LIGHTHOUSE PRINCIPLE: ETHICS
(based on ASX Principle 3)
High standards of conduct are instilled
Protecting the reputation of the Audit Office is vital to ensure our credibility and to maintain public trust in what we do. To do this we foster a culture that instils ethical behaviour, integrity, independence and respect, which are embedded in our core values of purpose, people and professionalism. These core values, and the NSW Public Sector values of integrity, trust, service and accountability, are the foundation of our Code of Conduct.
In support of our Code of Conduct, the Audit Office’s ethical framework includes policies covering conflicts of interest, gifts and benefits, diversity and inclusion, a respectful workplace, compliance, performance management, and privacy management.
During induction, all new staff are trained on the Audit Office’s ethical framework before signing the Code of Conduct and completing a Conflict of Interest declaration. These sign-offs are completed annually thereafter.
As part of post induction training, and to support the annual sign-off, all staff are required to complete an online training module before signing the Code of Conduct. We also have a Statement of Business Ethics which provides guidance for third parties when doing business with the Audit Office. The statement is available on our website and is included in our contract audit agents manual.
In 2016−17, we:
- reviewed and updated our Gifts and Benefits Policy
- reviewed and updated our Performance Management Policy
- updated our staff guidance material and on-line training for implications of our new local government mandate
- migrated the Conflict of Interest Declaration Form and Secondary Employment Form to our online system to improve tracking and monitoring
- streamlined the process for approval of secondary employment declarations.
The Audit Office is committed to protecting individual privacy and managing personal information in accordance with the Privacy and Personal Information Protection Act 1998 (Privacy Act). As required by the Privacy Act, the Audit Office has a Privacy Management Plan that sets out how we manage personal information in line with the Privacy Act and health information under the Health Records and Information Privacy Act 2002. This plan can be accessed on our website.
Prevent, detect and respond to fraud
The Audit Office has a zero tolerance for fraud and is committed to minimising the incidence of fraud by implementing and regularly reviewing strategies that prevent, detect and respond to fraud.
During 2016−17, we analysed the results of the biennial fraud control health check conducted in 2015−16. These results showed a positive response with 94 per cent of staff agreeing or strongly agreeing that the Audit Office has ethical policies in place. A further 90 per cent of staff agreed or strongly agreed that our fraud control policies and procedures tell our staff how to effectively deal with fraud risk.
Also in 2016−17, we commenced the biennial fraud risk assessment using a newly developed standard template used across the organisation to capture both operational and strategic risks.
No instances of suspected fraud against the Audit Office were detected during 2016−17.
The Audit Office has many compliance obligations including legislation, central agency directions, standards and codes. To meet these obligations, our compliance program promotes the importance of compliance to all staff, identifies obligations and responds to noncompliance.
The Audit Office’s compliance framework is based on International Standard ISO 19600-2014 Compliance Management Systems – Guidelines, and includes:
- a Compliance Policy
- a Register of Compliance Obligations that includes a risk assessment formally reviewed by the Office Executive
- annual verification of compliance through the Management Internal Control Sign-Off (see independent assurance and corporate reporting)
- financial and performance audit methodologies mapped to professional standards and legislation
- regular management reviews and reporting to the Office Executive and Audit and Risk Committee.
In 2016−17, we continued to maintain our centralised policy register which captures key internal policies and ensures policies are up-to-date and remain relevant. The register was updated in 2016−17 for the new local government mandate. Audit Office policies were also updated to reflect any potential impact of this new mandate.
The year ahead
In 2017–18, we will:
- analyse the results of our biennial fraud control risk assessment and action any areas for improvement
- complete the biennial fraud control health check
- develop a central conflicts of interest register to capture staff conflicts across the organisation
- review our policies covering media and consolidate into one policy
- review our Statement of Business Ethics.