02.10.2013 Views

Comcover Awards for Excellence - Department of Finance and ...

Comcover Awards for Excellence - Department of Finance and ...

Comcover Awards for Excellence - Department of Finance and ...

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012<br />

Case studies <strong>of</strong> award winning agencies<br />

AUSTRALIAN GOVERNMENT COMCOVER


<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012<br />

Case studies <strong>of</strong> award winning agencies<br />

Foreword<br />

I am pleased to present to you <strong>Comcover</strong>’s second case study booklet. It showcases the risk management<br />

practices <strong>of</strong> the award winners from <strong>Comcover</strong>’s <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> program in 2011.<br />

The <strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> recognise <strong>and</strong> reward those agencies that demonstrate innovation<br />

<strong>and</strong> leadership in the field <strong>of</strong> risk management.<br />

Each <strong>of</strong> these award winning agencies has put <strong>for</strong>ward examples <strong>of</strong> excellence that highlight how it<br />

approached the challenges <strong>of</strong> implementing effective risk frameworks, programs <strong>and</strong> systems.<br />

Nominations in the 2011 <strong>Awards</strong> program reflected the importance <strong>of</strong> ensuring an agency’s approach to<br />

managing risk is aligned with its strategic objectives.<br />

A number <strong>of</strong> winning agencies in the Enterprise-Wide Risk Management Category identified the need to<br />

review <strong>and</strong> update their frameworks to reflect changes to their operating environment. As a result there<br />

is a greater focus on accountability <strong>and</strong> responsibility <strong>for</strong> managing risk; a clear underst<strong>and</strong>ing <strong>of</strong> the<br />

importance <strong>of</strong> integrating risk with other governance processes; <strong>and</strong> recognition <strong>of</strong> the benefit in aligning<br />

the agency’s risk framework with its outcomes.<br />

Award winners in this year’s Risk Initiative Category are diverse. Each has demonstrated that by having the<br />

appropriate systems <strong>and</strong> processes in place to manage risk, it is possible to develop a culture where the<br />

consideration <strong>of</strong> risk provides opportunity <strong>for</strong> agency improvement.<br />

A key objective <strong>of</strong> the <strong>Awards</strong> program is to facilitate the sharing <strong>of</strong> in<strong>for</strong>mation. I encourage agencies to<br />

read the case studies <strong>and</strong> make contact with award winners to gain further insight into how they have<br />

influenced better management <strong>of</strong> risk within their agency.<br />

<strong>Comcover</strong> will draw on the experience <strong>of</strong> each <strong>of</strong> the award winners to help demonstrate examples <strong>of</strong><br />

better practice <strong>for</strong> our education program, <strong>and</strong> in the future development <strong>of</strong> better practice tools <strong>and</strong><br />

templates.<br />

Robert Higgins<br />

Manager<br />

<strong>Comcover</strong><br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

1


2<br />

Contents<br />

ENTERPRISE-WIDE RISK MANAGEMENT CATEGORY<br />

Highly Commended <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry 4<br />

Highly Commended Australian Taxation Office 7<br />

Honourable Mention <strong>Department</strong> <strong>of</strong> Immigration <strong>and</strong> Citizenship 11<br />

Honourable Mention <strong>Department</strong> <strong>of</strong> Human Services 15<br />

RISK INITIATIVE CATEGORY<br />

Winner Australian Taxation Office 20<br />

Highly Commended <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (Asian Gypsy Moth) 23<br />

Highly Commended Australian Maritime Safety Authority 26<br />

Highly Commended Bureau <strong>of</strong> Meteorology 30<br />

Honourable Mention <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (Aquatic Animal Health) 34<br />

Honourable Mention Australian Customs <strong>and</strong> Border Protection Service 38<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


ENTERPRISE-WIDE RISK MANAGEMENT CATEGORY<br />

Highly Commended <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry<br />

Highly Commended Australian Taxation Office<br />

Honourable Mention <strong>Department</strong> <strong>of</strong> Immigration <strong>and</strong> Citizenship<br />

Honourable Mention <strong>Department</strong> <strong>of</strong> Human Services


Enterprise-Wide Risk Management Category – Highly Commended – DAFF<br />

4<br />

<strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry<br />

Highly Commended<br />

Overview<br />

In 2009, the Secretary <strong>of</strong> the <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (DAFF), made revitalising the<br />

agency’s risk management framework a priority. At the heart <strong>of</strong> this was a comprehensive review <strong>of</strong> how the<br />

agency approached <strong>and</strong> managed risks.<br />

The agency acknowledged its previous risk management framework, while sound, was process-oriented <strong>and</strong><br />

complex. A new risk management framework was needed that would build a more agile, effective, adaptive<br />

<strong>and</strong> resilient organisation. Three guiding principles were identified:<br />

• Risk management should be part <strong>of</strong> everyday decision-making <strong>and</strong> not seen as a ‘bolt-on’ process.<br />

• DAFF should adopt a positive risk culture, moving from risk aversion to working with known <strong>and</strong><br />

calculated risks.<br />

• Staff should be empowered to actively manage risks as part <strong>of</strong> everyday decision-making.<br />

DAFF’s new risk management framework is underpinned by regular communication from the Secretary <strong>and</strong> the<br />

Executive, which sends a strong message about the importance <strong>of</strong> risk management, <strong>and</strong> ensures attention <strong>and</strong><br />

resources are dedicated to the task.<br />

The Risk Management Framework—creating the foundation to effectively manage risk<br />

DAFF’s new governance framework has integrated the management <strong>of</strong> risk into all key business functions,<br />

processes, systems, programs <strong>and</strong> projects. This means the Secretary, in consultation with the Executive<br />

Management Team (EMT), can determine, communicate <strong>and</strong> review DAFF’s risk appetite in response to what is a<br />

dynamic operating environment.<br />

The Risk Policy set out in the Chief Executive Instructions, identifies risk management as an essential part <strong>of</strong><br />

the agency’s strategic approach. The policy makes sure the <strong>Department</strong> is well placed to underst<strong>and</strong> <strong>and</strong> better<br />

manage its risks <strong>and</strong> fulfill its accountability requirements.<br />

Integrating risk management<br />

By integrating risk management vertically <strong>and</strong> horizontally into its governance, planning <strong>and</strong> per<strong>for</strong>mance<br />

management processes, DAFF made sure risk management became a m<strong>and</strong>ated part <strong>of</strong> business planning at<br />

the agency.<br />

It did this by bringing the three separate elements <strong>of</strong> business planning, business risks <strong>and</strong> business reporting,<br />

onto one plat<strong>for</strong>m. This new system, called ‘e-plan’, allowed corporate in<strong>for</strong>mation to be automatically populated<br />

into planning, risk <strong>and</strong> per<strong>for</strong>mance plans, <strong>and</strong> removed any possibility <strong>for</strong> human error.<br />

It also allowed risk levels to be automatically calculated, with users able to select sources <strong>of</strong> risk from drop down<br />

boxes. This allowed risk pr<strong>of</strong>iles to be calculated in minutes rather than days, <strong>and</strong> areas <strong>of</strong> risk growth to be easily<br />

identified <strong>and</strong> treated.<br />

While the new system supports <strong>and</strong> integrates risk more effectively into day-to-day business, DAFF has not<br />

changed its existing integration model, which still allows risk in<strong>for</strong>mation to flow through the <strong>Department</strong><br />

smoothly <strong>and</strong> be readily accessible by all senior executives.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


DAFF regularly reviews, evaluates <strong>and</strong> updates its revamped risk management framework documents <strong>and</strong><br />

processes. Thanks to the successful implementation <strong>of</strong> ‘e-plan’, the review <strong>of</strong> risks has now become automated<br />

<strong>and</strong> far easier to manage. Risk in<strong>for</strong>mation is always in real time <strong>and</strong> relevant to day-to-day business.<br />

Championing risk initiatives<br />

DAFF has worked to create a positive risk culture that emphasises the benefits <strong>of</strong> risk management in achieving<br />

the organisation’s objectives. It has embedded risk in the agency’s framework. Importantly, the Secretary <strong>and</strong> the<br />

Executive drive this culture in the <strong>Department</strong> by championing risk initiatives <strong>and</strong> processes.<br />

Implementing strategies, plans <strong>and</strong> processes<br />

Crucial to DAFF’s successful implementation <strong>of</strong> a new <strong>and</strong> agency-wide risk management program, is the top<br />

down commitment from the Secretary <strong>and</strong> Executive to providing the necessary financial, technical <strong>and</strong> human<br />

resources needed to manage risk effectively <strong>and</strong> efficiently.<br />

Responsibility <strong>for</strong> coordinating risk management across the <strong>Department</strong> lies with DAFF’s Business Assurance<br />

& Risk Branch. It funds the dedicated Risk Management Team (RMT), which has three full-time <strong>of</strong>ficers. The RMT<br />

coordinates <strong>and</strong> provides risk management advice <strong>and</strong> support across the agency.<br />

The <strong>Department</strong> has also <strong>for</strong>med a risk branch to drive the biosecurity re<strong>for</strong>m process <strong>and</strong> has various<br />

specialist areas.<br />

The RMT developed an organisation-wide strategy to implement, monitor, review <strong>and</strong> continuously improve<br />

the Enterprise-wide Risk Management Framework. In implementing this strategy the RMT:<br />

• Reviews <strong>and</strong> updates risk management methodologies <strong>and</strong> tools.<br />

• Implements <strong>and</strong> monitors DAFF’s risk management program, including specialist risk activities.<br />

• Analyses risk in<strong>for</strong>mation <strong>and</strong> prepares a range <strong>of</strong> risk reports.<br />

• Communicates risk in<strong>for</strong>mation.<br />

• Provides risk management learning <strong>and</strong> development opportunities.<br />

Communication <strong>and</strong> training<br />

As part <strong>of</strong> its ef<strong>for</strong>ts to effectively communicate risk in<strong>for</strong>mation, DAFF consults widely with both internal<br />

<strong>and</strong> external stakeholders to make sure risk sensitivity <strong>and</strong> emerging issues <strong>and</strong> opportunities are included<br />

in risk analysis. External stakeholders include agriculture, food <strong>and</strong> fibre industries, other Australian <strong>and</strong> state<br />

government agencies, consumer <strong>and</strong> community interest groups, <strong>and</strong> those involved across the biosecurity<br />

spectrum.<br />

The agency established a divisional risk network to champion risk management, <strong>and</strong> to provide points <strong>of</strong><br />

contact <strong>for</strong> all risk issues. It also provides feedback to the RMT on risk initiatives <strong>and</strong> risk mentoring.<br />

DAFF carries out risk management training to make sure staff members have the knowledge <strong>and</strong> skills they<br />

need to effectively manage risk in business operations, <strong>and</strong> <strong>of</strong>fers a tiered risk management training program<br />

<strong>for</strong> all staff.<br />

As well as ‘Risk 101’ <strong>and</strong> risk scenario training, the <strong>Department</strong> also provides training on its risk tools.<br />

Once developed <strong>and</strong> released from the development plat<strong>for</strong>m, training was provided on the new system<br />

‘e-plan’, which was designed to be intuitive <strong>and</strong> simple to use. One <strong>of</strong> its primary objectives was to reduce<br />

red tape <strong>and</strong> streamline the whole planning, risk <strong>and</strong> reporting functions. Feedback indicates all <strong>of</strong> these<br />

objectives have been met.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Enterprise-Wide Risk Management Category – Highly Commended – DAFF<br />

5


Enterprise-Wide Risk Management Category – Highly Commended – DAFF<br />

6<br />

Business continuity<br />

DAFF has successfully developed an agency-wide risk management framework that supports its business<br />

objectives.<br />

The agency’s risk pr<strong>of</strong>iling <strong>and</strong> reporting framework is a key input into business planning <strong>and</strong> per<strong>for</strong>mance<br />

management activities. Strategic <strong>and</strong> key business risks are regularly reviewed, with risk assessment a normal<br />

part <strong>of</strong> the annual business planning <strong>and</strong> reporting cycle.<br />

As part <strong>of</strong> its business continuity program, DAFF undertakes a risk based Business Impact Analysis to identify<br />

critical functions, dependencies, workarounds <strong>and</strong> the maximum acceptable outage times. All divisional<br />

executive managers <strong>and</strong> key divisional staff were involved in this process, <strong>and</strong> the outcomes endorsed by the<br />

Secretary <strong>and</strong> EMT in November 2009.<br />

The <strong>Department</strong> regularly tests its business continuity framework by working through scenarios. These<br />

culminate in an annual live exercise that is held late in the year. Exercise scenarios are based on potential risk<br />

events <strong>and</strong> an exercise planning team that includes representatives from affected divisions are <strong>for</strong>med to plan,<br />

organise <strong>and</strong> evaluate the exercise. All live exercises are also evaluated externally, with lessons learned used in the<br />

annual review <strong>and</strong> update <strong>of</strong> the business continuity framework.<br />

Results<br />

DAFF’s revitalised risk management framework <strong>and</strong> program has ensured risk management has become a part <strong>of</strong><br />

everyday decision making processes. Risk management is integrated into the planning <strong>and</strong> reporting process <strong>of</strong><br />

the department, <strong>and</strong> links the agency’s management <strong>of</strong> risk within the overarching governance structures.<br />

Championed by the Secretary, there is a top-down commitment to risk management that is complemented by<br />

training <strong>and</strong> communication activities <strong>for</strong> all staff. This has helped to foster a positive approach to risk, with the<br />

increasing realisation the <strong>Department</strong> should not be risk averse but have a better underst<strong>and</strong>ing <strong>of</strong> its risks, so it<br />

can take known <strong>and</strong> calculated risks.<br />

The introduction <strong>of</strong> ‘e-plan’ has dramatically reduced the amount <strong>of</strong> administration <strong>and</strong> errors the legacy systems<br />

had built in. All business planning, risk <strong>and</strong> reporting functions are now in ‘real time’, which means in<strong>for</strong>mation is<br />

up-to-date <strong>and</strong> 100% accurate. This gives further reassurance to the Executive.<br />

The <strong>Department</strong> has also seen improvements in how staff view risk training. Since the <strong>Department</strong> started<br />

running ‘Risk 101’ training just over a year ago, more than 750 <strong>of</strong>ficers (from SES B<strong>and</strong> 2 to APS 2) have taken part.<br />

The training is now being rolled out nationwide to front line <strong>of</strong>ficers, who have had risk training added as part <strong>of</strong><br />

their workplace agreement.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


Australian Taxation Office<br />

Highly Commended<br />

Overview<br />

Australian Government<br />

Australian Taxation Office<br />

The Australian Taxation Office (ATO) has over 20 000 staff across 25 business lines. It manages millions <strong>of</strong><br />

transactions every year from registrations <strong>and</strong> lodgments though to payments, refunds <strong>and</strong> debts.<br />

Given the scale <strong>of</strong> its operations, the agency already had a well-embedded <strong>and</strong> mature risk management<br />

capability <strong>and</strong> culture in its compliance areas, which had been recognised internationally. The challenge <strong>for</strong><br />

the ATO was to introduce an enterprise-wide risk management framework that continued to develop its<br />

management <strong>of</strong> compliance risks, while extending it to cover all enterprise risks in an increasingly complex<br />

organisation.<br />

The ATO’s enterprise-wide risk management approach was designed to:<br />

• Strengthen the integration <strong>of</strong> risk management activity across all areas <strong>of</strong> the ATO.<br />

• Underst<strong>and</strong> the range <strong>of</strong> risks as a ‘system’.<br />

• Manage risks <strong>and</strong> take advantage <strong>of</strong> opportunities that arose from that underst<strong>and</strong>ing.<br />

The Risk Management Framework—creating the foundation to effectively manage risk<br />

Risk categories<br />

To make sure all risks were considered, the ATO developed a schema <strong>of</strong> enterprise risk categories that organised<br />

risk in<strong>for</strong>mation into 22 categories. One <strong>of</strong> the key features <strong>of</strong> the framework is that it is enterprise wide, <strong>and</strong><br />

operates independently <strong>of</strong> organisational structures.<br />

Sub-categories carry risk descriptions that clarify what the impact would be if a business outcome were not<br />

achieved. An Enterprise Risk Owner (typically SES B<strong>and</strong> 2) is appointed <strong>for</strong> each risk category. All risks identified<br />

at enterprise, operational <strong>and</strong> tactical levels map to the most relevant risk category <strong>and</strong> are subject to the risk<br />

management process. This makes sure mitigation strategies <strong>and</strong> controls remain effective.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Enterprise-Wide Risk Management Category – Highly Commended – ATO<br />

7


Enterprise-Wide Risk Management Category – Highly Commended – ATO<br />

8<br />

ATO Enterprise Risk Wheel - Level 0 <strong>and</strong> 1 risk categories<br />

1. Certainty through Advice Law Interpretation<br />

2. Certainty through Litigation<br />

ER-11<br />

Policy Advice & Design<br />

1. Assist Law Development<br />

ER-15<br />

2. Administrative Design<br />

Business Reporting Services<br />

1. Australian Business Register ER-02<br />

2. St<strong>and</strong>ard Business Reporting<br />

Rating risk<br />

1. Income Tax<br />

2. GST<br />

3. Superannuation<br />

4. Excise<br />

1. Tax Crime<br />

2. ATP<br />

3. Cash Economy<br />

Tax & Super Compliance<br />

ER-18<br />

Major Tax Integrity Threats<br />

ER-13<br />

Other<br />

Business<br />

Tax & Super<br />

Administration<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Transfers Compliance<br />

ER-21<br />

Stakeholder<br />

Engagement<br />

1. Grants<br />

1. Work Allocation<br />

2. Benefits<br />

2. Returns Processing<br />

3. <strong>of</strong>fsets<br />

3. Refunds Processing<br />

4. Debt Management<br />

Product & Payment Processing 5. Call Centres<br />

6. Client Registrations<br />

ER-16<br />

1. Revenue Tracking<br />

2. Liabilities Raised<br />

3. Payment Compliance<br />

Tax Revenue<br />

ER-19<br />

Community Engagement<br />

ER-04<br />

1. Large<br />

2. SM&E<br />

3. Micro<br />

4. Individuals<br />

5. Govt / NFP<br />

6. Tax & BAS Agents<br />

1. Client Service<br />

2. Channel Management<br />

Client Experience 3. Compliance Cost (exc Lge Busi<br />

ER-03<br />

4. Compliance Cost<br />

1. Ministers<br />

2. Treasury<br />

3. States<br />

Government Engagement<br />

4. External Scrutineers<br />

ER-09<br />

5. Other Aust Agencies<br />

6. International<br />

Valuation Services<br />

1. Valuations ER-22<br />

Business Continuity<br />

1. Policy & Planning<br />

2. Oversight<br />

Governance 3. Reputation Management<br />

1. Business Continuity ER-01<br />

Enabling Capabilities<br />

ER-08 4. Risk Management<br />

5. Regulatory Compliance<br />

6. Assurance<br />

Enterprise Change<br />

1. Change Program ER-05<br />

2. Other Projects<br />

7. Internal Fraud<br />

<strong>Finance</strong> 1. Budget<br />

2. Account<br />

ER-07 3. Transact<br />

4. Procure<br />

Technology<br />

1. Invest ER-20<br />

2. Change<br />

5. Contract & Outsource<br />

People<br />

1. Retain<br />

ER-14 2. Develop<br />

3. Sustain Knowledge<br />

ER-10<br />

1. In<strong>for</strong>mation Management<br />

2. Knowledge Sharing Security & Privacy<br />

3. Engage<br />

Facilities 4. Environment<br />

ER-06<br />

5. Ethics & Values<br />

Legal Support 1. Accommodation<br />

1. People<br />

2. Physical<br />

3. Technology<br />

4. In<strong>for</strong>mation<br />

5. Privacy<br />

ER-17 ER-12<br />

1. Advise<br />

2. Defend<br />

3. Litigate<br />

2. Maintenance<br />

3. Environmental Management<br />

The ATO recognises that risk management occurs at all levels <strong>of</strong> decision-making. Through the use <strong>of</strong> risk<br />

matrices that vary in complexity, risks can be defined, rated <strong>and</strong> managed at the enterprise, operational <strong>and</strong><br />

tactical levels, with varying levels <strong>of</strong> ef<strong>for</strong>t. This ensures a more cost effective use <strong>of</strong> resources, by spending less<br />

time on simple risks <strong>and</strong> more on complex <strong>and</strong> important risk decisions.<br />

Tailored consequence criteria<br />

Complementing the ATO’s risk rating matrices are tailored consequence criteria <strong>for</strong> each <strong>of</strong> the 22 risk categories.<br />

These consequence criteria allow accurate articulation <strong>of</strong> risk tolerances <strong>and</strong> there<strong>for</strong>e accurate rating <strong>of</strong> the<br />

ATO’s risks.<br />

The ATO’s Enterprise Risk Management approach provides:<br />

• A framework to categorise, manage <strong>and</strong> report all risks in a consistent <strong>and</strong> systematic way irrespective <strong>of</strong><br />

organisational structures.<br />

• Minimal overlap <strong>of</strong> risks by organising risks into ‘pools’ under the risk categories.<br />

• Cost effective use <strong>of</strong> resources, focusing resources on the higher priority risks <strong>and</strong> less on risks within tolerance.<br />

• A mechanism <strong>for</strong> escalating knowledge gained from intelligence activities to risk owners <strong>for</strong> quick action.<br />

• A system view <strong>of</strong> risks, including how risks may drive <strong>and</strong> impact each other.<br />

• A vehicle to integrate specialist risks such as tax technical decision-making, OH&S, business continuity <strong>and</strong><br />

security.<br />

• A map <strong>of</strong> risk events from drivers through to business impact.<br />

• A visual reminder that each category <strong>of</strong> identified risk requires consideration.


Accountability <strong>and</strong> responsibility<br />

The ATO’s enterprise-wide risk management system hinges on everyone in the organisation—from senior leaders<br />

to individual employees—being accountable <strong>and</strong> responsible <strong>for</strong> risk.<br />

Second Commissioners are Portfolio Risk Leaders <strong>and</strong>:<br />

• Oversee <strong>and</strong> resolve issues across a portfolio <strong>of</strong> enterprise risks.<br />

• Emphasise the importance <strong>of</strong>, <strong>and</strong> embed risk management into, governance activities, planning, resource<br />

allocation, <strong>and</strong> reporting.<br />

• Instigate independent risk assessments.<br />

Accountability <strong>for</strong> specific enterprise risks rests with the Enterprise Risk Owners. These people are typically Deputy<br />

Commissioners (Senior Executive Service B<strong>and</strong> 2). By making risk categories independent <strong>of</strong> organisational<br />

structures, the ATO has enabled a more flexible approach to managing risks <strong>and</strong> provided an end-to-end view <strong>of</strong><br />

them. This encourages greater communication between risk owners <strong>and</strong> risk managers across the agency <strong>and</strong><br />

has led to a more considered, consistent <strong>and</strong> integrated approach to risk management.<br />

Risk managers are appointed to specific risk areas. They are responsible <strong>for</strong> implementing risk treatments,<br />

identifying <strong>and</strong> assessing risks <strong>and</strong> the effectiveness <strong>of</strong> controls, <strong>and</strong> providing advice to enterprise risk owners on<br />

the status <strong>of</strong> operational risks within their categories.<br />

All employees play a role in managing risks, <strong>and</strong> some have specific risk responsibilities.<br />

Overarching these specific day-to-day responsibilities is the Chief Knowledge Officer, who is <strong>for</strong>mally accountable<br />

as the capability leader <strong>for</strong> risk management practice within the ATO. This Officer receives advice on the agency’s<br />

risk management capability from the Risk <strong>and</strong> Intelligence Forum, which is made up <strong>of</strong> SES (B<strong>and</strong> 1) <strong>of</strong>ficers. And<br />

finally, the ATO’s Audit Committee oversees internal governance <strong>and</strong> assurance policy to monitor <strong>and</strong> evaluate<br />

internal controls, including risk management.<br />

Integrating risk management into business<br />

Consideration <strong>of</strong> enterprise risks is incorporated into the ATO’s annual planning, budgeting <strong>and</strong> review processes,<br />

ensuring considerations <strong>of</strong> priority <strong>and</strong> resource allocation are made <strong>for</strong> the management <strong>of</strong> the risks. The<br />

enterprise risk categories ensure that this process is deliberate in encompassing the range <strong>of</strong> corporate risks.<br />

The ATO has developed a one-stop shop approach to storing <strong>and</strong> managing risk in<strong>for</strong>mation.<br />

Built on Micros<strong>of</strong>t SharePoint, the new Enterprise Risk Register is an active real-time resource <strong>for</strong> all providers <strong>and</strong><br />

users <strong>of</strong> risk in<strong>for</strong>mation. It is a collaborative plat<strong>for</strong>m that allows multiple perspectives <strong>and</strong> integration with risk<br />

assessments <strong>and</strong> related records.<br />

The Register is structured around ATO risk categories <strong>and</strong> features:<br />

• Central <strong>and</strong> accessible recording <strong>of</strong> all enterprise <strong>and</strong> operational risks—mapped to the risk category.<br />

• Identification <strong>of</strong> major risk interdependencies, similarities in risks but different approaches to treatments, <strong>and</strong><br />

potential duplication <strong>of</strong> risks <strong>and</strong> some potential risk gaps.<br />

• Search function, reporting function, announcements <strong>and</strong> alerts.<br />

• Storage <strong>of</strong> supporting reports.<br />

Resourcing<br />

A small corporate risk team manages <strong>and</strong> guides the implementation <strong>of</strong> enterprise risk management. This<br />

includes developing risk policy, procedures <strong>and</strong> support tools, developing <strong>and</strong> implementing the risk register,<br />

collaborating with learning <strong>and</strong> development pr<strong>of</strong>essionals in risk training product development, delivering risk<br />

training <strong>and</strong> providing ongoing advice <strong>and</strong> guidance on risk matters.<br />

At an operational level risk committees review risk assessments, including new <strong>and</strong> emerging ones, relevant to<br />

their role <strong>and</strong> specific areas <strong>of</strong> responsibility.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Enterprise-Wide Risk Management Category – Highly Commended – ATO<br />

9


Enterprise-Wide Risk Management Category – Highly Commended – ATO<br />

10<br />

At an enterprise-wide level, enterprise risk owners identify the most significant risks (including emerging ones)<br />

<strong>and</strong> these are considered in corporate <strong>for</strong>ums. Discussion <strong>of</strong> these risks builds a wider underst<strong>and</strong>ing across the<br />

senior leadership group <strong>of</strong> the risk l<strong>and</strong>scape <strong>and</strong> systemic shifts or trends.<br />

The ATO Risk <strong>and</strong> Intelligence Forum brings together leaders with a risk management focus from across the<br />

organisation to consider aspects <strong>of</strong> risk management capability, including levels <strong>of</strong> resourcing, training needs, any<br />

capability gaps as well as recruitment opportunities. This <strong>for</strong>um has been instrumental in improving in<strong>for</strong>mation<br />

sharing <strong>and</strong> consistency in how risk management is applied across the organisation.<br />

Communication <strong>and</strong> training<br />

The development <strong>of</strong> specific job pr<strong>of</strong>iles, a tailored learning <strong>and</strong> development curriculum <strong>and</strong> learning pathway<br />

<strong>for</strong> risk roles, provides the basis <strong>for</strong> recognising <strong>and</strong> developing the competence <strong>of</strong> specialist risk capabilities.<br />

In addition, the ATO identifies both in its policy <strong>and</strong> through individual employee roles, that managing risk is<br />

everyone’s responsibility.<br />

Risk training courses recognise the various levels <strong>of</strong> risk capability required. New ATO employees receive a specific<br />

risk module as part <strong>of</strong> their induction. In addition, a further basic e-learning package is available <strong>for</strong> all staff.<br />

More specialised training—from basic to advanced—is available using a variety <strong>of</strong> learning methods <strong>and</strong> is<br />

delivered by risk experts.<br />

Risk in<strong>for</strong>mation is communicated agency wide via an intranet, the staff bulletin, <strong>and</strong> in a monthly newsletter <strong>for</strong><br />

risk specialists. Monthly meetings are also held <strong>for</strong> all Enterprise Risk Owner contacts to discuss practical issues<br />

<strong>and</strong> any lessons learned.<br />

Meanwhile SMS messaging is used to keep managers apprised <strong>of</strong> critical incidents with impacted staff updated<br />

through email. Employees working on longer-term mitigation strategies are in<strong>for</strong>med through business<br />

reporting.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


<strong>Department</strong> <strong>of</strong> Immigration <strong>and</strong> Citizenship<br />

Honourable Mention<br />

Overview<br />

In October 2009 the Secretary <strong>of</strong> the <strong>Department</strong> <strong>of</strong> Immigration <strong>and</strong> Citizenship (DIAC), Andrew Metcalfe,<br />

announced he had set a challenge: to make the <strong>Department</strong> the best immigration <strong>and</strong> citizenship agency in the<br />

world. He wanted to make sure the agency could compete in global markets <strong>and</strong> attract the best migrants <strong>and</strong><br />

skilled workers Australia needs.<br />

As a result, the <strong>Department</strong> commissioned a complete review <strong>of</strong> its organisational structure <strong>and</strong> operations.<br />

The enterprise-wide risk management framework that was developed from this challenge has had a huge impact<br />

on how the agency conducts its business. Key outcomes include:<br />

• Major structural changes that have improved accountability.<br />

• Rollout <strong>of</strong> the Global Manager has increased focus on per<strong>for</strong>mance in the client service network, <strong>and</strong> delivered<br />

improvements in service delivery.<br />

• Work placement changes <strong>and</strong> improvements to service channels.<br />

• Greater focus on operational <strong>and</strong> strategic risks.<br />

• Improved quality <strong>and</strong> per<strong>for</strong>mance <strong>of</strong> internal business services.<br />

• Plans are being developed to simplify visas.<br />

The Risk Management Framework—creating the foundation to effectively manage risk<br />

DIAC’s trans<strong>for</strong>mation process has been translated into an enterprise-wide risk management system that serves<br />

a complex organisation. This system is based on three principles:<br />

• Strategic <strong>and</strong> Tactical Risk Map.<br />

• Risk Triangle (operationally focused).<br />

• Risk Appetite.<br />

Senior executive <strong>of</strong>ficers were involved in the review <strong>of</strong> the risk management processes, procedures <strong>and</strong><br />

documentation, <strong>and</strong> endorsed the embedding <strong>of</strong> risk management into the agency’s daily activities. This ensured<br />

the creation <strong>of</strong> sound strategic planning, decision-making <strong>and</strong> accountability, <strong>and</strong> also identified the agency’s risk<br />

appetite.<br />

Identifying executive staff as risk champions <strong>and</strong> giving them risk responsibilities was fundamental to ensuring a<br />

sound enterprise-wide risk management framework.<br />

Risk, Fraud <strong>and</strong> Integrity Division<br />

A Risk, Fraud <strong>and</strong> Integrity Division (RFID) was established just over a year ago as a result <strong>of</strong> the trans<strong>for</strong>mation.<br />

RFID has over 245 staff providing specialised risk <strong>and</strong> fraud services across the <strong>Department</strong>’s business functions.<br />

The division consists <strong>of</strong> a diverse range <strong>of</strong> integrity <strong>and</strong> risk-related areas that had previously been dispersed<br />

throughout the <strong>Department</strong>. It brought all these related areas together in a bid to centralise, enhance <strong>and</strong><br />

streamline risk <strong>and</strong> integrity-related functions.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Enterprise-Wide Risk Management Category – Honourable Mention – DIAC<br />

11


Enterprise-Wide Risk Management Category – Honourable Mention – DIAC<br />

12<br />

RFID gives the <strong>Department</strong> intelligence <strong>and</strong> analytical capabilities to address <strong>and</strong> to respond to existing risk,<br />

including risks that have, traditionally, not been visible. It is continuing to deploy new approaches, techniques <strong>and</strong><br />

tools that build on past experience, recognise the current environment, anticipate the future <strong>and</strong> prepare DIAC to<br />

manage emerging risks.<br />

In other initiatives, a recent collaboration involving Detention Services, RFID <strong>and</strong> PriceWaterhouse Coopers,<br />

developed an overarching risk assessment <strong>for</strong> managing the Detention Services Contract nationally, <strong>and</strong> a suite <strong>of</strong><br />

site-specific assessments <strong>and</strong> quality assurance programs at each Immigration Detention Centre <strong>and</strong> facility.<br />

This work is significant because it helps DIAC manage its critical strategic risk as it relates to the management <strong>of</strong><br />

irregular maritime arrivals.<br />

DIAC Strategic Plan<br />

Divisional<br />

Business Plans<br />

Service Delivery<br />

Network Plans,<br />

Branch <strong>and</strong> Section<br />

Business Plans<br />

Implementing strategies, plans <strong>and</strong> processes<br />

DIAC<br />

Risk Management Plan Hierarchy<br />

Strategic<br />

Risk<br />

DIAC Strategic Risk Map<br />

Tactical Risk<br />

Division Risk Management Plans<br />

Operational Risk<br />

Risk Plans:<br />

Service Delivery Network + Branch + Section + One-<strong>of</strong>f (e.g new<br />

contract, project etc.)<br />

DIAC Risk Management Framework<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

DIAC Strategic<br />

Priorities<br />

DIAC Outcomes<br />

DIAC Programs <strong>and</strong><br />

Policies<br />

Contracts, Projects,<br />

Business as Usual<br />

DIAC has automated its risk assessment tools <strong>and</strong> linked them to strategic <strong>and</strong> tactical risks, which generate ‘heat<br />

maps’ <strong>for</strong> both strategic <strong>and</strong> program specific purposes. These maps are easily read <strong>and</strong> understood, <strong>and</strong> allow<br />

executive staff to quickly identify emerging <strong>and</strong> ongoing risk issues as well as identifying gaps in the risk matrix.<br />

This signifies a much improved analysis <strong>of</strong> data generated from completed risk assessments.<br />

In addition, a Risk Management Helpdesk was created <strong>and</strong> operates from the RFID. It provides both <strong>for</strong>mal <strong>and</strong><br />

ad hoc risk advice to the agency.<br />

DIAC’s framework gives its stakeholders, staff, contractors <strong>and</strong> ministers assurance that risks, including business<br />

continuity <strong>and</strong> monitoring arrivals, are being managed.<br />

The agency is working to integrate risk management processes into its daily activities.


Communication <strong>and</strong> training<br />

To support <strong>and</strong> help staff underst<strong>and</strong> their risk management responsibilities <strong>and</strong> departmental processes, a Risk<br />

Management Helpdesk was set up within the RFID. It accesses specialist risk expertise <strong>and</strong> provides advice to all<br />

areas within the department. The Helpdesk plays three roles:<br />

• Identifies risks within programs <strong>and</strong> projects.<br />

• Tailors risk <strong>and</strong> fraud training to individual areas.<br />

• Provides general ad hoc in<strong>for</strong>mation about risk management.<br />

To further communicate <strong>and</strong> provide training to staff, risk management <strong>and</strong> fraud training is <strong>for</strong>mally<br />

incorporated into the following training courses: induction, executive level, overseas preparation <strong>and</strong> compliance<br />

<strong>of</strong>ficer. As part <strong>of</strong> the induction process, new staff must complete the risk management <strong>and</strong> fraud awareness<br />

e-learning courses. These are now m<strong>and</strong>atory <strong>for</strong> all staff entering the <strong>Department</strong>, regardless <strong>of</strong> level.<br />

In addition, all staff must now complete the fraud awareness e-learning course every two years.<br />

DIAC risk specialists have developed a number <strong>of</strong> governance-themed online learning courses, such as Values <strong>and</strong><br />

Conduct, Business Continuity <strong>and</strong> Quality Assurance, <strong>for</strong> departmental staff. These link to the risk management<br />

e-learning course as a pre-requisite, ensuring risk definition, methodology, accountability <strong>and</strong> measures are being<br />

consistently used throughout the department.<br />

To support <strong>and</strong> complement risk management training, a reference suite <strong>of</strong> documents has been developed<br />

to guide staff. These reference <strong>and</strong> training materials provide advice to staff on underst<strong>and</strong>ing DIAC’s risk<br />

management processes, completing the risk assessment template, <strong>and</strong> underst<strong>and</strong>ing their responsibilities <strong>for</strong><br />

actively managing the risks that fall within their area <strong>of</strong> responsibility.<br />

To make sure pr<strong>of</strong>iling <strong>and</strong> reporting <strong>of</strong> risk is effective, the <strong>Department</strong> has created a Central Risk Register. This is<br />

developed each year <strong>and</strong> is a record <strong>of</strong> all the risks identified across agency risk management plans.<br />

Risk reporting<br />

One <strong>of</strong> the first tools instigated by the RFID, over 12 months ago, was integrity scans <strong>of</strong> major departmental<br />

programs. These have had a great impact on identifying risks, proposed risk owners <strong>and</strong> risk treatment owners,<br />

<strong>and</strong> have been well received by important stakeholders across the <strong>Department</strong>.<br />

A summary report <strong>of</strong> integrity scans is provided to the <strong>Department</strong>al Executive Committee on a monthly basis.<br />

This monitors the <strong>Department</strong>’s progress in addressing concerns raised. Critical to the success <strong>of</strong> the process is<br />

obtaining agreement between the risk owner <strong>and</strong> the risk treatment owner on a course <strong>of</strong> action to mitigate any<br />

identified risk.<br />

Risk analysis <strong>and</strong> reporting is embedded in the governance structure <strong>of</strong> the <strong>Department</strong>al Audit Committee<br />

(DAC), by requiring all DAC reports to include comments on key risks <strong>and</strong> mitigation strategies. A rolling agenda <strong>of</strong><br />

items focussing on strategic, tactical <strong>and</strong> operational risk issues is also discussed <strong>and</strong> reviewed by the DAC.<br />

Business continuity<br />

The <strong>Department</strong> has a robust business continuity program, which is overseen by the <strong>Department</strong>al Audit<br />

Committee <strong>and</strong> <strong>Department</strong>al Executive Committee.<br />

Each <strong>of</strong> the <strong>Department</strong>’s 66 overseas posts has a business continuity plan (linked to the <strong>Department</strong> <strong>of</strong> Foreign<br />

Affairs <strong>and</strong> Trade plan at each Post). In addition there are 68 business continuity plans <strong>for</strong> onshore facilities <strong>and</strong><br />

discreet work areas within the National Office structure; these include plans <strong>for</strong> each immigration detention<br />

facility, DIAC staff located at airports <strong>and</strong> state <strong>and</strong> territory <strong>of</strong>fices.<br />

The <strong>Department</strong>’s business continuity program is an integral aspect <strong>of</strong> sound risk management. The<br />

identification <strong>of</strong> critical business functions is via a risk-based business impact analysis. This analysis considers<br />

the possible duration <strong>of</strong> business interruptions <strong>and</strong> what impacts they might have on each business area <strong>and</strong><br />

the business objectives <strong>of</strong> the <strong>Department</strong> as a whole.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Enterprise-Wide Risk Management Category – Honourable Mention – DIAC<br />

13


Enterprise-Wide Risk Management Category – Honourable Mention – DIAC<br />

14<br />

Underst<strong>and</strong>ing the need <strong>for</strong> business continuity plans within the <strong>Department</strong> is growing, particularly after the<br />

recent experiences in the Queensl<strong>and</strong> floods, the North Queensl<strong>and</strong> <strong>and</strong> Northern Territory cyclones, <strong>and</strong> damage<br />

to detention facilities due to rioting. In addition, a number <strong>of</strong> <strong>of</strong>fshore posts have utilised their plans in response<br />

to civil unrest, bombings <strong>and</strong>/or other major security situations.<br />

The agency’s business continuity contingency philosophy led to it setting up an Incident Response Unit. This<br />

coordinates DIAC’s ef<strong>for</strong>ts in whole-<strong>of</strong>-government response situations such as those that recently occurred in<br />

Christchurch, Cairo, Sendai <strong>and</strong> Libya.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


<strong>Department</strong> <strong>of</strong> Human Services<br />

Honourable Mention<br />

Overview<br />

When major agencies are amalgamated, a key issue is how to reconcile various risk management frameworks<br />

<strong>and</strong> create one new, overarching one. Questions that have to be answered include what are the benefits <strong>of</strong> the<br />

current risk frameworks, what is the breadth <strong>of</strong> work the new department will undertake <strong>and</strong> how might risk<br />

translate into such an organisation?<br />

These were the issues the <strong>Department</strong> <strong>of</strong> Human Services (DHS) had to tackle when on 1 July 2011, the merger<br />

<strong>of</strong> Medicare Australia, Centrelink, DHS <strong>and</strong> the Commonwealth Rehabilitation Service Australia was completed.<br />

(The integration <strong>of</strong> the portfolio agencies started in October 2004, <strong>and</strong> more recently, the melding <strong>of</strong> the<br />

agencies into one department was managed through a service delivery re<strong>for</strong>m agenda.)<br />

The consolidation <strong>of</strong> risk management was a vital issue in the amalgamation, as it impacted on all areas <strong>of</strong> the<br />

new agency. Throughout the process, it was important the agency not only defined its new risk culture <strong>and</strong><br />

appetite, but also incorporated the best <strong>of</strong> each agencies individual risk management frameworks into the new<br />

enterprise-wide one.<br />

The Risk Management Framework—creating the foundation to effectively manage risk<br />

The DHS amalgamation affected 38 000 people. Previously each agency had a chief executive <strong>of</strong>ficer <strong>and</strong> its own<br />

risk management framework that managed enterprise-wide risks differently.<br />

The first 12 months saw a melding process with the Executive looking <strong>for</strong>ward <strong>and</strong> shaping enterprise risks.<br />

Creating a new enterprise risk model<br />

An enterprise risk model was developed to underst<strong>and</strong> the new <strong>Department</strong>’s risk pr<strong>of</strong>ile <strong>and</strong> review the risks<br />

<strong>of</strong> individual agencies. This model included a set <strong>of</strong> high-level risk categories that described key facets <strong>of</strong> the<br />

business. Within each <strong>of</strong> these, a set <strong>of</strong> sub-categories was developed that refined the given risks. This risk<br />

categorisation model allowed the <strong>Department</strong> to easily capture in<strong>for</strong>mation about its risk distribution against<br />

important business categories.<br />

The <strong>Department</strong> uses an internally developed st<strong>and</strong>ard risk template to identify, capture <strong>and</strong> plan <strong>for</strong> how risks<br />

will be managed. This makes sure all business units apply a consistent level <strong>of</strong> discipline to their risk assessments.<br />

It also streamlines the collation <strong>of</strong> risks at an organisational level <strong>and</strong> allows <strong>for</strong> measurement <strong>and</strong> comparison <strong>of</strong><br />

similar risks.<br />

This approach makes sure risk accountability is embedded into every day program delivery. In addition, individuals<br />

have been identified as responsible <strong>for</strong> strategic risks. The elements <strong>of</strong> managing risk in the new department are<br />

evolving with the basic elements working together. Chief Executive’s Instructions issued on 1 July 2011 refer to the<br />

management <strong>of</strong> risk.<br />

While it is an ongoing process, a risk appetite has been created <strong>for</strong> the new department with identified<br />

boundaries <strong>and</strong> residual risks. As the <strong>Department</strong> continues to take on additional responsibilities, so this process<br />

will continue to evolve.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Enterprise-Wide Risk Management Category – Honourable Mention – DHS<br />

15


Enterprise-Wide Risk Management Category – Honourable Mention – DAFF<br />

16<br />

Implementing strategies, plans <strong>and</strong> processes<br />

The <strong>Department</strong> is still in the early stages <strong>of</strong> developing communication <strong>and</strong> education strategies. To make<br />

sure staff are equipped to identify <strong>and</strong> manage the risks associated with the new department, the <strong>Department</strong><br />

asks all workshop attendees to have carried out a risk assessment be<strong>for</strong>e attending courses. This is designed to<br />

increase their learning during the course.<br />

The Secretary is actively involved in strategic planning, is looking <strong>for</strong> best practice <strong>and</strong> is actively engaged in<br />

managing risk. The agency has identified the need <strong>for</strong> a consistent risk management process across the new<br />

department <strong>and</strong> draws on best practice to ensure acceptance across the different business areas.<br />

New risk management team<br />

Central to the <strong>Department</strong>’s risk management strategy is a dedicated risk management team. This team is<br />

responsible <strong>for</strong> maintaining the quality <strong>of</strong> the risk framework <strong>and</strong> policy <strong>and</strong> supports business units <strong>and</strong><br />

individuals.<br />

The team visits business units throughout the year to discuss, educate <strong>and</strong> deliver presentations on current risk<br />

issues. Project managers receive training in effective risk management <strong>and</strong> new starters are introduced to the<br />

<strong>Department</strong>’s risk processes <strong>and</strong> resources as part <strong>of</strong> their induction.<br />

A set <strong>of</strong> resources is available to all employees <strong>and</strong> includes:<br />

• Comprehensive intranet site, containing all risk documentation.<br />

• Templates providing st<strong>and</strong>ard base requirements <strong>for</strong> risk plans <strong>and</strong> assessment.<br />

• Support covering all aspects <strong>of</strong> the risk assessment <strong>and</strong> management process.<br />

• Access to advice <strong>and</strong> or help on planning <strong>and</strong> running risk workshops.<br />

Specialist risk teams<br />

Specialist risk activity attracts dedicated resources in the <strong>Department</strong>. For example, the ICT group maintains its<br />

own specialist risk team. The <strong>Department</strong>’s ICT arm accounts <strong>for</strong> considerable budget expenditure <strong>and</strong> outcomes<br />

<strong>and</strong> manages a diverse technology framework unparalleled in federal government.<br />

Each <strong>of</strong> the specialist risk teams works in concert with the <strong>Department</strong>’s risk management team. This provides<br />

assurance that risk activity remains consistent <strong>and</strong> in accordance with departmental policy objectives.<br />

Business units responsible <strong>for</strong> managing risk<br />

All business units in the <strong>Department</strong> are required to take responsibility <strong>for</strong> managing risks. This is designed to<br />

achieve two things: that business experts are assessing those risks most relevant to the delivery <strong>of</strong> services; <strong>and</strong><br />

reducing the risk associated with concentrating expertise in any single location.<br />

This model also allows business units to make tactical decisions in a controlled manner within an enterprise<br />

framework based on their expertise <strong>and</strong> the support <strong>of</strong> the <strong>Department</strong>’s risk appetite <strong>and</strong> culture.<br />

Overall, in a relatively short time, DHS has built the basic building blocks in its risk management framework, <strong>and</strong><br />

just needs time to establish the framework across the whole <strong>Department</strong>.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


Business continuity<br />

Supporting the <strong>Department</strong>’s risk management capability is the development <strong>of</strong> a comprehensive business<br />

continuity approach.<br />

The <strong>Department</strong> is <strong>of</strong>ten asked to respond, on behalf <strong>of</strong> government, to significant domestic <strong>and</strong> international<br />

emergencies. Often it is responding to natural disasters <strong>and</strong> providing on-the-ground resources <strong>for</strong> government,<br />

while simultaneously managing the recovery <strong>of</strong> its own infrastructure <strong>and</strong> resources. It had to do this, <strong>for</strong><br />

example, during Cyclone Yasi <strong>and</strong> the Queensl<strong>and</strong> <strong>and</strong> New South Wales floods <strong>of</strong> January 2011.<br />

To maintain ‘business as usual’ while also dedicating resources to an emergency, the <strong>Department</strong> relies on a<br />

strong business continuity model that can be started quickly.<br />

To make sure it is able to function effectively during service disruptions, the <strong>Department</strong> regularly tests its<br />

response capability. This testing includes mock disasters, technical recovery exercises, <strong>of</strong>f-site rehearsals <strong>and</strong><br />

desktop assessments.<br />

The introduction <strong>of</strong> sample desktop reviews <strong>for</strong> business, risk <strong>and</strong> business continuity plans was premised on<br />

improving the quality <strong>of</strong> the planning <strong>and</strong> providing consistency <strong>for</strong> the framework.<br />

Results<br />

There are two particularly noteworthy results from DHS’s new approach to risk management.<br />

In early 2010, a decision was taken to integrate risk, business continuity <strong>and</strong> business planning <strong>for</strong> all portfolio<br />

agencies, in anticipation <strong>of</strong> the new department coming into existence in 2011. This presented an opportunity to<br />

refocus the <strong>Department</strong>’s attention on these business functions.<br />

The second result stems from the <strong>Department</strong>’s response to a series <strong>of</strong> significant emergencies in early 2011,<br />

which demonstrated the resilience built into the new risk <strong>and</strong> business continuity frameworks.<br />

The coincidence <strong>of</strong> multiple major disasters in 2011 provided a new challenge to the agency’s risk <strong>and</strong> business<br />

continuity planning.<br />

The response to these emergencies was refined following the disasters <strong>and</strong> in<strong>for</strong>med the new framework be<strong>for</strong>e<br />

it was implemented department-wide.<br />

Focus going <strong>for</strong>ward<br />

The focus <strong>for</strong> DHS over the next 12 months is the evolution <strong>of</strong> its strategic direction, engaging the Executive to<br />

consider strategic risks, developing strategic reporting processes <strong>and</strong> focusing on emerging risks. Ef<strong>for</strong>t will also<br />

continue in the adoption <strong>of</strong> best practice where appropriate, simplifying processes <strong>and</strong> embedding a culture <strong>of</strong><br />

risk in a maturing department.<br />

The <strong>Department</strong> is measuring its approach to managing risk across the agency by reviewing its strategic<br />

processes <strong>and</strong> monitoring its outcomes.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Enterprise-Wide Risk Management Category – Honourable Mention – DHS<br />

17


18<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


RISK INITIATIVE CATEGORY<br />

Winner Australian Taxation Office<br />

Highly Commended <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (Asian Gypsy Moth)<br />

Highly Commended Australian Maritime Safety Authority<br />

Highly Commended Bureau <strong>of</strong> Meteorology<br />

Honourable Mention <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (Aquatic Animal Health)<br />

Honourable Mention Australian Customs <strong>and</strong> Border Protection Service


Risk Initiative Category – Winner – ATO<br />

20<br />

Australian Taxation Office<br />

Winner<br />

Overview<br />

The Australian Taxation Office (ATO) has the important responsibility on behalf <strong>of</strong> the community <strong>for</strong> the care <strong>of</strong><br />

Australia’s tax <strong>and</strong> superannuation systems <strong>and</strong> the Australian Business Register. These systems fund the public<br />

goods <strong>and</strong> services that give effect to economic <strong>and</strong> social policies <strong>and</strong> Australia’s superannuation system helps<br />

secure retirement income <strong>for</strong> Australians.<br />

The ATO’s vision is that “Australians value their tax <strong>and</strong> superannuation systems as community assets, where<br />

willing <strong>and</strong> proper participation are recognised as good citizenship.”<br />

Most Australians demonstrate high levels <strong>of</strong> willing participation <strong>and</strong> in 2010-2011, the ATO collected almost<br />

$273bn on behalf <strong>of</strong> the community, the vast majority <strong>of</strong> it without any direct intervention by the ATO. However,<br />

this does not tell the whole story. The ATO also needs to know its various compliance activities are having<br />

a positive impact on the compliance behavior <strong>of</strong> those who don’t willingly participate in the system while<br />

maintaining the support <strong>of</strong> those that do, by demonstrating it is effective in maintaining a level playing field <strong>for</strong><br />

the whole community.<br />

The ATO has developed <strong>and</strong> implemented its own methodology that embeds evaluation as ‘business as usual’<br />

<strong>for</strong> tax risk managers. The Compliance Effectiveness Methodology facilitates the evaluation <strong>of</strong> compliance<br />

strategies to determine whether they have changed behavior in a sustainable way, <strong>and</strong> it provides a framework<br />

<strong>for</strong> continuous improvement as they learn what works <strong>and</strong> what doesn’t.<br />

The Organisation <strong>for</strong> Economic <strong>and</strong> Cultural Development (OECD) has adopted the methodology on the basis<br />

it is innovative <strong>and</strong> pioneering <strong>and</strong> addresses a critical gap in practical guidance <strong>for</strong> member revenue bodies.<br />

Compliance effectiveness methodology<br />

Traditionally, the ATO had concentrated on measuring the efficiency <strong>of</strong> its programs but had not had a clear<br />

picture <strong>of</strong> its effectiveness, that is, the extent to which its intended outcomes were, or were not, being achieved.<br />

In 2006 the ATO Executive recognised the need <strong>for</strong> a consistent <strong>and</strong> robust process or methodology that would<br />

support the systemic evaluation <strong>of</strong> ATO effectiveness, leading to improved decision making, choice <strong>of</strong> treatment<br />

strategies <strong>and</strong> resource allocation.<br />

Developing the methodology involved a thorough stocktake <strong>of</strong> the per<strong>for</strong>mance indicators used at the ATO, an<br />

extensive review <strong>of</strong> literature on effectiveness <strong>and</strong> a collaborative, consultative <strong>and</strong> co-designed approach to<br />

creating a conceptual framework.<br />

Using the key insights developed through these processes, the ATO converted the conceptual framework into a<br />

series <strong>of</strong> practical steps to be applied by compliance risk managers to support:<br />

• Development <strong>of</strong> strategies that are aligned with the ATO’s strategic direction.<br />

• Definition <strong>of</strong> intended outcomes <strong>and</strong> success goals.<br />

Australian Government<br />

Australian Taxation Office<br />

• Development <strong>of</strong> indicators which <strong>for</strong>m the basis <strong>for</strong> evaluating whether the intended outcomes had<br />

been achieved.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


The Compliance Effectiveness Methodology has four distinct phases, each <strong>of</strong> which has a specific focus.<br />

Phase 1 is about underst<strong>and</strong>ing <strong>and</strong> articulating the compliance risk <strong>and</strong> ensuring the risk focus is aligned with<br />

the ATO’s strategic goals.<br />

Phase 2 is about clearly articulating the outcomes to be achieved by treating the risk; specifying the success goals<br />

or what change it wants to see occur; <strong>and</strong> developing the treatment strategy that will meet those goals <strong>and</strong><br />

achieve the intended outcome.<br />

Phase 3 is about identifying the indicators that will reveal if the intended outcomes have been achieved.<br />

Phase 4 is about measuring <strong>and</strong> interpreting those indicators, evaluating whether the intended outcomes have<br />

been achieved, assessing what has been learned <strong>and</strong> reviewing <strong>and</strong> revising future approaches.<br />

FIGURE 1: ATO compliance effectiveness methodology<br />

Methodology <strong>for</strong> compliance <strong>of</strong>fi cers<br />

ATO compliance effectiveness methodology<br />

Phase 1<br />

Articulate risk<br />

Align with ATO business intent<br />

What are the<br />

behaviours <strong>and</strong><br />

drivers <strong>of</strong> the risk?<br />

How does our<br />

business intent<br />

translate into the<br />

context you’re<br />

working in?<br />

Who’s involved<br />

in the risk?<br />

What is the<br />

compliance risk to<br />

achieving the intent?<br />

CHECKPOINTS<br />

You should ensure that:<br />

■ the risk aligns to our<br />

business intent<br />

■ the risk adequately reflects<br />

the behaviours <strong>and</strong> drivers<br />

■ the risk is refined, concise <strong>and</strong><br />

not open to interpretation.<br />

MORE INFORMATION<br />

■ visit www.ato.gov.au/complianceeffectiveness<br />

Phase 2<br />

Define outcomes<br />

Develop strategies<br />

What strategies will<br />

you use to deliver<br />

these outcomes?<br />

Operationalising the methodology<br />

What outcomes<br />

are you seeking<br />

to achieve by<br />

addressing<br />

the risk?<br />

Who are your<br />

target groups?<br />

How do you defi ne<br />

success in terms <strong>of</strong><br />

more specifi c goals?<br />

CHECKPOINTS<br />

You should ensure that:<br />

■ the desired outcomes align to our<br />

business intent <strong>and</strong> the risk you<br />

have identified<br />

■ the overall desired outcomes<br />

are adequately covered by your<br />

specific (success) goals<br />

■ the strategies target participants<br />

<strong>of</strong> the risk <strong>and</strong> drivers <strong>of</strong> the<br />

behaviour<br />

■ the strategies address any<br />

unintended consequences.<br />

Phase 3<br />

Design indicators<br />

Which indicators<br />

are feasible?<br />

What are<br />

the potential<br />

indicators?<br />

Which <strong>of</strong> these<br />

indicators will paint<br />

a defensible picture?<br />

What is the description <strong>of</strong> the<br />

indicators <strong>and</strong> their purpose?<br />

CHECKPOINTS<br />

You should ensure that:<br />

■ each success goal can<br />

be measured <strong>and</strong> has<br />

a corresponding indicator<br />

(or suite <strong>of</strong> indicators)<br />

■ potential indicators are aligned<br />

with the success goals, desired<br />

outcomes <strong>and</strong> business intent<br />

■ indicators are viable <strong>and</strong> provide a<br />

balanced picture <strong>of</strong> per<strong>for</strong>mance<br />

■ both qualitative <strong>and</strong> quantitative<br />

in<strong>for</strong>mation is used.<br />

Phase 4<br />

Validate indicators<br />

Determine extent <strong>of</strong> effectiveness<br />

What are the<br />

indicators<br />

telling us?<br />

How will the<br />

evaluation be<br />

conducted?<br />

What’s our<br />

baseline?<br />

What data will be<br />

required <strong>and</strong> where<br />

will we get it?<br />

CHECKPOINTS<br />

You should ensure that:<br />

■ data exists, is available, or can<br />

be acquired at a reasonable cost<br />

■ we can explain how effective<br />

our compliance strategies have<br />

been – that is, the extent to<br />

which actual outcomes align<br />

with desired outcomes.<br />

NAT 72375-07.2008 [JS 11600]<br />

The ATO knew from its implementation risk assessment that its biggest hurdle in successfully implementing<br />

the methodology would be creating the necessary cultural shift away from measuring efficiency to measuring<br />

effectiveness. It knew cultural change would take time <strong>and</strong> would need to be actively supported to be successful.<br />

The project team responsible <strong>for</strong> implementing compliance effectiveness designed a comprehensive change<br />

management process, which included creating a number <strong>of</strong> key stakeholder <strong>for</strong>ums <strong>and</strong> groups. These allowed<br />

the project team to consult, collaborate <strong>and</strong> co-design with the Compliance Sub-plan business lines <strong>and</strong> relevant<br />

corporate areas.<br />

Training was provided <strong>for</strong> ATO risk owners, risk managers <strong>and</strong> facilitators. A helpdesk service was also established<br />

to provide ongoing guidance <strong>and</strong> support. Support products were developed to help people underst<strong>and</strong> the<br />

methodology <strong>and</strong> its application, including reference materials, a guide <strong>for</strong> facilitators <strong>and</strong> a practical workbook.<br />

Guidelines <strong>for</strong> data analysis <strong>and</strong> evaluation were also drafted along with templates to help align the intent,<br />

strategies <strong>and</strong> indicators, the validation <strong>of</strong> indicators <strong>and</strong> the measurement <strong>of</strong> effectiveness. Compliance<br />

effectiveness requirements were also integrated into existing ATO business processes, including project<br />

management, risk management, planning, governance <strong>and</strong> reporting.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Winner – ATO<br />

21


Risk Initiative Category – Winner – ATO<br />

22<br />

FIGURE 2: How compliance effectiveness is embedded within the ATO’s risk management framework.<br />

A reference group was created that included senior staff from across the agency. This has an ongoing steering<br />

role <strong>and</strong> disseminates in<strong>for</strong>mation <strong>and</strong> champions the value <strong>of</strong> measuring compliance effectiveness.<br />

The ATO’s Compliance Executive, led by the Second Commissioner, Compliance <strong>and</strong> comprising the Compliance<br />

Sub-plan Deputy Commissioners, is the primary governance body <strong>and</strong> assurance point <strong>for</strong> ATO Compliance<br />

Effectiveness.<br />

When the new compliance effectiveness framework was integrated into the relevant business lines <strong>and</strong><br />

products in mid 2009, the risk managers, who had proved invaluable in supporting the development <strong>and</strong><br />

integration <strong>of</strong> the compliance effectiveness methodology, became champions <strong>for</strong> effectiveness <strong>and</strong> were <strong>for</strong>med<br />

into a ‘community <strong>of</strong> practice’.<br />

A Compliance Effectiveness Centre <strong>of</strong> Expertise (CoE) was also created to provide expert guidance <strong>and</strong> support <strong>for</strong><br />

the new methodology. The CoE provides direct support <strong>and</strong> advice to risk managers.<br />

The CoE developed products to build skills <strong>and</strong> also identified a core group <strong>of</strong> risk managers who received specific<br />

training as facilitators. This capability was again <strong>for</strong>med into a ‘community <strong>of</strong> practice’ to help build the agency’s<br />

overall effectiveness capability <strong>and</strong> encourage knowledge sharing.<br />

The agency’s process testing, the development <strong>of</strong> good communication strategies <strong>and</strong> its stakeholder<br />

engagement demonstrated a mature <strong>and</strong> comprehensive change management approach.<br />

Benefits<br />

2011 marked the third year since the Compliance Effectiveness Methodology was transitioned to ‘business as<br />

usual’. While the ATO still has a lot to do to fully embed effectiveness in the day-to-day thinking <strong>and</strong> activities <strong>of</strong><br />

its people, it is already clear that it is better able to:<br />

• Define compliance behaviour <strong>and</strong> consider the drivers <strong>of</strong> that behaviour.<br />

• Describe desired outcomes from the outset.<br />

• Consult, collaborate <strong>and</strong> co-design strategies with relevant stakeholders.<br />

• Design indicators that will allow it to assess the effectiveness <strong>of</strong> its strategies.<br />

• Evaluate <strong>and</strong> refine its strategies in light <strong>of</strong> the required outcomes.<br />

Further, evaluation results are increasingly being used to shape the agency’s strategic responses, demonstrating<br />

the effectiveness <strong>of</strong> the methodology as a continuous improvement tool.<br />

Longer-term benefits also expected include:<br />

• Increased differentiation so that compliance treatment strategies are better tailored to the circumstances<br />

<strong>of</strong> the risk <strong>and</strong> those involved in it.<br />

• Increased productivity as the ATO’s activities are more closely aligned to the achievement <strong>of</strong> its<br />

strategic objectives.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


<strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry<br />

Highly commended<br />

Overview<br />

Asian gypsy moths (Lymantria spp.) originate from temperate Eurasia <strong>and</strong> are recognised internationally as<br />

among the world’s worst invasive species. They cause major damage by eating the leaves <strong>of</strong> as many as 1600<br />

types <strong>of</strong> plant, including <strong>for</strong>estry <strong>and</strong> horticultural crops as well as garden plants.<br />

The cost <strong>of</strong> this damage is very high, with estimates <strong>for</strong> individual <strong>for</strong>estry or tree crop plantations exceeding<br />

$400 million per cropping cycle. As a quarantine pest, the moths have spread from their endemic origin to a<br />

number <strong>of</strong> other countries via trade pathways, notably to the United States <strong>and</strong> New Zeal<strong>and</strong>.<br />

Because the moths are simply attracted to lights <strong>and</strong> illuminated objects at night, pathway management has<br />

been a real challenge. Maritime vessels <strong>and</strong> sea cargo have been regularly contaminated as they are well lit<br />

during night loading operations.<br />

To tackle the problem, <strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (DAFF) scientific staff conducted a<br />

study that used satellite imagery to identify the ports most at risk from the moths. This was possible through<br />

the innovative use <strong>of</strong> geospatial intelligence techniques to identify ports in close proximity to suitable densely<br />

vegetated areas where the moths live.<br />

This technique predicts the seaports in Asia where visiting vessels <strong>and</strong> cargo are most likely to be contaminated<br />

with the moths’ egg masses. This study, combined with surveillance records, identified <strong>and</strong> confirmed the risk<br />

posed at individual Asian seaports.<br />

This risk initiative has allowed DAFF to become predictive rather than reactive in its ongoing risk management <strong>of</strong><br />

the moths <strong>and</strong> has the potential <strong>for</strong> Australia to become a world leader in the surveillance <strong>of</strong> them.<br />

The success <strong>of</strong> this initiative is based on intra-departmental cooperation between DAFF’s scientific <strong>and</strong><br />

operational business units. Implementation <strong>of</strong> this risk management initiative has been strongly supported by<br />

the <strong>Department</strong>’s executive as an example <strong>of</strong> what the agency is calling ‘risk-return’, that is, gaining the best<br />

outcome in both quarantine protection <strong>and</strong> cost-effective resource allocation.<br />

The Risk Management Framework—creating the foundation to effectively manage risk<br />

To verify a risk-based intervention could be properly developed, managed <strong>and</strong> implemented, DAFF used st<strong>and</strong>ard<br />

project management techniques.<br />

To develop the initiative, staff carried out detailed consultations with scientific <strong>and</strong> operational business areas<br />

<strong>and</strong> developed clear objectives, identified <strong>and</strong> evaluated risks, <strong>and</strong> prepared streamlined inspection procedures,<br />

data collection <strong>and</strong> reporting requirements.<br />

All Asian seaports in the geographic range <strong>of</strong> these moths were surveyed by satellite analysis using a<br />

combination <strong>of</strong> public domain industry intelligence, <strong>and</strong> satellite imagery from Google Earth <strong>of</strong> juxtaposed<br />

suitable vegetation <strong>and</strong> port infrastructure. This methodology allowed the <strong>Department</strong> to consider both existing<br />

<strong>and</strong> future risk pathways.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Highly Commended – DAFF<br />

23


Risk Initiative Category – Highly Commended – DAFF<br />

24<br />

Mapping the Asian gypsy moth<br />

DAFF identified that in Asia, the Asian gypsy moth typically attacks the trees that make up the dominant <strong>for</strong>est<br />

types (<strong>for</strong> example, oak <strong>and</strong> larch <strong>for</strong>ests). The size <strong>and</strong> extent <strong>of</strong> these <strong>for</strong>ests could be precisely <strong>and</strong> accurately<br />

identified from space due to the light spectrum the trees reflected. By mapping this reflectance data around each<br />

seaport, the <strong>Department</strong> was able to identify which Asian seaports had the potential to be a risk source <strong>of</strong> moths.<br />

Studies in Japan showed the moths do not tend to migrate out <strong>of</strong> <strong>for</strong>ests <strong>and</strong> penetrate areas <strong>of</strong> human habitat<br />

by more than 1500 metres. A buffered distance <strong>of</strong> 2000 metres was there<strong>for</strong>e used as the cut-<strong>of</strong>f <strong>for</strong> the flight<br />

range <strong>of</strong> the moths. Any seaport within 2000 metres <strong>of</strong> suitable <strong>for</strong>est types was considered a risk source <strong>of</strong><br />

contamination.<br />

Risk estimate report<br />

A risk estimate report was compiled based on these findings, which when combined with an international<br />

st<strong>and</strong>ard surveillance methodology <strong>for</strong> the moths, allowed Australian quarantine inspectors to target only those<br />

vessels identified as the highest risk.<br />

The analysis was also used to identify the highest risk areas on vessels where egg masses were most likely to<br />

occur. The surveillance design also collected in<strong>for</strong>mation on where eggs were located on vessels in order to<br />

calibrate <strong>and</strong> improve surveillance.<br />

Using geospatial technology was an innovative approach to a potential risk that allowed resources to be better<br />

managed <strong>and</strong> allocated.<br />

This risk-initiative provides significant efficiency benefits to DAFF through streamlining inspection procedures to<br />

reduce the threat <strong>of</strong> moths in Australia. It also reduces dem<strong>and</strong> on DAFF resources as well as inspection fees to<br />

the maritime industry.<br />

Implementing strategies, plans <strong>and</strong> processes<br />

Based on the recommendations <strong>of</strong> the geospatial intelligence report, a pilot intervention program was<br />

implemented by the DAFF Seaports Program from 1 July–30 September 2011, at the four busiest Australian<br />

seaports that receive the greatest number <strong>of</strong> risk vessels.<br />

These ports were Gladstone <strong>and</strong> Brisbane in Queensl<strong>and</strong>, Newcastle in New South Wales <strong>and</strong> Port Headl<strong>and</strong> in<br />

Western Australia.<br />

The intervention employed a targeted risk-based approach to vessel inspection based on an ‘Asian Seaports<br />

Identified <strong>for</strong> Surveillance List’, <strong>and</strong> inspection procedures <strong>for</strong> the moths that included:<br />

• Vessel inspections based on examining high-risk areas <strong>of</strong> the vessel where the moths were most likely to be<br />

found.<br />

• Egg masses found by quarantine inspectors were identified using remote microscope diagnostics by<br />

quarantine entomologists, to identify whether the egg masses were <strong>of</strong> a quarantine risk species.<br />

• If the species was classified as a quarantine risk, inspectors then thoroughly went through the vessel to<br />

eliminate egg masses present.<br />

• Quarantine inspectors recorded the time required to complete inspections <strong>for</strong> the moths <strong>for</strong> further analysis.<br />

The pilot achieved two key objectives:<br />

• Confirmation the predicted risk <strong>of</strong> moths entering Australia was correctly identified as being from risk ports.<br />

• The streamlined, targeted inspection methodology was effective in intercepting the moth on international<br />

vessels.<br />

This in<strong>for</strong>mation will now be used to develop the full implementation policy <strong>for</strong> Asian gypsy moth inspections.<br />

The creation <strong>of</strong> the ‘Asian Seaports Identified <strong>for</strong> Surveillance List’ will allow DAFF to become predictive rather<br />

than reactive in the risk management <strong>of</strong> the moth.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


Short-term benefits<br />

The use <strong>of</strong> geospatial intelligence as a risk-management tool <strong>for</strong> Asian gypsy moths has already provided DAFF<br />

with a range <strong>of</strong> short-to medium-term benefits:<br />

1. Resourcing:<br />

• Use <strong>of</strong> geospatial intelligence to shape border inspections has allowed DAFF to efficiently <strong>and</strong> effectively<br />

manage its resources.<br />

• Quantitative risk assessment through geospatial intelligence unambiguously directs quarantine<br />

inspectors towards only those vessels that are most likely to be contaminated by the moth.<br />

• A highly specific inspection methodology allows quarantine inspectors to target the highest risk places on<br />

potentially contaminated vessels.<br />

2. Identification <strong>of</strong> previously unknown risk ports:<br />

• This risk initiative successfully identified four Asian seaports capable <strong>of</strong> exporting Asian gypsy moths to<br />

Australia via contaminated vessels. Previously, these ports had not been recognised as risk ports by any<br />

country.<br />

• This initiative resulted in the first quarantine interception anywhere in the world <strong>of</strong> Asian gypsy moths<br />

from the Korean Peninsula.<br />

3. Diplomatic approach:<br />

• The use <strong>of</strong> an intelligence-based approach has allowed Australia to manage the risk posed by the moth<br />

entirely on-shore. No additional dem<strong>and</strong>s have been placed on quarantine operations internationally, <strong>for</strong><br />

example by needing to send quarantine inspectors <strong>of</strong>fshore to undertake pre-departure inspections <strong>of</strong><br />

vessels. The risk <strong>of</strong> vessel contamination posed by Asian gypsy moths is a sensitive issue throughout Asia,<br />

<strong>and</strong> visits by quarantine agencies have not always been welcomed.<br />

Long-term results<br />

DAFF will use the results from this risk-based intervention to shape a revised national Asian gypsy moth policy<br />

over the next 12 months.<br />

Forecasting is another major long-term benefit arising from this risk initiative not only <strong>for</strong> this moth, but other<br />

invasive species.<br />

The data collected will also be used to predict when individual Asian seaports will be most vulnerable to<br />

contamination by the moth. Because the metamorphosis <strong>of</strong> all Asian gypsy moths is strongly dictated by<br />

temperature, remotely accessed climate data <strong>for</strong> Asian risk ports could potentially be used to predict when the<br />

moth would be most likely to affect individual ports.<br />

It is expected these predictions could be narrowed to within a 1-2 week period. These <strong>for</strong>ecasts could then allow<br />

DAFF to help industry <strong>and</strong> other quarantine agencies to manage the moth in an integrated <strong>and</strong> effective riskbased<br />

approach, further reducing inspection costs.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Highly Commended – DAFF<br />

25


Risk Initiative Category – Highly Commended – AMSA<br />

26<br />

Australian Maritime Safety Authority<br />

Highly commended<br />

Overview<br />

The Australian Maritime Safety Authority (AMSA) is a Commonwealth Statutory Authority. It is responsible <strong>for</strong><br />

setting <strong>and</strong> regulating st<strong>and</strong>ards <strong>for</strong> the operation <strong>of</strong> commercial shipping, an extensive network <strong>of</strong> marine aids<br />

to navigation around the Australian coast, aviation <strong>and</strong> maritime search <strong>and</strong> rescue <strong>and</strong> a national plan to protect<br />

the marine environment.<br />

When it comes to navigation safety, AMSA’s prime focus is on providing national aids <strong>for</strong> our navigation network.<br />

One <strong>of</strong> its strategic objectives in this area is to adopt technological advances to improve safety. This is critical to<br />

the shipping industry, which is an important stakeholder in AMSA. While the Authority is in part funded by the<br />

Australian Government, over 50% <strong>of</strong> its funding comes from levies paid by the shipping industry.<br />

In August 2006, AMSA’s top-ranked risk centred on pilotage in the Torres Strait. (The third highest risk was the<br />

potential <strong>for</strong> a serious incident in sensitive waters—mainly referring to Torres Strait <strong>and</strong> the Great Barrier Reef.)<br />

Navigating the Torres Strait is dem<strong>and</strong>ing. Passage involves transiting confined waters that have limiting depths,<br />

while the tidal flows are complex, highly variable <strong>and</strong> fast.<br />

On top <strong>of</strong> this is a tropical climate with its alternating wet <strong>and</strong> dry seasons. Seasonal rainsqualls frequently affect<br />

visibility, <strong>and</strong> the region experiences moderate to strong trade winds, tropical thunderstorms <strong>and</strong> occasional<br />

cyclones.<br />

To overcome these risks, AMSA decided to introduce an Under Keel Clearance Management System (UKCM<br />

System).<br />

AMSA realised that implementing its risk initiative was not without its own attendant risks. These included take<br />

up by users, unrealistic expectations on transit times by vessel owners, the draught <strong>of</strong> vessels, along with the<br />

more general risk <strong>of</strong> failure.<br />

The Risk Management Framework—creating the foundation to effectively manage risk<br />

Under Keel Clearance refers to the vertical distance between the keel <strong>of</strong> a vessel <strong>and</strong> the sea floor; a distance that<br />

has to be maintained to ensure safe navigation <strong>and</strong> avoid grounding.<br />

The risk initiative involved implementing web interface systems where in<strong>for</strong>mation would be provided to a<br />

vessel’s pilot, allowing them to plan a transit <strong>of</strong> Torres Strait <strong>and</strong> monitor it in real time.<br />

The in<strong>for</strong>mation provided by the UKCM System is based on the known characteristics <strong>of</strong> the vessel type, predicted<br />

motion <strong>of</strong> the vessel, the topography <strong>of</strong> the seabed, predicted <strong>and</strong> known tidal movements <strong>and</strong> predicted <strong>and</strong><br />

known wind <strong>and</strong> wave motion.<br />

For AMSA, the UKCM System covered three primary aspects:<br />

1. Voyage planning. This could take place up to 12 months be<strong>for</strong>e travelling through the Strait. It provides<br />

in<strong>for</strong>mation that allows a vessel to arrive at a specific point in the Strait at a time when the predicted height<br />

<strong>of</strong> the tide <strong>and</strong> tidal stream allows a safe transit.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


2. Transit planning. This allows the pilot to select the best transit time <strong>and</strong> plan in detail.<br />

3. Transit monitoring. The pilot uses real time in<strong>for</strong>mation provided from shore-based systems to an on-board<br />

device to monitor the ship’s transit <strong>and</strong> make timely <strong>and</strong> in<strong>for</strong>med decisions during that transit.<br />

In November 2006, AMSA engaged an expert shipping consultancy to carry out an initial risk review. This<br />

identified a number <strong>of</strong> risks in implementing a UKCM System in the Torres Strait.<br />

The primary one was the quality <strong>of</strong> input data. This included existing charts <strong>and</strong> the quality needed <strong>for</strong> other data<br />

relating to tides <strong>and</strong> individual vessels. But with appropriate treatments, these risks were acceptable.<br />

The Torres Strait is an environmentally sensitive area <strong>and</strong> a shipping accident would stop a large portion <strong>of</strong> trade<br />

to <strong>and</strong> from Australian ports, <strong>and</strong> potentially pollute the marine environment. AMSA’s risk initiative would make<br />

transiting the Torres Strait safer <strong>and</strong> more efficient, especially as trade through the area is expected to increase<br />

substantially.<br />

Implementing strategies, plans <strong>and</strong> processes<br />

AMSA chose to stagger the implementation <strong>of</strong> its risk initiative. This was done to manage risks, including those<br />

surrounding the expectations <strong>of</strong> users.<br />

Initially, AMSA only worked with pilots <strong>and</strong> pilot providers. It established a centre <strong>of</strong> pilot excellence, <strong>and</strong> training<br />

in the new system was developed <strong>and</strong> introduced.<br />

The Authority also made sure that when it came to coordinating with internal <strong>and</strong> external parties,<br />

responsibilities were well defined both within <strong>and</strong> outside AMSA.<br />

Entity Role/Responsibility<br />

Shipping company/agent Provide the required vessel particulars, including hydrostatic details <strong>and</strong><br />

ETA at the UKCM area, to the pilotage provider.<br />

Master Provide the required final stability particulars prior to the pilot boarding/<br />

transiting the area.<br />

Coastal pilots/pilotage providers Utilise the UKCM System.<br />

Manage tidal windows <strong>and</strong> transit plans.<br />

AMSA Oversee the use <strong>of</strong> the UKCM System by coastal pilots <strong>and</strong> pilotage<br />

providers.<br />

Provide validated sensor data <strong>for</strong> use by the UKCM System.<br />

Provide pilotage provider/pilot access to the UKCM System.<br />

UKCM provider Ensure contracted service is provided to AMSA, including delivery to the<br />

specified per<strong>for</strong>mance <strong>and</strong> availability criteria.<br />

REEFVTS Provide UKCM-related in<strong>for</strong>mation, as part <strong>of</strong> the on going delivery <strong>of</strong> an<br />

In<strong>for</strong>mation Service.<br />

Finally, when AMSA was confident identified risks were being effectively managed, it rolled the system out to ship<br />

operators directly.<br />

Consultation with these stakeholders was an important part <strong>of</strong> the risk initiative. AMSA’s communication<br />

strategy was designed to give stakeholders assurance the system would be effective, <strong>and</strong> manage their<br />

expectations.<br />

Ultimately, the UKCM System had good take up by users <strong>and</strong> the final stage <strong>of</strong> implementation took place on<br />

16 December 2011.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Highly Commended – AMSA<br />

27


Risk Initiative Category – Highly Commended – AMSA<br />

28<br />

An integrated program that meets the needs <strong>of</strong> stakeholders<br />

AMSA developed an integrated program that combined:<br />

• A technological solution (the UKCM System).<br />

• A regulatory framework (Marine Order 54).<br />

• Authoritative/quality assured inputs from various sources.<br />

• Accurate in<strong>for</strong>mation from the ship operator/master/pilot.<br />

• Training <strong>and</strong> engagement <strong>of</strong> users at all levels.<br />

AMSA will regulate the use <strong>of</strong> the UKCM System (by coastal pilots <strong>and</strong> pilot providers) through Marine Order<br />

Part 54. A framework was established to verify the accuracy <strong>of</strong> sensor data <strong>and</strong> periodically re-calibrate the<br />

sensors, independent <strong>of</strong> the contractor.<br />

AMSA is working closely with the Australian Hydrographic Service to make sure high accuracy surveys <strong>of</strong> the<br />

Torres Strait needed by the UKCM System are available.<br />

The AMSA risk manager was involved in the initial risk assessment <strong>and</strong> in subsequent risk assessments <strong>of</strong><br />

activities. External specialist resources were brought in as required to provide technical expertise.<br />

Overall, the UKCM System project was initiated <strong>and</strong> driven by non-risk management staff, who were willing<br />

to call in risk management specialists when needed. This demonstrates the management <strong>of</strong> risk is embedded<br />

in AMSA’s processes <strong>and</strong> procedures.<br />

AMSA worked hard to meet the needs <strong>of</strong> each stakeholder through the risk management approach the agency<br />

developed <strong>and</strong> implemented.<br />

Short-term benefits<br />

The short-term benefits <strong>of</strong> this project include:<br />

• A marked reduction in the time pilots need to calculate transit times.<br />

• Pilots are using Transit Planning to gain an assessment <strong>of</strong> the efficiency <strong>and</strong> safety <strong>of</strong> intended transit<br />

windows, <strong>and</strong> compliance with AMSA’s rules.<br />

• Pilots are using Transit Monitoring <strong>for</strong> real-time assessments <strong>of</strong> their transit. The system also captures all<br />

relevant in<strong>for</strong>mation <strong>for</strong> AMSA to review <strong>for</strong> future improvements <strong>and</strong> model adjustments.<br />

• Pilots, pilot providers <strong>and</strong> pilot launch masters are using the Met-Ocean service <strong>for</strong> real-time, predicted <strong>and</strong><br />

short-term <strong>for</strong>ecasts <strong>of</strong> environmental in<strong>for</strong>mation. Launch masters are also using the in<strong>for</strong>mation to assess<br />

the risks <strong>of</strong> transfer activities (ship to launch or launch to ship) in exposed waters.<br />

• The UKCM System is able to exchange key system <strong>and</strong> vessel-related in<strong>for</strong>mation with third party systems.<br />

Benefits identified by AMSA <strong>of</strong> its staged implementation approach include:<br />

• Strong industry acceptance.<br />

• A robust system that integrates well with existing systems.<br />

• Service providers taking up the system.<br />

• For pilots using the system, transit in<strong>for</strong>mation in the <strong>for</strong>m <strong>of</strong> charts highlighting the current voyage is<br />

currently available to ships’ masters on deck. This adds credibility to its operation.<br />

AMSA has also realised the short-term benefits <strong>of</strong> its new system translate as long-term benefits <strong>for</strong> Australian<br />

mining, general freight movement <strong>and</strong> the environment.<br />

While the system is relatively new, it has demonstrated potential <strong>and</strong> ongoing improvements <strong>for</strong> vessels<br />

transiting the Torres Strait in a way that reduces inherent risks.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


Long-term results<br />

The long-term benefits identified by AMSA include the implementation <strong>of</strong> a system that gives pilots the ability<br />

to improve their decision-making <strong>and</strong> transit planning while ensuring a safe transit though the Torres Strait.<br />

Additional long-term benefits include:<br />

• Validating the existing under keel safety margin <strong>for</strong> deep draught vessels <strong>and</strong> helping evaluate the<br />

appropriateness <strong>of</strong> the draught limit regime.<br />

• Improved safety due to increased knowledge <strong>of</strong> conditions, in particular, better knowledge <strong>of</strong> shallow areas<br />

that present dangers to shipping, which AMSA identified as a major risk.<br />

• Improved efficiency thanks to a better knowledge <strong>of</strong> deep-water areas, which will allow greater flexibility<br />

in transit planning <strong>and</strong> management, <strong>and</strong> lead to more efficient transits.<br />

• Potential <strong>for</strong> greater transit windows <strong>and</strong> the associated economic benefits, including more efficient use<br />

<strong>of</strong> shipping.<br />

• Ability to modify a vessel’s transit while in progress due to un<strong>for</strong>eseen events (<strong>for</strong> example short period tidal<br />

variations, reduction in available speed, presence <strong>of</strong> other vessels), which improves safety <strong>and</strong> efficiency.<br />

Overall, AMSA’s risk initiative has great potential <strong>and</strong> has demonstrated effective use <strong>of</strong> risk management<br />

techniques, processes <strong>and</strong> procedures.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Highly Commended – AMSA<br />

29


Risk Initiative Category – Highly Commended – BOM<br />

30<br />

Bureau <strong>of</strong> Meteorology<br />

Highly commended<br />

Overview<br />

The Bureau <strong>of</strong> Meteorology’s weather <strong>for</strong>ecasts <strong>and</strong> warnings services are some <strong>of</strong> the most widely used<br />

government products.<br />

The agency’s core tasks include meeting the national need <strong>for</strong> climatic records, water in<strong>for</strong>mation, weather<br />

<strong>and</strong> oceanographic services, a scientific underst<strong>and</strong>ing <strong>of</strong> Australian weather <strong>and</strong> climate, <strong>and</strong> providing a high<br />

quality service to the Australian community.<br />

Severe weather events, including tropical cyclones, severe thunderstorms <strong>and</strong> flash flooding, pose a significant<br />

risk to the safety <strong>of</strong> the Australian community. One <strong>of</strong> the Bureau’s primary roles is to mitigate this risk by<br />

providing a comprehensive <strong>for</strong>ecast <strong>and</strong> warning service, which has now been extended to include graphical<br />

products.<br />

The Bureau is able to provide an end-to-end in<strong>for</strong>mation <strong>and</strong> warning system where state-<strong>of</strong>-the-art weather<br />

observations, <strong>for</strong>ecast <strong>and</strong> warning technologies are used, <strong>and</strong> in<strong>for</strong>mation is tailored <strong>for</strong> the Australian<br />

community.<br />

The rapid growth <strong>of</strong> the internet <strong>and</strong> the Bureau’s services has resulted in the agency’s website being one <strong>of</strong> the<br />

most heavily accessed <strong>and</strong> used sites in Australia. The Bureau’s Warnings <strong>and</strong> Weather Forecasts Program <strong>of</strong>fers<br />

a wide range <strong>of</strong> analysis <strong>and</strong> prediction products. These include <strong>for</strong>ecasts, warnings <strong>and</strong> in<strong>for</strong>mation services <strong>for</strong><br />

the general public, national <strong>and</strong> international shipping <strong>and</strong> aviation, the <strong>Department</strong> <strong>of</strong> Defence <strong>and</strong> others.<br />

Services are provided through Regional Forecasting Centres in capital cities <strong>and</strong> through the National<br />

Meteorological <strong>and</strong> Oceanographic Operations Centre in Melbourne. All <strong>of</strong> these centres maintain a 24-hour<br />

weather watch every day <strong>of</strong> the year, <strong>and</strong> issue <strong>for</strong>ecasts <strong>and</strong> warnings together with tsunami watches <strong>and</strong><br />

warnings.<br />

The Risk Management Framework—creating the foundation to effectively manage risk<br />

While looking <strong>for</strong> ways it could respond to the community need <strong>for</strong> improvements in weather services, the<br />

Bureau noted its “traditional” or existing products were based on text <strong>for</strong> point locations. This required a<br />

significant amount <strong>of</strong> manual input by a <strong>for</strong>ecaster to prepare. In short, this process was labour intensive <strong>and</strong><br />

limited the Bureau’s ability to respond to rapidly evolving technologies being used by the community.<br />

To manage the increasing dem<strong>and</strong> <strong>for</strong> <strong>for</strong>ecasts <strong>and</strong> weather warnings that were accurate <strong>and</strong> geospatially<br />

detailed, the Bureau created the Next Generation Forecast <strong>and</strong> Warning System (NexGenFWS) project.<br />

The Bureau identified the Graphical Forecast Editor (GFE) as a potential <strong>for</strong>ecasting tool. It was originally<br />

developed in the United States by the National Oceanic <strong>and</strong> Atmospheric Administration <strong>and</strong> used in all <strong>for</strong>ecast<br />

<strong>of</strong>fices <strong>of</strong> the US National Weather Service. In 2008 the Bureau piloted the GFE in its <strong>for</strong>ecast <strong>and</strong> warning service<br />

in Victoria. As a result <strong>of</strong> the success <strong>of</strong> this implementation, federal government funding was obtained to<br />

nationally roll out this world’s best-practice system over a five-year period.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


The NexGenFWS links activities across many <strong>of</strong> the Bureau’s programs. The Bureau acknowledges that managing<br />

risk is essential <strong>for</strong> project work, <strong>and</strong> helping staff to underst<strong>and</strong>, accept <strong>and</strong> manage risks as a part <strong>of</strong> everyday<br />

decision-making, was a priority <strong>for</strong> the project.<br />

Risk assessments were an essential part <strong>of</strong> the NexGenFWS implementation process. The project integrated<br />

<strong>and</strong> embedded risk management into the governance, project management, planning, reporting, procurement<br />

<strong>and</strong> per<strong>for</strong>mance management processes. A project risk management plan that focused on risk pr<strong>of</strong>iling <strong>and</strong><br />

graphical reporting was developed <strong>and</strong> aligned with the enterprise-wide risk management framework.<br />

Adopting a project focused risk framework allowed:<br />

• Bureau staff to underst<strong>and</strong>, accept <strong>and</strong> manage risks as part <strong>of</strong> everyday decision making.<br />

• Successful delivery <strong>of</strong> service improvements <strong>and</strong> service continuity outcomes that were within the constraints<br />

laid out in the project management plan.<br />

The Bureau developed process tools <strong>and</strong> reports that were used to identify, evaluate <strong>and</strong> communicate the<br />

range <strong>of</strong> risks associated with the project <strong>and</strong> that had to be managed by project staff <strong>and</strong> the sponsor. Since the<br />

development <strong>of</strong> this project the Bureau has introduced the focused risk methodology into its enterprise-wide risk<br />

management framework.<br />

Risk initiative links to governance framework<br />

This risk initiative clearly linked to the Bureau’s governance framework. The project demonstrated the Bureau’s<br />

key focus was client service as well as legislative requirements. The Bureau has a large stakeholder base, which<br />

in some instances wasn’t communicating effectively. The risk initiative was designed to meet all stakeholder<br />

requirements <strong>for</strong> in<strong>for</strong>mation.<br />

The Bureau successfully embedded risk management into the governance, project management, planning,<br />

reporting, procurement <strong>and</strong> per<strong>for</strong>mance management processes <strong>of</strong> the NexGenFWS project delivery.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Highly Commended – BOM<br />

31


Risk Initiative Category – Highly Commended – BOM<br />

32<br />

Implementing strategies, plans <strong>and</strong> processes<br />

The Bureau’s framework <strong>for</strong> the NexGenFWS was designed to address the following risks:<br />

• Complexity <strong>of</strong> the changes with respect to technology, training <strong>and</strong> products.<br />

• Impact on staff <strong>and</strong> users.<br />

• Large geographic coverage <strong>of</strong> the system <strong>and</strong> the regional base requirements <strong>of</strong> <strong>for</strong>ecasting.<br />

• Extensive risk pr<strong>of</strong>ile associated with changing thous<strong>and</strong>s <strong>of</strong> the Bureau’s public weather <strong>and</strong> warning<br />

products.<br />

Given deployment risks, constraints <strong>and</strong> the project’s resourcing dem<strong>and</strong>s, a Rolling Wave Project Planning<br />

strategy was adopted. This allowed incremental improvements needed in s<strong>of</strong>tware, infrastructure, training <strong>and</strong><br />

science; collaboration to develop a common feature environment <strong>for</strong> <strong>for</strong>ecasters; <strong>and</strong> minimised a range <strong>of</strong><br />

internal <strong>and</strong> external risk factors.<br />

This project’s five-year rollout allowed the Bureau to effectively oversee the risk process regarding:<br />

• Decisions about the range <strong>of</strong> rollout options, including timings <strong>for</strong> each region.<br />

• When <strong>and</strong> what components to build first.<br />

• Manage the project schedule.<br />

• Manage dependencies, status tracking, estimate activities <strong>and</strong> resources needed to fulfil the project’s<br />

objectives.<br />

Communicating change<br />

The Bureau fully understood the many elements <strong>and</strong> risk pr<strong>of</strong>iles <strong>of</strong> such a complex project. It developed <strong>and</strong><br />

implemented a wide range <strong>of</strong> tools to communicate <strong>and</strong> support the delivery <strong>of</strong> the project rollout. These<br />

included:<br />

• Management <strong>and</strong> executive briefings.<br />

• Bureau meteorology training courses.<br />

• Forecaster <strong>and</strong> science <strong>for</strong>ums.<br />

• Media briefings.<br />

• In<strong>for</strong>mation stall at conferences as well as boating or agricultural events.<br />

• Minutes/briefs (internal).<br />

• Industry base in<strong>for</strong>mation <strong>and</strong> notices (posted on the Bureau website <strong>and</strong> registered user pages).<br />

• Staff newsletters (posted on intranet) mailing lists <strong>and</strong> internal wikis.<br />

• Frequently Asked Questions (internal & external).<br />

• Papers/presentations at industry <strong>for</strong>ums.<br />

• Print media.<br />

• Television <strong>and</strong> radio broadcasts, face-to-face meetings <strong>and</strong> surveys.<br />

The Bureau’s communication activities were comprehensive <strong>and</strong> targeted a wide range <strong>of</strong> users, stakeholders<br />

<strong>and</strong> consumers. This minimised the risk <strong>of</strong> a poor reception <strong>of</strong> the project from <strong>for</strong>ecasters, <strong>and</strong> increased the<br />

opportunities <strong>for</strong> identifying <strong>and</strong> resolving any emerging issues.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


Short-term benefits<br />

The Bureau acknowledged that its risk initiative faced a number <strong>of</strong> inherent risks, however, by fully integrating<br />

structured risk identification, assessment <strong>and</strong> a mitigation framework, the project has successfully met<br />

deliverables.<br />

Some <strong>of</strong> the immediate benefits identified include:<br />

• Modernised weather <strong>for</strong>ecast production with more accurate <strong>for</strong>ecasts <strong>and</strong> warnings to allow the Australian<br />

community to mitigate weather-related risks.<br />

• Can issue more visual <strong>and</strong> graphic <strong>for</strong>ecasts.<br />

• Improved accuracy, detail, consistency <strong>and</strong> presentation <strong>of</strong> <strong>for</strong>ecast <strong>and</strong> warning in<strong>for</strong>mation, including high<br />

impact events, such as heavy rain or bushfires.<br />

• Extended the <strong>for</strong>ecast outlook period so more days are covered going <strong>for</strong>ward.<br />

• Geographic equity <strong>of</strong> services <strong>for</strong> city, rural <strong>and</strong> Indigenous communities, with more frequent <strong>and</strong> detailed<br />

services <strong>for</strong> everyone, not just those living in major cities.<br />

• Plat<strong>for</strong>m can be extended <strong>and</strong> supported to satisfy the increasing dem<strong>and</strong> <strong>for</strong> services at a local level.<br />

The Bureau’s risk initiative has delivered benefits to the agency as well as the Australian public, industry <strong>and</strong><br />

other government agencies (<strong>for</strong> example AMSA).<br />

Long-term results<br />

Long-term benefits <strong>for</strong> the Bureau thanks to its implementation <strong>of</strong> NexGenFWS include:<br />

• The Bureau’s disaster mitigation services can provide spatially oriented services to major clients.<br />

• Accurate weather in<strong>for</strong>mation will be available to all Australians, including small isolated communities <strong>and</strong><br />

Australian Indigenous communities.<br />

• The Bureau is better placed to meet its on-going commitments under the Meteorology Act 1955.<br />

• The system supports international disaster mitigation activities.<br />

• The plat<strong>for</strong>m can be extended to allow quick development <strong>and</strong> delivery <strong>of</strong> new products.<br />

• Tailored GFE system being made available to other countries.<br />

• Broader community has confidence in the quality <strong>of</strong> the Bureau’s warning products <strong>and</strong> services.<br />

• The system supports the rapid adoption <strong>of</strong> developments in meteorological science <strong>and</strong> technology.<br />

• Confidence within the Bureau that the system is providing effective <strong>for</strong>ecasts <strong>and</strong> warnings, <strong>and</strong> is able to<br />

meet changing community needs <strong>and</strong> delivery expectations.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Highly Commended – BOM<br />

33


Risk Initiative Category – Honourable Mention – DAFF<br />

34<br />

<strong>Department</strong> <strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry<br />

Honourable Mention<br />

Overview<br />

Today’s biosecurity organisations face significant challenges globally. Chief among these are environmental<br />

change, changes in human movement, trade <strong>and</strong> economic development, <strong>and</strong> the evolution <strong>and</strong> emergence <strong>of</strong><br />

pests <strong>and</strong> diseases.<br />

To gather <strong>and</strong> analyse in<strong>for</strong>mation on new hazards expected to affect aquatic animal health, the <strong>Department</strong><br />

<strong>of</strong> Agriculture, Fisheries <strong>and</strong> Forestry (DAFF) developed an online intelligence system dedicated to tracking <strong>and</strong><br />

<strong>for</strong>ecasting outbreaks <strong>of</strong> aquatic animal diseases.<br />

AquaticHealth.net is the first <strong>of</strong> its kind in the world <strong>and</strong> scans the internet on a regular basis <strong>for</strong> open-source<br />

content (news <strong>and</strong> journal articles <strong>and</strong> ‘tweets’ from Twitter) related to aquatic animal health. The system<br />

allows anyone to submit content, automatically detects location in<strong>for</strong>mation that can be plotted on a Google<br />

Map, <strong>and</strong> tags the in<strong>for</strong>mation with useful key terms.<br />

All users can browse content <strong>and</strong> generate reports <strong>and</strong> maps (by search terms, filtered date ranges, tags,<br />

locations) <strong>and</strong> receive resource description framework site summary feeds as well as e-mail updates.<br />

The Risk Management Framework—creating the foundation to effectively manage risk<br />

AquaticHealth.net is one <strong>of</strong> DAFF’s strategic priorities to manage Australia’s biosecurity by effectively identifying<br />

<strong>and</strong> targeting the management <strong>of</strong> risk to aquatic animals.<br />

In creating AquaticHealth.net, the agency undertook a systematic, agency-wide approach to underpin the<br />

gathering, analysis, reporting <strong>and</strong> application <strong>of</strong> biosecurity intelligence on emerging aquatic diseases. It also<br />

monitored changes in a range <strong>of</strong> dynamic processes such as environmental, social <strong>and</strong> technological change,<br />

which affect pests <strong>and</strong> diseases associated with aquatic animals.<br />

Along with gathering in<strong>for</strong>mation, the agency also developed systems to store <strong>and</strong> retrieve it. When analysed, the<br />

in<strong>for</strong>mation gathered led to useful intelligence that in<strong>for</strong>med strategic planning, resource allocation <strong>and</strong> policy<br />

development within the agency.<br />

The three strategies identified in DAFF’s business plan to meet its objective were:<br />

1. Develop intelligence, risk analysis <strong>and</strong> risk management capability.<br />

2. Move toward an effective integration <strong>of</strong> pre-border, border <strong>and</strong> post border activities based on assessing <strong>and</strong><br />

managing risk.<br />

3. Lead <strong>and</strong> support staff to make sure they have the skills, knowledge <strong>and</strong> tools to match business priorities.<br />

An early warning system <strong>for</strong> emerging threats<br />

This initiative fills an identified gap in the risk analysis research sponsored by DAFF. It provides an early warning<br />

system <strong>for</strong> emerging threats <strong>and</strong> is integral to developing effective biosecurity strategies.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


AquaticHealth.net allows authenticated users to tag, edit <strong>and</strong> classify all reports, as well as add <strong>and</strong> refine the<br />

search terms the system uses to find content. The system also includes a wiki in which authenticated users can<br />

edit <strong>and</strong> update entries on diseases <strong>and</strong> other topics related to aquatic animal health. Each wiki page includes a<br />

<strong>for</strong>ecasting section, where users can make <strong>and</strong> debate <strong>for</strong>ecasts <strong>of</strong> disease outbreaks.<br />

Utilising social networking<br />

The result is an online intelligence system <strong>for</strong> aquatic animal health that is social at almost every level <strong>and</strong><br />

provides relevant in<strong>for</strong>mation to decision-makers in a practical, efficient <strong>and</strong> timely manner.<br />

This web-based approach utilises social networking to find gaps in biosecurity in<strong>for</strong>mation <strong>and</strong> allows DAFF<br />

to achieve its business objectives. DAFF manages the risks associated with this type <strong>of</strong> social network by only<br />

allowing authenticated users to take part.<br />

The work is funded through competitive research grants awarded <strong>and</strong> administered by the Australian Centre <strong>of</strong><br />

<strong>Excellence</strong> in Risk Analysis (ACERA). ACERA’s core function is to develop the practice <strong>of</strong> risk analysis by creating<br />

<strong>and</strong> testing methods, protocols, analytical tools <strong>and</strong> procedures to benefit both government <strong>and</strong> the broader<br />

Australian community. ACERA’s funding is managed by DAFF.<br />

Implementing strategies, plans <strong>and</strong> processes<br />

AquaticHealth.net was implemented <strong>and</strong> adopted through case studies, participation <strong>of</strong> DAFF staff, <strong>and</strong> through<br />

dissemination <strong>of</strong> tools <strong>and</strong> techniques on both the DAFF intranet <strong>and</strong> internet (including linking with social<br />

media), <strong>and</strong> through successful outcomes from the tools developed to date.<br />

DAFF adopted a ‘crowd-sourcing method’, which is an open call to an undefined group, usually made up <strong>of</strong> people<br />

appropriate <strong>for</strong> a specific task, to analyse or solve a problem via AquaticHealth.net. Users could be anonymous or<br />

authenticated <strong>and</strong> all users can view the system’s reports, add reports, <strong>and</strong> add commentary. Authenticated users<br />

have additional privileges, including the ability to edit report content <strong>and</strong> to classify <strong>and</strong> tag reports.<br />

In designing AquaticHealth.net, DAFF combined the cheapness <strong>and</strong> efficiency <strong>of</strong> automation with the accuracy<br />

<strong>and</strong> potential <strong>for</strong> value-adding by individuals. The system was made as open as possible, by providing the<br />

potential <strong>for</strong> users to rank, comment on <strong>and</strong> add value to reports, modify search capacities, tag <strong>and</strong> classify<br />

content, add new in<strong>for</strong>mation the automated scan misses, as well as location in<strong>for</strong>mation.<br />

AquaticHealth.net is unique <strong>and</strong> is now highly regarded both nationally <strong>and</strong> internationally <strong>for</strong> the detection <strong>of</strong><br />

developing biosecurity risks on a global scale.<br />

Tracking in<strong>for</strong>mation<br />

Between 50 <strong>and</strong> 100 articles are gathered daily by the current list <strong>of</strong> search terms <strong>and</strong> listed in the daily scan.<br />

Of these, only about five to ten articles are published <strong>and</strong> tagged by users as useful, <strong>and</strong> <strong>of</strong> the published reports,<br />

the system will tag about ten articles each week as ‘disease news’.<br />

The global aquatic animal health intelligence community is growing stronger <strong>and</strong> adding value to this<br />

web-based intelligence system every day. To promote it, DAFF has delivered presentations <strong>and</strong> media material<br />

at major global aquatic animal health conferences. Google has also played its part thanks to the way its search<br />

engine prioritises listing <strong>of</strong> relevant websites. This has resulted in the site appearing in the top five results when<br />

you search <strong>for</strong> in<strong>for</strong>mation relating to any aquatic animal disease.<br />

User statistics show the site is gaining momentum daily. This means DAFF is continually upgrading capacity to<br />

h<strong>and</strong>le the volume <strong>of</strong> traffic.<br />

As the site scans into the future, it should detect <strong>and</strong> save nearly every piece <strong>of</strong> in<strong>for</strong>mation on aquatic animal<br />

disease that hits the electronic environment. And as the user community grows, AquaticHealth.net will become<br />

an essential <strong>and</strong> powerful in<strong>for</strong>mation resource <strong>for</strong> all aquatic animal health specialists, industry participants <strong>and</strong><br />

biosecurity experts around the world.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Honourable Mention – DAFF<br />

35


Risk Initiative Category – Honourable Mention – DAFF<br />

36<br />

The benefits <strong>of</strong> implementation<br />

Although AquaticHealth.net is a new initiative it has been able to:<br />

• Capture emerging disease in<strong>for</strong>mation.<br />

• Analyse disease trends.<br />

• Map diseases.<br />

• Organise data <strong>and</strong> per<strong>for</strong>m basic <strong>for</strong>ecasting.<br />

• Contribute to strategic planning.<br />

• Provide biosecurity alerts, build biosecurity risk pr<strong>of</strong>iles .<br />

• Support decision-making relating to imports <strong>and</strong> exports.<br />

Reports are generated by the system <strong>and</strong> cover a six-month period. They are entered into the ‘Emerging Diseases’<br />

wiki <strong>and</strong> the in<strong>for</strong>mation produced is provided to Australian government committees responsible <strong>for</strong> aquatic<br />

animal health <strong>and</strong> identifying emerging diseases; specifically <strong>for</strong> emerging issues outside Australia.<br />

The report allows the committees to keep abreast <strong>of</strong> potential emerging disease threats, in<strong>for</strong>m biosecurity<br />

planning <strong>and</strong> recommend preventive action on significant issues if needed.<br />

For example, an interrogation <strong>of</strong> AquaticHealth.net provided evidence <strong>of</strong> the unregulated movement <strong>of</strong> used<br />

aquaculture equipment that would adversely affect the viability <strong>of</strong> Australia’s oyster farmers. Within weeks <strong>of</strong><br />

the threat becoming known, the Australian Government introduced preventive measures to ensure all used<br />

equipment exported to Australia was decontaminated on arrival.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


One <strong>of</strong> the critical functions <strong>of</strong> AquaticHealth.net is the ability to develop <strong>and</strong> continuously improve the search<br />

terms responsible <strong>for</strong> gathering relevant in<strong>for</strong>mation. To further support its search capabilities a translation<br />

function <strong>for</strong> non-English speaking countries is to be developed. However, this function depends on collaboration<br />

with language experts <strong>and</strong> on non-English speaking users <strong>of</strong> the system increasing.<br />

The collection <strong>of</strong> disease-related in<strong>for</strong>mation is building a bank that will allow analysts to identify <strong>and</strong> interpret<br />

emerging risks. As more in<strong>for</strong>mation enters, is archived, searched <strong>and</strong> sorted, the power <strong>of</strong> the website as a critical<br />

intelligence resource will become apparent.<br />

The initiative has been successfully integrated in to DAFF’s risk management processes <strong>and</strong> the agency has<br />

started building similar websites <strong>for</strong> intelligence communities involved in plant health, avian influenza <strong>and</strong><br />

biosecurity <strong>for</strong>ecasting <strong>for</strong> future health planning.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Honourable Mention – DAFF<br />

37


Risk Initiative Category – Honourable Mention – ACBPS<br />

38<br />

Australian Customs <strong>and</strong> Border Protection Service<br />

Honourable Mention<br />

Overview<br />

The Australian Customs <strong>and</strong> Border Protection Service (Customs <strong>and</strong> Border Protection) manages a range <strong>of</strong> risks<br />

to the Australian border, while also facilitating legitimate trade <strong>and</strong> travel.<br />

Over the next eight years, international passenger movements are projected to increase to around 40 million,<br />

while incoming container <strong>and</strong> air cargo consignments will double to almost 27 million annually.<br />

Combined with these trends, Customs <strong>and</strong> Border Protection faces an equally challenging fiscal environment.<br />

Like most public sector agencies around the world, the agency must re-prioritise existing resources, rather than<br />

receive additional funding from government.<br />

To meet priorities <strong>and</strong> achieve its outcomes, Customs <strong>and</strong> Border Protection adopted an intelligence-led<br />

risk-based approach to intervention <strong>and</strong> assurance.<br />

The Risk Management Framework—creating the foundation to effectively manage risk<br />

Customs <strong>and</strong> Border Protection is meeting the challenge <strong>of</strong> managing its future operating environment <strong>and</strong> a<br />

tightening resource base by developing a strategic plan that incorporates a rigorous risk management model.<br />

This approach is embodied in the agency’s new Multi-Year Planning <strong>and</strong> Budgetary Framework <strong>and</strong> its Risk<br />

Management Framework, which together are referred to as ‘the Frameworks’. Taken together, these documents<br />

represent the agency’s blueprint <strong>for</strong> a risk-based approach to strategic planning.<br />

The Frameworks moved Customs <strong>and</strong> Border Protection away from a traditional annual planning system to an<br />

intelligence-led, risk-based, multi-year approach. They are being implemented progressively, with a view to firmly<br />

embedding each component into every area <strong>of</strong> the organisation.<br />

At the core <strong>of</strong> the Frameworks is the idea that Customs <strong>and</strong> Border Protection’s basic mission is to manage<br />

‘Border Risk’. This refers to the likelihood that people or goods will enter or leave the country without<br />

authorisation or without meeting the necessary entry <strong>and</strong> exit conditions.<br />

Border Risk encompasses many different commodities <strong>and</strong> outcomes, ranging from illicit drugs <strong>and</strong> firearms, to<br />

the illegal movement <strong>of</strong> people <strong>and</strong> money.<br />

A notion closely related to Border Risk introduced by the Frameworks is that <strong>of</strong> ‘Enabling Risk’. Enabling Risk covers<br />

the aspects <strong>of</strong> the business that support <strong>and</strong> enable Customs <strong>and</strong> Border Protection’s core operational responses<br />

to Border Risk. In their simplest <strong>for</strong>m, the Frameworks aim to link resourcing to risk.<br />

The risk-based system is allowing Customs <strong>and</strong> Border Protection to better underst<strong>and</strong> what a change in the risk<br />

environment will mean <strong>for</strong> its business strategy, <strong>and</strong> how a change in the strategy will affect the agency’s control<br />

<strong>of</strong> the risk environment. In this regard Customs <strong>and</strong> Border Protection will only allocate resources within the<br />

agency if they can be justified <strong>and</strong> linked to a change in the risk environment or its risk appetite.<br />

A key challenge <strong>for</strong> Customs <strong>and</strong> Border Protection in developing its risk model was connecting conventional<br />

enterprise risk management concerns, with the new risk-based approach to strategic planning, where decisions<br />

are made based on whether its core operations are achieving strategic objectives.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


The Frameworks guide risk management actions that support the agency’s strategic objectives by linking<br />

allocation <strong>of</strong> resources with the potential <strong>for</strong> certain events to occur.<br />

Customs <strong>and</strong> Border Protection is using risk management to support innovation <strong>and</strong> is looking at how it can use<br />

a new risk-based approach to develop its strategic planning, as well as risk manage its conventional enterprise<br />

concerns.<br />

Implementing strategies, plans <strong>and</strong> processes<br />

Due to the scale <strong>and</strong> breadth <strong>of</strong> the Frameworks, Customs <strong>and</strong> Border Protection is undertaking a phased,<br />

iterative approach to implementing the risk-based model, with a view to building a sustainable <strong>and</strong> mature<br />

capability over time.<br />

To support the implementation, a large amount <strong>of</strong> planning <strong>and</strong> development has already been undertaken <strong>and</strong><br />

includes:<br />

• Governance re<strong>for</strong>ms:<br />

• Reviewing all aspects <strong>of</strong> the agency’s strategic planning processes.<br />

• Creating ‘Risk Leads’ at the senior executive level, which are a single point <strong>of</strong> accountability <strong>for</strong> analytical<br />

management <strong>of</strong> each risk.<br />

• Creating a Risk Management Board.<br />

• Developing a per<strong>for</strong>mance measurement system around the risk-based model that reduces uncertainty<br />

around the risk environment.<br />

• Emphasis on taking stock <strong>of</strong> Customs <strong>and</strong> Border Protection’s position re Border <strong>and</strong> Enabling Risks at<br />

mid- <strong>and</strong> end-<strong>of</strong>-year reviews.<br />

• Development <strong>of</strong> the following documents <strong>and</strong> processes:<br />

• Strategic Threat Assessment document.<br />

• An agency-wide Risk Plan that <strong>for</strong>ms the cornerstone <strong>of</strong> the agency’s approach.<br />

• Strategic Planning Guidance material.<br />

• Annual PIan. This outlines the core risk-driven priorities <strong>and</strong> investment decisions <strong>for</strong> the coming year.<br />

• Supporting Activities that include Risk Per<strong>for</strong>mance e-Reporting, regular reporting to the executive on<br />

per<strong>for</strong>mance, conducting a full end-<strong>of</strong>-year assessment on how risks have been managed.<br />

• Education campaigns that focus on validating risk assessments, testing new or different ways to deal with a<br />

Border Risk, ways to better focus ef<strong>for</strong>ts, filling knowledge gaps <strong>and</strong> testing perceived risks or vulnerabilities.<br />

• Practical exercises designed to test Customs <strong>and</strong> Border Protection’s capabilities <strong>and</strong> see if its assumptions<br />

on resulting threats are right.<br />

• Game changer workshops to develop innovative methods <strong>of</strong> intervention at the border.<br />

This phased approach is fully supported by the Executive <strong>and</strong> has allowed the agency to develop a sophisticated<br />

per<strong>for</strong>mance measurement system around the risk-based model, which will help it mature its approach to risk.<br />

Short-term benefits<br />

In the first cycle <strong>of</strong> implementing its risk-based model, Customs <strong>and</strong> Border Protection gained unprecedented<br />

visibility <strong>of</strong> its risk environment.<br />

For the first time, it was able to carry out assessments <strong>of</strong> each Border <strong>and</strong> Enabling Risk across the entire agency<br />

at the same time. More importantly, it fed these assessments directly into its strategic planning <strong>and</strong> resource<br />

allocation processes.<br />

Be<strong>for</strong>e introducing the new model, capital investment proposals were not linked to assessments <strong>of</strong> risk. With the<br />

new risk-based model, vulnerabilities that are critical, urgent or otherwise significant are prioritised <strong>for</strong> funding<br />

(through the Strategic Planning Guidance).<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

Risk Initiative Category – Honourable Mention – ACBPS<br />

39


Risk Initiative Category – Honourable Mention – ACBPS<br />

40<br />

Ultimately, these priorities are listed in the agency’s Annual Plan, which in turn connects directly to branch <strong>and</strong><br />

divisional plans where relevant line areas identify actions to address the gaps.<br />

Customs <strong>and</strong> Border Protection has seen the following results:<br />

• Scarce resources are being allocated to areas <strong>of</strong> highest risk first, based on explicit evaluations <strong>of</strong> both Border<br />

<strong>and</strong> Enabling Risk.<br />

• Single points <strong>of</strong> accountability spread across the organisation are responsible <strong>for</strong> assessing the alignment <strong>of</strong><br />

its capabilities with the risk environment.<br />

• Customs <strong>and</strong> Border Protection can now respond quickly <strong>and</strong> confidently to new <strong>and</strong> emerging threats<br />

because the risk assessment process is linked directly to the budget process.<br />

• All levels <strong>of</strong> the organisation are taking greater ownership <strong>for</strong> responding to risk gaps as accountability is<br />

embedded in its core planning documents.<br />

• Customs <strong>and</strong> Border Protection is reducing uncertainty by increasing its knowledge <strong>of</strong> the operating<br />

environment, measuring per<strong>for</strong>mance <strong>and</strong> validating the results.<br />

Long-term results<br />

This initiative is allowing Customs <strong>and</strong> Border Protection to more quickly <strong>and</strong> confidently re-prioritise funding to<br />

manage emerging threats <strong>and</strong> risks. It is also making sure the agency can readily adapt to changing government<br />

priorities, capabilities, planning <strong>and</strong> budgetary requirements.<br />

When fully mature, the risk-based approach will allow Customs <strong>and</strong> Border Protection to continuously:<br />

• Reassess the threats to the border <strong>and</strong> its business needs.<br />

• Evaluate the adequacy <strong>and</strong> effectiveness <strong>of</strong> its control strategies <strong>and</strong> enabling functions.<br />

• Develop initiatives to respond to identified gaps in controls <strong>and</strong> business functions.<br />

• Link these initiatives to the budget so that resources are allocated annually to areas <strong>of</strong> highest priority.<br />

The risk-based approach is also making it easier <strong>for</strong> Customs <strong>and</strong> Border Protection to contribute to the following<br />

government policies:<br />

• National security through strong border security.<br />

• Increased trading to allow more jobs to be created <strong>and</strong> increasing Australia’s prosperity.<br />

• Enhancing Australia’s economic prosperity through tourism.<br />

• Fiscal responsibility.<br />

When its risk-based approach is fully operational, Customs <strong>and</strong> Border Protection will be able to continuously<br />

reassess, evaluate <strong>and</strong> improve the threats to the border, control border strategies, identify <strong>and</strong> treat gaps in its<br />

controls <strong>and</strong> business functions, as well as link the strategies to the budget so resources are allocated annually to<br />

areas <strong>of</strong> highest priority.<br />

<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies


<strong>Comcover</strong> <strong>Awards</strong> <strong>for</strong> <strong>Excellence</strong> 2012 Case studies <strong>of</strong> award winning agencies<br />

41

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!