Go to top of page

Internal processes for managing risk

The PGPA Act (section 16) provides that the Board ‘has a duty to establish and maintain systems relating to risk and control.’ The Board performed this during the reporting period by having oversight of the Risk Management Policy and reviewing risk and tolerance levels, performance reports, risk strategies and controls at every meeting. In addition, each year the Board holds a strategic workshop which includes consideration of current and emerging risks on ARPC’s role and its Risk Appetite and Tolerance Statement (RATS).

ARPC uses a risk matrix to estimate the likelihood and severity of incidents. These risks are reviewed by management before Board meetings and updated for continued relevance, or to record emerging risks identified by management and/or the Board.

ARPC’s control environment for governance, business continuity and security management continue to be refined to address emerging risks.

Processes implemented to manage risk include:

  1. Maintaining a Business Continuity Policy and Procedure. Staff access and test an alternative site up to three times per year. The site could be used if ARPC was unable to operate out of its Sydney CBD office. In addition, all staff are provided with the necessary tools to work remotely if required.
  2. Implementing a range of IT security measures.
  3. Having a deed of indemnity with each Board Member. In 2019-20, ARPC maintained and paid premiums for insurance covering members and senior executives against legal costs and other expenses that may be incurred in the performance of their duties. In compliance with the PGPA Rule (section 23), ARPC does not insure any ARPC officials against liabilities relating to breach of duty under the PGPA Act. The amount paid for Directors’ and Officers’ Indemnity Insurance in 2019-20 was $46,684 ($38,893 in 2018-19).
  4. Upon commencement, all ARPC staff and Board members are required to sign a confidentiality agreement which outlines their obligations relating to confidential information.