Go to top of page

Corporate governance

The Agency is governed by a skills-based Board supported by advisory committees and reports to Commonwealth, state and territory health ministers through the Health Council.

The Agency’s governance framework has its legislative foundation in the Agency Rule. The PGPA Act sets out requirements for the governance, reporting and accountability of Commonwealth entities and for their use and management of public resources. It vests many of the powers and responsibilities for the financial management of a Commonwealth entity in the hands of the accountable authority, which is the Board of the Agency. The Agency Rule established the Board, advisory committees and the position of CEO, and defines their roles and responsibilities.

The accountability and governance practices in place to support this legislative regime promote strong performance and careful stewardship of public resources. They are designed to assure the Agency’s ability to deliver on the expectations of government, the health sector and the community.

Fundamental to the Agency’s governance arrangements is establishing an appropriate controls environment to ensure probity and transparency. Roles, lines of authority and delegations for decision making are all clearly defined. They are reinforced through training and awareness initiatives so that staff have a common understanding of their obligations, and their purpose in providing a system of checks and balances to safeguard the integrity of the Agency’s work.

Other key governance features include:

  • a focus on audit, risk management and fraud control strategies
  • a mechanism for stakeholder participation through representation on specialist committees
  • internal and external scrutiny through a robust planning and reporting framework
  • embedding ethics and integrity in the values and culture of the Agency.

A number of governance bodies form a key part of the Agency’s assurance processes.

The Board

The Agency Board sits at the apex of the governance structure and is the accountable authority of the Agency under the PGPA Act. The Board is accountable to Parliament through the Minister for Health and Aged Care. In accordance with Section 14 of the Agency Rule, the Board sets the strategic and policy direction to achieve the Agency’s purpose, and oversees performance, governance and resource allocation as custodian of Commonwealth, state and territory funding.

The Board maintains a watching brief over internal and external environments and ensures that Agency operations and outcomes are fit for purpose and align with government priorities.

Its efforts are balanced across creating the future and delivering the present. In fulfilling its statutory obligation to produce an annual work program it gives a clear picture of operational priorities, actions and planned outcomes for each financial year.

Board members

The Board brings a range of skills and perspectives to the Agency. The Agency Rule prescribes the eligibility requirements for Board members so that collectively, the Board has expertise and experience in the fields of health informatics, leading digital healthcare delivery, policies and services, consumer health advocacy, clinical safety, law, financial management and Board and business leadership.

Board appointments, functions, powers and procedures are also conferred by the Agency Rule and further clarified in the Board’s charter. The Board consists of the Board chair and up to 10 other members, all of whom are non-executive members, appointed by the Minister for Health for a term (in aggregate) of up to three years.

Dr Elizabeth Deveny

Headshot photo of Elizabeth Deveny
Dr Elizabeth Deveny is currently the CEO of the South Eastern Melbourne Primary Health Network (SEMPHN).

Dr Deveny is an experienced and well-respected senior executive with a strong commitment to providing sustainable health outcomes for all Australians, and a demonstrated ability to build and maintain positive, productive partnerships with key stakeholders and the broader community. She holds a Masters degree in vocational health education and a PhD in Medicine (clinical decision making), both from Melbourne University.

Dr Zoran Bolevich

Headshot photo of Dr Zoran Bolevich
​Dr Zoran Bolevich is Chief Executive of eHealth NSW and Chief Information Officer of NSW Health. With a background in medicine and business administration, Dr Bolevich has worked in a number of senior health system management, health IT and data analytics leadership roles in Australia and New Zealand.

Leading a team of more than 1,600 staff, Dr Bolevich is focusing on implementing the eHealth Strategy for NSW Health, which aims to digitally enable Australia’s largest public health system. This includes planning, designing and implementing innovative digital platforms and capabilities for NSW Health’s clinical services, population health, integrated care, finance and workforce management, as well as world-class IT infrastructure. Dr Bolevich is passionate about improving the health system through meaningful and effective use of digital technologies, data analytics, research and innovation in partnership with patients, clinicians, health organisations, government and industry partners.

Dr Bolevich holds a medical degree, a Masters of Business Administration and is a Fellow of the Royal Australasian College of Medical Administrators.

A/Professor Learne Durrington

Headshot photo of Learne Durrington
​A/Professor Learne Durrington is Chief Executive Officer, WA Primary Health Alliance, which operates the three Primary Health Networks in Western Australia. Learne is known as a strategic leader and has a strong blend of skills and knowledge in both government and not-for-profit sectors. Key areas of executive leadership and responsibility include: Health, mental health and primary care – child protection and family services; and – disability and ageing. Her leadership has developed throughout her career in roles where the dynamic environment and changing policy environment contributed to her tenacity, resilience and ongoing learning. The notion of curiosity and collaboration have been vital to her achievements.

A/Professor Durrington holds a Masters degree in Public Policy, Bachelor Social Work (Hons), GAICD, FAIM and FACHSM.

Dr Samuel Heard OAM

Headshot photo of Dr Samuel Heard
​Dr Samuel Heard OAM is primarily a rural general practitioner. He is currently the Medical Director of the Central Australian Aboriginal Congress, a 45 year old community controlled health service with 400 staff and 11 clinics across Central Australia. He is also the Medical Director of the Flinders University Regional Training Hub in Central Australia, where he is an Associate Professor.

Dr Heard grew up in Naracoorte, South Australia, and studied medicine at Adelaide University, graduating in 1978. He completed his general practice training in London and was a part-time academic with London University. He returned to Darwin in 1992 working with Menzies School of Health Research but staying involved with European eHealth research projects. He developed the openEHR methodology with Thomas Beale, an engineer in the late 1990s. Key elements of this work have been adopted as an international (CEN and ISO) standard.

Dr Heard has been a founding Fellow of the Australian College of Health Informatics and a founding director of the openEHR Foundation, with appointment as a Senior Visiting Research Fellow at University College London. He continues to be a director of Ocean Informatics, an Australian company that first implemented the openEHR methodology and provided the NT My eHealth Record software. He has worked extensively in education and standardisation, representing Australia in international eHealth standards development. He has been a delegate to CEN (European), ISO (International) and HL7 (International) standards organisations. Dr Heard worked on technical committees at IHTSDO (International terminology) as a UK nominee. Dr Heard holds an MBBS, DRCOG, MRCGP, FRACGP, FACH.

Emma Hossack

Headshot photo of Emma Hossack
​Emma Hossack is the CEO of the Medical Software Industry Association Ltd (MSIA). The MSIA represents the providers of health software in Australia to enable safer more efficient healthcare for all Australians. Emma has been a leader in the digital health agenda for Australia for years as an advocate for the role of digital health in a healthier Australia. Her goal is to help create a regulatory and commercial environment that stimulates innovation making the health system sustainable.

Prior to the MSIA role, Ms Hossack was CEO of Extensia, a leading Australian supplier of software for the healthcare sector. Additionally, Ms Hossack was the CEO of Binder, an information logistics platform used across all industry sectors. Emma led a program of privacy by design for all the companies. Extensia responded to the global need for systems to exchange information more effectively in aged care, chronic disease, indigenous care and disability sectors. The platform enabled individual autonomy and dignity as well as improved health outcomes and efficiencies.

Emma practiced as a commercial lawyer before post- graduate work in consent models and privacy compliant sharing of health information led her into digital health.

Now based in Brisbane, her other interests and positions include member of the Melbourne University Law School Foundation Board, membership of AIDH, past president and current member of iappANZ (Australian and New Zealand International Association of Privacy Professionals). Ms Hossack holds a BA (University of Melbourne) and LLB (Hons) and LLM (Queensland University of Technology).

Dr Chris McGowan

Until 8 September 2020

Headshot photo of Dr Chris McGowan
Dr Chris McGowan is the Chief Executive of the South Australia Department of Health and Wellbeing. Dr McGowan is responsible to the Minister for Health and Wellbeing for the governance, leadership and management of the South Australian health system.

Dr McGowan has a background expanding over 30 years in health and human service policy, management and leadership. He has led both public and private hospitals and held positions including Director of Health Reform, Director of Primary Health Care for the SA Government, and Director of Local Hospital Networks and Medicare Local/Primary Health Care networks.

Prior to his current role, Dr McGowan served as CEO of Silver Chain Group (incorporating RDNS SA), where he was responsible for Australia’s largest community-based palliative care service supporting over 2,500 patients per year in their last three months of life. Silver Chain also delivered extensive community-based healthcare including a virtual hospital supporting approximately 1,100 patients at any one time who would otherwise be in acute hospital settings. He holds a Bachelor of Business (HRD) and a Masters Degree in Applied Science - Applied Social Research both from the University of South Australia, is a graduate of the Australian Institute of Company Directors, was awarded Adjunct Professorship at Curtin University WA 2011, and has a PhD from Flinders University on the cost of public hospital care at the end-of-life.

Lyn McGrath

Headshot image of Lyn McGrath
Lyn McGrath is a Non-Executive Director having recently retired as the Group Executive Retail Banking at the Bank of Queensland and Virgin Money Australia. Lyn has over 25 years’ experience in financial services as well as in both the electricity and media industries. She held senior management roles in the Commonwealth Bank of Australia (CBA) for over 10 years in both retail banking and wealth management.

Ms McGrath is highly regarded for her transformational leadership, digital and distribution transformations, financial management experience and customer experience strategy thought leadership. She holds an MBA and BA from Macquarie University as well as a Dip PR (Hons) and is a graduate of the Australian Institute of Company Directors.

Ms McGrath is a Senior Fellow with FINSIA and a member of Chief Executive Women Ltd. In 2012, she was named as one of the 100 Most Influential Women in Australia by the Australian Financial Review.

Dr Brendan Murphy

From 20 April 2021

Headshot of Dr Brendan Murphy
Dr Murphy commenced as the Secretary of the Department of Health on 13 July 2020.

Prior to his appointment as Secretary, Dr Murphy was the Chief Medical Officer for the Australian Government and previously, the Chief Executive Officer of Austin Health in Victoria.

Dr Murphy is:

  • a Professorial Associate with the title of Professor at the University of Melbourne
  • an Adjunct Professor at Monash University and at the Australian National University
  • a Fellow of the Australian Academy of Health and Medical Sciences
  • a Fellow of the Royal Australian College of Physicians and
  • a Fellow of the Australian Institute of Company Directors.

He was formerly CMO and director of Nephrology at St Vincent’s Health, and sat on the Boards of the Centenary Institute, Health Workforce Australia, the Florey Institute of Neuroscience and Mental Health, the Olivia Newton-John Cancer Research Institute and the Victorian Comprehensive Cancer Centre. He is also a former president of the Australian and New Zealand Society of Nephrology.

Dr Bennie Ng

Headshot photo of Dr Bennie Ng
Dr Bennie Ng is the Chief Executive Officer of the Australian Medical Association Western Australia (AMA WA). He commenced his career as a general practitioner before becoming immersed in health policy and management.

Dr Ng has extensive experience in providing advice to the Australian Government having been an adviser to the Minister of Health and later appointed as Head of Social Policy at the Office of the Prime Minister and had responsibilities across health and hospitals, aged care, disabilities/NDIS and indigenous affairs. He has held senior positions in strategy, services planning and general management across public and private hospital sectors including the Peter MacCallum Cancer Centre, Healthscope Limited as well as the Hong Kong public hospital authority.

Dr Ng has a Bachelors Degree in Medicine and Surgery and a Masters of Business Administration. He is a Fellow of the Royal Australasian College of Medical Administrators and of the Royal Australian College of General Practitioners, and a Council member of the National Library of Australia.

Adjunct Professor Kylie Ward

​Headshot photo of Kylie Ward ​
Adjunct Professor Kylie Ward is the CEO of the Australian College of Nursing (ACN) and is a renowned nursing workforce leader and a passionate CEO who has shaped ACN to become a prominent and influential professional organisation. Ms Ward leads ACN’s strong collective voice for the nursing profession, promoting nursing involvement in advocacy and policy development at the state and federal levels. She continues to drive nursing influence in broader professional issues to the next level, both locally and internationally.

Ms Ward’s distinguished career spans almost three decades, during which time she has been awarded honorary Professorships from Monash University, Deakin University, University of Technology Sydney and Western Sydney University, as well as holding Executive Director of Nursing and Midwifery positions in the largest health services in NSW and Victoria.

Ms Ward currently sits on the Aged Services Industry Reform Committee (IRC) and the Health Translation Advisory Committee (HTAC) of the National Health and Medical Research Council (NHMRC). A highly accomplished CEO, Ms Ward has had responsibility for multi-million dollar budgets throughout her career. Her commitment and professionalism have been recognised through the multiple awards she has won throughout her career, including the 2017 ACT Telstra Business Woman of the Year Award for Social Purpose and Enterprise and 2018 Western Sydney University Prestigious Alumni’s Award for Professional Excellence. Ms Ward holds a M.Mgt, Dip.App.Sci (Nursing), Acute Care Cert., FACN, Wharton Fellow, MAICD.

Professor Michael Woods

​Headshot photo of Michael Woods
Professor Michael Woods is a Professor of Health Economics at the Centre for Health Economics Research and Evaluation at the University of Technology Sydney. He is a member of the Aged Care Financing Authority.

Professor Woods’ research focus is on the reform of aged care and palliative care, improving the efficiency and effectiveness of the health workforce and the economics and financing of health systems. He specialises in policy development and program evaluations. He has led many commissioned research projects for Commonwealth departments and has been an Independent Reviewer for the COAG Health Council.

Professor Woods was previously Deputy Chairman of the Productivity Commission and Presiding Commissioner on over 20 national inquiries. He led several landmark reports including Caring for Older Australians, Science and Innovation and Australia’s Health Workforce. He has been a visiting scholar at the Australian National University and held Staff Consultant and Senior Expert Roles for organisations including the World Bank and OECD. He has worked closely with national ministries in China on fiscal reform and with national ministries in Vietnam on economic reform. Previously Professor Woods was the Under Treasurer for the Australian Capital Territory and a member of the Australian Statistics Advisory Council. Professor Woods holds a Bachelor of Arts (Hons), Australian National University and Graduate Diploma in Education, Canberra College of Advanced Education 1974.

Board meetings

The Board meets regularly in accordance with a formally approved timetable and agenda. The Board convened on 11 occasions (the June 2021 meeting split over 2 days) throughout 2020–21, 9 of which were via videoconference.

In accordance with PGPA Act requirements, Board member terms of appointment and details of the number of Board meetings attended during the financial year are outlined below.

Attendance at Board meetings

Board member

(all non-executive)

Term of appointment

Meetings attended

Dr Elizabeth Deveny

20 April 2019 to 19 April 2022

10/11

Dr Zoran Bolevich

1 August 2018 to 31 July 2021

8/11

A/Professor Learne Durrington

20 April 2019 to 19 April 2022

10/11

Dr Samuel Heard OAM

20 April 2019 to 19 April 2021

20 April 2021 to 19 April 2023

9/11

Emma Hossack

20 April 2019 to 19 April 2022

11/11

Dr Chris McGowan

11 October 2019 to 31 July 2021

1/2

Lyn McGrath

20 April 2019 to 19 April 2021

20 April 2021 to 19 April 2023

11/11

Dr Bennie Ng

20 April 2019 to 20 April 2022

10/11

Adjunct Professor Kylie Ward

20 April 2019 to 19 April 2022

8/11

Professor Michael Woods

20 April 2019 to 19 April 2022

11/11

Dr Brendan Murphy

20 April 2021 to 19 April 2024

2/3


Advisory committees

The Board relies on expert advisory committees to provide strategic thought leadership in their areas of specialist remit, and to assist the Board more broadly in the performance of its functions.

A number of committees are created expressly by the Agency Rule, which prescribes the eligibility requirements for membership (such as relevant expertise) and gives an overview of functions.

Board advisory committees

Jurisdictional Advisory Committee

The Jurisdictional Advisory Committee gives guidance on all matters for consideration by the Board in order to facilitate national coordination and consistency across geographic and health sector boundaries. Its members are senior representatives of Commonwealth, state and territory health departments.

Clinical and Technical Advisory Committee

The Clinical and Technical Advisory Committee advises on:

  • the efficient and effective delivery of clinical care using digital health
  • the architectural integration of digital health systems
  • changes to digital health system design to improve clinical usability and usefulness based on experience with the use of digital systems
  • proposed innovations and measures to improve the efficiency and effectiveness of digital health systems for clinicians and users of the system
  • recommendations in relation to priorities of investment in, and development and implementation of, national digital health systems

Jurisdictional Advisory Committee

The Jurisdictional Advisory Committee gives guidance on all matters for consideration by the Board in order to facilitate national coordination and consistency across geographic and health sector boundaries. Its members are senior representatives of Commonwealth, state and territory health departments.

Consumer Advisory Committee

The Consumer Advisory Committee advises on:

  • how to ensure key messages about digital health are communicated effectively to relevant stakeholders and health consumer groups
  • recognising the interests of minority and special interest groups so as to ensure that their interests are taken into account in the design and implementation of digital health systems
  • establishing and maintaining collaboration with health consumers and providers in relation to digital health systems.

Privacy and Security Advisory Committee

The Privacy and Security Advisory Committee advises on:

  • legal issues in relation to digital health systems, including copyright, data privacy issues, confidentiality issues, data security and legal liability
  • the long-term legal framework of digital health systems
  • privacy and security issues encountered by users of digital health systems, and the resolution of any problems arising from monitoring these issues
  • standards (including compliance with standards) relating to privacy and security in relation to digital health systems.


The final advisory body, an audit committee, is mandated by Section 45 of the PGPA Act, and Section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) sets out its powers of review.

Audit and Risk Committee

Audit and Risk Committee

The Audit and Risk Committee was established to help the Board discharge its responsibilities under the PGPA Act and PGPA Rule through review of the Agency’s financial reporting, performance monitoring, risk oversight and management, internal control and legislative and policy compliance. This includes:

  • Financial reporting: activities such as advising on the entity’s preparation and review of its annual financial statements, the adequacy of the entity’s internal budgeting and reporting, and the entity’s obligations under the PGPA Act and other relevant Acts.
  • Performance reporting: reviewing the framework of key performance indicators and other performance measures, or the entity’s annual performance statements; or making recommendations on concerns or opportunities identified by internal or external audits.
  • System of risk oversight and management: advising the entity about internal audit plans; advising about professional standards to be used by internal auditors in the course of carrying out audits; reviewing the entity’s response to internal and external audits and reviewing the entities risk management framework which may include review of the entity’s risk management plan and business continuity plan.
  • System of internal control: reviewing the entity’s compliance framework, governance arrangements and internal control environment.


Internal governance

Chief Executive Officer

The CEO leads the Agency in implementing a portfolio of work that supports the Board’s vision. Under Section 53 of the Agency Rule, the CEO manages the day-to-day administration of the Agency and does so in accordance with the strategy, plans and policies approved by the Agency Board. The CEO is the primary point of liaison between the Board and senior management.

Senior Executive Committee

The CEO is supported by the Senior Executive Committee. The team meets weekly with the CEO and is active in the implementation of the governance framework through strategic and financial planning, consideration of ongoing and emerging risks, review of controls, and monitoring the delivery of performance outcomes. It is the ultimate escalation point for both committee and other functional advisory and decision-making.

Internal committees

A range of internal committees also supports the Agency’s leadership and its ability to deliver on its strategic priorities. In 2020-21, the Senior Executive Committee commissioned a comprehensive review of the Agency’s governance framework with a particular focus on committee structures and decision-making processes. The aim was to evaluate governance and assurance capability and processes, as fundamental enablers for the Agency to operate effectively, efficiently, accountably and transparently. With a principles-based approach aligned to organisational values, the Agency implemented the following fit-for-purpose and streamlined governance committee structure.

 Program Governance Committee (which has program/project steering sub-committees reporting to it); clinical governance committee; finance & investment review committee; people, capability and culture committee, which has work health and safety sub-committee and culture improvement working groups reporting to it.

The new committees took effect from 5 April 2021 with the following responsibilities:

Program Governance

Monitors performance and guides the Agency’s strategic and operational programs to success.

Clinical Governance

Ensures clinical governance is observed in action, is measurable and underpins the Agency’s quality, clinical safety and performance agenda

Finance and Investment Review

Monitors and manages Agency budget and spend, as well as cash flow, financial performance, financial systems, financial risk and evaluating strategic business cases for investment.

People, Capability and Culture

Strategic resource planning and management, including human capital capacity, capability and culture.


Risk management

The Agency is committed to a comprehensive and coordinated approach to managing risk at the enterprise, program and project levels. In its first year of operations, the Agency designed and implemented a system of internal controls for the oversight and management of risk, including policy guidelines, tools and templates. The framework is aimed at building a positive and transparent risk culture by embedding risk management principles and processes into business-as-usual activities.

The risk management framework is modelled on better practice methodologies and aligned with the international standard on risk management (AS/NZS ISO 31000) and the Commonwealth Risk Management Policy 2014. It is designed to support the delivery of the strategic objectives determined by the Board by ensuring that potential adverse events, threats and uncertainties are identified, measured, managed and mitigated. An equal focus is placed on the active and ongoing reporting of risks to ensure they are captured and escalated, where appropriate, to allow visibility by senior management.

Enterprise-wide or strategic risks that could materially impact the success of the Agency are owned and reviewed by the Agency Board. The Board determines the nature and extent of risk it is prepared to accept to achieve the Agency’s purpose, consistent with the Agency’s risk appetite and prudent use of public funds.

Audit and Risk Committee

The Audit and Risk Committee is independent of the Agency and provides assurance and advice to the Board on the Agency’s risk, governance and control framework, and the integrity of its performance and financial reporting. Its efforts are aimed at championing a risk-aware culture that encourages robust risk assessment, risk-informed decision making, and anticipation of risk in the pursuit of Agency objectives. A primary responsibility of the committee under its charter is to oversee the preparation and implementation of the Agency’s key risk management initiatives, including audit, fraud control, and business continuity activities. The Audit and Risk Committee also oversees the Agency’s fraud control arrangements.

The risk framework is complemented by an assurance framework designed to confirm the operation and effectiveness of key controls. It is developed to industry standards and scaled to Agency requirements. Consistent with annual obligations in its charter, during the reporting period the committee commissioned an Agency-wide assurance map to identify the Agency’s key assurance arrangements. This yearly exercise supports early detection and correction of any gaps or duplications in assurance coverage, thereby strengthening the Agency’s compliance and review processes and freeing up resources for other use.

Internal governance committees

The four new internal management committees - Program Governance, Clinical Governance, Financial and Investment Review and People, Capability and Culture Committees – each have a role in providing cross-agency operational oversight and assurance. This includes proactive management of Agency risks and issues.

Audit arrangements

The Agency relies on audit activities as an essential tool to identify opportunities to deliver better practices that will drive performance and greater transparency of the Agency’s governance and decision-making arrangements.

Internal audit

The Agency’s internal audit services were provided by Axiom Associates during 2020–21. The risk-based internal audit program is informed by a consultative and collaborative process involving key Agency officials and approved by the Board, following the endorsement of the Audit and Risk Committee. Audit engagements covering financial statements, performance statements, consultancies and labour hire contractors, cybersecurity, payroll controls and superannuation processing were completed during the reporting period, with audits on employee attendance and an assurance map nearing completion. All audit reports are presented to the Audit and Risk Committee, with accompanying plans to action any recommendations as part of ongoing efforts to improve Agency processes and performance.

The Agency will continue to focus audit resources on areas of significant risk while being flexible enough to respond to emerging risks and changing demands. The audit program will be reviewed and revised to account for significant changes in the internal and external environment and the continued growth in the Agency’s maturity and capability.

External audit

The Auditor-General is the external auditor for the Agency, as required by the PGPA Act. The Auditor-General, through the ANAO, audited the Agency’s financial statements to ensure they were prepared in accordance with the Australian Accounting Standards and other requirements prescribed by the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015. The Agency’s financial statements are presented in Part 4 of this report.

Under its charter, the Audit and Risk Committee is empowered to act as the liaison point between Agency management and the ANAO, and to review both the financial accounts and the processes in place that support the integrity of financial information published in the annual report.

Fraud control

The Agency has developed an integrity framework aimed at ensuring standards of professionalism, individual accountability and ethical behaviour are valued and shared across the organisation. The framework is underpinned by policies, plans and procedures such as accountable authority instructions that encourage responsible public administration and minimise the risk of misappropriation of Agency resources. The Agency recognises that all staff must do their part to safeguard Agency assets against loss through fraud, negligence or other misconduct and promote a positive workplace culture by supporting fraud control efforts. The Agency also recognises its responsibility to support individuals who report suspected wrongdoing.

In 2020–21, the COVID-19 pandemic resulted in the Agency increasing its fraud risk rating, recognising the introduction of email-based approval mechanisms for Agency transactional processes, and reduced capability to monitor aspects of employment in a working-from-home environment. The Agency re-assessed fraud control mechanisms and introduced a number of improvements, including:

  • electronic procure-to-pay processing using SAP Concur and the ‘Buy right’ initiative
  • updated and improved accountable authority instruction
  • Board delegations and Chief Executive Officer authorisations
  • process improvements (including improved security vetting) for labour hire contracts, and asset stocktaking process improvements.

No material instances of fraud were reported during 2020–21.

Business continuity management

The Agency has developed a business continuity plan that builds operational resilience by ensuring that critical services continue following a major business disruption and ordinary functions resume within acceptable recovery timeframes. The plan is mapped to the Agency’s risk profile and details contingencies and related controls to reduce the likelihood and effect of a business interruption. Disaster recovery plans are also in place to safeguard ICT systems that are intrinsic to the Agency’s operations.

The Agency’s business continuity planning focuses on testing and validating business continuity arrangements and incorporating any lessons learned from exercises or actual events.

In March 2020, the Agency activated its Agency Pandemic Plan, which focuses on both the safety of staff and maintaining mission-critical activities at (or near to) normal levels of operation. The plan allowed the Agency to respond swiftly to the COVID-19 pandemic by supporting whole-of-office remote working and the subsequent, staggered, return across offices over July to September 2020 in tandem with the relaxation of state/territory restrictions on physical distancing. The transition to home-based work was again reintroduced as hard lockdowns were reimposed in 2021.

The Agency response was led at the executive level by the Business Continuity Response Team (BCRT) with responsibility for resourcing, communication and coordination of decisions. The BCRT is supported by a Pandemic Response Team, with subject matter expert representatives from business areas, tasked with providing advice to the BCRT, operationalising executive decisions and identifying mitigating measures to protect staff and preserve business operations.

Collectively, these efforts allowed the Agency to navigate the change and upheaval occasioned by COVID-19 – staff, while working remotely, stayed connected to our work and our stakeholders with manageable disruptions to our business activities. The Agency continues to review and renew our response as it monitors what remains a fluid situation.