Reflections from RMIA Risk Award Winners, Terri Ann James and Eli Goldberg

In 2024, it was a tie for RMIA's Risk Student of the Year. We celebrated the achievements of Eli Goldberg from Battleground and Terri Ann James from the Australian Taxation Office. Ahead of the final webinar in our Risk Award Winner series, we're sharing what Eli and Terri Ann have to say about their experiences nearly 12 months on from becoming RMIA Risk Award winners.

Congratulations on winning an RMIA Risk Award! Can you tell us about the project or initiative that earned you this recognition?

EG: Thank you! When I saw nominations open for the Risk Awards last year, I considered whether I should put myself forward. Typically, these awards have been won by people who’ve spent years in the industry and taken advanced courses. I wanted to be different, so I decided to apply for the Risk Student of the Year Award while still at university, driven by my passion for risk and resilience. Working and studying simultaneously at Battleground gave me the chance to expand my knowledge of risk and resilience consulting, all while completing my degree.

TAJ: I was recognised for my role in integrating a risk management framework within our group governance and decision-making processes, enhancing risk visibility among senior executives. My experience in the field of risk management includes development of a business level risk management framework, applying risk management processes to corporate and business projects, and development of operational frameworks used to respond during times of crisis.

How do you measure the success of your risk management strategies, and what metrics or indicators did you use in this instance?

TAJ: As the strategies were focussed on framework integration, we engaged our Internal Audit partners to provide advice and guidance on performance metrics. A suite of metrics was developed to assist us to embed the framework into our operations and evolve this over time to performance measures. These are aligned and connected to the relevant elements of the Commonwealth Risk Management Policy (CRMP) that came into effect in January 2023. A sample of these include:

Commonwealth Risk Management Policy

 Element 1: Risk management must be embedded into the decision-making activities of an entity.

• Metrics

• Number of strategic initiatives with risk treatment plans in “red status,” “yellow status” or “green status”​

• Number of risks aligned to key strategic projects and reported to Governance Committees

 Element 2: Entities must formalise their approach to the management of risk in a risk management framework.

• Metrics

  • % of risks operating within tolerance​ 

  • % of risks operating outside of tolerance and not reviewed before due date​ 

  • Average days risks operating out of tolerance​ 

  • Risk appetite reviewed and approved by relevant committee/risk owner​

 Element 8: Entities must maintain an appropriate level of risk management capability.

• Metrics

  • % of staff completing risk management training (risk owners and general staff)​

  • % of training with a feedback score of X or greater​

  • Employee feedback on risk training content quality and relevance​

We have been progressively identifying and testing these metrics, with the status forming a part of our risk reporting routine and supporting us to demonstrate conformance with CRMP, but more importantly encourage business to adhere to good risk management practice in the long run.​

How has this award impacted your approach to risk management or your career overall?

EG: Receiving this award has given me greater confidence to continue my studies and consulting work. It showed me that even as a junior professional, I can still make an impact in the field of risk and resilience. Many organisations believe you need extensive experience to excel, but I think innovation is just as important. This award is proof that regardless of your age or length of experience, being innovative can help you stand out and make a real contribution.

Can you share any strategies or practices that you think are often overlooked but are crucial for effective risk management?

TAJ: In today’s dynamic public sector environment, the ability to effectively manage and mitigate risks is crucial for ensuring the sustainability and successful delivery of efficient and effective services for taxpayers. Fostering an inclusive environment where staff feel safe and empowered to express their viewpoints without fear of negative consequences supports delivery of a positive risk culture. Encourage staff to actively engage in risk management by promoting appropriate risk assessments and responses. This fosters a culture of resilience and adaptability, where staff are engaging and managing risk in their day-to-day behaviours.

Looking ahead, are there any emerging trends or challenges in risk management that you’re particularly excited or concerned about?

EG: We’re seeing a growing link between risk and resilience, which used to be treated as separate areas. This shift gives us a great opportunity to use people’s skills more effectively. In the financial sector, for example, there’s a big focus on organisational resilience. Splitting my time between the UK and Australia, I’ve noticed Australia starting to follow the UK’s lead in prioritising this approach. With new regulatory requirements emerging and organisations looking to do more with fewer resources, I hope we continue to strengthen organisational resilience. Taking a unified view of risk and resilience ensures we’re better prepared for disruptions and can respond swiftly when issues arise.

How do you balance innovation with the need for risk control, especially in high-stakes environments?

TAJ: Risk management serves as a fundamental cornerstone for making informed and effective decisions. I value the structured approach it provides, which can be applied universally across various contexts. By anticipating and addressing uncertainties, we can either mitigate potential threats or make the most of opportunities. My focus has been on enhancing risk management practices by embracing evolution and innovation, leveraging technology and data, and fostering a culture of continuous improvement and adaptive thinking. Some of the key activities we have been progressing include establishing and testing approaches to assessing opportunity risk, and harnessing insights for strategic decisions by developing key risk and control indicators to monitor and assess increases in risk exposure that may impact achievement of our objectives.

What kind of support or resources do you think are essential for professionals working in risk management to achieve similar success?

EG: In the UK, around 70% of organisations have already adopted a governance, risk, and compliance (GRC) system that integrates resilience. This needs to become more common in Australia. Organisations are also beginning to explore process mapping, which helps them quickly identify and address affected processes during an incident. Having a tool that outlines these processes in real time allows an organisation to respond immediately, safeguarding customer satisfaction and overall objectives. Ultimately, organisational resilience is about reducing the likelihood and impact of disruptions so businesses can stay on track to achieve their goals. Implementing integrated GRC and resilience systems is a key step in that journey.