Risk management

Our risk management framework considers the legislative framework, Australian Government policy and our operating environment to identify and manage risks that may undermine our ability to achieve our objectives and meet our statutory obligations.

In 2019–20 our risk approach focused on:

• streamlining regulatory processes within the schemes we administer
• targeting resources towards areas of highest risk
• achieving organisational efficiencies, and
• delivering specific objectives of relevant legislation effectively and efficiently.

We continue to promote a strong risk management culture, by embedding our risk management framework into our business planning cycle and day-to-day operations.

Our risk management framework engages with risk in a positive and transparent way, consistent with the Commonwealth Risk Management Policy. This framework is updated biennially, and a risk report is provided to the Regulator Board every quarter.

Fraud prevention and control

Our Fraud and Corruption Control Plan provides assurance that we are managing identified fraud risks and complying with our obligations under section 10 of the Public Governance and Accountability Rule 2014 and the Commonwealth Fraud Control Framework.

Under our Fraud and Corruption Control Plan, we take a comprehensive approach to fraud risk and ensure all reasonable measures are in place to prevent, detect and address fraud. This includes:

• undertaking fraud control planning, monitoring and reporting
• conducting mandatory fraud prevention training with all employees
• maintaining internal and external reporting mechanisms
• collecting and analysing information and data to detect fraud
• receiving and analysing allegations from internal and external sources
• testing and analysing the effectiveness of fraud controls and, if necessary, making recommendations to strengthen controls to prevent and detect fraudulent activity, and
• investigating fraud, misconduct and unethical conduct and applying the appropriate criminal, civil, administrative or disciplinary action, in accordance with the Australian Government Investigation Standards.

Internal audit

Internal audit provides independent and objective assurance that the controls designed to manage risks and achieve our agency’s objectives are operating in an efficient, effective, economical and ethical manner.

The Internal Auditor is responsible for the efficient and effective operation of our internal audit function, reporting to the Chair through the General Counsel (Chief Risk Advisor) and the Audit Committee. Our agency’s internal audit service provider is KPMG.

Conflict of interest

We inform our staff about their obligations under the Public Service Act 1999, which requires employees to avoid actual, perceived or potential conflicts of interests. All employees and Regulator Board Members are required to complete an annual declaration of interest form. Compliance with this requirement is reported to the Audit Committee.

Business continuity

Our business continuity management framework is designed to prepare for, and respond to, a business interruption or outage.

In the case of a business disruption, the Management Response Team, led by the Chief Operations Officer, will enact the business continuity plan to ensure the timely resumption of critical business functions and restoration of agency operations.

Our business continuity framework is reviewed and tested annually to ensure it meets business requirements and assess our preparedness for a business disruption.