Operational Reporting - Essential Energy

CORPORATE GOVERNANCE
Credit card certification
Use of corporate credit cards is in line with Country Energy’s Procedural
Guideline: Credit Cards, Treasurer’s directions and Premier’s memoranda.
Freedom of Information (FOI)
During the year, nine applications were received under the Freedom of
Information Act 1989 (Cth).
2006 – 2007 2007 – 2008
Applications granted in full 7 2
Applications partially granted 1 4
Applications denied 1 1
Applications where no documents held 1 1
Applications pending - 1
There were no internal reviews during the 2007–08 financial year.
There was no involvement by the Ombudsman or the Administrative
Decisions Tribunal in relation to any requests under the FOI Act.
No major issues arose in relation to Country Energy’s annual reporting
compliance under the FOI Act.
Privacy
Country Energy complies with The National Privacy Principles which form
part of the Privacy Act 1988 (Cth) as the base line privacy standards in
relation to personal information held.
Securing Country Energy information assets
In line with the Premier’s Memorandum No. 2007 – 04, outlining
guidelines to meet the NSW government’s electronic information security
objectives, Country Energy has achieved and continues to be audited
for compliance to the International Standard AS/NZ ISO/IEC 27001
Information technology – Security techniques – Information security
management system. A key component of the standard is the creation
and ongoing maintenance of an Information Security Management
System (ISMS).
The ISMS is designed to ensure the selection of adequate and
proportionate security controls that protect Country Energy’s information
assets. Further it gives a high level of confidence to the Country Energy
Board and Executive, stakeholders and customers that our information
assets are managed securely.
Independent internationally certified external auditors regularly review
and report on Country Energy’s compliance to this standard as a key
activity to maintain certification. This ongoing auditing and reporting are
a required part of operating, monitoring, maintaining and improving our
ISMS and more importantly ensure that Country Energy information
assets are secured.
Business continuity
Country Energy is committed to a business continuity management
framework that identifies and supports critical processes to be resilient
in times of stress.
This framework covers processes identified as critical within current
national security context of ‘medium’. It includes a number of Business
Continuity Plans for processes identified as critical to operations.
At a regional level there are strategic and tactical level plans to assist
employees deal with regional emergencies. These plans take a specific
focus on identifying and containing environmental and safety hazards.
The apex plan within the framework is the Corporate Crisis Management
and Recovery plan which is invoked to deal with high impact high
consequence events.
Ongoing review and monitoring occurs at all levels of management
through table top exercises to promote familiarity with plans and
processes for rapid and effective recovery, modification of plans to
cope with new and redundant sub-processes and open discussion around
process improvement and risk mitigation.
The outcomes of simulated exercises and subsequent recommendations
for changes to Business Continuity Plans are reported to the Executive
Manager accountable for the process under review and to the Executive
in regards to Crisis Management and Recovery.
Country Energy’s business continuity framework is broadly modelled
on Standards Australia document HB221:2004 and HB292:2006.
Risk management
Country Energy is committed to a risk management framework that
supports our corporate responsibilities while at the same time assisting
the achievement of our strategic objectives.
Country Energy’s risk management process is modelled on the
AS/NZS 4360:2004 standard. Country Energy’s context is based on the
Country Energy Strategy Statement, set by the Board and Executive. The
risk assessment process including identifying, analysing and evaluating
risks is conducted on an annual basis through the Executive and Board
Priority Risk review and also on a quarterly basis through Divisional Risk
Coordinators’ meetings.
Risk treatment occurs through the existing controls that are in place
and also through the fulfilment of risk control plans by the responsible
divisions.
Ongoing review and monitoring occurs at all levels of management
through open discussion and reporting by the Divisional Risk
Coordinators and the Risk Management Team to the Executive and
to the Audit and Risk Committee of the Board.
The Risk Management Policy is designed, amongst other things to:
it a key part of normal business practice and decision making
against pre-established criteria
emerging issues and after analysis provide appropriate treatment
in line with Country Energy’s risk appetite
about risk management issues both in Country Energy and with
relevant external stakeholders.
Home
56 Finding better ways