Departments collaborate through the Risk Committee to identify and describe SSRs. But the processes departments use to determine SSRs lack rigour.
All departments have programs and reforms to manage their organisational risks and responsibilities. This includes coordinating with other agencies on shared risks. But only DFFH has checked that its work appropriately manages the statewide implications of the SSRs it leads.
DTF does not link its budget advice to the Treasurer and Assistant Treasurer with the financial implications of SSRs. Only DGS and DPC have linked their budget submissions to SSRs since 2019. This is a missed opportunity to inform government of SSRs' implications for Victoria.
The Framework does not sufficiently explain what individual agencies need to do to manage SSRs they share with others. It lacks detail on what they should include in their own risk management frameworks and what they need to do when they take a lead role for an SSR.
The Framework does not clarify what the Risk Committee and the Secretaries' Board need to do to support agencies or to advise government on SSRs. It also does not explain what DTF, the Department of Premier and Cabinet (DPC) and the Insurance Authority need to do for SSRs.
The Framework sets out minimum requirements and guidance for individual agencies to manage their own risks. It also sets out the arrangements for agencies to manage risks they share with others, including SSRs.
The Framework describes SSRs and agency roles and responsibilities for coordinating their responses. It sets out the roles and responsibilities for 2 cross-agency coordinating groups ‒ the Risk Committee and the Secretaries' Board.
This section summarises our key findings. The numbered sections detail our complete findings, including supporting evidence.
When reaching our conclusions, we consulted with the audited agencies and considered their views. The agencies’ full responses are in Appendix A.
We made 5 recommendations to address 3 issues. The relevant agencies have accepted our recommendations in full or in principle.
Download a PDF copy of Appendix C: Audit scope and method.
Download a PDF copy of Appendix B: Abbreviations, acronyms and glossary.
Download a PDF copy of Appendix A: Submissions and comments.
All departments have processes for investigating and reporting fraud and corruption incidents when they have been alerted to them by individuals.
Most departments test their procurement data to look for procurement and financial errors. However, only 2 departments use data analytics tests that specifically focus on proactively detecting fraud and corruption risks.