How we manage our strategic risks

We have identified four ongoing strategic risks that have potential to significantly affect the carrying out of the Auditor-General’s role and work.

These risks are primarily managed through governance, internal controls and work processes, as shown in the table below.

Our Combined Leadership Team regularly assesses changes in our external or internal environments that could affect the Office's position. The Auditor-General’s Audit and Risk Committee receives a quarterly report, and provides additional insight and advice to the Auditor-General about our strategic risks.

Our strategic risks and how we manage them

Risk: Loss of independence
Independence underpins the value of the Auditor-General's work and reporting. Losing that independence in fact or appearance, whether by failure on the part of the Auditor-General, the Deputy Auditor-General, the Auditor-General’s staff or appointed auditors, would likely undermine trust in our organisation. We manage this risk by:
  • applying the Auditor-General's independence standards, which set a high standard of independence for all employees and auditors appointed to carry out audits and other work on the Auditor-General’s behalf;
  • monitoring the independence standards, including for the two statutory officers (the Auditor-General and the Deputy Auditor-General) and all employees. This includes requiring regular declarations by all employees and, where necessary, implementing measures to manage and mitigate conflicts of interest;
  • inducting staff on independence matters so that they understand the independence expectations and requirements;
  • monitoring the nature and extent of work carried out by audit service providers that could affect their independence when working on behalf of the Auditor-General; and
  • at senior management level, regularly monitoring and assessing factors that could threaten auditor independence.
Risk: Audit failure
The quality of our audit work is fundamental to our role. Issuing an incorrect audit opinion with material effect or a report that is significantly wrong may undermine the credibility of our work. We manage this risk by:
  • adhering to professional auditing standards, including implementing and complying with the current quality control standards from the External Reporting Board, supplemented by the Auditor-General's auditing standards, to address public sector matters not covered by general auditing standards;
  • monitoring adherence to auditing standards through external quality assurance regimes (such as practice reviews by the Chartered Accountants Australia and New Zealand, quality reviews by the Financial Markets Authority, and from time to time, peer reviews by our international counterparts);
  • applying internal quality control procedures, including carrying out quality assurance reviews of all our work on a risk basis and reviewing, on a rolling three-year timetable, the performance of all our appointed auditors and our different products;
  • formal training and development programmes and performance management systems which monitor employee performance and identify improvement opportunities; and ensuring that, before our reports are presented to Parliament, we carry out rigorous quality assurance internally, and externally check facts and fairness with affected parties.
Risk: Loss of capability
The quality and delivery of our work relies on the skills and professionalism of our employees. If we are unable to retain, recruit, or access people with the required technical and other skills we would likely be unable to maintain high standards of required outputs. We manage this risk by:
  • using rigorous selection processes as part of our recruitment programme to ensure we identify individuals with the right skills and personal attributes;
  • carrying out ongoing training and development of our employees and appointed auditors and their employees on matters necessary for audit work;
  • providing management programmes, leadership development initiatives, and professional development programmes for our own employees;
  • placing focus on organisational culture and employee engagement to ensure we retain talented employees; and using contract resources at peak times.
Risk: Loss of reputation
Failings in one or more of our other three ongoing strategic risks could negatively affect our reputation. The Auditor­-General's discretionary mandate is broad, and it is inevitable that we will not meet all expectations. However, a good reputation is essential for us to maintain effective relationships and credibility with stakeholders and the public. Our reputation could also be put at risk by unmanaged external expectations and perceptions about the role of the Auditor-General or its findings on any particular matter that has been the subject of audit scrutiny. We manage this risk by:
  • exercising judgement about where to focus our audit effort and how best to report while also achieving the greatest likelihood of public sector improvement. We also actively seek feedback on our work, for example:
    • we carry out regular stakeholder and client feedback surveys;
    • we formally consult with members of Parliament on our proposed annual work programme;
    • at senior management level, we regularly discuss issues and feedback from key stakeholders and public entities about our work;
    • at a senior management level, including the Auditor-General and the Deputy Auditor-General, we liaise with public entities and key stakeholders;
    • we regularly monitor our own compliance, for example legislative compliance, internal controls and independence standards; and
    • we monitor external sources, including media and social media, to identify where the Office could communicate more effectively about its role and the results of its work.

Page last updated: 20 September 2016