All entities should seek to strengthen the maturity (efficiency and effectiveness) of their risk management internal controls.
Our maturity model enables entities to identify the maturity level they want to achieve, and thus focus on key areas for development. The model also makes it easier to share better practices across the public sector.
Entities’ results of their self-assessments should also be reported to audit committees or other relevant oversight bodies.
We developed this model as part of our report Education 2022 (Report 16: 2022–23). It supersedes the original model the Queensland Audit Office developed as part of Results of audit: education sector entities 2015 (Report 18: 2015–16), where we assessed the maturity of universities' risk management practices.