Searchshow menu

Risk Oversight and Management

Risk oversight and management is an integral part of Comcare’s business, which drives and supports Comcare’s ability to effectively deliver on its four purposes. The following section outlines Comcare’s approach to risk management over the life of this Corporate Plan (2017 to 2021).

The Executive Committee is responsible for monitoring the organisational risks and maintaining our Strategic Risk Register. Comcare has identified seven strategic risks and nine fraud risks. The Audit and Risk Committee provide external oversight, ensuring compliance with the processes applicable to Comcare’s risk management framework.

In our approach to risk oversight and management, our four business groups identify risks that are relevant to their dynamic operating environment. The appropriate management of these risks relate directly to achieving our four purposes. These business groups’ risks are identified within their respective Business Risk Registers, which link into Comcare’s Strategic Risk Register.


Purpose 1: Leading insurer

Comcare is focused on delivering sustainable management of the fund. As the leading insurer, we are exposed to significant strategic and financial risks through the underwriting (pricing) and investment functions. Comcare manages these current and future risks through separate policies that:

  • inform and frame risk-based decision making (which would include quantifying the risk and risk tolerance)
  • ensure oversight through the Finance and Investment, and Executive Committees
  • seek continuous improvement to current underwriting and investment practices.

Purpose 2: National regulator

Comcare’s work as a national regulator is dependent on strong stakeholder relationships to deliver improved work health, safety and rehabilitation outcomes. As a result, it has high operational and reputational risks associated with its purpose. A national regulator must foster trust and confidence by ensuring its decisions are transparent, consistent, based upon legally sound principles, and clearly communicated. To ensure this, Comcare manages these associated risks through:

  • consistent application of defined process and procedures
  • staff capability, knowledge and tools
  • appropriate technology support of regulatory functions
  • monitoring of changes in notification and injury trends, and responding to changing workplace environments.

Purpose 3: Excellence in scheme management and design

As scheme manager, we are committed to achieving sustainable and better practice national schemes. The delivery of affordable and sustainable schemes is dependent on managing both reputational and financial risks as Comcare refines the scheme’s design and implements new improvements. Comcare manages risks in this area by:

  • assessing data for trends in injury and illness
  • monitoring the performance of the scheme
  • implementing impact assessments of acts (or omissions) on different scheme participants and performance outcomes.

Purpose 4: Efficient and effective operations

Key to delivering on our outcome is continuous improvement in efficient and effective operations. This is driven through strategic advice that effectively enables the delivery of business outcomes, and the streamlining of business systems, process and practices.

Not achieving this purpose presents financial and compliance risks to Comcare and its effective delivery of our purposes. These risks are managed through:

  • ongoing review of current and future business needs to assess resourcing requirements
  • continuous improvement through review and audit of Comcare’s policies and processes
  • clarifying roles and responsibilities in the context of our strategic capability as per our People Plan.

Comcare manages risk to ensure all its activities are consistent with Comcare’s objectives, proper use of public resources, and appropriate performance and conformance measures.

Comcare’s Risk Management Framework drives and supports Comcare’s ability to monitor these risks to its purposes, clearly articulating risk-related roles and responsibilities. Additionally, it tracks the implementation of the controls implemented to manage identified risks.

Comcare’s positive risk culture is evident through individual activities and projects where Comcare’s risk tolerance is defined early in their development and communicated to all relevant stakeholders. However, Comcare will not tolerate risks which could expose it to unacceptable harm to our financial position, regulatory authority, programs, reputation, stakeholder relationships, legislative obligations and the health and safety of our staff.

Comcare has established a quarterly review cycle that continually scans the external and internal environments to identify emerging risks. The Audit and Risk Committee provides oversight of the framework reporting directly to the Chief Executive Officer. Comcare is monitoring emerging risks arising from stakeholder influence, policy direction and continuous improvement in our service delivery.

Improving staff capabilities in risk identification and management with comprehensive training, a Risk Management Network and ensuring a continuous improvement approach through our review cycles contribute to our positive risk culture.

Page last updated: 17 Jul 2017