Certification of departmental fraud control arrangements

I, Glenys Beauchamp, certify that the Department has:

• prepared fraud risk assessments and fraud control plans;
• in place appropriate fraud prevention, detection, investigation, and reporting mechanisms that meet the specific needs of the Department; and
• taken all reasonable measures to appropriately deal with fraud relating to the Department.

Signed

Glenys Beauchamp PSM

September 2018

Fraud minimisation and control

The Department undertook audit and fraud control assurance activities that promoted and supported effective corporate governance. In 2017-18, the Department’s fraud risk assessment was updated with a focus on improving controls related to high fraud risk themes and activities. These included administered payments, regulation and information management. Implementation of the Program Assurance Committee further strengthens the Department’s fraud minimisation strategies. The Department’s overarching assurance framework also supported the ongoing provision of advice, support, monitoring and education.

The internal audits that were completed during 2017-18 covered and supported compliance with the Department’s control frameworks for: grant selection and approval; procurement; the regulation of medicinal cannabis and monitoring of prescription medicines; departmental budget and travel management; aged care prudential risk management; the collection and reporting of corporate performance information; and information system security, data management and data breach reporting arrangements. The completed internal audits also reviewed the delivery and performance of a number of key Commonwealth health initiatives, programs and systems.

During 2017-18 the Department:

• completed six audits from the 2016-17 Internal Audit Work Program, nine audits from the 2017-18 Internal Audit Work Program, one management requested audit, and three non-audit assessments. A further six audits from the 2017-18 Internal Audit Work Program were underway or pending completion as at 30 June 2018; and
• received 116 fraud allegations. 97 allegations related to external (program) fraud and 19 related to internal fraud/corruption. The Department centrally investigated two of these allegations, 57 allegations were referred internally to relevant business areas for compliance action and six allegations required no further action. A further 51 were referred to law enforcement or other agencies for review or action. The Department’s Fraud and Corruption Control Plan 2018–20 and website provides support to employees and members of the public for reporting concerns of fraud and corruption. In addition to the dedicated fraud team, the Department has in place program specific compliance teams that receive and respond to allegations of program non-compliance and fraud.

Certification for risk assessments and fraud control plans

Refer Certification of departmental fraud control arrangements (Fraud and risk certification)

Certification of appropriate mechanisms to address fraud

Refer Certification of departmental fraud control arrangements (Fraud and risk certification)

Certification of reasonable measures taken to deal with fraud

Refer Certification of departmental fraud control arrangements (Fraud and risk certification)

Corporate governance structures and processes

The Department’s corporate governance practices and processes play an integral role in ensuring Government priorities and program outcomes are delivered efficiently. In 2017-18, the Department introduced a range of initiatives to strengthen corporate processes including new governance structures and improved business and risk planning.

Senior governance committees

At the end of 2017, the Department announced new governance arrangements to streamline existing governance committees and strengthen Executive Board oversight of the Department’s performance (refer Figure 3.1.1 and Table 3.1.1).

The senior governance committees provide advice and make recommendations to the Executive on:

• organisational performance and leadership;
• excellence in program delivery and accountability; and
• development of high quality policy advice to the Government.

The Audit and Risk Committee delivers a series of accountability measures outlined in the Public Governance, Performance and Accountability Act 2013.

Audit and Risk Committee Membership

Audit and Risk Committee membership comprises an independent external chair, two independent external members and two senior executive members chosen from within the Department. The Committee met six times in 2017-18.

In 2017-18, the two departmental senior executive members were the Deputy Secretary of the Health Financing Group and the First Assistant Secretary of the Health Workforce Division.

As at 30 June 2018, the Audit and Risk Committee comprised the following independent membership.

Kathleen Conlon – independent external chair

Kathleen Conlon commenced as the Chair of the Department’s Audit and Risk Committee on 3 June 2015. Kathleen is a professional non-executive director, with 20 years’ experience at the Boston Consulting Group (BCG), including seven years as a partner. During her time at BCG, Kathleen led BCG’s Asia Pacific operational effectiveness practice area, health care practice area and the Sydney office.

Kathleen is a member of Chief Executive Women, and a non-executive Director of the REA Group Limited, Lynas Corporation Limited, Aristocrat Leisure Limited and the Benevolent Society. As a member of these boards, Kathleen currently chairs and serves on a number of committees. She has also previously served on the NSW Better Services and Value Taskforce, and was a senior reviewer for the Department of Communication’s Capability Review.

Jenny Morison – independent external member

Jenny Morison is a Fellow Chartered Accountant of Australia and New Zealand, with over 35 years of broad experience in accounting and commerce, including audit, taxation, management consulting, corporate advisory and consulting to government. Jenny has held numerous board positions, and has extensive experience as an independent member and chair of Audit Committees in the Australian Government. Her experience encompasses both large Departments and smaller entities.

Since 1996, Jenny has run her own business, providing strategic financial management, governance and risk advice within the government sector. Jenny has a Bachelor of Economics and is a Fellow of the Australian Institute of Management.

Steve Peddle – independent external member

Steve Peddle has more than 20 years senior management experience as a Chief Information Officer (CIO), Chief Technology Officer and General Manager, covering information and communication technology service delivery and senior general management.

Steve has gained experience in private, government and defence industries in the areas of computer design and engineering, applications development, strategic planning, outsourcing contract management, housing management services, digital broadcast video services, network security and operations service delivery. Steve is currently the CIO for the Australian Maritime Safety Authority.

Organisational Planning

The Department’s corporate governance agenda is guided by the Corporate Plan. In 2017-18, the Department strengthened oversight of program performance through the establishment of the Program Assurance Committee and continued to implement changes to align with the enhanced Commonwealth performance framework. Planning and risk processes are closely aligned to ensure each area’s priorities aim to meet our vision and objectives.

Our purpose

To support government and stakeholders to lead and shape Australia’s health and aged care system and sporting outcomes through evidence-based policy, well targeted programs, and best practice regulation.

Corporate Plan

The Corporate Plan is the primary planning document of the Department and is updated annually. It describes the Department’s current position, our purpose and the strategies we will pursue to achieve our purpose.

The four year horizon for the Corporate Plan outlines the Department’s medium-term direction to deliver on the Government’s health, aged care and sport agenda, including detail about significant activities, capability and risks.

The Corporate Plan has been prepared to meet requirements of the Public Governance, Performance and Accountability Act 2013 and the Public Governance, Performance and Accountability Rule 2014.

Risk management

The Department’s leadership team promotes and demonstrates an open and proactive approach to risk, by using risk management as a tool to assist in making business decisions.

During 2017-18, the Department revised the Enterprise Level Risks and the Enterprise Risk Appetite Statement. As part of the review, an additional risk theme was identified and added to support the divisions to meet their objectives. The risk themes are: Policy, Fraud, People, Regulation, Delivery, Governance, Information and Finance. Throughout the year, the Department continued to embed the Enterprise Risk Appetite Statement and increase the level of risk maturity.

The Risk Management Policy was also revised to align with the changing departmental environment and the Commonwealth Risk Management Policy. This allows the Department to remain adaptable to the shifting landscape of the Health portfolio and reflect departmental needs.
In 2018, the Department maintained its ‘Integrated’ level of maturity against the Comcover Risk Management Benchmarking Survey. The Department continues to improve risk culture and awareness, through positively engaging with risk.

Compliance reporting

There have been no significant breaches of finance law by the Department during 2017-18. The Department maintains a risk-based approach to compliance with a combination of self‑reporting and focused review. Any changes to this methodology are reviewed and endorsed by the Audit and Risk Committee. All instances of non-compliance are reported to the Audit and Risk Committee. The Department minimises non-compliance through training and publication of legislation and rules, delegation schedules and Accountable Authority Instructions, which are available to staff to inform decision-making.