The ABCC maintained a number of security and risk management plans. These plans were reviewed and updated regularly to take account of changes in the business activities or the risk profile of the ABCC.
During 2011-12, the following security and risk management plans were maintained by the ABCC:
- security plan
- risk management plan and risk register
- pandemic plan
- business continuity plan
- fraud control plan and fraud risk assessment – the ABCC prepared a fraud risk assessment and a fraud control plan and took all reasonable measures to minimise the incidence of fraud in the ABCC and to investigate and recover the proceeds of fraud against the ABCC. The ABCC had appropriate fraud prevention, detection, investigation, reporting and data collection procedures and processes in place that met the specific needs of the ABCC and complied with the Commonwealth Fraud Control Guidelines.
- internal audit plan – as part of the ABCC’s internal audit strategy, PKF East Coast Practice were appointed as the ABCC’s internal auditors. Areas of significant operational or financial risk were identified in consultation with the ABCC Audit Committee and ABC Commissioner and were reflected in an annual Internal Audit Plan. The Internal Audit Plan, and any variations to the internal audit plan that may of occurred during the year, was endorsed by the Audit Committee and approved by the ABC Commissioner.
The scope of all internal audit reviews were agreed between the Director – Conformance, Chief Financial Officer, any other applicable ABCC areas and PKF prior to commencement of the review. The outcomes of all internal audit reviews, including management responses to internal audit findings/recommendations, were presented to the Audit Committee. Progress towards implementation of agreed internal audit recommendations were reported on at subsequent audit committee meetings until completed.
The ABCC also maintained an Intellectual Property (IP) Policy and IP Register that complied with the Commonwealth Government IP Principles. The IP Policy and IP Register were regularly reviewed and updated to take account of any significant changes to the ABCC’s IP.
In addition, the ABCC had records management guidelines and a record-keeping policy. Regular checks were undertaken to ensure compliance with the policy and guidelines in respect of the handling of information within the ABCC.
The ABCC continued to monitor its compliance with the Commonwealth Protective Security Policy Framework. Policies and procedures to protect employees, information and assets were in place and a security awareness strategy to improve the understanding of security risks and procedures were implemented.
The ABCC Agency Security Advisor reported to the Executive Board as required, otherwise on a quarterly basis.
In line with the Public Service Act 1999, the ABCC and its staff upheld the highest ethical standards. These standards were communicated to staff through the APS Values and Code of Conduct, which were published on the ABCC website and intranet and were included in job information kits provided to prospective employees. They were explained to new staff in induction programs and underpinned the Statement of Strategic Intent and a number of internal policies and procedures, including:
- determining breaches of the Code of Conduct
- dealing with whistleblower reports
- email and internet use protocol
- conflict of interest policy
- giving and receiving gifts.
The ABCC provided staff with ongoing information and training in the APS Values, Code of Conduct and Workplace Diversity. Fraud and ethics awareness training also formed part of the ABCC induction program.
The ABCC was represented on the APSC Ethics Contact Officer Network (ECONET) by Murray Gregor, Executive Director Field Operations (Eastern). This network promotes the Government’s ethical agenda which focuses on enhancing ethics and accountability in the Commonwealth Public Sector.