Strategic planning framework
Key elements of our strategic planning framework are presented in Figure 8.
Figure 8: Strategic planning framework
Corporate Plan
Our Corporate Plan was revised this year and is the defining document for all planning and other strategic and operational activities for the 2007–10 period. The Plan outlines our vision, role and shared values, and sets out our objectives and strategies in four Key Result Areas (KRAs):
- our clients;
- our products and services;
- our people; and
- our business performance.
Business Plan
The Business Plan is a three-year rolling plan that is updated annually.
The current Business Plan outlines how the KRAs from the Corporate Plan are to be achieved and provides a ‘scorecard’ so that our performance against the KRAs can be monitored and measured.
David Sloan, Gena Clarke and Anne-Maree Kape from Corporate Management Branch (CMB).
Risk management plan
The Risk Management Plan and individual risk plans for each of the service groups and support areas are updated at least annually. The annual review is designed to take account of any changes in our environment, including revised business requirements and changes in our control environment. The Risk Management Plan underpins our corporate governance framework, with the Audit Committee being responsible for overseeing its implementation.
In essence, our approach to risk management identifies risks associated with our business objectives. These risks are considered at both the strategic and operational level; in particular, how they relate to our strategic and business planning processes. In considering these risks, we address the following questions:
- is our overall vision and direction appropriate?
- do our products meet client needs and expectations?
- are our resources adequate? and
- do we have sufficient capacity to deliver our products?
Our reputation for probity, accuracy, efficiency and ethical behaviour are among our most valued attributes as an Office and all significant business risks identified in our Risk Management Plan are linked in some way to an overarching reputational risk. Any serious business risks are monitored by EBOM each month as a standing agenda item. The 2007–08 Risk Management Plan is compliant with Joint Standard AS/NZS 4360: 2004 and was completed in May 2007.
Fraud Control Plan
A comprehensive Fraud Risk Assessment and Fraud Control Plan is maintained in accordance with the requirements of the Commonwealth Fraud Control Guidelines May 2002 (CFCG). The Fraud Control Plan is an important strategic document that links with our risk management framework and draws together into one consolidated document, all fraud prevention and detection initiatives that have been adopted. As with our business risks, our major concern is a risk to our reputation as a result of fraudulent activity. Accordingly, we periodically review our fraud control framework to take account of any relevant changes in our environment. In addition, there is a mandatory review of the Fraud Risk Assessment and Fraud Control Plan at least every two years. The 2006–08 Fraud Control Plan was completed in June 2006. Any serious fraud risks are monitored by EBOM each month as a standing agenda item.
The requirements of the CFCG have been implemented and we have appropriate fraud prevention, detection, investigation and reporting procedures and processes in place. Annual fraud data is reported to the Attorney-General’s Department in accordance with CFCG Guideline 8.
Information Systems and Technology Strategic Plan
The IT Strategic Plan is a three year plan designed to guide future decisions regarding the selection and management of information services and associated technology. It is linked to our Corporate and Business Plans by providing a framework to facilitate business operations to enable us to achieve our objectives in the four key result areas set out in our Corporate Plan. The 2006–08 IT Strategic Plan was approved in June 2006 and reviewed in 2007.