Operational Reporting - Essential Energy
Operational Reporting - Essential Energy
Operational Reporting - Essential Energy
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CORPORATE GOVERNANCE<br />
Credit card certification<br />
Use of corporate credit cards is in line with Country <strong>Energy</strong>’s Procedural<br />
Guideline: Credit Cards, Treasurer’s directions and Premier’s memoranda.<br />
Freedom of Information (FOI)<br />
During the year, nine applications were received under the Freedom of<br />
Information Act 1989 (Cth).<br />
2006 – 2007 2007 – 2008<br />
Applications granted in full 7 2<br />
Applications partially granted 1 4<br />
Applications denied 1 1<br />
Applications where no documents held 1 1<br />
Applications pending - 1<br />
There were no internal reviews during the 2007–08 financial year.<br />
There was no involvement by the Ombudsman or the Administrative<br />
Decisions Tribunal in relation to any requests under the FOI Act.<br />
No major issues arose in relation to Country <strong>Energy</strong>’s annual reporting<br />
compliance under the FOI Act.<br />
Privacy<br />
Country <strong>Energy</strong> complies with The National Privacy Principles which form<br />
part of the Privacy Act 1988 (Cth) as the base line privacy standards in<br />
relation to personal information held.<br />
Securing Country <strong>Energy</strong> information assets<br />
In line with the Premier’s Memorandum No. 2007 – 04, outlining<br />
guidelines to meet the NSW government’s electronic information security<br />
objectives, Country <strong>Energy</strong> has achieved and continues to be audited<br />
for compliance to the International Standard AS/NZ ISO/IEC 27001<br />
Information technology – Security techniques – Information security<br />
management system. A key component of the standard is the creation<br />
and ongoing maintenance of an Information Security Management<br />
System (ISMS).<br />
The ISMS is designed to ensure the selection of adequate and<br />
proportionate security controls that protect Country <strong>Energy</strong>’s information<br />
assets. Further it gives a high level of confidence to the Country <strong>Energy</strong><br />
Board and Executive, stakeholders and customers that our information<br />
assets are managed securely.<br />
Independent internationally certified external auditors regularly review<br />
and report on Country <strong>Energy</strong>’s compliance to this standard as a key<br />
activity to maintain certification. This ongoing auditing and reporting are<br />
a required part of operating, monitoring, maintaining and improving our<br />
ISMS and more importantly ensure that Country <strong>Energy</strong> information<br />
assets are secured.<br />
Business continuity<br />
Country <strong>Energy</strong> is committed to a business continuity management<br />
framework that identifies and supports critical processes to be resilient<br />
in times of stress.<br />
This framework covers processes identified as critical within current<br />
national security context of ‘medium’. It includes a number of Business<br />
Continuity Plans for processes identified as critical to operations.<br />
At a regional level there are strategic and tactical level plans to assist<br />
employees deal with regional emergencies. These plans take a specific<br />
focus on identifying and containing environmental and safety hazards.<br />
The apex plan within the framework is the Corporate Crisis Management<br />
and Recovery plan which is invoked to deal with high impact high<br />
consequence events.<br />
Ongoing review and monitoring occurs at all levels of management<br />
through table top exercises to promote familiarity with plans and<br />
processes for rapid and effective recovery, modification of plans to<br />
cope with new and redundant sub-processes and open discussion around<br />
process improvement and risk mitigation.<br />
The outcomes of simulated exercises and subsequent recommendations<br />
for changes to Business Continuity Plans are reported to the Executive<br />
Manager accountable for the process under review and to the Executive<br />
in regards to Crisis Management and Recovery.<br />
Country <strong>Energy</strong>’s business continuity framework is broadly modelled<br />
on Standards Australia document HB221:2004 and HB292:2006.<br />
Risk management<br />
Country <strong>Energy</strong> is committed to a risk management framework that<br />
supports our corporate responsibilities while at the same time assisting<br />
the achievement of our strategic objectives.<br />
Country <strong>Energy</strong>’s risk management process is modelled on the<br />
AS/NZS 4360:2004 standard. Country <strong>Energy</strong>’s context is based on the<br />
Country <strong>Energy</strong> Strategy Statement, set by the Board and Executive. The<br />
risk assessment process including identifying, analysing and evaluating<br />
risks is conducted on an annual basis through the Executive and Board<br />
Priority Risk review and also on a quarterly basis through Divisional Risk<br />
Coordinators’ meetings.<br />
Risk treatment occurs through the existing controls that are in place<br />
and also through the fulfilment of risk control plans by the responsible<br />
divisions.<br />
Ongoing review and monitoring occurs at all levels of management<br />
through open discussion and reporting by the Divisional Risk<br />
Coordinators and the Risk Management Team to the Executive and<br />
to the Audit and Risk Committee of the Board.<br />
The Risk Management Policy is designed, amongst other things to:<br />
<br />
it a key part of normal business practice and decision making<br />
<br />
against pre-established criteria<br />
<br />
emerging issues and after analysis provide appropriate treatment<br />
in line with Country <strong>Energy</strong>’s risk appetite<br />
<br />
about risk management issues both in Country <strong>Energy</strong> and with<br />
relevant external stakeholders.<br />
Home<br />
56 Finding better ways