You are here

Risk management

In compliance with the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and associated PGPA Rule, as well as the Commonwealth Risk Management Policy, the CEO has established an internal risk management policy. The Audit and Risk Committee provides independent advice and assurance on the risk management framework, ensuring risk management is effective and continues to support organisational performance. The CEO has also established a risk appetite statement to guide staff when making risk management decisions.

Austrade managers develop mitigation strategies and actions for identified agency risks, and changes to these risk profiles are reported to the Audit and Risk Committee and the Executive Committee on a quarterly basis (or as needed), along with any emerging risks. This assists in providing assurance to the CEO that agency risks are being managed appropriately and are closely monitored. Operational risks are identified in business plans, and mitigation strategies are documented. These risks are monitored by senior managers and discussed with the Audit and Risk Committee periodically.

Throughout 2017–18, Austrade continued to manage its exposure to risk and mitigate adverse consequences through the implementation of risk management principles and practices, as outlined in the Chief Executive’s Instruction on risk management, Austrade’s risk management policy and procedure, risk appetite statement and the corporate governance framework.

Austrade’s 2017–18 agency risk management plan was prepared in accordance with the risk management standard ISO 31000:2009 and the Commonwealth Risk Management Policy. The plan identifies risks with the potential to affect Austrade’s ability to achieve the objectives and priorities set out in its corporate plan.

Internal controls

The Audit and Risk Committee and Austrade’s internal audit service provider have both noted the mature nature of the agency’s internal control framework. The main features include:

  • policies and procedures, including Chief Executive Instructions, that support compliance with legislative and administrative requirements
  • a positive compliance and management environment supported by an effective schedule of delegations
  • an effective internal audit function that includes both performance and compliance audits
  • an effective risk management framework, including fraud controls, risk management plans, security and business continuity management, and disaster recovery plans
  • compliance with the Australian Public Service Values and Code of Conduct and the PGPA Act
  • monitoring controls through effective planning at the corporate, operational and business unit levels, and ongoing budget management
  • accountability mechanisms, including reports, reviews and individual performance management arrangements.

Each year, all staff complete mandatory Austrade corporate policy refresher modules to keep staff informed and aware of current corporate policies and procedures.

Internal audit

Austrade’s internal audit function is undertaken independently from the business areas subject to audits and seeks to improve Austrade’s operations. It is a major component of Austrade’s governance framework and helps Austrade to achieve its objectives by bringing a systematic, disciplined approach to risk management, improvement of controls, and the effectiveness of governance processes.

The activities of Austrade’s internal auditor are risk-based and detailed in an annual audit plan endorsed by the Audit and Risk Committee and approved by the CEO. All significant Austrade activities are considered to be within the ambit of internal audit. The internal audit plan seeks to coordinate internal audit activity with other assurance activities and mechanisms, including external audits.

During the year, a range of compliance and performance audits were undertaken by Austrade’s internal audit service provider, PwC. The internal auditor observed Austrade has a strong system of internal controls and operates within a mature control framework. The internal auditor did not identify any serious control breakdowns.

Fraud control

Austrade maintains fraud prevention, detection, investigation and reporting procedures that are compliant with the agency’s obligations under section 10 of the Public Governance, Performance and Accountability Rule 2014.

The last fraud risk assessment was completed by Austrade in May 2017 and the Fraud Control Plan 2017–19 was endorsed by the Audit and Risk Committee and approved by the delegate in June 2017.

Austrade’s corporate approach towards detected fraud is one of ‘zero tolerance’ and managing fraud risk to a level that is as low as reasonably practicable. This is consistent with the organisational risk tolerance guidance contained in Austrade’s corporate governance framework. The fraud control plan outlines how this will be achieved by ensuring that any potential fraud or instances of corruption against or within Austrade are minimised, rapidly detected, effectively investigated and appropriately managed, and any losses are recovered or mitigated.

In 2017–18, Austrade underwent an organisational capability assessment, with changes in reporting lines of programs and functions that may impact the way the agency complies with the Commonwealth Fraud Control Framework.

A full review of Austrade’s Fraud Control Plan 2017–19 will be undertaken in the second half of 2018 to ensure it aligns with and supports Austrade’s revised strategy and operations following the organisational capability assessment. The update will ensure the CEO and executive have clarity on the fraud risks, any changes to those identified risks, mitigation treatments and residual risks, noting that while the restructure has altered the reporting lines, the fraud risk profiles of the functions and programs remain the same.

The amended Fraud Control Plan will be provided to the Audit and Risk Committee for endorsement prior to seeking approval from the delegate in late 2018.

Anti-bribery activities

Austrade is at the forefront in advising staff and clients on strategies to deal with the risk of foreign bribery in many markets.

Since 2012, Austrade has delivered a targeted outreach program to Australian businesses, domestically and offshore, articulating the risks of bribery when conducting trade in high-risk, low-governance jurisdictions. The program is delivered in-country through Austrade’s network of overseas offices in conjunction with a variety of Austrade-hosted events, and in collaboration with local Australian chambers of commerce and partner agencies.

In March 2018, the Senate Economics References Committee tabled its report into measures governing the activities of Australian corporations, individuals and government entities with respect to foreign bribery. The report made 22 recommendations, seven of which are the subject of proposed legislation—the Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2017. Two matters—the maintenance of the facilitation payments defence, and the introduction of laws criminalising a ‘failure to prevent’ bribery—will be of particular importance to Austrade’s commercial clients.

Austrade is currently reviewing all staff training on the planned new legal requirements and adapting its outreach program to provide clear, practical, accessible materials to business via the Austrade website. The law is evolving and business will require a more practical contemporary response to this form of corruption. Austrade is necessarily involved in supporting this response due to its direct contact with commercial clients in jurisdictions where corruption is common.

Austrade will continue to play a central role in the Australian Government’s obligation to raise awareness of the evolving risks of foreign bribery with Australian businesses working overseas.

HTML version of this annual report converted and prepared by XiNG Digital Pty Ltd.