The Deputy Chief Executive Officer/Chief Operation Officer oversees AIATSIS’ risk management framework, which aligns with the principles of the PGPA Act and the Commonwealth Risk Management Policy.
Our Audit and Assurance Committee provides independent advice and assurance to the AIATSIS Council on the appropriateness of our accountability and control framework of risk oversight and management.
The framework provides a solid foundation for ensuring a consistent approach to the identification, treatment and monitoring of risks by all staff on an ongoing basis. Documents that assist staff and management incorporate risk effectively into decision-making include our Risk Appetite Statement, Strategic Risk Assessment, Risk Management Policy and Human Resource Policy, and our Fraud Control Plan, Business Continuity Plan and Disaster Recovery Plan.
The AIATSIS Council’s Risk Appetite Statement reflects the acceptable level of risk- taking and tolerance to achieve a specific objective or to manage a category of risk. AIATSIS is committed to ensuring the incorporation of risk management into the culture and everyday business operations.
Business continuity management is integral to our risk management framework. It ensures careful planning to enable continuation or timely resumption of critical functions and eventual restoration to normal operations following a business interruption event. If a business interruption event occurs, our Business Continuity Management team is convened by the Chief Executive Officer. The team is the central point of communications and coordination for our response and recovery.
Our Internal Audit (IA) function is established under the authority of the AIATSIS Council. The Chief Audit Executive is responsible for managing IA effectively, while reporting to the Senior Executive Board and the Audit and Assurance Committee. Our IA function provides independent, objective assurance designed to add value and improve AIATSIS operations. Through the IA Plan we strive to accomplish our objectives by taking a systematic, disciplined approach to evaluate and improve the efficiency and effectiveness of risk management, internal controls and governance. We currently contract Curijo to provide IA services along with other management-initiated reviews.