The risk management approach

All NSW public sector agencies are exposed to corruption risks. These risks can exist at all levels of an agency, in relation to all functions and activities, and can potentially involve any internal or external stakeholder.

If corruption does occur, the short and long-term consequences for the agency include:

  • loss of reputation
  • loss of public confidence
  • direct financial loss
  • wasted resources
  • the financial and resource cost of an internal and/or ICAC investigation
  • adverse effects on other staff and the morale of the agency generally.

The ICAC recommends a proactive risk management approach to corruption prevention by identifying corruption risks and then developing appropriate strategies to address these risks.


The risk management process

Risk management is an accepted part of good governance and many agencies already undertake some degree of risk assessment and management. Legislative and government policies and best practice guides require or encourage risk management by NSW public sector agencies. However, not all agencies include the risk of corruption in their risk management process. They should do so, because agencies have a public duty to minimise corruption and like other risks, corruption can affect an agency's ability to achieve its objectives.

The Australian Standard on Risk Management (AS/NZS 4360:2004) and the NSW Treasury guidance materials provide general information on risk management. The information provided here should be used as additional information to assist with identifying and treating corruption risks and is based on experience from ICAC investigations and research.


The importance of risk management for preventing corruption

A risk management approach to corruption prevention is appropriate because it helps to identify structural weaknesses that may facilitate corruption, provides a framework for all staff to take part in identifying risk factors and treatments, and embeds corruption prevention within a well-established governance framework.

All public sector organisations are exposed to corruption risks, and some functions (such as licensing) carry substantial risks that cannot be transferred or eliminated. Increasing public – private sector business relationships carry their own set of corruption risks.

A risk management approach is the most appropriate way to ensure that these risks are identified and effectively managed.

An agency that fails to mitigate corruption risks can also cause problems for other agencies. For example, if a fraudulent supplier is not dealt with then they may be employed by another agency.


Frequently asked questions

 Are corruption risks different to other risks?

Although corruption risks are basically the same as other risks, there are some general differences:

  1. Corruption is deliberate, not accidental.
  2. Public sector agencies generally have fewer choices in the management of their corruption risks than other risks. For example, public sector agencies cannot avoid the corruption risks of some functions by choosing to discontinue those functions, such as licensing.
  3. Public sector agencies cannot share or transfer corruption risks as  they retain ultimate responsibility for functions that are outsourced or shared with a private organisation.
  4. Some business relationships such as public-private partnerships can also bring further corruption risks to an agency, such as conflicts of interest. Public sector agencies must manage not only their own original risks but the risks associated with partnerships.

Can corruption risks be managed in the same way as other risks?

Yes, a risk management process can help to manage all risks. However corruption risks cannot be shared or transferred like some other risks. For example, an agency can take out insurance to protect itself against some health and safety risks.


Resources


Publications

  • AS/NZS ISO 31000: 2009 Risk Management - Principles and Guidelines, Standards Australia, Sydney 2009.
  • Pat Barrett AM, Auditor-General for Australia, "Risk Management in the Australian Public Service Today and Tomorrow", address at the launch of the Australasian Risk Management Unit, Monash University, 21 February 2001.
  • Commonwealth Fraud Control Guidelines, Australian Government Attorney-General's Department, Canberra, May 2002.
  • CPA Australia publications:

    • How to implement enterprise-wide risk management, last update April 2004
    • Case Studies in Public Sector Risk Management, 2002
    • Risk Management in the Public Sector, 2001
    • Enterprise-wide Risk Management, 2002
    • Public Sector Risk Management: A State of Play, 2002.
  • Internal Audit and Risk Management Policy for the NSW Public Sector, NSW Treasury, Sydney, August 2009.
  • Ian McPhee, Auditor-General for Australia, "Risk and risk management in the public sector", speech at Public Sector Governance and Risk Forum, 1 September 2005 (at www.anao.gov.au).
  • Managing Risk Across the Public Sector, Auditor General Victoria, Melbourne, 2004.
  • Performance Audit Report: Managing Risk in the NSW Public Sector, NSW Audit Office, Sydney, June 2002
  • Risk Management, NSW Government Procurement Guideline, Sydney, December 2006.
  • Project Risk Management Guideline, NSW Department of Commerce, Sydney, September 2004
  • Risk Management in the NSW Public Sector, Report No.12/53 (No. 155), NSW Public Accounts Committee, September 2005
  • Strategic Insights into Enterprise Risk Management, Australian National Audit Office, June 2003.


Relevant websites

Related topics on the ICAC website