Our internal governance framework and processes ensure accountability and transparency and promote quality leadership, effective people management and efficient and ethical use of our resources. Our internal governance structure includes the ACIC Executive and senior management committees.

ACIC Executive

On 30 June 2019, the ACIC Executive comprised the CEO, the Chief Operating Officer, three executive directors, 10 national managers and six state managers.

Table 3.1 provides details of the positions and responsibilities of the members of the ACIC Executive.

Table 3.1: Executive positions and responsibilities

ACIC examiners

ACIC examiners are independent statutory officers appointed by the Governor-General to exercise the coercive powers set out in the ACC Act for the purpose of ACIC Board-approved special operations and special investigations.

To ensure accountability, coercive powers are used only when all legislative requirements are met, including a requirement that an ACIC examiner is satisfied that it is reasonable in all the circumstances to exercise those special statutory powers.

The ACIC currently has one full-time examiner and two part-time examiners, all of whom have extensive experience in the legal profession.

Senior management committees

Our committee structure comprises our Commission Executive Committee, Executive Leadership Group, Organised Crime Management Committee, Technology Governance Committee, Corporate Committee and several other committees, panels, working groups and consultative committees. The relationships between senior management committees are shown in Figure 3.1.

During 2018–19, we adjusted our committee structures to align with our functions and organisational structure. We will continue to review them to ensure that our governance is as effective and streamlined as possible.

Figure 3.1: ACIC senior management committee structure 2018–19

Commission Executive Committee

The Commission Executive Committee is our agency’s peak committee to support the achievement of ACIC strategic and business objectives, effective and efficient management of ACIC resources, strategic investment and management of risk. It also ensures that we are accountable and meet the expectations of the ACIC Board, the Australian Government and the public. It receives reporting and advice from other executive committees, identifies and plans for future ACIC capability investments and makes all major resourcing and funding decisions.

The Commission Executive Committee consists of the ACIC CEO (Chair), the Chief Operating Officer and the executive directors. This committee meets as required.

Executive Leadership Group

The Executive Leadership Group comprises all members of the ACIC Executive. The group meets periodically to discuss the broader strategic operating environment and our strategic direction. It considers new strategies and issues that will influence the ACIC work plan. It also considers whole-of-agency risks as they arise. Outcomes and new initiatives from the group are referred to the other executive committees for decision or action, as appropriate.

Audit Committee

The Audit Committee includes an independent external chair and two independent members as well as two internal members and an observer from the Australian National Audit Office.

The committee meets quarterly to review internal and external audit reports, consider findings and recommendations, and oversee the internal audit program. It also holds an additional meeting once a year to review the financial statements. In addition, the committee monitors risk, internal controls, fraud and corruption prevention activities and performance reporting (see further details on this committee in the Audit Committee operations section).

Organised Crime Management Committee

The Organised Crime Management Committee makes decisions about the ACIC organised crime and intelligence work program and the allocation of relevant resources to support the delivery of its objectives.

The committee includes our Executive Director Intelligence Operations, Executive Director Capability and Chief Operating Officer, and the national managers of Strategic Intelligence Capability, Operational Strategy, Technical Intelligence Capability, and Human Intelligence Capability. State managers are voting members. The National Manager Legal Services attends as an adviser to the committee, which meets monthly.

Corporate Committee

The Corporate Committee reviews and makes decisions on broader issues of organisational health and effective function. It receives relevant reporting on a broad spectrum of organisational health indicators and oversees key organisational improvement projects. This aspect of the committee function is supported by the National Consultative Committee, National Work Health Safety Committee and Diversity and Inclusion Sub-committee.

Technology Governance Committee

The Technology Governance Committee oversees all technology projects and considers any technology-related risks, including information management and technology security risks. The committee meets quarterly and provides advice to the Commission Executive Committee on the health and performance of the ACIC technology work program.

The Technology Governance Committee is supported by sub-committees that focus on vendor management; architecture and design; ICT operations; and project/workplan management. It is also supported by specific program and project boards.

Consultative committees

The ACIC Enterprise Agreement sets out arrangements for consultation and communication within the ACIC. We do this through the formal consultative mechanism of the National Consultative Committee and local consultative committees in our offices around the country. This enables consultation between management and employees through representatives and provides the mechanism for formal discussion of issues affecting the workplace.

Work health safety committees

The ACIC has both local work health safety committees and a National Work Health Safety Committee, with functions as described in section 77 of the Work Health and Safety Act 2011. Local committee meetings are held in our offices around the country and feed into the National Work Health Safety Committee meetings, which are held quarterly.

These committees are the primary means of consultation on work health and safety matters for our staff. They support the ACIC Executive by helping to identify, develop, implement and review measures designed to manage the health and safety of our staff at work.

Diversity and Inclusion Sub-committee

The Diversity and Inclusion Sub-committee oversees the ACIC’s Workplace Diversity Program and provides support for and input into the development and maintenance of the ACIC’s Diversity Strategy and Action Plan. The plan incorporates all diversity and inclusion issues, including culturally and linguistically diverse backgrounds, Aboriginal and Torres Strait Islander matters, disability, gender equity, and the mature-age and intergenerational workforce. This sub-committee supports the functions of the Corporate Committee.

Other committees

Executive Health Panel

The Executive Health Panel oversees the ACIC Drug and Alcohol Policy. It recommends appropriate action if a confirmed presumptive positive test occurs or if other breaches of the policy require consideration.

Management Review Board

The Management Review Board reviews and manages any risks identified by pre-employment screening and any complex staffing issues. This board is chaired by the National Manager People, Security and Integrity, supported by relevant managers and specialists.

Business planning

Our planning system connects our strategic direction, work priorities approved by the ACIC Board, risk assessment, resource allocations, performance measurement and monitoring.

Our integrated planning approach links all our operational, technological and corporate work to our strategic direction to ensure that we are clear on achieving our purpose, as shown in Figure 3.2.

Figure 3.2: ACIC strategic planning process

Strategic plan

In 2018, the ACIC Board endorsed our strategic plan for the financial years 2018–19 to 2022–23.

The plan details our agency’s goals and the approach taken to achieve our mission. It clearly articulates our functions, how we operate and our culture. It also identifies our strategic objectives for the five years of the plan.

The approach detailed in our plan has formed the basis for, and directly links to, our performance framework: ‘We connect, discover and understand to improve the national ability to respond to crime impacting Australia’.

The ACIC’s Strategic Plan 2018–23 is on our website at www.acic.gov.au/publications/corporate-documents.

Corporate plan

The ACIC’s Corporate Plan 2018–19 to 2021–22 was published on 31 August 2018.

The plan has a four-year outlook and aligns to the strategic direction set in our strategic plan. It describes the environment in which we operate, how we manage risks and assess performance, and the strategies we will be delivering during the financial year and over the four-year life of the plan.

Our current corporate plan is on our website at www.acic.gov.au/publications/corporate-documents.

Performance measurement

Our performance criteria are outlined in our Portfolio Budget Statements 2018–19 and Corporate Plan 2018–19 to 2021–22. Details of how we measure our performance and our results against each criterion are included in the annual performance statement in Part 2 of this report.

We take our performance measurement and agency reporting seriously and seek to continually improve and provide quality reporting. We are pleased that our 2017–18 annual report received a Gold Award, our fifth gold in a row, in the 2018 Australasian Reporting Awards.

Stakeholder research

We conducted market research in 2018–19 to understand stakeholder perceptions and satisfaction with the range of services and products that we provide and to help inform future planning. We also collected stakeholder views to help assess results against our performance criteria.

An external market research company conducted the research, which included an online survey of 149 stakeholders. Respondents represented a broad cross-section of agencies and classification levels. They also worked across different areas such as policy, information systems, intelligence and investigations. The survey was designed so that respondents were asked questions relevant to their areas of work and interactions with us.

Results and stakeholder comments are detailed in the annual performance statement in Section 2 of this report. Respondents rated our overall performance in meeting their needs at 6.9 on a scale of 1 to 10.

Most respondents agreed that the ACIC performs a unique and important function in preventing and responding to crime affecting Australia. Our most valuable functions were seen as:

• providing intelligence products
• providing information and intelligence services and systems.

Other areas of strength included our approach to investigations; our level of engagement; our knowledgeable and helpful staff; our use of coercive powers; and our unique role of connecting information, intelligence and stakeholders.

Areas for development were identified as ensuring that we are effectively engaging and communicating with partners; enhancing our intelligence products; settling uncertainty regarding system changes; and continuing to improve and increase the accessibility of ACIC systems.

We intend to work on areas for improvement, including stakeholder engagement; project management and delivery; timeliness; and the clear articulation of our strategic direction and role.

Internal audit

Our internal audit team has three main responsibilities:

• auditing organisational and operational systems and processes
• monitoring the implementation of audit outcomes
• developing business improvement opportunities to enhance effectiveness and efficiency in all ACIC business areas.

The internal audit function delivers an objective advisory service, independent of the individual business areas, that provides support and assurance to the ACIC Executive regarding the responsible, effective and efficient use of ACIC powers and resources. The internal audit team is directly accountable to the CEO and the Audit Committee, and the roles, responsibilities and scope of the function are set out in the ACIC Internal Audit Charter.

Key areas examined by internal audit during 2018–19 included:

• procurement
• project management
• management of operational equipment and exhibits
• covert arrangements.

The audits provided an evidence-based perspective on the effectiveness of policies and procedures, the efficiency of organisational resource use and whether we were achieving operating objectives.

We operate a co-sourced internal audit service and contract an external provider for a small number of our audits.

Audit Committee operations

In accordance with responsibilities under section 45 of the Public Governance, Performance and Accountability Act 2013, the CEO has established and maintains an independent Audit Committee. The committee’s authority is established under its charter, which sets out its functions and responsibilities.

The Audit Committee endorses the ACIC Internal Audit Charter, approves the annual audit plan, reviews progress against the plan and considers all audit reports. It also monitors the implementation of all internal and external audit recommendations and takes a keen interest in the progress of recommendations arising from other review activity, including from the Australian National Audit Office and the Commonwealth Ombudsman.

The committee provides advice on matters of concern raised by internal auditors or the Auditor-General and advises the CEO on the preparation and review of the ACIC’s annual performance statement and financial statements.

At 30 June 2019, the Audit Committee comprised an independent external chair and four members, as well as an observer from the Australian National Audit Office. The independent audit committee members have held a range of senior roles in law enforcement, national security and financial crime investigation and are experienced in managing risk in those contexts.

The committee met five times during the year and reviewed areas such as the agency’s financial performance; internal and external audit reports; progress against audit recommendations; agency planning and performance frameworks and reporting; the agency’s compliance with legislation; risk oversight and management; and Australian National Audit Office activity.

Assumed identities

In accordance with Commonwealth, state and territory legislation, ACIC officers and supervised civilians may be authorised to acquire and use assumed identities for the purposes of conducting investigations or gathering intelligence in relation to serious and organised crime, or in associated support or training roles. In practice, the ACIC uses the Commonwealth legislation.

During 2018–19, as required under the legislation, we:

• reported to Commonwealth, state and territory ministers in accordance with legislative requirements
• reviewed the ongoing necessity for each authorised member of staff to continue to use an assumed identity
• conducted mandatory audits of ACIC records relating to assumed identities.

This year we worked on developing a system to manage the end-to-end lifecycle for assumed identities and online personas and to help ensure that compliance and legislative requirements are met. Once the system is rolled out, ACIC staff will be able to use a single, secure application to undertake intelligence, investigative and research activities using assumed identities and online personas to support strategic and operational outcomes.

Risk management

The ACIC’s risk management framework assists us to make risk-informed decisions that support our work to achieve our purpose while meeting our corporate and legislated accountabilities.

During 2018–19, we:

• completed the Comcover risk management benchmarking exercise to assess the maturity of our current approach and guide further development
• focused on approaches to improving risk culture and understanding at all levels
• participated in multiagency risk forums and consulted with partner agencies on better practice approaches to managing risk.

Our Comcover Risk Management Benchmarking Survey result evidenced a decrease in the maturity of the ACIC’s risk management framework.

Our risk function is represented in the Audit Committee and works closely with the internal audit team and the ACIC Executive.

Security and integrity

We are entrusted with special powers to enable us to work effectively with our partners to combat serious and organised crime in Australia. Security and integrity are critical in the use of those powers and in delivering our required outcome to government and our partner agencies and, more broadly, to the public.

Our security and integrity framework outlines a defined approach to managing integrity and security risks across our agency. Our documented, agreed and understood policies, procedures and processes define how security and integrity are managed in the agency.

Our integrity assurance function contributes to effective fraud and corruption control by reporting, preventing, detecting and investigating suspected fraud and corruption in the agency.

The ACIC adopts a risk-based approach to the security environment, ensuring the protection of people, information and assets.

We implemented the Protective Security Policy Framework reforms during 2018–19 and strove for continuous growth and maturity in our security culture. The CEO, as the accountable authority, has appointed a Chief Security Officer, who is responsible for the agency’s security framework.

During the year, the agency undertook a number of significant projects to enhance our security governance framework and physical security at a number of sites, to ensure the ongoing protection of sensitive capabilities.

The ACIC maintains appropriate personnel security arrangements and protections, ensuring that all staff have appropriate security clearances to access required information, in addition to reviewing the ongoing suitability of its personnel annually.

Fraud and corruption

The ACIC’s fraud and corruption control plan complies with the Commonwealth Fraud Control Framework, outlines our attitude and approach to fraud and corruption control, summarises risks identified in the fraud and corruption risk assessment, and details mitigation strategies recommended to treat significant risks.

We work closely with partners to ensure that we are adequately and appropriately addressing risks within this environment and that staff have appropriate education and awareness to identify potential instances of wrongdoing and make use of the reporting mechanisms available.

Where fraud or corruption is suspected, the matter may be subject to misconduct investigation, criminal investigation, or both. If sufficient evidence is found to support a criminal charge, the matter may be referred to the Commonwealth Director of Public Prosecutions (CDPP) for consideration of criminal prosecution.

We are well connected with the broader anti-corruption environment. We participate in the Australian Commission for Law Enforcement Integrity (ACLEI) Community of Practice for Corruption Prevention. This network of integrity professionals from the agencies under ACLEI’s jurisdiction shares best practice strategies in detecting and deterring corrupt conduct and participates in discussions on key or emerging issues.

We are committed to deterring and preventing corruption by organised crime wherever it occurs. Where requested and as appropriate, we assist ACLEI with its investigations. We provide specialist services, including surveillance, as agreed through our memorandum of understanding with ACLEI.