Annual Report 2014–15 search
A range of audit activities were undertaken by internal and external auditors to provide assurance to the General Manager, the Audit Committee and managers within the Commission about risk-related activities.
The Auditor-General issued an unqualified independent audit report on the Commission's 2014–15 financial statements. There were no other reports issued by the Auditor-General relating to the Commission in 2014–15.
There were no reports on the operation of the Commission by a parliamentary committee or the Commonwealth Ombudsman, and there were no agency capability reviews.
The General Manager and the Executive attended Senate Estimates hearings on 23 October 2014, 26 February 2015 and 2 June 2015. The President attended the Senate Estimates hearing on 26 February 2015.
Internal audit arrangements
Ernst & Young was appointed on 27 August 2014 to undertake the Commission's annual program of independent internal audits. The following internal audits were considered by the Audit Committee and finalised in 2014–15:
- review of information security
- review of Executive quarterly monitoring report
- risk management plan.
The following internal audits were commenced in 2014–15:
- Protective Security Policy Framework review
- PGPA Act compliance review.
Judicial decisions and administrative review
There were no judicial decisions, decisions of administrative tribunals or decisions by the Australian Information Commissioner that have had or may have a significant impact on the Commission's operations during 2014–15.
In 2014–15, the Commission undertook corporate reporting through:
- the prescribed annual report and State of the Service reporting requirements
- other external reports such as the Portfolio Budget Statements and central agency surveys
- responses to parliamentary questions.
The Commission's website is the primary source of publications and reports regarding its activities. During the year the Commission reviewed its website structure, presentation and content to identify opportunities to enhance the accessibility of information on it.
Risk management and fraud control
During the reporting period the Commission updated its Risk Management Policy and framework to align with the Commonwealth Risk Management Policy (PDF) released in July 2014. This policy requires Commonwealth agencies to establish an appropriate system of risk oversight and management. The Commonwealth Risk Management Policy supports the PGPA Act.
The Commission's Executive and Senior Management Group assessed and developed the risk policy, workshopped the risk profile, and is putting in place steps to embed a risk-based culture within the organisation.
In addition, the Commission has a fraud risk assessment and fraud control plan and appropriate fraud prevention, detection, investigation reporting and data collection procedures and processes to meet its specific needs and to comply with the Commonwealth Fraud Control Guidelines.
The General Manager's certification in respect of fraud control can be found at Appendix I.