The Standards for VET Regulators 2015, made under section 189 of the National Vocational Education and Training Act 2011 (the Act), requires ASQA to implement a risk-based approach to regulation in order to:

  • Reduce regulatory burden for high-performing providers with a history of strong compliance, and
  • Increase regulatory action for those providers considered higher risk.

The Commonwealth Regulator Performance Framework (2014) requires ASQA to minimise impacts on the regulated community while effectively and flexibly managing risk, protecting the interests of the community and supporting the Australian economy. Proportionate, risk-based regulation is a requirement of this framework.

The primary risk for ASQA to manage is a Registered Training Organisation certifying that a person has competencies that do not reflect his/her skills, knowledge and attitudes. The potential damage flows not just to the individual, but to employers, and the wider community.


  • Non compliance with the relevant legislation, standards and guidelines resulting in poor student outcomes and complaints
  • Governance, financial viability and senior management responsibilities
  • Provider profile - eg. compliance history (dealing with audits, dealing with complaints, data provision requirements, payments to ASQA, submission of annual declarations etc.)

The outcome of this risk assessment is a rating for the provider of ‘somewhat concerning’, ‘concerning’, ‘serious’ or ‘very serious’. This will determine the level of ASQA’s response to the risk – a RTO with a poor compliance history is likely to receive a stronger regulatory response than a provider with a strong compliance history where the same regulatory obligation has been breached and the factors relevant to the case are similar.

The Basics of Risk Management

Risk is something that may have an negative impact on the achievement of RTO’s goals or objectives. Risk Management is an essential part of good business and management practices. ASQA’s Regulatory Risk Framework has been based on AS/NZS ISO 31000:2009 Risk Management Standard. The standard lays out the process for identifying, analysing, evaluating and treating risks and the ongoing monitoring to ensure changes are made and regularly assessed.

Risks to RTOs could come from any of the following management processes or systems:

  • The financial system - income. expenses, cash, assets, liabilities etc.
  • The compliance process - legal and regulatory
  • Physical assets - student facilities, computers, equipment etc.
  • Learning Management system
  • Student management system
  • Learning and assessment resources
  • Governance and leadership
  • Reputation

The above is just a sample of the type of management processes and systems that manager use to make everyday decisions which has a direct impact on risk.

RTO Risk Management

Risk management should be part of your vision & strategic plans. This will ensure your continual assessment of the risk that your RTO endures. Your risk management process could include the following process:

Step 1 : Establish the context

  • Critically look at yourself- Are you achieving the education outcomes goals? What are your student needs, are you catering for their diverse backgrounds and their welfare? How will this impact on us in the future?
  • Analyse changes in vocational education. Do a SWOT analysis - what are the strengths, weaknesses, opportunities and threats to your current situation. Ask yourself - What is happening and what is the government’s policy and priorities for the sector in the future?
  • Identify world best practice and benchmark your own performance
  • Identify your market segment and where you fit in - Do you want to change to advantage of an opportunity or stay ahead of the game.
  • Identify your business requirements including human, financial resources, physical resources etc. and ensure your planned vision is catered for?

Step 2 : Identify risk, analyse and evaluate risks and determine treatment options

In identifying risks to your RTO, ask yourself these questions:

  • What might happen to adversely affect your plans?
  • What are the key pitfalls for your vision and future plans?
  • What would be the impact on the RTO, staff or students?
  • What have I got in place in addressing the above (policies, procedures, documents etc.)?
  • Are the risks internal or external to your RTO?
  • When, where, why and how are risks likely to happen in your RTO?
  • Who might be involved or affected if an adverse effect happens?
  • Who is likely to be impacted? Who is involved?
  • What are the triggers and factors that could cause the adverse effect?
  • Analyse the identified risks and determining the likelihood of the event occurring and the consequence of it happening.
  • Prioritise your risks based on the likelihood and develop a plan to manage and monitor them risks according.
In treating the identified risks, You can:
  • Eliminate the risk (stop the activity or re-engineer the process)
  • Minimise the likelihood of the risk (use different equipment, provide protective materials to ensure injuries or loss remains at a minimum)
  • Reduce the consequences of the risk (provide training, use protective material etc.)
  • What have I got in place in addressing the above (policies, procedures, documents etc.)?
  • Split the risk (partner with another RTO, hire equipment to avoid costly breakdowns, get an insurance cover)

Step 3 : Develop a risk management plan and monitor and review the plan

Develop a risk management plan and monitor and review the plan

Although analysing, prioritising and identifying the treatment of the risks is critical, it is very important that you complete your risk process by building in key performance indicators, allocating responsibilities and planning resourcing strategies to ensure that you can work towards achieving your risk mitigation goals. You will also need to effectively monitor progress and adjust your approach as you progress in implementing your risk management plan. This is part is often overlooked in RTOs. Your risk management activities will only be effective if you regularly monitor your plan and keep thorough records.

Why you need us for your risk management

When assessing applications for registration and monitoring the compliance of registered training organisations (RTOs), ASQA uses a risk assessment approach based on the Risk Assessment Framework as set out in the section 190 of the National Vocational Education and Training Regulator Act 2011.

This framework sets out a risk assessment process for ASQA in making decisions about:

  • Assessing and responding to the risk of non-compliance by applicants against the VET Quality Framework,
  • Assessing and responding to the risk of non-compliance by RTOs against the VET Quality Framework, and
  • Monitoring the compliance of RTOs against the VET Quality Framework.

What we will provide/do for you

We will:

  • Advise you on the risk assessment process
  • Advise you on Risk indicators – Performance risk indicators contribute to the risk rating for an RTO
  • Advise you Financial risk indicators – indicators Of financial viability
  • Governance risk indicators
  • Advice you on Governance risk indicators – Quality of business planning, Transparency of ownership and management structure and Skills and experience of senior officers and directors Advice you on Supplementary risk indicators such as
    • The scope of the registration application
    • The delivery of training that leads to a licensed or regulated outcome
    • The RTO delivering training to overseas students studying in Australia
    • The RTO having multiple sites
    • The delivery of training offshore
    • Partnering or subcontracting arrangements
    • The RTO accepting fees in advance from students
    • The RTO delivering training to students under the age of 18
    • The mode of delivery
    • Compliance with and value of government training contracts.

Need more information? contact us!