The ACNC adopts the ATO’s Enterprise Risk Management Framework and risk tolerance.
We are:
- willing to accept higher levels of risk where there is a clear opportunity to realise benefits and where risks can be controlled to acceptable levels
- less willing to accept risk where it is not clear that benefits will be realised or where risks are unable to be controlled to acceptable levels.
Enterprise risks that affect our ability to achieve our vision and purpose are listed below, along with our strategies to contain these risks within acceptable levels.
Enterprise risk | Risk description | Risk management strategy |
|---|---|---|
Maintaining the accuracy of the Charity Register | To promote public trust and confidence, we must ensure the Charity Register only contains eligible charities. | We conduct risk assessments of all registration applications and review a sample of our decisions. We use a risk-based approach to review charities currently on the Charity Register. We support charities to ensure that the Charity Register is up to date. We use data analytics, risk profiling and public information to identify charities at highest risk of non‑compliance. |
Managing cybersecurity risks | To protect our IT systems from emerging cybersecurity threats that can result in data held by the ACNC being deleted, manipulated, or stolen, we must maintain appropriate safeguards. | We continue to enhance cybersecurity capabilities on ACNC systems, including prioritising security patches and updates, to ensure we better meet whole-of-government requirements. We actively manage the security settings of our website (including the Charity Register and Charity Portal) to ensure it is safe to use. |
Organisational capability | As a small agency, we must ensure that we attract and retain people with the right skills and qualities. | We must provide our staff with the tools they need to complete their job efficiently. We use contemporary recruitment strategies to ensure we find the people with the right skills. We continue to implement initiatives such as our Culture Vision and Census Action Plan. We constantly monitor our external environment to identify tools that can help our staff to complete their job more efficiently. |
Meeting whole-of-government requirements | As a Commonwealth body, we must uphold our roles and obligations within whole-of-government legal and policy frameworks. | We are committed to working with the ATO to maximise efficiency and meet whole‑of‑government requirements, such as the development of a corporate plan. We monitor the environment and use our relationships with our advisory and consultation forums, the ATO, Treasury and other government agencies to ensure we understand whole‑of‑government requirements |