Our corporate governance is accountable and transparent. We are committed to legislation and policy compliance, as well as business practice excellence that delivers confidence and trust from our clients, stakeholders and employees.

Governance practices are incorporated into all of our activities, providing effective mechanisms for corporate responsibility and informed, transparent decision making. An effective but practical governance framework supports and enables the business to deliver our business objectives.

We review our governance framework for ongoing adequacy and currency in the current context of the business. To do so we use gap analysis and reporting to identify opportunities for governance frameworks to better support the business, particularly in the following areas:

• Risk
• Compliance (including Freedom of Information and Privacy)
• Audit
• Fraud
• Complaints.

The standard governance activities that deliver value to our business include:

• Regular review and reporting on risk registers (strategic, operational and project risk)
• Monthly whole-of-business reporting on internal controls deficiencies (incident and breach reporting)
• Assurance mapping of the internal control environment
• Regular reporting on established statutory and compliance obligations
• Monitoring for new statutory and compliance obligations
• Induction and periodic staff training on compliance policies (annual training calendar)
• Internal audit program
• Corporate planning and reporting.

Drawing on our in-house capabilities, we delivered our governance requirements in 2018–19
with the following improvements:

• Enhancing our approach to risk management (including WHS, cyber, operational and project risk management)
• Further developing the Complaints Management Framework
• Refining the Business Continuity Framework
• Embedding an internal legal function.