Legislative Council Fifty-First Parliament, Second Session (51-2) 51 2 Parliament of South Australia Legislative Council published Answers to Questions Auditor-General's Report AUDITOR-GENERAL'S REPORT The Hon. R.I. LUCAS Legislative Council AUDITOR-GENERAL'S REPORT In reply to the Hon. R.I. LUCAS (15 November 2006). The Hon. P. HOLLOWAY Legislative Council Minister for Police, Minister for Mineral Resources Development, Minister for Urban Development and Planning AUDITOR-GENERAL'S REPORT The Hon. P. HOLLOWAY (Minister for Police, Minister for Mineral Resources Development, Minister for Urban Development and Planning): In November 2001, South Australia Police (SAPOL) launched a Risk Management System. At the same time, under the sponsorship of the Justice Portfolio, the Service Enhancement Branch of SAPOL and Arthur Andersen (now Ernst and Young Pty Ltd) conducted a series of service-level Risk Facilitation Sessions. The ‘service-level risks' were then consolidated into a Whole of SAPOL document listing 248 risks which were subsequently distilled by SAPOL Senior Executive Group (SEG) into seven Areas of Risk. Like other agencies in the Justice Portfolio Risk Management Forum, SAPOL originally planned to use the Methodware software to administer its Risk Register. Since then most, including SAPOL, have relinquished it because it was not ‘user-friendly', licences are expensive and it lacked flexibility. The SAPOL Corporate Risks were not ignored during that time. Between June 2003 and early 2004, SAPOL conducted a post-implementation review of its risk and auditing General Orders. The result was to strengthen compliance auditing to go with the original risk based format. A new periodical inspection and audit process was developed around a new 12 month risk and auditing reporting cycle. Each January, after the environmental scanning phase of the Corporate Planning Framework occurs, the Service Enhancement Branch coordinates: review of the areas of risk to be monitored at Executive level; Service level reviews of their respective Risk Registers against the reviewed areas of risk; and Consolidation of data from these reviews to update the Corporate Risk Register, again for approval at Executive level. Under the new Periodical Inspection and Audit Process, for the six month period ending March 2005, the Audit Committee received the first Whole of SAPOL report in June 2005. During 2006, the areas of risk monitored at a corporate level have been expanded from seven to nine. Workshops have been conducted in each of the Local Service Areas with the results used to revise and upgrade the Risk Registers in each Service Area as well as to populate the SAPOL Corporate Risk Register.