In 2019–20, the Agency developed its enterprise risk management framework, which sought to encourage a structured yet flexible risk management approach, based on sound judgement and the best information available. This enabled the Agency to identify, manage and derive maximum benefits from new opportunities in the pursuit of our purpose while effectively managing risks.
The framework supports the Coordinator-General to meet his duties under section 16 of the PGPA Act and complies with the Commonwealth Risk Management Policy. The Executive Director, Corporate and Governance was also appointed as the Agency’s Chief Risk Officer.
The Agency actively manages risks through systems, processes and strategies that are designed to respond to our operating environment, shape our activities and improve our capability. Our people are encouraged to identify and mitigate risks, and use risk management as a tool to make sound business decisions that support the achievement of our purpose.
Our risk management includes identifying areas of strategic risk which, if realised, could affect our ability to achieve our purpose. During the year, the Agency refined its Risk Strategy which presents the current risk profile including the strategic risks. It also articulates the risk appetite and tolerances for officials to use when making decisions about the day-to-day management of risks.
We identified three strategic risks to be monitored in 2019–20:
During the COVID-19 pandemic, the Agency implemented its Pandemic Plan, overseen by the CMT. The plan provided an enterprise-wide framework to manage the Agency’s response to the pandemic, including trigger points for action, and roles and responsibilities of staff. The key components were:
Preparedness—undertaking preparedness activities to reduce the impacts on staff and on the Agency during a pandemic.
Containment—preventing transmission, implementing infection control measures and providing services to people who are isolated or quarantined.
Maintaining essential functions— provision for business continuity in the face of staff or key service provider absenteeism.
Communication—ensuring communications meet business needs and were in line with whole-of-government messaging to inform staff of any changes to normal activities.
The CMT focused on determining the best course of action in a changing environment with a high degree of uncertainty and constant change. Working from home arrangements were put in place with guidance and resources provided to assist staff with workstation set-up, ergonomics, technology and wellbeing.
In line with the Agency’s risk framework, the Agency has a low appetite for risks related to the health and safety of its people. With this in mind, the CMT has been cautious to implement a full transition of staff back to the workplace. Since June 2020, on average 50 per cent of staff are working in the Brisbane and Canberra offices. RROs and outposted staff continue to work in their regions, meeting with stakeholders and their local communities where they can. This activity follows the advice and travel restrictions in place in each state and territory.
The Agency was able to ensure the continuity of its operations by working with relevant government agencies and other stakeholders.
The Agency takes a zero-tolerance approach to fraud and corruption. We encourage a culture characterised by the highest standards of integrity.
In 2019–20, the Agency established its Fraud Policy Statement and Fraud and Corruption Control Plan. The plan outlines the Agency’s approach to effectively prevent, detect, investigate and respond to fraud, consistent with section 10 of the PGPA Rule.
The Agency also undertook a fraud risks and controls assessment, which identified the key fraud risks for the Agency. The risk assessment is reviewed regularly through the Agency’s planning cycle, with the next review scheduled for November 2020.
To support our internal controls, the Agency has a fraud awareness strategy that includes mandatory induction training for new staff, followed by refresher training every two years. The training covers the Commonwealth Fraud Control Framework and how to identify, detect and report potential fraud. Training is undertaken online and through tailored face-to-face delivery to meet the needs of individuals.
Non-compliance with Finance Law
During 2019–20, there were no instances of non-compliance with finance law reported.