1.25 The 2008-09 MPR identified that the implementation of the DMO Enterprise Risk Management Framework (ERMF) will be a challenging but necessary step for the DMO in its goal of improving project management.
1.26 The challenges identified by the ANAO included addressing:
● The significant gap between current risk management practices and those set out in the draft Enterprise Risk Management Framework; and
● Improving DMO's risk culture and establishing consistency in the level of support and leadership for risk management across the DMO.
1.27 Further, when highlighting the need for a cohesive IT system, the ANAO expected the adoption of the Enterprise Risk Management Framework at a whole-of-organisation level, including translation to the project level, to improve project management controls across the organisation.
1.28 During 2009-10, a revised DMO wide risk management framework was designed that enables better linking of the strategic, business, divisional and project level risks. An initial step taken this year was the identification of the lessons identified by external and internal audits undertaken in the DMO over the past five years.
1.29 The knowledge gained from the analysis of the findings, observations and recommendations formed the basis of understanding the first tranche of business level risks and their sources, and will inform a whole of DMO lessons identified methodology. This DMO-wide, risk based approach to the lessons identified methodology is designed to improve the standard of risk management across the DMO.
1.30 The following improvements in risk management within the DMO were undertaken in 2009-10:
● Addressed the recommendations in Ernst & Young's Internal Audit Report on the DMO Enterprise Risk Management Framework;
● Developed a Chief Executive Instruction (CEI) on Risk Management in the DMO; and
● Compiled controls for acquisition and sustainment activities into DMO risk management control.