4Managing the AEC
Risk management and business continuity
The AEC is committed to integrating risk management principles and practices into its business processes. A range of initiatives guide the work of the AEC in its commitment to minimising risk and ensuring business continuity.
Risk management allows the AEC to better understand the choices faced in allocating resources in support of its corporate plan. It also improves decision-making, performance and accountability, and acts to minimise losses and maximise opportunities for the agency.
Accordingly, risk assessments and risk management processes are incorporated into all critical activities of the agency. A Strategic Risk Management Plan and the Risk Management Policy set the risk environment in which the AEC operates. The Strategic Risk Management Plan is supported by operational and project risk assessments. All risk assessments are recorded in an Enterprise Risk Register (see next section).
There is monthly risk management reporting to the Executive Leadership Team and other internal business and operational groups at the AEC.
Further, the AEC contributes to the annual Comcover Risk Management Benchmarking Survey, with the 2016 results showing the AEC comparing well with like organisations, and making significant improvements since the previous year. In 2015–16 the AEC’s risk management maturity level improved from systematic to integrated.
The AEC will continue to work towards maturing its risk framework, in particular through:
- increased education and empowerment of staff
- use of key risk indicators and near-miss data
- investigating and implementing dedicated risk management software.
In 2015–16, the enterprise risk register continued to provide a central platform for employees and management to record, assess and manage risks. By providing a snapshot of identified risks and management strategies, the register supported the agency in identifying, resolving and mitigating both operational and strategic risks.
The 2015–16 AEC Assurance Plan set out our proposed audit and assurance activity for the year. It was designed to provide assurance to the AEC Executive and the Business Assurance Committee that:
- appropriate controls were in place over key/high risk business processes
- the effectiveness of these controls is continuously monitored
The Assurance Plan was based on the AEC’s risk exposure as identified in the 2014–15 Strategic Risk Management Plan and a range of environmental factors following the 2013 federal election, including:
- ANAO audits, AEC internal audits and the Keelty Report
- the Joint Standing Committee on Electoral Matters (JSCEM) reports into the 2013 federal election.
The Assurance Plan also continued assurance work delivered through the annual Internal Audit Plan completed in previous years.
As a federal election was expected during 2016, the Assurance Plan was particularly targeted toward key election and election planning activities.
The AEC’s approach to business continuity management is based on maintaining the reliability of functions that are critical to our operations. A range of plans and initiatives, guided by the AEC Business Continuity Management Policy and Framework, address the agency’s need to respond appropriately to disruptive events, maintain reporting lines and efficiently deliver critical services.
The AEC Business Continuity Management Policy was updated in February 2016 and a new Business Continuity Management Handbook was developed to assist staff to understand and apply business continuity management processes.