Our corporate governance framework assists our employees to plan and manage activities and deliver on the expectations of government and the community. The governance framework articulates the lines of authority, accountability, direction and control within our agency. It is designed to ensure that our employees understand their accountabilities and our agency delivers outcomes in a controlled, transparent and accountable manner.
Figure 12 outlines our committee and reporting structure at 30 June 2020.
This section outlines the roles and responsibilities of our main governance bodies, and the number of times each body met during 2019–20.
National Management Board
The National Management Board’s role is to assist the Chief Executive to manage our organisation and fulfil the responsibilities of the Inspector-General in Bankruptcy, Official Receiver, Official Trustee in Bankruptcy and Registrar of Personal Property Securities. The board comprises our senior executives and an independent (external) member. It sets our strategic direction, determines appropriate policies, and monitors performance for administration and operational service delivery.
The National Management Board met nine times during 2019–20, including one strategic planning meeting.
Risk and Operations Management Committee
The Risk and Operations Management Committee comprises key operational managers from across the agency and has a key role in developing, monitoring and managing our operational plan.
This committee is responsible for coordinating and managing activities in relation to risk and performance. It identifies and, where necessary, escalates the management of issues and risks that have the potential to affect our functions and the achievement of our purpose. The Risk and Operations Management Committee supports the National Management Board, the Audit Committee and the Enterprise Risk Manager in overseeing and managing operational risks and performance.
The Risk and Operations Management Committee met four times during 2019–20.
The Audit Committee provides independent advice to the Chief Executive and the National Management Board on the appropriateness of our financial reporting, performance reporting, system of risk oversight and management, and our system of internal control. The committee’s charter is available at afsa.gov.au/about-us/corporate-information/audit-committee-charter.
The Audit Committee comprises four members—an independent chair, two external members and an AFSA executive-level employee (the internal member). For more information about the Audit Committee members, see Table B1: Audit Committee members, 2019–20 in Appendix B.
The Audit Committee meets at least quarterly, and may hold special meetings to review annual financial and performance statements, or to meet other specific committee responsibilities.
Meetings are ordinarily attended by our internal auditors, the General Counsel (as Chief Audit Executive), the Chief Financial Officer, the Chief Information Officer and the Finance Manager. Representatives of the Australian National Audit Office also attend as observers.
Our internal audits test both compliance and performance. Areas of audit focus during 2019–20 included information and communications technology (ICT) strategy, infrastructure refresh and maturity, contract management, capital management, debt agreements risk and controls, data recovery strategy, governance of cloud services, and our digitisation program.
The Audit Committee met five times during 2019–20.
National Consultative Committee
Our National Consultative Committee was established to encourage and facilitate an appropriate level of employee input to decision-making, and to enable organisational change to be handled effectively and efficiently. Further information can be found under ‘Employee consultation’.
The National Consultative Committee met twice in 2019–20.
Personal Property Securities Register Program Group
The role of the Personal Property Securities Register (PPSR) Program Group is to coordinate, direct and oversee operational activities in relation to the PPSR.
The PPSR Program Group is responsible for PPSR project initiation, including endorsement of final requirements for PPSR-related projects. The management and oversight of PPSR project-related operational activities is the responsibility of the Program Board.
The group is also responsible for providing oversight of risk at a program level.
The PPSR Program Group met seven times in 2019–20.
ICT Steering Committee
The ICT Steering Committee oversees our technology-based activities to ensure they align with our strategic direction and comply with agreed performance and enterprise architectural standards.
Key roles of the steering committee include providing strategic advice to the National Management Board, reviewing and endorsing frameworks and policies, and ensuring the application of appropriate technology standards.
The ICT Steering Committee met once in 2019–20. After this meeting, technology-based activities were included as part of the development of the Future AFSA program.
The Program Board provides guidance to ensure the strategic alignment and success of our programs. The board monitors the status of projects and associated risks, makes decisions or ensures action on matters presented, appoints business leads to projects, ensures project benefits align to our corporate goals and overall strategic direction, and monitors the financial risks relating to projects through regular reporting.
The Program Board met 12 times in 2019–20.
Security Advisory Group
The role of the Security Advisory Group is to oversee compliance with the Protective Security Policy Framework and the Australian Government Information Security Manual.
Compliance with the framework and the manual is achieved by implementing and maintaining agency security controls developed through risk-based analysis.
The Security Advisory Group met four times in 2019–20.
Corporate and divisional plans
The corporate plan is our primary planning document and sets out our purpose, the activities we will pursue to achieve our purpose and how we will measure our success. It is fully integrated into our broader planning frameworks and deliberately drives planning at the business level, actively supporting decision-making and management.
Our annual business planning process provides clear line of sight between the high-level purpose and outcome, and the contributions of staff across the agency.
The priorities, goals and performance measures outlined in our corporate plan cascade down to divisional plans and, ultimately, to individual employee performance and development plans (Figure 13). These linkages provide clarity to employees about the expectations of their role and how their role contributes to the achievement of our organisational vision and purpose.
We report quarterly to our governance bodies on progress in achieving the measures and other commitments outlined in the corporate plan.
Managing risk and fraud
We are committed to managing risks in order to protect our users and stakeholders, employees and assets, and ensure compliance with our contractual and statutory obligations. We periodically review, assess and update our strategic risks to account for changes in our environment.
During 2019–20, we implemented a new approach to managing strategic risks. This approach strongly emphasises active management of our critical risk controls and is expected to result in better risk management capability across the agency, fostering greater confidence in our risk management processes.
Our approach to risk management includes an overarching framework and plan that outline how we identify and seek to mitigate risk, supported by risk management coordinators and risk registers. Coordinators meet regularly to share experiences, review risk treatments and progress risk management initiatives.
Our assurance strategy details our internal control framework and complements the risk management framework by describing the relationship between operational controls, management oversight mechanisms and assurance activities. This ‘three lines of defence’ model helps to build a comprehensive picture of controls and oversight mechanisms, and enables any control gaps to be more easily identified. We are building our capability to do this more efficiently through documented assurance mapping processes.
We reviewed our fraud control plan during 2019–20. The plan outlines our approach to managing fraud and corruption risks and complies with the Commonwealth Fraud Control Framework. The plan documents our approach to controlling fraud at strategic, operational and tactical levels, and encompasses prevention, detection, investigation and reporting measures. The plan is available on our website.
Compliance with finance law
In 2019–20, we did not report any significant issues relating to noncompliance with the finance law to the Attorney-General under paragraph 19(1)(e) of the Public Governance, Performance and Accountability Act 2013.