Managing risk
Our Risk Management Policy and Framework, aligned with the Commonwealth Risk Management Policy, takes a practical approach to identifying and managing risk. The Chief Operating Officer serves as the Chief Risk Officer, responsible for embedding a strong risk culture and overseeing the implementation of our framework. We are actively strengthening and embedding our risk management practices to support effective service delivery and policy development. This includes refining internal controls and governance to manage risk, integrity, fraud, corruption, and non-compliance. A key focus is understanding shared risks with our partners. In 2025–26, we will enhance these partnerships by developing shared risk approaches and improving risk monitoring, reporting, and staff capability. To meet our obligations under the Commonwealth Child Safe Framework, we publish an annual Statement of Compliance. This outlines our child safety risk assessments and strategies to manage identified risks.
Our enterprise risks and opportunities
The NIAA continuously identifies, assesses, manages, and monitors risks across all levels of the organisation. These activities are central to our enterprise risk management approach and support informed decision-making. At the enterprise level, risk management enables us to anticipate change, respond to emerging risks, and minimise potential disruptions to our operations and service delivery.
Our enterprise risks are aligned with our strategic objectives and reflect the complex environment in which we operate. These risks are regularly reviewed and overseen through governance structures, including Executive Board, the Audit and Risk Committee, and the Risk and Operations Committee. This integrated oversight ensures a coordinated and transparent approach to risk across the NIAA. The following page provides an overview of our 4 enterprise level risks and their associated opportunities.
Credibility
Risk statement
The NIAA is not able to maintain credibility with Aboriginal and Torres Strait Islander people and other key stakeholders and is unable to collaborate and influence outcomes in support of the organisation’s purpose.
Opportunities:
» We actively seek and capture feedback from communities to build relationships and trust.
» We invest in a systematic external stakeholder engagement approach at all levels of the NIAA.
» We maintain a customer relationship management system and support staff to protect personal and sensitive information in accordance with our privacy obligations.
» We have a regional presence connecting communities, service providers, and state, territory, and local governments.
» We are strengthening our capability to collect, use, and share data and information to build trust and strategic influence.
Delivery
Risk statement
The NIAA’s sponsored programs are not grounded in evidence and the lived experience of Aboriginal and Torres Strait Islander communities.
Opportunities:
» We continue to develop regional and sector strategies to better target our investment to the areas of greatest need and to enhance how we measure performance.
» We continue to implement our Engagement Toolkit to support our role as a convener and broker, sharing insights and feedback for better design and implementation of programs.
» We continue to adopt a ‘digital first’ approach for enhanced use of information and improved evidence base. This will also improve the internal sharing of information and the NIAA's ability to detect and respond to further performance and compliance issues.
Delivery
Risk statement
The NIAA’s administrative processes may impact effective and timely delivery of programs and services.
Opportunities:
» We are enhancing our project management system (Project Central) for use across the NIAA to support our consideration of risk, opportunities, and capacity to deliver.
» We maintain emergency and business continuity policy and processes to respond to and minimise service disruption.
» We continue to implement the NIAA’s Integrated Program Compliance and Fraud Framework to further improve our proactive approach to compliance, fraud, and corruption, including prevention, early engagement, and response.
Capability
Risk statement
The NIAA is not able to maintain the right capabilities (people, resources, processes, systems, and culture) to deliver the NIAA’s outcomes.
Opportunities:
» We have a clear Employee Value Proposition and will have targeted strategies for attraction, recruitment, and retention, particularly to increase our Aboriginal and Torres Strait Islander workforce.
» We continue to implement the NIAA’s Digital Strategy, Data and Information Management Strategy, and ICT strategy, focusing on a tailored capability uplift program.
» We prioritise building the capability of our staff. This year we will drive targeted activities through the ‘Our People Strategy’.
» We continue to enhance our human resource management processes to ensure that staff confidently raise claims of misconduct or discrimination, in a trauma-informed environment, and that any complaint is dealt with appropriately. We also ensure any identified trends are addressed at a local or enterprise level.