Internal audit and risk

In FY22, Downer’s Internal Audit and Risk function completed 19 internal audits comprising nine project reviews and 10 reviews of key business processes. Core matters that are typically audited include the validation of appropriate payment to our employees, suppliers and contractors. Additionally, implementing project/ contract management controls is a key risk that is continuously audited. This is to assure the implementation program and effectiveness of The Downer Standard.

The audits and reviews that relate to Downer’s material issues consisted of:

  • Payroll: The review centred on the automation of Enterprise Bargaining Agreements (EBAs), which enables interpretation of EBAs to support automated Payroll calculations. Minor findings were noted in relation to reducing build time and improving work instructions.
  • Purchase to pay: This review included an assessment of processes, data analytics and a survey of employees engaged in the process associated with the procure to pay cycle. A minor finding was noted in relation to supplier debit balances.
  • Hand-over and kick-off: This review was focused on the effectiveness of Downer’s processes and procedures when conducting hand-over and kick-off of projects. It included processes supporting the upfront identification of Zero Harm and environmental issues. The review confirmed areas where procedures could be rationalised, aspects where further training was required, and also contributed to the redesign of the Delivery Governance Leadership (formerly Project Board) program.
  • Project reviews: Nine individual project reviews were conducted. Each assessed the project’s processes in accordance with The Downer Standard to manage risk including safety and environment requirements.

In addition, Downer completed a review of its Risk Appetite Standard. The Risk Appetite Standard was approved by the Audit and Risk Committee in December 2021. It outlines the parameters that the Group is willing to pursue and is tracked for Board member reference. A cornerstone of the Standard is the contract-specific parameters that define the opportunity’s pursual approach across the elements of contract model, payment framework, customer and scope. Contracts that do not meet the Standard require the most senior approval and reporting to the Board.

Read more

The Downer Standard

The Downer Standard (TDS) is Downer’s proprietary Integrated Management System that defines the way we work and deliver for our customers. The Downer Standard is closely aligned to Downer’s Purpose, Promise and Pillars, and covers our core business processes including Customer Planning and Engagement, Opportunity and Bid Management, Delivery Management, Asset Management, Business Services, Corporate Affairs, Company Secretariat, Finance, Human Resources, Information Technology, Legal and Insurance, Plant and Light Vehicles, Procurement, Property, Quality, Risk, and Zero Harm.

The Downer Standard sits across each functional and operational area of Downer to ensure a standardised approach to business planning, operational and functional delivery, reporting, monitoring and decision making. The Downer Standard:

  • Provides a structure for governing and sustaining core and BU-specific processes and capabilities
  • Is embedded into Downer delivery management processes and tools to ensure consistent service delivery and customer engagement
  • Acts as a vehicle for sharing knowledge and best practice
  • Establishes a framework for quality assurance via single certification to international management standards (ISO 45001 – Safety, 9001 – Quality and 14001 – Environment)
  • Includes an assurance framework and verification strategy with comprehensive audit and reporting processes
  • Provides a backbone for learning and professional development
  • Includes a standard management review process
  • Supports the rapid integration of new acquisitions,mergers and joint ventures
  • Enables a culture of continuous improvement and customer centricity.

The Downer Standard Leadership Team, chaired by the Group Chief Operating Officer, provides oversight and champions the adoption and continuous improvement of The Downer Standard across the Downer Group.

The Downer Standard aids Downer in meeting its legislative compliance requirements.

Read more

Delivery Management Methodology

The Delivery Management Methodology Implementation Program commenced mid-2021 with a focus on further embedding The Downer Standard into Downer’s delivery practices.

Over many decades, Downer has built up and refined an enviable library of experience in the delivery of projects and services. This experience has been consolidated into Downer’s Delivery Management Methodology, which is based on The Downer Standard for Delivery Management.

The Delivery Management Methodology sets out the ‘Downer way’ of delivering projects and contracts – the procedures, processes and tools that are designed to make the way we deliver work consistent and repeatable, which provides certainty and value for money for our customers.

The methodology covers all phases of a contract – from mobilisation and delivery, through to the completion of a project or contract.

The fundamentals of the Delivery Management Methodology are built around a defined criteria/category assigned to a project or contract, which is based on the complexity of the work involved, which includes the following key criteria:

1. Contract value

2. Type of contract

3. Level of design responsibility

4. Risk class evaluation.

Once a project or contract is categorised, it follows the five phases of the Delivery Management Methodology:

1. Hand-over and kick-off

2. Plan Day 1 readiness

3. Prepare Day 1 readiness

4. Execute, monitor, control

5. Close-out and capture lessons learned.

The continuous use and ongoing refinement of the Delivery Management Methodology ensures a strong handover and transfer of knowledge across the project/contract delivery lifecycle. It is based on a proven method of managing projects and contracts, and can be tailored to meet business-specific capabilities and customer or legislative requirements.

This ensures a consistent and reliable outcome, which ultimately benefits our people, suppliers, customers and shareholders.

Read more

Delivery Governance Management solution

Downer has identified key governance activities from the Delivery Management Methodology that enable delivery teams to build a strong foundation of governance in accordance with The Downer Standard, which sets them up for success.

These activities link to Delivery Management Methodology processes, which are housed in The Downer Standard, and comprise part of an application called the Delivery Governance Management solution.

The Delivery Governance Management solution is developed on Microsoft platforms, and helps our people guide, track and monitor the key governance activities across the Delivery Management Methodology, ensuring the project remains on track and in accordance with Delivery Management Methodology governance requirements, throughout delivery of the project/contract.

The Delivery Governance Management solution sets out to achieve a balance between allowing governance to be dynamic, in order to meet the varying project or contract requirements, while also applying set controls that are visible and measurable and enable successful delivery of work.

Read more

Delivery Management Learning Pathways

The Delivery Management Methodology Implementation Program includes a dedicated Delivery Management Learning Pathways program, which aims to provide our people with a universal understanding of:

  • Application of The Downer Standard
  • Implementation of the Delivery Management Methodology
  • Operation of the Delivery Governance Management.

These structured learning pathways upskill Operational Leaders and Delivery Practitioners, and equip them with processes and procedures to manage and govern the delivery of work. The Delivery Management Learning Pathways program has been tailored to suit employees ranging from new starters to experienced delivery professionals, providing them with the knowledge and skills to apply The Downer Standard and Delivery Management Methodology, familiarise themselves with the Delivery Governance Management and ensure successful delivery outcomes for both customers and Downer.

Read more


In FY22, Downer revised our Privacy Policy to ensure we maintain the highest standards for the collection, use and disclosure of personal information. Downer had aimed to roll-out an internal training module on privacy in FY22. The roll-out has been delayed, and will be deployed in FY23.

Read more


Downer continues to invest heavily in cybersecurity to protect against evolving cyber threats and risks. 

The nature and frequency of these cyber risks has coincided with the security implications of COVID-19, remote working and, more recently, the war in Ukraine. Cyberattacks against government entities, large private companies, third-party contractors and supply chain organisations have continued to increase in both scale and sophistication.

A surge in ransomware attacks globally has seen many high profile attacks over the past 12 months causing disruption to supply chains, and incurring financial loss and reputational harm. Downer is committed to demonstrating credibility and trust through secure cyber stewardship and custody of our customer data. We also maintain alignment with our risk appetite through cost-effective initiatives and measures. Downer has delivered accelerated Cybersecurity Risk Mitigation programs, which have resulted in:

  • A revised security strategy that reflects the current threat landscape and establishes our cybersecurity principles and Cybersecurity Risk Management framework
  • Matured security capabilities, and the implementation of a new security operating model that includes new roles and processes
  • Enhanced operational resilience via implementation of the recommendations and learnings from security incident reviews, including remediation of vulnerabilities in our environment as a result of legacy technology and assets
  • Sustained progress towards achieving ISO 27001 Information Security Management System compliance and implementation of the Essential Eight cybersecurity risk mitigation strategies. This has included revising and updating our IT standards and procedures, applicable to all Downer employees and contractors.

The Downer information security risk management program is aligned to ISO 31000 and operates in accordance with the Group-wide Risk Management Standard. The Audit and Risk Committee is responsible for overseeing the risk associated with information security. Senior leadership brief the Board and Audit and Risk Committee on cyber and information technology risks on a quarterly basis.

We also recognise our responsibility within our supply chain, and will continue to work closely with our partners, critical asset owners and customers to maintain confidentiality, integrity and availability of their data.

To strengthen our protection against cyber risks, in April 2022, Downer rolled-out mandatory cybersecurity awareness training to all employees, which provided information on the steps to take to keep our business, customers and personal data safe. The training module had a 100 per cent completion rate.

Read more

Standard of Business Conduct

In FY22, Downer continued to roll out our Standards of Business Conduct training and Workplace Behaviour training, with 11,835 employees completing the module.

Read more

Industry memberships and associations

Downer is a member of various peak industry bodies and organisations which influence policies on sustainability across industries. Some of these include:

  • Asset Management Council
  • Australian Constructors Association
  • Australian Climate Leaders Coalition
  • Australian Council of Recycling
  • Australian Flexible Pavement Association
  • Australian Hydrogen Council
  • Australian Industry Group
  • Business Council for Sustainable Development Australia
  • Business Council of Australia
  • Civil Contractors Federation
  • Civil Contractors New Zealand
  • Clean Energy Council
  • Construction Sector Accord (NZ)
  • Infrastructure Partnerships Australia
  • Infrastructure Sustainability Council
  • Institution of Professional Engineers New Zealand
  • New Zealand Climate Leaders Coalition
  • Responsible Construction Leadership Group
  • Supply Chain Sustainability School
  • Sustainable Business Council of New Zealand.
Read more