We don't know whether the most recent response to this request contains information or not – if you are Shirley please sign in and let everyone know.

NDIA Risk Management Policy/ies and Procedure/s

We're waiting for Shirley to read a recent response and update the status.

Dear National Disability Insurance Agency,

Please provide a copy of the NDIA’s current Risk Management Policy/ies and Procedures, including all past versions. That is, all NDIA Risk Management Policies and Procedures since 2013, up to an including Jun 21.

Context:

Section 125B of the National Disability Insurance Scheme Act, 2013 provides broad guidance for the ‘management of risk’ [1]. More specifically, the companion National Disability Insurance Scheme – Risk Management Rules 2013 (RMR) specifies the requirement for a risk management framework for identifying, assessing, mitigating and monitoring all sources of risk; including operational, systems, processes and people in both standalone or combination [2] configurations. Expanding upon this guidance, the supporting Explanatory Statement (accompanying the legislative instrument) specifies the requirement for the Board to establish, maintain and review the risk management framework, inclusive of policies and procedures [3], in addition to citing ISO 31000:2009 Risk Management and ‘insurance-based principles’ with prior technical input from the Australian Prudential Regulatory Authority (APRA). Both ISO 31000:2019 [4] and APRA’s CPS 220 [5] cite the requirement for clear, written risk management policies and procedures as part of a prescribed risk management framework. This guidance is further articulated in more detail in APRA’s Prudential Standard CPS 220: Risk Management [6].

While the NDIA Annual Report 2013-14 declares “The NDIA Board established its governance procedures and implemented an extensive risk management system”, in addition to declaring the adoption of APRA’s CPS 220 Risk Management standard [7] and the formation of an Audit and Risk Committee in compliance with section 32 of the Commonwealth Authorities and Companies Act there appears a lack of public access and assurance of said declarations. However, both the RMR and CPS 220 are reaffirmed in the NDIA 2015-2016 Annual Report [8]. Furthermore, a dedicated Risk Committee was formed a couple of years later [9], which again affirmed the use of CPS 220 [10] which is aligned with ISO 3100 (as does the Commonwealth Risk Management Policy [12]); in addition to being routinely cited by the Australian National Audit Office [23]. Whereas the NDIS’ adherence to ‘insurance-based principles’ was cited again recently with regards to Personalised Budgets, including an emphasis on evidence-based decision making [16] public information on existing risk management policy and procedure were not included. Moreover, the NDIS Insurance Principals and Financial Sustainability Manual [12] appears to lack mention or alignment to the NDIS Risk Management Rules 2013, CPS 220 and ISO 3100.

Reinforcing guidance and normative risk management standards, the Governance Institute of Australia also supports and incorporates the ISO standard for Risk Management as better practice for boards and company directors as part of public/private sector risk management frameworks, policies and procedures [24]. It is commendable the NDIA is aligned to these corporate and technical standards. By comparison, numerous Commonwealth entities [13,14,21,22] and State Government entities [15] document and disclose Risk Management Policies and Procedures to the public. Paradoxically, NDIS providers offer generic risk management governance, policy, controls and templates as guidance [18,19,20], seemingly supporting the expert view that “Good risk oversight requires overseers to exercise challenge by asking good questions about risk management” [17].

Thank you for your assistance.

Yours faithfully,



Shirley

References:

1. Australian Government (2013) National Disability Insurance Scheme Act 2013. Available at: < https://www.legislation.gov.au/Details/C...>. Accessed [8 Jun 21]
2. Australian Government (2013) National Disability Insurance Scheme— Risk Management Rules 2013: Legislative Instrument. Available at: < https://www.legislation.gov.au/Details/F...>. Accessed [8 Jun 21]
3. Australian Government (2013) National Disability Insurance Scheme— Risk Management Rules 2013: Explanatory Statement. Available at < https://www.legislation.gov.au/Details/F...>. Accessed [9 Jun 21]
4. International Standards Organisation (2009) AS/NZS ISO 31000:2009 Risk Management-Principles and Guidelines
5. Australian Prudential Regulatory Authority (2018) Prudential Practice Guide CPG 220 Risk Management. Available at: < https://www.apra.gov.au/sites/default/fi...>. Accessed [9 Jun 20]
6. Australian Prudential Regulatory Authority (2017) Prudential Standard CPS 220: Risk management. Available at: < https://www.apra.gov.au/sites/default/fi...>. Accessed [9 Jun 20]
7. National Disability Insurance Agency (2014) Annual Report. Available at: < https://www.ndis.gov.au/about-us/publica...>. Accessed[6 Jun 21]
8. National Disability Insurance Agency (2016) Annual Report. Available at: <https://www.ndis.gov.au/about-us/publica...>. Accessed[6 Jun 21]
9. National Disability Insurance Agency (2018) Annual Report. Available at: <https://www.ndis.gov.au/about-us/publica...>. Accessed[6 Jun 21]
10. National Disability Insurance Agency (2019) Annual Report. Available at: < https://www.ndis.gov.au/about-us/publica... >. Accessed [6 Jun 21]
11. Department of Finance (2014) Commonwealth Risk Management Policy, Available at: < https://www.finance.gov.au/government/co... >. Accessed [9 Jun 21]
12. NDIS (2016) National Disability Insurance Scheme: Insurance Principles and Financial Sustainability Manual, Version 5, dated November 2016. Available at: < https://www.ndis.gov.au/media/833/download>. Accessed [9 Jun 21]
13. Department of Foreign Affairs and Trade (2019) Risk Management for Aid Investments. Available at: < https://www.dfat.gov.au/sites/default/fi...>. Accessed [9 Jun 21]
14. Tourism Australia (2019) Risk Management Policy and Procedure. Available at: < https://www.tourism.australia.com/conten...>. Accessed [7 Jun 21]
15. New South Wales Government (2019) Risk Management Framework: Audit Office of New South Wales. Available at: <https://www.audit.nsw.gov.au/sites/defau...>. Accessed [9 Jun 21]
16. NDIS (2021) Personalised Budgets: Proposal for a new NDIS budget model, Technical Information Paper, Version 1.0, dated June 2021, Available at: <https://www.ndis.gov.au/about-us/improvi...>. Accessed [9 Jun 21]
17. Powers, M. (2011) Smart and Dumb Questions to Ask About Risk Management, Risk Watch, The Conference Board of Canada, pp. 2-5. Available at: <https://web.archive.org/web/201703171812...>. Accessed [8 Jun 21]
18. National Disability Services (2019) Risk Management Policy Template. Available at: < https://www.nds.org.au/images/resources/...>. Accessed [8Jun 21]
19. National Disability Services (2011) Risk Management and Controls Model: For Disability Services. Available at: https://www.nds.org.au/images/resources/.... Accessed [8 Jun 21]
20. National Disability Services (2010) Governance Structure and Charter: Risk Management Resource. Available at: < https://www.nds.org.au/images/resources/...>. Accessed [8 Jun 21]
21. CSIRO (2019) Risk Policy, Commonwealth Scientific and Industrial Research Organisation. Available at: , https://www.csiro.au/en/about/Policies/R...>. Accessed [9 Jun 21]
22. RBA (2019) Risk Management Policy, Reserve Bank of Australia. Available at: <https://www.rba.gov.au/about-rba/our-pol...>. Accessed [9 Jun 21]
23. ANAO (2017) The Management of Risk by Public Sector Entities, Australian National Audit Office. Available at: < https://www.anao.gov.au/work/performance...> . Accessed [9 Jun 21]
24. Governance Institute of Australia (2016) Risk management for directors: A handbook. Available at: < https://www.linkwest.asn.au/documents/it... > . Accessed [9 Jun 21]

foi, National Disability Insurance Agency

Thank you for contacting the National Disability Insurance Agency (NDIA).

 

Freedom of Information

 

If your message is a request for access to documents under the
Freedom of Information Act 1982 (FOI Act), we will acknowledge it within
14-days of receipt.  We may be in touch with you sooner if your request is
too large or vague.

 

We are committed to processing all requests as quickly as possible.  We
will keep in regular contact with you, especially if there's any delay in
making a decision.

 

Further information about FOI is available on our website:
[1]https://www.ndis.gov.au/about-us/policie...

 

Please contact us at [2][NDIA request email] if you have any questions or
require help.

 

Participant Information Access

 

If you are an NDIS participant and you are seeking access to your own
personal information, you can make a request online under our Participant
Information Access (PIA) process.

 

To make a request, please complete our online request form:
[3]https://www.ndis.gov.au/about-us/policie...

 

Please contact us at [4][email address] if you have any
questions or require help.

 

Other enquiries

 

If your message is for something else, you should direct it to
[5][email address].

 

If your message is received outside our business hours of 9am to 5pm
(AEST), Monday to Friday or on a public holiday, we will action it on the
next business day.

 

If your message is urgent, you can call our National Conact Centre on 1800
800 110.

 

Warm regards

 

NDIA FOI Team
Email: [6][email address]

show quoted sections

References

Visible links
1. https://www.ndis.gov.au/about-us/policie...
2. mailto:[NDIA request email]
3. https://www.ndis.gov.au/about-us/policie...
4. mailto:[email address]
5. mailto:[email address]
6. mailto:[email address]

foi, National Disability Insurance Agency

3 Attachments

Our reference: FOI 20/21-0854

 

Dear Shirley

 

Thank you for your request for information.

 

Please find attached correspondence in relation to your request.  If you
require the attachment in a different format, please let us know.

 

Please contact us at [1][NDIA request email] if you have any questions or
require help.

 

Kind regards

 

Freedom of Information Officer

Parliamentary, Ministerial and FOI Branch

Government Division

National Disability Insurance Agency

E: [2][NDIA request email]

[3]Title: NDIS delivered by the National Disability Insurance Agency

[4]cid:image002.jpg@01D46F80.C5EB82B0

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community.
We pay our respects to them and their cultures and to Elders both past,
present and emerging. 

 

show quoted sections

References

Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]

foi, National Disability Insurance Agency

3 Attachments

Our reference: FOI 20/21-0854

 

Dear Shirley

 

Thank you for your request for information.

 

Please find attached correspondence in relation to your request.  If you
require the attachment in a different format, please let us know.

 

Please contact us at [1][NDIA request email] if you have any questions or
require help.

 

Kind regards

 

Freedom of Information Officer

Parliamentary, Ministerial and FOI Branch

Government Division

National Disability Insurance Agency

E: [2][NDIA request email]

[3]Title: NDIS delivered by the National Disability Insurance Agency

[4]cid:image002.jpg@01D46F80.C5EB82B0

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community.
We pay our respects to them and their cultures and to Elders both past,
present and emerging. 

 

show quoted sections

References

Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]

foi, National Disability Insurance Agency

2 Attachments

Dear Shirley

 

We’re sorry to let you know that it will take us longer than expected to
process your request.  This is because the material you are requesting
will require multiple consultations and searches with different line
areas.

 

We are, therefore, writing to seek your agreement to a 30 day extension of
time under section 15AA of the FOI Act. This will make your new due date 9
August 2021.

 

Please let us know whether you agree by 12:00pm Friday 2 July 2021.

 

If you don’t agree, we may need to seek an extension from the Office of
Australian Information Commissioner.

 

Please contact us at [1][NDIA request email] if you have any questions or
require help.

 

Kind regards

 

Freedom of Information Team
Parliamentary, Ministerial & FOI Branch

National Disability Insurance Agency

E [2][NDIA request email]

 

[3]Title: NDIS delivered by the National Disability Insurance Agency

[4]cid:image002.jpg@01D46F80.C5EB82B0

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community.
We pay our respects to them and their cultures and to Elders both past,
present and emerging. 

 

show quoted sections

References

Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]

Dear foi,

I agree to the 30 day extension.

Yours sincerely,

Shirley

National Disability Insurance Agency

2 Attachments

  • Attachment

    attachment.delivery status

    0K Download

  • Attachment

    Re FOI 20 21 0854 Communication Request for extension of time SEC OFFICIAL.txt

    2K Download View as HTML

This is the mail system at host righttoknow.org.au.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<[NDIA request email]>: Host or domain name not found. Name service error for
name=ndis.gov.au type=MX: Host not found, try again

Rochelle Dunlop,

5 Attachments

Our reference: RQ21/02145

Agency reference: FOI 20/21-0854

 

 

Shirley

Sent by email: [1][FOI #7409 email]

Extension of time application by the National Disability Insurance Agency

 

Dear Shirley

 

I write to advise that on 9 August 2021, the Office of the Australian
Information Commissioner (the OAIC) received an application from the
National Disability Insurance Agency (the NDIA) for an extension of time
to process your 2 FOI requests made on 9 June 2021, which have been
combined by the NDIA under reference FOI 20/21-0854. These are your
requests titled:

1.    NDIA Procurement Risk Management Policy/ies and Procedure/s

2.    NDIA Risk Management Policy/ies and Procedure/s

The NDIA has advised the OAIC that you agreed to an extension of time to
process the requests under s 15AA of the FOI Act to 9 August 2021 (OAIC
reference RQ21/02156).

The NDIA has applied for an extension of time under s 15AB of the Freedom
of Information Act 1982 (Cth) because your requests are considered to be
complex and voluminous. 

·     The NDIA has advised the OAIC that:

−     the requests are broadly scoped and cover both current and
historical documents

−     the requests seek access to documents of a highly sensitive and
complex nature from multiple business areas

−     the NDIA has combined requests where possible and is engaged in a
significant amount of consultation with multiple stakeholders to ensure it
has appropriately identified documents within scope, and determine whether
it needs to further engage with you

−     searches for historic material have been complex as ICT
infrastructure has changed over time and other Commonwealth agencies hold
the archived material, and

−     the NDIA is committed to issuing a decision as soon as possible.

The NDIA has requested an extension to 8 September 2021. I will take any
comments you may have to make into account when deciding the application.

 

Please respond to this email by close of business 13 August 2021. If I do
not hear from you by this date, I will proceed to make a decision on the
basis of the information provided to me by the NDIA.

 

You will be notified of the decision once the matter has been finalised.

 

Further information about extension of time requests may be found on our
website at [2]Extensions of time.

 

Yours sincerely

 

 

 

[3][IMG]   Rochelle Dunlop  |  Review and
Investigation Advisor

Investigations and Compliance

Freedom of information
Regulatory Group

Office of the Australian
Information Commissioner

GPO Box 5218 Sydney NSW 2001  |
 [4]oaic.gov.au

+61 2 9284 9783  | 
[5][email address]
[9]Subscribe [10]Subscribe to
[6]Facebook | [7]LinkedIn | [8]Twitter |   icon Information
Matters

 

 

show quoted sections

References

Visible links
1. mailto:[FOI #7409 email]
2. https://www.oaic.gov.au/freedom-of-infor...
3. https://www.oaic.gov.au/
4. https://aus01.safelinks.protection.outlo...
5. mailto:%[email address]
6. https://aus01.safelinks.protection.outlo...
7. https://aus01.safelinks.protection.outlo...
8. https://aus01.safelinks.protection.outlo...
10. https://www.oaic.gov.au/media-and-speech...

Dear FOI,

Thank you for the update.

Received and understood. However, I would have thought the current risk management and procurement risk management policy (like the pandemic plans for NSW and Victoria) were readily available and frequently referenced documents of late. Therefore could be provided rather quickly, as opposed to any legacy documents or past versions.

Yours sincerely,

Shirley

Rochelle Dunlop,

6 Attachments

Our reference: RQ21/02145

Agency reference: FOI 20/21-0854

Shirley

Sent by email: [1][FOI #7409 email]

Extension of time under s 15AB

Dear Shirley

Please find attached a decision of today’s date for an extension of time
from the National Disability Insurance Agency.

 

Yours sincerely

 

 

 

 

 

[2][IMG]   Rochelle Dunlop  |  Review and
Investigation Advisor

Investigations and Compliance

Freedom of information
Regulatory Group

Office of the Australian
Information Commissioner

GPO Box 5218 Sydney NSW 2001  |
 [3]oaic.gov.au

+61 2 9284 9783  | 
[4][email address]
[8]Subscribe [9]Subscribe to
[5]Facebook | [6]LinkedIn | [7]Twitter |   icon Information
Matters

 

 

show quoted sections

References

Visible links
1. mailto:[FOI #7409 email]
2. https://www.oaic.gov.au/
3. https://aus01.safelinks.protection.outlo...
4. mailto:%[email address]
5. https://aus01.safelinks.protection.outlo...
6. https://aus01.safelinks.protection.outlo...
7. https://aus01.safelinks.protection.outlo...
9. https://www.oaic.gov.au/media-and-speech...

foi, National Disability Insurance Agency

1 Attachment

Dear Shirley

 

Freedom of Information request — Request consultation process

 

Thank you for your correspondence of 9 June 2021, in which you requested
access under the Freedom of Information Act 1982 (FOI Act) to documents
held by the National Disability Insurance Agency (NDIA).

 

Scope of your request

You have requested access to documents about the National Disability
Insurance Scheme (NDIS). Specifically, you requested access to:

 

“… a copy of the NDIA’s current Risk Management Policy/ies and Procedures,
including all past versions. That is, all NDIA Risk Management Policies
and Procedures since 2013, up to an including Jun 21.

… a copy of the NDIA’s Procurement Risk Management Policy/ies and
Procedure/s, in addition to all prior versions. That is, all NDIA
Procurement Risk Management policies and procedures created and used by
the NDIA since 2013, up to and including Jun 2021.”

 

On 6 July 2021, you agreed to provide the NDIA with an additional 30 days
to process your request for information, under section 15AA of the FOI
Act. Furthermore, the Office of the Australian Information Commissioner
granted the Agency with a further 30 days to process your request, due to
its complex and voluminous nature, under section 15AB of the Act.

 

Practical refusal

I am authorised to make decisions under the FOI Act.

 

I am writing to advise that that the work involved in processing your
request in its current form would substantially and unreasonably divert
the resources of the NDIA from its other operations due to its size. This
is called a ‘practical refusal reason’ under section 24AA of the FOI Act.

 

On this basis, I intend to refuse your request. However, before I make a
final decision, I am writing to provide you with an opportunity to revise
your request. This is called a ‘request consultation process’ as set out
under section 24AB of the FOI Act. You have 14 days to respond to this
notice in one of the ways set out below.

 

Why I intend to refuse your request

I have conducted a preliminary search for documents which are likely to be
relevant to your request. This search has revealed that the NDIA is in
possession of more than 85,000 individual documents matching the scope of
your request, not including any attachments which may be contained within
those documents.

 

As a result, I am of the view that the work involved in the processing of
this request would substantially and unreasonably divert the resources of
the NDIA from its other operations.

 

Request consultation process

You now have an opportunity to revise your request to enable it to
proceed.

 

Revising your request can mean narrowing the scope of the request to make
it more manageable or explaining in more detail the documents you wish to
access. For example, by providing more specific information about exactly
what documents you are interested in, the NDIA will be able to pinpoint
the documents more quickly and avoid using excessive resources to process
documents you are not interested in.

 

To reduce the scope of your request, you might like to consider:

·       Providing us with additional context around the subject matter of
documents sought; and/or

·       Providing further specificity around document types sought; and/or

·       Narrowing the date range of your request.

 

You have 14 days from the date you receive this letter to contact me and
do one of the following:

a.     withdraw your request;

b.     make a revised request; or

c.     indicate that you do not wish to revise the request.

 

During this period, you are welcome to seek assistance to revise your
request. If you revise your request in a way that adequately addresses the
practical refusal reason outlined above, we will recommence processing it.

 

Please note that the time taken to consult with you regarding the scope of
your request is not taken into account for the purposes of the timeframe
for processing your request.

 

You can contact me by email at [1][NDIA request email]

 

If you do not contact me within this period, that is by 5:00pm 21
September 2021, your FOI request will be taken to have been withdrawn
under subsection 24AB(7) and will not be dealt with any further.

 

Please do not hesitate to contact me if you have any questions.

 

Yours sincerely

 

Rafaela Vilatore

Parliamentary, Ministerial and FOI Branch

Government Division

National Disability Insurance Agency

E [2][NDIA request email]

[3]Title: NDIS delivered by the National Disability Insurance Agency

 

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging. 

 

show quoted sections

References

Visible links
1. mailto:[NDIA request email]
2. mailto:[NDIA request email]

Dear foi,

I find the premise of 85,000 related documents highly implausible for 2 documents that might have been updated annually over a 7 year period, resulting in no more than 14 specific documents.

Overall broad and ineffective search techniques aside, I would like to constrain and revise this FOI request to the 2 documents as of 9 Jun 21. That is:

1. A copy of the NDIA's Risk Management Policies and Procedures (2 documents at most), as of 9 Jun 21.
2. A copy of the NDIA's Procurement Risk Management Policy and Procedure (2 documents at most), as of 9 Jun 21

A 90 day response time for the original request seems highly unusual. Would it be reasonable to expect it will not take another 90 days?

Yours sincerely,

Shirley

foi, National Disability Insurance Agency

Thank you for contacting the National Disability Insurance Agency (NDIA).

 

Freedom of Information

 

If your message is a request for access to documents under the
Freedom of Information Act 1982 (FOI Act), we will acknowledge it within
14-days of receipt.  We may be in touch with you sooner if your request is
too large or vague.

 

We are committed to processing all requests as quickly as possible.  We
will keep in regular contact with you, especially if there's any delay in
making a decision.

 

Further information about FOI is available on our website:
[1]https://www.ndis.gov.au/about-us/policie...

 

Please contact us at [2][NDIA request email] if you have any questions or
require help.

 

Participant Information Access

 

If you are an NDIS participant and you are seeking access to your own
personal information, you can make a request online under our Participant
Information Access (PIA) process.

 

To make a request, please complete our online request form:
[3]https://www.ndis.gov.au/about-us/policie...

 

Please contact us at [4][email address] if you have any
questions or require help.

 

Other enquiries

 

If your message is for something else, you should direct it to
[5][email address].

 

If your message is received outside our business hours of 9am to 5pm
(AEST), Monday to Friday or on a public holiday, we will action it on the
next business day.

 

If your message is urgent, you can call our National Conact Centre on 1800
800 110.

 

Warm regards

 

NDIA FOI Team
Email: [6][email address]

show quoted sections

References

Visible links
1. https://www.ndis.gov.au/about-us/policie...
2. mailto:[NDIA request email]
3. https://www.ndis.gov.au/about-us/policie...
4. mailto:[email address]
5. mailto:[email address]
6. mailto:[email address]

foi, National Disability Insurance Agency

3 Attachments

Dear Shirley

 

Thank you for your request for information.

 

Please find attached correspondence and documents in relation to your
request.  If you require these in a different format, please let us know.

 

Please contact us at [1][NDIA request email] if you have any questions or
require help.

 

Thank you.

 

Kind regards

 

Freedom of Information Officer

Parliamentary, Ministerial & FOI Branch

Government Division

National Disability Insurance Agency

 

[2]Title: NDIS delivered by the National Disability Insurance Agency

The NDIA acknowledges the Traditional Custodians of Country throughout
Australia and their continuing connection to land, sea and community. We
pay our respects to them and their cultures and to Elders past, present
and emerging.

 

show quoted sections

References

Visible links
1. mailto:[NDIA request email]

We don't know whether the most recent response to this request contains information or not – if you are Shirley please sign in and let everyone know.