External audit

Under section 98 the Public Governance,Performance and Accountability Act 2013, theAuditor-General is responsible for auditing the financial statements of MIC. In addition, MIC’s annual report is tabled in Parliament and its financial accounts are lodged with ASIC.

As permitted by section 27 of the Auditor General’sAct, the ANAO contracted KPMG in Sydney to assist with the conduct the audit on behalf of the Auditor-General.

The Audit and Risk Committee invites the external auditor to each committee meeting and papers for each meeting are provided to both the ANAO and KPMG, noting the following matters that the committee considers:

• discussion of the external audit plans, identify any significant changes in operations, internal controls or accounting policies likely to impact the financial statements;
• review of the results and findings of the auditor, the adequacy of internal controls and monitor the implementation of any recommendations made; and
• finalising annual reporting, review the preliminary financial statements prior to sign off and any significant adjustments required as a result of the external auditor’s findings.

MIC applies audit independence principles in relation to the external auditor.

Certification by CEO and CFO

Prior to the approval each year of the annual financial statements by the board of directors, the CEO and the CFO provide confirmation in writing that the statements represent a true and fair view of MIC’s operations and its financial position. The letter also includes representation to the board in respect of the adequacy and effectiveness of MIC’s risk management, internal compliance and control systems.

Based on the evaluation performed as at 30 June 2019, the CEO and CFO concluded that: as of the evaluation date, such risk management, internal compliance and control systems were reasonably designed that the financial statements and notes of MIC are in accordance with the Public Governance, Performance and Accountability Act 2013 and the Corporations Act 2001; and there are reasonable grounds to believe MIC will be able to pay its debts as and when they fall due.

Internal control framework

The board is responsible for the overall internal control framework and for reviewing its effectiveness.

MIC’s internal control framework is intended to meet the objectives of:

• ensuring completeness of financial reporting;
• safeguarding the company’s assets;
• complying with applicable laws and regulations;
• ensuring effectiveness and efficiency of operations;
• maintaining proper accounting records;
• preventing, detecting and correcting irregularities; and
• identifying and mitigating business risks.

A number of internal controls have been implemented to provide for the accuracy of the financial statements and integrity of business systems.

These internal controls include the form of appropriate delegations of authority, a risk management framework, financial planning and reporting, strategic planning and operational policies and practices.

Risk management

MIC has a Risk Management Framework and continues to maintain and update a comprehensive risk register that captures the material business risks facing the company.

The Audit and Risk Committee oversees the Risk Management Framework, in particular:

• the adequacy of policies and procedures for the oversight and management of material business risks;
• the design and implementation of effective risk management and internal control systems for identifying, assessing, monitoring and managing MIC’s material business risk; and
• reporting to the board on whether those risks are being managed effectively.

Internal audit

In October 2016, the Audit and Risk Committee approved the appointment of Ernst & Young as internal auditor for a further three-year term.

An internal audit plan is presented to and endorsed annually by the Audit and Risk Committee. Outcomes of the internal audit reviews are provided to the committee for its review.

Business improvement program

MIC is currently undertaking a business improvement program. Some initiatives are in response to the comments raised in the ANAO’s second performance audit conducted in 2018, particularly in the areas concerning procurement, corporate expenses, credit cards, and the gifts and benefits program.

The Audit and Risk Committee is overseeing and monitoring the progress of the business improvement program. Once the relevant policies are developed, they will be introduced across the business, supported by appropriate training and reviews with the intention of fully implementing the programs by 30 June 2020.

Ethical standards and governance policies

MIC is committed to a culture of high ethical standards and accountable conduct. This includes creating and maintaining an open working environment in which its employees, directors and contracted service providers (and their employees and officers) are able to raise concerns regarding suspected unethical, unlawful or undesirable conduct or wrongdoing without fear of reprisal.

MIC’s Code of Conduct sets out the standards and behaviour by which MIC will conduct business.

Public interest disclosure Act

MIC is subject to the Public Interest Disclosure Act 2013 and has adopted procedures to ensure the company supports and complies with the requirements of the act. The purpose of the PID Act is to promote the integrity and accountability of the Commonwealth public sector by:

• encouraging and facilitating the making of public interest disclosures of wrongdoing by current and former public officials (being employees and directors of MIC, contracted service providers and officers/employees of contracted service providers);
• ensuring that disclosers are supported and protected from adverse consequences related to making a disclosure; and
• ensuring that disclosures are properly investigated and dealt with. MIC supports reporting by staff at all levels.

MIC supports protecting those who make such reports from victimisation and discrimination.

MIC recognises the value of transparency and accountability in its administrative and management practices. A summary of MIC’s procedures, the appointed MIC ‘authorised officers’ and how a disclosure under the Act can be made is on MIC’s website http://www.micl.com.au/publicinterestdisclosure-act-1.

No public interest disclosures were received or finalised in the reporting period.

Code of conduct

MIC aims to carry out its business in an open and honest manner, while complying with all applicable legislation and laws. MIC has a Code of Conduct, which outlines expected standards of workplace behaviour applying to all directors, employees and contract staff.

The Code of Conduct is reviewed periodically.

Equal opportunity

MIC’S Diversity and Equal Employment Opportunity Policy outlines MIC’s commitment to promoting diversity in the workplace. MIC seeks to provide opportunities regardless of age, gender, physical ability, ethnicity or Indigenous background.

Whistleblower policy and fraud and corruption reporting

As a GBE, MIC is committed to applying and adhering to the standards outlined in the Commonwealth Fraud Control Guidelines 2011. MIC recognises the importance of providing a safe, supportive and confidential environment where people feel confident about reporting wrongdoing without fear of retaliation and are supported and protected throughout the process. MIC has a Whistleblower Policy, Public Interest Disclosure Policy and a Fraud and Corruption Prevention Policy that support the company’s commitment to maintaining an open working environment which encourage disclosure of improper conduct without fear of intimidation or reprisal.

The Whistleblower Policy provides a framework for escalating ’reportable or disclosable conduct’. This includes conduct that is illegal, improper, unethical or in breach of the company’s corporate policies.

No public interest disclosures or reports pursuant to the Corporations Act 2001 (Cth) were received in the reporting period.

The Whistleblower Policy, Public Interest Disclosure Policy and Fraud and Corruption Prevention Policy are reviewed periodically.

Privacy

MIC has a Privacy Policy that sets out how MIC employees, contractors and consultants must manage any personal or sensitive information to comply with the requirements of the Privacy Act 1988 (Cth), as amended. The Privacy Policy is reviewed periodically.

A copy of the policy is on MIC’s website at www. micl.com.au/privacy-policy.