The National Archives’ governance framework provides oversight and accountability for the efficient and ethical management of resources and compliance with the regulatory and legislative requirements of a public service entity. By embedding effective governance practices, the National Archives has strengthened its performance in the delivery of programs, policies, projects and services to government and the Australian people.

The National Archives’ governance structure consists of six supporting governance committees that report to the Executive Board. An important objective of the committees is to provide assurance and recommendations to the Executive Board to enable risk-based decision-making consistent with the strategic direction of the National Archives.

Executive Board

The Executive Board provides oversight and decision-making in relation to the National Archives’ management, performance, strategic direction and priorities, and oversees the financial position of the National Archives by allocating resources, monitoring performance and risk, and ensuring regulatory requirements are met.

Executive Board, National Archives of Australia. Clockwise from left: Teressa Ward, Assistant Director-General, Digital Archives Taskforce; David Fricker, Director-General; Jason McGuire, acting Assistant Director-General, Corporate Services; Linda Macfarlane, acting Assistant Director-General, Collection Management; Louise Doyle, Assistant Director-General, Access and Public Engagement; Yaso Arumugam, Chief Information Officer, Information and Technology.

The members of the National Archives’ Executive Board and their responsibilities at 30 June 2019 were:

• David Fricker, Director-General – responsible for the overall management of the National Archives and the appropriate governance of its operations, programs and strategic direction.
• Yaso Arumugam, Chief Information Officer, Information and Technology – primarily responsible for supporting the National Archives in the achievement of its vision to be a world leading archive in this digital age. The Information and Technology branch leads innovation through technology and the provision of contemporary services, infrastructure and software while ensuring security and good governance of information assets to protect against cybersecurity threats.
• Louise Doyle, Assistant Director-General, Access and Public Engagement – responsible for providing public access to the collection through programs and services onsite, offsite and online. Activities include national reference services, declassification of records, research centre services, education and community outreach programs, exhibitions, tours, events, publishing, marketing, media engagement, partnerships development and online content.
• Linda Macfarlane, acting Assistant Director-General, Collection Management – responsible for managing the National Archives’ collection, ensuring the authenticity, integrity and accessibility of the archival resources of the Commonwealth. The Collection Management branch sets whole-of-government information management standards and assists entities’ digital transition through the development of tools and guidance to support policy objectives. The branch also determines those records that must be retained as essential evidence of government through the development of records authorities, and manages the transfer of nationally significant records from Commonwealth entities into the National Archives.
• Jason McGuire, acting Assistant Director-General, Corporate Services – oversees the efficient, effective and ethical management of the National Archives’ resources in accordance with whole-of-government legislative and policy frameworks. The Corporate Services branch enables the National Archives’ workforce through good governance, capability development, maintenance of secure and contemporary property facilities and a positive risk culture that supports the delivery of strategic priorities.
• Teressa Ward, Assistant Director-General, Digital Archives Taskforce – leads a temporary branch tasked with the National Archives’ next stage of digital transformation. The Digital Archives Taskforce is responsible for developing digital preservation policies and standards, identifying new digital preservation and archival management solutions, designing new digital archiving processes, and mapping digital archival training to address skill gaps.

Committees

Six committees contribute to effective and accountable governance across the National Archives:

In addition to the above committees, a Digital Archives Steering Committee oversees the status of, and significant issues arising from, the Digital Archives Program; reports to the Executive Board; and seeks the board’s approval of new policies and projects. The committee provides oversight, risk management and strategic direction for the program. The committee is chaired by the Assistant Director-General, Digital Archives Taskforce, and comprises the assistant directors-generals of each branch. The committee met every six weeks during 2018–19.

The inaugural meeting of the National Archives’ Cyber Security Governance Committee was held in January. The committee will meet three times a year.

Corporate governance

The National Archives’ corporate governance arrangements provide leadership, direction and control to support a high standard of performance in a complex environment. An organisation of this size means corporate processes need to be efficient, meaningful and supportive. During 2018–19, corporate governance focused on simplifying and embedding governance structures and processes to manage compliance obligations and facilitate risk-based decision-making and planning. This approach has enabled a greater efficiency and oversight of compliance across the organisation and provided the Director-General, the government and the community with assurance that the National Archives is meeting its obligations as a public service entity. Through better understanding of risk, planning is more strategic, targeting areas of uncertainty or opportunity, and decisions are made proactively, effectively increasing the likelihood of success in the delivery of objectives.

An independent Functional and Efficiency Review of the National Archives began in April 2019. Due to report to government in late 2019, the review will assess the efficiency and effectiveness of the National Archives’ operations, programs, administration, governance and authorising environment.

Corporate planning and reporting

The National Archives’ standards of governance and accountability are maintained through strategic planning, performance monitoring and evaluation. A corporate planning and performance reporting framework provides business areas with tools, processes and procedures to assist the development, monitoring and reporting of planned activities and performance.

The Corporate Plan sets the direction for the National Archives for the next four years by outlining strategies for achieving its targets and measuring success. It details the current position and operating context of the National Archives, and identifies critical risks, mitigation strategies and key areas of capability development.

The National Archives sits within the Attorney-General’s portfolio, and accordingly appears under the department’s Portfolio Budget Statement (PBS). The PBS presents the key programs and activities that will be undertaken in the Budget year with the funding appropriated through parliament. Performance information in the Corporate Plan and PBS is prepared simultaneously at the start of the planning cycle. This ensures there is clear alignment and synergy between both documents.

Performance information contained in the Corporate Plan and PBS is developed in line with:

• the National Archives’ existing and emerging strategic priorities
• the technical and professional environment
• government policies and priorities
• Audit and Risk Committee advice
• better practice advice issued by the Department of Finance and the Australian National Audit Office.

The Annual performance statement contained in the annual report is produced at the end of the reporting cycle and provides a quantitative measure and narrative assessment of the National Archives’ performance in achieving its purpose. It reports results against measures set out in the Corporate Plan and PBS at the start of the reporting cycle. The National Archives is maturing its approach to performance reporting each year by setting clear and cohesive targets that easily link to the information in its primary planning documents. Data is collected regularly throughout the year under a defined performance measurement methodology and constructed into a performance analysis at the end of the reporting period.

Branch and section plans are also prepared at the start of the planning cycle and link day-to-day operational performance to strategic objectives. All planning processes are closely aligned to the National Archives’ risk framework to ensure uncertainties and opportunities are identified and managed so that objectives are achieved.

Risk management

The National Archives seeks to continuously improve its risk management framework to ensure it is fit for purpose and integrated into planning, decision-making and business processes. In 2018–19, activities focused on the identification of enterprise-level risks that could affect the achievement of the National Archives’ vision, mission and key strategic objectives. The senior executive, along with senior managers, was consulted to identify the biggest threats or vulnerabilities to reaching the National Archives’ future desired state, and to assess and agree on the level of associated risk.

A bow-tie methodology was adopted for the enterprise risk assessments, with additional fields added for risk tolerance and effectiveness of controls and mitigations. This provides a clear picture of areas of weakness and strength at which to direct efforts and resources to bring the risk down to the agreed level of tolerance. An executive-level risk owner is accountable for monitoring, managing and identifying new risks as they arise and making decisions in response to these.

This top-down approach to integrating risk into planning provides a clear line of sight between our highest priorities and all other planned work so that our efforts are focused on what we should be doing now and in the future. This is particularly important in an increasingly constrained fiscal environment as it ensures our limited resources are allocated to the highest priority work.

The National Archives’ risk maturity continues to grow through activities designed to strengthen risk management capability, simplify risk processes, and communicate and consult about risk. In 2018–19, these activities were directed at:

• reporting to senior management and the Audit and Risk Committee on critical risks to the achievement of high-priority projects, programs and activities
• annually reviewing and updating the National Archives’ fraud and business disruption risk registers in consultation with key stakeholders
• regularly engaging with business areas and project teams via risk management workshops designed to increase awareness of, and responsibility for, risk
• completing the annual Comcover benchmarking program to assess the National Archives’ risk management practices, maturity and target areas for development
• providing fit-for-purpose documentation, templates and guidance on best practice risk management to National Archives staff
• attending and participating in training, communities of practice, conferences and professional networking
• delivering timely and accurate advice on, and support for, insurance matters to National Archives staff, and renewing and maintaining Comcover insurance cover
• actively managing risks to business operations through the development of business disruption response policy, plans and workflows.

Internal audit

The National Archives’ internal audit framework helps the organisation meet its objectives, assures the accountable authority that compliance obligations are being met, and guides the optimal allocation and management of resources. In 2018–19, the audit program helped identify key risk exposures and made recommendations for improvements to business processes, programs and systems of control.

The audit program is drafted by contracted professional auditors in consultation with the National Archives’ executive. Areas of consideration for audits are based on the National Archives’ strategic priorities, risk management, governance controls and better practice guidelines from the Australian National Audit Office. The program is presented to the Audit and Risk Committee and Executive Board for approval. Responsibility for monitoring the approved audit program and recommendations are set out in the Audit and Risk Committee Charter.

In 2018–19, internal audits were conducted on:

• the implementation of the Digital Continuity 2020 Policy
• the data integrity of the National Archives’ collection
• the Digital Archives Program
• financial management processes.

Complaints management

Towards the end of 2018–19, the National Archives established its first formalised feedback system. A feedback policy provides clear pathways for government and public clients and customers to lodge feedback about National Archives services and programs. It also details the mechanisms put in place to ensure timely and effective responses. The National Archives looks forward to further implementing the policy during 2019–20 and is committed to using feedback data to monitor client satisfaction and guide business improvement. Complaints and feedback may be lodged through multiple channels, including a dedicated email address: feedback [at] naa.gov.au

Fraud measures

The National Archives’ fraud and corruption control framework outlines the strategy, governance and procedures in place to protect against fraud and corruption-related risks to National Archives staff, assets and environment.

During 2018–19, the National Archives worked to implement recommendations following an internal audit of the fraud framework in April 2018. The audit identified a number of fraud-related documents that had become outdated following a change of functional ownership. It also identified a need for a more tailored program of fraud training for internal staff.

A new fraud risk assessment was developed in consultation with key business areas to understand the National Archives’ fraud risk exposure and identify gaps and weaknesses in controls and mitigations. The assessment determined predominant categories of fraud-related risk including finance, procurement, security and information technology. Information technology and procurement presented the highest risks, mainly due to the potentially significant impact on the National Archives’ reputation and financial position.

The National Archives will update its Fraud and Corruption Control Policy and Plan to reflect these risks, strengthen controls and mitigations, and ensure risk levels remain within an acceptable tolerance. Fraud controls and the assessment of fraud-related risks to large projects will be tested with increased rigour. The National Archives will also work to develop a new fraud training program and implement awareness measures to improve staff understanding of fraud.

In 2018–19, there were five instances of fraud reported via the National Archives’ fraud reporting telephone and email hotlines, or through written correspondence to the Fraud Control Officer. None of these matters related to the business of the National Archives or its people.

Information governance

The National Archives’ information governance framework defines how information and data need to be governed as vital corporate assets essential to meeting our business, accountability, legal and regulatory requirements. The framework outlines an approach to information governance integrated with audit, accountability, compliance, risk management, business continuity, security, and information and communications technology governance.

In 2018–19, the National Archives continued to strengthen its information governance framework, policies and processes. This work is led by the Chief Information Governance Officer (CIGO), who reports directly to the Chief Information Officer and to the Information Governance Committee at the strategic, whole-of-organisation level. The CIGO leads an information governance team responsible for improving the governance and management of the National Archives’ information and data assets.

The National Archives achieved Digital Continuity 2020 Policy requirements for 2018–19 by establishing a program of continuing professional development for information governance staff; identifying all information assets and systems; preparing or implementing management strategies; and identifying remaining analogue approval and authorisation processes.

Ethical standards

In the 2018 APS Employee Census, 90 per cent of National Archives employees indicated that colleagues in their immediate work group acted in accordance with APS Values in their everyday work. Ninety-two per cent indicated that their supervisors also acted in accordance with these values. This data reflects the National Archives’ commitment to creating and promoting a workplace with high ethical standards. During 2018–19, the National Archives made respectful workplaces and protective security training mandatory for all employees. A comprehensive risk management and fraud control plan mitigates potential unethical behaviour.

There were no internally allocated Public Interest Disclosures in 2018–19. Regular training and information on obligations under the Public Service Act 1999 are provided to staff.

During 2018–19, no breaches of the Australian Public Service Code of Conduct were determined. There were no requests to review a human resource decision and no appeal to external authorities was made.