Comcover Connect - Issue 16

Hello Comcover Connect readers.

I recently received the reins from Tiffany Karlsson as Manager of Comcover and Assistant Secretary of the Risk and Claims Branch.

I am looking forward to working with you to improve the Commonwealth's risk management capabilities. Before taking up this post, I spent most of my career working in the health portfolio with a strong health financing focus. I joined Budget Group at the Department of Finance in 2015 and enjoyed five budget cycles before moving to Comcover.

Given I am new to the role, it is the perfect opportunity for me to remind you of things that are new to me and have impressed me about the support you can access from Comcover.

For example, in this issue we present the 2019 Risk Management Benchmarking Program results, providing a snapshot on how effectively Commonwealth entities are integrating elements of the Commonwealth Risk Management Policy into business operations.

For Comcover, the results offer valuable insights into what is working well and which elements need more attention across the Commonwealth. The program also enables

Fund Members to identify their top current and emerging risks.

A notable emerging risk identified in the 2019 results is technological risk, which has steadily increased as a high priority for entities in the past several years. For the first time, Fund Members identified technological risk as the highest priority emerging risk – reflecting our dependence on IT and the significant impact of disruption to how we do business.

A factsheet outlining how the Comcover Statement of Cover responds to cyber security events is available on the Comcover website. Comcover will explore this emerging issue with Fund Members over the next year.

Another reminder – Comcover is here to help entities improve their risk management capabilities. Comcover delivers risk workshops for all levels and responsibilities. I attended the last SES Leadership in Risk workshop and found it to be a great opportunity to share ideas and challenges in risk management with SES colleagues from across government.

All Comcover workshops are equally informative and a great way to network with your peers. I encourage you to review Comcover's education program and promote both the online training and workshops within your entity.

Awards for Excellence

The Independent Review of the Public Governance, Performance and Accountability Act 2013 highlighted the importance for all entities to reward effective risk engagement and encourage learning from failure.

In that vein, Comcover's annual Awards for Excellence in Risk Management recognise and reward Commonwealth entities that exhibit excellence in risk management practices and have systems that support innovation and improved decision making.

On 6 November 2019, we will recognise worthy entities for their outstanding contributions to risk management in the APS. All Fund Members are welcome to come and learn from others at this lunchtime event. Registration is available through the Comcover Learning Centre. Information about the awards is on the Department of Finance website.

The awards ceremony will also give me an opportunity to meet Fund Members. I look forward to seeing you all in November.

Gareth Sebar
Assistant Secretary
Risk and Claims Branch
Department of Finance

What is Comcover doing with GovTEAMS?

GovTEAMS provides a secure online collaboration space where members can create online communities to work across agencies, tiers of government and people outside the public sector.

Comcover has built several collaborative spaces using the GovTEAMS platform that enable team members to ask questions, share ideas, browse resources and network with no need to leave their desks.

Current Comcover GovTEAMS are:

• Insurance Community of Practice
• Commonwealth risk managers’ forum
• Chief risk officers’ forum.

Comcover invites potential team members to register and start collaborating. To register, go to www.govteams.gov.au.

The fifth year of Comcover's Risk Management Benchmarking Program has wrapped up.

Participating Fund Members have received their executive reports and access to all 2019 results through the Benchmarking Interactive Reporting Tool (BIRT). The reports identify Fund Members' current risk capabilities and highlight areas where improvements can be made. The reports also provide a risk maturity comparison against a nominated community of practice and a self-select group.

2019 Benchmarking results

The 2019 results are positive, indicating gradual, yet consistent improvement in risk management capabilities across the Commonwealth. The results show more than 80% of participating Fund Members achieved an overall risk maturity state of Integrated or above. That is a 12% improvement in overall capability since 2015.

The table below shows the increase in overall maturity and the increases in element maturity over the five years of the program.

The concepts underpinning each policy element range in complexity, so variance between capability levels across the element results is to be expected. Risk management practices should be fit for purpose in varying contexts and environments. Not all Fund Members should work towards an 'optimal' maturity level. Entities should pick a target level of capability that best fits their operations and goals.

Higher scoring elements

The program's key findings consistently show the strongest risk maturity in the 'foundation' elements of the Commonwealth Risk Management Policy are:

1. establishing a risk management policy
2. embedding systematic risk management into business processes
3. defining responsibility for managing risk.

Lower scoring elements

The more complex elements of risk management remain the hardest to increase in overall capability:

1. maintaining risk management capability
2. understanding and managing shared risk
3. developing a positive risk culture.

The lower scoring elements are more complex because they are more reliant on human factors, such as managing capability and capacity, which can take time to influence and change. On the upside, while these elements have been the lowest scoring throughout the program, they have also had the largest increases in maturity. For example, since 2015, understanding and managing shared risk has increased in maturity by 29%.

Top sources for risk

While current and emerging sources of risk remain largely consistent each year, 'service and/or program delivery' risk has overtaken 'financial' risk for the first time as the highest priority current risk category.

For the first time, technological risk was rated as the top emerging risk. Political risk also featured highly in emerging risk, perhaps influenced by the survey period coinciding with the lead up to a federal election.

The Key Findings Report contains further analysis on the program and insight into how Fund Members are performing on a whole-of-fund basis.

The report is on the Department of Finance website.

If you have questions about the benchmarking program or would like to discuss your entity’s benchmarking results, please contact Comcover’s Risk Management Team on 1800 651 540 (option 4).

Directors & officers' (D&O) cover provides protection to individuals and Fund Members who are alleged to have committed wrongful acts while conducting their employment duties.

Who are directors and officers?

For Comcover purposes, section 13 of the Public Governance, Performance and Accountably Act 2013 defines directors and officers as:

1. An official of a Commonwealth entity (other than a listed entity) is a person who is in, or forms part of, the entity.
2. Without limiting subsection (2), an official of a Commonwealth entity (other than a listed entity) includes:
   1. a person who is, or is a member of, the accountable authority of the entity; or
   2. a person who is an officer, employee or member of the entity; or
   3. a person, or a person in a class, prescribed by an Act or the rules to be an official of the entity.

Scope of cover

The breadth of D&O cover under the Comcover Statement of Cover is extensive and may respond to the following examples of wrongful acts, subject to the defined terms and conditions of cover:

• a director's or officer's failure to conduct their legal duties and responsibilities
• breaches of duty by directors or officers
• workplace harassment of employees
• any form of discrimination
• wrongful or unfair dismissal, discharge or termination of employment relationships in a manner that is against the law
• denial of natural justice to employees
• wrongful refusal to employ potential employees
• defamation from employment-related matters
• unfair demotion, failure to promote, unfair deprivation of career opportunity, wrongful discipline, negligent evaluation, or failure to grant tenure
• misleading representation or advertising about employment in organisations.

A list of what Comcover will indemnify is in sections 7(4) to 7(6) of the Statement of Cover.

What isn't covered?

Exclusions to D&O cover include:

• claims made against directors or officers for injury or illness of any person or loss of, damage to, or destruction of any physical property
• claims made against directors or officers that arise from their improper use of inside information or position to gain a personal advantage for themselves or someone else
• deliberately causing detriment to themselves or another person and claims alleging willful breaches of duty to the organisation or breaches of professional duty.

A complete list of all exclusions is in section 7(7) of the Statement of Cover.

More information

If you have questions about D&O cover, please contact your Comcover Relationship Manager on 1800 651 540 (option 3) or email comcover@comcover.com.au.

The 2019–20 Comcover Statement of Cover is on the Department of Finance website and in the Comcover Gateway on the Comcover Launchpad.

Comcover provides cover to Fund Members for insurable losses, subject to the terms and conditions of the Comcover Statement of Cover.

Comcover collects sufficient premiums from member entities to meet its obligations to pay about 5,400 Fund Member insurable loss claims each financial year.

Premiums are apportioned between all Fund Members based on risk exposure information reported in the Comcover Renewal Questionnaire, assets disclosed in Fund Members’ asset schedules, and claims histories.

1. Comcover Renewal Questionnaire – initial data collection

Comcover collects information from Fund Members on their risk exposures early in the renewal process through the Renewal Questionnaire. The questionnaire is now open to Fund Members through the Comcover Gateway on the Comcover Launchpad.

The first collection of information informs the indicative premiums released in March.

2. Establishing the premium pool and calculating indicative premiums

Comcover determines the premium pool or the total premium to be collected from Fund Members. The pool is calculated using the risk premium information by class of cover determined by Comcover’s actuary, then adding Comcover’s operational costs to manage the Fund.

The pool is normally finalised by February and remains unchanged for the entire renewal cycle.

Fund Members’ indicative premiums are calculated using a model that factors information collected from the questionnaire, asset schedules, and claims histories.

Indicative premiums provided in March are a guide to the estimated premium payable for the upcoming policy year to help Fund Members budget appropriately.

There may be variations based on information provided during the second information gathering in May and June.

Annual Comcover renewal process snapshot

3. Fund mem3. ber visits

After indicative premiums are distributed, Comcover Relationship Managers visit Fund Members to discuss the renewal process and any outstanding issues Fund Members would like to discuss.

4. Comcover Renewal Questionnaire – final data collection

The questionnaire reopens in April to enable Fund Members to update or edit any information from the initial information- gathering process.

The questionnaire closes in late May to enable any changes from the Federal budget to be included.

Data captured during that process is used to calculate final premiums. Asset schedules on the Comcover Gateway must be up to date because that informs the premium for the property class of cover.

5. Establishing final premiums

Once the questionnaire has closed for the second time, there are no further opportunities for Fund Members to amend their information. Information provided in the second questionnaire snapshot is used to calculate final annual premiums and invoices are issued to Fund Members at the start of the new financial year.

Can asset schedules and or any data recorded on the Comcover Gateway be changed once premiums have been invoiced?

Yes. The Comcover Gateway is available 24 hours a day, seven days a week through the Comcover Launchpad. Fund Members can log in as many times as they want to make changes at any time. Those changes will not impact on the

current year’s premium once issued. It is important that asset and expatriate data is kept current in case of a claim. If an asset or expatriate is not listed on the appropriate schedule, the loss will not be covered.

If you have questions about the Comcover renewal cycle, please contact your Relationship Manager on 1800 651 540 (option 3) or email comcover@comcover.com.au.

The Comcover Statement of Cover, Frequently Asked Questions and Fact Sheets are on the Department of Finance website, and in the Comcover Gateway on the Comcover Launchpad.

The 2020-21 Renewal Questionnaire is now open in the Comcover Gateway on the Comcover Launchpad.

The Comcover Awards for Excellence in Risk Management recognise exceptional and inspiring examples of risk management and demonstrate how essential risk management is to the success of Australian Government entities.

On 6 November, Comcover will recognise entities for their outstanding contribution to risk management at an awards ceremony. Event registration is available through the Comcover Learning Centre.

For information about the awards, see Department of Finance website.

The Independent Parliamentary Expenses Authority (IPEA) received an Honourable Mention in the Enterprise-Wide Risk Management category at the 2018 Comcover Awards for Excellence.

IPEA has an important role in the integrity framework for government. IPEA supports current and former parliamentarians in exercising their parliamentary functions, and creating a culture of accountability and transparency in the provision and use of parliamentary work expenses.

IPEA’s governance framework recognises seven priority risks.

It focuses on establishing a culture of integrity and risk awareness, which inspired IPEA’s ‘curious conversations’, designed to translate priorities into concrete actions for staff.

IPEA officials participate in regular ‘curious conversations’ to bring risk management to life in their daily work.

Each conversation features a hypothetical, ethical scenario and questions for staff to ponder as teams or individuals. All IPEA staff have regular stand-up sessions to discuss issues, challenges and risks presented by the scenarios.

IPEA curious conversations - a case study

Robert’s coffee conundrum

Robert manages IPEA’s information and communications technology (ICT) contracting arrangements and sources IT specialists via private sector recruitment agencies.

To stay across the market, Robert has regular contact with consultants. He has a telephone chat every fortnight and sometimes meets recruitment consultants for coffee.

Robert always pays for his own coffee – he’s aware of the policy relating to gifts and benefits. Once he even paid for a recruitment consultant’s coffee when she left her purse back in the office – Robert is nice like that.

Robert arranged a coffee catch up with Danielle from First ICT Solutions. When he arrived at the café, Danielle was already there with two coffees and a selection of mouth- watering pastries. She’s already paid and tells Robert not to worry about it, she’ll claim it as an expense.

Staff insights – what should Robert do?

• If Robert drinks the coffee and eats the pastries it is considered a gift and he should disclose or register its approximate value. Although the gift is low value (and a one-off), in some circumstances it could create a perception of a conflict of interest, especially with Robert’s role as the IT procurement person.
• Robert could say thank you, he really appreciates the thought, and advise Danielle he needs to give her the money for his coffee and pastry as he doesn’t want there to be a perceived conflict of interest that causes issues in the future.
• Robert could report the situation to his supervisor in an email including details, eg that he paid her back for his coffee and pastry.
• Robert should check IPEA’s policy on registering gifts and benefits to ensure he is following it.
• When deciding whether to accept a gift or benefit, APS’s reputation is paramount. A useful test is for employees to consider how they might answer questions from a parliamentary committee.

The Comcover Awards for Excellence in Risk Management recognise exceptional and inspiring examples of risk management and demonstrate how essential risk management is to the success of Australian Government entities.

On 6 November, Comcover will recognise entities for their outstanding contribution to risk management at an awards ceremony. Event registration is available through the Comcover Learning Centre.

For information about the awards, go to the Department of Finance website.

The case studies are based on practical, real-life examples and response strategies providing IPEA staff with guidance and confidence in navigating potential ethical issues.

For more IPEA case studies, go to IPEA website.

NOVEMBER

• Comcover Excellence in Risk Management Awards ceremony – 6 November
• Specialist pathway – Embedding risk management (day 2) – 14 November
• Executive pathway – A strategic perspective to managing risk – 15 November
• Generalist pathway – Practical risk management - 18 and 19 November
• 2020–21 Renewal Questionnaire closes - 22 November
• Comcover Insurance Community of Practice - 27 November

Fund Members nominate key risk and insurance liaison contacts to interact with Comcover.

The Comcover liaison roles are critical because they facilitate consistent, clear communication about Comcover’s risk and insurance programs, such as the benchmarking program and renewal questionnaire. They also disseminate information about Comcover resources and education programs.

The liaison benefits Fund Members by providing a central knowledge and coordination point for questions and issues.

That ensures no duplicated effort or working at cross-purposes within entities on particular risk or insurance issues.

Fund Members nominate primary and secondary contacts for both risk and insurance. Primary contacts are responsible for participating in and completing Comcover programs, while secondary contacts support primary contacts in the work program.

Comcover has several resources available to help new contacts understand the general obligations of their role, including how Comcover provides Fund Members with information and support.

Newly nominated Comcover contacts receive two information emails, including instructions on how to complete a specially developed eLearning course, ‘Liaising with Comcover’, to support orientation into the role.

1. Welcome email

Once Fund Members notify Comcover of a new contact, the contact receives an email confirming access to the Comcover Launchpad and details of the entity’s Relationship Manager. The email provides instructions on how to access the eLearning module, ‘Liaising with Comcover’.

2. Liaising with Comcover eLearn

Comcover Launchpad > Comcover Learning Centre > Specialist > Liaising with Comcover

The eLearning module explains the roles of Comcover insurance and risk contacts and how Comcover can help them influence positive outcomes in their entity through effective, efficient management of risks.

The course covers:

• engaging with Comcover
• understanding your entity’s cover
• accessing Comcover resources
• managing your entity’s cover
• risk management and services.

3. Information email

After completing the ‘Liaising with Comcover’ eLearning course, Comcover sends a second, more detailed email that introduces key Comcover programs, documents, resources and education pathways of which contacts should be aware.

The emails are tailored to the role – insurance, risk, or insurance and risk – and provide targeted information on:

• the Comcover Launchpad
• key documents – Comcover Statement of Cover, Schedule of Cover, Commonwealth Risk Management Policy
• key Comcover programs – Renewal Program, Benchmarking and Awards for Excellence
• Comcover Education Program – details of the four learning pathways designed to build different levels of risk management capability
• Comcover Insurance Community of Practice
• contact numbers and emails for claims, education, relationship management, risk management and the IT service desk.

The emails and resources help new contacts better understand their roles and provide useful information and links for future reference and assistance.

If you have questions or feedback, please contact your Relationship Manager on 1800 651 540 (option 3) or email comcover@comcover.com.au.

A full list of resources, including advice circulars, Comcover Connect newsletters, information sheets, and FAQs, can be found on the Department of Finance website.

Emerging risks – how does the Commonwealth compare to the commercial sector?

Several commercial risk and insurance industry publications have identified cyber and environmental risks as significant emerging risks.

Emerging risks are those that are increasing or expected to increase substantially in the medium term.

A 2019 study by the Centre for the Study of Financial Innovation (www.csfi.org) on risks facing the global insurance sector found technology and cyber respectively were the number one and two emerging risks. Environmental risk was rated sixth.

The greater complexity, prevalence and pervasiveness of technology and digital networks has resulted in individuals, organisations and governments being at increased risk of malware, phishing and denial of service attacks.

A Protiviti study on Executive Perspectives on Top Risks identified cyber risks as one of the top commercial risks in 2019.

The study’s findings showed cyber risk has increased from the sixth most significant organisational risk in 2016 to number one in 2019, providing strong evidence that concern about cyber risk is growing in the insurance sector.

Environmental risks to organisations are also growing. Data from the Allianz Risk Barometer 2019 study listed natural catastrophes as third in 2019’s top 10 ranking of global insurance risks, an increase from 10th in 2018.

Likely sources of environmental risks include increased frequency and intensity of natural disasters, environmental legislation, and the effects of a changing climate and pollution.

A July 2019 Moody’s Investors Service report said insurers were increasingly exposed to environmental, social and governance risks, which can influence their ability to meet financial obligations and therefore affect their credit strength.

Brandan Holmes, VP Senior Credit Officer at Moody’s, said: ‘Climate change in particular gives rise to greater uncertainty for insurers, both with expectations for frequency and severity of natural catastrophes, and exposure to carbon transition risk through their investment portfolios and the possibility of stranded assets.’

How does that differ from what Commonwealth entities think?

Comcover’s Risk Management Benchmarking Program enables Fund Members to identify what significant risks may be emerging for their entities.

Benchmarking results: technology risks

The Benchmarking Key Findings Report indicates technological risk has increased significantly as an emerging risk priority for entities. Of the 155 respondents, 43 rated technological risk as the most significant emerging risk.

Benchmarking results: environmental risk

Those Fund Members with environmental policy or program responsibilities identified the impact of environmental risk more highly.

The 2019 Comcover Risk Management Benchmarking Program Key Findings Report is on the Department of Finance website.

Considerations for Fund Members

There is a disparity of perceptions about emerging risks in the private sector, compared to the Commonwealth. While cyber risk is universally regarded as a key emerging risk, environmental risk is considered a key emerging risk by the private sector only.

In 2017, the Australian Prudential Regulation Authority said some climate risks were distinctly financial in nature and many were ‘foreseeable, material and actionable now’. The Reserve Bank of Australia and the Australian Securities and Investments Commission have endorsed that view.

The comparison between the private and public sectors’ views is useful to start discussions about emerging risks. What can the Commonwealth learn from the research and findings in the commercial insurance industry?

Is the Commonwealth’s risk profile that different to the private sector? Should Fund Members seek views from stakeholders outside their organisations on emerging risks?

Australia’s National Climate Resilience and Adaptation Strategy (2015) calls for the Commonwealth to manage climate-related risks to its policies, programs and assets.

CSIRO and the Department of the Environment and Energy developed a climate risk management framework to help Australian Government entities consider and manage climate-related risks.

If your entity needs help to start considering climate-related risks, please contact the Climate Adaptation, Risk and Science team at climate.adaptation@environment.gov.au.

If your entity needs risk management assistance, please contact the Comcover Risk Management Team on 1800 651 540 (option 4) or email comcover@comcover.com.au.