05. Risk management

Last updated 8 August 2021

Understanding and managing risk is inherent to achieving our purpose and objectives as an organisation.

We have well-established systems of risk oversight and management that align with the Commonwealth Risk Management Policy and section 16 of the Public Governance, Performance and Accountability Act 2013. Our Enterprise Risk Management Framework promotes a consistent approach to the management of risk, embedded into day-to-day business practices. We identify and manage risk in the context of our performance, in line with our overall risk appetite, to make the most of opportunities, deal with threats, foster innovation and build a strong risk culture across the ATO.

The Enterprise Risk Management Committee has primary responsibility for maintaining a view of the system of risk oversight and management in operation. In conjunction with our Audit and Risk Committee, assurance is provided to the ATO Executive that risk is being effectively identified and appropriately managed throughout the organisation, with a strong focus on setting clear accountabilities and tolerances, and monitoring performance to ensure it remains within acceptable levels.

The following key risks and their corresponding drivers guide decision-making and help to shape our organisational priorities and initiatives.

Table 3: Key risks
Tax and superannuation administration
R1 Tax and superannuation performance in accordance with the law Maintaining overall tax and superannuation performance in accordance with the law may be impacted by our ability to ensure the performance of client segments remains within acceptable tolerances. We do this by fostering willing participation and dealing with those who do the wrong thing.
R2 Payment and debt performance Maintaining overall payment and debt performance may be impacted by volatility in economic conditions and government and community expectations, requiring ongoing calibration of client engagement and enforcement strategies, along with related performance targets.
R3 Influencing policy and law design The quality and administrability of the system may be impacted by shifting policy settings and our ability to influence policy and law design.
R4 Supporting our clients and the economy through the exit from the pandemic Our ability to support clients and the economy through the exit from the COVID-19 pandemic may be impacted by continuing environmental uncertainty and the need to support differing client circumstances.
R5 Managing a complex superannuation ecosystem Our ability to manage the superannuation ecosystem may be impacted by increasing complexity and heightened stakeholder expectations.
R6 End-to-end client service and case management Our ability to achieve end-to-end service and case management outcomes for the ATO and clients, may be impacted by the complexity of our internal operating arrangements and consistency of decision-making across functional and structural boundaries.

Organisational
R7 Managing cyberthreats Our ability to protect our organisation, clients and other partners from cyberthreats may be impacted by our ability to keep pace with the rapidly evolving digital ecosystem.
R8 Contemporary technology Our ability to keep pace with expectations may be impacted by the rapid changes in the IT environment, inherent capacity constraints and the need to continually balance future needs with short-term priorities and investment.
R9 Maximising the value of data Maximising the value of data may be impacted by our ability to uplift the organisation’s data and analytics maturity, capability, and associated infrastructure.
R10 Agile and sustainable resourcing Building and maintaining organisational agility may be impacted by our ability to build and retain skills and capability; existing business processes; and constraints in moving to a flexible work environment.
R11 Standards and ethical conduct Our ability to maintain organisational integrity may be impacted if our conduct, actions or decision-making do not conform with the law or align with staff or community expectations.
R12 Capacity and prioritisation Our ability to meet our government and organisational commitments and achieve our aspirations may be impacted by challenges in prioritisation and corresponding pressures on capacity, core capability and budget.

Organisational

R7 Managing cyberthreats

Our ability to protect our organisation, clients and other partners from cyberthreats may be impacted by our ability to keep pace with the rapidly evolving digital ecosystem.

R8 Contemporary technology

Our ability to keep pace with expectations may be impacted by the rapid changes in the IT environment, inherent capacity constraints and the need to continually balance future needs with short-term priorities and investment.

R9 Maximising the value of data

Maximising the value of data may be impacted by our ability to uplift the organisation’s data and analytics maturity, capability, and associated infrastructure.

R10 Agile and sustainable resourcing

Building and maintaining organisational agility may be impacted by our ability to build and retain skills and capability; existing business processes; and constraints in moving to a flexible work environment.

R11 Standards and ethical conduct

Our ability to maintain organisational integrity may be impacted if our conduct, actions or decision-making do not conform with the law or align with staff or community expectations.

R12 Capacity and prioritisation

Our ability to meet our government and organisational commitments and achieve our aspirations may be impacted by challenges in prioritisation and corresponding pressures on capacity, core capability and budget.

QC66539

05. Risk management

Tools

Tax information for

Help and support