Risk management and accountability

Members of the Audit and Risk Management Committee (ARMC) are appointed by the Energy and Water Ombudsman.

External members of the committee are Queensland public sector employees and do not receive additional remuneration in relation to this committee, as per the Remuneration Procedures for Part-time Chairs and Members of Queensland Government Boards.

Committee members during 2020-21:

• Gavin Holdway, Chair (from 4 February 2021)
• Irene Sitton, Chair (to 3 February 2021)
• Brydie Bodnar, external member (from 4 February 2021)
• Fiona Trenear, external member (to 3 February 2021)
• Eleanor Bray, internal member.

ARMC observes the terms of its Audit and Risk Management Committee Charter and and has due regard for the Audit Committee guidelines: Improving accountability and performance issued by Queensland Treasury.

During 2020-21, the committee met four times and invited both external and internal audit representatives to regularly attend meetings.

Key achievements for 2020-21

• Endorsed the financial statements 2019-20 and considered all audit recommendations by external audit.
• Endorsed the strategic and annual internal audit plan for approval by the Energy and Water Ombudsman.
• Monitored progress of the annual internal audit plan and outcomes from audits undertaken.
• Reviewed the risk management framework and policy, including business continuity plan.
• Reviewed the new governance framework.
• Provided oversight on the ongoing risk management activities within the organisation including COVID-19 risks to the business and cyber-security risks.

Our internal audit function is undertaken by the Corporate Administration Agency (CAA) and managed through a service level agreement.

The internal audit workplan is directed through a strategic and annual plan developed in consultation with the Audit and Risk Management Committee and approved by the Ombudsman, which has due regard to professional standards and the Audit Committee guidelines: Improving accountability and performance issued by Queensland Treasury.

Key achievements for 2020-21

Provided reports to the ARMC and the Ombudsman on the results of internal audits undertaken, as well as monitored and reported on the implementation of recommendations for the following:

• recruitment
• business continuity
• risk management
• financial management practice manual.

Our external service provider CAA maintains a business continuity plan which provides for the recovery and/or continuity of our information technology, human resources and finance functions.

We have a comprehensive business continuity plan which was activated periodically during 2020-21 as a result of the COVID-19 pandemic.

Our team has returned to working from the office at least three days a week as part of flexible working arrangements. The health and safety of our team while working from the office continues to be closely monitored and is supported through hygiene and physical distancing practices.

Our team can successfully conduct our entire operations remotely at short notice, if required.

As a public service office, we are required by legislation and government standards to keep and maintain proper records of our activities.

We are committed to meeting our governance responsibilities under the relevant Acts, applicable legislation, Queensland Government’s Information Standards, Queensland State Archives Standards and best practice methods outlined in applicable International Standards.

We have an electronic document records management system (EDRMS) and have appointed an information management officer to oversee records governance. The security of the EDRMS is managed in accordance with our Information Security management system.

During the mandatory annual Information Security reporting process, the Energy and Water Ombudsman attested to the appropriateness of the information security risk management within EWOQ to the Queensland Government Chief Information Security Officer, noting that appropriate assurance activities have been undertaken to inform this opinion and the organisation’s information security risk position.

We are committed to providing the community with open and transparent access to information about our services and activities. Consistent with the Right to Information Act 2009 and Information Privacy Act 2009, we proactively release information held by our office unless, on balance, it is contrary to the public interest to provide the information.

All requests for information received during 2020-21 have been released under the Administrative Access Scheme. We also participated in the Office of the Information Commissioner Queensland (OIC) Privacy Awareness Week and contributed to the s185 annual report.

Since 2015-16, we have been recognised as an external dispute resolution scheme by the Office of the Australian Information Commission (OAIC) under the Privacy Act 1988. We are required to report on serious or repeated interference with privacy or systemic privacy issues relating to these bodies to the OAIC every quarter.

We are also required to provide OAIC with an annual report including a range of data relating to complaints investigated under this jurisdiction.

The following datasets are published on the Queensland Government open data website:

• consultancy spending
• language services expenditure.

An overseas travel expenditure report for the 2020-21 reporting year was not required due to overseas travel not being undertaken by any EWOQ team members.