DIMA Annual Report 2000-01

Management and accountability - continued

Risk management

The department maintains a focus on identifying and mitigating risk. It has implemented a number of mechanisms to achieve this, including both the establishment of a departmental infrastructure to support risk, as well as lower-level mechanisms for identifying and addressing risk as a pivotal aspect of core departmental business.

Departmental risk management framework

In 2000-01 the department began developing a comprehensive risk management framework.

Through detailed analysis of high-level risks, a strategic framework was developed which will form the basis for further risk management strategies.

Set at a strategic level, initially this framework will seek to identify and assess risks, with a focus on raising awareness. The framework will help develop practical strategies and guidelines for staff to use while managing risk in their day-to-day work.

Audit committee

The Departmental Audit and Evaluation Committee (DAEC) provides high-level strategic guidance and oversight on issues including risk. As well as analysing identified risks, the Committee seeks to ensure better management of risks through comprehensive implementation of audit recommendations.

The DAEC recently implemented an Audit Committee Charter, which further enhances its focus on risk identification and management in compliance with Section 46 of the Financial Management and Accountability Act 1997.

Internal audit

A dedicated Internal Audit Unit ensures an ongoing focus on key areas of risk. The Internal Audit Charter provides managers and staff with the internal audit framework and the authority on which it operates, fostering cooperative risk identification and mitigation.

Internal Audit, through its services based on risk mitigation, provides the Secretary and Management Board with assurance that departmental outputs and activities operate efficiently and effectively.

Matters relating to performance, compliance with the law, departmental regulations and best practice are reviewed by Internal Audit. Directly accountable to DAEC, Internal Audit is not subject to line management control, thus allowing the Unit to maintain its independence and objectivity.

The Internal Audit Unit is integrally involved with the audit contractor and the DAEC in developing the Annual Audit Plan following identification of high-level risks.

The Annual Audit Plan is set for the first half of the financial year, when residual high-level risks and emerging risks are evaluated and the second half of the year is planned. In 2000-01, 23 areas of concern were audited.

High and medium risk findings are addressed as recommendations in the audit reports, which are then presented to the DAEC. Low risk findings are covered in a management letter to the audited area. All of these recommendations are then tracked and reported to the DAEC until implemented.

Other risk-mitigating strategies

Evaluations are conducted by DIMA staff, or sourced externally in some cases, to assess and mitigate risks associated with progress towards achieving outputs, as well as to consider whether those outputs are still valid. Eighteen evaluations were conducted in 2000-01.

Identification and treatment of risks through control self-assessment and reporting continues to strengthen DIMA's control, compliance and accountability.

The Financial Accountability and Control Tools and several Quality Control Codes for individual visa programs are control self-assessment tools used to assure reliability of the information provided and to strengthen accountability onshore.

The Overseas Audit and Security Checklist serves the same purposes offshore. Reports on completion of the checks, identifying emerging trends and issues, are periodically provided to the DAEC for consideration.

The ANAO works in cooperation with DIMA on the Financial Statements Sub-Committee, attends meetings of the DAEC and coordinates its audits with the Internal Audit Unit so that value for money is achieved by maximising audit coverage leading to greater reduction of risks.

The Departmental Security Steering Committee (DSSC) oversees, among other things, a whole-of-department Protective Security Risk Review undertaken in accordance with the new Commonwealth Protective Security Manual. The outcome of the review will be used to formulate an Agency Security Plan.

The Agency Security Plan will be based on a security policy that supports the department's goals and resources and a thorough security risk analysis.

It will also be one of the means the department uses to demonstrate a commitment to risk management in general. The DSSC will also oversee the department's implementation of the requirements of the new Commonwealth Protective Security Manual.

[Previous Page]  [Contents]  [Next Page]