Annual Report 2006-07: Effective management
For a number of years CASA has outsourced internal audit responsibilities to external professional organisations, with a senior CASA manager providing coordination. The audit function has benefited from the expertise and independence of auditors external to CASA. The outsourcing arrangement continued, and 2006–07 was the first year of a three-year contract for the provision of internal audit services by two external audit organisations.
The main focus of the internal audit function in 2006–07 was on CASA’s key risk exposures. The individual risk management plans of CASA’s management groups, coupled with a series of strategic risk workshops, were used to develop priorities for the ongoing CASA-wide internal audit programme.
CASA’s internal audit charter was reviewed to ensure it reflected best practice and emphasised a risk-based approach to the audit function. A programme to monitor the implementation of audit recommendations continued to work well, and was backed by a comprehensive database of audit information.
Many of the 16 audits completed during 2006–07 focused on CASA’s core business and corporate functions, processes and systems. Audits completed during the year included reviews of:
- entry control by the General Aviation Operations Group
- aviation security identification card procedures and processes
- compliance with the enforcement manual
- flight crew licensing
- the performance reporting framework
- information technology security policy and governance arrangements
- records management and the Aviation Industry Regulatory System
- the CAC Act compliance certification process
- compliance with amended fee regulations
- regional office administrative procedures
- the demerit points scheme.
Audit activity also included:
- a post-implementation review of surveillance
- an assurance review of the project established for CASA’s transition to an agency administered under the Public Service Act 1999 and Financial Management and Accountability Act 1997.
In 2006–07, CASA participated in Comcover’s risk management benchmarking survey. A score of 7 out of 10 was achieved, which resulted in a 7.1 per cent discount in CASA’s insurance premiums for 2007–08. This was an improvement on the 2005–06 result and again placed CASA in the top quartile of Comcover agencies. The outcome confirms our approach to risk management, and the continued improvement is particularly pleasing.
As an aviation safety regulator, CASA must understand the nature and dimensions of the risks it oversees and ensure those risks are appropriately managed. At the operational level, heads of groups are responsible for managing day-to-day activities and are accountable for managing risk in their areas of responsibility. The decisions they make contribute to CASA’s overall aim of achieving optimal risk management outcomes.
During 2006–07 CASA reviewed and updated its risk management policy and introduced a revised risk management framework to ensure a consistent enterprise-wide approach to risk management. A strategic risk management plan underpins the risk policy, and clearly identifies how CASA’s key risks are to be monitored and managed. These key risks include:
- emerging and strategic risks
- compliance risks
- operational risks, including fraud, business continuity, insurance and occupational health and safety
- change management and project-related risks.
CASA manages its risks in accordance with best practice and adheres to the principles outlined in the current Australian and New Zealand risk management standard (AS/NZ 4360), and the newly developed Transport Portfolio Common Risk Framework.
The centralised coordination of CASA’s enforcement and enforcement-related processes is helping to generate fairer, more coherent and consistent actions and decisions. Ensuring that everyone enjoys the same opportunity to have their legitimate concerns and interests heard and considered provides a level playing field for all, while properly allowing for relevant individual circumstances to be taken into account.