(1) AMSA is an ineffective regulator
Residual risk: Moderate
Risk Appetite & Tolerance (Note 2)
Regulatory approach
Key mitigation strategies (controls) are monitored through AMSA’s internal audit program and integrated management system, established regulatory scheme, ship inspection program, effective national network of aids to navigation and other navigational services and ongoing engagement with industry. AMSA has a regulatory plan, policies and an annual compliance program.
Risk tolerance statement:
We have low tolerance for regulatory approaches that are inconsistent with our mandated obligations under the AMSA Act 1990. We have low to moderate tolerance for risk in the pursuit of innovative regulatory approaches, for example alternative means of compliance – consistent with our Act and Statement of Regulatory Approach 2022.
In very specific instances, we have moderate to high tolerance for the application of contemporary and potentially ground-breaking regulatory approaches (including research) that allow us to respond dynamically to changes in our operating environment.
(2) AMSA does not respond effectively to significant incidents resulting in avoidable loss of life, environmental damage or harm to the community, critical infrastructure and socio-economic resources
Residual risk: Moderate
Risk Appetite & Tolerance
Search and Rescue
Key mitigation strategies include National Response Capability Statement and National Plan for Maritime Environmental Emergencies, real time maritime and aircraft positional information system for identifying assets for emergency response purposes, mature incident management arrangements, maritime safety and distress communication services and 24/7 operation of response centre.
Risk tolerance statement:
We have low tolerance for practices which jeopardise the outcomes of our search and rescue operations – saving lives. We have low tolerance for risks associated with the conduct of search and rescue operations by our contracted panel providers, recognising that the nature of those operations pose an inherent risk to our contractors, their staff and the public. We prioritise training and awareness for our search and rescue staff, contractors, and stakeholders to minimise this risk.
We have low to moderate tolerance for providers we use on a non-panel tasking basis. Non-panel tasking carries increased risk as the assets have not been specifically assessed prior for suitability for search and rescue. However, this risk is balanced against saving lives – and we have several specific controls in place to minimise the risk.
(3) AMSA does not effectively engage with customers and stakeholders, including those with influence (such as Ministers and high-profile industry leaders)
Residual risk: Moderate
Risk Appetite & Tolerance
Relationship management
Key mitigation strategies include Service Charter, review of consultative bodies, IMO work program, increased regional presence/footprint, AMSA Connect telephone service, Customer issue management via CRM, regulatory customer experience feedback (informal and online/phone), periodic AMSA communications, social media/websites, stakeholder consultative forums, public and community engagement initiatives.
Risk tolerance statement:
We have a moderate tolerance for risk as we nurture and develop our relationship and reputation with stakeholders.
We acknowledge that we will be subject to ongoing scrutiny, particularly from National System stakeholders.
We are not adverse to criticism.
(4) Ongoing funding arrangements for the National System are not resolved by Government and/or AMSA is not able to demonstrate efficient costs to administer the National System to the satisfaction of government resulting in an ongoing shortfall of funding
Residual risk: High
Risk Appetite & Tolerance
Financial
Key mitigation strategies include Activity Base Costing, Section budgets and Executive reporting, Portfolio Board and Portfolio Working Group, P3M arrangements.
Risk tolerance statement:
We have low tolerance for a systemic breakdown of financial controls, cash mismanagement or material errors in financial reporting. Acknowledging that the introduction of innovative practices and ways of thinking can increase risk initially, we have low to moderate tolerance for financial risk in pursuit of improvement. We recognise that the Commonwealth is operating in a constrained financial environment, and that we are under increasing scrutiny to justify our costs and cost recovery arrangements to stakeholders. We must accept some risk to deliver improvements, while continuing to deliver our outputs and outcomes.
(5) Fail to maintain a safe work environment
Residual risk: Low
Risk Appetite & Tolerance
People
Key mitigation strategies include AMSA work health safety management plan; remote working policy, guidance and checklist; fatigue risk management initiatives; bullying and harassment protections; diversity objectives; and regular meetings of the Health Safety and Environment (HSE) Committee; certified quality management system, ongoing training and awareness; and employee wellbeing program. For COVID, key mitigation strategies include AMSA pandemic plan, Divisional Business Continuity Plans, and the AMSA COVIDsafe Plan.
Risk tolerance statement:
We have no tolerance for poor workplace safety practices - particularly those which adversely affect the health, safety and well-being of our employees. We have rigorous systems to ensure that our employees’ health and wellbeing is protected.
(6) Ineffective internal systems of control
Residual risk: Low
Risk Appetite & Tolerance
Governance & compliance
Key mitigation strategies include independent Fraud and Corruption Control risk assessment and plan, HR & payroll system (Aurion) and internal audit program, governance, compliance, assurance and reporting framework, Accountable Authority Instructions, certified standards management system, financial delegations, system of risk oversight and management, involvement in relevant Commonwealth communities of practice/working groups and ongoing training and awareness.
Risk tolerance statement:
We have low tolerance for breaches of our general legislative obligations as a corporate Commonwealth entity. We must be able to demonstrate conformance with our statutory obligations under general legislation. We accept that accidental and non-systemic breaches may occur, but these must be followed by appropriate corrective action.
(7) AMSA fails to have the right capability to respond appropriately to the changing environment
Residual risk: Moderate
Risk Appetite & Tolerance
People capability and capacity
Key mitigation strategies include annual review of the work program, strategic workforce plan and capability framework, digital plan, disaster recovery plans and testing, Information and Data Governance Committee, Lessons Board, Interim PMO, AMSA’s Futures Program and Future Capability Program.
Risk tolerance statement:
We have a moderate tolerance for risk in our approach to recruiting, developing and engaging staff.
We understand that to compete and secure good candidates in a resource constrained environment we must develop more efficient and innovative ways to attract and retain staff