C.1 Risk management and internal audit
ACT Health’s Audit and Risk Management Committee Charter governs the operation of the Audit and Risk Management Committee. The Audit and Risk Management Committee plays an essential role by providing assurance to the Director-General on ACT Health’s governance and oversight in relation to risk management, internal systems and legislative compliance.
ACT Health’s Audit and Risk Management Committee’s ability to consider the internal control environment, governance and risk management activities objectively is facilitated by the mix of internal and external members, who are and supported by ACT Health’s Manager, Internal Audit and Risk Management.
ACT Health’s Audit and Risk Management Committee consists of five members: an independent chair, three senior executives from within ACT Health and one external member. Observers from ACT Health and the ACT Auditor-General’s Office also attend meetings. The Audit and Risk Management Committee held five meetings in 2012‑13.
The committee’s attendances are set out below:
|Name of member||Position||Duration||Meetings attended|
|Geoff Knuckey||Independent Chair||2 years||5|
|Ian Thompson||Deputy Chair||6.5 years||5|
|Tina Bracher||Member||2 months||1|
|Jeremy Chandler||External member||6 months||2|
|Judi Childs||Member||5.5 years||3|
|Stephen Goggs||Member||10 months||4|
|Bruce Jones||External member||6.5 years||3|
The Internal Audit and Risk Management Branch of ACT Health promotes and improves ACT Health’s corporate governance by conducting and coordinating internal audits, investigations and making recommendations for improvements. ACT Health’s Strategic Internal Audit Program for the period from 1 January 2012 to 30 June 2013 is designed to align with ACT Health’s strategic priorities and risks. The program is reviewed regularly to ensure that it continues to be effective.
In 2012‑13, 10 internal audit assignments were completed. Two special reviews were also commissioned in response to issues of concern identified during the year.
Audit findings and recommendations are rated in line with ACT Health’s Integrated Risk Management Guidelines. Throughout the year, the Manager, Internal Audit and Risk Management reported developments in implementing the Strategic Internal Audit program and implementation of audit recommendations to the Audit and Risk Management Committee.
The Audit and Risk Management Committee is also kept informed on implementation of recommendations made by the ACT Auditor-General’s Office, where these apply to ACT Health.
In 2012‑13, the ACT Health Risk Management Policy and Guidelines were reviewed in line with the International Standard for Risk Management AS/NZS ISO 31000. The revised documents clarify the governance arrangements and include clear responsibilities and measurable key performance indicators.
An Executives’ Risk Management workshop was also held in 2012‑13 to review the directorate’s organisational risks. ACT Health’s Executive Director’s Council is responsible for:
- monitoring timely, effective management of organisational level risks
- managing escalation of risks to organisational level.