|Page tools: Print Page RSS Search this Product|
TABLE 5.1 GOVERNANCE COMMITTEES FOR 2017-18
RISK OVERSIGHT AND MANAGEMENT
The ABS continued its efforts to overhaul its Risk Management Framework through 2017–18. This renewed engagement with risk leveraged independent advice from external risk experts to set out a new risk action plan to further develop the risk competence of staff and managers and embed fit-for-purpose processes and tools.
Throughout the year, the Executive Board dedicated considerable attention to getting the core settings right. Working with a specialist risk advisor, and the general managers, the Board revised the ABS strategic risks to take account of changes in the external environment and emerging dependencies for continued ABS delivery of quality statistics. These revised strategic risks have been promulgated throughout the ABS and serve as the reference point for operational risk assessments within each division.
The Executive Board has been routinely communicating the importance of improved risk consciousness within the business. A new corporate risk policy team was created in order to ensure that all employees are made aware of good risk management disciplines and have access to best-practice policy and materials to support their efforts to implement risk management as an operational imperative.
The ABS drew on best-practice risk management to deliver the Australian Marriage Law Postal Survey (AMLPS) within an unusually short lead time. By drawing on good risk management principles and independent assurance processes, the AMLPS project managed to deliver rigorous discipline in its assessment, treatment, monitoring and oversight of risk.
While progress has been made this year, the plan to enhance risk management capability within the ABS is not yet complete. Further work on accountability arrangements, risk monitoring, and embedding risk practice down to the program level are continuing. New risk categories and practical tools for implementing risk assessments are being developed to better guide the work of operational managers. A new risk software solution will improve the standardisation of risk terminology and consistency in the documentation of risks and controls. The strengthening of the central repository of risk assessments is also assisting corporate teams to better appreciate enterprise-wide risks that are best addressed through cross-agency treatments.
The ABS Audit Committee has also continued to make risk a central driver of its efforts to assure critical processes in the ABS. Awareness of the very technical nature of ABS operations and the potential for risk to emerge in periods of significant internal and external change while experiencing real resourcing pressures has led the Audit Committee to pay increasing attention to very fundamental aspects of corporate practice including performance measurement, records destruction, and conflict of interest. This independent assurance provides important assistance to the Australian Statistician in the task of overseeing the ABS’s performance. The 2018–19 strategic risks were signed off by the Executive Board in June 2018.
The ABS has a Fraud Control Plan to provide the framework and associated guidance for fraud prevention, detection, investigation, reporting and data collection procedures and processes that meet the specific needs of the ABS and broader government obligations. It is supported by a Fraud Risk Assessment which records identified fraud risks, treatment strategies, responsibilities, dates for implementation and reporting obligations.
The ABS Fraud Control Plan is reviewed and updated two-yearly. The fraud risk assessment is reviewed twice a year or more frequently where the ABS has identified significant changes to fraud risk exposure. The ABS Audit Committee has oversight of ABS fraud control activity.
A Fraud Control Assessment was conducted by an independent assessor in the December– January period. This assessment found that ‘Compared to 2016, the ABS’s residual fraud risk has decreased due to increased oversight of existing controls and the implementation of new controls in key areas’. Nonetheless, changes in the nature of fraud risk mean that the ABS must continue to be alert to the potential for fraud. The Fraud Risk Assessment specifically pointed to the growing use of flexible working arrangements and the risk posed by third parties as aspects of ABS operations that require close attention in future.
Security of information provided to the ABS is key to maintaining the high levels of trust that enable the ABS to operate effectively and fulfil its mission. In May 2017 a new Information Security Branch was formed to provide extra focus on transforming security within the ABS.
All ABS premises are physically secured against unauthorised access. Entry is through electronically controlled access systems, activated by individually coded access cards and monitored by closed circuit television. Areas of the ABS producing particularly sensitive data, such as market sensitive statistics, are subject to further protective security measures.
The ABS computer network has a secure gateway which allows connection to internet services including the ABS website. The secure gateway was established in accordance with Australian Government guidelines and is reviewed bi-annually by an accredited independent assessor. Access to ABS computing systems is based on personal identifiers and strong authentication services. Databases are accessible only by approved users. The computer systems are regularly monitored and usage is audited. There were no unauthorised access incidents into ABS computing systems during 2017–18.
On 9 August 2017, the Treasurer directed the Australian Statistician to undertake a statistical collection from all Australians on the Commonwealth Electoral Roll, as to their views on whether or not the law should be changed to allow same-sex couples to marry. The ABS drew on existing strong security controls and its security personnel, as well as engaged with key departments and agencies including the Australian Electoral Commission (AEC), the Australian Signals Directorate (ASD), the Digital Transformation Agency (DTA), the Australian Security Intelligence Organisation (ASIO) and the Department of the Prime Minister and Cabinet (PM&C) in developing a robust security strategy for the AMLPS process. The ABS contracted Ernst & Young to provide independent assurance on cyber security architecture and processes and seconded senior staff from the ASD and the DTA to ensure implementation of the best cyber security arrangements. The ABS also worked with the Special Adviser to the Prime Minister on Cyber Security, the Australian Federal Police and the Australian Cyber Security Centre. The ABS maintained regular communication with these entities to share intelligence and agree action plans allowing the ABS to respond quickly to issues.
In 2018 the Australian Government amended the Privacy Act 1988 to further protect the privacy of Australians. The amendments introduced the Privacy Amendment (Notifiable Data Breaches) Act 2017 on 22 February 2018 and the Privacy (Australian Government Agencies – Governance) APP Code 2017 (Privacy Code) on 1 July 2018. There have been no notifiable data breaches since the scheme came into effect (Feb 2018).
The ABS has formally appointed a Privacy Officer and a Privacy Champion as required by the Privacy Code. These persons provide advice on privacy issues and promote a positive privacy culture while also assisting the ABS in meeting the legislative requirements of the Privacy Code, including:
• maintaining a personal information holdings register
• advancing agency privacy capability through training and education
• ensuring privacy impact assessments are undertaken as required
• investigating and acting on allegations of misuse or unauthorised disclosures regarding personal information, including reporting notifiable data breaches to the Australian Information Commissioner
• monitoring the external environment to keep up-to-date on privacy issues that could affect ABS operations.
The ABS participated in Privacy Awareness Week in 2017–18 to promote awareness of privacy, including the impending legislative amendments. The ABS has also established an internal privacy community of practice, chaired by the ABS Privacy Officer and participates in cross-government privacy collaboration opportunities. Privacy awareness forms an integral part of the ABS culture.
PROTECTING THE PRIVACY OF AUSTRALIANS
The continued trust and support of our survey respondents and information providers is critical to the ABS. We maintain the secrecy of the information provided to us, as required by the Census and Statistics Act 1905, while also ensuring that we meet the additional requirements of the Privacy Act 1988, the Notifiable Data Breaches scheme and the Privacy Code.
The ABS has also taken a strong ‘privacy by design’ approach to protecting the privacy of Australians, most recently demonstrated in the design approach of the Australian Marriage Law Postal Survey. Michael Crompton, Managing Director of Information Integrity Solutions Pty Ltd, and previous Australian Information Commissioner, was consulted on the privacy aspects of the Survey. In his independent privacy statement, Mr Crompton found the ABS strategy was “a comprehensive approach to assessing and evaluating the effectiveness of privacy protection measures from the start of the survey through to its completion, publication of statistics and destruction of all personal information collected”.
The Multi Agency Data Integration Project is also embracing privacy by design as it progresses with securely linking data from multiple agencies to inform policy and program development. The privacy and confidentiality of personal information is paramount to the success of this project and has been scrutinised through the conduct of an independent privacy impact assessment (IPIA). The IPIA acknowledged there are strong measures in place to protect privacy.
INFORMATION PUBLICATION SCHEME
As an agency subject to the Freedom of Information Act 1982 (FOI Act), the ABS is required to publish information to the public as part of the Information Publication Scheme (IPS).
Each agency must display a plan on its website showing what information it publishes in accordance with the IPS requirements.
The ABS’s IPS plan is available on the ABS website.
Statistical Business Transformation Program – Gateway Reviews
The ABS was subject to mid-stage Gateway Reviews of the Statistical Business Transformation (SBT) Program in June 2016 and November–December 2017. Both these reviews, conducted on behalf of the Department of Finance, resulted in a Delivery Confidence Assessment (DCA) of Green/Amber, with the December 2017 report recognising the Program’s proven track record in the timely delivery of technically complex mid-term deliverables, its commitment to continuous improvement in its program management and delivery, and the quality of its planning for the next stage. A Green/Amber DCA indicates that ‘Successful delivery of the Program to time, cost, quality standards and benefits realisation appears probable however constant attention will be needed to ensure risks do not become major issues threatening delivery’.
The December 2017 report included six recommendations, of which two were essential and one critical. The essential recommendations in the December 2017 report focused on statistical risk management and engagement with external stakeholders, while the critical recommendation focused on the resourcing of the Program.
The ABS is currently addressing the December 2017 recommendations. The next Gateway Review of the SBT Program is planned for January 2019.
There were no other external reviews in 2017–18 that had a significant effect on the operations of the entity, with no reports issued by the Australian Information Commissioner or the Commonwealth Ombudsman. There were no individual or administrative review decisions of significance to the ABS.
There were no adverse comments relating to the ABS from the Auditor-General, the Commonwealth Ombudsman, or courts or tribunals during 2017-18.
TABLE 5.2: ABS SUBMISSIONS TO PARLIAMENTARY COMMITTEES IN 2017–18
ABS procurement and contracting activities are undertaken in accordance with the Commonwealth Procurement Rules. These rules are applied consistently to procurement activities through the Accountable Authority Instructions, supporting operational guidelines and procurement framework.
Information on procurements expected to be undertaken are advertised in an annual procurement plan, available from the AusTender website.
This plan is reviewed and updated throughout the year.
No contracts with the value of $100,000 or greater (inclusive of GST) were let during 2017–18 that did not provide for the Auditor-General to have access to the contractor’s premises.
Initiatives to support small business
The ABS supports small business participation in the Australian Government procurement market. Small and Medium Enterprises (SMEs) and Small Enterprise participation statistics are available on the Department of Finance website.
ABS procurement practices support SMEs by adopting whole-of-government solutions to simplify interactions. This includes using the Commonwealth Contracting Suite for low risk procurements valued under $200,000.
The ABS recognises the importance of ensuring that small businesses are paid on time. The results of the Survey of Australian Government Payments to Small Business are available on the Department of the Treasury website.
The ABS engages consultants when it requires specialist expertise or when independent research, review or assessment is required. Decisions to engage consultants during 2017–18 were made in accordance with the PGPA Act and related regulations, including the Commonwealth Procurement Rules and relevant internal policy.
Annual reports contain information about actual expenditure on consultancies. Information on the value of contracts and consultancies is available on the AusTender website.
During 2017–18, 48 new consultancy contracts were entered into at a value of $10.8 million. In addition, 22 ongoing consultancy contracts will remain active after the 2017–18 year, involving total contract value of $10.59 million (Table 5.3).
There were three major drivers of the ABS’s increase in consultancy services in 2017–18. Firstly, the ABS’s Statistical Business Transformation Program (SBTP) – the nature and stage of this project have necessitated that the ABS work closely with the ICT industry and other stakeholders, utilising both consultants and contractors, to deliver the transformation program and provide independent assurance services to the program. The second relates to consultancy services required to deliver the Australian Marriage Law Postal Survey (AMLPS), including risk management, independent assurance and the development of marketing/campaign advertising. The third being the establishment of the 2021 Census Work Program and related consultancy services such as independent assurance and assistance with the initiation of a Program Management Office.
TABLE 5.3 CONSULTANCY CONTRACTS FROM 2015 –16 TO 2017–18
During the 2017–18 financial year the ABS did not exempt any contracts or standing offers from publication on AusTender on the basis that they would disclose exempt information under the Freedom of Information Act 1982.
The ABS’s asset management policies are set out in the Accountable Authority Instructions and supporting financial management procedures, which is in accordance with relevant accounting standards and Department of Finance requirements. Further details on the ABS’s asset policies are contained in note 2.2 of the Financial Statements.
An asset register records details of all assets held by the ABS. An annual stocktake is conducted to ensure the accuracy and completeness of the information held on the register.
The capital management plan sets out the ABS’s longer-term asset requirements and funding sources for ongoing asset replacement and investment. The capital budget process is integrated with strategic planning and is conducted in conjunction with the annual operating budget process.
ADVERTISING AND MARKET RESEARCH
During 2017-18, the ABS conducted the following advertising including: non-campaign advertising for the 2016 Census of Population and Housing (Census) and campaign advertising for the Australian Marriage Law Postal Survey.
The Census non-campaign advertising was aimed at promoting the results of the 2016 Census to Australians. The results were released across two main phases in July and October 2017. Further information on the non-campaign advertising expenditure is available at www.tenders.gov.au.
The Australian Marriage Law Postal Survey campaign advertising aimed to give eligible Australian voters, 18 years and over, the opportunity to express their view on whether the Australian marriage laws should be changed to allow same-sex couples to marry.
Further information on those advertising campaigns is available at www.abs.gov.au and in the reports on Australian Government advertising prepared by the Department of Finance. Those reports are available on the Department of Finance’s website.
Under section 311A of the Commonwealth Electoral Act 1918, the ABS is required to disclose payments over $13,200 (GST Inclusive) for advertising and market research in the annual report.
During 2017-18, the ABS’s total expenditure for advertising and market research over the reporting threshold was $18,592,156 (GST Inclusive) (Table 5.4), the vast majority of which was expended on advertising for the Australian Marriage Law Postal Survey.
TABLE 5.4 ADVERTISING AND MARKET RESEARCH PAYMENTS OVER $13,200 IN 2017–18
These documents will be presented in a new window.