Governing Body

AFMA as a non-corporate statutory body forms part of the Commonwealth government. It is governed by a Commission which is responsible for exercising functions and powers in relation to domestic fisheries management. The Chief Executive Officer is responsible for assisting the Commission, in giving effect to its decisions. In addition the Chief Executive Officer is separately responsible for exercising AFMA's foreign compliance functions and powers.

The Commission is subject to limited government policy direction as stated in section 91 of the Fisheries Administration Act 1991.

The Minister for Agriculture appoints the chairperson, part-time commissioners and the Chief Executive Officer. Following advice from the chairperson, the minister appoints a part-time commissioner as deputy-chairperson. The minister is also the approving authority for AFMA's Corporate Plan, Annual Operational Plan and all Fishery Management Plans determined by AFMA.

The Chief Executive Officer is the Accountable Authority under the Public Governance, Performance and Accountability Act 2013 and is the Agency Head under the Public Service Act 1999 and is also appointed as an AFMA Commissioner.

The Chief Executive Officer is subject to Ministerial Direction with regard to the Authority's foreign compliance functions, and under the Public Service Act 1999 is required to be responsive to government in implementing the government's policies and programs.

For more information about AFMA's Commissioners, see Appendix 1 to this report.

Disclosure of interests

Commissioners must disclose to the Minister for Agriculture any pecuniary or other interest that may relate to their AFMA functions, both prior to appointment and if such interests arise during their terms of office. Disclosures of interests are kept on a register of interests held by AFMA's Executive Secretary. Where a commissioner declares they have an interest in a matter under consideration by the Commission it will initiate procedures to safeguard the integrity of the Commission's decisions.

Performance review

The Commission conducts a simple review of its performance at each Commission meeting. These documented reviews address the effectiveness of the Commission in its decision making, corporate governance and maintenance of stakeholder relationships. With the commencement of a new Commission in July 2019, AFMA has taken the opportunity to seek views from industry bodies as to how the Commission could strengthen its stakeholder engagement.

Internal Scrutiny

AFMA strives to ensure that governance arrangements, together with the associated systems and processes used, are the best they can be. To this end we utilise internal audits as an essential tool to independently identify any deficiencies in these processes and control systems whilst at the same time providing opportunities to deliver better practices that will improve the efficiency, cost effectiveness and transparency of our management and regulatory arrangements.

In June 2017, the internal auditor in collaboration with AFMA Management and the AFMA Audit and Risk Committee established a Strategic Internal Audit Plan for 2017-2019. The Strategic Internal Audit Plan outlines the intended audits that will be conducted over the three year period. These proposed audits are intended to address high level risks that have been identified as part of our Risk Management Framework.

Drawing on this plan, the independent auditor completed four audits during 2018-19 on the following areas of AFMA's business operations:

AFMA Fisheries Monitoring performance audit

This audit focused on assessing the performance of AFMA’s e-monitoring contractors in monitoring Commonwealth fisheries (where e-monitoring is used) during the period 1 July 2017 to 30 June 2018.

Review of accuracy of costs within the current Cost Recovery model

This audit focused on the use of business area section plans that are used to input into the Financial Management Information System and Cost Recovery Model to ensure all costs that are allocated to activities are supported by defensible data and based on appropriate assumptions.

ICT Security performance audit

The focus of this audit was to assess the strength and maturity level of the governance control framework that AFMA has in place to manage its ICT risks and security.

Annual performance Statements performance audit

This audit focused on reviewing the framework and processes AFMA has in place to support effective performance reporting to meet relevant legislative obligations and more broadly performance delivery standards and Key Performance Indicators (KPIs).

AFMA Management has endorsed and implemented the majority of the recommendations from these audits. Work on outstanding endorsed recommendations will be undertaken during 2019-20 and monitored by the AFMA Audit and Risk Committee.

We have also established a number of standing committees which provide oversight and governance over other key business operational activities.

These committees include:

• Strategic Delivery Committee – oversees the delivery of all key project works that directly align with AFMA's Strategic goals or Annual Operational Plan objectives.
• Data and Information Governance Committee – provides a strategic approach to managing data, information and records to reduce business risk, increase accountability, and improve operational efficiencies.
• Security Governance Committee – reviews and monitors AFMA's security governance arrangements against the security threats and vulnerabilities identified by government and faced by AFMA in delivering its objectives.
• Risk Management Committee – provides oversight from a cross-agency perspective on the management and control of AFMA's business risks and to support the implementation of the agencies risk management framework.

The Chief Executive Officer, as required under the Public Governance, Performance and Accountability Act 2013, has maintained the Audit and Risk Committee to also provide independent internal scrutiny of AFMA business operations. Descriptions of these committees are provided in Appendix 1.

External Scrutiny

AFMA's financial statements are audited annually by the Australian National Audit Office (the Audit Office). The Audit Office examines the strength of our internal controls to obtain reasonable assurance as to whether our annual financial statements as a whole are free from material misstatement. The results of their audit are presented in their report on the financial statements accessible in part 5 of this report.

The Audit Office retains an understanding of our business, the environment in which we operate, our objectives and strategies and internal controls. This includes acquiring an understanding of the information systems and related business processes relevant to our financial reporting objectives (including the accounting system) and how we have responded to any related financial reporting risks. Relevant Audit Office performance audits or internal audit activity are considered as part of this process.

Our performance is also subject to review through the Senate Estimates process. Parliament may also review and disallow legislative instruments proposed by AFMA as part of its delegated functions.

Outcomes of judicial and administrative tribunals are referenced at Appendix 2: ‘Civil Litigation Outcomes'.

Corporate Planning and Reporting

AFMA's Planning and Reporting Framework is consistent with the obligations under the Fisheries Administration Act 1991, whole-of-government requirements under the Public Governance, Performance and Accountability Act 2013 and Public Governance, Performance and Accountability Rule 2014. These obligations together with our own internal documents support effective governance. The key elements are:

Performance monitoring

We prepare three planning documents and a performance reporting document each year. In addition, we undertake an annual self-assessment of our regulatory operations and performance. Monitoring of progress and accountability for delivering outputs is a key responsibility for our staff. Individual performance agreements and reviews of periodic reports by managers, committees, Senior Executives, the Commission and stakeholders all help ensure that we remain on target. Each quarter the AFMA Commission receives a report on progress against the strategic actions contained in the Annual Operational Plan.

Section Plans

Every business unit within AFMA is required to develop section plans. These plans ensure that business activity across the agency is both coordinated and focused on delivering directly to our objectives as outlined in our Annual Operational Plan. These plans form the basis of allocating resources to the various business activities and/or specific projects that directly support the outcomes of the Annual Operational Plan. The section plans also inform individual staff performance plans against which our staff are assessed throughout the reporting period in accordance with our performance development scheme.

Risk Management

The AFMA Risk Management Framework incorporates a Risk Management Policy and Risk Management Guidelines that are consistent with the Commonwealth Risk Management Policy and international standards (ISO 31000:2018).

To support the framework, we are developing a statement of Risk Appetite. This document is currently in consultation and will articulate our position with regards to specific risk categories.

The framework is aligned with our corporate goals to ensure all our staff remain focused on achieving those goals while managing the identified risks associated with them. This approach ensures that our staff at all levels of the agency are responsible for participating in risk management processes. It also delivers cost-efficient fisheries management by allowing our managers to make informed decisions and assign resources effectively.

Oversight of risk management activities is provided by the AFMA Audit and Risk Committee who provide external expertise and the Risk Management Committee which is comprised of representatives from across AFMA. AFMA's Risk and Assurance Manager supports staff to manage risk by providing tools and advice on risk management practices.

We maintain operational, enterprise and strategic risk monitoring and reporting processes in accordance with our Risk Management Policy and Risk Management Guidelines.

AFMA's Risk Management Framework assists in the identification, management and escalation of operational risks and a consolidated view of entity risks at the Enterprise and Strategic levels.

Our Risk Management Framework incorporates reporting, assessment and business process; aligned with both the Commonwealth Risk Management Policy and relevant standards. Key organisational risks are detailed in the Enterprise and Strategic Risk registers, and include staff safety and well-being, cybersecurity as well as strategic risks in relation to fisheries management and compliance. The registers identify specific and appropriate controls, and are updated every six months.

AFMA's risk management process is illustrated below:

Business Continuity

AFMA's Business Continuity Plan is a living document and requires updating after each walkthrough, bench or live exercise to incorporate the results of these activities. The Plan provides guidance to AFMA Management in establishing alternative arrangements and enables the priority allocation of resources to critical business processes to ensure that we are able to continue to function effectively during and following a significant disruption.

The Plan includes emergency contacts, cyclone response procedures for our Darwin and Thursday Island offices and information and communications technology disaster recovery protocols. The Business Continuity Plan includes procedures for all phases of recovery as defined in the Business Continuity Strategy document. This plan is separate from AFMA ICT Disaster Recovery Plan, which focuses on the recovery of technology facilities and platforms, such as critical applications, databases, servers or other required technology infrastructure. The Business Continuity Plan is tested, reviewed and updated annually, and monitored by the AFMA Audit and Risk Committee.

Project Management Framework

AFMA's Strategic Delivery Framework supports the planning and delivery of key projects across the organisation. The framework has been developed to support improved governance and oversight of all key projects required to be delivered to meet AFMA’s Annual Operational and/or Corporate Plans. The framework provides increased accuracy in allocating, resourcing and managing project deliverables.

The Strategic Delivery Committee, made up of AFMA's Executive, oversees the delivery of relevant key project work. Meetings during 2018-19 reviewed a number of business cases. Projects initiated during the year included upgrades to AFMA's ICT (further outlined below, in Information Management) and the transition of the Canberra office to its new location.

The Strategic Delivery Framework provides defined project management processes, coordination and systematic reporting. For further information on the Strategic Delivery Committee see Appendix 1.

Data and Information Management

During 2018-19 the Technology and Digital Services (TDS) team progressed significantly in the delivery of the outcomes associated with the 2018-19 ICT Strategy. The strategy compromises four key programs of work, including;

1. Reliable Business Systems – reducing the work required to maintain and support old applications and infrastructure, and better utilise TDS resources.
2. Mobility and Flexibility – enabling our staff to be mobile, enabling them to work more collaboratively across our various offices and remotely in the field, both nationally and internationally.
3. Improved Business Engagement – supporting our business areas through an effective service delivery model that meets operating needs.
4. Data and Client Services – harnessing the value of data and analytics by implementing a modern architecture and leveraging innovative technology, in the pursuit of enhanced service delivery for us and our clients.

In delivering this work the TDS team focused on the underlying technology to stabilise the operating environment and subsequently modernise the technology in support of a more mobile, agile and collaborative agency. Underpinning these deliverables was a progression into the Microsoft cloud, which extended to the delivery of a new operating environment in line with the Australian Government's Common Operating Environment guidelines and the provision of laptops to all our staff.

The delivery of new technology also provided an opportune time to focus efforts on reviewing and enhancing our cyber security posture and in particular, compliance against Australian Cyber Security Centre's Essential 8 mandates. Through these efforts we are well positioned to counter cyber security threats and are confident the safeguards we have applied are strong and fit for purpose to protect our key assets.

The delivery of these items were fundamental to the success of the Canberra Relocation project, which introduced a new agile approach to how AFMA conducts its work, and greatly supported mobility and collaboration within the new work environment.

The relocation to our new Canberra office also presented further opportunities in our efforts to meet the Australian Government Digital 2020 policy. The team actively contributed towards the internal PaperLite strategy, which drastically reduced our paper holdings and commenced digitising internal processes to remove the need for paper into the future. This initiative saw an estimated 1430 boxes (approximately 112 000 files) containing official records relocated offsite with the intention to sentence all files and log these into our records compliant Electronic Document Management System.

Following the delivery of these key outcomes, the team progressed its work into the Data and Client Services program, and commenced activities to deliver the e-Fish project, and subsequently commenced an internal project to digitise the capture of key external data, such as logbook and catch disposal records. The Agency Data Capture Project was initiated to commence this work, which delivered a proof of concept demonstrating how Application Programming Interfaces (APIs) can be used effectively to capture key data and integrate these into the AFMA architecture. Through the next phase of the Agency Data Capture project, we are eager to progress the use of modern standardised technology (APIs) to better capture and integrate the data we value to start driving improved business performance and evidence based decision making.