LIGHTHOUSE PRINCIPLE: ETHICS
(based on ASX Principle 3)
High standards of conduct are instilled
Protecting the reputation of the Audit Office is vital to ensure our credibility and to maintain public trust in what we do. To do this we foster a culture that instils ethical behaviour. Integrity, independence and respect are embedded in our core values of purpose, people and professionalism. These core values, and the NSW Public Sector values of integrity, trust, service and accountability, are the foundation of our Code of Conduct.
In support of our Code of Conduct, the Audit Office’s ethical framework includes policies covering conflicts of interest, gifts and benefits, diversity and inclusion, a respectful workplace, compliance, performance management, and privacy management.
During induction, all new staff are trained on the Audit Office’s ethical framework before signing the Code of Conduct and completing a Conflict of Interest declaration. These sign-offs are completed annually thereafter.
As part of post induction training, and to support the annual sign-off, all staff are required to complete an online training module before signing the Code of Conduct. We also have a Statement of Business Ethics which provides guidance for third parties when doing business with the Audit Office. The statement is available on our website and is included in our audit service provider manual and contracts.
In 2017-18, we:
- reviewed and updated our Conflict of Interest Policy to incorporate an expanded focus on professional independence for auditors
- developed a central process for capturing conflicts of interest and threats to professional independence
- updated our Gifts and Benefits, Conflict of Interest and Secondary Employment registers to improve how we capture and report the data
- undertook a self-assessment of our Code of Conduct against the Public Service Commission’s Code of Conduct
- reviewed our Statement of Business Ethics to ensure it captures key aspects of the Code of Conduct.
The Audit Office is committed to protecting individual privacy and managing personal information in accordance with the Privacy and Personal Information Protection Act 1998 (Privacy Act) and the Health Records and Information Privacy Act 2002 (Health Records Act). As required by the Privacy Act, the Audit Office has a Privacy Management Plan that sets out how we manage personal information in line with the Privacy Act and health information under the Health Records Act. The plan was reviewed and updated during 2017-18. The revised plan can be accessed on our website.
Prevent, detect and respond to fraud
The Audit Office has a zero tolerance for fraud and is committed to minimising the incidence of fraud by implementing and regularly reviewing strategies that prevent, detect and respond to fraud. No instances of suspected fraud against the Audit Office were detected during 2017-18.
In 2017-18, we finalised the biennial fraud risk assessment using a newly developed standard template. The results of the risk assessment show the Audit Office has strong and effective internal controls to minimise the risk of fraud. The outcomes from the fraud risk assessment were fed into our fraud control plan.
The Audit Office has many compliance obligations including legislation, central agency directions, standards and codes. To meet these obligations, our compliance program promotes the importance of compliance to all staff, identifies obligations and responds to non-compliance.
The Audit Office’s compliance framework is based on International Standard ISO 19600-2015 Compliance Management Systems – Guidelines, and includes:
- a Compliance Policy, updated in 2017-18
- a Register of Compliance Obligations that includes a risk assessment formally reviewed by the Office Executive
- annual verification of compliance through the newly developed Management Control Questionnaire
- financial and performance audit methodologies mapped to professional standards and legislation
- regular management reviews and reporting to the Office Executive and Audit and Risk Committee.
In 2017-18, we continued to maintain our centralised policy register which captures key internal policies and ensures policies are up-to-date and remain relevant.
The year ahead
In 2018–19, we will:
- finalise the biennial fraud control health check and action any areas for improvement
- roll out the new process to capture Conflict of Interest and Professional Independence declarations
- refresh the compliance register to provide a more concise document
- combine the compliance and policy registers.