Effective management of risk is vital to successfully pursue the opportunities created through scientific research and ultimately deliver on our purpose.

How risks are managed in CSIRO

The identification and management of risk is central to delivering the purpose and objective of CSIRO and benefits to Australia. This includes understanding scientific, financial, commercial and legal, health, safety and security, environmental, and reputational risks.

An extensive risk management framework that identifies our greatest risks and covers how we anticipate and respond.

Risk Framework and System: How risks are managed in CSIRO

Effective management of risk is vital to successfully pursuing the opportunities created through scientific research and delivering on our purpose as an Organisation. By actively identifying and managing risks we aim to increase our effectiveness as an organisation and provide greater certainty and confidence for the Government, staff members, collaborators, partners, and other stakeholders in the community about CSIRO’s operations.

Our Risk Framework, methodology and approach is grounded in and aligned with both the international standard AS/NZS ISO 31000 Risk Management Principles and Guidelines and Commonwealth Risk Management Policy. Our Risk Framework is applied at the Enterprise, Business Unit/Functional and activity levels as illustrated in the graphic.

The CSIRO Board is also active in supporting our efforts to identify and manage our risks though three Board standing committees:

  1. People, Health and Safety Committee assists the Board to fulfil its governance responsibilities in relation to organisational development, people-related activities, and health and safety.
  2. Audit and Risk Committee assists the Board in the areas of financial management, risk management internal control, and compliance.
  3. Science Excellence Committee assists the Board to endorse, oversee, and monitor the implementation of our strategic plans with respect to maintaining and growing our scientific excellence, its connection to delivering impact, and our role as innovation catalyst in the national innovation system.

CSIRO’s risks

The most significant Enterprise level risks are provide below.

CSIRO Brand

Risk Appetite Category

Relative Level of Risk Tolerance

Mitigations

CSIRO Brand

A graphic that shows a medium level of risk with the potential to move to high level of risk.
  • Commercial processes, mechanisms and procedures available at Enterprise & Operational levels to support risk identification and enable successful customer delivery.
  • Organisational safeguards to maintain scientific integrity & excellence.
  • Organisational controls to assist in the detection, escalation and management of operational breaches.
  • Situation Management Framework, with the support of an Issues Management Team, to support the identification, assessment and management of organisational issues.

Risk Title and Owner

Brand Integrity Undermined

The increased prominence and connection of CSIRO’s Brand with a broader range of customers, undertaking challenging science in new markets and geographies, utilising new business and funding models may give rise to the brand being associated with actions in conflict with CSIRO’s Brand values.

Risk Owner: Chief Executive (CE)

Commercial & Financial

Risk Appetite Category

Relative Level of Risk Tolerance

Mitigations

Commercial & Financial

A graphic that shows a low level of risk with possible movement to a medium level of risk.
  • Development of new business models and commercialisation approaches the compliment CSIRO’s strategic objectives to achieve long-term growth and sustainability.
  • Enterprise led planning processes; CSIRO’s Planning and Performance Framework, Annual Performance and Investment Review, organisational tactical, vision and directional planning.
  • Financial controls; Delegations and Authority Framework, budget allocation and financial reporting processes.
  • Performance measures; Key Performance Indicator (KPI) Framework.

Risk Title and Owner

Financial Sustainability and Growth

A failure to effectively develop and implement strategies, appropriately manage existing resources, or adequately respond to changing economic factors to deliver sustained financial stability and growth.

Risk Owner: Chief Finance Officer (CFO)

Health, Safety, Security & Environment

Risk Appetite Category

Relative Level of Risk Tolerance

Mitigations

Health, Safety, Security & Environment

A graphic that shows a low risk level.
  • Role of the Health Safety & Environment (HSE) Group in supporting staff and leadership.
  • Building HSE awareness across CSIRO, continuous update to HSE policy, procedure, guidelines, systems, specific operating instructions, safe work instructions and other processes to support organisational activities.
  • HSE Audits and Peer reviews, hazard and incident reporting and injury management processes.

Risk Title and Owner

Workplace/Health, Safety & Environment

A failure of internal processes, systems or controls resulting in an HSE incident which adversely affects the wellbeing or safety of our people, partners, infrastructure, or environments in which we operate.

Risk Owner: Chief Operating Officer (COO)

Significant Security Incident

Our internal systems, processes or procedures ineffectively preventing, detecting, responding and/or returning to business as usual following a serious security incident (cyber, information, protective or all).

Risk Owner: COO & Executive Director, Digital, National Facilities & Collections (IM&T)

  • Defined roles and responsibilities for ICT and protective security in CSIRO’s Security Framework.
  • Preventative and reactive measures to limit adverse impacts on CSIRO’s ICT infrastructure.
  • Enterprise Security Program.
  • Activities to assess the organisation’s security posture and manage security risks.
Governance & Compliance

Risk Appetite Category

Relative Level of Risk Tolerance

Mitigations

Governance & Compliance

A graphic that shows a low risk level.
  • Organisational framework, mechanisms, structure and procedure to enable a robust Governance and compliance foundation.
  • Business Unit (BU) discretion to exercise Delegations, engage additional expertise, and escalate BU risks to the Executive Team for management.
  • Risk management process incorporated into organisational business processes, layers and activities.

Risk Title and Owner

Significant Governance Failure

A systemic failure of CSIRO’s governance framework, assurance and accountability processes.

Risk Owner: COO – Framework & Executive Team – Execution

Scientific Integrity

A failure of processes, systems or safeguards that support scientific integrity.

Risk Owner: Executive Director Growth, Chief Scientist & Sector Executives

  • Science quality and integrity accountabilities incorporated into critical BU roles.
  • Research ethics procedures, committees, statements, Acts, Code and relevant legislation.
  • CSIRO’s Authorship and Publications Procedure.
  • Mechanisms available to ensure project delivery oversight and scientific process protection.
People

Risk Appetite Category

Relative Level of Risk Tolerance

Mitigations

People

A graphic that shows a medium risk level with the potential to move to a high risk level.
  • CSIRO Brand and reputation – able to attract key domestic and international talent due to our prominence in the scientific community.
  • Attractive initiatives in CSIRO; ‘Balance’, Switch, SAGE, D&I strategies.
  • CSIRO Leadership Team actively focusing on strategies to ensure CSIRO recruits and develops the best and brightest talent.
  • Career development opportunities, capability planning and succession planning.
  • Annual Performance Agreement process, reward and recognition processes, strong organisational culture, Switch program and continuous staff engagement activities.

Risk Title and Owner

Talent

A real or perceived inability to attract or retain diverse talent, undertake succession planning, and/or foster the career development needs of our staff.

Risk Owner: Executive Director- People

Reviewing and improving our risk management

Over the next four years, we will continually strengthen and increase our risk maturity through:

  • Risk Culture – Consistent with the development of a positive culture to deliver innovation we are developing a culture towards the identification and management of risk that supports the posture that you can take risk where this is done mindfully, within organisational tolerances and is managed effectively.
  • Integration – risk is aligned with key processes to enable decision making. We continue to strengthen that alignment through increasing risk capability applied to each element of our Strategic Planning and Execution Framework.
  • Risk Capability – While risk planning and management has been very visible at Board, Executive and Senior Leader level - and in our Enterprise Support Services - cascading it to Business Units and projects has been inconsistent. We are committed to resolving these inconsistencies through developing the risk capability of our people.
  • Resilience – Our ability to respond to significant issues and events has been strengthened through the review and update of the Situation Management Framework in 2016. We continue to enhance our design and application of our Situation Management Framework in responding to external risks and events. This includes running scenario based exercises at all levels.

Contact us

 
Your contact details

First name must be filled in

We'll need to know what you want to contact us about so we can give you an answer.