2019 Melbourne Design Awards

spaces, objects, visual, graphic, digital & experience design, design champion, best studio & best start-up, plus over 40 specialist categories

accelerate transformation, celebrate courage, growing demand for design

Key Dates

5 March - Launch Event
9 April - Standard Deadline
4 June - Extended Deadline
18 June - Judging
2 July - Rating Closes
4 July - Winners Announced
13 August - Awards Presentation

Risk Management Framework Tool [DRAFT]

Help us keep ratings fair

We ask for your email and name to reduce the occurence of people adding multiple ratings for the same entry


Project Overview

The Risk Management Framework Tool launched by CPA Australia in March 2019 is an online digital solution designed to assist members of the organisation working in public practice to create a working risk register for their business, which also meets the compliance requirement of the Professional Standard APES 325: Risk Management for Firms.

This tool was created as a result of the realigned member-centric strategy of CPA Australia, based on a demand from members for assistance to comply with the growing regulatory burden.

In the context of the increased focus on risk and compliance activities following the Royal Commission, and in an era of reduced public confidence, the release of tools such as this give members an opportunity to create a fundamental business asset. The ability to reduce the time spent on understanding and creating appropriate safeguards, in an increasingly complex regulatory environment, creates efficiencies which allow practitioners to focus their efforts on providing services to clients rather than attending to non-fee generating activities.


CPA Australia


Caroline Bancroft, Senior Manager, Strategic Operations - project manager

Craig Laughton, Executive General Manager, Policy, Advocacy and Public Practice - project sponsor

Josephine Haste, Policy Adviser, Ethics and Professional Standards - content subject matter expert

Caroline Karavias, Professional Standards Onboarding Manager - content subject matter expert

Katrina Nikitina, Digital Producer / Creative & UX Lead - visual design/user experience

Nathan Murphy - external developer (Subliminal Software)

Organisational support from Marketing, Technology and Digital Solutions and Quality Review business units.

Project Brief

“Complexity made simple”

Professional Standard APES 325: Risk Management for Firms was originally issued in December 2011, with an operative date of 1 January 2013, and meant accounting practices were compulsorily required to develop a risk management framework that included policies and procedures to identify, assess and manage key organisational risks.

At the time of issue, then APESB Chair Kate Spargo said: “A Risk Management Framework is a set of elements that provide the foundations and arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the firm.”
“We believe the standard will be of particular value to small-to-medium private practices in helping them to consider and manage the strategic and operational risks that come with running a professional practice.”

While the concept and impact of risk are well known and understood by accountants in practice, the absence of guidance within the standard as to how to institute practical measures to meet the requirements left many members feeling overwhelmed by the complexity of the process and unclear as to the tangible output expected, resulting in a broad spectrum of interpretation and resulting deliverable.

As a member-based organisation with a remit to provide support and guidance to members, an opportunity existed to creatively construct a resource to deliver on the requirements of APES 325 in an engaging, educative, interactive way, using digital technology as the distribution channel.

The challenge faced was how to make the complex appear simple.

Project Need

Accountants in practice face an ever-increasing regulatory burden while, at the same time, trying to build a sustainable and profitable small business. In a notoriously time-poor profession, any solution that can make compliance activities more efficient will not only be embraced by the membership but have the added benefits of protecting the public interest and providing a point of difference to the value proposition of the organisation.
Member compliance with regulatory requirements is assessed through CPA Australia’s Quality Review Program, the results of which show that members experience significant issues complying with APES 325. The standard requires comprehensive documentation regarding firm-wide systems and processes designed to assess and reduce the risks faced by the business.
CPA Australia previously provided extensive guidance to members regarding the creation of the required documentation. However, being in the format of guidance and explanatory material, this required a large time commitment to read, research and understand how best to design and implement the required framework.
Since the standard became operative members have repeatedly asked CPA Australia for further assistance in this area, for example in the format of a “template” risk register. As risk management is not a “one size fits all” exercise, the creation of a static template was not considered feasible, nor in the best interests of the membership.
The project deliverable was required to be tailorable, flexible to a user’s risk appetite and be intuitive enough to need neither training, nor the reading of lengthy instructions for use.

User Experience

User experience was critical to the success of this resource. A video, created by Sketch Group animations, was designed to set the scene, context and energy.
Scoping questions tailor the tool, provide user branding functionality, and create some mandatory statements required for compliance with the standard.
Drawing from CPA Australia-created content, the tool presents risks across several categories. The user assesses each risk using a sliding scale for likelihood and consequence, which determines a risk rating.
The rating leads the user, based on their risk appetite, to accept or take action to reduce the risk. Selecting action suggests various strategies or allows for entry of the user’s unique action or strategy. Risks can be eliminated or added by the click of a button.
All prepopulated risks need to be addressed before the user can create their documentation, ensuring the final deliverable is complete.
Multiple touchpoints with focus groups of members were embedded in the project plan; following the scoping stage to road test the concept, alpha-testing of the tool prototype and beta-testing of the improved tool close to its final version.
Risk rating functionality, pop-up boxes to focus the user on the risk under consideration and an easy-to-follow pathway were reconfigured based on feedback to improve the tool, ensuring the final deliverable provides value and a great user experience.
A feedback mechanism within the tool collects usability ratings and comments which will be used to refine and improve future user experience and tool content.

Project Marketing

The go-to-market strategy commenced with an EDM to all public practice certificate holders with an introductory content and a link to the landing page for the tool.

This was followed up in the following by a prominent link in the monthly newsletter to all subscribers to the InPractice e-newsletter.

Face-to-face demonstrations in each state and territory have been scheduled in the upcoming months, as history has proven this to be the most effective channel to achieve traction with members in this space.

Commentary collected of the early days following included:
- Well done. Very well thought out. My review is next week and it made a big difference to compare to my existing risk management manual
- It is great to see that CPA is finally doing what it was set up to do.....supporting its members ! Well done on assisting with what can be a difficult and complex area to work through.
- This should have been done years ago by CPA Australia - great idea !!!
- I saw a preview of this at the Public Practice Conference in Perth and was impressed with what I saw. This is easy to work with and provides good prompts and information. I have set up a reminder to update it in the future.
- The risk management framework is a great tool to go through and identify the many risks that could impact our accounting business.

Project Privacy

Members have an expectation that their practice data will be kept secure and confidential. While no personal data is required or requested to generate the deliverable, it was recognised that there may be sensitive information regarding a business owner’s perceived risks that should remain protected. To this end the data is housed behind the corporate single sign on log in authorisation. Penetration testing was performed to ensure data security.

This can be any new service or application from a start-up to an industry leader. It’s not just bells and whistles we're after but true innovation, exceeding expectations and filling a void that had previously been open.
More Details