Go to top of page


The CSC Board aspires to best practice and to be a leader in governance policy and practice. Our Board’s governance framework includes the following policies (most of which are also available on our website):

  • Board Charter
  • Board Performance Evaluation Policy
  • Board Renewal Policy
  • Business Continuity Management Policy
  • Conflicts Management Framework and Policy
  • Diversity Policy
  • Fit and Proper Policy
  • Governance Framework
  • Privacy Policy
  • Remuneration Policy
  • Whistleblower Protection and Public Interest Disclosure Policy

Following are the details of CSC’s regulatory requirements, our approach to financial management, risk management, Member Outcomes and our compliance program. Also outlined are the fraud control and internal audit measures CSC has put in place.

Our regulatory requirements

CSC was established under the Governance of Australian Government Superannuation Schemes Act 2011 (GAGSS Act) and is responsible for the super schemes covered in this report. Our objectives and functions, as set out in CSC’s governing legislation, are outlined on pages 12–13. Our governing legislation establishes accountability arrangements for CSC, including annual reporting to Parliament and tabling of audited financial statements.

CSC holds both a Registrable Superannuation Entity (RSE) licence and an Australian Financial Services (AFS) licence, which means we are regulated by the Australian Prudential Regulation Authority under the Superannuation Industry (Supervision) Act 1993 and the Australian Securities and Investments Commission under the Corporations Act 2001. CSC must uphold the conditions of both licences and comply with financial services law.

CSC is also bound by provisions of the various Acts and Deeds that establish and govern our individual schemes. Our regulated schemes must be managed and invested in accordance with the CSS Act, the PSS Act, the MilitarySuper Act, the PSSap Act, and the ADF Super Act, together with any relevant Trust Deeds under these Acts.

Our unregulated schemes are established by and must be administered in accordance with the 1922 Act, the DFRB Act, the DFRDB Act, the PNG Act, and the ADF Cover Act, as relevant.

Our financial management

CSC’s finances are managed in accordance with the PGPA Act, our governing legislation and relevant scheme legislation. A Board-approved budget is in place and the Board has delegated its authority to individual staff to make and implement certain financial decisions.

Our risk management

Our Risk Management Strategy sets out CSC’s risk management principles, our risk management framework and the underlying components and processes we use to identify, assess and mitigate risks.

Our Risk Appetite Statement describes the level of risk CSC is prepared to take on to achieve our objectives. The Risk Appetite Statement (RAS) and Risk Management Strategy (RMS) meet APRA’s requirements under Prudential Standard SPS 220 and both are reviewed at least annually and updated as required. The RAS and RMS were last reviewed in September 2019.

Our compliance program

A detailed compliance program underpins CSC’s Risk Management Strategy, satisfying the requirements of our RSE and AFS licences. Staff and certain service providers must regularly certify that they comply with all relevant legislative requirements, contractual provisions, regulatory policy and service standards, as well as any relevant licence conditions. Any instance of non-compliance must be reported.

CSC’s Audit Committee oversees compliance reporting, including remediation if a breach has occurred. CSC has a Breach and Compliance Policy that describes how to report such breaches and this policy is distributed to our relevant service providers.

Fraud control

Strategies to manage the risks of fraud and corruption are set out in CSC’s Fraud Control and Corruption Plan. The plan is reviewed annually and updated as required. The Fraud Control and Corruption Plan is available on the CSC Website.

Internal audit

Internal audit provides independent assurance that an organisation’s risk management, governance and internal control processes are operating effectively.

CSC operates an outsourced internal audit model where internal audit functions and services are provided by KPMG under contract. CSC maintains internal oversight of the internal audit function through the Chief Operating Officer portfolio. The internal audit function also has a direct reporting line to the Audit Committee and may raise matters directly with the Committee as necessary.

Internal audit undertakes approximately 10 audits per year spanning financial, operational and regulatory subjects. A plan of audit topics is prepared on an annual basis. However, audits to address changes to business priorities or to CSC’s risk profile can be initiated at any time by either the Board or the Audit Committee. The Audit Committee’s annual internal audit plan takes into account previously identified risks, the results and recommendations of previous internal and external audits, legislative and regulatory changes and requirements, and anticipated business changes.

Member Outcomes

Member Outcomes is a regulatory initiative that came into operation on 1 January 2020.

CSC must demonstrate objectively and transparently that our customers and the business initiatives we pursue and deliver are meeting the best interests of our fund customers and groups of customers within our funds.

For CSC, Member Outcomes is about holding ourselves to account for our vision, our customer promise and our customer commitments.

We deliver Member Outcomes through three core functions:

  1. Providing adequate retirement savings.
  2. Enabling customers to make informed and engaged decisions.
  3. Embedding ease, efficiency and effectiveness into our products and services.

CSC has identified five core business capabilities that support the core functions:

  1. Organisational governance.
  2. Risk management.
  3. People and culture.
  4. Data management.
  5. Corporate effectiveness and infrastructure.

CSC is implementing the operational, reporting and accountability processes to ensure that genuinely positive Member Outcomes are realised by our customers, in accordance with the requirements of the Prudential Standard SPS515.

CSC has implemented a structured approach to the ongoing review and delivery of our Member Outcomes initiatives and activities. This is a cyclical annual process that involves five primary steps:

  1. Review and refinement of the member and business outcomes that we continuously seek to achieve.
  2. The identification and formalisation of strategic objectives to defend, improve or achieve those outcomes over planning periods of three years.
  3. Developing a business plan – including key initiatives – that sets out how CSC will deliver on its strategic objectives.
  4. Undertaking an annual business performance review that examines performance against outcomes and against the business plan.
  5. Flowing from the business performance review, identification of the actions CSC will take through future strategic objectives and initiatives to maintain, adjust or change practices, anchored on a cycle of continuous review and delivery of Member Outcomes.

To 30 June 2020 CSC had undertaken the following activities as part of our Member Outcomes implementation:

  • Board approval of 1st phase Member Outcomes (November 2019).
  • Board approval of annual strategic planning cycle (November 2019).
  • The first formal Annual Business Performance Review completed (June 2020).
  • CSC’s Strategic Objectives, Key Business Initiatives, and three-year financials developed by CSC’s Executive Group (February – June 2020).
  • Preparation of the 2020–23 Business Plan, including 2020–23 Strategic Objectives (provided to the August 2020 CSC Board meeting).