The AIHW Board continued to review and refine its Risk Management Framework (RMF). An independent consultant conducted workshops with members of the AIHW Board, the Risk, Audit and Finance Committee and senior executives to update the RMF and develop a Strategic Risk Profile (SRP).
Improvements to the RMF included: enhancement of policy objectives, articulating risk governance including responsibilities and accountabilities, embedding the role of the AIHW Ethics Committee, refinement of risk appetite and tolerances and the development of new templates for risk assessment and reporting.
Eight strategic and high-level operational risks were identified in the SRP. These are:
- breach of cybersecurity
- externally driven disruption
- major project failure
- growing pains
- preparedness of IT systems to handle very large, complex data sets
- data governance and privacy
- key person risk
- loss of reputation with stakeholders.
The updated RMF and new SRP will be implemented in 2019–20.
The AIHW Fraud Control Plan 2017–19 adopts a proactive approach to minimising the potential for instances of internal fraud. It contains appropriate fraud prevention, detection, investigation, reporting and data collection procedures and processes to meet our specific needs and ensure compliance with the Commonwealth Fraud Control Guidelines.