All NSW public sector agencies are exposed to corruption risks. These risks can exist at all levels of an agency, in relation to all functions and activities, and can potentially involve any internal or external stakeholder.

If corruption does occur, the short and long-term consequences for the agency include:

  • loss of reputation
  • loss of public confidence
  • direct financial loss
  • wasted resources
  • the financial and resource cost of an internal and/or ICAC investigation
  • adverse effects on other staff and the morale of the agency generally.

The ICAC recommends a proactive risk management approach to corruption prevention by identifying corruption risks and then developing appropriate strategies to address these risks.

The risk management process

Risk management is an accepted part of good governance and many agencies already undertake some degree of risk assessment and management. Legislative and government policies and best practice guides require or encourage risk management by NSW public sector agencies. However, not all agencies include the risk of corruption in their risk management process. They should do so, because agencies have a public duty to minimise corruption and like other risks, corruption can affect an agency's ability to achieve its objectives.

The Australian Standard on Risk Management (AS/NZS ISO 31000:2009 – Risk management: Principles and guidelines) and the NSW Treasury guidance materials provide general information on risk management. The information provided here should be used as additional information to assist with identifying and treating corruption risks and is based on experience from ICAC investigations and research.

The importance of risk management for preventing corruption

A risk management approach to corruption prevention is appropriate because it helps to identify structural weaknesses that may facilitate corruption, provides a framework for all staff to take part in identifying risk factors and treatments, and embeds corruption prevention within a well-established governance framework.

All public sector organisations are exposed to corruption risks, and some functions (such as licensing) carry substantial risks that cannot be transferred or eliminated. Increasing public – private sector business relationships carry their own set of corruption risks.

A risk management approach is the most appropriate way to ensure that these risks are identified and effectively managed.

An agency that fails to mitigate corruption risks can also cause problems for other agencies. For example, if a fraudulent supplier is not dealt with then they may be employed by another agency.

Frequently asked questions

 Are corruption risks different to other risks?

Although corruption risks are basically the same as other risks, there are some general differences:

  1. Corruption is deliberate, not accidental.
  2. Public sector agencies generally have fewer choices in the management of their corruption risks than other risks. For example, public sector agencies cannot avoid the corruption risks of some functions by choosing to discontinue those functions, such as licensing.
  3. Public sector agencies cannot share or transfer corruption risks as  they retain ultimate responsibility for functions that are outsourced or shared with a private organisation.
  4. Some business relationships such as public-private partnerships can also bring further corruption risks to an agency, such as conflicts of interest. Public sector agencies must manage not only their own original risks but the risks associated with partnerships.

Can corruption risks be managed in the same way as other risks?

Yes, a risk management process can help to manage all risks. However corruption risks cannot be shared or transferred like some other risks. For example, an agency can take out insurance to protect itself against some health and safety risks.



  • AS/NZS ISO 31000: 2009 Risk Management - Principles and Guidelines, Standards Australia, Sydney 2009.

  • Commonwealth Fraud Control Guidelines, Australian Government Attorney-General's Department, Canberra, March 2011

  • Internal Audit and Risk Management Policy for the NSW Public Sector, NSW Treasury, Sydney, August 2009.

  • Risk Management Toolkit for the NSW Public Sector (TPP12-3) NSW Treasury, Sydney August 2012

Relevant websites

Related topics on the ICAC website