AFMA as a non-corporate statutory body forms part of the Commonwealth government. It is governed by a Commission which is responsible for exercising functions and powers in relation to domestic fisheries management. The Chief Executive Officer is responsible for assisting the Commission, in giving effect to its decisions. In addition the Chief Executive Officer is separately responsible for exercising AFMA's foreign compliance functions and powers, and for functions under the Torres Strait Fisheries Act 1984.
The Minister for Agriculture, Drought and Emergency Management appoints the chairperson, part-time commissioners and the Chief Executive Officer. Following advice from the chairperson, the minister appoints a part-time commissioner as deputy-chairperson. The minister is also the approving authority for AFMA's Corporate Plan, Annual Operational Plan and all Fishery Management Plans determined by AFMA. Some or all duties of the Minister are typically delegated to the Assistant Minster for Forestry and Fisheries.
The Chief Executive Officer is subject to Ministerial Direction with regard to the Authority's foreign compliance functions, and under the Public Service Act 1999 is required to be responsive to government in implementing the government's policies and programs.
For more information about AFMA's Commissioners, see Appendix 1 to this report.
Disclosure of interests
Commissioners must disclose to the Minister for Agriculture, Drought and Emergency Management any pecuniary or other interest that may relate to their AFMA functions, both prior to appointment and if such interests arise during their terms of office. Disclosures of interests are kept on a register of interests held by AFMA's Executive Secretary. Where a Commissioner declares they have an interest in a matter under consideration by the Commission it will initiate procedures to safeguard the integrity of the Commission's decisions.
The Commission conducts a simple review of its performance at each Commission meeting. These documented reviews address the effectiveness of the Commission in its decision making, corporate governance and maintenance of stakeholder relationships. With the commencement of a new Commission in July 2019, AFMA has taken the opportunity to seek views from industry bodies as to how the Commission could strengthen its stakeholder engagement.
AFMA strives to achieve governance arrangements, together with the associated systems and processes used, that are best practice. To this end we utilise internal audits as an essential tool to independently identify any deficiencies in these processes and control systems whilst at the same time providing opportunities to deliver better practices that will improve the efficiency, cost effectiveness and transparency of our management and regulatory arrangements.
During the reporting period the Strategic Internal Audit Plan for 2017-19 was finalised. BellchambersBarrett were re-appointed as internal auditors for three years commencing in January 2020. The internal auditor in collaboration with AFMA Management and the AFMA Audit and Risk Committee established a Strategic Internal Audit Plan for 2020-22. The Strategic Internal Audit Plan outlines the intended audits that will be conducted over the three year period. These proposed audits are intended to address high level risks that have been identified as part of our Risk Management Framework.
Drawing on the 2017-19 and 2020-22 plans, the independent auditor completed or commenced the following four audits during 2019-20 on the following areas of AFMA's business operations:
Observers’ Program performance audit
This audit focused on reviewing the effectiveness and efficiency of the AFMA Observer Program including compliance with key risk areas of the AFMA Observers Program Manual; trip planning and logistics arrangements including travel and accommodation arrangements and provision of required equipment; and the timely and accurate completion of financial acquittal processes;
Review of the implementation of the ICT Strategic Plan audit
This audit focused on assessing the strength and maturity of the control framework established by AFMA to manage ICT risks and security. This included assessing AFMA’s implemented controls against the requirements of the Australian Cyber Security Centre’s Essential Eight mitigating strategies for the prevention of cyber intrusion; and the effectiveness of AFMA’s ICT change management framework,.
AFMA Training Review
The focus of this audit was to review the management of mandatory training across AFMA. This included assessing how AFMA’s mandatory training is identified, the extent to which mandatory training is monitored and the follow-up actions undertaken for staff who have not completed mandatory training.
Annual Performance Statements quality assurance
This audit focused on reviewing the accuracy and validity of information supporting the AFMA 2018-19 and 2019-20 performance report. Additionally, the audit assessed progress achieved relating to the four audit recommendations made in the 2019 AFMA Performance Statement internal audit.
AFMA Management has endorsed and implemented the majority of the recommendations from these audits. Work on outstanding endorsed recommendations will be undertaken during 2020-21 and monitored by the AFMA Audit and Risk Committee.
We have also established a number of standing committees which provide oversight and governance over our other key business operational activities.
These committees include:
Strategic Delivery Committee – oversees the delivery of all key project works that directly align with AFMA's Strategic goals and/or Annual Operational Plan objectives.
Data and Information Management Committee – provides a strategic approach to managing data, information and records to reduce business risk, increase accountability, and improve operational efficiencies.
Security Governance Committee – reviews and monitors AFMA's security governance arrangements against the security threats and vulnerabilities identified by the Australian government and faced by AFMA in delivering its objectives.
Risk Management Committee – provides oversight from a cross-agency perspective on the management and control of AFMA's business risks and to support the implementation of the agencies risk management framework.
The Chief Executive Officer, as required under the Public Governance, Performance and Accountability Act 2013, has maintained the Audit and Risk Committee to also provide independent internal scrutiny of AFMA business operations. Further details of these committees are provided in Appendix 1.
AFMA's financial statements are audited annually by the Australian National Audit Office (the Audit Office). The Audit Office examines the strength of our internal controls to obtain reasonable assurance as to whether our annual financial statements as a whole are free from material misstatement. The results of their audit are presented in their report on the financial statements accessible in part 5 of this report.
The Audit Office retains an understanding of our business, the environment in which we operate, our objectives and strategies and internal controls. This includes acquiring an understanding of the information systems and related business processes relevant to our financial reporting objectives (including the accounting system) and how we have responded to any related financial reporting risks. Relevant Audit Office performance audits or internal audit activity are considered as part of this process.
Our performance is also subject to review through the Senate Estimates process. Parliament may also review and disallow legislative instruments proposed by AFMA as part of its delegated functions.
In 2019-20, the Commonwealth Ombudsman or the Audit Office did not release any reports that involved AFMA or that had, or might have, a significant impact on AFMA’s operations. There were no civil litigation outcomes during 2019-20.
We prepare three planning documents and a performance reporting document each year. In addition, we undertake an annual self-assessment of our regulatory operations and performance. Monitoring progress and accountability for delivering outputs is a key responsibility for all our staff. Individual performance agreements and reviews of periodic reports by managers, committees, Senior Executives, the Commission and stakeholders all help ensure that we remain on target. Each quarter the AFMA Commission receives a report on progress against the strategic actions contained in the Annual Operational Plan for 2019-20.
Every business unit within AFMA is required to develop section plans. These plans ensure that business activity across the agency is both coordinated and focused on delivering directly to our objectives as outlined in our Annual Operational Plan. These plans form the basis of allocating resources to the various business activities and/or specific projects that directly support the outcomes of the Annual Operational Plan. The section plans also inform individual staff performance plans against which our staff are assessed throughout the reporting period in accordance with our performance development scheme.
The AFMA Risk Management Framework incorporates a Risk Management Policy and Risk Management Guidelines that are consistent with the Commonwealth Risk Management Policy and international standards (ISO 31000:2018).
To support the framework, AFMA has developed a statement of Risk Appetite. This internal document was developed to support staff in assessing and monitoring risks. The Risk Appetite Statement articulates AFMA’s position with regards to specific risk categories.
The framework is aligned with our corporate goals to ensure all our staff remain focused on achieving those goals while managing the identified risks associated with them. This approach ensures that our staff at all levels of the agency are responsible for participating in risk management processes. It also delivers cost-efficient fisheries management by allowing our managers to make informed decisions and assign resources effectively.
Oversight of risk management activities is provided by the AFMA Audit and Risk Committee who provide independent external advice to the AFMA CEO and the Risk Management Committee which is comprised of representatives from across AFMA. AFMA supports staff to manage risk by providing tools and advice on risk management practices.
We maintain operational, enterprise and strategic risk monitoring and reporting processes in accordance with our Risk Management Policy and Risk Management Guidelines.
AFMA's Risk Management Framework assists in the identification, management and escalation of operational risks and a consolidated view of entity risks at the Enterprise and Strategic levels.
Our Risk Management Framework incorporates reporting, assessment and business process; aligned with both the Commonwealth Risk Management Policy and relevant standards.
During 2019, a body of work was undertaken to review and update AFMA’s Risk Management Framework to align with ISO 31000 (2018). This work included review and update of Operational and Strategic Risk Registers and convening the Risk Management Committee.
Key organisational risks are detailed in the Enterprise and Strategic Risk registers, and include staff safety and well-being, cybersecurity as well as strategic risks in relation to fisheries management and compliance.
In 2020, AFMA has maintained a strong focus on managing the impact of COVID-19 on our business operations, strategic planning and organisational risk profile. The safety and well-being of staff is a priority and AFMA will continue to monitor these risks and the implications for our staff, business operations and stakeholders in 2020-21.
AFMA's risk management process is illustrated below:
AFMA's Business Continuity Plan is a living document and requires updating after each walkthrough, bench or live exercise to incorporate the results of these activities. The Plan provides guidance to AFMA Management in establishing alternative arrangements and enables the priority allocation of resources to critical business processes to ensure that we are able to continue to function effectively during and following a significant disruption.
The Plan includes emergency contacts, cyclone response procedures for our Darwin and Thursday Island offices and information and communications technology disaster recovery protocols. The Business Continuity Plan includes procedures for all phases of recovery as defined in the Business Continuity Strategy document. This plan is separate from AFMA ICT Disaster Recovery Plan, which focuses on the recovery of our technology facilities and platforms, such as critical applications, databases, servers or other required technology infrastructure. The Business Continuity Plan is tested, reviewed and updated annually, and monitored by the AFMA Audit and Risk Committee.
The Business Continuity Plan (supplemented by our Pandemic Response Plan) was implemented on several occasions in 2019-20 in response to a cyclone alert in (Darwin), bushfire impacting our staff in the Canberra and Lakes Entrance office and the COVID-19 pandemic impacting or service delivery across all of our offices.
The AFMA Fraud Control Framework addresses internal fraud perpetrated within AFMA. The AFMA Fraud Policy applies to all our staff (and contractors) and outlines our zero tolerance policy. We have in place appropriate fraud prevention, detection, investigation and reporting procedures that meet the specific needs of the organisation. These mechanisms and procedures are regularly tested to ensure that they remain relevant and fit for purpose for AFMA.
Both the revised Fraud Policy and Fraud Control Plan meet AFMA's requirements under section 10 of the Public Governance, Performance and Accountability Rule 2014. To support the system of internal control, AFMA recognises the importance of being vigilant in relation to fraud risk and communicate expectations of fraud awareness and prevention to all our staff.
The Fraud Policy does not apply to fraud committed by parties external to AFMA, such as domestic or foreign fishers operating in the AFZ. The investigation of such fraud is undertaken by investigating officials within our Fisheries Operations Branch, or in some cases the Australian Federal Police. Please refer to Part 2, Section 3 on page 20 for further information.
Project Management Framework
AFMA's Strategic Delivery Framework supports the planning and delivery of key projects across the organisation. The framework has been developed to support improved governance and oversight of all key projects required to be delivered to meet AFMA’s Annual Operational and/or Corporate Plans. The framework provides increased accuracy in allocating, resourcing and managing project deliverables.
The Strategic Delivery Committee, made up of AFMA's Executive, oversees the delivery of relevant key project work. Major projects reviewed by the Strategic Delivery Committee in 2019-20 included development and implementation of the AFMA ICT Strategic Plan.
The Strategic Delivery Framework provides defined project management processes, coordination and systematic reporting. For further information on the Strategic Delivery Committee see Appendix 1.
Data and Information Management
During 2019-20 the Technology and Digital Services (TDS) team finalised the outcomes of the ICT Strategy surrounding four key programs including,
Reliable Business Systems – reducing the work required to maintain and support old applications and infrastructure, and better utilise TDS resources.
Mobility and Flexibility – enabling our staff to be mobile, enabling them to work more collaboratively across our various offices and remotely in the field, both nationally and internationally.
Improved Business Engagement – supporting our business areas through an effective service delivery model that meets operating needs.
Data and Client Services – harnessing the value of data and analytics by implementing a modern architecture and leveraging innovative technology, in the pursuit of enhanced service delivery for us and our clients.
The delivery of the ICT Strategy initiatives have been instrumental during COVID-19, providing AFMA staff with modern and robust technology to work remotely with confidence, security and convenience.
The TDS team continued to review and enhance our cyber security posture in this ever changing environment and partnered with the Australian Cyber Security Centre in mitigating various cyber threats. Through this continued effort AFMA is confident in the safeguards we have applied in protecting our key assets.
Finalising these key technology outcomes provided the team with the opportunity to continue in the delivery of our data initiatives, and in particular, the continued delivery of the e-Fish project which was completed in June 2020, and subsequently continuing an internal project to digitise the capture of key external data, such as logbook and catch disposal records.
Extending on the success of a pilot, the Agency Data Capture project saw the development of a suite of Application Programming Interfaces (APS) to effectively capture and share key data externally and into the AFMA IT architecture. The project also demonstrated how this platform can be used for enterprise wide data purposes, and successfully integrated with the vessel monitoring provider Trackwell and the Department of Home Affairs – further proving the simplicity on how this modern technology will allow AFMA to continue future data partnerships. Further information on the Agency Data Capture project is detailed in the Feature Story on page 33.
With AFMA well placed to pursue its data exchange initiatives with an advanced technological data sharing platform the team commenced activities to deliver an AFMA Data Strategy to ensure we strategically consider how to leverage the power of the ADC platform. In April 2020 AFMA engaged a consultant to commence the Data Strategy initiative which is being developed in 2 phases. The first phase being a “discovery” phase which will document what benefit a Data Strategy will bring to AFMA, what a tailored strategy will encompass, and finally how the strategy can be utilised and won’t be limited in its shelf life. Following the sign off from these milestones, phase 2 will then proceed to strategy development. This approach is being utilised to ensure AFMA gets the best value out of a data strategy artefact which sets a solid direction with tangible and accountable roadmap initiatives for AFMA to deliver in our pursuit to harness the power of our data.
Audit and Risk Committee
AFMA's Audit and Risk Committee provides independent assurance and advice to the Chief Executive Officer on AFMA's financial reporting, performance monitoring, systems of risk oversight and management and systems of internal control. The Committee's role in reviewing AFMA's treatment of strategic risks is also directly relevant to the work of the AFMA Commission. For further information on the Audit and Risk Committee see Appendix 1.