As a statutory agency in the Defence portfolio, ASD reports directly to the Minister for Defence, Senator the Hon Linda Reynolds CSC. ASD operates under the PGPA Act and the Intelligence Services Act 2001 (ISA). The Director‑General ASD is the accountable authority of ASD.
All of ASD's activities are subject to oversight from the Inspector-General of Intelligence and Security (IGIS). ASD's performance and financial statements are auditable by the Auditor‑General.
The Parliamentary Joint Committee on Intelligence and Security (PJCIS) provides further oversight of ASD's administration, expenditure, enabling legislation, and any matters referred by the Australian Senate, House of Representatives, or a Minister of the Australian Government. ASD also appears before the Senate Standing Committee on Foreign Affairs, Defence and Trade during Estimates hearings.
On 28 August 2019, ASD published its second corporate plan, covering the period 2019–20 to 2023–24.
The course of the two corporate plans now published by ASD has remained constant as ASD continues its maturation process since becoming a statutory agency on 1 July 2018, including strengthening its reporting and performance framework and governance functions.
The Director-General is assisted in administering ASD by the Executive Committee and its subcommittees (see Figure 4). ASD's governance framework was streamlined during 2019–20 with an amalgamation of subcommittees and will continue to undergo further reform over the next reporting period.
ASD's Executive Committee is the primary decision-making committee within ASD, with the Director-General ASD as the accountable person.
The role of the Executive Committee is to provide advice to the Director‑General ASD, set the strategic direction for ASD, and provide oversight of all ASD activities. The Executive Committee assists Director‑General ASD to ensure ASD meets the highest standards of governance, performance and accountability, with Director‑General ASD having ultimate decision-making authority on all issues.
The Executive Committee met fortnightly during 2019–20.
ASD Audit and Risk Committee
In accordance with section 45 of the PGPA Act, the ASDARC comprises external and internal members and has a responsibility to monitor, review, and where appropriate, make recommendations to the Director‑General ASD with respect to financial reporting; performance reporting; and systems of risk oversight, including fraud risk assessment, deterrence and prevention; systems of internal control; and internal and external audit.
The Committee’s charter sets out its authority, composition and tenure, role and responsibilities, and reporting and administrative arrangements. The charter is available on ASD’s website at www.asd.gov.au.
The individuals listed in Table 1 held positions on the Committee during the reporting year.
Qualifications, knowledge, skills or experience (include formal and informal as relevant)
Number of meetings attended / total number of meetings
Total annual remuneration
Qualifications: Bachelor of Economics (ANU), FCA, GAICD and Registered Company Auditor.
Notable Role: Independent Chair of ASDARC since its establishment and serves on the board of audit committees for a number of government and private sector entities.
5 of 5
Vivienne Thom AM
Qualifications: Graduate of the Australian Institute of Company Directors and qualifications in government investigations.
Notable Role: Former Australian Government agency head and an inaugural member of ASDARC.
5 of 5
Qualifications: Bachelor of Arts (Computing, Statistics) (ANU), FAICD, CISA, CISM.
Notable Role: An inaugural member of ASDARC who provided the Committee with 34 years’ experience in internal audit and information technology.
5 of 5
Qualifications: Bachelor of Science (Honours), Masters of International Studies, Graduate Diploma Applied Finance.
Notable Role: Member of ASDARC since early 2020.
2 of 5
Qualifications: 38 years of experience across the ASD business areas.
Notable Role: An inaugural member of ASDARC who provided the Committee subject matter expertise on ASD’s operations.
0 of 1*
Qualifications: Masters in Military and Defence Studies.
Notable Role: Joined the Committee in late 2019 and offered the Committee 14 years of intelligence, operational and policy experience.
3 of 5
Qualifications: 29 years’ worth of experience in signals intelligence across the Australian Defence Force and ASD.
Notable Role: An inaugural member of ASDARC, holding his position until March 2020. Offered the Committee operational expertise in leading and directing effects in support of ASD’s objectives.
3 of 5
Qualifications: Post Graduate Certificate in National Security Policy and a certification in Business Continuity Management, Portfolio, Program and Project Management (ANU).
Notable Role: Joined the Committee in early 2020 and provided the Committee 20+ years of experience in various operational and technical roles within ASD.
2 of 5
*Apologies for the August meeting were sent. Ms Moore left ASD in late 2019.
**A Commonwealth employee does not receive additional remuneration when serving as a Committee member.
Business Management Committee
The Business Management Committee (BMC) is ASD’s whole‑of‑enterprise decision‑making and consultation forum for ASD’s key enterprise enablement activities. The BMC was formed during 2019–20 by the amalgamation of the Finance Committee and the People Committee.
The BMC advises the Executive Committee on matters relating to people, finance, facilities and estate, workplace health and safety, risk, security and compliance, and ensures they remain aligned with ASD’s legislative requirements.
The BMC is chaired by Deputy Director‑General Corporate and Capability and has met five times since its inception during 2019–20.
Enterprise Performance Committee
The Enterprise Performance Committee (EPC) is ASD’s decision-making, reporting, and recommending forum for considering ASD’s performance against objectives across the enterprise. The EPC is responsible for ensuring there is effective oversight, accountability, and management of ASD’s performance.
The EPC advises the Executive Committee on matters relating to enterprise performance – including risks to performance and alignment to ASD’s purpose, strategic direction, and priorities.
The EPC was chaired by Principal Deputy Director for the three EPC meetings held during 2019–20. From May 2020, the EPC has been chaired by Deputy Director‑General Corporate and Capability. The EPC met three times during 2019–20.
Data, Technology, and Infrastructure Committee
The Data, Technology, and Infrastructure Committee (DTIC) is ASD’s peak data and technology decision-making committee. The DTIC takes a whole of organisation perspective on capability, risk, and investment to optimise ASD’s strategic outcomes through mastery of data and technology.
The DTIC advises the Executive Committee on significant data and technology investments, capability risk, infrastructure and services lifecycle management, and data management and handling. During 2019–20, the DTIC's role evolved to include portfolio management oversight.
The DTIC is chaired by Deputy Director-General Corporate and Capability. The DTIC met nine times during 2019–20.
Management Review Committee
ASD's Management Review Committee (MRC) is the key body for managing staff wellbeing and personnel security risks for the agency.
Where required, the MRC considers potential issues of concern related to employee organisational suitability in a manner which balances intelligence-related equities and appropriate personnel management.
The MRC does not consider issues related to the security clearance process, broader employment conditions, Code of Conduct, other administrative investigations or performance management activities.
The MRC is chaired by the Deputy Director-General Corporate & Capability and Deputy Director-General Signals Intelligence and Network Operations. The MRC met 23 times during 2019–20.
The Compliance Committee is the responsible body for ensuring ASD meets the highest standards of governance, performance and accountability through the establishment and maintenance of best practice compliance and oversight procedures.
Where required, the Compliance Committee ensures all compliance breaches, suspected and confirmed, are investigated following established procedures, reviews emerging compliance issues and assesses ASD’s legal and regulatory frameworks in line with legislation and review recommendations.
The Compliance Committee is chaired by the Deputy Director-General Corporate & Capability and met quarterly during 2019–20.
Management of risk and fraud
As a non-corporate Commonwealth entity, ASD must comply with the Commonwealth Risk Management Policy (CRMP), which supports the requirements of sections 16 and 21 of the PGPA Act.
ASD continues to embed risk management principles to support timely decision‑making and reporting, prioritisation of resources, increased compliance and efficiency, and continual improvement in operations. The ASDARC is a key component of ASD’s enterprise-level risk management success.
Managing risk well enables ASD to achieve its purpose, strategic objectives and to meet government priorities. ASD is committed to promoting a positive risk culture to ensure an open and proactive approach to risk is used. ASD continues to balance opportunity and accountability while operating with integrity to manage risk to ensure the Australian public’s trust and confidence are maintained.
During the reporting period, ASD reviewed its existing Risk Management Policy and Framework to support a positive risk culture while continuing to maintain alignment with ASD's business objectives, legislative requirements, the Commonwealth risk management policy and industry best practice.
Fraud control and prevention
All staff within ASD’s mission, regardless of seniority, must adhere to policies and procedures and be held accountable for their actions. ASD takes all reasonable steps to minimise the potential for fraud by designing and implementing internal controls that prevent, detect and deal with fraudulent behaviour. ASD takes a stringent approach to fraud of ‘educate, trust and verify’. Given ASD’s role, operating environment and reliance on partners, the protection of its people, information and assets is paramount.
All staff members are responsible for ensuring strong, robust and effective fraud control. In 2019, ASD undertook a fraud risk assessment and developed a Fraud Control Plan to ensure that fraud risks are adequately mitigated, monitored, reported, and controlled.
Every two years, ASD staff members must complete mandatory training on fraud and integrity awareness. Fraud educational messaging is regularly promoted through activities such as International Fraud Awareness Week and the Department of Defence’s Into the Mind of a Fraudster podcast series.
During the reporting year, ASD participated in the Australian Institute of Criminology’s Annual Fraud against the Commonwealth Census for the first time as a statutory agency.
ASD staff members can also make disclosures of suspected wrongdoing through the Public Interest Disclosure Scheme or to the Inspector-General of Intelligence and Security. During the reporting year, ASD investigated two allegations of inappropriate financial transactions with one displaying a potential fraud element. Both allegations were investigated under section 48(1) of the Public Interest Disclosure Act 2013. The investigation found no fraud or misconduct had occurred. ASD reported the findings of the investigation to the IGIS and the ANAO.
ASD's ethical structure is shaped around the legislation that governs ASD business and activities, and is embedded in its organisational values.
ASD has a robust internal operational compliance and oversight function to ensure it complies with the spirit and letter of the law. ASD’s internal programs provide timely operational compliance advice, policy and training, as well as carrying out self-regulatory functions through investigations and assurance activities. Combined, these internal programs are designed to ensure ASD undertakes all mission activities in accordance with legislation, policy and Ministerial Directions. ASD also works closely with the IGIS, who provides independent assurance to Ministers, the Parliament and the public that ASD acts with legality, propriety and consistency with human rights.
ASD staff are committed to upholding organisational values (Figure 5), which are an integral aspect of ASD's culture and are reflected in the Code of Conduct.