DIMA Annual Report 1999-2000
Management and accountability
Internal audit - risk management
The Department's internal audit program includes annual risk management planning. This scopes higher level risks at a whole-of-agency level with the Secretary, Deputy Secretary and division heads. Agreed risks are addressed in the annual audit plan.
Twenty areas of higher risk were included in the annual audit plan adopted by DIMA's Departmental Audit and Evaluation Committee (DAEC) for the 1999 year.
Quarterly meetings of the DAEC allow the plan to respond rapidly to changing assessments of risk. During 1999-2000, the DAEC decided to add nine areas of higher risk, while some other identified areas were collapsed into fewer audit topics.
As the audit of higher risks was completed by DIMA's internal audit contractor, the findings and recommendations were brought to the attention of key stakeholders. The operational areas had an opportunity to discuss the findings and recommendations with the auditors before formal management responses were sought. The complete audit report was signed off by the division head or heads concerned and electronic copies were distributed to all DAEC members before the executive summary was tabled for final acceptance.
The DAEC also monitors implementation of internal audit recommendations. Six months after the tabling of each report, areas responsible for implementation of recommendations advise on progress.
Areas within the Department may decide they face a risk on which they would like external advice. The internal audit contract allows them to call for a management-initiated review. The reviews provide timely management consultations before risks increase in urgency. Six reviews were conducted in 1999.
The internal audit program is run in co-operation with the ANAO. The ANAO attends meetings of the DAEC and is represented on the Financial Statements Sub-Committee. The sub-committee facilitates compliance with the reporting requirements of the Financial Management and Accountability Act and the Finance Minister's Orders, to produce accurate year-end financial statements and reports.
The Financial Services Performance Indicators (FSPIs) represent a key self-assessment and assurance tool in the Department. Their development during 1999 continued to improve risk management within DIMA. A strong focus on compliance to processes and procedures has meant improved reliability in all levels of reporting and provided a forum for financial assurance issues to be identified and addressed.
The FSPIs have now been revised and will be replaced by Financial Accountability and Control Tools (FACTs) from 1 July 2000. The objective of the FACTs is to provide management with an indication that the controls incorporated into systems and processes are operating satisfactorily and, therefore, the resulting financial information is complete, valid and accurate, and can be relied upon for decision-making purposes. The strong focus on revenue, expenditure and asset management has remained, with an increased focus on employee entitlement reporting and month end requirements.
The ANAO's performance audit of migrant settlement services in 1998 found that DIMA's planning of migrant settlement services would be better informed by a more structured approach to risk management. The audit reviewed:
-
the Community Settlement Services Scheme (CSSS) and the Migrant Resource Centre (MRC) - Migrant Service Agency (MSA) program from the Multicultural Affairs and Citizenship Division, and
-
the On-Arrival Accommodation (OAA) scheme, the Community Refugee Settlement Scheme (CRSS) and that part of the CSSS funded under the Integrated Humanitarian Settlement Strategy (IHSS) from the Refugee and Humanitarian Division.
This ANAO audit led the Multicultural Affairs and Citizenship Division to conduct a risk management review under the best practice standards provided by the ANAO and the Joint Committee of Public Accounts and Audit (JCPAA). The division decided a risk management review would benefit its activities and Outcome 2 because of linkages between policies and services inside and outside the division.
A risk management analysis is being made of elements of Outcome 2 which are the responsibility of the Refugee and Humanitarian Division. The scope of this review will extend to humanitarian settlement functions being performed in state and territory offices and overseas posts.
The Outcome 2 risk management reviews conform to the Standards Australia publications, Risk Management and Guidelines for Managing Risk in the Australian and New Zealand Public Sector and MAB/MIAC Report No. 22, Guidelines for Managing Risk in the Australian Public Service.
Other risk assessments conducted in the Department on a needs basis range from preparing individual contracts to development of the Department's fraud plan and identification of risks associated with Y2K.