Internal audit and risk

In FY22, Downer’s Internal Audit and Risk function completed 19 internal audits comprising nine project reviews and 10 reviews of key business processes. Core matters that are typically audited include the validation of appropriate payment to our employees, suppliers and contractors. Additionally, implementing project/ contract management controls is a key risk that is continuously audited. This is to assure the implementation program and effectiveness of The Downer Standard.

The audits and reviews that relate to Downer’s material issues consisted of:

  • Payroll: The review centred on the automation of Enterprise Bargaining Agreements (EBAs), which enables interpretation of EBAs to support automated Payroll calculations. Minor findings were noted in relation to reducing build time and improving work instructions.
  • Purchase to pay: This review included an assessment of processes, data analytics and a survey of employees engaged in the process associated with the procure to pay cycle. A minor finding was noted in relation to supplier debit balances.
  • Hand-over and kick-off: This review was focused on the effectiveness of Downer’s processes and procedures when conducting hand-over and kick-off of projects. It included processes supporting the upfront identification of Zero Harm and environmental issues. The review confirmed areas where procedures could be rationalised, aspects where further training was required, and also contributed to the redesign of the Delivery Governance Leadership (formerly Project Board) program.
  • Project reviews: Nine individual project reviews were conducted. Each assessed the project’s processes in accordance with The Downer Standard to manage risk including safety and environment requirements.

In addition, Downer completed a review of its Risk Appetite Standard. The Risk Appetite Standard was approved by the Audit and Risk Committee in December 2021. It outlines the parameters that the Group is willing to pursue and is tracked for Board member reference. A cornerstone of the Standard is the contract-specific parameters that define the opportunity’s pursual approach across the elements of contract model, payment framework, customer and scope. Contracts that do not meet the Standard require the most senior approval and reporting to the Board.

Read more

Financial and Corporate Governance Self-Assessment

Downer conducted two Financial and Corporate Governance Self-Assessment (FCGSA) surveys in FY22, with 245 senior executives completing the first, and 216 completing the second, both of which had 100 per cent completion rates. The number of senior managers who completed the surveys in FY22 was less than previous years. This is a result of business restructuring, including divestments, during FY22. 

Timely, honest and transparent disclosures 

In FY22, Downer made 165 announcements and disclosures via the ASX and NZX. Of these, 10 were Director’s interest disclosures and 117 related to Downer’s on-market-buy-back which was announced on 27 April 2021 and continued into FY22. There were no breaches of continuous disclosure and Downer is unaware of any substantial complaints regarding breaches of privacy or other matters by customers or other stakeholders.

Political donations 

In FY22, Downer made a total of $13,000 in political donations to the major parties through participation in industry forums. Donations were made to the Liberal National Party ($5,000) and the Labor Party ($8,000).

Insider trading

There were no reported breaches of the Securities Trading Policy in FY22. 

Anti-competitive behaviour

There were no breaches or litigation associated with anticompetitive behaviour brought to Downer’s attention in FY22.  

Anti-bribery and corruption

There were no breaches or litigation associated with anti-bribery and corruption brought to Downer’s attention in FY22.

Whistleblower management training

In FY22, Downer strengthened our governance of business integrity through continuing training on Downer’s policies and practices for the management of whistleblower reports. 75 employees completed the training in FY22. In addition, Downer revised our Business Integrity Policy in FY22, with minor updates.

The Downer Standard

The Downer Standard (TDS) is Downer’s proprietary Integrated Management System that defines the way we work and deliver for our customers. The Downer Standard is closely aligned to Downer’s Purpose, Promise and Pillars, and covers our core business processes including Customer Planning and Engagement, Opportunity and Bid Management, Delivery Management, Asset Management, Business Services, Corporate Affairs, Company Secretariat, Finance, Human Resources, Information Technology, Legal and Insurance, Plant and Light Vehicles, Procurement, Property, Quality, Risk, and Zero Harm.

The Downer Standard sits across each functional and operational area of Downer to ensure a standardised approach to business planning, operational and functional delivery, reporting, monitoring and decision making. The Downer Standard:

  • Provides a structure for governing and sustaining core and BU-specific processes and capabilities
  • Is embedded into Downer delivery management processes and tools to ensure consistent service delivery and customer engagement
  • Acts as a vehicle for sharing knowledge and best practice
  • Establishes a framework for quality assurance via single certification to international management standards (ISO 45001 – Safety, 9001 – Quality and 14001 – Environment)
  • Includes an assurance framework and verification strategy with comprehensive audit and reporting processes
  • Provides a backbone for learning and professional development
  • Includes a standard management review process
  • Supports the rapid integration of new acquisitions,mergers and joint ventures
  • Enables a culture of continuous improvement and customer centricity.

The Downer Standard Leadership Team, chaired by the Group Chief Operating Officer, provides oversight and champions the adoption and continuous improvement of The Downer Standard across the Downer Group.

The Downer Standard aids Downer in meeting its legislative compliance requirements.

Read more

Delivery Management Methodology

The Delivery Management Methodology Implementation Program commenced mid-2021 with a focus on further embedding The Downer Standard into Downer’s delivery practices.

Over many decades, Downer has built up and refined an enviable library of experience in the delivery of projects and services. This experience has been consolidated into Downer’s Delivery Management Methodology, which is based on The Downer Standard for Delivery Management.

The Delivery Management Methodology sets out the ‘Downer way’ of delivering projects and contracts – the procedures, processes and tools that are designed to make the way we deliver work consistent and repeatable, which provides certainty and value for money for our customers.

The methodology covers all phases of a contract – from mobilisation and delivery, through to the completion of a project or contract.

The fundamentals of the Delivery Management Methodology are built around a defined criteria/category assigned to a project or contract, which is based on the complexity of the work involved, which includes the following key criteria:

1. Contract value

2. Type of contract

3. Level of design responsibility

4. Risk class evaluation.

Once a project or contract is categorised, it follows the five phases of the Delivery Management Methodology:

1. Hand-over and kick-off

2. Plan Day 1 readiness

3. Prepare Day 1 readiness

4. Execute, monitor, control

5. Close-out and capture lessons learned.

The continuous use and ongoing refinement of the Delivery Management Methodology ensures a strong handover and transfer of knowledge across the project/contract delivery lifecycle. It is based on a proven method of managing projects and contracts, and can be tailored to meet business-specific capabilities and customer or legislative requirements.

This ensures a consistent and reliable outcome, which ultimately benefits our people, suppliers, customers and shareholders.

Read more

Delivery Governance Management solution

Downer has identified key governance activities from the Delivery Management Methodology that enable delivery teams to build a strong foundation of governance in accordance with The Downer Standard, which sets them up for success.

These activities link to Delivery Management Methodology processes, which are housed in The Downer Standard, and comprise part of an application called the Delivery Governance Management solution.

The Delivery Governance Management solution is developed on Microsoft platforms, and helps our people guide, track and monitor the key governance activities across the Delivery Management Methodology, ensuring the project remains on track and in accordance with Delivery Management Methodology governance requirements, throughout delivery of the project/contract.

The Delivery Governance Management solution sets out to achieve a balance between allowing governance to be dynamic, in order to meet the varying project or contract requirements, while also applying set controls that are visible and measurable and enable successful delivery of work.

Read more

Delivery Management Learning Pathways

The Delivery Management Methodology Implementation Program includes a dedicated Delivery Management Learning Pathways program, which aims to provide our people with a universal understanding of:

  • Application of The Downer Standard
  • Implementation of the Delivery Management Methodology
  • Operation of the Delivery Governance Management.

These structured learning pathways upskill Operational Leaders and Delivery Practitioners, and equip them with processes and procedures to manage and govern the delivery of work. The Delivery Management Learning Pathways program has been tailored to suit employees ranging from new starters to experienced delivery professionals, providing them with the knowledge and skills to apply The Downer Standard and Delivery Management Methodology, familiarise themselves with the Delivery Governance Management and ensure successful delivery outcomes for both customers and Downer.

Read more

Human rights

Downer is committed to respecting the human rights of all our employees – and every person within our supply chain. Human rights are addressed in various sections of this Sustainability Report, as well as other Downer reports.

Human rights issue
 
Reference

Sex/age/disability/racial discrimination of the workforce

 

Governance and ethical conduct
Organisational culture and sexual harassment 
People
Inclusion and belonging

Human rights abuses in our supply chain

 

Downer Modern Slavery Statement 2021
Governance and ethical conduct
Modern slavery

Employment programs for disadvantaged groups

 

People
Opportunities for culturally diverse people
THRIVE program
Walu employment program

Supporting Indigenous charities

 

Relationships
Corporate partnerships

Domestic violence
Violence and aggression in the workplace

 

Health and Safety
Managing public aggression 
Relationships
Workplace giving program

 

 

Modern Slavery

We will not tolerate any form of modern slavery in our operations and supply chain. Downer believes our exposure to the risk of modern slavery in the labour force within our operations is low. In FY22, 97 per cent of our $7 billion Tier 1 supply chain spend was in Australia and New Zealand. We believe our exposure to modern slavery risks in our supply chain will reduce further with the divestment of our Mining business and subsequent reduction in supply from medium and high risk countries. Over the past 12 months, Downer has brought its sustainable sourcing practices into focus. 

In support of this focus we met the following deliverables:

  • Endorsement of Group Procurement Strategy, inclusive of sustainable procurement initiatives that align with our Group goals and objectives
  • Completion of Procurement Operating Model review to support best practice sustainable sourcing and identify gaps
  • Delivery of Sustainable Procurement current state and future state review, including a modern slavery risk framework.

We have adopted recommendations from both the Procurement Operating Model and Sustainable Procurement reviews, which include:

  • Recruitment of a dedicated Sustainable Sourcing Manager, who will create focus on sustainable sourcing practices
  • Restructure of the Procurement function in order to support the Group’s sustainability goals and objectives
  • Adoption of a deliberate, targeted approach to assess modern slavery risk within our operations and supply chain.

Our specific focus on modern slavery risk has led us to improve our processes and internal reporting controls. Given our large supply chain, it is necessary to identify and predict the occurrence of modern slavery using a number of geographic and classification risk indicators. A central repository of information underpins our efforts to manage communications and monitor high risk suppliers.

We have commenced international supplier audits and are specifically working with our solar suppliers to identify modern slavery risks that may exist in this sector.

Within Downer, we have commenced an education and awareness program to support our business to identify any risk of modern slavery in our operations and supply chain. We have increased modern slavery awareness by updating companywide process documentation to create additional stage gates for our business to assess modern slavery risks.

We continue to review our supplier onboarding processes and tooling to ensure that the appropriate level of due diligence is performed prior to and during a supplier’s engagement.

Downer released its FY21 Modern Slavery Statement in December 2021.

Downer will leverage its understanding of modern slavery to support new legislation in New Zealand coming into effect in FY23.

Privacy

In FY22, Downer revised our Privacy Policy to ensure we maintain the highest standards for the collection, use and disclosure of personal information. Downer had aimed to roll-out an internal training module on privacy in FY22. The roll-out has been delayed, and will be deployed in FY23.

Read more

Cybersecurity

Downer continues to invest heavily in cybersecurity to protect against evolving cyber threats and risks. 

The nature and frequency of these cyber risks has coincided with the security implications of COVID-19, remote working and, more recently, the war in Ukraine. Cyberattacks against government entities, large private companies, third-party contractors and supply chain organisations have continued to increase in both scale and sophistication.

A surge in ransomware attacks globally has seen many high profile attacks over the past 12 months causing disruption to supply chains, and incurring financial loss and reputational harm. Downer is committed to demonstrating credibility and trust through secure cyber stewardship and custody of our customer data. We also maintain alignment with our risk appetite through cost-effective initiatives and measures. Downer has delivered accelerated Cybersecurity Risk Mitigation programs, which have resulted in:

  • A revised security strategy that reflects the current threat landscape and establishes our cybersecurity principles and Cybersecurity Risk Management framework
  • Matured security capabilities, and the implementation of a new security operating model that includes new roles and processes
  • Enhanced operational resilience via implementation of the recommendations and learnings from security incident reviews, including remediation of vulnerabilities in our environment as a result of legacy technology and assets
  • Sustained progress towards achieving ISO 27001 Information Security Management System compliance and implementation of the Essential Eight cybersecurity risk mitigation strategies. This has included revising and updating our IT standards and procedures, applicable to all Downer employees and contractors.

The Downer information security risk management program is aligned to ISO 31000 and operates in accordance with the Group-wide Risk Management Standard. The Audit and Risk Committee is responsible for overseeing the risk associated with information security. Senior leadership brief the Board and Audit and Risk Committee on cyber and information technology risks on a quarterly basis.

We also recognise our responsibility within our supply chain, and will continue to work closely with our partners, critical asset owners and customers to maintain confidentiality, integrity and availability of their data.

To strengthen our protection against cyber risks, in April 2022, Downer rolled-out mandatory cybersecurity awareness training to all employees, which provided information on the steps to take to keep our business, customers and personal data safe. The training module had a 100 per cent completion rate.

Read more

Standard of Business Conduct

In FY22, Downer continued to roll out our Standards of Business Conduct training and Workplace Behaviour training, with 11,835 employees completing the module.

Read more

Business resilience 

Downer defines business resilience as the ability of the organisation to adapt to disruptions while maintaining continuous operations and safeguarding our people, assets and overall brand reputation.

Downer has been a trusted, reliable and resilient organisation for over 150 years. For Downer, business resilience is more than just financial resilience – it relates to the resilience of our people, systems and relationships with our stakeholders.

In recent years, like other organisations, Downer has had to adapt and respond to the COVID-19 pandemic, extreme weather events and geopolitical issues, which have caused increased global uncertainty and resulted in material cost increases, higher energy prices, supply chain disruptions and skilled labour shortages.

Downer’s business model has been tested by the cumulative nature of these events, and has demonstrated resilience.

These events have reinforced the importance that Downer places on its commitment to strengthening the resilience of its people, systems, and supply chain to continue to deliver leading services to its customers and the community.

Downer’s Urban Services strategy seeks to maintain this resilience by focusing on businesses with predictable revenue, cash flows and attractive medium-term and long-term growth opportunities.

In FY22, Downer has undertaken the following initiatives to strengthen its business resilience:

  • Undertaking a comprehensive climate-related risk assessment of Downer’s fixed assets, key sites and locations to assess their resilience to the physical impacts of climate change, such as extreme heat, bushfires, and severe weather events (for example, intense rainfall, storms, lightning and cyclones). For further information, refer to Downer’s Climate Change Report, to be released in FY23
  • Refined Downer’s Business Continuity Plans, as well as our systems and processes to strengthen the organisation’s resilience to any future disruptions. For example, if one of our Road Services asphalt plants is taken offline due to flooding or a bushfire, we can produce asphalt from one of our nearby plants to meet our customers’ needs
  • Investing in our people by providing training opportunities for career development and personal growth, as well as welfare support programs such as Mental Health First Aid, and our Employee Assistance Program
  • Spending considerable time and investment equipping our systems and employees/contractors with the tools to enable efficient, flexible work
  • Reviewing and updating COVIDSafe plans, risk assessments and Business Continuity Plans as Public Health response shifted from a low-transmission pandemic to a hightransmission endemic environment
  • Focusing on workforce attraction and retention and programs to develop Downer’s talent and capability from within
  • Building resilience in our supply chain through onboarding new and local suppliers to provide contingency with procured goods and services, and ensure supply agreements have adequate mechanisms to deal with disruptions
  • Reviewing and monitoring contracts to ensure Downer has adequate protection/adjustment mechanisms for price movements (for example, material costs and availability, and labour cost divergence) and supply chain uncertainty.

Industry memberships and associations

Downer is a member of various peak industry bodies and organisations which influence policies on sustainability across industries. Some of these include:

  • Asset Management Council
  • Australian Constructors Association
  • Australian Climate Leaders Coalition
  • Australian Council of Recycling
  • Australian Flexible Pavement Association
  • Australian Hydrogen Council
  • Australian Industry Group
  • Business Council for Sustainable Development Australia
  • Business Council of Australia
  • Civil Contractors Federation
  • Civil Contractors New Zealand
  • Clean Energy Council
  • Construction Sector Accord (NZ)
  • Infrastructure Partnerships Australia
  • Infrastructure Sustainability Council
  • Institution of Professional Engineers New Zealand
  • New Zealand Climate Leaders Coalition
  • Responsible Construction Leadership Group
  • Supply Chain Sustainability School
  • Sustainable Business Council of New Zealand.
Read more