I recently sat down with two ASX listed Board Directors to discuss the board’s role in integrating environmental, social and governance (ESG) criteria into business performance. Overwhelming, we concluded that Boards of Directors can help their companies incorporate elements of ESG into overall strategy by defining short- and long-term objectives and by overseeing how business functions operationalise those priorities. Boards can also define ESG objectives, oversee project plans and help institute accountability measures.

Often, companies want to determine how they fared in a particular sector compared to direct competitors or industry leaders—understanding that every sector has its own KPIs, targets or accounting metrics that they might evaluate. When we see ESG truly ingrained into the overall organisational strategy, it is usually because they blend evaluating how they are faring organisationally with being more aspirational about the things they could do to improve decision-making within the business. Certainly, the recent federal election result has confirmed the mood in the community on this topic.

Even an informed organisation can fall victim to devastating cyber-attacks. Many clients of RSM have made extensive investments and prepared a comprehensive risk prevention strategy. Looking for opportunities, cyber criminals lurk around organisations whilst they are vulnerable. As a matter of priority, reviewing your organisation’s insurance policies and coverage terms is critical. Cybersecurity insurance offers a level of protection for liabilities related to malware. Although costly, insurance is a necessary expenditure for restoration.

Through a recent joint engagement between our Risk Consulting, Corporate Finance and Tax Consulting divisions, we observed first-hand how identifying and assessing technology that can affect capital allocation and growth potential is critical during the diligence process. Technology risks can consume significant post deal investment or impair long term revenue gains.

In this month’s Risk Insider, we share insights on ESG and the Role of Internal Audit, take a good look at Risk and Cyber Security and tackle the burning issue of Technology Due Diligence. Finally, RSM is proud to be a major sponsor of SOPAC®. This year’s theme of “Resilience – Relevance – Reliance”, reflects on the changes which have impacted our world over the last 24 months, and how the profession is transitioning through this change now and preparing for the future. I encourage you to attend and look for the familiarjm.png faces that will be their presenting and welcoming you at the RSM booth.

Warmest regards,



Supporting Employers to Create Mentally Healthy Workplaces

To help clients understand and fulfil their obligations under WorkSafe Code of Practice for Managing Psychosocial Hazards at Work legislation, the RSM Risk Advisory Services team is partnering with people and culture consultancy Peak Performance International to conduct Mental Health Reviews.
Find out more>>


ESG and the Role of Internal Audit           

Ken De Negri has published his second whitepaper with the IIA Australia on 'ESG and the Role of Internal Audit' to build on his first paper 'The Benefits of Addressing ESG Risk'. This white paper explores the role internal audit can play by developing, driving, supporting and assuring growth of ESG, and how this contribution can enhance the environment, our society and the global landscape as a whole.

Read the full white paper here>

Technology Due Diligence

For private equity and corporate acquirers, identifying and assessing technology that can affect capital allocation and growth potential is critical during the diligence process. Technology risks can consume significant post deal investment or impair long term revenue gains. 
Find out if you could benefit from technology due diligence here>>

Now is the time for Risk and Cyber Security to work closer together    

 Having worked across all of Asia Pacific in previous roles, RSM's cybersecurity and privacy specialist Ashwin Pal has seen and experienced how things are done broadly within the region. One of the things that have cropped up a few times is the apparent divide between risk and cyber security. Risk and cyber security should work closer together so that cyber security risks are appropriately understood, documented, prioritised, and treated. 

Shining a light on your workplace culture

Countless studies have proven the benefits that great workplace culture can have on staff retention, productivity, and even revenue. Find out what a cultural audit is as well as how RSM can help here>>



SOPAC 2022
22 - 24 June 2022 | ICC Sydney

RSM Risk Advisory team is a major sponsor at this years SOPAC event. We will be hosting the Wellness Centre, so please pop over to booths 14-16 for a chat, massage and/or healthy treat.


Learn more >




May 2022
Australia’s Hospital network has rallied over the last two years to navigate the challenges of responding to the pandemic. Our health network has put caring for our community first and themselves last.  Now it is time for implementing a care plan for our hospital network. 

Our Health network are presenting with the following symptoms:

What we have observed:


Higher levels of acuity

  • Patients are presenting to Emergency Department with more acute conditions, the consequential impact of avoiding healthcare settings during the height of the pandemic (and lockdowns).
  • Australia's ageing population, the increasing incidence of chronic diseases and rising rates of obesity are forecast to drive higher demand for public hospitals over the next five years.
  • A slow decline in private health insurance membership among patients will likely place a greater burden on public hospitals.
  • Despite efficiency improvements over the past five years, public hospitals have struggled to keep up with increasing patient demand for more complex health issues
  • Additional resources and often more expensive resources are required to treat patients with higher levels of acuity.

New and/or modified processes

  • Increased infection control practices are here to stay for the foreseeable future.
  • Additional measures / controls implemented, such as managing patient/staff movements within hospitals
  • Additional staff to manage and minimise infection risk, and increase in demand / use of PPE.
  • Increase in financial costs.
  • More staff required to be rostered.


  • While employment numbers have risen over the past five years, reflecting broader industry growth, hospital staff are burnt out.
  • Despite forecast growth in patient volumes over the next five years, industry employment numbers are projected to increase at a slower rate than revenue.
  • Concerns that talent may leave the sector, all together.
  • Difficulties in attracting new talent into the country.
  • Supply of future talent potentially compromised as the health sector may not be looked upon favourably by the next generation.
  • Greater impact on staff wellbeing.
  • Reduced capacity to care for patients.
  • More strain on an already exhausted workforce.
  • Fatigue may compromise clinical care.


  • Hospitals are turning to systems, innovation and technology to achieve efficiencies.
  • The rollout of 5G technology is anticipated to further support and facilitate easier access to telehealth.
  • Advancements to robotic surgical techniques, forecast to reduce mortality rates while increasing speed and efficiency.
  • Financial and people costs associated with implementing new systems/technology.

Questions that come to mind:

  1. What care and supports will be provided to our hospitals, to ensure their long term sustainability?
  2. How will the politics playout – real tangible and sustainable support or political spin that results in problem/cost shifting to our hospitals

There are many challenges ahead, but the resilience and shear determination of our health sector suggest that we are poised for more change. COVID helped expedite change as seen by the prevalence of telehealth and remote monitoring of patients grow exponentially during the pandemic. 

What care plan does Australia have install for our hospital network to ensure we are ready to face whatever the next challenge that comes our way?

IBISWorld Industry Report: Public General Hospitals in Australia (dated February 2022)


Request for Tender: IT&C Products, Services & Consulting (T1.15-2) (LGP Contract)

RSM Australia has been added to the panel across Cybersecurity and Professional Services. We can now qualified and vetted to assist Local Government Agencies on the below categories:

Category 3 – Cybersecurity
Subcategory 1 - Cloud Security
Subcategory 3 - Cyber Capability and Education
Subcategory 7 - Security Testing
Subcategory 8 - Network Security
Subcategory 9 - Application Security
Subcategory 10 - Cyber Risk and Compliance

Category 13 - Professional Services
Subcategory 1 - Specialist consulting & advisory
Subcategory 1 - Specialist consulting & advisory
Subcategory 4 - Data Analytics/BI Service
Subcategory 6 – Benchmarking.


Want to keep reading? View the past editions of Risk Insider here >>