The Risk and Performance Committee (committee) is responsible for providing independent assurance and assistance to the Chief Executive on the operation and effectiveness of risk management, internal controls, legislative compliance, and internal and external accountability for the department.

The committee met on five occasions during 2021-22. Membership consists of both internal and external members and is independently chaired.

During 2021-22 the committee provided independent assurance on the operation and effectiveness of risk management, internal controls and compliance requirements for the department as prescribed under the committee’s Terms of Reference. Achievements during the year included:

• approved and monitored the delivery of the 2021-22 annual internal audit plan.
• reviewed the quality of the 2020-21 annual financial statements including variance analyses and other explanatory commentary prior to signing by the Chief Executive and lodgement with the Auditor-General.
• endorsed the annual review of DPC Strategic Risks and Risk Appetite Statement.
• provide oversight of the department’s strategic and operational risk registers, exposures and control issues.
• considered incoming correspondence to the department from the Auditor-General.
• provided oversight of the review of DPC fraud and corruption control, risk management, incident management and business continuity management policies and procedures during the year.

In 2022-23, the Committee will continue to focus on providing assurance to the Chief Executive by monitoring and overseeing DPC’s risk and control frameworks, internal and external audit issues and external accountability requirements. Specific attention will be given to department’s strategic risks, as well as emerging risks.

There were zero actual or reasonably suspected incidents of fraud detected in the Department of the Premier and Cabinet in 2021-22.

Data for previous years is available at DataSA.

Policies and procedures

The department has zero tolerance to fraud, corruption and other criminal conduct, misconduct and maladministration.

A key strategy for managing the risk of fraud, corruption and other criminal conduct, misconduct and maladministration is the proactive prevention of such conduct through the facilitation of a sound ethical culture.

The department has adopted and promotes the Code of Ethics for the South Australian Public Sector, which provides guidance to employees on appropriate behaviour.

The processes for preventing, detecting and responding to the risks of fraud are documented in the department’s Corruption and Maladministration Control Policy and Corruption and Maladministration Control Strategy which is consistent with the across government Fraud and Corruption Control Policy issued by the Commissioner for Public Sector Employment.

DPC Finance also supports the maintenance of an effective internal control environment by ensuring compliance with relevant legislation and regulations, namely the Public Finance and Audit Act 1987, applicable Treasurer’s Instructions and Australian Accounting Standards.

Internal processes

Processes are in place for identifying, recording, analysing, reporting and escalating fraud and corruption loss events and control failures.

These processes are supported by mechanisms to prevent, detect and respond to the risks of fraud, including:

• annual internal audit plans
• monthly Executive Financial Performance Reports
• management certification of internal controls as part of the department’s Financial Management Compliance Program and the end of financial year annual financial statements preparation process which includes the completion of fraud declarations by Key Management Personnel
• the maintenance of financial authorisations within the e-Procurement and EMS purchase card management systems including the performance of regular user access and transactional reviews
• conflict of interest declarations
• reporting of gifts and benefits offered to and received by employees
• employee screening
• internal and external audits
• disclosure of suspected or actual fraudulent behaviour.

Annual financial report

The annual financial report is supported by a system of internal controls that are monitored and assessed during the financial year through the department’s internal assurance processes and other processes undertaken by Shared Services SA as the external service provider.

Employee induction and online training

The department’s induction process ensures that all new employees are made aware of the Code of Ethics for the South Australian Public Sector and the Corruption and Maladministration Control Policy. This policy clearly stipulates a “zero tolerance” position in respect to fraud and corruption. Information is provided to all employees relating to the Code of Ethics on the departmental intranet.

New employees and those returning from a period of extended leave must undergo a mandatory induction process upon their commencement of employment in the form of a DPC Online Induction and an online Code of Ethics Awareness training course.

A Fraud and Corruption Awareness online course was reviewed and updated during the year which is made available and mandated for all employees to complete every three years, with any new starters required to complete the course as part of an induction program within six months of commencement.

Financial Management Compliance Program

Appropriate business practices are reinforced through the department’s Financial Management Compliance Program (FMCP) as mandated by Treasurer’s Instruction 28. The FMCP was undertaken through a control self-assessment comprising a series of questions which assess relevant policies, procedures, systems, internal controls, risk management, and statutory / financial / management reporting that is in operation across all business units within the department.

An independent risk-based validation of the results is undertaken, and results reported to the relevant business units and the Risk and Performance Committee.

Risk assessments

Business units undertake regular fraud and corruption risk assessments on their operations and are also required to identify, assess and monitor those risks and document mitigating actions in their risk registers which are subject to six-monthly reviews and monitoring throughout the year.

An annual assurance mapping review complements the risk management assessments by providing additional assurance around the state of governance, risk management and internal controls within DPC.

An annual review of strategic risks was also undertaken during the year to ensure they continue to reflect the current risk environment. This included a review of the departmental risk appetite statement to ensure the boundaries for prudent and consistent decision-making are clearly defined in order to effectively deliver our strategy.

Once every three years the department is required to conduct a comprehensive assessment of the risk of fraud and corruption within the department’s business operations in accordance with the Corruption and Maladministration Control Policy. Specialist resources were recruited, and a review was completed during the year. A Risk Culture Survey was also undertaken during the year. The survey acted to protect against the threat of fraud by increasing fraud risk awareness and fostering a strong risk culture, which can help stop fraudulent behaviour before it happens.

There were zero occasions on which public interest information has been disclosed to a responsible officer of the agency under the Public Interest Disclosure Act 2018:

Data for previous years is available a DataSA.

Note: Disclosure of public interest information was previously reported under the Whistleblowers Protection Act 1993 and repealed by the Public Interest Disclosure Act 2018 on 1/7/2019.