Standard 6: Risks

Standard 6 identifies and defines the key risks that may disrupt the delivery of your DIP. Briefly outline any existing or planned mitigation or controls for each risk. Risks may include funding, workforce, schedule, dependencies and technology

Operational risks

  • Describe the operational risks to your agency. This may include reliance on key vendors for example a single ERP provider for core enterprise platforms, workforce limitations or critical process dependencies.
  • Describe the impact on critical services or dependent agencies if these risks are realised.
  • Describe the mitigation or contingency measures that are in place or planned.
     

Technology risks

Describe key technology risks, including legacy systems, technical debt, and cyber security risks.

  • Essential Eight maturity and planned uplift initiatives.
  • Major legacy constraints and transition pathways.
  • Major ERP modernisation or replacement risks, where relevant.
  • Impact if realised and planned mitigations or controls. 

Your agency should note significant cyber security uplift initiatives or programs, and how they reduce identified risks. These initiatives may be shown as items on the digital roadmap, particularly where they are multi-year or relate to critical systems.

If your agency operates a System of Government Significance (SoGS) this information must be included. 
 

Glossary

Next page

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession