Risk-based regulation

Regulatory Risk Framework

Our Regulatory Risk Framework outlines how we identify and respond to risk in the vocational education and training (VET) sector. 

It explains the way we operate, what our processes are; how we make our decisions and manage compliance.

How we operate

Our Regulatory Risk Framework guides our regulatory commitment to:

• foster a culture that focuses on quality, continuous improvement through having robust systems to monitor and evaluate ongoing compliance with the Standards for providers
• an integrated risk-based management approach
• responding to non-compliance proportionately
• treat providers fairly and independently
• maintain meaningful and respectful relationships
• regulation that achieves quality outcomes and supports VET reforms. 

Our regulatory operating model

Our regulatory operating model explains how our Regulatory Risk Framework is activated.

Risk management is central to the way we regulate. We’re using intelligence and data more to identify priorities and track how providers perform.

Performance assessments

One of the ways we manage risk is through performance assessments (audits). A performance assessment tells us if providers meet their legal requirements under the standards and legislation.

The standards and legislation we assess providers against during a performance assessment are explained in What we assess.

A performance assessment is a two-way process. It’s designed to create conversations between us and providers and give them opportunities to respond and to return to compliance.

Learn more about the performance assessment stages and process.

Managing risk levels

We manage non-compliance based on the level of risk identified. This is a fairer and more transparent process for providers.

If we identify non-compliance, we consider the scale, impact and the provider’s commitment and capability to maintain compliance before we decide next steps. We also tailor our approach for providers who have a solid history of compliance with less scrutiny.

High-risk providers with a poor compliance record can expect closer scrutiny to return to compliance.

Reducing risk through education

Our focus on education is designed to empower providers to become self-assured and sustainable.

We’re supporting and guiding providers to recognise their own risks and create effective systems and processes to remain compliant.

Ways we manage risk

We manage risk by:

• integrating our regulatory processes for:
  • performance assessments
  • registration applications
  • education
  • compliance.
• using tools to identify non-compliant providers who present a risk
• gathering intelligence and using data effectively to make decisions
• measuring providers for risk exposure.

Our aim is to understand and respond to risk at two levels:

• provider risk
• systemic risk.

Types of risk we manage

Provider risk

Provider risk is about provider conduct that presents risk to the quality of education outcomes.

This is when a provider doesn’t comply with regulatory requirements and has poor quality training and assessment practice.

This type of risk includes student certification and competency risks. This is when a student gains a qualification, but doesn’t have the expected skills, knowledge or expertise required.

Systemic risk

Systemic risk is also known as strategic risk. It’s a risk to the entire sector or for a significant number of providers.

Systemic risk affects a specific type of qualification, course, or method of delivery.

We identify significant VET sector risks from a range of sources including:

• gaining information from key stakeholders and providers during consultation
• analysing key data sources, media monitoring and VET sector research.

We communicate openly with providers about risks we find. This helps providers to critically examine and improve their performance.

If we find a serious systemic risk in the VET sector we may conduct a strategic review.