Go to top of page

12.6 Governance structure

For the department to deliver efficient and effective outcomes in controlled, transparent and accountable ways, strong governance is essential. Our governance structure is designed to ensure accountability for delivering on the strategic direction for the department.

Strategic governance committees

The department’s strategic governance committee structure comprises the Executive Committee, the Audit Committee and five sub-committees. The sub-committees provide advice and assurance to the two main committees as shown in Table 61.

Table 61: Strategic governance committee structure




Executive Committee

Implementation Committee

Strategic Data and Analytics Sub-Group

Service Delivery Committee

There is no sub-group for the Service Delivery Committee

People Committee

Work Health and Safety Sub-Group

Audit Committee

ICT Audit Sub-Committee

There is no sub-group for the ICT Audit Sub-Committee

Financial Statements Sub-Committee

There is no sub-group for the Financial Statements Sub-Committee

The roles and functions of these committees and sub-committees are as follows.

Executive Committee

The Executive Committee is the department’s most senior governance committee and is chaired by the Secretary. This committee supports the Secretary in discharging her duties under the Public Governance, Performance and Accountability Act 2013 and section 57 of the Public Service Act 1999. The Executive Committee guides the department’s overall strategic direction, priorities, management and performance. It also oversees the department’s financial position by allocating resources, monitoring performance and risks and ensuring compliance with accountability and regulatory requirements.

Implementation Committee—provides oversight and direction on departmental programs and projects. It reports to the Executive Committee.

Strategic Data and Analytics Sub-Group—provides advice to the Executive Committee, through the Implementation Committee, to ensure the enterprise data and analytics investment portfolio is transparent, strategically managed and aligned to the priorities of the department and government.

Service Delivery Committee—provides advice and assurance to the Executive Committee that the department’s service delivery is achieving government outcomes.

People Committee—provides advice and assurance to the Executive Committee on all departmental workforce and people matters, including average staffing level, to ensure the department’s capability to deliver on government priorities and outcomes.

Work Health and Safety Sub-Group—provides advice to the Executive Committee, through the People Committee, in relation to the management of identified health and safety risks.

Audit Committee

The Audit Committee reports directly to the Secretary. It has an independent chair and the majority of its members are not officials of the department. Its functions include reviewing and giving independent advice on the appropriateness of the department’s financial and performance reporting, as well as systems of internal control and risk oversight.

ICT Audit Sub-Committee—assists the Audit Committee to meet its obligations by providing advice on ICT-related governance, risk management, internal controls and audit reports.

Financial Statements Sub-Committee—assists the Audit Committee by overseeing the preparation of the annual financial statements and the Certificate of Compliance. It also considers financial matters referred to it by the Audit Committee.

Risk management

The department’s compliance obligations for risk management are outlined in the Commonwealth Risk Management Policy, which in turn reflects section 16 of the Public Governance, Performance and Accountability Act 2013. The department uses its Enterprise Risk Management Policy and Risk Management Framework to meet its compliance obligations under the Commonwealth Risk Management Policy. The Audit Committee reviews the effectiveness of the department’s risk management system.

Managing fraud

The department is expected to protect the integrity of both payments and personal information. The Fraud and Corruption Control Plan sets out how the department meets these expectations as well as its compliance obligations under section 10 of the Public Governance, Performance and Accountability Rule 2014 and the Commonwealth Fraud Control Framework.

The department’s approach to fraud control uses data analytics and risk profiling to identify and target fraud. The Fraud Assurance Programme tests the effectiveness of these controls and was recognised with the Silver Award for the Prime Minister’s Award for Excellence in Public Sector Management in 2018.

The department refers substantiated incidents of internal fraud to the Commonwealth Director of Public Prosecutions for consideration of criminal prosecution. The department also considers administrative action against breaches of the APS Code of Conduct (see ‘Standards of behaviour’).

Business continuity

The department’s business continuity program safeguards the delivery of payments and services from disruptive events. It includes a risk-based approach to identifying and prioritising the department’s most critical functions. The business continuity program is based on the international standard BS ISO 22301:2012 Societal security: Business continuity management systems—Requirements.

Internal audit

The role of the department’s internal audit function is to provide assurance on business activities and add value to the department’s operations. Internal auditing promotes accountability, transparency and sound governance.

In 2018–19, the department completed 52 internal audits for presentation to the Audit Committee. External consultants selected from the department’s internal audit services panel completed these audits in accordance with the standards of the Institute of Internal Auditors International Professional Practices Framework.

Public Interest Disclosure Act 2013

The Public Interest Disclosure Act 2013 allows for the investigation of allegations of serious wrongdoing in the APS and provides protections for staff who disclose or report suspected wrongdoing. Staff undertake mandatory refresher training, which includes information about making public interest disclosures, on a two year cycle. The cycle was last completed in 2017–18 and will next be completed in 2019–20. Staff grievances are addressed separately and would not generally be classed as a disclosure under the Act.

In 2018–19, the department received 22 public interest disclosures. There were 10 in 2017–18.