The 1996-97 Annual Report (Part A at pages A.2-95 to A.2-99) described the various policy, management and accountability initiatives that were being pursued through formal frameworks. The frameworks to which I refer are the Government Management Framework; Prudential Management Framework; Strategic Asset Management Framework; Project Management Framework (now Guidelines for Evaluation of Public Sector Initiatives); and the Financial Management Framework.

Within the overall context of seeking improvement in public sector agency administration and accountability, each of the framework initiatives have, as a common theme, the better management of the resources and risks of the public sector in South Australia.

In an overall context real progress was achieved in respect of finalising the development of the framework initiatives or significant aspects of the initiatives.

Part A (pages A.2-99 to A.2-106) of the Report communicated important elements of a structured approach to risk management practice and the benefits to be obtained from the introduction of such a practice.

Important elements noted were the:

• establishment of an agency Risk Management Policy Statement;
• documentation of a formal agency risk profile;
• establishing a monitoring mechanism to reassess the risk profile and control environment.

Benefits mentioned included:

• identification of areas requiring priority and concentration of effort;
• the establishment of an objective basis for assignment of accountability for the management of risks;
• setting up an effective internal control structure and internal audit activity;
• facilitating a more efficient and effective external audit review process.

Overall the general and specific commentary contained in Part A and Part B of the 1996-97 Annual Report indicated that only a few agencies had implemented a formalised risk management framework encompassing most of the elements of a structured approach (importantly a Risk Management Policy Statement and Risk Profile). Nonetheless, many other agencies indicated an intention to pursue the implementation of a formalised and structured approach to risk management practice.

Major changes of an organisational and financial management nature took effect during 1997-98 with regard to public sector agencies.

In respect of organisational change, in October 1997, the Government established ten Ministerial portfolios which linked common areas of policy and services, and also formed larger and multifaced portfolio based government departments. The newly formed portfolio based agencies resulted from the abolition of a number of smaller government agencies and incorporation of the functions and activities of abolished agencies into the newly formed larger agencies.

The larger and more diverse nature of the portfolio based departmental operations, with emphasis on more efficient administration and coordinated policy and/or service delivery (in respect of the portfolio based agency and across other agencies forming a portfolio of agencies) enlarges and intensifies the risk profile of activities to be managed by the portfolio based agency Chief Executive and related executive staff members. A structured risk management approach will no doubt assist executive management in the objective identification of areas requiring concentration of effort, the assignment of accountability for the management or particular risks, and provide a basis for prioritising controls and internal audit activity around what really matters to the agency.

A further update on this matter was formally requested by Audit from public sector agencies in July 1998. The update was sought in recognition of the following:

The responses received from agency Chief Executives were generally, as in the previous year, detailed in context and reflected a recognition of the importance of implementing a structured approach to risk management policy and practice.

Many agencies have now advised of the completion of preparation of a risk management policy and are proceeding with developments associated with the elements of a structured framework, including notably, the undertaking of risk assessments/risk profiles and the introduction or enhancements of internal audit/monitoring activities in relation to those assessments and profiles. Some of the agencies have also appointed a resource whose responsibilities involve the development and maintenance of the agency risk management framework.

Certain of the portfolio based government agencies which were formed in October 1997 have indicated that the immediate requirement to amalgamate functions and modify management structures and processes following the October 1997 change process has limited progress in advancing a structured and integrated approach to risk management practice. Notwithstanding, those agencies are proceeding to establish a structured framework in the context of their respective agency and portfolio wide agency responsibilities.

It is important to mention that the South Australian Government Captive Insurance Corporation has initiated developments consistent with its role in promoting and coordinating risk management across the public sector. These developments include:

• the development of a Risk Management and Insurance Manual for release to agencies in early 1998-99;
• the preparation of a regular newsletter comprising articles on the topic of risk management and insurance for issue to agencies;
• the establishment of a Risk Management Forum, held regularly and attended by representatives of the ten portfolio based government department agencies, to discuss risk management activity within agencies.

In summary, Audit has noted general improvement across agencies of government in 1997-98, with respect to developments directed to the implementation of formalised and structured approaches to risk management policy and practice. Audit will continue to closely monitor agency developments, in particular, those relating to the ten ministerial portfolio based government agencies.

An opinion on the adequacy of internal control has been an integral part of the audit mandate in South Australia for many years. It is a direct reporting responsibility of the Auditor-General and is required by the Public Finance and Audit Act 1987. In this sense internal control becomes a specific and separate reporting objective in its own right as distinct from being one of a number of sources of evidence used to support the basis of an opinion on the public accounts and agency financial statements.

Recommendations were made including that the Government develop appropriate policies and supporting procedures and training and education programs so that agencies have the proper skills to deal with these complex issues. It was suggested a specific focus be given to intellectual property in any outsourcing arrangement.

The Prudential Management Framework, finalised during the year and released to agencies in May 1998, includes a section on intellectual property. Its coverage while brief, addresses some of the matters included in my last Report. It provides examples of intellectual property and discusses some important related management issues. These issues cover the need to identify and manage intellectual property that a contractor may have to use in providing services; use of intellectual property owned by a third party; negotiating strategies relating to ownership and use of intellectual property; and software development contracts.

The Prudential Management Group is also facilitating a conference on intellectual property matters in November 1998 that will assist in raising the level of public sector agency awareness and capacity to deal with this risk area.

During 1997-98 further Audit reviews were conducted into specific aspects of intellectual property as an important element of risk management. Specific audit work was undertaken in respect to:

The findings arising out of this review are commented upon hereunder.

Audit ascertained that government guarantees were able to be provided pursuant to various legislation and by means of Cabinet approval. The legislative provisions would be found within:

• the Public Finance and Audit Act 1987;
• the Public Corporations Act 1993;
• the Industries Development Act 1941;
• and the enabling legislation of individual agencies.

Yet, Treasury and Finance is not always involved in the approval process and the extent of its involvement, is influenced by the nature of the guarantee being sought and processes that may have already occurred at the individual agency level.

However, the Department sought

Audit suggested that this process of due diligence be subject to a specific policy and/or guidelines.

In reply, Treasury and Finance expressed the view that the management of contingent liabilities of individual agencies was the responsibility of individual agency chief executives.

Nevertheless, it acknowledged that it certainly had an interest in how these liabilities are managed and that the issuing of guidelines to the agencies, on the evaluation of risks, would heighten the awareness of issues associated with the provision of government guarantees.

Audit referred to current reporting arrangements with respect to contingent liabilities and explored the potential for this to be further enhanced at a whole-of-government level. Specific reference was drawn to the effect of: inter-government transactions; off-balance sheet exposures; measurement of credit risk exposures; litigation and unquantifiable contingencies.

In its response, the Department indicated that it had begun a significant review of the contingent liability and government guarantee collection and reporting procedures. This had identified many of the areas raised by Audit.

Last year it was reported that certain policy and guidance framework initiatives aimed at facilitating improvement in public sector agency management and accountability practice had not been finalised. It was considered that the earlier the finalisation, promulgation and application of the initiatives, the earlier the realisation of enhancements in public sector agency governance. During the year real progress was achieved in respect of finalising the development of the framework initiatives.

Audit inquiry of agencies last year confirmed that the approach to risk management policy and practice across public sector agencies was patchy. Nonetheless, there were emerging developments in some agencies and clear intentions in other agencies to pursue implementation of a structured approach to risk management practice. There has been noted improvement across agencies of government in 1997-98 with respect to developments directed to the introduction of formalised and structured approaches to risk management policy and practice.

Audit commented last year with regard to the management of certain risks associated with the intellectual property assets of government in an outsourcing environment. It was considered that there was a need for policy and guidance support to agencies to deal with this issue. This matter is being addressed through the Prudential Management Framework initiative of government. During this year Audit reviewed some aspects of risk management practice covering the contingent liabilities and guarantees of government. Matters relating to approval and monitoring processes were directed to the Department of Treasury and Finance for consideration and attention.