ORGANISATIONAL STRUCTURE

Senior positions occupied during 2018–19 were as follows:

Inspector-General of Intelligence and Security (Statutory officer)

The Honourable Margaret Stone AO FAAL, appointed 24 August 2015.

Deputy Inspector-General of Intelligence and Security (SES Band 2)

Mr Jake Blight, appointed 23 October 2018; Mr Blight was Acting Inspector-General on some occasions during the reporting period.

Assistant Inspectors-General of Intelligence and Security (SES Band 1)

Mr Stephen McFarlane, appointed 8 February 2018; and Ms Bronwyn Notzon-Glenn, appointed 28 February 2019.

These four positions were designated by the Inspector-General as Key Management Personnel for 2018-19.

SENIOR MANAGEMENT COMMITTEES

The office’s corporate governance framework incorporates two senior management committees.

The Executive Committee meets weekly and comprises the Inspector-General, Deputy Inspector-General and the two Assistant Inspectors-General. The Executive Committee assists the Inspector-General to set the strategic direction of the office and oversee its administration.

The Audit Committee is discussed later in this report under Internal Audit and Risk Management.

CORPORATE AND OPERATIONAL PLANNING

The office’s corporate and operational planning processes are straightforward in nature, reflecting the small size and specialist function of the office.

The office addresses these matters through:

• an annual forward planning process to set strategic priorities;
• weekly meetings between the Inspector-General and senior staff members, to review and document operational priorities;
• monthly meetings between the Inspector-General and all office staff, during which current operational matters, internal guidelines as well as procedures and governance issues are discussed; and
• a forward plan for inspection activities in each intelligence agency, which is determined in consultation with the relevant agency head (in accordance with section 9A of the IGIS Act).

PROTECTIVE SECURITY

The Australian Government’s Protective Security Policy Framework provides a structure for Australian government agencies to manage security risks proportionately and effectively, and provide the necessary protection for the Government’s people, information and assets.

The governance arrangements and core policies in the framework describe the higher level protective security outcomes and identify mandatory compliance requirements which IGIS must meet.

As at 30 June 2019, the office was fully compliant with all 36 mandatory requirements.

INTERNAL AUDIT AND RISK MANAGEMENT

The membership and functions of the Audit Committee are structured according to the PGPA Act. During 2018-19 the membership comprised Mr Trevor Kennedy (Attorney-General’s Department) as Chair, Ms Sarah Vandenbroek (Department of Communications and the Arts) and Mr Jake Blight (IGIS). The Inspector-General attends the meetings as an observer.

The Audit Committee meets on a periodic basis to consider matters including:

• risk management;
• internal control;
• financial statements;
• compliance requirements;
• internal audit;
• external audit; and
• governance arrangements.

The Committee reviews the Risk Management Plan annually based on its assessment of the office risk performance over the period. The Risk Management Plan includes controls designed to mitigate risks including the following:

• personnel related risks;
• accidental or intentional loss of information;
• segregation of duties;
• failure or compromise of information technology systems;
• physical security of the office and facilities;
• corporate liability;
• fraud prevention, detection and management; and
• corporate compliance requirements.

Through its various mitigation strategies, the residual risk accepted by the office is maintained within the low-medium levels in each of the categories listed above.

ETHICAL STANDARDS AND FRAUD CONTROL

During 2018-19 IGIS continued its commitment to high ethical standards and having high performing and professional staff. Our high ethical standards are maintained through:

• modelling of appropriate behaviours by the agency’s Senior Executive;
• implementation of organisational suitability assessments;
• a requirement that all staff maintain a high level security clearance;
• annual declaration of known interests by the Senior Executive and all employees; and
• incorporation of APS Values and Code of Conduct expectations in the agency’s performance agreement process.

The office is a member of the Australian Public Service Commission’s Ethics Contact Officer Network, and information and resources from this network are incorporated into broader agency communications.

During the reporting year there were no detected or alleged cases of fraud or breaches of the APS Code of Conduct.

The office has established and maintains appropriate systems of risk oversight, management and internal controls in accordance with section 16 of the PGPA Act and the Commonwealth Risk Management Policy.

The Risk Management Plan includes controls designed to mitigate risks including personnel related risks, accidental or intentional loss of information, segregation of duties, failure or compromise of information technology systems, physical security of the office and facilities, fraud prevention, detection and management, and corporate compliance requirements.

Regular monitoring of risks is undertaken, considered and discussed by the management team and reported to the Audit Committee.

EXECUTIVE REMUNERATION DISCLOSURES

The Inspector-General is a statutory office holder. In addition, the office has three SES positions: one SES Band 2 position and two SES Band 1 positions. All of these positions are designated as Key Management Personnel.

The terms and conditions of all SES officer employment, including salary, are set out in individual section 24(1) determinations and are based broadly on SES remuneration within the Attorney-General’s Department. Each section 24(1) determination is reviewed annually with the Inspector-General, with more general performance discussions occurring during the year. The Inspector-General’s remuneration is set by the Remuneration Tribunal. The office does not have a performance pay scheme. Details are in Annexure 5.2: Key Management Personnel.

EMPLOYMENT OF PERSONS FOR A PARTICULAR INQUIRY

Section 35(2AA) of the IGIS Act requires the annual report to comment on the employment under section 32(3) of any person to perform functions and exercise powers for the purposes of a particular inquiry, and any delegation under section 32AA to such a person. Mr Bruce Miller AO was appointed on 1 August 2018 to conduct an inquiry during 2018-19. Mr Miller’s appointment concluded on 20 December 2018. Further details of this inquiry are provided in the Annual Performance Statement.

ISSUES RELATING TO SIGNIFICANT NON-COMPLIANCE WITH THE FINANCE LAW

There were no significant issues relating to non-compliance with the finance law during 2018-19 that would be reportable to the responsible minister under paragraph 19(1)(e) of the PGPA Act.

EXTERNAL SCRUTINY

REPORTS OF THE AUDITOR-GENERAL, PARLIAMENTARY COMMITTEES, THE COMMONWEALTH OMBUDSMAN OR AN AGENCY CAPABILITY REVIEW

There were no reports on the operation of the office (other than the report on financial statements) by any of the above bodies. It should be noted that the office is not within the jurisdiction of the Commonwealth Ombudsman.

The office has received an unqualified audit report from the Australian National Audit Office (ANAO) in relation to its financial statements.

Further details of the office’s interaction with parliamentary committees are available in the Annual Performance Statement section of this report.

DECISIONS BY THE JUDICIARY, TRIBUNALS OR THE INFORMATION COMMISSIONER

During the reporting period there were no judicial decisions, or decisions of administrative tribunals or the Information Commissioner that had, or may have, a significant impact on the operations of the office.

CAPABILITY REVIEWS

No capability reviews of IGIS were released during 2018-19.