Show download pdf controls
  • 03. Enterprise risk management

    Actively identifying and managing risk is inherent to the achievement of our purpose and objectives as an organisation.

    We have well-established systems of risk oversight and management that align with the Commonwealth Risk Management Policy and support our compliance with section 16 of the Public Governance, Performance and Accountability Act 2013.

    Our strategic risks are aligned to our purpose and aspirations, reflect themes in our external environment and guide decision-making across the organisation.


    • Environmental risk themes – Diminishing trust in large institutions
    • Strategic risks – Our ability to maintain the integrity and fairness of the tax and superannuation systems, and influence their design, may impact on trust and confidence.


    • Environmental risk themes – Increasing citizen expectations of government services
    • Strategic risks – Our ability to deliver a well-designed end-to-end client experience, that meets expectations, may impact willing participation.


    • Environmental risk themes – Workforce shifts and competition for talent
    • Strategic risks – Our ability to build and retain necessary skills and capability may impact on our efforts to transform our workforce and support evolving needs.


    • Environmental risk themes – Security and privacy in an increasingly data-driven world
    • Strategic risks – Our ability to improve the way we operate – leveraging data and technology while maintaining its integrity – may impact on our vision for tailored and contemporary service.


    • Environmental risk themes – Pressure to demonstrate effectiveness and deliver more with less
    • Strategic risks – Our ability to drive efficiency and effectiveness, while continuing to innovate and deliver change, may impact on our aim for sustainable business excellence.

    ATO risk appetite

    As an organisation, we recognise that positive engagement with risk is necessary to make the most of opportunities, deal with threats, foster innovation and build a strong risk culture throughout the ATO. In doing this, we are:

    • willing to accept higher levels of uncertainty where there is a clear opportunity to realise benefits and where risks can be controlled to acceptable levels
    • less willing to accept uncertainty where it is not clear that benefits will be realised or where risks are unable to be controlled to acceptable levels.
      Last modified: 31 Jul 2019QC 59712