Since the agency’s formation in 2011, IHPA’s accountable authority has established a robust system of risk management and controls to assist in the governance of the agency.
The Pricing Authority delivers the functions defined in the National Health Reform Act 2011. The Pricing Authority approves IHPA’s core business activities — determination of the National Efficient Price and the National Efficient Cost for public hospital services annually, and building national classification systems for all hospital services. The Chief Executive Officer is responsible for IHPA’s day‑to‑day administration.
IHPA’s enterprise approach to risk management remains the administration of risk using tools that address the strategic and tactical risks of all significant decisions. IHPA updated its risk management framework and developed a detailed risk appetite statement in 2018.
Strategic risks are identified with reference to current business and environmental issues facing IHPA. These risks fall into three major risk categories:
- reputational risks
- data and information governance risks
- corporate risks.
Additionally, IHPA developed a shared Strategic Risk Register with the National Health Funding Body, which identified two risks that both agencies have agreed to manage jointly:
- incorrect calculation of Commonwealth funding entitlements
- changes to models that have not been effectively modelled and/or implemented.
IHPA’s strategic risks are actively managed through audits, assurance, and control processes. Where new risks emerge, resources are assigned to understand and manage those risks.
Tactical risks are managed through a decision-based risk management tool. This is a particularly useful process in regard to procurement, and information and communication technology risks, as it requires recording of the risk and a formal decision on the managed likelihood and consequence of the risk. The assessment tool forms part of any major decision, ensuring that the final decision maker is fully informed and cognisant of managed risk outcomes during the decision‑making process.
IHPA has a mature enterprise risk management framework in place, and risk management is considered a business‑as‑usual activity for all IHPA staff.
IHPA has a broad range of compliance obligations, including key statutory obligations set out in the National Health Reform Act 2011 and the National Health Reform Agreement, the Public Governance Performance and Accountability Act 2013, and the Public Governance Performance and Accountability Rule 2014.
Other legal and compliance obligations include, work health and safety, privacy, freedom of information, intellectual property, the Protective Security Policy Framework, website accessibility and records management.
The Chief Executive Officer as the accountable authority receives management assurances on IHPA’s compliance obligations through an organised system of controls and special exercises, including substantive testing, monthly reports, exception notifications, and compliance audits undertaken by an independent internal auditor.
Compliance achievements during the year include:
- IHPA was subject to review by the Australian National Audit Office as part of its performance audit on the “Australian Government Funding of Public Hospital Services — Risk Management and Data Monitoring and Reporting arrangements” along with the Department of Health and the National Health Funding Body. The audit made no negative findings or recommendations against IHPA.
- IHPA commissioned PricewaterhouseCoopers to review the implementation of its secure data management system. In October 2018, IHPA received a report that concluded the system was delivered on time and within budget, and met IHPA’s operational requirements. It also concluded that the secure data management system had been designed to meet all Commonwealth data security requirements, as well as IHPA’s local security and access requirements.
- IHPA’s internal compliance audits continue to show that information and communications technology systems were assessed as appropriately addressing the top risks defined by the Australian Signals Directorate.
- A review by independent auditors concluded IHPA’s management of its classification licensing product sales was effective, and that the environment in which they were managed was satisfactory.
- No compliance issues arising from IHPA’s administration of relevant sections of the National Health Reform Act 2011.
- No material compliance issues emanating from the Public Governance Performance and Accountability Act 2013.
As a corporate Commonwealth Agency, IHPA is not required to adhere to the Commonwealth Procurement Rules, but chooses to do so as a matter of best practice. All IHPA’s procurement decisions are made in accordance with the Commonwealth Procurement rules. Line managers have value and purchase class limits in accordance with the delegation of financial authorities that is approved and reviewed regularly by the Chief Executive Officer, as the accountable authority.
Audit, Risk and Compliance Committee
The IHPA Audit, Risk and Compliance Committee provides independent advice to the Chief Executive Officer on managing IHPA’s financial and business risk.
At 30 June 2019, members of the Audit, Risk and Compliance Committee comprised:
- Robert Butterworth, Chair and Independent member
- Angela Diamond, Independent member
- Alan Bansemer, Independent member
- Glenn Appleyard, Member of the Pricing Authority1.
Fraud control plan
IHPA’s fraud control plan is recognised as a critical internal tool used to mitigate the act and consequences of unauthorised use of IHPA data and financial resources. It was updated in October 2018 to incorporate changes to the Commonwealth Fraud Control Framework. The plan encourages ethical behaviour through use of business processes designed to prevent deceptive activities, supported by monitoring controls to detect fraud and deter offending behaviour.
Inter-agency financial activity
During the 2018–19 financial year, IHPA received shared services resourcing from the Department of Health.
The Department of Health charged IHPA $277,000 to provide these services covering treasury, processing of financial transactions, information and communication desktop services, and parliamentary support.
Ecologically sustainable development and environmental performance
IHPA does not undertake any substantive work that is covered by s. 516A of the Environment Protection Act 1999.