Directors-General are obligated to ensure risks to the integrity of their directorates are assessed and treated in accordance with the appropriate Risk Management Standard and addressed in detailed fraud and corruption prevention plans. The obligation is set out in part 2.3 of the Public Sector Management Standards 2006 which continues to apply in accordance section 113 of the Public Sector Management Standards 2016.
Each directorate is required to appoint an executive responsible for the implementation of the integrity strategies and processes for the detection and investigation of fraud and corruption. These officers are known as the Senior Executive Responsible for Business Integrity Risk (SERBIR). All eight directorates had a SERBIR in place throughout the 2018-19 reporting year.
Six directorates reported that a formal risk assessment had been undertaken in accordance with the Risk Management Standard during 2018-19. In October 2018, CHS and ACTHD transitioned into two separate organisations. As a result, no formal risk assessment was undertaken during the reporting year for both CHS and ACTHD. Both directorates are currently reviewing their risk and management arrangements to align with the new organisational structure.
Directorates identified a number of common key and emerging risks, including:
- fraud and corruption;
- ICT, cyber threats and data integrity including the loss or misuse of sensitive data and information;
- public safety (including Events, Crowded Places);
- workplace health and safety; and
- prevention, preparedness and response to environmental threats (loss of utilities and key infrastructure due to physical and environmental conditions).
Six directorates identified their intentions to review the risk assessment process within their directorate during the 2019-20 reporting year.
Directorates noted the timing and event triggers of these reviews included:
- the release of the new whole of Government Risk Management Policy by the ACT Insurance Authority in 2019;
- the risk assessment process undertaken in line with business planning cycle;
- directorate restructure (including machinery of government changes such as the creation of Major Projects Canberra); and
- ongoing review as part of the risk management framework and business continuity planning.
JACS reported acquiring access to licences to implement a new Enterprise Risk Management (ERM) system which will allow greater levels of automation to current risk assessment and management processes. This will empower staff to actively manage and report on risks on a day to day basis. This expands a system which currently operates in TCCS.
The Education Directorate reported a commitment to a program called ‘Strengthening the Foundations of Risk Management’ at the school and Education Support Office (ESO) level. The program aims to embed risk management as part of the organisational business as usual program and integrate risk management as part of the normal school planning cycle.
In the 2018-19 reporting year, seven directorates reported that they had a current Fraud and Corruption Plan. CHS is currently reviewing their Fraud and Corruption Plan to align with their new organisational structure. Directorates reported that they had reviewed or were in the process of reviewing their Fraud and Corruption Plans.
As required by the Public Sector Management Standards 2006, all directorates must have an Audit Committee created in accordance with the Internal Audit Framework. The aim of the Audit Committee is to monitor and review the effectiveness of corporate governance within the respective directorates.
All directorates reported that an Internal Audit Committee was in operation for the 2018-19 reporting year. Each committee reported to include members who are external to the directorate, including the Chair.
Directorates were asked to report on any specific strategies implemented or activities that took place within each area to promote and educate employees on public sector ethics and values, integrity, governance and risk management. Some examples reported included:
- e-learning modules;
- orientation programs for new starters;
- the availability of resources on the directorate intranet sites; and
- SERBIR emails sent to all employees within the directorate.
In 2019, JACS piloted a Supervisor Development Program aimed at providing managers with information to support them to effectively undertake core supervisory duties and improving their confidence and performance as supervisors. The program was based on a successful Shared Services program. Topics covered in the program included ACTPS accountability, governance frameworks, financial integrity and delegations, HR delegations and governance, risk management framework and tools, and project risk and governance.
EPSDD also reported undertaking a fraud and corruption awareness survey in 2019, with 261 staff participating in the survey, which was up from the 91 staff responses in the 2017 fraud and corruption survey.
Directorates were asked to rate a number of integrity risks within their organisation against a category of low, medium, high or extreme. The integrity risks identified by directorates 2018-19 reporting year under each risk rating was:
- Low risk category: Fraud (clients);
- Medium risk category: Fraud and Integrity, Asset Management; and
- High risk category: Procurement and Contract Management, Finance and IT Systems.
No directorates identified a risk as extreme. Most directorates reported risk ratings had remained consistent or reduced in rating since the 2017-18 reporting year.
In relation to the high risk category, directorates reported several strategies underway to help mitigate these risks. In relation to Procurement and Contract Management, work has commenced on implementing systems such as Project Management and Reporting System (PMARS) and the Online Simple Quote and Reporting System (OSQAR).
PMARS provides a systematic approach for delivering, managing and reporting on capital works projects. Integrated with budgeting and payment systems to maintain controls over project progress against milestones, budgeting and expenditure and an audit trail of decisions. The system will assist in providing current and accurate reporting. PMARS will also provide a standardised process for the development and delivery of capital works projects based on best practice. In the 2018‑19 financial year, Phase 1 of the PMARS was progressed providing CMTEDD, TCCS and ACTHD with projects and associated contract reports available from the system, along with most of the Education Directorate’s capital works projects. All budgeted projects for in the 2019-20 budget process are expected to be delivered within PMARS and reported on from the new system.
Procurement ACT is developing a tool, OSQAR, to simplify the procurement process for low value goods and services procurements. The tool takes users through a series of questions and prompts them to consider relevant policies and legislative requirements. The tool will be launched during the 2019-20 reporting year.
The newly established ACT Integrity Commission commenced on 1 July 2019 and is due to be fully operational by 1 December 2019. The ACT Integrity Commission will play a significant role in ensuring the transparency and accountability of the ACTPS. In addition to existing obligations under other legislation, the Integrity Commission Act 2018 now requires that Directors-General, other senior executives and statutory office holders have mandatory responsibilities to notify the Integrity Commission about any matter that may involve serious corrupt conduct or systemic corrupt conduct.
A whole of government Compliance Project has been established to review all its obligations, both legislative and non-legislative including delegations, to ensure all employees are aware of their obligations and directorates have arrangements and resources in place to ensure compliance across all levels.