The AIHW is headed by our CEO, Mr Barry Sandison, who is responsible for its effective day-to-day administration. Under the AIHW Act, the CEO is appointed by the AIHW Board for a period not exceeding 5 years.
A new structure commenced on 11 November 2019 comprising the CEO and 11 groups, with each group headed by a senior executive (see page 71). Each group comprises a number of units led by an APS Executive Level 2 officer.
Details of the CEO, senior executives and staff are in Chapter 5: Our people.
The Executive Committee provides cohesive leadership to the AIHW and advice to the CEO to assist in managing its operations and ensuring delivery of the strategic imperatives endorsed by the AIHW Board. The Executive Committee is chaired by the CEO and its membership includes all group heads.
Formal Executive Committee meetings were held fortnightly during 2019–20, with the committee meeting weekly from March to June to support AIHW’s response to the COVID-19 pandemic. A focus on internal communications and building external stakeholder relationships underpin Executive Committee activities.
Standing items for discussion during 2019–20 included: the strategic directions of the AIHW; business arising; staffing issues and allocation of resources; finance issues; and updates on major projects, such as flagship publications, digital health and developments in linked data assets. The Executive Committee also regularly discusses our priority actions and our strategic and operational risks.
Responding to the COVID-19 pandemic presented a significant challenge to the Executive Committee. Measures taken included increased meeting frequency with regular discussion on Institute-wide activities related to COVID-19. The AIHW embraced opportunities to contribute expertise and technical support for the rapid provision of data to inform the Australian Government’s response to the pandemic.
Data Governance Committee
The Data Governance Committee is chaired by the Deputy CEO. It advises the Executive Committee on data governance and related matters. This committee is required to create and implement an annual work program of data governance activities, detailing priority areas of action.
The committee also makes operational decisions, and provides advice and recommendations to the Executive Committee on significant data governance matters. In 2019–20, the Data Governance Committee met 3 times (the fourth scheduled meeting was cancelled in response to COVID-19 constraints), convened 4 data custodian forums, and reported to the Executive Committee on the delivery and/or progress on the projects in its work plan. Significant items in the work plan this year were:
- updating the Guidelines for the Custody of AIHW Data
- developing a consolidated and comprehensive AIHW De-identification Policy
- initiating a comprehensive review of the Data Governance Framework.
ICT Strategy Committee
The ICT Strategy Committee (ICTSC) is chaired by the CEO. It directs the development and implementation of the AIHW’s ICT strategic vision. It also oversights strategic programs and delivery of projects with significant ICT components, risks related to ICT initiatives and provides advice to the Executive Committee on enterprise technology decisions.
In 2019–20, the ICT Strategy Committee replaced the former ICT Steering Committee to provide a governance model better suited to delivering a business-oriented ICT capability at the AIHW.
The Security Committee (SC) is chaired by the Group Head, Business and Communications Group. It provides the Executive Committee with assurance that security risks to the AIHW are identified and managed effectively in compliance with the requirements of relevant legislation and the AIHW’s internal policies. The Security Committee drives organisational commitment to effective information (including data), personnel and protective security.
Statistical Leadership Committee
The Statistical Leadership Committee was established in 2019–20 as an additional specialist subcommittee. It is chaired by the Deputy CEO. This committee provides leadership on statistical matters, develops and actions statistical priorities and provides advice to the CEO to assist in the management of, and investment in, statistical operations. In 2019–20, the committee considered the AIHW’s ongoing data analytics toolkit, geospatial strategy, approaches to confidentiality and data linkage.
We protect the privacy of the information we hold under a comprehensive set of data governance arrangements involving designated data custodians, the AIHW Ethics Committee, audit activities and physical and ICT security. These multiple layers of defence ensure that data are accessed only by authorised personnel for appropriate purposes in a secure environment.
Our second annual Privacy Management Plan, developed in response to the Privacy (Australian Government Agencies— Governance) Australian Privacy Principles Code 2017, set 8 actions to improve aspects of our privacy maturity. Our assessment did not reveal any compliance gaps; it enabled us to identify actions for improvement that further strengthened our privacy culture and the maturity of our systems to protect the privacy of individuals. Progress against these actions was monitored by the Executive Committee on a quarterly basis.
We manage data professionally, with due respect for its sensitivity, and with privacy and confidentiality assured through legislation, robust data policies and procedures. This approach includes use of rigorous controls to determine access and release arrangements, and the scrutiny of a legally constituted and independent AIHW Ethics Committee.
During 2019–20, we focused on one of our strategic priority actions, ‘Develop and implement unified policies (including rigorous re-identification controls) for safe sharing and release of data’. An AIHW De-Identification Policy was endorsed by the Executive Committee on 15 June 2020. This new policy consolidated our practices for confidentialising reports and other publicly released data, with our approach to confidentialisation of unit record data for use by researchers, while meeting the requirements of the Office of the Australian Information Commissioner. It also harmonises use across the AIHW of the Five Safes framework—a risk assessment framework for data access (safe projects, safe people, safe data, safe settings and safe outputs).
Data Governance Framework
Our Data Governance Framework provides an overview of our robust data governance arrangements, including:
- a description of key concepts in data and data governance
- the legal, regulatory and governance environment in which we operate
- core data governance structures and roles
- an overview of our data-related policies,
- procedures and guidelines
- systems and tools supporting data governance compliance regimes
- how these elements work together to support the AIHW in executing its functions and meeting its data-related obligations.
The framework and a short overview document, Data governance—in-brief, are available at www.aihw.gov.au/about-our-data/data-governance.
ICT and data security
ICT interacts with several levels of governance to deliver secure and effective services for the AIHW. ICT governance is managed primarily through the ICTSC and the SC. We developed new policies, frameworks and, where appropriate, updated existing policies in accordance with the Australian Government's Security Framework and Guidelines.
We continued to raise both our cybersecurity awareness and capabilities. We accredited a number of systems to operate in the AIHW ICT environment. We also implemented a new audit and logging capability which provided our ICT security staff with the ability to better prevent unauthorised intrusion and improve investigative capability.
AIHW implemented cybersecurity training for staff, specifically in the areas of phishing, and undertook awareness campaigns in October 2019 and during COVID-19 with the objective of reducing opportunities for malicious acts on our ICT infrastructure. We created a real- time dashboard for cybersecurity to improve responsiveness to security alerts.
During COVID-19, we saw an increase in targeting of ICT systems and personnel. In conjunction with our strategic vendors and the Australian Cyber Security Centre, we were able to react to advice from the centre, confirm that no compromise occurred and monitor the increasing threats to our external environments. Additionally, improvements to security in our email environments saw the AIHW manage an increased threat from both spam email and email with malicious intent.
Financial management in the AIHW operates within the following legislative framework:
- AIHW Act
- PGPA Act
- Auditor-General Act 1997.
Our internal operations are funded by:
- parliamentary appropriations through the Budget
- contributions from income received for project work undertaken for external agencies
- miscellaneous sources, such as bank account interest and ad hoc information services.
Our externally funded project work is undertaken by our statistical groups. Fees charged for each project are determined using a pricing template that includes salaries and on-costs, other direct costs and a corporate cost-recovery charge for infrastructure and corporate support. The pricing template is updated each year. Expenditure incurred in each project is accounted for separately and monitored monthly.
The AIHW is required by section 30 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) to comply with the Commonwealth Procurement Rules, which establish requirements for Australian Government entities regarding their procurement activities. The procurement rules are available at www.finance.gov.au/ commonwealth-procurement-rules.
We comply with the mandatory procedures for all procurements above the $400,000 threshold. We complied with our obligations under the procurement rules in 2019–20.
For purchase contracts with suppliers, we use, wherever possible, template contracts prepared by legal advisers. These contracts aim to manage risks and ensure value for money through provisions such as: defined deliverables and performance standards linked to milestone payments; necessary insurances and indemnities; intellectual property ownership and requirements; and requirements for privacy and confidentiality.
Purchase contract payments are typically made on the successful delivery of services.
Most revenue contracts were for provision of services related to projects managed by our statistical units. Our revenue contracts and standard schedules for MoUs detail the scope, timing, deliverables and budget for externally funded projects.
Any contract over $1,500,000 must be approved by the CEO.
Non-financial assets are managed according to the AIHW’s policies and procedures for the acquisition, disposal and loss of relevant property.
Non-financial assets are reported in the Financial Statements at their fair value. All assets are reviewed annually for their value with a formal valuation performed, at least every 3 years, with the most recent valuation processed on 30 June 2020.
Risk oversight and management
The AIHW Board is accountable for oversight of the Risk Management Framework (RMF). It obtains advice from the RAFC, which is responsible for making recommendations to the board on any aspect of risk management, undertaking 6-monthly risk management reviews based on reports received from the CEO, and making recommendations to the board.
During 2019–20, the AIHW continued on its risk management journey. Following AIHW Board approval of the comprehensive updated RMF and new Strategic Risk Profile (SRP) in June 2019, a major focus in 2019–20 was on its implementation.
To embed a risk-based culture across the AIHW, information about the updated RMF and new SRP was disseminated across the AIHW through newsletters to all staff, postings on the intranet and discussions at staff forums. AIHW staff also had access to online risk management training courses available on LearnHub.
Ongoing monitoring of the RMF and SRP was undertaken by the CEO and the Executive Committee throughout the year. A formal assessment of the following 8 strategic risks was completed every 6 months:
- breach of cybersecurity
- externally driven disruption
- major project failure
- ‘growing pains’
- preparedness of ICT systems to handle very large, complex data sets
- data governance and privacy
- key person risk
- loss of reputation with stakeholders.
Each 6-monthly assessment monitored the progress of actions underpinning all strategic risks and reviewed: risk ratings, mitigating factors, decisions, effectiveness of controls and trend ratings.
The first annual strategic risk report from the CEO was presented to the AIHW Board in June, through the RAFC. As outlined in the report, the COVID-19 pandemic had a big impact on day-to-day operations. In response to the pandemic, the AIHW successfully continued to deliver its product and services, with some minor delays, by increasing its capacity to support most staff working from home. At the same time, the AIHW managed the work health and safety (WHS) risk of COVID-19 in its workplaces in line with government advice and restrictions.
Next year, the AIHW plans to take further steps on its journey to embed the revised RMF and new SRP by continuing to provide risk management training and support for its senior executives and staff in managing high operational and project risks.
Freedom of information
In accordance with section 11C of the Freedom of Information Act 1982 (FOI Act), the AIHW is required to publish information that has been released in response to a freedom of information access request.
The AIHW is not required to publish:
- personal information about any person if publication of that information would be ‘unreasonable’
- information about the business, commercial, financial or professional affairs of any person if publication of that information would be ‘unreasonable’
- other information, covered by a determination made by the Australian Information Commissioner, if publication of that information would be ‘unreasonable’
- any information if it is not reasonably practicable to publish the information because of the extent of modifications that would need to be made to delete the information listed in the above points.
In 2019–20, the AIHW received 5 requests made under the FOI Act.
Information Publication Scheme
The FOI Act established the Information Publication Scheme for Australian Government agencies subject to the FOI Act. Under the scheme, agencies are required to publish a range of information, including an organisational chart, functions, annual reports and certain details of document holdings.
The required information is published on our website www.aihw.gov.au/about-us/freedom-of-information/information-publication-scheme-ips.
Freedom of information requests and enquiries should be sent to:
FOI Contact Officer
Ethics, Privacy and Legal Unit
Australian Institute of Health and Welfare
GPO Box 570
Canberra ACT 2601
or emailed to foi [at] aihw.gov.au.
Public interest disclosure
The Public Interest Disclosure Act 2013 creates a public interest disclosure scheme that promotes integrity and accountability in the Australian public sector. It does this by:
- encouraging and facilitating the disclosure of information by public officials about suspected wrongdoing in the public sector
- ensuring that public officials who make public interest disclosures are supported and protected from adverse consequences
- ensuring that disclosures by public officials are properly investigated.
The Commonwealth Ombudsman is responsible for the public interest disclosure scheme and further information is available at www.ombudsman.gov.au.
In 2019–20, the AIHW received no disclosures under this Act.
Under the Public Interest Disclosure Act, every Australian Government agency must appoint authorised officers to handle public interest disclosures. Disclosures can also be made to a supervisor or manager, who must pass it to an authorised officer. Information on Public Interest Disclosure is on our website at www.aihw.gov.au/about-us/public- interest-disclosure.
As a Commonwealth corporate entity, we have specific reporting requirements under the PGPA Rule and other Commonwealth legislation. This section includes mandatory requirements not reported elsewhere in this report. An index of compliance with our mandatory reporting is at Appendix 4: Compliance index.
Finance law non-compliance
The AIHW had no significant issues relating to finance law non-compliance in 2019–20.
Related entity transactions
The AIHW had no related entity transactions in 2019–20.
Unobtainable information from subsidiaries
The AIHW does not have any subsidiaries.
Indemnity applying to the entity and its officers
We have insurance policies through Comcover and Comcare that cover a range of insurable risks, including property damage, general liability and business interruption.
In 2019–20, the Comcover insurance policy included coverage for directors and officers against various liabilities that may occur in their capacity as officers of the AIHW.
Standard insurance premiums of $19,158 excluding goods and services tax (GST) were paid to Comcover in 2019–20, compared with $15,714 for 2018–19.
The AIHW made no claims against its directors’ and officers’ liability insurance in 2019–20.
Judicial or tribunal decisions
There were no legal actions lodged against the AIHW and no judicial decisions directly affecting us in 2019–20.
Reports by other bodies
No reports were made by the Auditor- General, a Parliamentary Committee, the Commonwealth Ombudsman or the Office of the Australian Information Commissioner in relation to the AIHW in 2019–20.
Section 5 of the Modern Slavery Act 2018 requires entities based, or operating, in Australia, which have an annual consolidated revenue of more than $100 million, to report annually on the risks of modern slavery in their operations and supply chains, and actions to address those risks.
The AIHW’s consolidated revenue was below the $100 million threshold.
Compliance with the Legal Services Directions 2017
The Legal Services Directions 2017 require us to provide the Attorney-General’s Department within 60 days of the end of the financial year:
- a report of our legal services expenditure for the financial year
- a certificate of compliance in relation to the Legal Services Directions 2017.
We complied with our obligations for 2019–20 and our legal expenditure was $161,401 (GST exclusive), compared with $162,969 in 2018–19.
Advertising and market research
Section 311A of the Commonwealth Electoral Act 1918 requires us to report payments of $14,000 and above for advertising and market research. In 2019–20, the AIHW did not undertake any advertising campaigns or make individual payments for advertising that exceeded the prescribed threshold.