The view of risk management for the public sector is not greatly different to that of the private sector, despite the common perception that absence of the profit motive – and threat of business failure – necessarily implies a different approach.

Indeed, in the commonwealth public service, the nine elements of an appropriate level of risk oversight and management, with which public-sector entities must comply under the Public Governance, Performance and Accountability Act 2013, would not be out of place in any private company: the public-sector entities must establish a risk management policy and a risk management framework; define responsibility for managing risk; embed systematic risk management into business processes; develop a positive risk culture; communicate and consult about risk; understand and manage shared risk; maintain risk management capability; and reviewing and continuously improve the management of risk.