Not-for-profit (NFP) organisations hold extremely sensitive data about donors, vulnerable beneficiaries, volunteers, and staff, yet often operate with limited IT resources and expertise.
Not having the right cybersecurity controls in place can lead to financial loss and/or reputational damage; the time it can take to fix a problem is time better spent working on and in your business.
The October 2025 Quarterly Risk Compass identifies four critical audit priorities—AI governance frameworks, major project delivery scrutiny, procurement ethics and value-for-money, and citizen-centric service delivery—that are reshaping internal audit focus across government and organizational sectors.
NFPs in aged care and disability support face existential reputation risks that can unravel years of community trust within days, making proactive misconduct prevention and transparency systems not just compliance overhead but essential strategic infrastructure for protecting their mission.
NFP Board Directors often arrive with passion and good intentions but lack governance experience, leading to either hands-off oversight that misses operational risks or hands-on involvement that obscures strategic threats—both resulting in Boards asking "why didn't we know sooner?" when preventable crises emerge.
The convergence of digital and physical infrastructure means the security of our national assets is more than just a matter of protection—it's a foundation for community resilience, public trust, and uninterrupted government services. For Federal, State, and Local government entities, safeguarding critical infrastructure—including water supply, energy networks, transport systems, public facilities, and sensitive data—is essential. These assets underpin daily life, economic stability, and the well-being of every Australian.
A serious allegation of workplace misconduct lands on your desk at 9am on a Monday. A staff member claims their supervisor has been falsifying client records. Another team member heard about it and the story is spreading. The accused is demanding to know who made the complaint. Your Board wants answers, and you're realising you've never dealt with a situation like this before.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has recently released its Annual Cyber Threat Report 2024–2025 which provides insights into the cybersecurity and cybercriminal landscape in Australia. While most organisations are undertaking a range of good activities for Cyber Awareness month the report is a timely reminder of the need to be cyber safe every day of every month.
The past couple of weeks of grand finals has reminded us why Australians love sport. From the AFL to the NRLW and NRL, the games have been a celebration of competition at its very best, with the very best rising to the top. The Lions and Broncos delivered incredible performances that made Queensland proud and showed what happens when skill, preparation and competitive spirit come together.
Stephen Calder is a Canberra-based governance and assurance professional with a long-standing commitment to public service and community. He recently joined Centium, a leading consultancy specialising in risk, governance, internal audit, investigations, probity, and cybersecurity. In his role, Stephen works closely with Commonwealth agencies to help them navigate complex challenges and deliver better outcomes for Australians. […]
