offers a gap analysis and risk management effectiveness evaluation service to Commonwealth entities. It assesses an entity against risk management best practice, AS/NZS ISO 31000:2009 and PGPA Act requirements.

Our structured approach to evaluating effectiveness is based on our leadership and participation in Australian and International risk management Standards committees, and our experience as a pre-eminent risk management consultancy for more than 20 years in Australia and overseas.

We have tailored our evaluation methods and tools to align them with the requirements of the PGPA Act and best practice in risk management in Government.

After many years of practical experience in evaluating and enhancing frameworks for risk management in Government organisations, Broadleaf believes that success depends as much on the manner in which a framework is developed and implemented as it does in the detail of the tools and written materials generated. This is why we strongly recommend to our clients that an evaluation be accompanied by a management of change process, where key internal stakeholders are involved and engaged in evaluating the existing approach and in planning how, where and when enhancements will be made.