4Managing the AEC

Risk management and business continuity

The AEC is committed to integrating risk management principles and practices into its business processes. A range of initiatives guide the work of the AEC in its commitment to minimising risk and ensuring business continuity.

Addressing risk

Risk management allows the AEC to better understand the choices faced in allocating resources in support of its corporate plan. It also improves decision-making, performance and accountability, and acts to minimise losses and maximise opportunities for the agency.

Accordingly, risk assessments and risk management processes are incorporated into all critical activities of the agency. A Strategic Risk Management Plan and the Risk Management Policy set the risk environment in which the AEC operates. The Strategic Risk Management Plan is supported by operational and project risk assessments. All risk assessments are recorded in an Enterprise Risk Register (see next section).

There is monthly risk management reporting to the Executive Leadership Team and other internal business and operational groups at the AEC.

Further, the AEC contributes to the annual Comcover Risk Management Benchmarking Survey, with the 2016 results showing the AEC comparing well with like organisations, and making significant improvements since the previous year. In 2015–16 the AEC’s risk management maturity level improved from systematic to integrated.

The AEC will continue to work towards maturing its risk framework, in particular through:

Risk register

In 2015–16, the enterprise risk register continued to provide a central platform for employees and management to record, assess and manage risks. By providing a snapshot of identified risks and management strategies, the register supported the agency in identifying, resolving and mitigating both operational and strategic risks.

Business assurance

The 2015–16 AEC Assurance Plan set out our proposed audit and assurance activity for the year. It was designed to provide assurance to the AEC Executive and the Business Assurance Committee that:

The Assurance Plan was based on the AEC’s risk exposure as identified in the 2014–15 Strategic Risk Management Plan and a range of environmental factors following the 2013 federal election, including:

The Assurance Plan also continued assurance work delivered through the annual Internal Audit Plan completed in previous years.

As a federal election was expected during 2016, the Assurance Plan was particularly targeted toward key election and election planning activities.

Business continuity

The AEC’s approach to business continuity management is based on maintaining the reliability of functions that are critical to our operations. A range of plans and initiatives, guided by the AEC Business Continuity Management Policy and Framework, address the agency’s need to respond appropriately to disruptive events, maintain reporting lines and efficiently deliver critical services.

The AEC Business Continuity Management Policy was updated in February 2016 and a new Business Continuity Management Handbook was developed to assist staff to understand and apply business continuity management processes.