From Tiffany's desk
The year 2019 is moving quickly.
We have already closed the 2019 Risk Management Benchmarking Survey to measure the maturity of entities’ risk management.
This insightful program measures how successfully risk management is integrated into every level of an entity’s daily and strategic work. While waiting for this year’s results, I note last year’s results found the Commonwealth is good at the fundamentals of risk management.
However, the lowest scoring risk elements continue to include developing a positive risk culture; maintaining risk management capability; and treatment of shared risk. Understandably, these more complex elements of risk management are the hardest to achieve.
Moving forward, my team and I will continue to work with Fund Members to address these elements through our education programs and risk services, noting that improvements in these low-scoring areas will take time.
To assist with improving the complex elements of risk management in the Commonwealth, my team delivers risk workshops for all levels and responsibilities.
I am attending the next SES – Leadership in Risk workshop, which will be an opportunity to meet like-minded individuals to share ideas and challenges.
There are still spaces available in workshops scheduled for 22 May, 13 June and 31 July, so feel free to register or let your SES officers know of the program and book them in.
Independent review
Last September, a review into the operation of the Public Governance, Performance and Accountability Act 2013 and Rule was tabled. The review highlighted the need to better manage and engage with risk. One recommendation was that accountable authorities should identify ways to embed effective risk management and engagement into their every-day policy and program work and incentivise officials at all levels to better manage and engage with risk.
Similar key themes from the PGPA Act review flow through to the APS Review which we are in the midst of. I eagerly await the release of the APS Review findings. After all, who wouldn’t be keen to future-proof the APS and, close to my heart, this review will contribute to informing the future of risk management in our sector.
Last November, review chair David Today AO delivered a speech that detailed his vision for the APS as “a strong Australian Public Service united in a collective endeavour”. His vision highlights the need for everyone in the APS to have a common purpose and clarity of their roles to enable best possible service to the Australian Government and the public. This is particularly important in our journey towards best practice risk management.
Looking ahead, I believe we must shift the culture of risk aversion to engaging positively with risk. This shift will promote innovation, flexibility and effective delivery of services. I’d like to see every Commonwealth department and agency practicing risk management and making it an integral part of their overall business. This will ultimately forge a change in risk culture and enable the APS to adapt to the future challenges of a modern, evolving environment.
Excellence awards
We will soon open applications for the annual Comcover Awards for Excellence in Risk Management. The awards are an opportunity to profile top-performing entities in the management of risk, providing examples for other entities to consider when improving their own practices. We now hold the awards annually to continue demonstrating how essential risk management is to the success of Australian Government entities.
All Comcover Fund Members can nominate for an award in the categories of Enterprisewide Risk Management and Risk Initiative.
Entities profiled in the Enterprisewide Risk Management category demonstrate how they have systematically embedded risk management into their business processes to show they have developed a high level of capability and risk maturity.
Entities showcased in the Risk Initiative category provide examples of the successful delivery of a key government program or service that demonstrates their ability to manage risk well.
Award nominations open in July 2019. For more information, please go to www.finance.gov.au.
We hope to continue to assist you as much as possible in increasing your insurance and risk capabilities. With that in mind, I welcome your feedback on Comcover Connect and encourage you to suggest potential articles for future issues.
Please email me at tiffany.karlsson@finance.gov.au or comcover@comcover.com.au with feedback and suggestions.
Tiffany Karlsson
Assistant Secretary
Risk and Claims Branch
Department of Finance
Floods swamp region
In late January 2019, Comcover assisted several Fund Members affected by flooding in far north Queensland.
The unprecedented rainfall in Townsville and surrounding areas was exacerbated by the forced release of water from the Ross River dam, resulting in extensive, prolonged flooding in the region.
Many properties in the city were impacted and there was substantial disruption to schools and businesses.
Townsville is a major regional centre with the Department of Human Services, the National Disability Insurance Agency, and the Australian Taxation Office having offices there.
The Department of Defence has barracks and training areas in the region and Defence Housing Australia has many residential properties supporting the large Defence community.
In addition to physical property assets at risk, other Comcover Fund Members had business operations impacted.
The Australian War Memorial was scheduled to start an installation at Townsville’s Pinnacles Gallery in early February however, because of the weather conditions, trucks carrying the exhibition were turned back to Brisbane and the installation unfortunately cancelled.
Using lessons learnt from other significant events, Comcover has identified that early notification of potential claims and prompt assessment of damage are the most important contributors to prompt repairs and ensuring usual business services are restored as soon as possible.
Once the scale of the Townsville floods became clear, Comcover implemented a proactive communication strategy, contacting Fund Members potentially exposed to offer mitigation advice and confirm the process for lodging claims quickly.
Comcover engaged north Queensland loss adjusters and assigned firms to specific Fund Members to assist with efficient assessment.
Comcover has received 50 claims so far and Fund Members are reminded to report any further potential incidents or claims as soon as possible.
Notify claims by forwarding a claim form to claims@comcover.com.au or complete the incident notification form in the Comcover Gateway on the Comcover Launchpad.
If you need assistance with lodging a claim, or would like to discuss matters about the floods, please contact your Comcover Relationship Manager on 1800 651 540 (option 3) or the Comcover Claims Team on 1800 651 540 (option 1).
Indigenous procurement policies – from little things big things grow
By Bevan Mailman and Brian Bero*
The Commonwealth Indigenous Procurement Policy (IPP) was launched on 1 July 2015.
IPP aims to create more opportunities for Indigenous businesses to grow and employ more people, and to stimulate private investment in new Indigenous businesses.
IPP’s start can be traced back to a Council of Australian Governments (COAG) meeting in 2008 where COAG set targets to ‘improve Indigenous health, education, employment, housing and contact with criminal justice and welfare systems across Australia’.
In summary, IPP sets:
- a target of three per cent of new domestic Commonwealth contracts to be awarded to Indigenous businesses
- mandatory requirements for procurement in remote areas and new domestic contracts from $80,000 to $200,000 (including GST) to give Indigenous small-to-medium enterprises the chance to demonstrate value for money first
- minimum Indigenous employment/supplier use requirements for contracts of more than $7.5 million.
Imparting rigour into the framework, Commonwealth entities must now check Supply Nation’s Indigenous Business Directory (www.supplynation.org.au) to identify suitable suppliers and entities are subject to IPP audits.
Further IPP updates include:
- From 1 July 2019, an additional target based on the value of contracts awarded will be introduced. The target is one per cent in FY20 and will increase by 0.25 per cent each year until it reaches three per cent in 2027.
- From 1 July 2020, Indigenous participation targets will be mandatory in high-value contracts across more specific industries. Details will be released soon and published on the PMC website.
Since IPP’s inception, more than $1.83 billion of contracts has been awarded to more than 1,473 Indigenous businesses. The outlook is positive when compared to the $6.2 million spent with Indigenous businesses before IPP’s implementation.
However, if IPP and similar initiatives are to fully meet their objectives, they must benefit all Indigenous Australians, including those living in remote areas, such as the Kimberleys, Arnhem Land, Cape York Peninsula, and the Torres Strait Islands.
Anecdotally, Indigenous companies are more likely to attract and employ Indigenous Australians and subcontract other Indigenous companies.
There have been success stories. Darwin-based Dice Australia has 35 per cent Indigenous employment and is training a new generation of Indigenous electricians. IPS Management Consultants has grown from three to 25 staff in just three years and is shaping the nation’s policies on Indigenous economic empowerment. PSG Group has more than 90 Indigenous suppliers on its books.
Linking the procurement value chain from the largest government departments to some of the remotest Indigenous communities is ground breaking. There is significant IPP growth with the Australian Government’s initiative to develop Northern Australia. About 70 per cent of the land to be developed is under some form of Indigenous title, so the nation is poised to shift dramatically.
In the spirit of the great Gurindj elder Vincent Lingiari, companies like Dice Australia, PSG Group and IPS Management Consultants and others will lead the change. But change will only happen in partnership with the nation as a whole.
*Bevan Mailman, a Bidjara man, and Brian Bero, a Meriam man, are principal lawyers and co-founders of Jaramer Legal. Jaramer Legal is a joint venture between 100 per cent Indigenous-owned firm Mailman Law and Norton Rose Fulbright. It is Australia’s first national majority Indigenous-owned commercial law firm. www.jaramerlegal.com.au
Events calendar 2019
| MAY | JUNE | JULY | AUGUST |
|---|---|---|---|
|
Executive pathway – SES leadership in risk – 22 May Entities receive benchmarking executive reports and access to Benchmarking Interactive Reporting Tool (BIRT) analysis available Comcover renewal questionnaire closes – 24 May Commonwealth Risk Managers’ Forum – For details and to register, email Frank.O’Donoghue@agriculture.gov.au Business Continuity Community of Practice – For details and to register, email Brendan Jones – BCMHelpdesk@ato.gov.au |
Generalist pathway – Practical risk management: More than just ticking boxes – 11–12 June Specialist pathway – Embedding risk management into an organisation’s DNA – 13 June (day 2) Executive pathway – SES leadership in risk – 13 June |
Executive pathway – SES leadership in risk – 31 July Specialist pathway – Embedding risk management into an organisation’s DNA – 30 July (day 1) |
Specialist pathway – Embedding risk management into an organisation’s DNA – 3 August (day 2) Generalist pathway – Practical risk management: More than just ticking boxes – 7–8 August |
TravelTracker keeps nuclear team safe overseas
All Comcover Fund Members can access TravelTracker, ISOS’s overseas travel itinerary tracking and communication tool.
TravelTracker can:
- support travellers and expatriates by preparing and educating them with pre-trip advisory emails
- support managers by alerting them when travellers are potentially impacted by incidents
- enable direct communication with travellers when incidents occur.
To learn more about TravelTracker and how it supports travellers, email Rebecca Byrnes at rebecca.byrnes@internationalsos.com.
More information on overseas medical and travel assistance is on the Department of Finance website.
The Australian Radiation Protection and Nuclear Safety Agency (ARPANSA) is the Australian Government’s primary authority on radiation protection and nuclear safety.
ARPANSA staff are highly regarded in the global scientific community and often travel overseas to conduct studies, assist in training, and participate in international working groups.
With growing safety concerns overseas, ARPANSA identified a need to ensure it could support its travellers in case of emergencies. It turned to TravelTracker – the online itinerary tracking and communication tool provided by International SOS (ISOS), the Commonwealth’s medical and travel assistance provider.
Rodger Tranter, ARPANSA’s Senior Regulatory Officer – Transport Security & Training Systems, spoke to Comcover Connect about how ARPANSA identified the need for additional support for overseas travellers and TravelTracker’s implementation and ongoing use.
- How long has ARPANSA been using TravelTracker?
‘We identified a gap in coordinating international travel after the November 2015 terrorist attacks in Paris. Deputy CEO Dr Gillian Hirth was in Paris at the time and we could not make timely contact with her to check on her welfare. That incident highlighted the need for ARPANSA to identify better ways to manage travel notifications and support staff while travelling overseas on official duty.
‘ARPANSA started using the ISOS Travel Assistance app and TravelTracker in late June 2016. The first test subject was CEO Dr Carl-Magnus Larsson, who used the app during a European trip and was impressed by its ease of use and the level of communication it enabled. With his glowing acceptance, it was easy to instigate the app’s use with all staff.’
- What was ARPANSA’s experience with the implementation process?
‘I met ISOS’s Canberra team who gave a full brief on the system’s capabilities and how best to use it, along with the reporting we could generate.
‘We had some minor teething issues – mainly from the interface between travel provider QBT and ISOS. Those were quickly rectified by ISOS and QBT support.
‘Staff were a little hesitant initially, however that was quickly overcome by showing them what information was available on TravelTracker and how individuals’ privacy was maintained.
It was important to share with staff how the app could help them and their families in times of need and provide general safety and well-being information.
‘For example, if a staff member found a safe bar or restaurant in an overseas destination they could let us know easily.
We could pass the information to other travelling staff and recommend it as a safe place to visit.’
- Which areas in ARPANSA administer and use TravelTracker?
‘TravelTracker is managed jointly through ARPANSA’s Agency Security Group in Sydney and the Work Health and Safety (WHS) coordinator based at the Yallambie campus in Victoria. ARPANSA is a small agency with 135 staff, but several are eminent in the global scientific community and regularly travel to wide and varied destinations around the world. As the Alternate Agency Security Adviser, I’m responsible for managing travel risks so agency security plays a major part in using the system.
‘Part of the reporting we have established with ISOS is a weekly report of all staff who are in remote locations or on international travel duty, up to a month out from travel. The report is emailed weekly to all on-call duty officers as a ready resource. It creates an understanding of where staff are in case major events occur. The information is emailed to travelling staff members’ managers to ensure they comply with ARPANSA policies for use of the app and WHS travel.’
- How effective is TravelTracker in practice?
‘The system works perfectly when staff are educated on its use, disciplined in regularly using the check-in function, and understand how and when to use the app. There are some great features where we can verify travellers’ safety, for example, if they are slow to check in, we have used the message email function. Staff particularly love the robo voice that wakes them up.’
- Anything unusual or interesting from your experience using TravelTracker?
‘As with any GPS technology, there are times when a signal loss occurs and TravelTracker has given a staff member’s location after using the check-in function of 0 degrees latitude (the Equator) and 0 degrees longitude (the Prime Meridian).
The intersection of those coordinates is in the Atlantic Ocean, in the Gulf of Guinea, off the coast of Ghana in Western Africa. That certainly raised the tension in the room the first time it occurred before we could clarify the location.’
Comcover Insurance Community of Practice launched
The diverse and often complex nature of work conducted by Comcover Fund Members presents challenges in effectively understanding and managing insurable risks.
Those challenges can be mitigated through collective problem solving, sharing knowledge and experience, and cultivating best practice. Recognising the benefits of a specialist forum, Comcover’s Policy and Engagement team hosted the inaugural Insurance Community of Practice on 28 February 2019.
The forum attracted insurance contacts from a broad spectrum of entities. Fund Members were encouraged to lead discussions by sharing experiences and discussing challenges their entities face.
The aim of debating issues in a confidential forum was to assist the understanding of issues impacting on the Commonwealth and spark ideas for participants about best practice and innovation.
The forum encourages attendees to discuss aspects of cover offered by the Fund and opportunities to improve knowledge and capability through Comcover’s education program.
To support the new forum, Comcover has developed a collaborative space in GovTEAMS. The Community of Practice GovTEAMS site will provide an online chat option for Fund Members to connect with Comcover and other entities to ask questions and share ideas.
The Community of Practice will become a quarterly event with future forums planned for August and November 2019.
If you have questions about the Community of Practice, please contact your Comcover Relationship Manager on 1800 651 540 – option 3 – or email comcover@comcover.com.au.
GovTEAMS is a digital collaboration service that brings together tools to enable the Australian Public Service to better connect, share and work together across entities. GovTEAMS was launched on 1 January 2019 and is supported by the Department of Finance.
To register go to GovTEAMS website.
Once registered, you can access the Comcover GovTEAMS area.
Dispute resolution during caretaker period
by Paul Vermeesch, Deputy Chief Solicitor Dispute Resolution, Australian Government Solicitor
The Australian Government has announced a federal election on 18 May 2019.
The government is now in the caretaker period pending the election’s outcome. The caretaker conventions recognise that, in our system of representative democracy, it is appropriate the government of the day exercises some constraint during the caretaker period, given the possibility of a change of government.
The conventions are set out in the Australian Government’s Guidance on caretaker conventions (Department of the Prime Minister & Cabinet (PM&C) 2018). The conventions are not legally binding, nor hard-and-fast rules. Their application in individual cases requires judgement and common sense. Each Commonwealth entity is responsible for compliance with the caretaker conventions.
Ultimately, responsibility rests with the entity head. If an entity refers a matter to the relevant minister, it is up to the minister to decide whether to consult the shadow minister.
Generally, the Commonwealth’s conduct of dispute resolution rarely involves actions of the kind constrained by the caretaker conventions (major policy decisions, significant appointments, and major contracts or undertakings).
Guidance is set out in Guidance Note 6: Dispute resolution during caretaker period (Office of Legal Services Coordination (OLSC), Attorney-General’s Department, June 2018). Guidance Note 6 makes the critical point that the caretaker conventions do not displace obligations to courts or tribunals or obligations set out in Legal Services Directions 2017, including requirements to protect the Commonwealth’s interests, deal with claims promptly, not cause unnecessary delay in handling claims and litigation, and minimise litigation costs.
Common sense observance of the conventions in conducting dispute resolution can be assessed against the following considerations (among others): courts and tribunals are not constrained by the caretaker conventions; subject to overriding considerations about administration of justice between parties, courts are required to ensure litigation is conducted without undue delay or expense, consistent with the public interest in achieving the most efficient use of court resources.
Tribunals generally have similar obligations imposed by statute.
The Commonwealth’s legal obligations to the courts or tribunals include conforming with court and tribunal orders; and the overarching purpose for conduct of civil litigation imposed by statute in most jurisdictions, which is to facilitate just resolution of disputes in courts according to law and as quickly, inexpensively and efficiently as possible.
Similar obligations are generally imposed by statute on parties to tribunal proceedings.
Depending on the length of the caretaker period, those legal obligations can affect the Commonwealth’s capacity to observe caretaker conventions in conducting dispute resolution.
The Government Division in PM&C and OLSC can provide further guidance about applying the conventions in particular cases.
Handling public interest disclosures and related legal claims
by Catherine Mann, Senior Executive Lawyer, Australian Government Solicitor
The Public Interest Disclosure Act 2013 (PID Act) encourages disclosure of information about suspected wrongdoing by protecting public officials from adverse consequences associated with the information’s disclosure.
The Act has been operating for more than five years and continues to generate interest among entities, particularly its intersection with employment issues and claims.
There is a high degree of overlap between public interest disclosures (PIDs) and employment issues. PIDs provide a mechanism for public officials who suspect wrongdoing in the Commonwealth public sector to raise their concerns. The latest Commonwealth Ombudsman’s Annual Report identified that ‘conduct that may result in disciplinary action’ was the largest category disclosed in 2017-18.
Consequently, effectively managing PIDs is critical for legal claims due to the intersection with other parts of the legal system, including court proceedings for reprisals (legal action) for PIDs, general protection claims under the Fair Work Act 2009, and other employment related claims that intersect with PIDs, for example, when an entity is managing the conduct of an employee who has made a PID.
There are no decided cases on key issues arising under the PID Act, only a few decisions on preliminary or procedural issues. However, there are lessons entities can learn from experiences since the Act’s implementation, including effective management of PIDs, avoiding legal claims, and fulfilling legislative obligations.
Recognise PIDs
In general, the PID Act does not require an entity to consider whether a disclosure is ‘serious’ before deciding if it is a PID. If a disclosure meets the PID requirements, it needs to be processed under the PID Act. However, the principal officer or delegate of the entity to which a PID has been allocated can decide not to investigate the PID, if it is not about serious disclosable conduct.
Failing to identify a PID or deciding a serious complaint is not a PID can expose an entity to legal consequences.
Misidentification can expose an entity to legal claims for possible reprisals, breaches of secrecy provisions under the PID Act, and criminal offences for reprisals.
Explore alternatives
If a PID has been allocated to an entity, it does not lock the entity into a time-consuming, expensive investigation of trivial or unmeritorious allegations.
In every case, but particularly where allegations appear trivial, entities should explore alternatives to extensive PID investigations. Alternatives include:
- declining to investigate if another investigation is in progress or completed
- declining to investigate if a PID does not reasonably concern serious disclosable conduct, or
- conducting a short-form PID investigation.
A short-form PID investigation is formally referred to as a preliminary or quick assessment for situations where an investigator considers whether there is sufficient evidence of misconduct to warrant starting a formal misconduct
investigation process. A short-form PID investigation can be a good option if a PID involves allegations of misconduct by an employee.
Short-form PID investigations may be conducted ‘on the papers’, without any interviews. One can be done immediately after a PID’s allocation by the entity head or authorised officer. If there is sufficient evidence of misconduct, the short-form PID investigation can recommend a misconduct process be started. If not, the investigator can prepare a short PID report recording their reasons for not pursuing the matter further.
There are several advantages to a short-term investigation approach, including less stringent compliance with some PID Act requirements for investigations. For example, requirements on what witnesses must be told at PID interviews and requirements for Public Service Act 1999 code of conduct investigations (section 53(5) of the PID Act). Under that aproach, people alleged to have engaged in misconduct do not need to be given an opportunity to comment, provided the PID report contains no findings adverse to them.
However, entities should remember protections under the PID Act continue to apply, for example, the discloser’s protection from reprisals, meaning witnesses in a subsequent misconduct investigation may need to be advised of that protection.
Exercise care before telling a PID subject
There are provisions in the PID Act (sections 20 and 65) that do not authorise disclosure to the person accused of wrongdoing. That is because the PID Act does not automatically require a PID subject to be informed about a PID. What can be disclosed depends on what is required to discharge procedural fairness obligations. Requirements for procedural fairness are not fixed, as the PID Act does not directly address them. Consequently, common law (judge- made law) principles apply. Telling the subject of a PID about a PID without exercising care can increase the risk of reprisal.
Options to limit legal proceedings
The Federal Court and Federal Circuit Court have the power to summarily dismiss PID Act proceedings, including on the basis there is no reasonable prospect of success. That power has been used to dismiss proceedings actioned in reliance on a ‘disclosure’ that was not a PID because it was made before the PID Act, as outlined in a precedent set in Clement v Australian Bureau of Statistics [2016] FCA 948.
However, in Hutchinson v Comcare (No 2) [2018] FCA 1179, the Federal Court declined an attempt to dismiss a claim without notice, finding the respondent had not established there was no reasonable prospect of success or the claim was an abuse of process, despite some issues having been raised by the applicant in previous litigation.
The court considered the respondent had not engaged specifically enough with the applicant’s allegations, even while acknowledging that would have been a large task made more difficult by the manner in which the applicant had presented the material on which she relied.
The case illustrates the difficult strategic choice between containing costs by attempting to have a claim summarily dismissed, yet engaging sufficiently to meet the high bar for summary dismissal.
Watch this space
On 15 July 2016, Philip Moss AM delivered a Review of the Public Interest Disclosure Act 2013. The review recommended changes to the Act, including excluding personal employment-related grievances from the PID scheme unless they were systemic or involved reprisal, and including an explicit requirement for procedural fairness.
The Australian Government has not yet responded to the review’s recommendations.
View the PID Act review at www.pmc.gov.au/resource-centre/government/review-public-interest-disclosure-act-2013.
2019 Comcover education program
Comcover’s SES Leadership in Risk pathway has been refreshed to include a greater focus on the importance of leadership considering key themes raised in the Independent Review of the Public Governance, Performance and Accountability Act 2013 and the Australian Prudential Regulation Authority’s inquiry into the Commonwealth Bank of Australia.
The pathway includes how executives manage and engage with risk and build positive cultures through leadership.
The pathway has a dynamic new focus to help the SES cohort build risk management capability and further develop leadership skills needed to engage with risk in innovative and positive ways.
Places are still available for Leadership in Risk sessions on 22 May and 13 June.
Registrations open for generalist, specialist programs
Comcover is taking registrations for the 2019 Risk Management Education Generalist and Specialist programs.
Practical risk management: More than just ticking boxes – eLearning (2-4 hours) and its two-day workshop provide learning and resources to help actively manage risk in the workplace, for example, managing risks associated with project or program delivery.
Embedding risk management into an organisation’s DNA (two-day workshop including a workplace project) is designed for specialists required to design and implement an entity’s risk management framework.
2019 dates:
|
Generalist |
Specialist |
|---|---|
|
11-12 June |
14 May |
|
- |
12 June |
ANAO audit review – cyber resilience
Malicious cyber attacks are on the rise in Australia with cyber security and building cyber resilience now a strategic priority for the public sector.
Cyber resilience is the ability to continue to provide services while preventing and responding to cyber attacks. In June 2018, the Australian National Audit Office (ANAO) released its report Cyber Resilience No 53 of 2017-18 reviewing the effectiveness of managing cyber risks. It was the fourth recent audit about managing cyber risks.
The audit centred around compliance with the guidance material, Strategies to Mitigate Cyber Security Incidents on how entities can address cyber security. The guidance recommends eight cyber security strategies to assist entities make their information and communications technology (ICT) environment more secure. Of the eight, four are mandatory:
- application whitelisting
- patching applications
- patching operating systems
- minimising privileged user access.
Overall, the audit found entities have low levels of effectiveness in managing cyber risk. Most entities were considered to have partly effective arrangements. The audit found entities did not follow a risk-based approach to prioritise improvements to cyber security and their cyber security strategies focused on short-term operational needs rather than long-term objectives.
The report outlined key learnings that may improve cyber resilience across the Commonwealth about governance and risk management. In essence, the report highlighted the need for a continued focus on managing cyber risks.
The report recommended all entities self-assess the top four cyber security risk mitigation strategies against the Protective Security Policy Framework.
Entities are encouraged to manage cyber risks systematically, through assessing the effectiveness of their controls; security awareness training for staff; and adopting a risk-based approach to prioritising improvements to cyber security.
ANAO also recommended entities establish a business model and ICT governance that incorporates ICT security into strategy, planning and service delivery.
The full report is on the ANAO website.
For more information on cover provided by Comcover, please review the fact sheet How the Comcover Statement of Cover responds to cyber security events.
For guidance on managing cyber risk, please contact your Comcover Relationship Manager on 1800 651 540 (option 3) or email comcover@comcover.com.au.
Resource notebook
At times, entities enter into contracts, agreements, deeds and understandings that include indemnity clauses which may extend the Commonwealth’s liabilities.
It is important indemnity provisions are appropriately evaluated in accordance with Commonwealth policy, rules and guidelines, and risks about indemnity clauses are appropriately managed.
Comcover has several resources to help Fund Members identify, understand and manage indemnities.
Factsheet
Comcover’s indemnities factsheet details the principles of Comcover’s position for indemnities granted by Comcover Fund Members. The factsheet highlights instances where cover is automatically provided.
It also highlights conditions where Comcover will not pay for a liability arising out of an indemnity, unless the following conditions are met:
- The liability would have arisen in the absence of the indemnity (for example, under common law) or
- The indemnity is within a contract, deed or other document entered into before 1 July 2004 or
- Australian Government guidance, Resource Management Guide No 414 - Indemnities, guarantees or warranties granted by the Commonwealth (RMG 414), on issuing and managing indemnities has been followed.
eLearning
Recognising that identifying, assessing and managing indemnity clauses is complex, an eLearning module, Managing indemnity risk, is available to help Fund Members better understand the risks.
The module provides detailed information on what indemnities are and guidance material to consider when assessing indemnities. The module also focuses on making informed decisions where there is a balanced assessment of benefits, costs, risks and opportunities in the context of an entity’s operations.
The module contains practical examples of the decision- making process and illustrates when to accept or not accept an indemnity, as outlined in RMG 414.
The Managing indemnity risk eLearning module is on the Comcover Learning Centre > Generalist pathway > Managing indemnity risk.
The factsheet can be viewed on the Department of Finance website.
A full list of resources, including advice circulars, Comcover Connect newsletters, information sheets, and FAQs, is on the Department of Finance website.
If you have questions about indemnities, please contact your Comcover Relationship Manger on 1800 651 540 (option 3) or email comcover@comcover.com.au.
Superannuation complexities exposed
Rosalie Byrne and Melanie McKean from Ashurst presented at the first Comcover Legal Seminar Series for 2019 on complexities that arise when calculating superannuation salaries.
Entities need to consider superannuation legislation; terms and conditions in individual enterprise agreements; individual arrangements; and superannuation choice decisions when calculating Commonwealth superannuation salaries.
Other things that can impact on superannuation calculations include changes to employees’ terms and conditions arising from machinery-of-government changes and other administrative rearrangements.
No simple formula can be applied. Entities need to understand:
- Their enterprise agreement, which is the starting point for considering what allowances are included in superannuation salaries.
- The legislative framework, including legislation and regulations dealing with whether particular allowances form part of an employee’s superannuation salary.
- The strengths and limitations of automated systems and procedures.
There are several common areas of risk when applying enterprise agreements and the superannuation framework to individual employee calculations. They include:
- changes to and misunderstanding enterprise agreements
- failing to properly consider allowances’ nature and purpose
- failing to consider applicable legislation
- entities’ cultural practices
- systems issues
- issues of interpretation, such as disagreement about whether a particular allowance meets requirements in the legislative framework.
There are potentially serious financial, legal and reputational consequences for entities when errors occur. It is important entities have processes in place to identify and rectify mistakes promptly and focus on implementing proactive strategies to mitigate the risks of incorrect calculations in the first instance.
Statement of Cover – Business Interruption
The Comcover Fund provides business interruption (BI) cover to Fund Members that have suffered losses as a direct result of an insurable property loss or other circumstances where a Fund Member’s usual business operations have been interrupted.
General overview of property damage cover
The property section of the Comcover Statement of Cover provides worldwide cover for property that is lost, destroyed or damaged up to an amount declared in the Fund Member’s Assets Schedule in the Comcover Gateway.
The cover is for all reasonable costs incurred, including legal, engineering and surveying costs, and additional expenses, subject to terms and conditions as defined in the Statement of Cover.
Business interruption cover
BI is a sub-class of the property cover that responds where business operations are interrupted because:
- a notified event has triggered Section 8 property of the Statement of Cover
- additional expenses, or increased costs of working, are incurred by the Fund Member, and
- Comcover has agreed to indemnify the notified event.
Once BI has been confirmed, cover is available for losses such as, but not limited to:
- loss of revenue, excluding revenue derived from Australian Government sources
- additional costs incurred for the specific purpose of resuming or maintaining normal business operations up to the agreed sum and the specified indemnity period (usually 24 months)
- breach of contract, where a Fund Member has failed to deliver on agreed contractual obligations as a direct result of the notified event
- any reasonable legal expenses or professional fees, relevant to the notified event.
Case study – how BI works
The following scenario provides an overview on how Section 8 property of the Statement of Cover responds to a storm damage claim and then how Section 11 BI might respond.
A significant weather event with substantial rain and hail occurs during a weekend. Hail builds up on the roof of a building leased by your entity and eventually blocks the stormwater gutters. Water ingress causes significant damage to ceilings, walls, floors, furniture, computer equipment and electrical infrastructure on several floors.
You arrive on Monday morning to discover the damage. The property manager determines the building is unfit for occupancy and access is prevented. As your entity’s primary insurance contact, you notify the Comcover Claims Team. You receive confirmation the damage to your entity’s property will be covered and Comcover has approved a loss assessor to review the damage in accordance with Section 8 property of the Statement of Cover.
After three days, your entity establishes temporary operations in a building next door until repairs to the primary business location can be completed.
Will this property damage claim trigger the BI section of the Statement of Cover? Yes, subject to specific terms and conditions.
How and why? The BI section of the Statement of Cover was triggered when Comcover accepted indemnity for the property claim and your entity started to incur additional costs to resume normal business operations.
What could potentially be claimed under the Statement of Cover? The decision to prevent access to the building and implement a temporary arrangement in another building may result in additional or increased costs of working, such as:
- additional costs for leasing alternative temporary premises and equipment
- staff or contractor overtime allowances to catch up on work unable to be completed in the three days where the entity could not operate
- security guards to protect either property, if necessary.
As well as claiming those items under the Statement of Cover, check your entity’s lease agreement with the property owner for rent abatement.
Important reminders
Approved property claims are settled for a sum no greater than the amount declared in a Fund Member’s Asset Schedule in the Comcover Gateway on the Comcover Launchpad. If BI cover is required, a Fund Member must elect to take cover as part of the annual renewal questionnaire.
There are standard cover terms for BI of $100 million for a maximum indemnity period of 24 months. If additional cover is required, a business case must be prepared and submitted to Comcover for consideration. Details of your entity’s BI cover are shown on your entity’s Schedule of Cover available in the Comcover Gateway on the Comcover Launchpad.
It is important that Comcover insurance contacts contribute to their entity’s business continuity plans and internal processes and procedures that would be initiated in circumstances where business operations may be impacted.
If you have questions about BI cover, please contact your Comcover Relationship Manager on 1800 651 540 (option 3) or email comcover@comcover.com.au.
The Comcover Statement of Cover 2018-19, frequently asked questions, and fact sheets are on the Department of Finance website and in the Comcover Gateway on the Comcover Launchpad.
