14. Risk Management and Internal Accountability

14.1 Introduction

This Chapter deals with risk management and internal accountability policy and procedures. It covers the department's risk management plan, discusses the operation of the Audit and Risk Committee and outlines the responsibility of departmental officials to act ethically and to report suspected fraud and misconduct.

The FMA Act requires agency Chief Executives to manage the affairs of the Agency in a way that promotes proper use of the Commonwealth’s resources for which the Chief Executive is responsible. Proper use means the efficient, effective and ethical use of the Commonwealth's resources. To facilitate this the Secretary has implemented a risk management strategy, has made the Chief Finance Officer and Finance Managers responsible for implementing procedures and controls over the use of resources, and has established an Audit and Risk Committee and an Ethics Committee to manage internal accountability.

Risk Management Strategy

The department encounters and manages a variety of risks on a day-to-day basis that have an impact on the department's ability to achieve the Government's objectives for the portfolio. Risks can include client dissatisfaction, unfavourable publicity, physical safety and security, mismanagement, equipment failure, legal action, fraud, etc. Every decision involves managing risk in terms of judging the costs and benefits of particular courses of action.

The department’s risk management strategy seeks to improve overall performance by leading to the more efficient, effective and ethical use of the Commonwealth’s resources through a systematic evaluation of the risks associated with adopting various courses of action or policy proposals. A systematic approach to risk management is consistent with higher standards of public sector accountability and assists in dealing with the uncertainties of a changing operating environment.

The department's risk management policy is outlined in Administrative Circular P0599. It requires employees to consider the risks inherent in their work, in formulating policy and in decision making and, where warranted, to undertake formal risk assessments.

Some risks may be managed through securing insurance coverage. Insurance is covered in FMM Chapter 16.

Internal accountability

Internal accountability incorporates:

14.2 Risk Management and Business Continuity

Instructions

  1. DFAT officials involved in formulating policy advice or in taking decisions on the management of large scale and complex projects should consider the risks inherent in those decisions in accordance with the department's risk management policy.
  2. Officials involved in the development, implementation and ongoing application of key processes related to financial and/or resource management should assess and manage the risks inherent in those processes in accordance with the department's risk management policy and ensure the risks affecting critical business processes are addressed.
  3. Risk assessments and business continuity plans are to be documented in a form suitable for internal and external audit scrutiny. Posts and divisions are required to prepare business continuity plans which identify key business processes and outline strategies to continue the delivery of these services in the event they are interrupted by an event that triggers the activation of a business continuity plan.
  4. Advice on risk management and business continuity plans can be obtained from the Evaluation and Audit Section.

Procedures

Responsibility

Frequency/Conditions

Action

14.3 Audit and Risk Committee

The functions of the Audit and Risk Committee include:

FMA Regulation 22C requires the terms of reference, functions and responsibilities of the Audit Committee to be set out in an Audit Committee Charter approved by the Secretary.

Instructions

  1. DFAT officials must comply with requests of the Audit and Risk Committee.

Procedures

Responsibility

Frequency/Conditions

Action

14.4 Fraud and Misconduct

In accordance with FMA Act section 45 the Secretary must implement a Fraud Control Plan. The First Assistant Secretary, Corporate Management Division is responsible for preparing the plan.

Instruction

Code of Conduct

  1. DFAT officials must act in accordance with the APS values and the APS Code of Conduct enshrined in the Public Service Act 1999 and, where applicable, the department's Code of Conduct for Overseas Service or LES Code of Conduct established at each post.
  2. DFAT officials have a duty towards the prevention and detection of fraud and misconduct.

Fraud Control Plan

  1. In accordance with the Fraud Control Plan, officials are responsible for implementing and managing fraud prevention strategies within their area of operation. Fraud prevention is an integral component of prudent financial management.
  2. The FAS CMD is responsible for preparing a report on fraud control and providing the report to the Minister every 2 years.
  3. Under the Fraud Control Plan risk assessments of departmental functions are conducted periodically to ensure that fraud prevention capabilities and controls are maintained. These include adequate administrative processes, an appropriate level of training for staff and regular updating of control and reporting systems.

Ethics Committee

  1. The Ethics Committee is responsible for the development of policy on conduct and ethics issues and the oversight of the handling of allegations of fraud and misconduct.
  2. The Conduct and Ethics Unit is responsible for management of the ethics outreach program and investigations into allegations of fraud and misconduct. The Unit also provides advice to managers on fraud control planning and ethics policy issues.

Dealing with fraud

  1. There is an agreement between the department and the Australian Federal Police (AFP) which specifies the circumstances under which fraud matters must be referred to the AFP.
  2. When dealing with fraud, employees should report it quickly and only inform those who need to know (see Action section below). The confidentiality of a person making an allegation about fraud and the privacy of persons under investigation is to be protected to the maximum extent possible, as explained in the department's guidance on whistleblowing.
  3. Officials against whom allegations of fraud or misconduct are made are presumed to be innocent unless proven otherwise.
  4. Investigations into allegations of fraud or misconduct should be conducted in accordance with Commonwealth fraud control policy and departmental investigation guidelines.

Procedures

Responsibility

Frequency

Action

Previous | Table of contents | Next