FWBC maintains a number of security and risk management plans. These plans are reviewed and updated regularly to take account of changes in the business activities or the risk profile of FWBC.
During 2011-12, the following security and risk management plans were maintained by FWBC:
- security plan
- risk management plan and risk register
- pandemic plan
- business continuity plan
- fraud control plan and fraud risk assessment – the FWBC fraud risk assessment and fraud control plan is currently under review, following the transition of these documents from FWBC’s predecessor. FWBC has taken all reasonable measures to minimise the incidence of fraud and to investigate and recover the proceeds of fraud against FWBC. FWBC has appropriate fraud prevention, detection, investigation, reporting and data collection procedures and processes in place that meet the specific needs of FWBC and comply with the Commonwealth Fraud Control Guidelines.
- internal audit plan – as part of FWBC’s internal audit strategy, PKFECP have been appointed as FWBC’s internal auditors. Areas of significant operational or financial risk are identified in consultation with the FWBC Audit Committee and FWBC Chief Executive each year and are reflected in an annual Internal Audit Plan. The Internal Audit Plan, and any variations to the internal audit plan that may occur during the year, is endorsed by the Audit Committee and approved by the FWBC Chief Executive.
The scope of all internal audit reviews are agreed between the Director, Conformance, Chief Financial Officer, any other applicable FWBC areas and PKFECP prior to commencement of the review. The outcomes of all internal audit reviews, including management responses to internal audit findings/recommendations, are presented to the Audit Committee. Progress towards implementation of agreed internal audit recommendations are reported on at subsequent Audit Committee meetings until completed.
FWBC also maintains an Intellectual Property (IP) Policy and IP Register that complies with the Commonwealth Government IP Principles. The IP Policy and IP Register are regularly reviewed and updated to take account of any significant changes to FWBC’s IP.
In addition, FWBC has records management guidelines and a record-keeping policy. Regular checks are undertaken to ensure compliance with the policy and guidelines in respect of the handling of information within FWBC.
FWBC continue to monitor its compliance with the Commonwealth Protective Security Policy Framework. Policies and procedures to protect employees, information and assets are in place and a security awareness strategy to improve the understanding of security risks and procedures has been implemented.
The FWBC Agency Security Advisor reports to the FWBC Executive Board as required.
All FWBC staff are expected to comply with the APS Values and Code of Conduct and to maintain high standards of ethical conduct.