It is mandated by the Standing Directions 2018 that fall under the Act (Directions), specifically Direction 3.7.1 – Risk Management Framework and Processes.
The Framework describes the minimum risk management requirements agencies are required to meet to demonstrate that they are managing risk effectively, including shared risks. This includes departments and agencies considering and defining their risk appetite within their risk management frameworks and demonstrating a positive risk culture based on the guidelines. The Framework also outlines the roles of managers and audit committees when it comes to risk management functions.
The revised Framework contains minor amendments to remove references to state significant risks. This update does not introduce any additional requirements for departments or agencies.
The change in approach to state significant risk and the dissolution of the State Significant Risk IDC was approved by the Minister for Finance in April 2025, following a review undertaken by DTF in response to the Victorian Auditor-General’s June 2024 performance audit.
Detailed guidance, information and risk management support is available from the Victorian Managed Insurance Authority.
The revised Framework commences from September 2025 and is available below.
Updated