DIMIA Annual Report 2004-05
Corporate governance
RISK MANAGEMENT AND INTERNAL AUDIT ARRANGEMENTS
Risk management
The department's Risk Management Framework helps our staff to make more informed decisions and provides assurance to our ministers and the Australian community that risks have been properly recognised and adequately managed.
During 2004-05, a new Risk Management Framework was endorsed by the Management Board, integrating formal risk management practice into a range of governance activities, including resource planning, business planning, contract management, insurance, audit and benefits realisation activities. The enhancements to the current framework build on risk management activities implemented over recent years and recognise that formal risk management practice must continually be reviewed in order to remain effective. Risk management awareness among staff has continued to improve over the course of 2004-05 and the department again rated well in ComCover's annual Risk Management Benchmarking Survey.
The Internal Audit Program and other control self-assessment tools remain important elements of our risk management strategy.
Audit Committee
The Departmental Audit and Evaluation Committee (DAEC) is a key element of our corporate governance and assurance arrangements. It aims to provide assurance to the Secretary and the Management Board on the efficiency, effectiveness and probity of the department's operations, management, financial systems and internal controls. The DAEC also has responsibility for the development of risk management, business continuity management and fraud control frameworks, and promoting a risk management and fraud awareness culture within the department. A review of the DAEC Charter began in 2004-05 in order to align DAEC's role and responsibilities with ANAO better practice.
Internal audit
The internal audit function aims to provide the Secretary and the Management Board with independent assurance that departmental outputs and activities are operating effectively, efficiently and lawfully. The Internal Audit Section, operating under the authority of the Internal Audit Charter, is directly accountable to the DAEC.
Ernst & Young has delivered internal audit and related services on behalf of the department for the past seven and a half years. In addition, we are in the process of tendering for supplementary audit, review and risk management services, with a decision on a panel of preferred service providers expected to be made in 2005-06.
We cooperate with the ANAO to coordinate overall audit activity within the department. The ANAO is invited to DAEC meetings and attends the Financial Statements Sub-Committee of the DAEC.
The Internal Audit Program (IAP) is developed following consultation with senior executives and managers. In 2004-05, consultation focused on identification of the major risks facing the department and facilitated the development of a risk profile. The identified risks were assessed as to the extent to which audit activity can contribute value in the management of the risk, and then compared with recent internal audit and ANAO review activity. The residual risks were prioritised and possible audit scopes developed for further DAEC consideration. The resulting IAP consists of a mix of high-priority cross-agency and specific area audits.
Twelve audits were completed in 2004-05, ten of which were part of the 2003-04 IAP. A further fourteen audits from the 2004-05 IAP are in progress and expected to be completed during the first quarter of 2005-06. Audit report recommendations fl owing from the IAP are monitored until they have been implemented.
Other risk-mitigating strategies
Control self-assessment tools aim to monitor performance and compliance across a range of the department's financial, administrative and decision-making activities, with managers making assessments of their processes and controls using externally developed checklists. Reports are provided periodically to the DAEC on the level of conformance, quality of the relevant processes, status of controls and any remedial action undertaken or proposed.
The financially based Financial Accountability and Control Tools (FACTs) are applied in central and state/territory offices. Quality Control Codes (QCCs) are self-assessment tools which the department employs to review decision-making and decision-making processes. The number of QCCs has increased during 2004-05 and will be expanded further in 2005-06. Both FACTs and QCCs are onshore tools aimed at assuring compliance with built-in controls.
The Overseas Audit and Security Check (OASC) is another quality assurance tool. OASC audits the work of overseas posts and is undertaken on a six-monthly basis covering financial assurance, employee conduct, security issues, service standards, business continuity planning, information technology, delegations and decision-making. Items for checking are under regular review. Future checks will include occupational health and safety issues and checks on tasking for cases referred under global working arrangements. A major review of all our quality assurance processes began in 2004-05.