Go to top of page

3.1 Our governance

Comcare aims for excellence in its governance to promote public trust and confidence. Good governance for Comcare focuses on 2 key requirements:

  • performance – governance procedures and practices are designed to shape our results, and demonstrate results to the Executive, the government and stakeholders
  • conformance – our practices are designed to conform with applicable legislative and policy requirements, in addition to the public expectations of transparency and integrity.

Comcare’s leadership plays an important role in ensuring good governance practices are embedded throughout the organisation and how we work. On a day-to-day basis, governance is about the way officials make decisions and implement policies in practice.

In 2020–21, Comcare implemented a new governance framework based on 6 key management principles. These help to inform effective governance and underpin the design of our governance structures and systems. This principles-based approach promotes greater flexibility and responsiveness to government and customer needs.

Table 3: Comcare's Governance Principles

Principles in action

Alignment with our values


Consistent rules, practices and behaviours

  • We have meaningful mechanisms in place to ensure we adhere to all applicable standards and requirements.
  • We continuously monitor, review and evaluate performance and compliance, and adjust strategies, processes and systems to improve performance and ensure compliance.

Act with integrity and respect


A risk and evidence-based approach to decision making

  • We act with integrity and accountability, continually assessing risks to the achievement of objectives or compliance.
  • We have clear roles and responsibilities, and procedures for making decisions and exercising authority.


Commitment to work across boundaries

  • We collaborate in everything we do.
  • We share key information across groups and get the right people involved.

Collaborate and innovate


Ability to adapt to meet tomorrow’s challenges

  • We look for new ideas and think about what is happening across the broader environment.
  • We use flexible and evolving, principles-based systems.


Delegated authority and ownership of outcomes

  • We take every opportunity to enhance our performance, and ensure our services are responsive and provided in accordance with our values.
  • We are insight driven and committed to risk and evidence-based practices to ensure the best use of resources.

Strive to have a positive impact


Aligned to purpose, priorities and risk

  • We continually re-align to meet our short and long-term goals.
  • We work in alignment with our risk appetite.

Strategic planning and reporting

Comcare’s planning and reporting cycle is made up of various activities to confirm the organisations strategic direction, priorities and performance measures for the year ahead. Activities include:

  • Strategic direction assessment by Comcare’s Executive to confirm if our purpose, strategic priorities, performance measures and strategic risks are suitable for the year ahead, based on an environmental scan activity.
  • Review of performance measures to confirm if existing measures are effectively measuring performance against our purpose and priorities, and to identify opportunities for improvement as our work matures and progresses.
  • Organisational wide planning activities to confirm the portfolio programs and projects, continuous improvement initiatives and operational priorities for the year ahead. These activities consider budget, risk, workforce, capability, technology and business continuity needs.

Our planning activities support the development of our Portfolio Budget Statements, annual Corporate Plan, internal business plans and individual performance development plans.

Performance against targets set out in these documents are monitored through Comcare’s authoritative committees and the ARC and reported through our Annual Report.

In our planning cycle for 2021–22 we introduced a new performance measure with 2 supporting targets focused on regulatory best practice in line with changes to the Regulator Performance Framework introduced on 1 July 2021. This performance measure features in our Corporate Plan 2021–22 with outcomes to be reported in future Annual Reports.

Executive Committee and senior management committees

Under the PGPA Act, Comcare is a corporate Commonwealth entity with a CEO as the accountable authority. The CEO is assisted in the corporate governance functions by internal governance committees.

In 2020–21, Comcare implemented a new committee structure to clarify purpose, accountabilities and responsibilities at all levels in the structure.

There are 2 levels of governance committees under the new structure: Executive Committee and Authoritative Committees. Supporting structures to facilitate consultation and inform Comcare’s governance committees sit underneath these levels.

The Executive Committee provides strategic oversight and guidance of Comcare’s overall performance and accountability requirements. This committee is the highest level in Comcare’s governance committee structure. Its responsibilities include:

  • prioritisation of investments, programs and initiatives based on strategy and legislative requirements
  • steering of change impacts across Comcare
  • major scope and content decisions that have strategic implications or cross-group impacts of significance
  • benefits and achievement of Comcare’s priorities and performance measures
  • ensuring effective and robust governance and assurance arrangements, including setting risk appetite and prioritisation.

Authoritative committees provide strategic oversight and guidance of core cross-organisation business priorities, strategies or functions considered complex or high risk. Authoritative committees are accountable to the Executive Committee. Responsibilities include, but are not limited to:

  • monitoring delivery of immediate priorities and performance outcomes
  • management of risk and cross-business impacts
  • recommendations to the appropriate delegate for statutory decisions relating to compliance activities
  • assessing and realising longer-term improvement opportunities
  • escalating matters of significant cross-Group impact, outside the Group’s remit to the Executive Committee.

Figure 7: Comcare's governance structure

Diagram of Comcare’s governance structure showing 2 levels of governance committees which includes authoritative committees such as Operations Committee and Performance, Compliance and Engagement Committee and the decision making authority of the Executive Committee. Also includes the supporting structures that inform these committees including Claims Litigation, Privacy, Program/Project Boards and Enforcement and Fraud.


Comcare is fully committed to complying with the Commonwealth Fraud Control Framework 2017 (Fraud Control Framework) (in particular section 10 of the Public Governance, Performance and Accountability Rule 2014) to minimise fraud.

During 2020–21 Comcare:

  • revised the enterprise fraud risk assessment and updated the fraud control policy and plan
  • strengthened fraud governance arrangements through establishing Operations Committee oversight of fraud risks assessments and Enforcement and Fraud Committee oversight of fraud investigations
  • implemented a revised operating model for managing fraud investigations
  • implemented a revised operating model in the management and assessment of fraud allegations
  • participated in the Australian Institute of Criminology’s annual Fraud against the Commonwealth census
  • participated in the Commonwealth Fraud Prevention Centre data analytics conference to identify potential for utilising data to detect and prevent fraud.

Comcare undertakes investigations of criminal fraud and corruption against Comcare. All criminal fraud investigations are conducted in compliance with the Commonwealth Fraud Control Framework and the Australian Government Investigations Standards 2011.

One matter was referred to the Commonwealth Director or Public Prosecution (CDPP) for consideration of commencing a criminal prosecution alleging a fraud in excess of $55,000.

Internal audit

The internal audit program is a key element of the Comcare corporate governance framework. The program provides assurance to the Comcare and Seacare Authority Audit and Risk Committee, the CEO, the Chair of the Seacare Authority and senior management. It adds value to what Comcare does by highlighting opportunities for improvement in statutory compliance, internal control, and efficiency and effectiveness of business processes.

Internal audit topics are identified through consultation with senior management and the ARC. In deciding the final program of internal audit work for the year, the ARC considers the strategic and operational risk profile of Comcare and relevant audit reports published by the Australian National Audit Office (ANAO).

Two internal audits were presented to the ARC in 2020–21. The audits included performance and compliance reviews, focused on the management of our programs, implementation of legislative and government policy requirements and management of key risks.

Internal audit recommendations are tracked and reported to the ARC to ensure identified risks are addressed. During 2020–21 there were 8 recommendations made through internal audit reports (compared with 44 in the previous year). At the end of 2020–21 there were zero recommendations open (compared with 22 in the previous year).

Risk management

Comcare has embedded systematic risk management as part of its governance and planning processes and organisational culture. Comcare’s particular focus is on:

  • establishing a high-quality, agency-wide risk management framework
  • providing comprehensive training and development on risk
  • evaluating and improving risk performance
  • strengthening engagement with stakeholders on risk issues.

Comcare’s strategic risks are based on focus areas aligned to our strategic priorities where risk may arise in our operating environment (refer to the Comcare 2020–21 Corporate Plan). Comcare’s Executive Committee is responsible for monitoring and maintaining our Strategic Risk Register (SRR). In 2020–21, the SRR was reported quarterly to the Executive Committee and the ARC for external assurance.

During 2020–21 Comcare:

  • revised and updated the Risk Oversight and Management policy and procedure
  • aligned the oversight of strategic, operational and group level risks with Comcare’s new Governance Framework and Governance Committee structure
  • maintained a pandemic risk register with oversight from the Pandemic Incident Response Team and the Operations Committee
  • participated in the 2021 Comcover Risk Management Benchmarking survey resulting in a maturity level of ‘embedded’
  • completed an annual Child Safety Risk Assessment in compliance with the Commonwealth Child Safe Framework.

Audit and Risk Committee

The CEO has established the ARC in accordance with section 45 of the PGPA Act. The objective of the committee is to provide independent assurance and assistance to Comcare’s CEO and the Seacare Authority Chairperson on risk, the control and compliance framework, and external accountability responsibilities in line with the functions set out in the Committees charter: https://www.comcare.gov.au/about/forms–publications/documents/publications/corporate–publications/audit–and–risk–committee–charter.pdf.

For 2020–21, the ARC consisted of 5 independent members, including the Chairperson appointed by the CEO. Comcare’s senior executive, the Chief Financial Officer, internal audit officers and the ANAO regularly attend as observers.

Lisa Woolmer (ARC Member and Chairperson)

Ms Lisa Woolmer has a background in audit and accounting, including 22 years of professional services experience advising on governance, risk and assurance frameworks.

In her professional services career, Ms Woolmer worked extensively with federal, state and local government agencies, across areas such as health, education, emergency services, water, gas and financial services. In addition to the ACT and Victoria, Ms Woolmer has worked in Tokyo and New York.

Ms Woolmer chairs the Audit and Risk Committee for the Adult Community and Further Education Board and is a member of the Orygen and City of Whitehorse Audit Committees. She also chairs the Audit and Risk Committee for the Cities of Glen Eira, Bayside and the Mornington Peninsula Shire in Victoria and is a member of the Audit Committee at the Australian Securities and Investment Commission.

Kate Hughes (ARC Member)

Ms Kate Hughes is a risk management, compliance, internal audit and governance professional who also holds non-executive roles with the Department of Justice and Community Safety, the Department of Transport and the Australian Prudential Regulation Authority.

Ms Hughes’ most recent executive role was as Chief Audit and Risk Officer at RMIT University, with responsibility for the University’s internal audit, risk management, compliance and regulatory affairs functions. Prior to this Ms Hughes was the Chief Risk Officer at Telstra, with global responsibility for the enterprise-wide risk management, resilience, investigations, privacy, compliance and health and safety functions.

Ms Hughes has led international teams for 15 years and she has broad risk management, compliance, safety and governance experience in many sectors, including financial services, agribusiness, retail, manufacturing, public administration and telecommunications. Ms Hughes has also provided risk management and compliance consulting services on trade practices, employment and environmental issues.

Kevin Noonan (ARC Member)

Mr Kevin Noonan is an Emeritus Chief Analyst at Omdia, the global technology research company, with more than 400 analysts covering 150 markets in the technology, media, and telecommunications industries.

Mr Noonan has more than 40 years’ experience in technology-based governance, strategy and direction. This includes 28 years in the government sector as a Chief Information Officer, senior executive and manager, and a further 12 years as an international senior industry analyst.

Prior to joining the Comcare and Seacare ARC in 2019, Mr Noonan held the dual positions of Chief Analyst and Practice Leader for Ovum’s worldwide government practice. In this role he worked with government and industry executives in various locations around the world.

Mr Noonan also worked as a Head of Consulting at Intermedium, where he specialised in government sector industry development, and provided advice to executives from more than half the top 100 IT companies.

Peter Hughes (ARC Member)

Mr Peter Hughes has over 35 years’ experience as a consulting actuary. Mr Hughes retired in 2016 as a Mercer Partner where he was the Leader of the Insurance Investment Consulting practice for the Pacific region. He continues as an independent actuary and insurance investment consultant as well as holding a number of audit, risk, finance and investment governance roles.

Mr Hughes provided specialist strategic investment consulting and asset/liability risk management advice to insurance companies to help them meet their business goals. During his career with Mercer, Mr Hughes' clients included general insurers, life offices, workers compensation, compulsory third party, professional indemnity, lender’s mortgage and health insurance funds.

David Turvey (ARC Member from July 2020)

Mr David Turvey is the First Assistant Secretary at the National Skills Commission (NSC). He is responsible for overseeing the operations of the Commission, which was established to develop intelligence on Australia’s labour market, workforce changes and current and emerging skills needs.

Prior to his current role, Mr Turvey was First Assistant Secretary, National System and Performance Division in the Schools Group of the Department of Education, Skills and Employment. He had responsibility for providing advice on the structure and performance of the Australian school systems, including the national curriculum, teaching and school leadership policy and national teacher workforce strategies.

Mr Turvey has held several executive roles at the Department of the Prime Minister and Cabinet, Australian Treasury, the Department of Finance and Administration and Department of Industry, Innovation and Science. Mr Turvey has a sound knowledge of the Commonwealth performance framework and operations of government and financial management.

Mr Turvey holds a Master of Economics from the Australian National University and is a Graduate of the Australian Institute of Company Directors

Table 4: Comcare’s Audit and Risk Committee

Member name

Qualifications, knowledge, skills or experience (include formal and informal as relevant)

Number of meetings attended / total number of meetings

Total annual remuneration (GST inclusive)

Lisa Woolmer (Chairperson)


  • Bachelor of Economics and a Diploma in Japanese Business Communication from Monash University
  • Graduate Diploma in Employment Relations from the University of Canberra
  • Graduate of the Australian Institute of Company Directors and Chartered Accountant.

Knowledge, skills and experience

  • Accounting and Financial Management
  • Audit, Assurance and Risk Management
  • Governance and Public Administration
  • Experienced Audit and Risk Committee member



Kate Hughes

(Deputy Chairperson)


  • Bachelor of Commerce from Western Sydney University
  • Graduate Diploma in Applied Finance from FINSIA
  • Graduate Diploma in OH&S from RMIT
  • Graduate of the Australian Institute of Company Directors.

Knowledge, skills and experience

  • Accounting and Finance Audit
  • Assurance and Risk Management
  • Security and Compliance
  • Governance and Public Administration
  • Strategic Advice and Business Development



Kevin Noonan


  • Australian Government computing programmer accreditation in 1975
  • Senior Member of the Australian Computer Society (certified)
  • Member of the Australian Information Industry Association.

Knowledge, skills and experience

  • Security and Compliance
  • Governance and Public Administration
  • Strategic Advice and Business Development
  • Information Technology.



Peter Hughes


  • Fellow of the Institute of Actuaries of Australia
  • Graduate of the Australian Institute of Company Directors

Knowledge, skills and experience

  • Accounting and Finance
  • Audit, Assurance and Risk Management
  • Industry-specific Knowledge — Insurance
  • Strategic Advice and Business Development
  • Actuarial and Investment



David Turvey


  • Master of Economics from the Australian National University
  • Graduate of the Australian Institute of Company Directors

Knowledge, skills and experience

  • Accounting and Finance
  • Governance and Public Administration
  • Strategic Advice and Business Development
  • Data Mining and Analytics
  • Performance and Economics