Go to top of page

Corporate Governance Practices

Risk management

In 2019–20, the Office undertook a comprehensive internal review and update of its risk management policy and Framework, risk appetite statement, risk assessment matrix and associated resources. The revised policy and Framework will be implemented during the early stages of the 2020–21 period.

Our risk management framework comprises a formal policy and framework, identified enterprise risks which are addressed in a strategic risk register and risk appetite statement. Strategic risk reporting is undertaken quarterly.

The SLG regularly reviews strategic and operational risks as part of the business planning process. The Office also participates in the annual Comcover Risk Management Benchmarking Survey, which independently assesses the Office’s risk management maturity.

Additional oversight of our risk management is provided by the Audit and Risk Committee who provide the Ombudsman and SLG with independent practical guidance and support regarding risk management strategies and review of the office’s risk management policy and framework.

Business Resilience Management

In September 2019, Deloitte Australia completed an independent review of the Office’s previous Business Continuity Framework and Plan. An outcome of the review is that the Office adopted an integrated business resilience governance model that provides streamlined control processes for managing the various events that may impact its ability to perform critical functions, staff safety and technology systems.

This approach is captured in the Office’s overarching Business Resilience Policy and Framework and operational Enterprise Response Plan. The Senior Leadership Group is responsible for the oversight and review of these documents.

The Enterprise Response Plan was implemented to address the impact of the 2020 COVID-19 pandemic on the Office’s core functions and staff safety. The Office will continue to build upon its business resilience capabilities in response to this event.


In developing and maintaining the Office’s websites, we use the World Wide Web Consortium (W3C) Web Content Accessibility Guidelines (WCAG) 2.0 as the benchmark.

Our online services are compliant with WCAG 2.0. Management of the website includes authoring tools to check for accessibility issues and compliance reporting, and graphic design which uses high contrast and a simple presentation of content to assist readability.

Ethical standards

Our Office promotes high ethical standards and behaviours by our staff. We provide information to our staff on the Australian Public Service Commission’s Ethics Advisory Service and we have an Ethics Contact Officer available to staff. Our Intranet contains information about:

  • APS Values and Code of Conduct
  • workplace discrimination, bullying and harassment
  • conflict of interest
  • acceptance of gifts and hospitality
  • procedures for determining breaches of the Code of Conduct
  • procedures for facilitating and dealing with public interest disclosures relating to the Office.

Employee Performance Development Agreements contain the following mandatory behaviour: ‘In undertaking my duties I will act in accordance with the APS Values, Employment Principles and APS Code of Conduct.’

The induction handbook for new starters provides appropriate information on the APS Values, Employment Principles and APS Code of Conduct, including information on the Australian Public Service Commission's Ethics Advisory Service.

Fraud Control

The Office’s fraud control strategies comply with the Commonwealth Fraud Control Framework 2017 and the legislative requirements of the PGPA Act.

The Fraud and Corruption Control Plan and the Accountable Authority instructions provide the foundations of the Office’s fraud control framework. The Office conducted its biennial review of its fraud control framework in 2019–20 to ensure that the Office’s Fraud and Corruption Control Plan and Fraud Risk Assessment are current, support and inform staff behaviours and minimise the risks of fraud within the Office.

The Fraud and Corruption Control Plan identifies the Office’s fraud risks and details the measures in place to prevent, detect and respond to fraud and corruption against the Office.

All fraud allegations are reported to the Ombudsman and the Audit and Risk Committee and fraud investigations are outsourced as required. An investigation into one incident of potential fraud was finalised in 2019–20. While the investigation did not proceed on the basis of available evidence, the Office has reviewed and strengthened processes and procedures to mitigate the potential for similar incidents in the future.

Throughout October and November 2019, compulsory fraud and corruption awareness training sessions were delivered to ensure staff awareness and understanding of their fraud and corruption responsibilities, liabilities and reporting requirements. Fraud and corruption resources and references are available to all staff on the Office intranet.