Comcover Awards for Excellence - Department of Finance and ...
Comcover Awards for Excellence - Department of Finance and ...
Comcover Awards for Excellence - Department of Finance and ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012<br />
Case studies <strong>of</strong> award winning agencies<br />
AUSTRALIAN GOVERNMENT COMCOVER
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012<br />
Case studies <strong>of</strong> award winning agencies<br />
Foreword<br />
I am pleased to present to you <strong>Comcover</strong>’s second case study booklet. It showcases the risk management<br />
practices <strong>of</strong> the award winners from <strong>Comcover</strong>’s <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> program in 2011.<br />
The <strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> recognise <strong>and</strong> reward those agencies that demonstrate innovation<br />
<strong>and</strong> leadership in the field <strong>of</strong> risk management.<br />
Each <strong>of</strong> these award winning agencies has put <strong>for</strong>ward examples <strong>of</strong> excellence that highlight how it<br />
approached the challenges <strong>of</strong> implementing effective risk frameworks, programs <strong>and</strong> systems.<br />
Nominations in the 2011 <strong>Awards</strong> program reflected the importance <strong>of</strong> ensuring an agency’s approach to<br />
managing risk is aligned with its strategic objectives.<br />
A number <strong>of</strong> winning agencies in the Enterprise-Wide Risk Management Category identified the need to<br />
review <strong>and</strong> update their frameworks to reflect changes to their operating environment. As a result there<br />
is a greater focus on accountability <strong>and</strong> responsibility <strong>for</strong> managing risk; a clear underst<strong>and</strong>ing <strong>of</strong> the<br />
importance <strong>of</strong> integrating risk with other governance processes; <strong>and</strong> recognition <strong>of</strong> the benefit in aligning<br />
the agency’s risk framework with its outcomes.<br />
Award winners in this year’s Risk Initiative Category are diverse. Each has demonstrated that by having the<br />
appropriate systems <strong>and</strong> processes in place to manage risk, it is possible to develop a culture where the<br />
consideration <strong>of</strong> risk provides opportunity <strong>for</strong> agency improvement.<br />
A key objective <strong>of</strong> the <strong>Awards</strong> program is to facilitate the sharing <strong>of</strong> in<strong>for</strong>mation. I encourage agencies to<br />
read the case studies <strong>and</strong> make contact with award winners to gain further insight into how they have<br />
influenced better management <strong>of</strong> risk within their agency.<br />
<strong>Comcover</strong> will draw on the experience <strong>of</strong> each <strong>of</strong> the award winners to help demonstrate examples <strong>of</strong><br />
better practice <strong>for</strong> our education program, <strong>and</strong> in the future development <strong>of</strong> better practice tools <strong>and</strong><br />
templates.<br />
Robert Higgins<br />
Manager<br />
<strong>Comcover</strong><br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
1
2<br />
Contents<br />
ENTERPRISE-WIDE RISK MANAGEMENT CATEGORY<br />
Highly Commended <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry 4<br />
Highly Commended Australian Taxation Office 7<br />
Honourable Mention <strong>Department</strong> <strong>of</strong> Immigration <strong>and</strong> Citizenship 11<br />
Honourable Mention <strong>Department</strong> <strong>of</strong> Human Services 15<br />
RISK INITIATIVE CATEGORY<br />
Winner Australian Taxation Office 20<br />
Highly Commended <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (Asian Gypsy Moth) 23<br />
Highly Commended Australian Maritime Safety Authority 26<br />
Highly Commended Bureau <strong>of</strong> Meteorology 30<br />
Honourable Mention <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (Aquatic Animal Health) 34<br />
Honourable Mention Australian Customs <strong>and</strong> Border Protection Service 38<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
ENTERPRISE-WIDE RISK MANAGEMENT CATEGORY<br />
Highly Commended <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry<br />
Highly Commended Australian Taxation Office<br />
Honourable Mention <strong>Department</strong> <strong>of</strong> Immigration <strong>and</strong> Citizenship<br />
Honourable Mention <strong>Department</strong> <strong>of</strong> Human Services
Enterprise-Wide Risk Management Category – Highly Commended – DAFF<br />
4<br />
<strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry<br />
Highly Commended<br />
Overview<br />
In 2009, the Secretary <strong>of</strong> the <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (DAFF), made revitalising the<br />
agency’s risk management framework a priority. At the heart <strong>of</strong> this was a comprehensive review <strong>of</strong> how the<br />
agency approached <strong>and</strong> managed risks.<br />
The agency acknowledged its previous risk management framework, while sound, was process-oriented <strong>and</strong><br />
complex. A new risk management framework was needed that would build a more agile, effective, adaptive<br />
<strong>and</strong> resilient organisation. Three guiding principles were identified:<br />
• Risk management should be part <strong>of</strong> everyday decision-making <strong>and</strong> not seen as a ‘bolt-on’ process.<br />
• DAFF should adopt a positive risk culture, moving from risk aversion to working with known <strong>and</strong><br />
calculated risks.<br />
• Staff should be empowered to actively manage risks as part <strong>of</strong> everyday decision-making.<br />
DAFF’s new risk management framework is underpinned by regular communication from the Secretary <strong>and</strong> the<br />
Executive, which sends a strong message about the importance <strong>of</strong> risk management, <strong>and</strong> ensures attention <strong>and</strong><br />
resources are dedicated to the task.<br />
The Risk Management Framework—creating the foundation to effectively manage risk<br />
DAFF’s new governance framework has integrated the management <strong>of</strong> risk into all key business functions,<br />
processes, systems, programs <strong>and</strong> projects. This means the Secretary, in consultation with the Executive<br />
Management Team (EMT), can determine, communicate <strong>and</strong> review DAFF’s risk appetite in response to what is a<br />
dynamic operating environment.<br />
The Risk Policy set out in the Chief Executive Instructions, identifies risk management as an essential part <strong>of</strong><br />
the agency’s strategic approach. The policy makes sure the <strong>Department</strong> is well placed to underst<strong>and</strong> <strong>and</strong> better<br />
manage its risks <strong>and</strong> fulfill its accountability requirements.<br />
Integrating risk management<br />
By integrating risk management vertically <strong>and</strong> horizontally into its governance, planning <strong>and</strong> per<strong>for</strong>mance<br />
management processes, DAFF made sure risk management became a m<strong>and</strong>ated part <strong>of</strong> business planning at<br />
the agency.<br />
It did this by bringing the three separate elements <strong>of</strong> business planning, business risks <strong>and</strong> business reporting,<br />
onto one plat<strong>for</strong>m. This new system, called ‘e-plan’, allowed corporate in<strong>for</strong>mation to be automatically populated<br />
into planning, risk <strong>and</strong> per<strong>for</strong>mance plans, <strong>and</strong> removed any possibility <strong>for</strong> human error.<br />
It also allowed risk levels to be automatically calculated, with users able to select sources <strong>of</strong> risk from drop down<br />
boxes. This allowed risk pr<strong>of</strong>iles to be calculated in minutes rather than days, <strong>and</strong> areas <strong>of</strong> risk growth to be easily<br />
identified <strong>and</strong> treated.<br />
While the new system supports <strong>and</strong> integrates risk more effectively into day-to-day business, DAFF has not<br />
changed its existing integration model, which still allows risk in<strong>for</strong>mation to flow through the <strong>Department</strong><br />
smoothly <strong>and</strong> be readily accessible by all senior executives.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
DAFF regularly reviews, evaluates <strong>and</strong> updates its revamped risk management framework documents <strong>and</strong><br />
processes. Thanks to the successful implementation <strong>of</strong> ‘e-plan’, the review <strong>of</strong> risks has now become automated<br />
<strong>and</strong> far easier to manage. Risk in<strong>for</strong>mation is always in real time <strong>and</strong> relevant to day-to-day business.<br />
Championing risk initiatives<br />
DAFF has worked to create a positive risk culture that emphasises the benefits <strong>of</strong> risk management in achieving<br />
the organisation’s objectives. It has embedded risk in the agency’s framework. Importantly, the Secretary <strong>and</strong> the<br />
Executive drive this culture in the <strong>Department</strong> by championing risk initiatives <strong>and</strong> processes.<br />
Implementing strategies, plans <strong>and</strong> processes<br />
Crucial to DAFF’s successful implementation <strong>of</strong> a new <strong>and</strong> agency-wide risk management program, is the top<br />
down commitment from the Secretary <strong>and</strong> Executive to providing the necessary financial, technical <strong>and</strong> human<br />
resources needed to manage risk effectively <strong>and</strong> efficiently.<br />
Responsibility <strong>for</strong> coordinating risk management across the <strong>Department</strong> lies with DAFF’s Business Assurance<br />
& Risk Branch. It funds the dedicated Risk Management Team (RMT), which has three full-time <strong>of</strong>ficers. The RMT<br />
coordinates <strong>and</strong> provides risk management advice <strong>and</strong> support across the agency.<br />
The <strong>Department</strong> has also <strong>for</strong>med a risk branch to drive the biosecurity re<strong>for</strong>m process <strong>and</strong> has various<br />
specialist areas.<br />
The RMT developed an organisation-wide strategy to implement, monitor, review <strong>and</strong> continuously improve<br />
the Enterprise-wide Risk Management Framework. In implementing this strategy the RMT:<br />
• Reviews <strong>and</strong> updates risk management methodologies <strong>and</strong> tools.<br />
• Implements <strong>and</strong> monitors DAFF’s risk management program, including specialist risk activities.<br />
• Analyses risk in<strong>for</strong>mation <strong>and</strong> prepares a range <strong>of</strong> risk reports.<br />
• Communicates risk in<strong>for</strong>mation.<br />
• Provides risk management learning <strong>and</strong> development opportunities.<br />
Communication <strong>and</strong> training<br />
As part <strong>of</strong> its ef<strong>for</strong>ts to effectively communicate risk in<strong>for</strong>mation, DAFF consults widely with both internal<br />
<strong>and</strong> external stakeholders to make sure risk sensitivity <strong>and</strong> emerging issues <strong>and</strong> opportunities are included<br />
in risk analysis. External stakeholders include agriculture, food <strong>and</strong> fibre industries, other Australian <strong>and</strong> state<br />
government agencies, consumer <strong>and</strong> community interest groups, <strong>and</strong> those involved across the biosecurity<br />
spectrum.<br />
The agency established a divisional risk network to champion risk management, <strong>and</strong> to provide points <strong>of</strong><br />
contact <strong>for</strong> all risk issues. It also provides feedback to the RMT on risk initiatives <strong>and</strong> risk mentoring.<br />
DAFF carries out risk management training to make sure staff members have the knowledge <strong>and</strong> skills they<br />
need to effectively manage risk in business operations, <strong>and</strong> <strong>of</strong>fers a tiered risk management training program<br />
<strong>for</strong> all staff.<br />
As well as ‘Risk 101’ <strong>and</strong> risk scenario training, the <strong>Department</strong> also provides training on its risk tools.<br />
Once developed <strong>and</strong> released from the development plat<strong>for</strong>m, training was provided on the new system<br />
‘e-plan’, which was designed to be intuitive <strong>and</strong> simple to use. One <strong>of</strong> its primary objectives was to reduce<br />
red tape <strong>and</strong> streamline the whole planning, risk <strong>and</strong> reporting functions. Feedback indicates all <strong>of</strong> these<br />
objectives have been met.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Enterprise-Wide Risk Management Category – Highly Commended – DAFF<br />
5
Enterprise-Wide Risk Management Category – Highly Commended – DAFF<br />
6<br />
Business continuity<br />
DAFF has successfully developed an agency-wide risk management framework that supports its business<br />
objectives.<br />
The agency’s risk pr<strong>of</strong>iling <strong>and</strong> reporting framework is a key input into business planning <strong>and</strong> per<strong>for</strong>mance<br />
management activities. Strategic <strong>and</strong> key business risks are regularly reviewed, with risk assessment a normal<br />
part <strong>of</strong> the annual business planning <strong>and</strong> reporting cycle.<br />
As part <strong>of</strong> its business continuity program, DAFF undertakes a risk based Business Impact Analysis to identify<br />
critical functions, dependencies, workarounds <strong>and</strong> the maximum acceptable outage times. All divisional<br />
executive managers <strong>and</strong> key divisional staff were involved in this process, <strong>and</strong> the outcomes endorsed by the<br />
Secretary <strong>and</strong> EMT in November 2009.<br />
The <strong>Department</strong> regularly tests its business continuity framework by working through scenarios. These<br />
culminate in an annual live exercise that is held late in the year. Exercise scenarios are based on potential risk<br />
events <strong>and</strong> an exercise planning team that includes representatives from affected divisions are <strong>for</strong>med to plan,<br />
organise <strong>and</strong> evaluate the exercise. All live exercises are also evaluated externally, with lessons learned used in the<br />
annual review <strong>and</strong> update <strong>of</strong> the business continuity framework.<br />
Results<br />
DAFF’s revitalised risk management framework <strong>and</strong> program has ensured risk management has become a part <strong>of</strong><br />
everyday decision making processes. Risk management is integrated into the planning <strong>and</strong> reporting process <strong>of</strong><br />
the department, <strong>and</strong> links the agency’s management <strong>of</strong> risk within the overarching governance structures.<br />
Championed by the Secretary, there is a top-down commitment to risk management that is complemented by<br />
training <strong>and</strong> communication activities <strong>for</strong> all staff. This has helped to foster a positive approach to risk, with the<br />
increasing realisation the <strong>Department</strong> should not be risk averse but have a better underst<strong>and</strong>ing <strong>of</strong> its risks, so it<br />
can take known <strong>and</strong> calculated risks.<br />
The introduction <strong>of</strong> ‘e-plan’ has dramatically reduced the amount <strong>of</strong> administration <strong>and</strong> errors the legacy systems<br />
had built in. All business planning, risk <strong>and</strong> reporting functions are now in ‘real time’, which means in<strong>for</strong>mation is<br />
up-to-date <strong>and</strong> 100% accurate. This gives further reassurance to the Executive.<br />
The <strong>Department</strong> has also seen improvements in how staff view risk training. Since the <strong>Department</strong> started<br />
running ‘Risk 101’ training just over a year ago, more than 750 <strong>of</strong>ficers (from SES B<strong>and</strong> 2 to APS 2) have taken part.<br />
The training is now being rolled out nationwide to front line <strong>of</strong>ficers, who have had risk training added as part <strong>of</strong><br />
their workplace agreement.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
Australian Taxation Office<br />
Highly Commended<br />
Overview<br />
Australian Government<br />
Australian Taxation Office<br />
The Australian Taxation Office (ATO) has over 20 000 staff across 25 business lines. It manages millions <strong>of</strong><br />
transactions every year from registrations <strong>and</strong> lodgments though to payments, refunds <strong>and</strong> debts.<br />
Given the scale <strong>of</strong> its operations, the agency already had a well-embedded <strong>and</strong> mature risk management<br />
capability <strong>and</strong> culture in its compliance areas, which had been recognised internationally. The challenge <strong>for</strong><br />
the ATO was to introduce an enterprise-wide risk management framework that continued to develop its<br />
management <strong>of</strong> compliance risks, while extending it to cover all enterprise risks in an increasingly complex<br />
organisation.<br />
The ATO’s enterprise-wide risk management approach was designed to:<br />
• Strengthen the integration <strong>of</strong> risk management activity across all areas <strong>of</strong> the ATO.<br />
• Underst<strong>and</strong> the range <strong>of</strong> risks as a ‘system’.<br />
• Manage risks <strong>and</strong> take advantage <strong>of</strong> opportunities that arose from that underst<strong>and</strong>ing.<br />
The Risk Management Framework—creating the foundation to effectively manage risk<br />
Risk categories<br />
To make sure all risks were considered, the ATO developed a schema <strong>of</strong> enterprise risk categories that organised<br />
risk in<strong>for</strong>mation into 22 categories. One <strong>of</strong> the key features <strong>of</strong> the framework is that it is enterprise wide, <strong>and</strong><br />
operates independently <strong>of</strong> organisational structures.<br />
Sub-categories carry risk descriptions that clarify what the impact would be if a business outcome were not<br />
achieved. An Enterprise Risk Owner (typically SES B<strong>and</strong> 2) is appointed <strong>for</strong> each risk category. All risks identified<br />
at enterprise, operational <strong>and</strong> tactical levels map to the most relevant risk category <strong>and</strong> are subject to the risk<br />
management process. This makes sure mitigation strategies <strong>and</strong> controls remain effective.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Enterprise-Wide Risk Management Category – Highly Commended – ATO<br />
7
Enterprise-Wide Risk Management Category – Highly Commended – ATO<br />
8<br />
ATO Enterprise Risk Wheel - Level 0 <strong>and</strong> 1 risk categories<br />
1. Certainty through Advice Law Interpretation<br />
2. Certainty through Litigation<br />
ER-11<br />
Policy Advice & Design<br />
1. Assist Law Development<br />
ER-15<br />
2. Administrative Design<br />
Business Reporting Services<br />
1. Australian Business Register ER-02<br />
2. St<strong>and</strong>ard Business Reporting<br />
Rating risk<br />
1. Income Tax<br />
2. GST<br />
3. Superannuation<br />
4. Excise<br />
1. Tax Crime<br />
2. ATP<br />
3. Cash Economy<br />
Tax & Super Compliance<br />
ER-18<br />
Major Tax Integrity Threats<br />
ER-13<br />
Other<br />
Business<br />
Tax & Super<br />
Administration<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Transfers Compliance<br />
ER-21<br />
Stakeholder<br />
Engagement<br />
1. Grants<br />
1. Work Allocation<br />
2. Benefits<br />
2. Returns Processing<br />
3. <strong>of</strong>fsets<br />
3. Refunds Processing<br />
4. Debt Management<br />
Product & Payment Processing 5. Call Centres<br />
6. Client Registrations<br />
ER-16<br />
1. Revenue Tracking<br />
2. Liabilities Raised<br />
3. Payment Compliance<br />
Tax Revenue<br />
ER-19<br />
Community Engagement<br />
ER-04<br />
1. Large<br />
2. SM&E<br />
3. Micro<br />
4. Individuals<br />
5. Govt / NFP<br />
6. Tax & BAS Agents<br />
1. Client Service<br />
2. Channel Management<br />
Client Experience 3. Compliance Cost (exc Lge Busi<br />
ER-03<br />
4. Compliance Cost<br />
1. Ministers<br />
2. Treasury<br />
3. States<br />
Government Engagement<br />
4. External Scrutineers<br />
ER-09<br />
5. Other Aust Agencies<br />
6. International<br />
Valuation Services<br />
1. Valuations ER-22<br />
Business Continuity<br />
1. Policy & Planning<br />
2. Oversight<br />
Governance 3. Reputation Management<br />
1. Business Continuity ER-01<br />
Enabling Capabilities<br />
ER-08 4. Risk Management<br />
5. Regulatory Compliance<br />
6. Assurance<br />
Enterprise Change<br />
1. Change Program ER-05<br />
2. Other Projects<br />
7. Internal Fraud<br />
<strong>Finance</strong> 1. Budget<br />
2. Account<br />
ER-07 3. Transact<br />
4. Procure<br />
Technology<br />
1. Invest ER-20<br />
2. Change<br />
5. Contract & Outsource<br />
People<br />
1. Retain<br />
ER-14 2. Develop<br />
3. Sustain Knowledge<br />
ER-10<br />
1. In<strong>for</strong>mation Management<br />
2. Knowledge Sharing Security & Privacy<br />
3. Engage<br />
Facilities 4. Environment<br />
ER-06<br />
5. Ethics & Values<br />
Legal Support 1. Accommodation<br />
1. People<br />
2. Physical<br />
3. Technology<br />
4. In<strong>for</strong>mation<br />
5. Privacy<br />
ER-17 ER-12<br />
1. Advise<br />
2. Defend<br />
3. Litigate<br />
2. Maintenance<br />
3. Environmental Management<br />
The ATO recognises that risk management occurs at all levels <strong>of</strong> decision-making. Through the use <strong>of</strong> risk<br />
matrices that vary in complexity, risks can be defined, rated <strong>and</strong> managed at the enterprise, operational <strong>and</strong><br />
tactical levels, with varying levels <strong>of</strong> ef<strong>for</strong>t. This ensures a more cost effective use <strong>of</strong> resources, by spending less<br />
time on simple risks <strong>and</strong> more on complex <strong>and</strong> important risk decisions.<br />
Tailored consequence criteria<br />
Complementing the ATO’s risk rating matrices are tailored consequence criteria <strong>for</strong> each <strong>of</strong> the 22 risk categories.<br />
These consequence criteria allow accurate articulation <strong>of</strong> risk tolerances <strong>and</strong> there<strong>for</strong>e accurate rating <strong>of</strong> the<br />
ATO’s risks.<br />
The ATO’s Enterprise Risk Management approach provides:<br />
• A framework to categorise, manage <strong>and</strong> report all risks in a consistent <strong>and</strong> systematic way irrespective <strong>of</strong><br />
organisational structures.<br />
• Minimal overlap <strong>of</strong> risks by organising risks into ‘pools’ under the risk categories.<br />
• Cost effective use <strong>of</strong> resources, focusing resources on the higher priority risks <strong>and</strong> less on risks within tolerance.<br />
• A mechanism <strong>for</strong> escalating knowledge gained from intelligence activities to risk owners <strong>for</strong> quick action.<br />
• A system view <strong>of</strong> risks, including how risks may drive <strong>and</strong> impact each other.<br />
• A vehicle to integrate specialist risks such as tax technical decision-making, OH&S, business continuity <strong>and</strong><br />
security.<br />
• A map <strong>of</strong> risk events from drivers through to business impact.<br />
• A visual reminder that each category <strong>of</strong> identified risk requires consideration.
Accountability <strong>and</strong> responsibility<br />
The ATO’s enterprise-wide risk management system hinges on everyone in the organisation—from senior leaders<br />
to individual employees—being accountable <strong>and</strong> responsible <strong>for</strong> risk.<br />
Second Commissioners are Portfolio Risk Leaders <strong>and</strong>:<br />
• Oversee <strong>and</strong> resolve issues across a portfolio <strong>of</strong> enterprise risks.<br />
• Emphasise the importance <strong>of</strong>, <strong>and</strong> embed risk management into, governance activities, planning, resource<br />
allocation, <strong>and</strong> reporting.<br />
• Instigate independent risk assessments.<br />
Accountability <strong>for</strong> specific enterprise risks rests with the Enterprise Risk Owners. These people are typically Deputy<br />
Commissioners (Senior Executive Service B<strong>and</strong> 2). By making risk categories independent <strong>of</strong> organisational<br />
structures, the ATO has enabled a more flexible approach to managing risks <strong>and</strong> provided an end-to-end view <strong>of</strong><br />
them. This encourages greater communication between risk owners <strong>and</strong> risk managers across the agency <strong>and</strong><br />
has led to a more considered, consistent <strong>and</strong> integrated approach to risk management.<br />
Risk managers are appointed to specific risk areas. They are responsible <strong>for</strong> implementing risk treatments,<br />
identifying <strong>and</strong> assessing risks <strong>and</strong> the effectiveness <strong>of</strong> controls, <strong>and</strong> providing advice to enterprise risk owners on<br />
the status <strong>of</strong> operational risks within their categories.<br />
All employees play a role in managing risks, <strong>and</strong> some have specific risk responsibilities.<br />
Overarching these specific day-to-day responsibilities is the Chief Knowledge Officer, who is <strong>for</strong>mally accountable<br />
as the capability leader <strong>for</strong> risk management practice within the ATO. This Officer receives advice on the agency’s<br />
risk management capability from the Risk <strong>and</strong> Intelligence Forum, which is made up <strong>of</strong> SES (B<strong>and</strong> 1) <strong>of</strong>ficers. And<br />
finally, the ATO’s Audit Committee oversees internal governance <strong>and</strong> assurance policy to monitor <strong>and</strong> evaluate<br />
internal controls, including risk management.<br />
Integrating risk management into business<br />
Consideration <strong>of</strong> enterprise risks is incorporated into the ATO’s annual planning, budgeting <strong>and</strong> review processes,<br />
ensuring considerations <strong>of</strong> priority <strong>and</strong> resource allocation are made <strong>for</strong> the management <strong>of</strong> the risks. The<br />
enterprise risk categories ensure that this process is deliberate in encompassing the range <strong>of</strong> corporate risks.<br />
The ATO has developed a one-stop shop approach to storing <strong>and</strong> managing risk in<strong>for</strong>mation.<br />
Built on Micros<strong>of</strong>t SharePoint, the new Enterprise Risk Register is an active real-time resource <strong>for</strong> all providers <strong>and</strong><br />
users <strong>of</strong> risk in<strong>for</strong>mation. It is a collaborative plat<strong>for</strong>m that allows multiple perspectives <strong>and</strong> integration with risk<br />
assessments <strong>and</strong> related records.<br />
The Register is structured around ATO risk categories <strong>and</strong> features:<br />
• Central <strong>and</strong> accessible recording <strong>of</strong> all enterprise <strong>and</strong> operational risks—mapped to the risk category.<br />
• Identification <strong>of</strong> major risk interdependencies, similarities in risks but different approaches to treatments, <strong>and</strong><br />
potential duplication <strong>of</strong> risks <strong>and</strong> some potential risk gaps.<br />
• Search function, reporting function, announcements <strong>and</strong> alerts.<br />
• Storage <strong>of</strong> supporting reports.<br />
Resourcing<br />
A small corporate risk team manages <strong>and</strong> guides the implementation <strong>of</strong> enterprise risk management. This<br />
includes developing risk policy, procedures <strong>and</strong> support tools, developing <strong>and</strong> implementing the risk register,<br />
collaborating with learning <strong>and</strong> development pr<strong>of</strong>essionals in risk training product development, delivering risk<br />
training <strong>and</strong> providing ongoing advice <strong>and</strong> guidance on risk matters.<br />
At an operational level risk committees review risk assessments, including new <strong>and</strong> emerging ones, relevant to<br />
their role <strong>and</strong> specific areas <strong>of</strong> responsibility.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Enterprise-Wide Risk Management Category – Highly Commended – ATO<br />
9
Enterprise-Wide Risk Management Category – Highly Commended – ATO<br />
10<br />
At an enterprise-wide level, enterprise risk owners identify the most significant risks (including emerging ones)<br />
<strong>and</strong> these are considered in corporate <strong>for</strong>ums. Discussion <strong>of</strong> these risks builds a wider underst<strong>and</strong>ing across the<br />
senior leadership group <strong>of</strong> the risk l<strong>and</strong>scape <strong>and</strong> systemic shifts or trends.<br />
The ATO Risk <strong>and</strong> Intelligence Forum brings together leaders with a risk management focus from across the<br />
organisation to consider aspects <strong>of</strong> risk management capability, including levels <strong>of</strong> resourcing, training needs, any<br />
capability gaps as well as recruitment opportunities. This <strong>for</strong>um has been instrumental in improving in<strong>for</strong>mation<br />
sharing <strong>and</strong> consistency in how risk management is applied across the organisation.<br />
Communication <strong>and</strong> training<br />
The development <strong>of</strong> specific job pr<strong>of</strong>iles, a tailored learning <strong>and</strong> development curriculum <strong>and</strong> learning pathway<br />
<strong>for</strong> risk roles, provides the basis <strong>for</strong> recognising <strong>and</strong> developing the competence <strong>of</strong> specialist risk capabilities.<br />
In addition, the ATO identifies both in its policy <strong>and</strong> through individual employee roles, that managing risk is<br />
everyone’s responsibility.<br />
Risk training courses recognise the various levels <strong>of</strong> risk capability required. New ATO employees receive a specific<br />
risk module as part <strong>of</strong> their induction. In addition, a further basic e-learning package is available <strong>for</strong> all staff.<br />
More specialised training—from basic to advanced—is available using a variety <strong>of</strong> learning methods <strong>and</strong> is<br />
delivered by risk experts.<br />
Risk in<strong>for</strong>mation is communicated agency wide via an intranet, the staff bulletin, <strong>and</strong> in a monthly newsletter <strong>for</strong><br />
risk specialists. Monthly meetings are also held <strong>for</strong> all Enterprise Risk Owner contacts to discuss practical issues<br />
<strong>and</strong> any lessons learned.<br />
Meanwhile SMS messaging is used to keep managers apprised <strong>of</strong> critical incidents with impacted staff updated<br />
through email. Employees working on longer-term mitigation strategies are in<strong>for</strong>med through business<br />
reporting.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
<strong>Department</strong> <strong>of</strong> Immigration <strong>and</strong> Citizenship<br />
Honourable Mention<br />
Overview<br />
In October 2009 the Secretary <strong>of</strong> the <strong>Department</strong> <strong>of</strong> Immigration <strong>and</strong> Citizenship (DIAC), Andrew Metcalfe,<br />
announced he had set a challenge: to make the <strong>Department</strong> the best immigration <strong>and</strong> citizenship agency in the<br />
world. He wanted to make sure the agency could compete in global markets <strong>and</strong> attract the best migrants <strong>and</strong><br />
skilled workers Australia needs.<br />
As a result, the <strong>Department</strong> commissioned a complete review <strong>of</strong> its organisational structure <strong>and</strong> operations.<br />
The enterprise-wide risk management framework that was developed from this challenge has had a huge impact<br />
on how the agency conducts its business. Key outcomes include:<br />
• Major structural changes that have improved accountability.<br />
• Rollout <strong>of</strong> the Global Manager has increased focus on per<strong>for</strong>mance in the client service network, <strong>and</strong> delivered<br />
improvements in service delivery.<br />
• Work placement changes <strong>and</strong> improvements to service channels.<br />
• Greater focus on operational <strong>and</strong> strategic risks.<br />
• Improved quality <strong>and</strong> per<strong>for</strong>mance <strong>of</strong> internal business services.<br />
• Plans are being developed to simplify visas.<br />
The Risk Management Framework—creating the foundation to effectively manage risk<br />
DIAC’s trans<strong>for</strong>mation process has been translated into an enterprise-wide risk management system that serves<br />
a complex organisation. This system is based on three principles:<br />
• Strategic <strong>and</strong> Tactical Risk Map.<br />
• Risk Triangle (operationally focused).<br />
• Risk Appetite.<br />
Senior executive <strong>of</strong>ficers were involved in the review <strong>of</strong> the risk management processes, procedures <strong>and</strong><br />
documentation, <strong>and</strong> endorsed the embedding <strong>of</strong> risk management into the agency’s daily activities. This ensured<br />
the creation <strong>of</strong> sound strategic planning, decision-making <strong>and</strong> accountability, <strong>and</strong> also identified the agency’s risk<br />
appetite.<br />
Identifying executive staff as risk champions <strong>and</strong> giving them risk responsibilities was fundamental to ensuring a<br />
sound enterprise-wide risk management framework.<br />
Risk, Fraud <strong>and</strong> Integrity Division<br />
A Risk, Fraud <strong>and</strong> Integrity Division (RFID) was established just over a year ago as a result <strong>of</strong> the trans<strong>for</strong>mation.<br />
RFID has over 245 staff providing specialised risk <strong>and</strong> fraud services across the <strong>Department</strong>’s business functions.<br />
The division consists <strong>of</strong> a diverse range <strong>of</strong> integrity <strong>and</strong> risk-related areas that had previously been dispersed<br />
throughout the <strong>Department</strong>. It brought all these related areas together in a bid to centralise, enhance <strong>and</strong><br />
streamline risk <strong>and</strong> integrity-related functions.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Enterprise-Wide Risk Management Category – Honourable Mention – DIAC<br />
11
Enterprise-Wide Risk Management Category – Honourable Mention – DIAC<br />
12<br />
RFID gives the <strong>Department</strong> intelligence <strong>and</strong> analytical capabilities to address <strong>and</strong> to respond to existing risk,<br />
including risks that have, traditionally, not been visible. It is continuing to deploy new approaches, techniques <strong>and</strong><br />
tools that build on past experience, recognise the current environment, anticipate the future <strong>and</strong> prepare DIAC to<br />
manage emerging risks.<br />
In other initiatives, a recent collaboration involving Detention Services, RFID <strong>and</strong> PriceWaterhouse Coopers,<br />
developed an overarching risk assessment <strong>for</strong> managing the Detention Services Contract nationally, <strong>and</strong> a suite <strong>of</strong><br />
site-specific assessments <strong>and</strong> quality assurance programs at each Immigration Detention Centre <strong>and</strong> facility.<br />
This work is significant because it helps DIAC manage its critical strategic risk as it relates to the management <strong>of</strong><br />
irregular maritime arrivals.<br />
DIAC Strategic Plan<br />
Divisional<br />
Business Plans<br />
Service Delivery<br />
Network Plans,<br />
Branch <strong>and</strong> Section<br />
Business Plans<br />
Implementing strategies, plans <strong>and</strong> processes<br />
DIAC<br />
Risk Management Plan Hierarchy<br />
Strategic<br />
Risk<br />
DIAC Strategic Risk Map<br />
Tactical Risk<br />
Division Risk Management Plans<br />
Operational Risk<br />
Risk Plans:<br />
Service Delivery Network + Branch + Section + One-<strong>of</strong>f (e.g new<br />
contract, project etc.)<br />
DIAC Risk Management Framework<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
DIAC Strategic<br />
Priorities<br />
DIAC Outcomes<br />
DIAC Programs <strong>and</strong><br />
Policies<br />
Contracts, Projects,<br />
Business as Usual<br />
DIAC has automated its risk assessment tools <strong>and</strong> linked them to strategic <strong>and</strong> tactical risks, which generate ‘heat<br />
maps’ <strong>for</strong> both strategic <strong>and</strong> program specific purposes. These maps are easily read <strong>and</strong> understood, <strong>and</strong> allow<br />
executive staff to quickly identify emerging <strong>and</strong> ongoing risk issues as well as identifying gaps in the risk matrix.<br />
This signifies a much improved analysis <strong>of</strong> data generated from completed risk assessments.<br />
In addition, a Risk Management Helpdesk was created <strong>and</strong> operates from the RFID. It provides both <strong>for</strong>mal <strong>and</strong><br />
ad hoc risk advice to the agency.<br />
DIAC’s framework gives its stakeholders, staff, contractors <strong>and</strong> ministers assurance that risks, including business<br />
continuity <strong>and</strong> monitoring arrivals, are being managed.<br />
The agency is working to integrate risk management processes into its daily activities.
Communication <strong>and</strong> training<br />
To support <strong>and</strong> help staff underst<strong>and</strong> their risk management responsibilities <strong>and</strong> departmental processes, a Risk<br />
Management Helpdesk was set up within the RFID. It accesses specialist risk expertise <strong>and</strong> provides advice to all<br />
areas within the department. The Helpdesk plays three roles:<br />
• Identifies risks within programs <strong>and</strong> projects.<br />
• Tailors risk <strong>and</strong> fraud training to individual areas.<br />
• Provides general ad hoc in<strong>for</strong>mation about risk management.<br />
To further communicate <strong>and</strong> provide training to staff, risk management <strong>and</strong> fraud training is <strong>for</strong>mally<br />
incorporated into the following training courses: induction, executive level, overseas preparation <strong>and</strong> compliance<br />
<strong>of</strong>ficer. As part <strong>of</strong> the induction process, new staff must complete the risk management <strong>and</strong> fraud awareness<br />
e-learning courses. These are now m<strong>and</strong>atory <strong>for</strong> all staff entering the <strong>Department</strong>, regardless <strong>of</strong> level.<br />
In addition, all staff must now complete the fraud awareness e-learning course every two years.<br />
DIAC risk specialists have developed a number <strong>of</strong> governance-themed online learning courses, such as Values <strong>and</strong><br />
Conduct, Business Continuity <strong>and</strong> Quality Assurance, <strong>for</strong> departmental staff. These link to the risk management<br />
e-learning course as a pre-requisite, ensuring risk definition, methodology, accountability <strong>and</strong> measures are being<br />
consistently used throughout the department.<br />
To support <strong>and</strong> complement risk management training, a reference suite <strong>of</strong> documents has been developed<br />
to guide staff. These reference <strong>and</strong> training materials provide advice to staff on underst<strong>and</strong>ing DIAC’s risk<br />
management processes, completing the risk assessment template, <strong>and</strong> underst<strong>and</strong>ing their responsibilities <strong>for</strong><br />
actively managing the risks that fall within their area <strong>of</strong> responsibility.<br />
To make sure pr<strong>of</strong>iling <strong>and</strong> reporting <strong>of</strong> risk is effective, the <strong>Department</strong> has created a Central Risk Register. This is<br />
developed each year <strong>and</strong> is a record <strong>of</strong> all the risks identified across agency risk management plans.<br />
Risk reporting<br />
One <strong>of</strong> the first tools instigated by the RFID, over 12 months ago, was integrity scans <strong>of</strong> major departmental<br />
programs. These have had a great impact on identifying risks, proposed risk owners <strong>and</strong> risk treatment owners,<br />
<strong>and</strong> have been well received by important stakeholders across the <strong>Department</strong>.<br />
A summary report <strong>of</strong> integrity scans is provided to the <strong>Department</strong>al Executive Committee on a monthly basis.<br />
This monitors the <strong>Department</strong>’s progress in addressing concerns raised. Critical to the success <strong>of</strong> the process is<br />
obtaining agreement between the risk owner <strong>and</strong> the risk treatment owner on a course <strong>of</strong> action to mitigate any<br />
identified risk.<br />
Risk analysis <strong>and</strong> reporting is embedded in the governance structure <strong>of</strong> the <strong>Department</strong>al Audit Committee<br />
(DAC), by requiring all DAC reports to include comments on key risks <strong>and</strong> mitigation strategies. A rolling agenda <strong>of</strong><br />
items focussing on strategic, tactical <strong>and</strong> operational risk issues is also discussed <strong>and</strong> reviewed by the DAC.<br />
Business continuity<br />
The <strong>Department</strong> has a robust business continuity program, which is overseen by the <strong>Department</strong>al Audit<br />
Committee <strong>and</strong> <strong>Department</strong>al Executive Committee.<br />
Each <strong>of</strong> the <strong>Department</strong>’s 66 overseas posts has a business continuity plan (linked to the <strong>Department</strong> <strong>of</strong> Foreign<br />
Affairs <strong>and</strong> Trade plan at each Post). In addition there are 68 business continuity plans <strong>for</strong> onshore facilities <strong>and</strong><br />
discreet work areas within the National Office structure; these include plans <strong>for</strong> each immigration detention<br />
facility, DIAC staff located at airports <strong>and</strong> state <strong>and</strong> territory <strong>of</strong>fices.<br />
The <strong>Department</strong>’s business continuity program is an integral aspect <strong>of</strong> sound risk management. The<br />
identification <strong>of</strong> critical business functions is via a risk-based business impact analysis. This analysis considers<br />
the possible duration <strong>of</strong> business interruptions <strong>and</strong> what impacts they might have on each business area <strong>and</strong><br />
the business objectives <strong>of</strong> the <strong>Department</strong> as a whole.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Enterprise-Wide Risk Management Category – Honourable Mention – DIAC<br />
13
Enterprise-Wide Risk Management Category – Honourable Mention – DIAC<br />
14<br />
Underst<strong>and</strong>ing the need <strong>for</strong> business continuity plans within the <strong>Department</strong> is growing, particularly after the<br />
recent experiences in the Queensl<strong>and</strong> floods, the North Queensl<strong>and</strong> <strong>and</strong> Northern Territory cyclones, <strong>and</strong> damage<br />
to detention facilities due to rioting. In addition, a number <strong>of</strong> <strong>of</strong>fshore posts have utilised their plans in response<br />
to civil unrest, bombings <strong>and</strong>/or other major security situations.<br />
The agency’s business continuity contingency philosophy led to it setting up an Incident Response Unit. This<br />
coordinates DIAC’s ef<strong>for</strong>ts in whole-<strong>of</strong>-government response situations such as those that recently occurred in<br />
Christchurch, Cairo, Sendai <strong>and</strong> Libya.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
<strong>Department</strong> <strong>of</strong> Human Services<br />
Honourable Mention<br />
Overview<br />
When major agencies are amalgamated, a key issue is how to reconcile various risk management frameworks<br />
<strong>and</strong> create one new, overarching one. Questions that have to be answered include what are the benefits <strong>of</strong> the<br />
current risk frameworks, what is the breadth <strong>of</strong> work the new department will undertake <strong>and</strong> how might risk<br />
translate into such an organisation?<br />
These were the issues the <strong>Department</strong> <strong>of</strong> Human Services (DHS) had to tackle when on 1 July 2011, the merger<br />
<strong>of</strong> Medicare Australia, Centrelink, DHS <strong>and</strong> the Commonwealth Rehabilitation Service Australia was completed.<br />
(The integration <strong>of</strong> the portfolio agencies started in October 2004, <strong>and</strong> more recently, the melding <strong>of</strong> the<br />
agencies into one department was managed through a service delivery re<strong>for</strong>m agenda.)<br />
The consolidation <strong>of</strong> risk management was a vital issue in the amalgamation, as it impacted on all areas <strong>of</strong> the<br />
new agency. Throughout the process, it was important the agency not only defined its new risk culture <strong>and</strong><br />
appetite, but also incorporated the best <strong>of</strong> each agencies individual risk management frameworks into the new<br />
enterprise-wide one.<br />
The Risk Management Framework—creating the foundation to effectively manage risk<br />
The DHS amalgamation affected 38 000 people. Previously each agency had a chief executive <strong>of</strong>ficer <strong>and</strong> its own<br />
risk management framework that managed enterprise-wide risks differently.<br />
The first 12 months saw a melding process with the Executive looking <strong>for</strong>ward <strong>and</strong> shaping enterprise risks.<br />
Creating a new enterprise risk model<br />
An enterprise risk model was developed to underst<strong>and</strong> the new <strong>Department</strong>’s risk pr<strong>of</strong>ile <strong>and</strong> review the risks<br />
<strong>of</strong> individual agencies. This model included a set <strong>of</strong> high-level risk categories that described key facets <strong>of</strong> the<br />
business. Within each <strong>of</strong> these, a set <strong>of</strong> sub-categories was developed that refined the given risks. This risk<br />
categorisation model allowed the <strong>Department</strong> to easily capture in<strong>for</strong>mation about its risk distribution against<br />
important business categories.<br />
The <strong>Department</strong> uses an internally developed st<strong>and</strong>ard risk template to identify, capture <strong>and</strong> plan <strong>for</strong> how risks<br />
will be managed. This makes sure all business units apply a consistent level <strong>of</strong> discipline to their risk assessments.<br />
It also streamlines the collation <strong>of</strong> risks at an organisational level <strong>and</strong> allows <strong>for</strong> measurement <strong>and</strong> comparison <strong>of</strong><br />
similar risks.<br />
This approach makes sure risk accountability is embedded into every day program delivery. In addition, individuals<br />
have been identified as responsible <strong>for</strong> strategic risks. The elements <strong>of</strong> managing risk in the new department are<br />
evolving with the basic elements working together. Chief Executive’s Instructions issued on 1 July 2011 refer to the<br />
management <strong>of</strong> risk.<br />
While it is an ongoing process, a risk appetite has been created <strong>for</strong> the new department with identified<br />
boundaries <strong>and</strong> residual risks. As the <strong>Department</strong> continues to take on additional responsibilities, so this process<br />
will continue to evolve.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Enterprise-Wide Risk Management Category – Honourable Mention – DHS<br />
15
Enterprise-Wide Risk Management Category – Honourable Mention – DAFF<br />
16<br />
Implementing strategies, plans <strong>and</strong> processes<br />
The <strong>Department</strong> is still in the early stages <strong>of</strong> developing communication <strong>and</strong> education strategies. To make<br />
sure staff are equipped to identify <strong>and</strong> manage the risks associated with the new department, the <strong>Department</strong><br />
asks all workshop attendees to have carried out a risk assessment be<strong>for</strong>e attending courses. This is designed to<br />
increase their learning during the course.<br />
The Secretary is actively involved in strategic planning, is looking <strong>for</strong> best practice <strong>and</strong> is actively engaged in<br />
managing risk. The agency has identified the need <strong>for</strong> a consistent risk management process across the new<br />
department <strong>and</strong> draws on best practice to ensure acceptance across the different business areas.<br />
New risk management team<br />
Central to the <strong>Department</strong>’s risk management strategy is a dedicated risk management team. This team is<br />
responsible <strong>for</strong> maintaining the quality <strong>of</strong> the risk framework <strong>and</strong> policy <strong>and</strong> supports business units <strong>and</strong><br />
individuals.<br />
The team visits business units throughout the year to discuss, educate <strong>and</strong> deliver presentations on current risk<br />
issues. Project managers receive training in effective risk management <strong>and</strong> new starters are introduced to the<br />
<strong>Department</strong>’s risk processes <strong>and</strong> resources as part <strong>of</strong> their induction.<br />
A set <strong>of</strong> resources is available to all employees <strong>and</strong> includes:<br />
• Comprehensive intranet site, containing all risk documentation.<br />
• Templates providing st<strong>and</strong>ard base requirements <strong>for</strong> risk plans <strong>and</strong> assessment.<br />
• Support covering all aspects <strong>of</strong> the risk assessment <strong>and</strong> management process.<br />
• Access to advice <strong>and</strong> or help on planning <strong>and</strong> running risk workshops.<br />
Specialist risk teams<br />
Specialist risk activity attracts dedicated resources in the <strong>Department</strong>. For example, the ICT group maintains its<br />
own specialist risk team. The <strong>Department</strong>’s ICT arm accounts <strong>for</strong> considerable budget expenditure <strong>and</strong> outcomes<br />
<strong>and</strong> manages a diverse technology framework unparalleled in federal government.<br />
Each <strong>of</strong> the specialist risk teams works in concert with the <strong>Department</strong>’s risk management team. This provides<br />
assurance that risk activity remains consistent <strong>and</strong> in accordance with departmental policy objectives.<br />
Business units responsible <strong>for</strong> managing risk<br />
All business units in the <strong>Department</strong> are required to take responsibility <strong>for</strong> managing risks. This is designed to<br />
achieve two things: that business experts are assessing those risks most relevant to the delivery <strong>of</strong> services; <strong>and</strong><br />
reducing the risk associated with concentrating expertise in any single location.<br />
This model also allows business units to make tactical decisions in a controlled manner within an enterprise<br />
framework based on their expertise <strong>and</strong> the support <strong>of</strong> the <strong>Department</strong>’s risk appetite <strong>and</strong> culture.<br />
Overall, in a relatively short time, DHS has built the basic building blocks in its risk management framework, <strong>and</strong><br />
just needs time to establish the framework across the whole <strong>Department</strong>.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
Business continuity<br />
Supporting the <strong>Department</strong>’s risk management capability is the development <strong>of</strong> a comprehensive business<br />
continuity approach.<br />
The <strong>Department</strong> is <strong>of</strong>ten asked to respond, on behalf <strong>of</strong> government, to significant domestic <strong>and</strong> international<br />
emergencies. Often it is responding to natural disasters <strong>and</strong> providing on-the-ground resources <strong>for</strong> government,<br />
while simultaneously managing the recovery <strong>of</strong> its own infrastructure <strong>and</strong> resources. It had to do this, <strong>for</strong><br />
example, during Cyclone Yasi <strong>and</strong> the Queensl<strong>and</strong> <strong>and</strong> New South Wales floods <strong>of</strong> January 2011.<br />
To maintain ‘business as usual’ while also dedicating resources to an emergency, the <strong>Department</strong> relies on a<br />
strong business continuity model that can be started quickly.<br />
To make sure it is able to function effectively during service disruptions, the <strong>Department</strong> regularly tests its<br />
response capability. This testing includes mock disasters, technical recovery exercises, <strong>of</strong>f-site rehearsals <strong>and</strong><br />
desktop assessments.<br />
The introduction <strong>of</strong> sample desktop reviews <strong>for</strong> business, risk <strong>and</strong> business continuity plans was premised on<br />
improving the quality <strong>of</strong> the planning <strong>and</strong> providing consistency <strong>for</strong> the framework.<br />
Results<br />
There are two particularly noteworthy results from DHS’s new approach to risk management.<br />
In early 2010, a decision was taken to integrate risk, business continuity <strong>and</strong> business planning <strong>for</strong> all portfolio<br />
agencies, in anticipation <strong>of</strong> the new department coming into existence in 2011. This presented an opportunity to<br />
refocus the <strong>Department</strong>’s attention on these business functions.<br />
The second result stems from the <strong>Department</strong>’s response to a series <strong>of</strong> significant emergencies in early 2011,<br />
which demonstrated the resilience built into the new risk <strong>and</strong> business continuity frameworks.<br />
The coincidence <strong>of</strong> multiple major disasters in 2011 provided a new challenge to the agency’s risk <strong>and</strong> business<br />
continuity planning.<br />
The response to these emergencies was refined following the disasters <strong>and</strong> in<strong>for</strong>med the new framework be<strong>for</strong>e<br />
it was implemented department-wide.<br />
Focus going <strong>for</strong>ward<br />
The focus <strong>for</strong> DHS over the next 12 months is the evolution <strong>of</strong> its strategic direction, engaging the Executive to<br />
consider strategic risks, developing strategic reporting processes <strong>and</strong> focusing on emerging risks. Ef<strong>for</strong>t will also<br />
continue in the adoption <strong>of</strong> best practice where appropriate, simplifying processes <strong>and</strong> embedding a culture <strong>of</strong><br />
risk in a maturing department.<br />
The <strong>Department</strong> is measuring its approach to managing risk across the agency by reviewing its strategic<br />
processes <strong>and</strong> monitoring its outcomes.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Enterprise-Wide Risk Management Category – Honourable Mention – DHS<br />
17
18<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
RISK INITIATIVE CATEGORY<br />
Winner Australian Taxation Office<br />
Highly Commended <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (Asian Gypsy Moth)<br />
Highly Commended Australian Maritime Safety Authority<br />
Highly Commended Bureau <strong>of</strong> Meteorology<br />
Honourable Mention <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (Aquatic Animal Health)<br />
Honourable Mention Australian Customs <strong>and</strong> Border Protection Service
Risk Initiative Category – Winner – ATO<br />
20<br />
Australian Taxation Office<br />
Winner<br />
Overview<br />
The Australian Taxation Office (ATO) has the important responsibility on behalf <strong>of</strong> the community <strong>for</strong> the care <strong>of</strong><br />
Australia’s tax <strong>and</strong> superannuation systems <strong>and</strong> the Australian Business Register. These systems fund the public<br />
goods <strong>and</strong> services that give effect to economic <strong>and</strong> social policies <strong>and</strong> Australia’s superannuation system helps<br />
secure retirement income <strong>for</strong> Australians.<br />
The ATO’s vision is that “Australians value their tax <strong>and</strong> superannuation systems as community assets, where<br />
willing <strong>and</strong> proper participation are recognised as good citizenship.”<br />
Most Australians demonstrate high levels <strong>of</strong> willing participation <strong>and</strong> in 2010-2011, the ATO collected almost<br />
$273bn on behalf <strong>of</strong> the community, the vast majority <strong>of</strong> it without any direct intervention by the ATO. However,<br />
this does not tell the whole story. The ATO also needs to know its various compliance activities are having<br />
a positive impact on the compliance behavior <strong>of</strong> those who don’t willingly participate in the system while<br />
maintaining the support <strong>of</strong> those that do, by demonstrating it is effective in maintaining a level playing field <strong>for</strong><br />
the whole community.<br />
The ATO has developed <strong>and</strong> implemented its own methodology that embeds evaluation as ‘business as usual’<br />
<strong>for</strong> tax risk managers. The Compliance Effectiveness Methodology facilitates the evaluation <strong>of</strong> compliance<br />
strategies to determine whether they have changed behavior in a sustainable way, <strong>and</strong> it provides a framework<br />
<strong>for</strong> continuous improvement as they learn what works <strong>and</strong> what doesn’t.<br />
The Organisation <strong>for</strong> Economic <strong>and</strong> Cultural Development (OECD) has adopted the methodology on the basis<br />
it is innovative <strong>and</strong> pioneering <strong>and</strong> addresses a critical gap in practical guidance <strong>for</strong> member revenue bodies.<br />
Compliance effectiveness methodology<br />
Traditionally, the ATO had concentrated on measuring the efficiency <strong>of</strong> its programs but had not had a clear<br />
picture <strong>of</strong> its effectiveness, that is, the extent to which its intended outcomes were, or were not, being achieved.<br />
In 2006 the ATO Executive recognised the need <strong>for</strong> a consistent <strong>and</strong> robust process or methodology that would<br />
support the systemic evaluation <strong>of</strong> ATO effectiveness, leading to improved decision making, choice <strong>of</strong> treatment<br />
strategies <strong>and</strong> resource allocation.<br />
Developing the methodology involved a thorough stocktake <strong>of</strong> the per<strong>for</strong>mance indicators used at the ATO, an<br />
extensive review <strong>of</strong> literature on effectiveness <strong>and</strong> a collaborative, consultative <strong>and</strong> co-designed approach to<br />
creating a conceptual framework.<br />
Using the key insights developed through these processes, the ATO converted the conceptual framework into a<br />
series <strong>of</strong> practical steps to be applied by compliance risk managers to support:<br />
• Development <strong>of</strong> strategies that are aligned with the ATO’s strategic direction.<br />
• Definition <strong>of</strong> intended outcomes <strong>and</strong> success goals.<br />
Australian Government<br />
Australian Taxation Office<br />
• Development <strong>of</strong> indicators which <strong>for</strong>m the basis <strong>for</strong> evaluating whether the intended outcomes had<br />
been achieved.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
The Compliance Effectiveness Methodology has four distinct phases, each <strong>of</strong> which has a specific focus.<br />
Phase 1 is about underst<strong>and</strong>ing <strong>and</strong> articulating the compliance risk <strong>and</strong> ensuring the risk focus is aligned with<br />
the ATO’s strategic goals.<br />
Phase 2 is about clearly articulating the outcomes to be achieved by treating the risk; specifying the success goals<br />
or what change it wants to see occur; <strong>and</strong> developing the treatment strategy that will meet those goals <strong>and</strong><br />
achieve the intended outcome.<br />
Phase 3 is about identifying the indicators that will reveal if the intended outcomes have been achieved.<br />
Phase 4 is about measuring <strong>and</strong> interpreting those indicators, evaluating whether the intended outcomes have<br />
been achieved, assessing what has been learned <strong>and</strong> reviewing <strong>and</strong> revising future approaches.<br />
FIGURE 1: ATO compliance effectiveness methodology<br />
Methodology <strong>for</strong> compliance <strong>of</strong>fi cers<br />
ATO compliance effectiveness methodology<br />
Phase 1<br />
Articulate risk<br />
Align with ATO business intent<br />
What are the<br />
behaviours <strong>and</strong><br />
drivers <strong>of</strong> the risk?<br />
How does our<br />
business intent<br />
translate into the<br />
context you’re<br />
working in?<br />
Who’s involved<br />
in the risk?<br />
What is the<br />
compliance risk to<br />
achieving the intent?<br />
CHECKPOINTS<br />
You should ensure that:<br />
■ the risk aligns to our<br />
business intent<br />
■ the risk adequately reflects<br />
the behaviours <strong>and</strong> drivers<br />
■ the risk is refined, concise <strong>and</strong><br />
not open to interpretation.<br />
MORE INFORMATION<br />
■ visit www.ato.gov.au/complianceeffectiveness<br />
Phase 2<br />
Define outcomes<br />
Develop strategies<br />
What strategies will<br />
you use to deliver<br />
these outcomes?<br />
Operationalising the methodology<br />
What outcomes<br />
are you seeking<br />
to achieve by<br />
addressing<br />
the risk?<br />
Who are your<br />
target groups?<br />
How do you defi ne<br />
success in terms <strong>of</strong><br />
more specifi c goals?<br />
CHECKPOINTS<br />
You should ensure that:<br />
■ the desired outcomes align to our<br />
business intent <strong>and</strong> the risk you<br />
have identified<br />
■ the overall desired outcomes<br />
are adequately covered by your<br />
specific (success) goals<br />
■ the strategies target participants<br />
<strong>of</strong> the risk <strong>and</strong> drivers <strong>of</strong> the<br />
behaviour<br />
■ the strategies address any<br />
unintended consequences.<br />
Phase 3<br />
Design indicators<br />
Which indicators<br />
are feasible?<br />
What are<br />
the potential<br />
indicators?<br />
Which <strong>of</strong> these<br />
indicators will paint<br />
a defensible picture?<br />
What is the description <strong>of</strong> the<br />
indicators <strong>and</strong> their purpose?<br />
CHECKPOINTS<br />
You should ensure that:<br />
■ each success goal can<br />
be measured <strong>and</strong> has<br />
a corresponding indicator<br />
(or suite <strong>of</strong> indicators)<br />
■ potential indicators are aligned<br />
with the success goals, desired<br />
outcomes <strong>and</strong> business intent<br />
■ indicators are viable <strong>and</strong> provide a<br />
balanced picture <strong>of</strong> per<strong>for</strong>mance<br />
■ both qualitative <strong>and</strong> quantitative<br />
in<strong>for</strong>mation is used.<br />
Phase 4<br />
Validate indicators<br />
Determine extent <strong>of</strong> effectiveness<br />
What are the<br />
indicators<br />
telling us?<br />
How will the<br />
evaluation be<br />
conducted?<br />
What’s our<br />
baseline?<br />
What data will be<br />
required <strong>and</strong> where<br />
will we get it?<br />
CHECKPOINTS<br />
You should ensure that:<br />
■ data exists, is available, or can<br />
be acquired at a reasonable cost<br />
■ we can explain how effective<br />
our compliance strategies have<br />
been – that is, the extent to<br />
which actual outcomes align<br />
with desired outcomes.<br />
NAT 72375-07.2008 [JS 11600]<br />
The ATO knew from its implementation risk assessment that its biggest hurdle in successfully implementing<br />
the methodology would be creating the necessary cultural shift away from measuring efficiency to measuring<br />
effectiveness. It knew cultural change would take time <strong>and</strong> would need to be actively supported to be successful.<br />
The project team responsible <strong>for</strong> implementing compliance effectiveness designed a comprehensive change<br />
management process, which included creating a number <strong>of</strong> key stakeholder <strong>for</strong>ums <strong>and</strong> groups. These allowed<br />
the project team to consult, collaborate <strong>and</strong> co-design with the Compliance Sub-plan business lines <strong>and</strong> relevant<br />
corporate areas.<br />
Training was provided <strong>for</strong> ATO risk owners, risk managers <strong>and</strong> facilitators. A helpdesk service was also established<br />
to provide ongoing guidance <strong>and</strong> support. Support products were developed to help people underst<strong>and</strong> the<br />
methodology <strong>and</strong> its application, including reference materials, a guide <strong>for</strong> facilitators <strong>and</strong> a practical workbook.<br />
Guidelines <strong>for</strong> data analysis <strong>and</strong> evaluation were also drafted along with templates to help align the intent,<br />
strategies <strong>and</strong> indicators, the validation <strong>of</strong> indicators <strong>and</strong> the measurement <strong>of</strong> effectiveness. Compliance<br />
effectiveness requirements were also integrated into existing ATO business processes, including project<br />
management, risk management, planning, governance <strong>and</strong> reporting.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Winner – ATO<br />
21
Risk Initiative Category – Winner – ATO<br />
22<br />
FIGURE 2: How compliance effectiveness is embedded within the ATO’s risk management framework.<br />
A reference group was created that included senior staff from across the agency. This has an ongoing steering<br />
role <strong>and</strong> disseminates in<strong>for</strong>mation <strong>and</strong> champions the value <strong>of</strong> measuring compliance effectiveness.<br />
The ATO’s Compliance Executive, led by the Second Commissioner, Compliance <strong>and</strong> comprising the Compliance<br />
Sub-plan Deputy Commissioners, is the primary governance body <strong>and</strong> assurance point <strong>for</strong> ATO Compliance<br />
Effectiveness.<br />
When the new compliance effectiveness framework was integrated into the relevant business lines <strong>and</strong><br />
products in mid 2009, the risk managers, who had proved invaluable in supporting the development <strong>and</strong><br />
integration <strong>of</strong> the compliance effectiveness methodology, became champions <strong>for</strong> effectiveness <strong>and</strong> were <strong>for</strong>med<br />
into a ‘community <strong>of</strong> practice’.<br />
A Compliance Effectiveness Centre <strong>of</strong> Expertise (CoE) was also created to provide expert guidance <strong>and</strong> support <strong>for</strong><br />
the new methodology. The CoE provides direct support <strong>and</strong> advice to risk managers.<br />
The CoE developed products to build skills <strong>and</strong> also identified a core group <strong>of</strong> risk managers who received specific<br />
training as facilitators. This capability was again <strong>for</strong>med into a ‘community <strong>of</strong> practice’ to help build the agency’s<br />
overall effectiveness capability <strong>and</strong> encourage knowledge sharing.<br />
The agency’s process testing, the development <strong>of</strong> good communication strategies <strong>and</strong> its stakeholder<br />
engagement demonstrated a mature <strong>and</strong> comprehensive change management approach.<br />
Benefits<br />
2011 marked the third year since the Compliance Effectiveness Methodology was transitioned to ‘business as<br />
usual’. While the ATO still has a lot to do to fully embed effectiveness in the day-to-day thinking <strong>and</strong> activities <strong>of</strong><br />
its people, it is already clear that it is better able to:<br />
• Define compliance behaviour <strong>and</strong> consider the drivers <strong>of</strong> that behaviour.<br />
• Describe desired outcomes from the outset.<br />
• Consult, collaborate <strong>and</strong> co-design strategies with relevant stakeholders.<br />
• Design indicators that will allow it to assess the effectiveness <strong>of</strong> its strategies.<br />
• Evaluate <strong>and</strong> refine its strategies in light <strong>of</strong> the required outcomes.<br />
Further, evaluation results are increasingly being used to shape the agency’s strategic responses, demonstrating<br />
the effectiveness <strong>of</strong> the methodology as a continuous improvement tool.<br />
Longer-term benefits also expected include:<br />
• Increased differentiation so that compliance treatment strategies are better tailored to the circumstances<br />
<strong>of</strong> the risk <strong>and</strong> those involved in it.<br />
• Increased productivity as the ATO’s activities are more closely aligned to the achievement <strong>of</strong> its<br />
strategic objectives.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
<strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry<br />
Highly commended<br />
Overview<br />
Asian gypsy moths (Lymantria spp.) originate from temperate Eurasia <strong>and</strong> are recognised internationally as<br />
among the world’s worst invasive species. They cause major damage by eating the leaves <strong>of</strong> as many as 1600<br />
types <strong>of</strong> plant, including <strong>for</strong>estry <strong>and</strong> horticultural crops as well as garden plants.<br />
The cost <strong>of</strong> this damage is very high, with estimates <strong>for</strong> individual <strong>for</strong>estry or tree crop plantations exceeding<br />
$400 million per cropping cycle. As a quarantine pest, the moths have spread from their endemic origin to a<br />
number <strong>of</strong> other countries via trade pathways, notably to the United States <strong>and</strong> New Zeal<strong>and</strong>.<br />
Because the moths are simply attracted to lights <strong>and</strong> illuminated objects at night, pathway management has<br />
been a real challenge. Maritime vessels <strong>and</strong> sea cargo have been regularly contaminated as they are well lit<br />
during night loading operations.<br />
To tackle the problem, <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (DAFF) scientific staff conducted a<br />
study that used satellite imagery to identify the ports most at risk from the moths. This was possible through<br />
the innovative use <strong>of</strong> geospatial intelligence techniques to identify ports in close proximity to suitable densely<br />
vegetated areas where the moths live.<br />
This technique predicts the seaports in Asia where visiting vessels <strong>and</strong> cargo are most likely to be contaminated<br />
with the moths’ egg masses. This study, combined with surveillance records, identified <strong>and</strong> confirmed the risk<br />
posed at individual Asian seaports.<br />
This risk initiative has allowed DAFF to become predictive rather than reactive in its ongoing risk management <strong>of</strong><br />
the moths <strong>and</strong> has the potential <strong>for</strong> Australia to become a world leader in the surveillance <strong>of</strong> them.<br />
The success <strong>of</strong> this initiative is based on intra-departmental cooperation between DAFF’s scientific <strong>and</strong><br />
operational business units. Implementation <strong>of</strong> this risk management initiative has been strongly supported by<br />
the <strong>Department</strong>’s executive as an example <strong>of</strong> what the agency is calling ‘risk-return’, that is, gaining the best<br />
outcome in both quarantine protection <strong>and</strong> cost-effective resource allocation.<br />
The Risk Management Framework—creating the foundation to effectively manage risk<br />
To verify a risk-based intervention could be properly developed, managed <strong>and</strong> implemented, DAFF used st<strong>and</strong>ard<br />
project management techniques.<br />
To develop the initiative, staff carried out detailed consultations with scientific <strong>and</strong> operational business areas<br />
<strong>and</strong> developed clear objectives, identified <strong>and</strong> evaluated risks, <strong>and</strong> prepared streamlined inspection procedures,<br />
data collection <strong>and</strong> reporting requirements.<br />
All Asian seaports in the geographic range <strong>of</strong> these moths were surveyed by satellite analysis using a<br />
combination <strong>of</strong> public domain industry intelligence, <strong>and</strong> satellite imagery from Google Earth <strong>of</strong> juxtaposed<br />
suitable vegetation <strong>and</strong> port infrastructure. This methodology allowed the <strong>Department</strong> to consider both existing<br />
<strong>and</strong> future risk pathways.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Highly Commended – DAFF<br />
23
Risk Initiative Category – Highly Commended – DAFF<br />
24<br />
Mapping the Asian gypsy moth<br />
DAFF identified that in Asia, the Asian gypsy moth typically attacks the trees that make up the dominant <strong>for</strong>est<br />
types (<strong>for</strong> example, oak <strong>and</strong> larch <strong>for</strong>ests). The size <strong>and</strong> extent <strong>of</strong> these <strong>for</strong>ests could be precisely <strong>and</strong> accurately<br />
identified from space due to the light spectrum the trees reflected. By mapping this reflectance data around each<br />
seaport, the <strong>Department</strong> was able to identify which Asian seaports had the potential to be a risk source <strong>of</strong> moths.<br />
Studies in Japan showed the moths do not tend to migrate out <strong>of</strong> <strong>for</strong>ests <strong>and</strong> penetrate areas <strong>of</strong> human habitat<br />
by more than 1500 metres. A buffered distance <strong>of</strong> 2000 metres was there<strong>for</strong>e used as the cut-<strong>of</strong>f <strong>for</strong> the flight<br />
range <strong>of</strong> the moths. Any seaport within 2000 metres <strong>of</strong> suitable <strong>for</strong>est types was considered a risk source <strong>of</strong><br />
contamination.<br />
Risk estimate report<br />
A risk estimate report was compiled based on these findings, which when combined with an international<br />
st<strong>and</strong>ard surveillance methodology <strong>for</strong> the moths, allowed Australian quarantine inspectors to target only those<br />
vessels identified as the highest risk.<br />
The analysis was also used to identify the highest risk areas on vessels where egg masses were most likely to<br />
occur. The surveillance design also collected in<strong>for</strong>mation on where eggs were located on vessels in order to<br />
calibrate <strong>and</strong> improve surveillance.<br />
Using geospatial technology was an innovative approach to a potential risk that allowed resources to be better<br />
managed <strong>and</strong> allocated.<br />
This risk-initiative provides significant efficiency benefits to DAFF through streamlining inspection procedures to<br />
reduce the threat <strong>of</strong> moths in Australia. It also reduces dem<strong>and</strong> on DAFF resources as well as inspection fees to<br />
the maritime industry.<br />
Implementing strategies, plans <strong>and</strong> processes<br />
Based on the recommendations <strong>of</strong> the geospatial intelligence report, a pilot intervention program was<br />
implemented by the DAFF Seaports Program from 1 July–30 September 2011, at the four busiest Australian<br />
seaports that receive the greatest number <strong>of</strong> risk vessels.<br />
These ports were Gladstone <strong>and</strong> Brisbane in Queensl<strong>and</strong>, Newcastle in New South Wales <strong>and</strong> Port Headl<strong>and</strong> in<br />
Western Australia.<br />
The intervention employed a targeted risk-based approach to vessel inspection based on an ‘Asian Seaports<br />
Identified <strong>for</strong> Surveillance List’, <strong>and</strong> inspection procedures <strong>for</strong> the moths that included:<br />
• Vessel inspections based on examining high-risk areas <strong>of</strong> the vessel where the moths were most likely to be<br />
found.<br />
• Egg masses found by quarantine inspectors were identified using remote microscope diagnostics by<br />
quarantine entomologists, to identify whether the egg masses were <strong>of</strong> a quarantine risk species.<br />
• If the species was classified as a quarantine risk, inspectors then thoroughly went through the vessel to<br />
eliminate egg masses present.<br />
• Quarantine inspectors recorded the time required to complete inspections <strong>for</strong> the moths <strong>for</strong> further analysis.<br />
The pilot achieved two key objectives:<br />
• Confirmation the predicted risk <strong>of</strong> moths entering Australia was correctly identified as being from risk ports.<br />
• The streamlined, targeted inspection methodology was effective in intercepting the moth on international<br />
vessels.<br />
This in<strong>for</strong>mation will now be used to develop the full implementation policy <strong>for</strong> Asian gypsy moth inspections.<br />
The creation <strong>of</strong> the ‘Asian Seaports Identified <strong>for</strong> Surveillance List’ will allow DAFF to become predictive rather<br />
than reactive in the risk management <strong>of</strong> the moth.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
Short-term benefits<br />
The use <strong>of</strong> geospatial intelligence as a risk-management tool <strong>for</strong> Asian gypsy moths has already provided DAFF<br />
with a range <strong>of</strong> short-to medium-term benefits:<br />
1. Resourcing:<br />
• Use <strong>of</strong> geospatial intelligence to shape border inspections has allowed DAFF to efficiently <strong>and</strong> effectively<br />
manage its resources.<br />
• Quantitative risk assessment through geospatial intelligence unambiguously directs quarantine<br />
inspectors towards only those vessels that are most likely to be contaminated by the moth.<br />
• A highly specific inspection methodology allows quarantine inspectors to target the highest risk places on<br />
potentially contaminated vessels.<br />
2. Identification <strong>of</strong> previously unknown risk ports:<br />
• This risk initiative successfully identified four Asian seaports capable <strong>of</strong> exporting Asian gypsy moths to<br />
Australia via contaminated vessels. Previously, these ports had not been recognised as risk ports by any<br />
country.<br />
• This initiative resulted in the first quarantine interception anywhere in the world <strong>of</strong> Asian gypsy moths<br />
from the Korean Peninsula.<br />
3. Diplomatic approach:<br />
• The use <strong>of</strong> an intelligence-based approach has allowed Australia to manage the risk posed by the moth<br />
entirely on-shore. No additional dem<strong>and</strong>s have been placed on quarantine operations internationally, <strong>for</strong><br />
example by needing to send quarantine inspectors <strong>of</strong>fshore to undertake pre-departure inspections <strong>of</strong><br />
vessels. The risk <strong>of</strong> vessel contamination posed by Asian gypsy moths is a sensitive issue throughout Asia,<br />
<strong>and</strong> visits by quarantine agencies have not always been welcomed.<br />
Long-term results<br />
DAFF will use the results from this risk-based intervention to shape a revised national Asian gypsy moth policy<br />
over the next 12 months.<br />
Forecasting is another major long-term benefit arising from this risk initiative not only <strong>for</strong> this moth, but other<br />
invasive species.<br />
The data collected will also be used to predict when individual Asian seaports will be most vulnerable to<br />
contamination by the moth. Because the metamorphosis <strong>of</strong> all Asian gypsy moths is strongly dictated by<br />
temperature, remotely accessed climate data <strong>for</strong> Asian risk ports could potentially be used to predict when the<br />
moth would be most likely to affect individual ports.<br />
It is expected these predictions could be narrowed to within a 1-2 week period. These <strong>for</strong>ecasts could then allow<br />
DAFF to help industry <strong>and</strong> other quarantine agencies to manage the moth in an integrated <strong>and</strong> effective riskbased<br />
approach, further reducing inspection costs.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Highly Commended – DAFF<br />
25
Risk Initiative Category – Highly Commended – AMSA<br />
26<br />
Australian Maritime Safety Authority<br />
Highly commended<br />
Overview<br />
The Australian Maritime Safety Authority (AMSA) is a Commonwealth Statutory Authority. It is responsible <strong>for</strong><br />
setting <strong>and</strong> regulating st<strong>and</strong>ards <strong>for</strong> the operation <strong>of</strong> commercial shipping, an extensive network <strong>of</strong> marine aids<br />
to navigation around the Australian coast, aviation <strong>and</strong> maritime search <strong>and</strong> rescue <strong>and</strong> a national plan to protect<br />
the marine environment.<br />
When it comes to navigation safety, AMSA’s prime focus is on providing national aids <strong>for</strong> our navigation network.<br />
One <strong>of</strong> its strategic objectives in this area is to adopt technological advances to improve safety. This is critical to<br />
the shipping industry, which is an important stakeholder in AMSA. While the Authority is in part funded by the<br />
Australian Government, over 50% <strong>of</strong> its funding comes from levies paid by the shipping industry.<br />
In August 2006, AMSA’s top-ranked risk centred on pilotage in the Torres Strait. (The third highest risk was the<br />
potential <strong>for</strong> a serious incident in sensitive waters—mainly referring to Torres Strait <strong>and</strong> the Great Barrier Reef.)<br />
Navigating the Torres Strait is dem<strong>and</strong>ing. Passage involves transiting confined waters that have limiting depths,<br />
while the tidal flows are complex, highly variable <strong>and</strong> fast.<br />
On top <strong>of</strong> this is a tropical climate with its alternating wet <strong>and</strong> dry seasons. Seasonal rainsqualls frequently affect<br />
visibility, <strong>and</strong> the region experiences moderate to strong trade winds, tropical thunderstorms <strong>and</strong> occasional<br />
cyclones.<br />
To overcome these risks, AMSA decided to introduce an Under Keel Clearance Management System (UKCM<br />
System).<br />
AMSA realised that implementing its risk initiative was not without its own attendant risks. These included take<br />
up by users, unrealistic expectations on transit times by vessel owners, the draught <strong>of</strong> vessels, along with the<br />
more general risk <strong>of</strong> failure.<br />
The Risk Management Framework—creating the foundation to effectively manage risk<br />
Under Keel Clearance refers to the vertical distance between the keel <strong>of</strong> a vessel <strong>and</strong> the sea floor; a distance that<br />
has to be maintained to ensure safe navigation <strong>and</strong> avoid grounding.<br />
The risk initiative involved implementing web interface systems where in<strong>for</strong>mation would be provided to a<br />
vessel’s pilot, allowing them to plan a transit <strong>of</strong> Torres Strait <strong>and</strong> monitor it in real time.<br />
The in<strong>for</strong>mation provided by the UKCM System is based on the known characteristics <strong>of</strong> the vessel type, predicted<br />
motion <strong>of</strong> the vessel, the topography <strong>of</strong> the seabed, predicted <strong>and</strong> known tidal movements <strong>and</strong> predicted <strong>and</strong><br />
known wind <strong>and</strong> wave motion.<br />
For AMSA, the UKCM System covered three primary aspects:<br />
1. Voyage planning. This could take place up to 12 months be<strong>for</strong>e travelling through the Strait. It provides<br />
in<strong>for</strong>mation that allows a vessel to arrive at a specific point in the Strait at a time when the predicted height<br />
<strong>of</strong> the tide <strong>and</strong> tidal stream allows a safe transit.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
2. Transit planning. This allows the pilot to select the best transit time <strong>and</strong> plan in detail.<br />
3. Transit monitoring. The pilot uses real time in<strong>for</strong>mation provided from shore-based systems to an on-board<br />
device to monitor the ship’s transit <strong>and</strong> make timely <strong>and</strong> in<strong>for</strong>med decisions during that transit.<br />
In November 2006, AMSA engaged an expert shipping consultancy to carry out an initial risk review. This<br />
identified a number <strong>of</strong> risks in implementing a UKCM System in the Torres Strait.<br />
The primary one was the quality <strong>of</strong> input data. This included existing charts <strong>and</strong> the quality needed <strong>for</strong> other data<br />
relating to tides <strong>and</strong> individual vessels. But with appropriate treatments, these risks were acceptable.<br />
The Torres Strait is an environmentally sensitive area <strong>and</strong> a shipping accident would stop a large portion <strong>of</strong> trade<br />
to <strong>and</strong> from Australian ports, <strong>and</strong> potentially pollute the marine environment. AMSA’s risk initiative would make<br />
transiting the Torres Strait safer <strong>and</strong> more efficient, especially as trade through the area is expected to increase<br />
substantially.<br />
Implementing strategies, plans <strong>and</strong> processes<br />
AMSA chose to stagger the implementation <strong>of</strong> its risk initiative. This was done to manage risks, including those<br />
surrounding the expectations <strong>of</strong> users.<br />
Initially, AMSA only worked with pilots <strong>and</strong> pilot providers. It established a centre <strong>of</strong> pilot excellence, <strong>and</strong> training<br />
in the new system was developed <strong>and</strong> introduced.<br />
The Authority also made sure that when it came to coordinating with internal <strong>and</strong> external parties,<br />
responsibilities were well defined both within <strong>and</strong> outside AMSA.<br />
Entity Role/Responsibility<br />
Shipping company/agent Provide the required vessel particulars, including hydrostatic details <strong>and</strong><br />
ETA at the UKCM area, to the pilotage provider.<br />
Master Provide the required final stability particulars prior to the pilot boarding/<br />
transiting the area.<br />
Coastal pilots/pilotage providers Utilise the UKCM System.<br />
Manage tidal windows <strong>and</strong> transit plans.<br />
AMSA Oversee the use <strong>of</strong> the UKCM System by coastal pilots <strong>and</strong> pilotage<br />
providers.<br />
Provide validated sensor data <strong>for</strong> use by the UKCM System.<br />
Provide pilotage provider/pilot access to the UKCM System.<br />
UKCM provider Ensure contracted service is provided to AMSA, including delivery to the<br />
specified per<strong>for</strong>mance <strong>and</strong> availability criteria.<br />
REEFVTS Provide UKCM-related in<strong>for</strong>mation, as part <strong>of</strong> the on going delivery <strong>of</strong> an<br />
In<strong>for</strong>mation Service.<br />
Finally, when AMSA was confident identified risks were being effectively managed, it rolled the system out to ship<br />
operators directly.<br />
Consultation with these stakeholders was an important part <strong>of</strong> the risk initiative. AMSA’s communication<br />
strategy was designed to give stakeholders assurance the system would be effective, <strong>and</strong> manage their<br />
expectations.<br />
Ultimately, the UKCM System had good take up by users <strong>and</strong> the final stage <strong>of</strong> implementation took place on<br />
16 December 2011.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Highly Commended – AMSA<br />
27
Risk Initiative Category – Highly Commended – AMSA<br />
28<br />
An integrated program that meets the needs <strong>of</strong> stakeholders<br />
AMSA developed an integrated program that combined:<br />
• A technological solution (the UKCM System).<br />
• A regulatory framework (Marine Order 54).<br />
• Authoritative/quality assured inputs from various sources.<br />
• Accurate in<strong>for</strong>mation from the ship operator/master/pilot.<br />
• Training <strong>and</strong> engagement <strong>of</strong> users at all levels.<br />
AMSA will regulate the use <strong>of</strong> the UKCM System (by coastal pilots <strong>and</strong> pilot providers) through Marine Order<br />
Part 54. A framework was established to verify the accuracy <strong>of</strong> sensor data <strong>and</strong> periodically re-calibrate the<br />
sensors, independent <strong>of</strong> the contractor.<br />
AMSA is working closely with the Australian Hydrographic Service to make sure high accuracy surveys <strong>of</strong> the<br />
Torres Strait needed by the UKCM System are available.<br />
The AMSA risk manager was involved in the initial risk assessment <strong>and</strong> in subsequent risk assessments <strong>of</strong><br />
activities. External specialist resources were brought in as required to provide technical expertise.<br />
Overall, the UKCM System project was initiated <strong>and</strong> driven by non-risk management staff, who were willing<br />
to call in risk management specialists when needed. This demonstrates the management <strong>of</strong> risk is embedded<br />
in AMSA’s processes <strong>and</strong> procedures.<br />
AMSA worked hard to meet the needs <strong>of</strong> each stakeholder through the risk management approach the agency<br />
developed <strong>and</strong> implemented.<br />
Short-term benefits<br />
The short-term benefits <strong>of</strong> this project include:<br />
• A marked reduction in the time pilots need to calculate transit times.<br />
• Pilots are using Transit Planning to gain an assessment <strong>of</strong> the efficiency <strong>and</strong> safety <strong>of</strong> intended transit<br />
windows, <strong>and</strong> compliance with AMSA’s rules.<br />
• Pilots are using Transit Monitoring <strong>for</strong> real-time assessments <strong>of</strong> their transit. The system also captures all<br />
relevant in<strong>for</strong>mation <strong>for</strong> AMSA to review <strong>for</strong> future improvements <strong>and</strong> model adjustments.<br />
• Pilots, pilot providers <strong>and</strong> pilot launch masters are using the Met-Ocean service <strong>for</strong> real-time, predicted <strong>and</strong><br />
short-term <strong>for</strong>ecasts <strong>of</strong> environmental in<strong>for</strong>mation. Launch masters are also using the in<strong>for</strong>mation to assess<br />
the risks <strong>of</strong> transfer activities (ship to launch or launch to ship) in exposed waters.<br />
• The UKCM System is able to exchange key system <strong>and</strong> vessel-related in<strong>for</strong>mation with third party systems.<br />
Benefits identified by AMSA <strong>of</strong> its staged implementation approach include:<br />
• Strong industry acceptance.<br />
• A robust system that integrates well with existing systems.<br />
• Service providers taking up the system.<br />
• For pilots using the system, transit in<strong>for</strong>mation in the <strong>for</strong>m <strong>of</strong> charts highlighting the current voyage is<br />
currently available to ships’ masters on deck. This adds credibility to its operation.<br />
AMSA has also realised the short-term benefits <strong>of</strong> its new system translate as long-term benefits <strong>for</strong> Australian<br />
mining, general freight movement <strong>and</strong> the environment.<br />
While the system is relatively new, it has demonstrated potential <strong>and</strong> ongoing improvements <strong>for</strong> vessels<br />
transiting the Torres Strait in a way that reduces inherent risks.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
Long-term results<br />
The long-term benefits identified by AMSA include the implementation <strong>of</strong> a system that gives pilots the ability<br />
to improve their decision-making <strong>and</strong> transit planning while ensuring a safe transit though the Torres Strait.<br />
Additional long-term benefits include:<br />
• Validating the existing under keel safety margin <strong>for</strong> deep draught vessels <strong>and</strong> helping evaluate the<br />
appropriateness <strong>of</strong> the draught limit regime.<br />
• Improved safety due to increased knowledge <strong>of</strong> conditions, in particular, better knowledge <strong>of</strong> shallow areas<br />
that present dangers to shipping, which AMSA identified as a major risk.<br />
• Improved efficiency thanks to a better knowledge <strong>of</strong> deep-water areas, which will allow greater flexibility<br />
in transit planning <strong>and</strong> management, <strong>and</strong> lead to more efficient transits.<br />
• Potential <strong>for</strong> greater transit windows <strong>and</strong> the associated economic benefits, including more efficient use<br />
<strong>of</strong> shipping.<br />
• Ability to modify a vessel’s transit while in progress due to un<strong>for</strong>eseen events (<strong>for</strong> example short period tidal<br />
variations, reduction in available speed, presence <strong>of</strong> other vessels), which improves safety <strong>and</strong> efficiency.<br />
Overall, AMSA’s risk initiative has great potential <strong>and</strong> has demonstrated effective use <strong>of</strong> risk management<br />
techniques, processes <strong>and</strong> procedures.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Highly Commended – AMSA<br />
29
Risk Initiative Category – Highly Commended – BOM<br />
30<br />
Bureau <strong>of</strong> Meteorology<br />
Highly commended<br />
Overview<br />
The Bureau <strong>of</strong> Meteorology’s weather <strong>for</strong>ecasts <strong>and</strong> warnings services are some <strong>of</strong> the most widely used<br />
government products.<br />
The agency’s core tasks include meeting the national need <strong>for</strong> climatic records, water in<strong>for</strong>mation, weather<br />
<strong>and</strong> oceanographic services, a scientific underst<strong>and</strong>ing <strong>of</strong> Australian weather <strong>and</strong> climate, <strong>and</strong> providing a high<br />
quality service to the Australian community.<br />
Severe weather events, including tropical cyclones, severe thunderstorms <strong>and</strong> flash flooding, pose a significant<br />
risk to the safety <strong>of</strong> the Australian community. One <strong>of</strong> the Bureau’s primary roles is to mitigate this risk by<br />
providing a comprehensive <strong>for</strong>ecast <strong>and</strong> warning service, which has now been extended to include graphical<br />
products.<br />
The Bureau is able to provide an end-to-end in<strong>for</strong>mation <strong>and</strong> warning system where state-<strong>of</strong>-the-art weather<br />
observations, <strong>for</strong>ecast <strong>and</strong> warning technologies are used, <strong>and</strong> in<strong>for</strong>mation is tailored <strong>for</strong> the Australian<br />
community.<br />
The rapid growth <strong>of</strong> the internet <strong>and</strong> the Bureau’s services has resulted in the agency’s website being one <strong>of</strong> the<br />
most heavily accessed <strong>and</strong> used sites in Australia. The Bureau’s Warnings <strong>and</strong> Weather Forecasts Program <strong>of</strong>fers<br />
a wide range <strong>of</strong> analysis <strong>and</strong> prediction products. These include <strong>for</strong>ecasts, warnings <strong>and</strong> in<strong>for</strong>mation services <strong>for</strong><br />
the general public, national <strong>and</strong> international shipping <strong>and</strong> aviation, the <strong>Department</strong> <strong>of</strong> Defence <strong>and</strong> others.<br />
Services are provided through Regional Forecasting Centres in capital cities <strong>and</strong> through the National<br />
Meteorological <strong>and</strong> Oceanographic Operations Centre in Melbourne. All <strong>of</strong> these centres maintain a 24-hour<br />
weather watch every day <strong>of</strong> the year, <strong>and</strong> issue <strong>for</strong>ecasts <strong>and</strong> warnings together with tsunami watches <strong>and</strong><br />
warnings.<br />
The Risk Management Framework—creating the foundation to effectively manage risk<br />
While looking <strong>for</strong> ways it could respond to the community need <strong>for</strong> improvements in weather services, the<br />
Bureau noted its “traditional” or existing products were based on text <strong>for</strong> point locations. This required a<br />
significant amount <strong>of</strong> manual input by a <strong>for</strong>ecaster to prepare. In short, this process was labour intensive <strong>and</strong><br />
limited the Bureau’s ability to respond to rapidly evolving technologies being used by the community.<br />
To manage the increasing dem<strong>and</strong> <strong>for</strong> <strong>for</strong>ecasts <strong>and</strong> weather warnings that were accurate <strong>and</strong> geospatially<br />
detailed, the Bureau created the Next Generation Forecast <strong>and</strong> Warning System (NexGenFWS) project.<br />
The Bureau identified the Graphical Forecast Editor (GFE) as a potential <strong>for</strong>ecasting tool. It was originally<br />
developed in the United States by the National Oceanic <strong>and</strong> Atmospheric Administration <strong>and</strong> used in all <strong>for</strong>ecast<br />
<strong>of</strong>fices <strong>of</strong> the US National Weather Service. In 2008 the Bureau piloted the GFE in its <strong>for</strong>ecast <strong>and</strong> warning service<br />
in Victoria. As a result <strong>of</strong> the success <strong>of</strong> this implementation, federal government funding was obtained to<br />
nationally roll out this world’s best-practice system over a five-year period.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
The NexGenFWS links activities across many <strong>of</strong> the Bureau’s programs. The Bureau acknowledges that managing<br />
risk is essential <strong>for</strong> project work, <strong>and</strong> helping staff to underst<strong>and</strong>, accept <strong>and</strong> manage risks as a part <strong>of</strong> everyday<br />
decision-making, was a priority <strong>for</strong> the project.<br />
Risk assessments were an essential part <strong>of</strong> the NexGenFWS implementation process. The project integrated<br />
<strong>and</strong> embedded risk management into the governance, project management, planning, reporting, procurement<br />
<strong>and</strong> per<strong>for</strong>mance management processes. A project risk management plan that focused on risk pr<strong>of</strong>iling <strong>and</strong><br />
graphical reporting was developed <strong>and</strong> aligned with the enterprise-wide risk management framework.<br />
Adopting a project focused risk framework allowed:<br />
• Bureau staff to underst<strong>and</strong>, accept <strong>and</strong> manage risks as part <strong>of</strong> everyday decision making.<br />
• Successful delivery <strong>of</strong> service improvements <strong>and</strong> service continuity outcomes that were within the constraints<br />
laid out in the project management plan.<br />
The Bureau developed process tools <strong>and</strong> reports that were used to identify, evaluate <strong>and</strong> communicate the<br />
range <strong>of</strong> risks associated with the project <strong>and</strong> that had to be managed by project staff <strong>and</strong> the sponsor. Since the<br />
development <strong>of</strong> this project the Bureau has introduced the focused risk methodology into its enterprise-wide risk<br />
management framework.<br />
Risk initiative links to governance framework<br />
This risk initiative clearly linked to the Bureau’s governance framework. The project demonstrated the Bureau’s<br />
key focus was client service as well as legislative requirements. The Bureau has a large stakeholder base, which<br />
in some instances wasn’t communicating effectively. The risk initiative was designed to meet all stakeholder<br />
requirements <strong>for</strong> in<strong>for</strong>mation.<br />
The Bureau successfully embedded risk management into the governance, project management, planning,<br />
reporting, procurement <strong>and</strong> per<strong>for</strong>mance management processes <strong>of</strong> the NexGenFWS project delivery.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Highly Commended – BOM<br />
31
Risk Initiative Category – Highly Commended – BOM<br />
32<br />
Implementing strategies, plans <strong>and</strong> processes<br />
The Bureau’s framework <strong>for</strong> the NexGenFWS was designed to address the following risks:<br />
• Complexity <strong>of</strong> the changes with respect to technology, training <strong>and</strong> products.<br />
• Impact on staff <strong>and</strong> users.<br />
• Large geographic coverage <strong>of</strong> the system <strong>and</strong> the regional base requirements <strong>of</strong> <strong>for</strong>ecasting.<br />
• Extensive risk pr<strong>of</strong>ile associated with changing thous<strong>and</strong>s <strong>of</strong> the Bureau’s public weather <strong>and</strong> warning<br />
products.<br />
Given deployment risks, constraints <strong>and</strong> the project’s resourcing dem<strong>and</strong>s, a Rolling Wave Project Planning<br />
strategy was adopted. This allowed incremental improvements needed in s<strong>of</strong>tware, infrastructure, training <strong>and</strong><br />
science; collaboration to develop a common feature environment <strong>for</strong> <strong>for</strong>ecasters; <strong>and</strong> minimised a range <strong>of</strong><br />
internal <strong>and</strong> external risk factors.<br />
This project’s five-year rollout allowed the Bureau to effectively oversee the risk process regarding:<br />
• Decisions about the range <strong>of</strong> rollout options, including timings <strong>for</strong> each region.<br />
• When <strong>and</strong> what components to build first.<br />
• Manage the project schedule.<br />
• Manage dependencies, status tracking, estimate activities <strong>and</strong> resources needed to fulfil the project’s<br />
objectives.<br />
Communicating change<br />
The Bureau fully understood the many elements <strong>and</strong> risk pr<strong>of</strong>iles <strong>of</strong> such a complex project. It developed <strong>and</strong><br />
implemented a wide range <strong>of</strong> tools to communicate <strong>and</strong> support the delivery <strong>of</strong> the project rollout. These<br />
included:<br />
• Management <strong>and</strong> executive briefings.<br />
• Bureau meteorology training courses.<br />
• Forecaster <strong>and</strong> science <strong>for</strong>ums.<br />
• Media briefings.<br />
• In<strong>for</strong>mation stall at conferences as well as boating or agricultural events.<br />
• Minutes/briefs (internal).<br />
• Industry base in<strong>for</strong>mation <strong>and</strong> notices (posted on the Bureau website <strong>and</strong> registered user pages).<br />
• Staff newsletters (posted on intranet) mailing lists <strong>and</strong> internal wikis.<br />
• Frequently Asked Questions (internal & external).<br />
• Papers/presentations at industry <strong>for</strong>ums.<br />
• Print media.<br />
• Television <strong>and</strong> radio broadcasts, face-to-face meetings <strong>and</strong> surveys.<br />
The Bureau’s communication activities were comprehensive <strong>and</strong> targeted a wide range <strong>of</strong> users, stakeholders<br />
<strong>and</strong> consumers. This minimised the risk <strong>of</strong> a poor reception <strong>of</strong> the project from <strong>for</strong>ecasters, <strong>and</strong> increased the<br />
opportunities <strong>for</strong> identifying <strong>and</strong> resolving any emerging issues.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
Short-term benefits<br />
The Bureau acknowledged that its risk initiative faced a number <strong>of</strong> inherent risks, however, by fully integrating<br />
structured risk identification, assessment <strong>and</strong> a mitigation framework, the project has successfully met<br />
deliverables.<br />
Some <strong>of</strong> the immediate benefits identified include:<br />
• Modernised weather <strong>for</strong>ecast production with more accurate <strong>for</strong>ecasts <strong>and</strong> warnings to allow the Australian<br />
community to mitigate weather-related risks.<br />
• Can issue more visual <strong>and</strong> graphic <strong>for</strong>ecasts.<br />
• Improved accuracy, detail, consistency <strong>and</strong> presentation <strong>of</strong> <strong>for</strong>ecast <strong>and</strong> warning in<strong>for</strong>mation, including high<br />
impact events, such as heavy rain or bushfires.<br />
• Extended the <strong>for</strong>ecast outlook period so more days are covered going <strong>for</strong>ward.<br />
• Geographic equity <strong>of</strong> services <strong>for</strong> city, rural <strong>and</strong> Indigenous communities, with more frequent <strong>and</strong> detailed<br />
services <strong>for</strong> everyone, not just those living in major cities.<br />
• Plat<strong>for</strong>m can be extended <strong>and</strong> supported to satisfy the increasing dem<strong>and</strong> <strong>for</strong> services at a local level.<br />
The Bureau’s risk initiative has delivered benefits to the agency as well as the Australian public, industry <strong>and</strong><br />
other government agencies (<strong>for</strong> example AMSA).<br />
Long-term results<br />
Long-term benefits <strong>for</strong> the Bureau thanks to its implementation <strong>of</strong> NexGenFWS include:<br />
• The Bureau’s disaster mitigation services can provide spatially oriented services to major clients.<br />
• Accurate weather in<strong>for</strong>mation will be available to all Australians, including small isolated communities <strong>and</strong><br />
Australian Indigenous communities.<br />
• The Bureau is better placed to meet its on-going commitments under the Meteorology Act 1955.<br />
• The system supports international disaster mitigation activities.<br />
• The plat<strong>for</strong>m can be extended to allow quick development <strong>and</strong> delivery <strong>of</strong> new products.<br />
• Tailored GFE system being made available to other countries.<br />
• Broader community has confidence in the quality <strong>of</strong> the Bureau’s warning products <strong>and</strong> services.<br />
• The system supports the rapid adoption <strong>of</strong> developments in meteorological science <strong>and</strong> technology.<br />
• Confidence within the Bureau that the system is providing effective <strong>for</strong>ecasts <strong>and</strong> warnings, <strong>and</strong> is able to<br />
meet changing community needs <strong>and</strong> delivery expectations.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Highly Commended – BOM<br />
33
Risk Initiative Category – Honourable Mention – DAFF<br />
34<br />
<strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry<br />
Honourable Mention<br />
Overview<br />
Today’s biosecurity organisations face significant challenges globally. Chief among these are environmental<br />
change, changes in human movement, trade <strong>and</strong> economic development, <strong>and</strong> the evolution <strong>and</strong> emergence <strong>of</strong><br />
pests <strong>and</strong> diseases.<br />
To gather <strong>and</strong> analyse in<strong>for</strong>mation on new hazards expected to affect aquatic animal health, the <strong>Department</strong><br />
<strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (DAFF) developed an online intelligence system dedicated to tracking <strong>and</strong><br />
<strong>for</strong>ecasting outbreaks <strong>of</strong> aquatic animal diseases.<br />
AquaticHealth.net is the first <strong>of</strong> its kind in the world <strong>and</strong> scans the internet on a regular basis <strong>for</strong> open-source<br />
content (news <strong>and</strong> journal articles <strong>and</strong> ‘tweets’ from Twitter) related to aquatic animal health. The system<br />
allows anyone to submit content, automatically detects location in<strong>for</strong>mation that can be plotted on a Google<br />
Map, <strong>and</strong> tags the in<strong>for</strong>mation with useful key terms.<br />
All users can browse content <strong>and</strong> generate reports <strong>and</strong> maps (by search terms, filtered date ranges, tags,<br />
locations) <strong>and</strong> receive resource description framework site summary feeds as well as e-mail updates.<br />
The Risk Management Framework—creating the foundation to effectively manage risk<br />
AquaticHealth.net is one <strong>of</strong> DAFF’s strategic priorities to manage Australia’s biosecurity by effectively identifying<br />
<strong>and</strong> targeting the management <strong>of</strong> risk to aquatic animals.<br />
In creating AquaticHealth.net, the agency undertook a systematic, agency-wide approach to underpin the<br />
gathering, analysis, reporting <strong>and</strong> application <strong>of</strong> biosecurity intelligence on emerging aquatic diseases. It also<br />
monitored changes in a range <strong>of</strong> dynamic processes such as environmental, social <strong>and</strong> technological change,<br />
which affect pests <strong>and</strong> diseases associated with aquatic animals.<br />
Along with gathering in<strong>for</strong>mation, the agency also developed systems to store <strong>and</strong> retrieve it. When analysed, the<br />
in<strong>for</strong>mation gathered led to useful intelligence that in<strong>for</strong>med strategic planning, resource allocation <strong>and</strong> policy<br />
development within the agency.<br />
The three strategies identified in DAFF’s business plan to meet its objective were:<br />
1. Develop intelligence, risk analysis <strong>and</strong> risk management capability.<br />
2. Move toward an effective integration <strong>of</strong> pre-border, border <strong>and</strong> post border activities based on assessing <strong>and</strong><br />
managing risk.<br />
3. Lead <strong>and</strong> support staff to make sure they have the skills, knowledge <strong>and</strong> tools to match business priorities.<br />
An early warning system <strong>for</strong> emerging threats<br />
This initiative fills an identified gap in the risk analysis research sponsored by DAFF. It provides an early warning<br />
system <strong>for</strong> emerging threats <strong>and</strong> is integral to developing effective biosecurity strategies.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
AquaticHealth.net allows authenticated users to tag, edit <strong>and</strong> classify all reports, as well as add <strong>and</strong> refine the<br />
search terms the system uses to find content. The system also includes a wiki in which authenticated users can<br />
edit <strong>and</strong> update entries on diseases <strong>and</strong> other topics related to aquatic animal health. Each wiki page includes a<br />
<strong>for</strong>ecasting section, where users can make <strong>and</strong> debate <strong>for</strong>ecasts <strong>of</strong> disease outbreaks.<br />
Utilising social networking<br />
The result is an online intelligence system <strong>for</strong> aquatic animal health that is social at almost every level <strong>and</strong><br />
provides relevant in<strong>for</strong>mation to decision-makers in a practical, efficient <strong>and</strong> timely manner.<br />
This web-based approach utilises social networking to find gaps in biosecurity in<strong>for</strong>mation <strong>and</strong> allows DAFF<br />
to achieve its business objectives. DAFF manages the risks associated with this type <strong>of</strong> social network by only<br />
allowing authenticated users to take part.<br />
The work is funded through competitive research grants awarded <strong>and</strong> administered by the Australian Centre <strong>of</strong><br />
<strong>Excellence</strong> in Risk Analysis (ACERA). ACERA’s core function is to develop the practice <strong>of</strong> risk analysis by creating<br />
<strong>and</strong> testing methods, protocols, analytical tools <strong>and</strong> procedures to benefit both government <strong>and</strong> the broader<br />
Australian community. ACERA’s funding is managed by DAFF.<br />
Implementing strategies, plans <strong>and</strong> processes<br />
AquaticHealth.net was implemented <strong>and</strong> adopted through case studies, participation <strong>of</strong> DAFF staff, <strong>and</strong> through<br />
dissemination <strong>of</strong> tools <strong>and</strong> techniques on both the DAFF intranet <strong>and</strong> internet (including linking with social<br />
media), <strong>and</strong> through successful outcomes from the tools developed to date.<br />
DAFF adopted a ‘crowd-sourcing method’, which is an open call to an undefined group, usually made up <strong>of</strong> people<br />
appropriate <strong>for</strong> a specific task, to analyse or solve a problem via AquaticHealth.net. Users could be anonymous or<br />
authenticated <strong>and</strong> all users can view the system’s reports, add reports, <strong>and</strong> add commentary. Authenticated users<br />
have additional privileges, including the ability to edit report content <strong>and</strong> to classify <strong>and</strong> tag reports.<br />
In designing AquaticHealth.net, DAFF combined the cheapness <strong>and</strong> efficiency <strong>of</strong> automation with the accuracy<br />
<strong>and</strong> potential <strong>for</strong> value-adding by individuals. The system was made as open as possible, by providing the<br />
potential <strong>for</strong> users to rank, comment on <strong>and</strong> add value to reports, modify search capacities, tag <strong>and</strong> classify<br />
content, add new in<strong>for</strong>mation the automated scan misses, as well as location in<strong>for</strong>mation.<br />
AquaticHealth.net is unique <strong>and</strong> is now highly regarded both nationally <strong>and</strong> internationally <strong>for</strong> the detection <strong>of</strong><br />
developing biosecurity risks on a global scale.<br />
Tracking in<strong>for</strong>mation<br />
Between 50 <strong>and</strong> 100 articles are gathered daily by the current list <strong>of</strong> search terms <strong>and</strong> listed in the daily scan.<br />
Of these, only about five to ten articles are published <strong>and</strong> tagged by users as useful, <strong>and</strong> <strong>of</strong> the published reports,<br />
the system will tag about ten articles each week as ‘disease news’.<br />
The global aquatic animal health intelligence community is growing stronger <strong>and</strong> adding value to this<br />
web-based intelligence system every day. To promote it, DAFF has delivered presentations <strong>and</strong> media material<br />
at major global aquatic animal health conferences. Google has also played its part thanks to the way its search<br />
engine prioritises listing <strong>of</strong> relevant websites. This has resulted in the site appearing in the top five results when<br />
you search <strong>for</strong> in<strong>for</strong>mation relating to any aquatic animal disease.<br />
User statistics show the site is gaining momentum daily. This means DAFF is continually upgrading capacity to<br />
h<strong>and</strong>le the volume <strong>of</strong> traffic.<br />
As the site scans into the future, it should detect <strong>and</strong> save nearly every piece <strong>of</strong> in<strong>for</strong>mation on aquatic animal<br />
disease that hits the electronic environment. And as the user community grows, AquaticHealth.net will become<br />
an essential <strong>and</strong> powerful in<strong>for</strong>mation resource <strong>for</strong> all aquatic animal health specialists, industry participants <strong>and</strong><br />
biosecurity experts around the world.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Honourable Mention – DAFF<br />
35
Risk Initiative Category – Honourable Mention – DAFF<br />
36<br />
The benefits <strong>of</strong> implementation<br />
Although AquaticHealth.net is a new initiative it has been able to:<br />
• Capture emerging disease in<strong>for</strong>mation.<br />
• Analyse disease trends.<br />
• Map diseases.<br />
• Organise data <strong>and</strong> per<strong>for</strong>m basic <strong>for</strong>ecasting.<br />
• Contribute to strategic planning.<br />
• Provide biosecurity alerts, build biosecurity risk pr<strong>of</strong>iles .<br />
• Support decision-making relating to imports <strong>and</strong> exports.<br />
Reports are generated by the system <strong>and</strong> cover a six-month period. They are entered into the ‘Emerging Diseases’<br />
wiki <strong>and</strong> the in<strong>for</strong>mation produced is provided to Australian government committees responsible <strong>for</strong> aquatic<br />
animal health <strong>and</strong> identifying emerging diseases; specifically <strong>for</strong> emerging issues outside Australia.<br />
The report allows the committees to keep abreast <strong>of</strong> potential emerging disease threats, in<strong>for</strong>m biosecurity<br />
planning <strong>and</strong> recommend preventive action on significant issues if needed.<br />
For example, an interrogation <strong>of</strong> AquaticHealth.net provided evidence <strong>of</strong> the unregulated movement <strong>of</strong> used<br />
aquaculture equipment that would adversely affect the viability <strong>of</strong> Australia’s oyster farmers. Within weeks <strong>of</strong><br />
the threat becoming known, the Australian Government introduced preventive measures to ensure all used<br />
equipment exported to Australia was decontaminated on arrival.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
One <strong>of</strong> the critical functions <strong>of</strong> AquaticHealth.net is the ability to develop <strong>and</strong> continuously improve the search<br />
terms responsible <strong>for</strong> gathering relevant in<strong>for</strong>mation. To further support its search capabilities a translation<br />
function <strong>for</strong> non-English speaking countries is to be developed. However, this function depends on collaboration<br />
with language experts <strong>and</strong> on non-English speaking users <strong>of</strong> the system increasing.<br />
The collection <strong>of</strong> disease-related in<strong>for</strong>mation is building a bank that will allow analysts to identify <strong>and</strong> interpret<br />
emerging risks. As more in<strong>for</strong>mation enters, is archived, searched <strong>and</strong> sorted, the power <strong>of</strong> the website as a critical<br />
intelligence resource will become apparent.<br />
The initiative has been successfully integrated in to DAFF’s risk management processes <strong>and</strong> the agency has<br />
started building similar websites <strong>for</strong> intelligence communities involved in plant health, avian influenza <strong>and</strong><br />
biosecurity <strong>for</strong>ecasting <strong>for</strong> future health planning.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Honourable Mention – DAFF<br />
37
Risk Initiative Category – Honourable Mention – ACBPS<br />
38<br />
Australian Customs <strong>and</strong> Border Protection Service<br />
Honourable Mention<br />
Overview<br />
The Australian Customs <strong>and</strong> Border Protection Service (Customs <strong>and</strong> Border Protection) manages a range <strong>of</strong> risks<br />
to the Australian border, while also facilitating legitimate trade <strong>and</strong> travel.<br />
Over the next eight years, international passenger movements are projected to increase to around 40 million,<br />
while incoming container <strong>and</strong> air cargo consignments will double to almost 27 million annually.<br />
Combined with these trends, Customs <strong>and</strong> Border Protection faces an equally challenging fiscal environment.<br />
Like most public sector agencies around the world, the agency must re-prioritise existing resources, rather than<br />
receive additional funding from government.<br />
To meet priorities <strong>and</strong> achieve its outcomes, Customs <strong>and</strong> Border Protection adopted an intelligence-led<br />
risk-based approach to intervention <strong>and</strong> assurance.<br />
The Risk Management Framework—creating the foundation to effectively manage risk<br />
Customs <strong>and</strong> Border Protection is meeting the challenge <strong>of</strong> managing its future operating environment <strong>and</strong> a<br />
tightening resource base by developing a strategic plan that incorporates a rigorous risk management model.<br />
This approach is embodied in the agency’s new Multi-Year Planning <strong>and</strong> Budgetary Framework <strong>and</strong> its Risk<br />
Management Framework, which together are referred to as ‘the Frameworks’. Taken together, these documents<br />
represent the agency’s blueprint <strong>for</strong> a risk-based approach to strategic planning.<br />
The Frameworks moved Customs <strong>and</strong> Border Protection away from a traditional annual planning system to an<br />
intelligence-led, risk-based, multi-year approach. They are being implemented progressively, with a view to firmly<br />
embedding each component into every area <strong>of</strong> the organisation.<br />
At the core <strong>of</strong> the Frameworks is the idea that Customs <strong>and</strong> Border Protection’s basic mission is to manage<br />
‘Border Risk’. This refers to the likelihood that people or goods will enter or leave the country without<br />
authorisation or without meeting the necessary entry <strong>and</strong> exit conditions.<br />
Border Risk encompasses many different commodities <strong>and</strong> outcomes, ranging from illicit drugs <strong>and</strong> firearms, to<br />
the illegal movement <strong>of</strong> people <strong>and</strong> money.<br />
A notion closely related to Border Risk introduced by the Frameworks is that <strong>of</strong> ‘Enabling Risk’. Enabling Risk covers<br />
the aspects <strong>of</strong> the business that support <strong>and</strong> enable Customs <strong>and</strong> Border Protection’s core operational responses<br />
to Border Risk. In their simplest <strong>for</strong>m, the Frameworks aim to link resourcing to risk.<br />
The risk-based system is allowing Customs <strong>and</strong> Border Protection to better underst<strong>and</strong> what a change in the risk<br />
environment will mean <strong>for</strong> its business strategy, <strong>and</strong> how a change in the strategy will affect the agency’s control<br />
<strong>of</strong> the risk environment. In this regard Customs <strong>and</strong> Border Protection will only allocate resources within the<br />
agency if they can be justified <strong>and</strong> linked to a change in the risk environment or its risk appetite.<br />
A key challenge <strong>for</strong> Customs <strong>and</strong> Border Protection in developing its risk model was connecting conventional<br />
enterprise risk management concerns, with the new risk-based approach to strategic planning, where decisions<br />
are made based on whether its core operations are achieving strategic objectives.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
The Frameworks guide risk management actions that support the agency’s strategic objectives by linking<br />
allocation <strong>of</strong> resources with the potential <strong>for</strong> certain events to occur.<br />
Customs <strong>and</strong> Border Protection is using risk management to support innovation <strong>and</strong> is looking at how it can use<br />
a new risk-based approach to develop its strategic planning, as well as risk manage its conventional enterprise<br />
concerns.<br />
Implementing strategies, plans <strong>and</strong> processes<br />
Due to the scale <strong>and</strong> breadth <strong>of</strong> the Frameworks, Customs <strong>and</strong> Border Protection is undertaking a phased,<br />
iterative approach to implementing the risk-based model, with a view to building a sustainable <strong>and</strong> mature<br />
capability over time.<br />
To support the implementation, a large amount <strong>of</strong> planning <strong>and</strong> development has already been undertaken <strong>and</strong><br />
includes:<br />
• Governance re<strong>for</strong>ms:<br />
• Reviewing all aspects <strong>of</strong> the agency’s strategic planning processes.<br />
• Creating ‘Risk Leads’ at the senior executive level, which are a single point <strong>of</strong> accountability <strong>for</strong> analytical<br />
management <strong>of</strong> each risk.<br />
• Creating a Risk Management Board.<br />
• Developing a per<strong>for</strong>mance measurement system around the risk-based model that reduces uncertainty<br />
around the risk environment.<br />
• Emphasis on taking stock <strong>of</strong> Customs <strong>and</strong> Border Protection’s position re Border <strong>and</strong> Enabling Risks at<br />
mid- <strong>and</strong> end-<strong>of</strong>-year reviews.<br />
• Development <strong>of</strong> the following documents <strong>and</strong> processes:<br />
• Strategic Threat Assessment document.<br />
• An agency-wide Risk Plan that <strong>for</strong>ms the cornerstone <strong>of</strong> the agency’s approach.<br />
• Strategic Planning Guidance material.<br />
• Annual PIan. This outlines the core risk-driven priorities <strong>and</strong> investment decisions <strong>for</strong> the coming year.<br />
• Supporting Activities that include Risk Per<strong>for</strong>mance e-Reporting, regular reporting to the executive on<br />
per<strong>for</strong>mance, conducting a full end-<strong>of</strong>-year assessment on how risks have been managed.<br />
• Education campaigns that focus on validating risk assessments, testing new or different ways to deal with a<br />
Border Risk, ways to better focus ef<strong>for</strong>ts, filling knowledge gaps <strong>and</strong> testing perceived risks or vulnerabilities.<br />
• Practical exercises designed to test Customs <strong>and</strong> Border Protection’s capabilities <strong>and</strong> see if its assumptions<br />
on resulting threats are right.<br />
• Game changer workshops to develop innovative methods <strong>of</strong> intervention at the border.<br />
This phased approach is fully supported by the Executive <strong>and</strong> has allowed the agency to develop a sophisticated<br />
per<strong>for</strong>mance measurement system around the risk-based model, which will help it mature its approach to risk.<br />
Short-term benefits<br />
In the first cycle <strong>of</strong> implementing its risk-based model, Customs <strong>and</strong> Border Protection gained unprecedented<br />
visibility <strong>of</strong> its risk environment.<br />
For the first time, it was able to carry out assessments <strong>of</strong> each Border <strong>and</strong> Enabling Risk across the entire agency<br />
at the same time. More importantly, it fed these assessments directly into its strategic planning <strong>and</strong> resource<br />
allocation processes.<br />
Be<strong>for</strong>e introducing the new model, capital investment proposals were not linked to assessments <strong>of</strong> risk. With the<br />
new risk-based model, vulnerabilities that are critical, urgent or otherwise significant are prioritised <strong>for</strong> funding<br />
(through the Strategic Planning Guidance).<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
Risk Initiative Category – Honourable Mention – ACBPS<br />
39
Risk Initiative Category – Honourable Mention – ACBPS<br />
40<br />
Ultimately, these priorities are listed in the agency’s Annual Plan, which in turn connects directly to branch <strong>and</strong><br />
divisional plans where relevant line areas identify actions to address the gaps.<br />
Customs <strong>and</strong> Border Protection has seen the following results:<br />
• Scarce resources are being allocated to areas <strong>of</strong> highest risk first, based on explicit evaluations <strong>of</strong> both Border<br />
<strong>and</strong> Enabling Risk.<br />
• Single points <strong>of</strong> accountability spread across the organisation are responsible <strong>for</strong> assessing the alignment <strong>of</strong><br />
its capabilities with the risk environment.<br />
• Customs <strong>and</strong> Border Protection can now respond quickly <strong>and</strong> confidently to new <strong>and</strong> emerging threats<br />
because the risk assessment process is linked directly to the budget process.<br />
• All levels <strong>of</strong> the organisation are taking greater ownership <strong>for</strong> responding to risk gaps as accountability is<br />
embedded in its core planning documents.<br />
• Customs <strong>and</strong> Border Protection is reducing uncertainty by increasing its knowledge <strong>of</strong> the operating<br />
environment, measuring per<strong>for</strong>mance <strong>and</strong> validating the results.<br />
Long-term results<br />
This initiative is allowing Customs <strong>and</strong> Border Protection to more quickly <strong>and</strong> confidently re-prioritise funding to<br />
manage emerging threats <strong>and</strong> risks. It is also making sure the agency can readily adapt to changing government<br />
priorities, capabilities, planning <strong>and</strong> budgetary requirements.<br />
When fully mature, the risk-based approach will allow Customs <strong>and</strong> Border Protection to continuously:<br />
• Reassess the threats to the border <strong>and</strong> its business needs.<br />
• Evaluate the adequacy <strong>and</strong> effectiveness <strong>of</strong> its control strategies <strong>and</strong> enabling functions.<br />
• Develop initiatives to respond to identified gaps in controls <strong>and</strong> business functions.<br />
• Link these initiatives to the budget so that resources are allocated annually to areas <strong>of</strong> highest priority.<br />
The risk-based approach is also making it easier <strong>for</strong> Customs <strong>and</strong> Border Protection to contribute to the following<br />
government policies:<br />
• National security through strong border security.<br />
• Increased trading to allow more jobs to be created <strong>and</strong> increasing Australia’s prosperity.<br />
• Enhancing Australia’s economic prosperity through tourism.<br />
• Fiscal responsibility.<br />
When its risk-based approach is fully operational, Customs <strong>and</strong> Border Protection will be able to continuously<br />
reassess, evaluate <strong>and</strong> improve the threats to the border, control border strategies, identify <strong>and</strong> treat gaps in its<br />
controls <strong>and</strong> business functions, as well as link the strategies to the budget so resources are allocated annually to<br />
areas <strong>of</strong> highest priority.<br />
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies
<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />
41