Go to top of page

Corporate governance

The Agency is governed by a skills-based Board, supported by advisory committees, and reports to Commonwealth, state and territory health ministers through the COAG Health Council.

The Agency’s governance framework has its legislative foundation in the Agency Rule. The PGPA Act sets out requirements for the governance, reporting and accountability of Commonwealth entities and for their use and management of public resources. It vests many of the powers and responsibilities for the financial management of a Commonwealth entity in the hands of the accountable authority, which is the Board of the Agency. The Agency Rule established the Board, advisory committees and the position of CEO, and defined their roles and responsibilities.

The accountability and governance practices in place to support this legislative regime promote strong performance and careful stewardship of public resources. They are designed to assure the Agency’s ability to deliver on the expectations of government, the health sector, and the community.

Fundamental to the Agency’s governance arrangements is establishing an appropriate controls environment to ensure probity and transparency. Roles, lines of authority and delegations for decision making are all clearly defined. They are reinforced through training and awareness initiatives so that staff have a common understanding of their obligations, and their purpose in providing a system of checks and balances to safeguard the integrity of the Agency’s work.

Other key governance features include:

  • A focus on audit, risk management and fraud control strategies.
  • A mechanism for stakeholder participation through representation on specialist committees.
  • Internal and external scrutiny through a robust planning and reporting framework.
  • Embedding ethics and integrity in the values and culture of the Agency.

A number of governance bodies form a key part of the Agency’s assurance processes.

The Board

The Agency Board sits at the apex of the governance structure and is the accountable authority of the Agency under the PGPA Act. The Board is accountable to Parliament through the Minister for Health. In accordance with Section 14 of the Agency Rule, the Board sets the strategic and policy direction to achieve the Agency’s purpose, and oversees performance, governance and resource allocation as custodian of Commonwealth, state and territory funding.

The Board maintains a watching brief over internal and external environments and ensures that Agency operations and outcomes are fit for purpose and align with government priorities.

Its efforts are balanced across creating the future and delivering the present. In fulfilling its statutory obligation to produce an annual work program it gives a clear picture of operational priorities, actions and planned outcomes for each financial year.

Board members

The Board brings a range of skills and perspectives to the Agency. The Agency Rule prescribes the eligibility requirements for Board members so that, collectively, the Board has expertise and experience in the fields of health informatics, leading digital healthcare delivery, policies and services, consumer health advocacy, clinical safety, law, financial management and Board and business leadership.

Board appointments, functions, powers and procedures are also conferred by the Agency Rule and further clarified in the Board’s charter. The Board consists of the Board chair and up to 10 other members, all of whom are non-executive members, appointed by the Minister for Health for a term (in aggregate) of up to three years.

The composition and history of the Agency’s Board membership follows:


  • Dr Elizabeth Deveny
  • Jim Birch AM (until 20 April 2019)

Senior Executive Service officer in the Commonwealth Department of Health

  • Ms Glenys Beauchamp PSM (until 28 February 2020)
  • Martin Bowles PSM (until 31 August 2017)
  • Paul Madden (until 31 March 2017)

Nominated Australian Health Ministers’ Advisory Council member

  • Dr Zoran Bolevich
  • Michael Walsh (until September 2019)
  • Stephen Moo (until September 2017)

Other members

  • A/Professor Learne Durrington
  • Dr Samuel Heard
  • Ms Emma Hossack
  • Dr Chris McGowan
  • Lyn McGrath
  • Dr Bennie Ng
  • Adjunct Professor Kylie Ward
  • Professor Michael Woods
  • Robert Bransby (until 20 April 2019)
  • Dr Eleanor Chew OAM (until 20 April 2019)
  • Stephanie Newell (until 20 April 2019)
  • Professor Johanna Westbrook (until 20 April 2019)

Dr Elizabeth Deveny

Headshot photo of Elizabeth Deveny
Dr Elizabeth Deveny is currently the CEO of SEMPHN. Her emphasis on mutual respect and accountability of each and every staff member was a key factor in the nationally-recognised success of Bayside Medicare Local. Among her other current appointments she chairs the Southern Metropolitan Partnership which brings community, industry and local government together to provide the Victorian government advice about regional priorities.

Dr Deveny is an experienced and well-respected senior executive with a strong commitment to providing sustainable health outcomes for all Australians, and a demonstrated ability to build and maintain positive, productive partnerships with key stakeholders and the broader community. She holds a Masters degree in vocational health education and a PhD in Medicine (clinical decision making), both from Melbourne University.

Dr Zoran Bolevich

Headshot photo of Zoran Bolevich
Dr Zoran Bolevich is Chief Executive of eHealth NSW and Chief Information Officer of NSW Health. With a background in medicine and business administration, Dr Bolevich has worked in a number of senior health system management, health IT and data analytics leadership roles in Australia and New Zealand.

Leading a team of more than 1,250 staff, Dr Bolevich is focusing on implementing the eHealth Strategy for NSW Health, streamlining governance of eHealth NSW’s key programs and activities, and developing a highly effective, customer-focused health IT organisation. Dr Bolevich is passionate about improving the health system through meaningful and effective use of digital technologies, data analytics, research and innovation in partnership with patients, clinicians, health organisations, government and industry partners.

Dr Bolevich holds a medical degree, a Master’s of Business Administration and is a Fellow of the Royal Australasian College of Medical Administrators.

Ms Glenys Beauchamp PSM

Until 28 February 2020

Headshot photo of Glenys Beauchamp
Glenys Beauchamp PSM was appointed Secretary of the Department of Health on 18 September 2017. Ms Beauchamp has had an extensive career in the Australian Public Service at senior levels with responsibility for a number of significant government programs covering economic and social policy areas.

She has more than 25 years’ experience in the public sector and began her career as a graduate in the Industry Commission. Prior to her current role, Ms Beauchamp was Secretary, Department of Industry, Innovation and Science (2013–2017) and Secretary of the Department of Regional Australia, Local Government, Arts and Sport (2010–2013). She has served as Deputy Secretary in the Department of the Prime Minister and Cabinet (2009–2010) and the Department of Families, Housing, Community Services and Indigenous Affairs (2002–2009).

Ms Beauchamp has held a number of executive positions in the ACT Government including Deputy Chief Executive, Department of Disability, Housing and Community Services and Deputy CEO, Department of Health. She also held senior positions in housing, energy and utilities functions with the ACT Government. Ms Beauchamp was awarded a Public Service Medal in 2010 for coordinating Australian Government support during the 2009 Victorian bushfires. Ms Beauchamp holds an economics degree from the Australian National University and an MBA from the University of Canberra.

A/Professor Learne Durrington

Headshot photo of Learne Durrington
A/Professor Learne Durrington is Chief Executive Officer, WA Primary Health Alliance which operates the three Primary Health Networks in Western Australia. Learne is known as a strategic leader and has a strong blend of skills and knowledge in both government and not-for-profit sectors. Key areas of executive leadership and responsibility include: Health, mental health and primary care – child protection and family services; and – disability and ageing. Her leadership has developed throughout her career in roles where the dynamic environment and changing policy environment contributed to her tenacity, resilience and ongoing learning. The notion of curiosity and collaboration have been vital to her achievements.

A/Professor Durrington holds a Masters Degree in Public Policy, Bachelor Social Work (Hons), GAICD, FAIM and FACHSM.

Dr Samuel Heard OAM

Headshot photo of Sam Heard
Dr Samuel Heard OAM is primarily a rural general practitioner. He is currently the Medical Director of the Central Australian Aboriginal Congress, a 45 year old community controlled health service with 400 staff and 11 clinics across Central Australia. He is also the Medical Director of the Flinders University Regional Training Hub in Central Australia, where he is an Associate Professor. Dr Heard grew up in Naracoorte, South Australia, and studied medicine at Adelaide University, graduating in 1978. He completed his general practice training in London and was a part-time academic with London University. He returned to Darwin in 1992 working with Menzies School of Health Research but staying involved with European eHealth research projects. He developed the openEHR methodology with Thomas Beale, an engineer in the late 1990s. Key elements of this work have been adopted as an international (CEN and ISO) standard. Dr Heard has been a founding Fellow of the Australian College of Health Informatics and a founding director of the openEHR Foundation, with appointment as a Senior Visiting Research Fellow at University College London. He continues to be a director of Ocean Informatics, an Australian company that first implemented the openEHR methodology and provided the NT My eHealth Record software. He has worked extensively in education and standardisation, representing Australia in international eHealth standards development. He has been a delegate to CEN (European), ISO (International) and HL7 (International) standards organisations. Dr Heard worked on technical committees at IHTSDO (International terminology) as a UK nominee. Dr Heard holds an MBBS, DRCOG, MRCGP, FRACGP, FACH.

Emma Hossack

Headshot photo of Emma Hossack
Emma Hossack is the CEO of the Medical Software Industry Association (MSIA). MSIA represents over 90 per cent of the providers of all the providers of health software in Australia. Over 91 per cent of all MBS/PBS transactions involve MSIA member software. Prior to this appointment in December 2018, Ms Hossack was the CEO of Extensia, a leading Australian supplier of software solutions and technologies for the health care sector. Additionally, Ms Hossack was the CEO of Binder, an information logistics platform used across all industry sectors. Extensia deployed a number of implementations of privacy by design shared electronic health record systems across Australia over the past decade. Extensia responded to the global need for systems to more effectively exchange information in aged care, chronic disease, indigenous care and disability sectors. Extensia achieved this through the deployment of interoperable flexible software. Extensia’s platform enables individual autonomy and dignity as well as improved health outcomes and efficiencies.

Before acquiring Extensia, Ms Hossack practiced as a commercial lawyer as a Senior Associate with a national law firm based in Melbourne and in 2007 she completed a Master of Laws at Queensland University of Technology, majoring in consent models and privacy compliant sharing of health information.

Now based in Brisbane, her other interests and positions include membership of HISA, Past President and current member of iappANZ (Australian and New Zealand International Association of Privacy Professionals) and representative on many jurisdictional and Commonwealth Government reference groups and boards. Ms Hossack holds a BA (University of Melbourne) and LLB (Hons) and LLM (Queensland University of Technology).

Dr Chris McGowan

From 11 October 2019

Headshot photo of Chris McGowan
Dr Chris McGowan is the Chief Executive of the South Australian Department of Health and Wellbeing. Dr McGowan is responsible to the Minister for Health and Wellbeing for the governance, leadership and management of the South Australian health system.

Dr McGowan has a background expanding over 30 years in health and human service policy, management and leadership. He has led both public and private hospitals and held positions including Director of Health Reform, Director of Primary Health Care for the SA Government, and Director of Local Hospital Networks and Medicare Local/Primary Health Care networks.

Prior to his current role, Dr McGowan served as CEO of Silver Chain Group (incorporating RDNS SA), where he was responsible for Australia’s largest community based palliative care service supporting over 2,500 patients per year in their last three months of life. Silver Chain also delivered extensive community based healthcare including a virtual hospital supporting approximately 1,100 patients at any one time who would otherwise be in acute hospital settings. He holds a Bachelor of Business (HRD) and a Master’s Degree in Applied Science - Applied Social Research both from the University of South Australia, is a graduate of the Australian Institute of Company Directors, was awarded Adjunct Professorship at Curtin University WA 2011, and has a PhD from Flinders University on the cost of public hospital care at the end-of-life.

Lyn McGrath

Headshot photo of Lyn McGrath
Lyn McGrath is the Group Executive Retail Banking at the Bank of Queensland. She was recently the Executive General Manager, Wealth Advice at the Commonwealth Bank of Australia (CBA). Prior to this role Ms McGrath was Executive General Manager, Retail Sales leading the largest financial services distribution business in Australia for six years.

Before joining the CBA in 2007, Ms McGrath held roles with St George in Retail Banking. She has extensive senior management experience in strategic and operational roles within the utilities and media industries and over 20 years’ experience in financial services.

Ms McGrath is highly regarded for her transformational leadership, financial management experience and customer experience strategy thought leadership. She holds an MBA and BA from Macquarie University as well as a Dip PR (Hons) and is a graduate of the Australian Institute of Company Directors.

Ms McGrath is a Senior Fellow with FINSIA, a Fellow with the Australian Institute of Managers and Leaders and a member of Chief Executive Women Ltd. In 2012, she was named as one of the 100 Most Influential Women in Australia by the Australian Financial Review. Ms McGrath holds an MBA and BA from Macquarie University as well as a Dip PR (Hons).

Dr Bennie Ng

Headshot photo of Bennie Ng
Dr Bennie Ng is the Chief Executive Officer of the Australian Medical Association Western Australia (AMA WA). He commenced his career as a general practitioner before becoming immersed in health policy and management.

Dr Ng has extensive experience in providing advice to the Australian Government having been an adviser to the Minister of Health and later appointed as Head of Social Policy at the Office of the Prime Minister and had responsibilities across health and hospitals, aged care, disabilities/NDIS and indigenous affairs. He has held senior positions in strategy, services planning and general management across public and private hospital sectors including the Peter MacCallum Cancer Centre, Healthscope Limited as well as the Hong Kong public hospital authority.

Dr Ng has a Bachelor’s Degree in Medicine and Surgery and a Masters of Business Administration. He is a Fellow of the Royal Australasian College of Medical Administrators and of the Royal Australian College of General Practitioners, and is a Council member of the National Library of Australia.

Adjunct Professor Kylie Ward

Headshot photo of Kylie Ward
Adjunct Professor Kylie Ward is the CEO of the Australian College of Nursing (ACN) and is a renowned nursing workforce leader and a passionate CEO who has shaped ACN to become a prominent and influential professional organisation. Ms Ward leads ACN’s strong collective voice for the nursing profession, promoting nursing involvement in advocacy and policy development at the state and federal levels. She continues to drive nursing influence in broader professional issues to the next level, both locally and internationally.

Ms Ward’s distinguished career spans almost three decades, during which time she has been awarded honorary Professorships from Monash University, Deakin University, University of Technology Sydney and Western Sydney University, as well as holding Executive Director of Nursing and Midwifery positions in the largest health services in NSW and Victoria.

Ms Ward currently sits on the Aged Services Industry Reform Committee (IRC) and the Health Translation Advisory Committee (HTAC) of the National Health and Medical Research Council (NHMRC). A highly accomplished CEO, Ms Ward has had responsibility for multi-million dollar budgets throughout her career. Her commitment and professionalism have been recognised through the multiple awards she has won throughout her career, including the 2017 ACT Telstra Business Woman of the Year Award for Social Purpose and Enterprise and 2018 Western Sydney University Prestigious Alumni’s Award for Professional Excellence. Ms Ward holds a M.Mgt, Dip.App.Sci (Nursing), Acute Care Cert., FACN, Wharton Fellow, MAICD.

Professor Michael Woods

Headshot photo of MIchael Woods
Professor Michael Woods is a Professor of Health Economics at the Centre for Health Economics Research and Evaluation at the University of Technology Sydney. He is a member of the Aged Care Financing Authority.

Professor Woods’ research focus is on the reform of aged care and palliative care, improving the efficiency and effectiveness of the health workforce and the economics and financing of health systems. He specialises in policy development and program evaluations. He has led many commissioned research projects for Commonwealth departments and has been an Independent Reviewer for the COAG Health Council.

Professor Woods was previously Deputy Chairman of the Productivity Commission and Presiding Commissioner on over 20 national inquiries. He led several landmark reports including Caring for Older Australians, Science and Innovation and Australia’s Health Workforce. He has been a visiting scholar at the Australian National University and held Staff Consultant and Senior Expert Roles for organisations including the World Bank and OECD. He has worked closely with national ministries in China on fiscal reform and with national ministries in Viet Nam on economic reform.

Previously Professor Woods was the Under Treasurer for the Australian Capital Territory and a member of the Australian Statistics Advisory Council. Professor Woods holds a Bachelor of Arts (Hons), Australian National University and Graduate Diploma in Education, Canberra College of Advanced Education.

Michael Walsh

Until 6 September 2019

Headshot photo of Michael Walsh
Michael Walsh was the Director-General Queensland Health until 6 September 2019, where he led a public health and hospital system for a population of nearly 5 million people. Prior to this role, he was the inaugural Chief Executive/ CIO of eHealth NSW, providing eHealth and ICT services to the NSW Health System. He has also worked as Chief Executive of HealthShare NSW, the NSW Health shared service provider.

Mr Walsh has extensive experience at the government senior executive level in both NSW and Queensland and has worked in the private sector including for a leading consulting firm. He has led large organisational strategy and change programs including major departmental integrations, significant ICT programs, and large hospital infrastructure programs such as the $10 billion Queensland Hospital rebuilding program including the Gold Coast University Hospital, Sunshine Coast University Hospital and Queensland Children’s Hospital.

Mr Walsh has a strong background in public sector governance and leadership. He also has strong experience in portfolio, program and project management, business case development and implementation of major government initiatives. Mr Walsh holds a Master of Business Administration, Bachelor of Arts (Hons) in psychology, Bachelor of Science in human movement and Bachelor of Education.

Board meetings

The Board meets regularly in accordance with a formally approved timetable and agenda. The Board convened on 10 occasions throughout 2019–20, five of which were via teleconference.

In accordance with PGPA Act requirements, Board member terms of appointment and details of the number of Board meetings attended during the financial year are outlined below.

Attendance at Board meetings

Board member

(all non-executive)

Term of appointment

Meetings attended

Dr Elizabeth Deveny

20 April 2019 to 19 April 2022


Glenys Beauchamp PSM

28 May 2018 to 27 May 2021


Dr Zoran Bolevich

1 August 2018 to 31 July 2021


A/Professor Learne Durrington

20 April 2019 to 19 April 2022


Dr Samuel Heard OAM

20 April 2019 to 19 April 2021


Emma Hossack

20 April 2019 to 19 April 2022


Dr Chris McGowan

11 October 2019 to 31 July 2021


Lyn McGrath

20 April 2019 to 19 April 2021


Dr Bennie Ng

20 April 2019 to 20 April 2022


Michael Walsh

1 August 2018 to 31 July 2021


Adjunct Professor Kylie Ward

20 April 2019 to 19 April 2022


Professor Michael Woods

20 April 2019 to 19 April 2022


Dr Brendan Murphy

Appointment pending


Advisory committees

The Board utilises expert advisory committees to provide strategic thought leadership in their areas of specialist remit, and to assist the Board more broadly in the performance of its functions.

A number of committees are created expressly by the Agency Rule, which prescribes the eligibility requirements for membership (such as relevant expertise) and gives an overview of functions.

Board advisory committees

Jurisdictional Advisory Committee

The Jurisdictional Advisory Committee gives guidance on all matters for consideration by the Board in order to facilitate national coordination and consistency across geographic and health sector boundaries. Its members are senior representatives of Commonwealth, state and territory health departments.

Clinical and Technical Advisory Committee

The Clinical and Technical Advisory Committee advises on:

  • the efficient and effective delivery of clinical care using digital health;
  • the architectural integration of digital health systems;
  • changes to digital health system design to improve clinical usability and usefulness based on experience with the use of digital systems;
  • proposed innovations and measures to improve the efficiency and effectiveness of digital health systems for clinicians and users of the system; and
  • recommendations in relation to priorities of investment in, and development and implementation of, national digital health systems.

Jurisdictional Advisory Committee

The Jurisdictional Advisory Committee gives guidance on all matters for consideration by the Board in order to facilitate nationals coordination and consistency across geographic and health sector boundaries. Its members are senior representatives of Commonwealth, state and territory health departments.

Consumer Advisory Committee

The Consumer Advisory Committee advises on:

  • how to ensure key messages about digital health are communicated effectively to relevant stakeholders and health consumer groups;
  • recognising the interests of minority and special interest groups so as to ensure that their interests are taken into account in the design and implementation of digital health systems; and
  • establishing and maintaining collaboration with health consumers and providers in relation to digital health systems.

Privacy and Security Advisory Committee

The Privacy and Security Advisory Committee advises on:

  • legal issues in relation to digital health systems, including copyright, data privacy issues, confidentiality issues, data security and legal liability;
  • the long-term legal framework of digital health systems;
  • privacy and security issues encountered by users of digital health systems, and the resolution of any problems arising from monitoring these issues; and
  • standards (including compliance with standards) relating to privacy and security in relation to digital health systems.

The final advisory body, an audit committee, is mandated by Section 45 of the PGPA Act, and Section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) sets out its powers of review.

Audit and Risk Committee

Audit and Risk Committee

The Audit and Risk Committee was established to help the Board discharge its responsibilities under the PGPA Act and PGPA Rule through review of the Agency’s financial reporting, performance monitoring, risk oversight and management, internal control and legislative and policy compliance. This includes:

  • Financial reporting: activities such as advising on the entity’s preparation and review of its annual financial statements, the adequacy of the entity’s internal budgeting and reporting, and the entity’s obligations under the PGPA Act and other relevant Acts.
  • Performance reporting: reviewing the framework of key performance indicators and other performance measures, or the entity’s annual performance statements; or making recommendations on concerns or opportunities identified by internal or external audits.
  • System of risk oversight and management: advising the entity about internal audit plans; advising about professional standards to be used by internal auditors in the course of carrying out audits; reviewing the entity’s response to internal and external audits and reviewing the entities risk management framework which may include review of the entity’s risk management plan and business continuity plan.
  • System of internal control: reviewing the entity’s compliance framework, governance arrangements and internal control environment.

Specialist committees

All major Agency initiatives are led by committees with representatives across the health sector and user spectrum – clinicians, consumers, jurisdictions – so that all voices are heard in the design process. Some groups are created by statute. For example, the My Health Records (Strengthening Privacy) Act 2018, introduced protections around the secondary use of My Health Record data. The new law enshrined the principles contained within the Framework to Guide the Secondary Use of My Health Record System Data and established a Data Governance Board to approve the release of any data in line with these rules. The Board, when constituted, will contain members from the Agency, the Australian Institute of Health and Welfare, the Aboriginal and Torres Strait Islander Peoples’ Advisory Panel, as well as independent experts.

Internal governance

Chief Executive Officer

The CEO leads the Agency in implementing a portfolio of work that supports the Board’s vision. Under Section 53 of the Agency Rule, the CEO manages the day-to-day administration of the Agency and does so in accordance with the strategy, plans and policies approved by the Agency Board. The CEO is the primary point of liaison between the Board and senior management.

Executive Leadership Team

The CEO is supported by the Executive Leadership Team. The team meets weekly with the CEO and is active in the implementation of the governance framework through strategic and financial planning, consideration of ongoing and emerging risks, review of controls, and monitoring the delivery of performance outcomes. It is the primary forum for operational decision making in the Agency.

Senior Leadership Team

The Senior Leadership Team also has a role in overseeing operational activities and in guiding the ongoing development of the Agency’s governance policies and processes. The Senior Leadership Team meets with the Executive Leadership Team once a month. This provides a mechanism for information sharing, cooperation and collaboration across the leadership group to drive organisational capability and performance.

Directors’ Forum

Opportunities to provide input on strategic issues and resolve operational issues are extended to directors through the Directors’ Forum, which meets fortnightly with a representative of the Executive and Senior Leadership Team. This forum has a dual purpose: as a communication channel to cascade key messaging from the Executive, and as critical feedback loop. It allows upward communication of staff insights on emerging challenges, resourcing priorities, performance progress, and the operation of policies and processes in practice, leading to their continuous improvement.

Together, these forums set the cultural and ethical tone for the Agency and enrich Agency- wide strategic thinking.

Internal committees

A range of internal committees also support the Agency’s leadership and its ability to deliver on its strategic priorities. This includes the Program Delivery and Financial Performance Committee which oversees the planning and delivery of the Agency’s annual work program.

Risk management

The Agency is committed to a comprehensive and coordinated approach to managing risk at the enterprise, program and project levels.

In its first year of operations, the Agency designed and implemented a system of internal controls for the oversight and management of risk, including policy guidelines, tools and templates.

The framework is aimed at building a positive and transparent risk culture by embedding risk management principles and processes into business-as-usual activities.

The risk management framework is modelled on better practice methodologies, and aligned with the international standard on risk management (AS/NZS ISO 31000) and the Commonwealth Risk Management Policy 2014.

It is designed to support the delivery of the strategic objectives determined by the Board by ensuring that potential adverse events, threats and uncertainties are identified, measured, managed and mitigated. An equal focus is placed on the active and ongoing reporting of risks to ensure they are captured and escalated, where appropriate, to allow visibility by senior management.

Enterprise-wide or strategic risks that could materially impact the success of the Agency are owned and reviewed by the Agency Board. The Board determines the nature and extent of risk it is prepared to accept to achieve the Agency’s purpose, consistent with the Agency’s risk appetite and prudent use of public funds.

Audit and Risk Committee

The Audit and Risk Committee is independent of the Agency and provides assurance and advice to the Board on the Agency’s risk, governance and control framework, and the integrity of its performance and financial reporting.

Its efforts are aimed at championing a risk-aware culture that encourages robust risk assessment, risk-informed decision making, and anticipation of risk in the pursuit of Agency objectives.

A primary responsibility of the committee under its charter is to oversee the preparation and implementation of the Agency’s key risk management initiatives, including audit, fraud control, and business continuity activities.

The risk framework is complemented by an assurance framework designed to confirm the operation and effectiveness of key controls. It is developed to industry standards and scaled to Agency requirements. Consistent with annual obligations in its charter, during the reporting period the committee commissioned an Agency-wide assurance map to identify the Agency’s key assurance arrangements. This yearly exercise will allow for early detection and correction of any gaps or duplications in assurance coverage, thereby strengthening the Agency’s compliance and review processes and freeing up resources for other use.

Risk management forum

Given that responsibility for risk management rests with all of the Agency’s staff, a risk management forum was established with membership across business, product and program areas, to build and nurture a risk management capability and a broader understanding of risk exposures across the Agency.

Program Delivery and Financial Performance Committee

The Program Delivery and Financial Performance Committee, which monitors delivery of the annual work program and derivative projects, has a role in providing cross-agency operational oversight and assurance to programs and partnership priorities. This includes proactive management of risks and issues, ensuring that programs, partnership contracts and relationships are managed effectively and deliver outcomes within agreed tolerances.

Audit arrangements

The Agency relies on audit activities as an essential tool to identify opportunities to deliver better practices that will drive performance and greater transparency of the Agency’s governance and decision-making arrangements.

Internal audit

The Agency’s internal audit services were provided by Axiom Associates during 2019–20. The risk-based internal audit program is informed by a consultative and collaborative process involving key Agency officials. Audits covering the privacy framework and risk management system were completed during the reporting period, with audits nearing completion on financial statements preparation and the performance management framework. All audit reports are presented to the Audit and Risk Committee, with accompanying plans to action any recommendations as part of ongoing efforts to improve Agency processes and performance.

The Agency will continue to focus audit resources on areas of significant risk while being flexible enough to respond to emerging risks and changing demands. The audit program will be reviewed and revised to account for significant changes in the internal and external environment, and also to reflect the continued growth in the Agency’s maturity and capability.

External audit

The Auditor-General is the external auditor for the Agency, as required by the PGPA Act. The Auditor-General, through the ANAO, has audited the Agency’s financial statements to ensure they have been prepared in accordance with the Australian Accounting Standards and other requirements prescribed by the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015. The Agency’s financial statements are presented in Part 4 of this report.

Under its charter, the Audit and Risk Committee is empowered to act as the liaison point between Agency management and the ANAO, and to review both the financial accounts and the processes in place that support the integrity of financial information published in the annual report.

The Audit and Risk Committee also oversees the Agency’s fraud control arrangements.

Fraud control

The Agency has developed an integrity framework aimed at ensuring standards of professionalism, individual accountability and ethical behaviour are valued and shared across the organisation. The framework is underpinned by policies, plans and procedures such as accountable authority instructions that encourage responsible public administration and minimise the risk of misappropriation of Agency resources. The Agency recognises that all staff must do their part to safeguard Agency assets against loss through fraud, negligence or other misconduct and promote a positive workplace culture by supporting fraud control efforts. The Agency also recognises its responsibility to support individuals who report suspected wrongdoing.

In 2019–20, the emergence of the COVID-19 pandemic caused the Agency to increase its level of fraud risk, recognising the introduction of non-physical approval mechanisms for Agency transactional processes, and reduced capability to monitor aspects of employment in a working-from-home environment. The Agency is re-assessing the effectiveness of control mechanisms in light of current arrangements.

No material instances of fraud were reported during 2019–20.

Business continuity management

The Agency has developed a business continuity plan that builds operational resilience by ensuring that critical services continue in the aftermath of a major business disruption, and ordinary functions resume within acceptable recovery timeframes. The plan is mapped to the Agency’s risk profile and details contingencies and related controls to reduce the likelihood and effect of a business interruption. Disaster recovery plans are also in place to safeguard ICT systems that are intrinsic to the Agency’s operations.

The Agency’s business continuity planning focuses on testing and validating business continuity arrangements and incorporating any lessons learned from exercises or actual events.

In 2019–20, the Agency activated its Agency Pandemic Plan, which focuses on both the safety of staff and maintaining mission-critical activities at (or near to) normal levels of operation. The plan allowed the Agency to respond swiftly to the COVID-19 pandemic by testing whole-of-office remote working in mid-March 2020 in readiness for a sustained transition away from an office to a home-based workspace at the end of March 2020. It also supported the subsequent, staggered, return across offices over July to September 2020 in tandem with the relaxation of state/ territory restrictions on physical distancing.

The Agency response was led at the executive level by the Business Continuity Response Team (BCRT) with responsibility for resourcing, communication and coordination of decisions. The BCRT is supported by a Pandemic Response Team, with subject matter expert representatives from business areas, tasked with providing advice to the BCRT, operationalising executive decisions and identifying mitigating measures to protect staff and preserve business operations.

Collectively, these efforts allowed the Agency to navigate the change and upheaval occasioned by COVID-19 – staff, while working remotely, stayed connected to our work and our stakeholders with manageable disruptions to our business activities. The Agency has started the exercise of reviewing and renewing our response as it monitors what continues to be a fluid situation.