(1) AMSA is an ineffective regulator

Residual risk: Moderate

Risk Appetite & Tolerance (Note 2)

Regulatory approach

Gradient arrow with a bar spanning from red to green

Key mitigation strategies (controls) are monitored through AMSA’s internal audit program and integrated management system, established regulatory scheme, ship inspection program, effective national network of aids to navigation and other navigational services and ongoing engagement with industry. AMSA has a regulatory plan, policies and an annual compliance program.

Risk tolerance statement:

We have low tolerance for regulatory approaches that are inconsistent with our mandated obligations under the AMSA Act 1990. We have low to moderate tolerance for risk in the pursuit of innovative regulatory approaches, for example alternative means of compliance – consistent with our Act and Statement of Regulatory Approach 2022

In very specific instances, we have moderate to high tolerance for the application of contemporary and potentially ground-breaking regulatory approaches (including research) that allow us to respond dynamically to changes in our operating environment.

(2) AMSA does not respond effectively to significant incidents resulting in avoidable loss of life, environmental damage or harm to the community, critical infrastructure and socio-economic resources

Residual risk: Moderate

Risk Appetite & Tolerance

Search and Rescue

Gradient arrow with a bar spanning from red to orange

Key mitigation strategies include National Response Capability Statement and National Plan for Maritime Environmental Emergencies, real time maritime and aircraft positional information system for identifying assets for emergency response purposes, mature incident management arrangements, maritime safety and distress communication services and 24/7 operation of response centre.

Risk tolerance statement: 

We have low tolerance for practices which jeopardise the outcomes of our search and rescue operations – saving lives. We have low tolerance for risks associated with the conduct of search and rescue operations by our contracted panel providers, recognising that the nature of those operations pose an inherent risk to our contractors, their staff and the public. We prioritise training and awareness for our search and rescue staff, contractors, and stakeholders to minimise this risk. 

We have low to moderate tolerance for providers we use on a non-panel tasking basis. Non-panel tasking carries increased risk as the assets have not been specifically assessed prior for suitability for search and rescue. However, this risk is balanced against saving lives – and we have several specific controls in place to minimise the risk.

(3) AMSA does not effectively engage with customers and stakeholders, including those with influence (such as Ministers and high-profile industry leaders)

Residual risk: Moderate

Risk Appetite & Tolerance

Relationship management

Gradient arrow with a bar spanning orange to yellow

Key mitigation strategies include Service Charter, review of consultative bodies, IMO work program, increased regional presence/footprint, AMSA Connect telephone service, Customer issue management via CRM, regulatory customer experience feedback (informal and online/phone), periodic AMSA communications, social media/websites, stakeholder consultative forums, public and community engagement initiatives.

Risk tolerance statement: 

We have a moderate tolerance for risk as we nurture and develop our relationship and reputation with stakeholders. 

We acknowledge that we will be subject to ongoing scrutiny, particularly from National System stakeholders. 

We are not adverse to criticism.

(4) Ongoing funding arrangements for the National System are not resolved by Government and/or AMSA is not able to demonstrate efficient costs to administer the National System to the satisfaction of government resulting in an ongoing shortfall of funding

Residual risk: High

Risk Appetite & Tolerance

Financial

money icon

Key mitigation strategies include Activity Base Costing, Section budgets and Executive reporting, Portfolio Board and Portfolio Working Group, P3M arrangements. 

Risk tolerance statement:

We have low tolerance for a systemic breakdown of financial controls, cash mismanagement or material errors in financial reporting. Acknowledging that the introduction of innovative practices and ways of thinking can increase risk initially, we have low to moderate tolerance for financial risk in pursuit of improvement. We recognise that the Commonwealth is operating in a constrained financial environment, and that we are under increasing scrutiny to justify our costs and cost recovery arrangements to stakeholders. We must accept some risk to deliver improvements, while continuing to deliver our outputs and outcomes.

(5) Fail to maintain a safe work environment

Residual risk: Low

Risk Appetite & Tolerance

People

people icon

 

Key mitigation strategies include AMSA work health safety management plan; remote working policy, guidance and checklist; fatigue risk management initiatives; bullying and harassment protections; diversity objectives; and regular meetings of the Health Safety and Environment (HSE) Committee; certified quality management system, ongoing training and awareness; and employee wellbeing program. For COVID, key mitigation strategies include AMSA pandemic plan, Divisional Business Continuity Plans, and the AMSA COVIDsafe Plan. 

Risk tolerance statement:

We have no tolerance for poor workplace safety practices - particularly those which adversely affect the health, safety and well-being of our employees. We have rigorous systems to ensure that our employees’ health and wellbeing is protected.

(6) Ineffective internal systems of control 

Residual risk: Low

Risk Appetite & Tolerance

Governance & compliance

tick icon

 

Key mitigation strategies include independent Fraud and Corruption Control risk assessment and plan, HR & payroll system (Aurion) and internal audit program, governance, compliance, assurance and reporting framework, Accountable Authority Instructions, certified standards management system, financial delegations, system of risk oversight and management, involvement in relevant Commonwealth communities of practice/working groups and ongoing training and awareness. 

Risk tolerance statement: 

We have low tolerance for breaches of our general legislative obligations as a corporate Commonwealth entity. We must be able to demonstrate conformance with our statutory obligations under general legislation. We accept that accidental and non-systemic breaches may occur, but these must be followed by appropriate corrective action.

(7) AMSA fails to have the right capability to respond appropriately to the changing environment

Residual risk: Moderate

Risk Appetite & Tolerance

People capability and capacity

brain icon

 

Key mitigation strategies include annual review of the work program, strategic workforce plan and capability framework, digital plan, disaster recovery plans and testing, Information and Data Governance Committee, Lessons Board, Interim PMO, AMSA’s Futures Program and Future Capability Program.

Risk tolerance statement: 

We have a moderate tolerance for risk in our approach to recruiting, developing and engaging staff.

We understand that to compete and secure good candidates in a resource constrained environment we must develop more efficient and innovative ways to attract and retain staff