Skip to main content

Enterprise risk maturity case study

The Department of Corrections used the All-of-Government Enterprise Risk Maturity Assessment Framework to get an agency-wide view of risk maturity and target improvements.


In May 2016, the Executive Leadership Team (ELT) of the Department of Corrections took part in the trial of the All-of-Government Enterprise Risk Maturity Assessment Framework (gERMAF) using the online Self-Assessment Tool.

The results from this self-assessment survey provided ELT with an excellent source of information on where they saw the strengths and weaknesses of risk management across the organisation, enabling targeted improvement in certain areas.

Corrections used the gERMAF self-assessment survey again in October 2017, this time by 172 regional and frontline managers to understand their perspective on the organisation's current and target risk maturity levels.

Diagram 1: Overview of gERMAF

AoG Enterprise risk maturity assessment framework wheel diagram

Detailed description of diagram

This diagram is a wheel depicting the attributes of the All-of-Government Enterprise Risk Maturity Assessment Framework.

The attributes are grouped into 4 quadrants.

At the top of the wheel is the Leadership & Direction element which contains 3 attributes — Governance, Policy & Accountabilities; Culture, Innovation & Risk Appetite; and Continuous Improvement.

Moving clockwise on the right-hand side of the wheel is the People & Development element which contains 2 attributes — Roles & Responsibilities; and Resourcing, Skills & Training.

At the bottom of the wheel is the Processes & Tools element with 3 attributes — Risk Assessment & Mitigation; Assurance; and Risk Monitoring & Reporting.

Finally, on the left side of the wheel is the last element which is Business Performance with 4 attributes — Strategic Risk Management; Managing Risk in Partnerships; Business Resilience; and Change & Transformation.


Regional and frontline managers were provided with a link to the self-assessment survey as well as information about the tool and framework. They were asked to assess the organisation's maturity in the 12 core attributes from a national, department-wide perspective, not limited to their site or region.

The managers were encouraged to provide open and honest feedback, including comments to support their responses, so the results reflected a more accurate picture of risk maturity across the Department.


The self-assessment tool was easy to set up from an administrative perspective and delivered the following benefits to Corrections:

  • Allowed for easy comparison of results across multiple surveys (for example, comparing results from the ELT survey in 2016 with those of the regional and frontline managers in 2017).
  • Allowed for easy analysis of results across groups, sites, regions and management tiers.
  • Results were able to be imported to Microsoft Excel for further interrogation.
  • Identified areas of strength that can be celebrated and shared across Corrections.
  • Effectively showed the perceived maturity level currently and where staff believed the organisation should be striving to reach.
  • Provided the ability to target specific areas for improvement opportunities — from individual attribute scores to the gap between current and target maturity levels.


The All-of-Government Enterprise Risk Maturity Assessment Framework (gERMAF) enables agencies to assess their current level of risk maturity and identify ways they can improve.

All-of-Government Enterprise Risk Maturity Assessment Framework

Agencies can complete their assessment using the online AoG Self-Assessment Tool.

All-of-Government Self-Assessment Tool

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.