Go to top of page


We operate in a complex and challenging environment that involves a wide range of internal and external stakeholders.

This environment is subject to legislation, regulations, standards and guidelines relevant to our status as a non–corporate entity under the PGPA Act and the Public Governance, Performance and Accountability Rule 2014.

We are also subject to both Commonwealth, State and Territory legislation when assisting the Administrator to fulfil their obligations under the NHR Act and Agreement.

Risk management

Risk management is an essential component of sound business management and good corporate governance. Understanding risks and managing them appropriately enhances our ability to make better decisions, deliver on objectives and improve our performance.

We maintain an appropriate system of risk oversight, management and internal control in accordance with section 16 of the PGPA Act. Our Enterprise Risk Management Framework and Guidelines are reviewed annually.

They are based on the International Standard on Risk Management (ISO 31000) and align with the Commonwealth Risk Management Policy and Comcover’s Better Practice Guide.

Our organisational culture supports innovation and creativity by providing a risk–aware environment where decision–making is encouraged.

Effective engagement with risk is necessary to support the obligations and responsibilities of the Administrator.

Our attitude toward risk taking is outlined in our risk tolerance statement.

It illustrates the amount of risk that we are willing to accept or retain to achieve our objectives. Articulating our tolerance for risk allows our organisation to set objectives, comply with legal and policy obligations, allocate and utilise resources, and improve transparent and accountable decision–making.

Our management of security risks is aligned to the Commonwealth’s

Protective Security Policy Framework. Our management of fraud risk is in line with the Commonwealth’s Fraud Control Guidelines.

We have a number of committees in place to govern, manage and oversee risk.

These include the:

+ Executive Committee

+ Audit Committee

+ Risk, Compliance and Business Continuity Committee

+ Information Governance Committee

+ Workplace Consultative Committee.

External scrutiny

Audit Committee members are independent and external to our organisation. See page 57 for further information on the Audit Committee.

We have no judicial, tribunal or Australian Information Commissioner decisions that have been made, or are pending, with regard to our organisation.

No reports on our operations have been released by the Commonwealth Auditor–General, a Parliamentary Committee, or the Commonwealth Ombudsman.

We have not undergone any external capability reviews. However, an internal review was conducted in developing the Workforce Capability Framework.

Australian National Audit Office Access Clauses

We did not enter into any contracts precluding access by the Commonwealth Auditor–General.


Our purchasing activities were conducted in line with the Commonwealth Procurement Guidelines and our Accountable Authority Instructions.

We support small business participation in the Commonwealth Government procurement market. Small and Medium Enterprises (SME) and Small Enterprise participation statistics are available on the Department of Finance’s website: finance.gov.au/procurement/ statistics‑on‑commonwealth‑ purchasing‑contracts

Procurement practices support SMEs through the use of the Commonwealth Contracting Suite for low–risk procurements valued under $200,000. Practices also support the use of electronic systems or other processes to facilitate on–time payment, including the use of payment cards.

Grant programs

There were no grant programs undertaken in 2017–18.

Assets management

We leased assets from the Commonwealth Department of Health in 2017–18