The ASC’s risk management framework assists the ASC to manage the risks involved in its activities to optimise opportunities and minimise adverse consequences. At the highest level, the ASC’s strategic risk register highlights the key strategic risks and controls, while the business continuity and emergency response plan, internal audit programme and fraud control plan are important components of the risk management framework.
Key risk management activities undertaken during 2014–15 included:
- quarterly review and reporting against the ASC’s strategic risk register
- further maturing risk management processes with closer links between risk management and ASC business planning
- completion of the Comcover risk management benchmarking survey
- reviewing and updating the business continuity and emergency response plans.
The ASC’s internal audit programme provides independent, management-orientated advice on the ASC’s operations and performance. The objective of internal audit is to:
- provide assurance to the ASC Executive and the Finance, Audit and Risk Committee that the key risks to achieving the ASC’s objectives are being appropriately mitigated
- assist management to continuously improve business performance.
During 2014–15, the ASC continued its contractual relationship with PricewaterhouseCoopers for delivery of the internal audit programme. The annual internal audit plan focused on key areas of strategic and operational risk and the development of the plan was informed by discussions with management, business planning and the ASC’s assurance map. Throughout the year, the Finance, Audit and Risk Committee maintained oversight of the internal audit programme and implementation of open internal audit recommendations.
The following audits were completed during 2014-15 as part of the ASC’s internal audit programme:
- information security
- monitoring of NSOs’ financial sustainability
- intellectual property and copyright.
The ASC has fulfilled its requirements in relation to fraud control, taking all reasonable measures to minimise the incidence of fraud and to investigate and to the extent possible, recover the proceeds of fraud against the Commission. The ASC has documented fraud risk assessments and fraud control plans, and has in place appropriate fraud prevention, detection, investigation, reporting and data collection procedures and processes to meet the specific needs of the organisation.
Specifically, during 2014–15, the ASC reviewed and updated its fraud control plan, fraud risk assessment, and fraud control policy to reflect better practice as outlined within the Commonwealth Fraud Control Framework. The ASC also revised its fraud awareness training package and required all ASC ongoing and fixed-term staff to complete the course. During the reporting period, three instances of suspected fraud were reported to the ASC and addressed in accordance with the ASC’s fraud control plan.
Indemnities and insurance premiums for officers
The ASC is insured through the Australian Government’s self-managed fund, Comcover. Such insurance includes directors’ and officers’ liability cover to the extent permitted by the PGPA Act. The entire premium is paid by the ASC. In 2014–15 the ASC did not give any indemnity to a current or former officer of the ASC.