Go to top of page

Managing risks in the workplace

3.1 Bringing people into your workplace

The first few weeks after an employee has joined an agency are a unique opportunity to make sure that they understand how the agency works and what is expected of them, and to establish good working habits.

Each manager has a key role to play that complements the normal induction process that your agency has in place. Managers have the ability to look at new starters as individuals, as people with unique backgrounds, skills and experience. New starters may bring with them a different set of professional values that are not consistent with the APS Values. They may not understand fully the conventions that are part of being a professional public servant.

3.1.1 Post-recruitment risks

  • The new recruit is not properly integrated into the agency and its cultural norms during the induction and probation processes.
  • The new recruit is corruptly influenced to make decisions in favour of a third party.
  • The new recruit is linked to a group that is seeking to infiltrate the agency.

3.1.2 Mitigating the risks

The time that you put into a new starter is an investment in their future behaviour and performance. It may be helpful to ask yourself:

  • does the employee understand how the APS Values and Code of Conduct apply to them?
  • is there anything special about the employee's background or experience that raises particular issues of concern? For example, were they previously employed in a lobby group that might raise questions of conflict of interest?
  • has the employee been briefed about the acceptable use of information and communications systems and equipment?
  • is the employee aware of any office security requirements?
  • does the employee know how and where they can report any threat to the integrity of your agency?
  • have you discussed:
    • how the Values and Code apply including to behaviour outside the workplace?
    • whether they have any conflicts of interest in the performance of their duties?
    • the need to declare any gifts or benefits they receive as part of their employment?

The Australian Public Service Commission's online induction program covers the APS ethical and legal framework. Probation is the primary tool available to mitigate integrity risks where the new recruit is commencing on engagement to the APS.

What else a new person needs to know:

  • roles and responsibilities
  • privacy and non-disclosure legislation
  • how to report risks or threats to integrity
  • the Public Interest Disclosure scheme
  • agency policy on outside employment

3.2 Changed personal circumstances

Changes in an employee's circumstances may increase their vulnerability to integrity risks.

All employees experience changes in their personal, financial and employment circumstances in the course of their career. Some of these may give rise to integrity risks, making the employee more vulnerable to temptation, blackmail, targeted advances by malicious insiders or external threats.

A relationship breakdown may trigger both emotional and financial stress which could make the employee look for opportunities for financial gain. Changed work circumstances such as a loss of status, demotion or lack of promotion opportunities may cause bitterness and resentment in an employee who then seeks revenge.

One-off changes to normal patterns of behaviour, for example arriving late to work for a couple of days in a row, would not normally be a matter for concern. Managers should be on the lookout for repeated and sustained behavioural changes. Information sheet six Identifying other integrity risks gives an idea of the types of behaviours to look out for in the workplace that might indicate the employee poses a risk.

Case study B

discusses the case of an employee reportedly experiencing social isolation who disclosed secret Defence information.

Read more.

3.3 Organisational change

Organisational change can cause stress in employees' work lives and affect morale.

The Australian Public Service Commission's State of the Service reports consistently show that employees who report that their agency managed change poorly have considerably lower engagement levels than other agencies. Poorly managed change has a larger impact on engagement than any other factor.

Decreased levels of employee engagement have the potential to become an integrity risk and should be properly managed.

Managers should focus on maintaining open and honest two-way communication during periods of change, and assist employees who display signs of stress, agitation or resentment.

3.4 Ongoing suitability assessment

The Attorney-General's Department is responsible for the Australian Government Protective Security Policy Framework that helps Australian Government entities to protect their people, information and assets, at home and overseas. The personnel core security policy includes nine mandatory requirements that apply to agencies and employees with access to Australian Government resources, including security classified resources. Among other things, these focus on:

  • having policies and procedures to assess and manage the ongoing suitability for employment of their personnel, and
  • ensuring that employees have an appropriate level of security clearance.

Agencies are required to monitor the suitability of employees on an ongoing basis. They must also share with the Australian Government Security Vetting Agency any information which may affect the suitability of the employee to hold a security clearance. Any concerning behaviour in individuals holding a clearance must be reported, as well as any significant changes in personal circumstances, including changes reported to the agency by a third party.

There is a need to change our focus from point-in-time suitability assessments to continuous monitoring and assessments of each person's ongoing suitability.

Attorney-General for Australia
Senator the Hon George Brandis QC

The onus is now on agencies, rather than individuals, to advise the vetting agency when a clearance holder ends their employment.

Employee vetting is an effective means of ensuring a basic level of trust only at a particular point in time. As employees' circumstances, attitudes, behaviours and motivations will change over time, vetting 'aftercare' is vital.

Employees who hold current security clearances are obliged to report changes in circumstance that may be relevant to their clearance. These include changes in domestic, financial and health circumstances and new relationships or contacts with foreign nationals.

The ongoing suitability of employees must be monitored over time for changes to their role or their personal circumstances and behaviour. Responsibility needs to be clearly allocated to the appropriate manager and understood by the employee.1

Further information on aftercare is available from the Australian Government Security Vetting Agency—see Ongoing Personnel Security Management—Aftercare.

Case study C

discusses an employee whose loss of a security clearance led to termination of employment.

Read more.

3.5 Conflicts of interest

The management of real and potential conflicts of interest is a central element of establishing a strong integrity culture. Managers and employees need to think carefully about how actual or perceived conflicts of interest can affect their actions and the reputation of their agency.

The principle is simple: APS employees should work to support the public interest within the framework of the law and Government policy. Their actions and decisions should not be affected by their own private interests.

Interests that can affect, or be seen to affect, behaviour are broad in character. They include financial interests, but also things like family relationships, social relationships, or membership of a political party.

The APS Code of Conduct requires APS employees to disclose any conflict of interest and take reasonable steps to manage that conflict. But it's often the case that people don't recognise that they have a conflict.

Managers can help their staff by creating a culture in their workplace that encourages disclosure and where discussion about potential conflicts of interest is part of the 'way we do business around here'. They should also ensure that employees are aware of their agency's policies on declaring and managing conflicts of interest, and on outside employment.

The Australian Public Service Commission provides guidance on how to manage potential conflicts of interest in Section 5 of APS Values and Code of Conduct in Practice.

Case study D

is about an employee whose release of work-related information to her community resulted in her being charged with unlawful disclosure of Commonwealth information.

Read more.

3.6 High risk roles

Some roles in agencies may present a higher risk of corruption.

Case study E

outlines how two Australian Taxation Office employees exploited their regulatory roles to participate in trafficking illegal substances.

Read more.

High risk roles aren't limited to frontline law enforcement positions or even customer service roles. Back office jobs, for example, can provide access to agency assets or information useful to criminal organisations. Managers need to think laterally to identify which positions may be at risk. These may include roles that have access to government funds or assets, significant financial delegations, or broad access to agency information and communications technology or sensitive information.

Managers need to think about appropriate mitigation and management strategies for potential risks. Formal risk assessments of high risk roles may be warranted.

3.7 Threats from organised crime

'In any organisation, corruption has the potential to seriously damage its ability to perform its mission and undermine confidence and trust. The threat of corruption-enabled border crime is very real and while the Department has a competent, hardworking and honest workforce, our staff are necessarily the target of people who would seek to subvert the legal frameworks we uphold.'

Stephen Hayward
Integrity, Security and Assurance Division
Department of Immigration and Border Protection

Public servants can be, and have been, targeted by organised crime entities to help them commit crimes. In some cases this can be the result of years of 'grooming' where criminal entities target and compromise an employee hoping that they will be useful in the future. Criminals may seek to corrupt public sector employees to gain access to public funds, sensitive information, protection and other services that help facilitate their criminal activities.

Employees may be at risk of coming into contact with organised crime groups unintentionally, such as through the purchase of recreational drugs, careless use of social media, or even gym membership.

The report of the former Australian Crime Commission Organised Crime in Australia 2014-15 observed that:

'…the large profits available in Australia's illicit drug markets are a strong motivator for organised crime groups to develop the capability to corrupt in order to facilitate access to those markets. As well, corrupt officials may also assist in the money laundering process—for instance, by providing false identification documents or visas.'

The report noted an emerging issue for younger public sector employees:

'Social networking, the sharing of personal information on social media, and casual attitudes and the apparent growing tolerance of the general public toward 'recreational' or 'private' illicit drug-taking have been identified as having the potential to significantly increase the risk of corruption of younger public sector employees by bringing them into contact with organised crime groups.'

The clear message here is while there are key roles and agencies within government that present risk, no area is immune from threat. The Attorney-General's Department better practice guide Identifying and managing people of security concern—integrating security, integrity, fraud control and human resources provides recommendations about dealing with employees suspected of being involved with criminal elements. Section 5 contains information about managing employees who are a security concern.

Case study F

discusses the arrest and sentencing of a Customs official who accepted bribes from criminals to allow the importation of large quantities of a controlled substance. Case study G outlines the integrity framework introduced by his employer to mitigate future risks.

Read more.

3.8 Out of hours conduct

3.8.1 Use of social media

Greater use of technology, including social media such Facebook, Twitter and Instagram, by employees may present a heightened risk to integrity for agencies.

This can take a number of forms, such as:

  • employees making inadvertent disclosures of sensitive information
  • disaffected employees publishing information damaging to their employer or the Government
  • employees exposing themselves or their colleagues to identity theft.

Even relatively benign information about employees, such as where they work, who their colleagues are and the projects they are working on, can be used by people seeking to identify and compromise employees.

Managers have a role to ensure that their staff understand the responsibilities they have to use social media prudently.

Case study H

explores a case where the inappropriate use of social media led to an employee's dismissal.

Read more.

3.8.2 Trips away and office parties

Risks to integrity may arise out of hours. Much-publicised risks occur during activities such as socialising on work trips away, and at social gatherings such as office Christmas parties. These are activities that may have a social component to them, and also pose real risks to the reputation of agencies.

Managers have a role to play here in reminding employees that the Code of Conduct can apply to work outside the usual workplace and outside normal working hours. The Australian Public Service Commission has published further information on this issue in Section 3.5 of the guide APS Values and Code of Conduct in Practice.

3.8.3 Mitigating the risks

Agencies are advised to develop social media policies that meet their needs and provide clear, simple tools for managers to explain requirements for employees. Further guidance on this issue is available in Section 6 of APS Values and Code of Conduct in Practice.

Managers should consider reminding employees who are about to travel on business or to attend a work social gathering of the need to behave responsibly.

3.9 Privacy and trust

Very few employees engage in activities that would be regarded as a risk to integrity. The great majority of employees are honest and conscientious. Employees can be sensitive to, and even resent the intrusion on their privacy of monitoring and recording of their activities.

Employees have a reasonable expectation that if there are issues that affect them, such as a conflict of interest, those issues will be addressed properly and proportionately. Employees will be discouraged from disclosing or reporting matters if they believe that they will not be dealt with fairly.

At the same time, agencies have a legitimate interest in putting in place policies and procedures that reflect the risks that they face. A balance needs to be found between the risk detection and monitoring needs of an agency and the reasonable expectations of employees.

Any monitoring system has the potential to reduce employee trust in the agency. If the process is carefully explained beforehand, and managed consistently, it is less likely to be considered unfair by employees or to damage trust. The monitoring process becomes just one more element of the day-to-day working conditions.

As an example, the Department of Immigration and Border Protection introduced a number of detection and monitoring regimes in 2014 following the identification of employees involved in a drug importation racket—see Case studies F and G. The Department undertook extensive consultation with its employees to explain the operation of the testing and the reasons for its introduction.

See information sheet five Managing information for a discussion of relevant privacy legislation.


1 Colwill, C. (2009), Human factors in information security: The insider threat—Who can you trust these days? In Information Security Technical Report, November 2009.