Go to top of page

4.7 Accountability and audit

External audit

Under section 98 the PGPA Act, the Auditor-General is responsible for auditing the financial statements of MIC. In addition, MIC’s annual report is tabled in Parliament and its financial accounts are lodged with ASIC.

As permitted by section 27 of the Auditor-General Act 1997 (Cth), the ANAO contracted KPMG in Sydney to assist with the conduct the audit on behalf of the Auditor-General.

The Audit and Risk Committee invites the external auditor to each committee meeting and papers for each meeting are provided to both the ANAO and KPMG, noting the following matters that the committee considers:

  • discussion of the external audit plans, identify any significant changes in operations, internal controls or accounting policies likely to impact the financial statements;
  • review of the results and findings of the auditor, the adequacy of internal controls and monitor the implementation of any recommendations made;
  • finalising annual reporting, review the preliminary financial statements prior to signoff and any significant adjustments required as a result of the external auditor’s findings.

MIC applies audit independence principles in relation to the external auditor.

In addition to annual financial statement audits, the Auditor-General is also responsible for auditing compliance with the performance standards prescribed for GBEs, in the circumstances outlined in the Auditor-General Act.

Certification by CEO and General Manager, Finance

Prior to the approval each year of the annual financial statements by the board of directors, the CEO and the General Manager, Finance, provide confirmation in writing that the statements represent a true and fair view of MIC’s operations and its financial position. The letter also includes representation to the board in respect of the adequacy and effectiveness of MIC’s risk management, and internal compliance and control systems.

Based on the evaluation performed as at 30 June 2020, the CEO and General Manager, Finance, concluded that: as of the evaluation date, such risk management, internal compliance and control systems were reasonably designed that the financial statements and notes of MIC are in accordance with the PGPA Act and the Corporations Act; and there are reasonable grounds to believe MIC will be able to pay its debts as and when they fall due.

Internal control framework

The board is responsible for the overall internal control framework and for reviewing its effectiveness. MIC’s internal control framework is intended to meet the objectives of:

  • ensuring completeness of financial reporting;
  • safeguarding the company’s assets;
  • complying with applicable laws and regulations;
  • ensuring effectiveness and efficiency of operations;
  • maintaining proper accounting records;
  • preventing, detecting and correcting irregularities;
  • identifying and mitigating business risks.

A number of internal controls have been implemented to provide for the accuracy of the financial statements and integrity of business systems.

These internal controls include the form of appropriate delegations of authority, a risk management framework, financial planning and reporting, strategic planning and operational policies and practices.

Risk management

MIC has a Risk Management Framework and continues to maintain and update a comprehensive risk register that captures the material business risks facing the company.

The Audit and Risk Committee oversees the Risk Management Framework, in particular:

  • the adequacy of policies and procedures for the oversight and management of material business risks;
  • the design and implementation of effective risk management and internal control systems for identifying, assessing, monitoring and managing MIC’s material business risk;
  • reporting to the board on whether those risks are being managed effectively.

Internal audit

During the year, the appointment of EY as internal auditor was extended for a 12-month term ending 30 June 2020.

An internal audit plan is presented to and endorsed annually by the Audit and Risk Committee. Outcomes of the internal audit reviews are provided to the committee for its review.

Business Improvement Programme

MIC has finalised its Business Improvement Programme, with training and improvements identified during implementation continuing.

Ethical standards and governance policies

MIC is committed to a culture of high ethical standards and accountable conduct. This includes creating and maintaining an open working environment in which its employees, directors and contracted service providers (and their employees and officers) are able to raise concerns regarding suspected unethical, unlawful or undesirable conduct or wrongdoing without fear of reprisal.

MIC’s Code of Conduct sets out the standards and behaviour by which MIC will conduct business.

Public Interest Disclosure Act

MIC is subject to the Public Interest Disclosure Act 2013 (Cth) (PID Act) and has adopted procedures to ensure the company supports and complies with the requirements of the Act. The purpose of the PID Act is to promote the integrity and accountability of the Commonwealth public sector by:

  • encouraging and facilitating the making of public interest disclosures of wrongdoing by current and former public officials (being employees and directors of MIC, contracted service providers and officers/employees of contracted service providers)
  • ensuring that disclosers are supported and protected from adverse consequences related to making a disclosure
  • ensuring that disclosures are properly investigated and dealt with. MIC supports reporting by staff at all levels.

MIC supports protecting those who make such reports from victimisation and discrimination. MIC recognises the value of transparency and accountability in its administrative and management practices. A summary of MIC’s procedures, the appointed MIC ‘authorised officers’ and how a disclosure under the Act can be made is on MIC’s website at www.micl.com.au/governance-and-policies.

No public interest disclosures were received or finalised in the reporting period.

Code of conduct

MIC aims to carry out its business in an open and honest manner, while complying with all applicable legislation and laws. MIC has a Code of Conduct, which outlines expected standards of behaviours that the company expects and which will foster a culture where ethical conduct is valued and demonstrated in day-to-day business, applying to all directors, employees and contract staff.

A copy of the Code of Conduct is located on MIC’s website at www.micl.com.au/governance-and-policies.

Equal opportunity

MIC’S Diversity and Equal Employment Opportunity Policy outlines MIC’s commitment to promoting diversity in the workplace. MIC seeks to provide opportunities regardless of age, gender, physical ability, ethnicity or indigenous background.

Whistleblower policy and fraud and corruption reporting

As a GBE, MIC is committed to applying and adhering to the standards outlined in the Commonwealth Fraud Control Guidelines 2011. MIC recognises the importance of providing a safe, supportive and confidential environment where people feel confident about reporting wrongdoing without fear of retaliation and are supported and protected throughout the process.

During the reporting period, MIC revised and enhanced its Whistleblower Policy. The policy responds to the requirements of Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth). MIC’s Whistleblower Policy and Public Interest Disclosure Policy are available on MIC’s website at www.micl.com.au/governance-and-policies.

The Whistleblower Policy provides a framework for escalating “reportable or disclosable conduct”. This includes conduct that is illegal, improper, unethical or in breach of the Company’s corporate policies. A whistleblower may make a disclosure under the Whistleblower Policy to their immediate manager, a designated senior executive or through an independently managed Whistleblower Hotline, which is managed by Your Call.

No public interest disclosures or reports pursuant to the Corporations Act were received in the reporting period.


MIC has a Privacy Policy that sets out how MIC employees, contractors and consultants must manage any personal or sensitive information to comply with the requirements of the Privacy Act 1988 (Cth), as amended. The Privacy Policy is reviewed periodically. A copy of the policy is on MIC’s website at www.micl.com.au/governance-and-policies.