Part Three
Management and accountability
Risk management
Throughout 2013–14, Austrade continued to manage its exposure to risk and mitigate adverse consequences through the implementation of risk management principles and practices, as outlined in the Chief Executive’s Instruction on risk management and the corporate governance framework.
The Agency Risk Management Plan 2013–14 was prepared in accordance with the risk management standard ISO 31000:2009. The plan identifies key risks with the potential to affect Austrade’s ability to achieve the objectives and priorities set out in its corporate plan.
Risks identified in the plan covered strategic risks, including the evolution and development of services; models and channels to meet contemporary needs; transitional processes, such as the transition of the Tourism Division to Austrade from the former Department of Resources, Energy and Tourism; and operational and corporate risks, including a range of security risks, and issues such as effective business continuity and emergency management.
Austrade managers develop mitigation strategies and actions for identified agency risks, and report progress against these mitigation strategies to the Audit and Risk Committee on a quarterly basis. This assists in providing assurance to the CEO that risks are being managed and monitored.
Austrade continues to participate in the Comcover Benchmarking Survey. Austrade’s participation has achieved year-on-year improvements (Table 19), and the agency continues to have a risk maturity rating of ‘structured’.
2011 | 2012 | 2013 | 2014 | |
---|---|---|---|---|
Rating (on scale of 1 to 10) | 7.2 | 7.4 | 7.7 | 7.9 |
Internal controls
The Audit and Risk Committee and the internal auditor have noted the mature nature of Austrade’s internal control framework. The main features of the internal control framework include:
- policies and procedures, including Chief Executive’s Instructions, which support compliance with legislative and administrative requirements
- a positive compliance and management environment supported by an effective schedule of delegations
- an effective internal audit function that seeks to appropriately balance performance and compliance audits
- an effective risk management framework, including fraud control, risk management plans, security and business continuity management and disaster recovery
- compliance with Australian Public Service (APS) Values and Code of Conduct and the Financial Management and Accountability Act 1997
- monitoring controls through effective planning at the corporate, operational and business unit levels, reviews of business units and ongoing budget management
- accountability mechanisms, including reports, reviews and individual performance management arrangements.
Fraud control
Austrade maintains fraud prevention, detection, investigation and reporting procedures and processes that are compliant with the Commonwealth Fraud Control Guidelines.
A revised fraud control plan, effective from 2013 to 2015, has been endorsed by the Audit and Risk Committee and is consistent with the Australian standards applying at the time of endorsement (AS/NZS ISO 31000:2009 Risk Management and AS 8001:2003 Fraud Corruption and Control). A principles-based ethics and integrity approach underpins the strategies of awareness, prevention, identification, reporting, prosecution and continuous improvement.
This approach includes an anti-bribery and corruption awareness programme for all staff and a review of the fraud control plan following the integration of the Tourism Division within Austrade. An Austrade all-staff fraud awareness survey was conducted in December 2013.
Internal audit
The activities of Austrade’s internal auditor are defined by an annual internal audit plan endorsed by the Audit and Risk Committee and the CEO. All significant Austrade activities are considered to be within the ambit of the approved internal audit. The internal audit plan seeks to coordinate internal audit activity with other assurance activities and mechanisms, including external audits and ANAO better practice guides.
During the year, 20 compliance and performance-based audits and reviews were undertaken by Austrade’s internal auditor, PricewaterhouseCoopers, which observed that Austrade has a strong system of internal controls and operates within a mature control framework, and noted that no serious control breakdown had been identified.