Corporate governance

Princess Alexandria Hospital, Brisbane QLD
Princess Alexandria Hospital, Brisbane QLD


The Agency is governed by a skills-based Board, supported by advisory committees, and reports to Commonwealth, state and territory Health Ministers through the Council of Australian Governments’ Health Council (CHC).

The Agency’s governance framework has its legislative foundation in the Public Governance, Performance and Accountability (Establishing the Australian Digital Health Agency) Rule 2016 (Agency Rule). The PGPA Act sets out requirements for the governance, reporting and accountability of Commonwealth entities and for their use and management of public resources.

It vests many of the powers and responsibilities for the financial management of a Commonwealth entity in the hands of the Accountable Authority, which is the Board of the Agency. The Agency Rule established the Board, Advisory Committees and the position of CEO, and defined their roles and responsibilities.

The accountability and governance practices in place to support this legislative regime promote strong performance and careful stewardship of public resources. They are designed to assure the Agency’s ability to deliver on the expectations of government, the health sector, and the community.

Fundamental to the Agency’s governance arrangements is establishing an appropriate controls environment to ensure probity and transparency. Roles, lines of authority and delegations for decision-making are all clearly defined. They are reinforced through training and awareness initiatives so that staff have a common understanding of their obligations, and their purpose in providing a system of checks and balances to safeguard the integrity of the Agency’s work.

Other key governance features include:

  • A focus on audit, risk management and fraud control strategies;
  • A mechanism for stakeholder participation through representation on specialist committees;
  • Internal and external scrutiny through a robust planning and reporting framework; and
  • Embedding ethics and integrity in the values and culture of the Agency.

A number of governance bodies form a key part of the Agency’s assurance processes.

The Board

The Agency Board sits at the apex of the governance structure and is the Accountable Authority of the Agency under the PGPA Act. The Board is accountable to Parliament through the Minister for Health. In accordance with section 14 of the Agency Rule, the Board sets the strategic direction to achieve the Agency’s purpose, and oversees performance, governance and resource allocation as custodian of Commonwealth, state and territory funding.

The Board maintains a watching brief over internal and external environments, and ensures that Agency operations and outcomes are fit for purpose and align with government priorities. Its efforts are balanced across creating the future and delivering the present. In fulfilling its statutory obligation to produce an annual work program it gives a clear picture of operational priorities, actions and planned outcomes for each financial year.

Board Members

The Board brings a range of skills and perspectives to the Agency. The Agency Rule prescribes the eligibility requirements for Board members so that, collectively, the Board has expertise and experience in the fields of health informatics, leading digital healthcare delivery, policies and services, consumer health advocacy, clinical safety, law, financial management and Board and business leadership.

Board appointments, functions, powers and procedures are also conferred by the Agency Rule and further clarified in the Board’s Charter. The Board consists of the Board Chair and up to ten other members, all of whom are non-executive members, appointed by the Minister for Health for a term (in aggregate) of up to three years.


Mr Jim Birch AM

Mr Jim Birch AM, Chair

Jim Birch AM is Chair of the Australian Red Cross Blood Service, Deputy Chair of the Independent Hospital Pricing Authority, Chair of Mary MacKillop Care SA and a board member of the Australian Red Cross Society, the Little Company of Mary Health Care and Cancer SA. He was formally a Partner in Ernst and Young having been the Global Health Leader. He has also been the Government and Public Sector Leader from 2012 until the end of 2014.

Formerly Jim was also the Lead Partner in Health and Human Services for Asia Pacific. He has over thirty five years’ experience in planning, leading and implementing change in complex organisations transcending such areas as healthcare, justice and human services.

Jim has been a Chief Executive of a Human Services and Health Department (South Australia), Deputy Chief Executive of Justice and Chief Executive of major health service delivery organisations, including teaching hospitals.

Jim has previously been Chair of the Australian Health Ministers’ Advisory Council, a member of the Australian Commission on Safety and Quality in Health Care and was a Board Member of the National E-Health Transition Authority and Chair of Rural Health Workforce Australia. He has a Bachelor of Health Administration from the University of New South Wales.


Martin Bowles

Martin Bowles PSM

Commenced directorship on 1-04-2017, replacing Paul Madden

Martin Bowles PSM is the Secretary Department of Health, a position he was appointed to in October 2014. He is currently leading reforms in primary health care and mental health service arrangements, access to medical and pharmaceutical benefits, aged care, hospital funding and digital health.

Previously, Martin was the Secretary of the Department of Immigration and Border Protection, overseeing the management of migration, humanitarian, citizenship and visa policy and programs. Prior to this role, Martin held the positions of Deputy Secretary in the Department of Climate Change and Energy Efficiency, and the Department of Defence, respectively.

In 2012, Martin was awarded a Public Service Medal for delivering highly successful energy efficiency policies and remediation programs for the Home Insulation and Green Loans programs.

Martin has previously held senior executive positions in the education and health portfolios in the state government public sector, prior to joining the Commonwealth Public Service. Martin has a Bachelor of Business degree, a Graduate Certificate of Public Sector Management and is a Fellow of the Australian Society of Certified Practising Accountants.

Robert Bransby

Robert Bransby

Robert Bransby has more than 35 years’ experience in business, financial services and the health sector. Rob recently stepped down from his full time role as Managing Director of HBF Health Limited, a position he had held since 2008. During Rob’s 12 years at HBF, the organisation consolidated its position as Western Australia’s leading health fund, reaffirming its focus on member health and embarking on an ambitious strategy to become a valued health partner to HBF members.

Robert has long held a leadership position within the health insurance sector and continues in his role as President of the industry association, Private Healthcare Australia (PHA). Rob is well known for championing the interests of health fund members and as an advocate for not-for-profit health insurers.

Prior to working at HBF, Robert enjoyed a successful 25 year career in banking with NAB holding positions including Corporate Finance Manager – Corporate Banking Western Australia, Head of Business Financial Services – New South Wales and CEO – Medfin Finance. Rob is currently President of Private Healthcare Australia (PHA) and Director of the Australian Digital Health Agency, Synergy, Commonwealth Financial Planning Limited, BW Financial Advice Limited, Count Financial Limited, Financial Wisdom Limited and the Craig Mostyn Group. He is also a Commissioner of the Insurance Commission of Western Australia.

Dr Eleanor Chew

Dr Eleanor Chew

Dr Eleanor Chew is a specialist general practitioner and medical educator, with extensive experience representing the role of primary care in the health services profession. Eleanor has worked as a GP in Brisbane, Darwin, Perth and Canberra in a variety of practice settings including solo, small practices, and corporate practice.

Eleanor is on the board of General Practice Training Queensland and is a past Vice President and Chair of the RACGP. Eleanor is an experienced leader with strategic vision and a solid understanding of governance responsibilities.

Eleanor serves on a range of committees and working groups focused on the advancement of quality primary care, in both the private and government sectors.

Eleanor holds a Bachelor’s Degree in Medicine and Surgery and a Masters of Medicine (General Practice) from the University of Queensland. She is a Fellow of the RACGP and a Fellow of the Australian Institute of Company Directors.

Dr Elizabeth Deveny

Dr Elizabeth Deveny

Dr Elizabeth Deveny is currently the CEO of South Eastern Melbourne Primary Health Network. Before her appointment at SEMPHN, Elizabeth was Chief Executive of Bayside Medicare Local (BML) from its formation in 2012. Her emphasis on mutual respect and accountability of each and every staff member was a key factor in the nationally-recognised success of BML. Amongst her other current appointments she chairs the Southern Metropolitan Partnership which brings community, industry and local government together to provide the Victorian government advice about regional priorities.

Elizabeth is an experienced and well-respected senior executive with a strong commitment to providing sustainable health outcomes for all Australians, and a demonstrated ability to build and maintain positive, productive partnerships with key stakeholders and the broader community. She holds a Masters degree in vocational health education and a PhD in Medicine (clinical decision making), both from Melbourne University.

Ms Stephanie Newell

Paul Madden

Term ended on 31 March 2017

Paul Madden holds the position of Deputy Secretary/Special Adviser, Strategic Health Systems and Information Management. Paul provides advice and leadership on a range of technical and strategic issues in Health, including Digital Health and My Health Record.

During the 2016-17 year, he supported the Government in leading the national rollout of digital health initiatives including foundation technologies and related services across Australia, the continued and improved operation of the My Health Record system, and the trials of opt-out participation arrangements.

Paul is a member of the Department of Health Executive Committee.

Ms Lyn McGrath

Lyn McGrath

Lyn McGrath is the Executive General Manager, Wealth Advice at the Commonwealth Bank of Australia. Prior to her current role Lyn was Executive General Manager, Retail Sales leading the largest financial services distribution business in Australia for 6 years. She has been with Commonwealth Bank of Australia since 2007 leading large distribution businesses. Prior to this, she held roles with St George in Retail Banking.

Lyn has extensive senior management experience in strategic and operational roles within the utilities and media industries and over 20 years’ experience in Financial Services. Lyn is highly regarded for her transformational leadership, financial management experience and customer experience strategy thought leadership.

Lyn holds an MBA and BA from Macquarie University as well as a Dip PR (Hons). She is a Graduate of the Australian Institute of Company Directors and currently holds Board positions at Commonwealth Financial Planning, Commonwealth Private and the Evidence for Learning Board, a joint initiative with Social Ventures Australia and Commonwealth Bank.

Lyn is a Senior Fellow with FINSIA, a Fellow with the Australian Institute of Managers and Leaders, Advisory Board member of Financial Services Council and a member of Chief Executive Women Ltd. In 2012, she was named as one of the 100 Most Influential Women in Australia by the Australian Financial Review.

Stephen Moo

Stephen Moo

Stephen Moo is the Chief Information Officer for the Northern Territory Department of Health. Stephen has been employed in the health sector for over 34 years, with the last 16 years having direct responsibility for the design, development, implementation and on-going systems management for major corporate client and clinical information systems, and information communications and infrastructure. Stephen has overseen the Northern Territory’s eHealth program for the past 11 years and is the principal architect and sponsor for the development and implementation of a comprehensive eHealth program that is widely regarded as one of the most advanced of its kind in Australia.

As Chair of the National Health Chief Information Officer Forum for the past 8 years, Stephen has played a key role in the development of the National eHealth Strategy and national eHealth foundation services and standards with the previous National E-Health Transitional Authority.

Stephen was appointed by the Australian Health Minister Advisory Council as the Jurisdictional ICT representative on the eHealth Implementation Taskforce Steering Committee, which assisted to establish the Australian Digital Health Agency.

Ms Stephanie Newell

Stephanie Newell

Ms Stephanie Newell is a consultant facilitator, educator and healthcare consumer advocate leader.

Stephanie has extensive experience within the health care sector contributing as a member of a number of Australian and international health care policy and research groups and initiatives in areas which include consumer engagement, patient experience, patient safety, quality improvement, accreditation and standards development. Prior to her roles within the health care sector, Stephanie’s career was in banking and finance with the National Australia Bank.

Stephanie’s roles have included Consumer and Community Engagement Coordinator of the Health Consumers’ Council WA and consultant educator developing and facilitating workshops on partnering with consumers and patient centred care across Australia for The Australian Council on Health Care Standards.

Stephanie is a foundation member and a designated ‘Patients for Patient Safety Champion’ of the World Health Organization’s Patients for Patient Safety program, a past board member of Consumer Health Forum and was the inaugural Chair of the South Australian Department of Health’s Safety and Quality Consumer and Community Advisory Committee. Stephanie holds post-graduate qualifications in Entrepreneurship, Commercialisation and Innovation from the University of Adelaide and is a Graduate member of the Australian Institute of Company Directors.

Dr Bennie Ng

Dr Bennie Ng

Dr Bennie Ng is a specialist hospital administrator and general practitioner, with senior management and policy experience in Australia and abroad. He is currently the General Manager, Partnerships and Strategy at Healthscope, a leading healthcare provider that operates 45 private hospitals across Australia.

Since commencing his career as a General Practitioner, Bennie has gained extensive experience in providing advice to the Australian Government. As an adviser to the Minister of Health, he was responsible for the introduction of measures to expand chronic disease management and mental health services in primary care and Medicare. As Head of Social Policy in the Office of the Prime Minister his responsibilities included health and hospitals, aged care, disabilities/NDIS and indigenous affairs. He has held other senior positions including the Head of Clinical Services Planning at the Hong Kong Hospital Authority and the General Manager, Cancer Medicine at the Peter MacCallum Cancer Centre in Melbourne.

Bennie has a Bachelor’s Degree in Medicine and Surgery and a Masters of Business Administration. He is a Fellow of the Royal Australasian College of Medical Administrators and of the Royal Australian College of General Practitioners. Bennie is currently a part-time member of the Administrative Appeals Tribunal.

Mr Michael Walsh

Michael Walsh

Michael Walsh is the Director-General Queensland Health where he leads a public health and hospital system for a population of nearly 5 million people. Prior to this role, Michael was the inaugural Chief Executive / CIO of eHealth NSW, providing eHealth and ICT services to the NSW Health System. Michael has also worked as Chief Executive of HealthShare NSW, the NSW Health shared service provider.

Michael has extensive experience at the Government Senior Executive level in both NSW and Queensland and has worked in the private sector including for a leading consulting firm. Michael has led large organisational strategy and change programs including major departmental integrations; significant ICT programs; and, large hospital infrastructure programs such as the $10 billion Queensland Hospital rebuilding program including the Gold Coast University Hospital, Sunshine Coast University Hospital and Queensland Children’s Hospital.

Michael has a strong background in public sector governance and leadership. He also has strong experience in portfolio, program and project management, business case development and implementation of major government initiatives.

Professor Johanna Westbrook

Johanna Westbrook

Professor Johanna Westbrook is Professor of Health Informatics and Director, Centre for Health Systems and Safety Research, Australian Institute of Health Innovation, at Macquarie University. She is internationally recognised for her research evaluating the effects of information and communication technology (ICT) in health care and has published over 300 papers. This research has led to significant advances in our understanding of how clinical information systems deliver (or fail to deliver) expected benefits and supported translation of this evidence into policy, practice, and IT system changes.

In 2014 Johanna was awarded Australian ICT Professional of the Year by the Australian Information Industry Association. She has a PhD in Epidemiology from the University of Sydney, a Masters in Health Administration from the University of New South Wales, and a Bachelor of Applied Science (with Distinction) from the University of Sydney. She is a Fellow of the American College of Medical Informatics and the Australasian College of Health Informatics.



Board Meetings

The Board meets regularly in accordance with a formally approved timetable and agenda. The Board convened on 15 occasions throughout 2016-17, five of which were via teleconference. In accordance with PGPA Act requirements, details of the number of Board meetings attended by each member during the financial year are outlined below:

Board Member Meetings
Board member Term of appointment Meetings held and
eligible to attend
Jim Birch AM, Chair 20 April 2016 to 20 April 2019 15 14
Martin Bowles
(replaced Paul Madden)
01 April 2017 to 1 April 2020 2 2
Robert Bransby 20 April 2016 to 20 April 2019 15 15
Dr Eleanor Chew 20 April 2016 to 20 April 2019 15 14
Dr Elizabeth Deveny 20 April 2016 to 20 April 2019 15 14
Paul Madden
(01-07-2016 to 31-03-2017)
20 April 2016 to 20 April 2019 13 12
Lyn McGrath 20 April 2016 to 20 April 2019 15 11
Stephen Moo 20 April 2016 to 20 April 2019
20 April 2017 to 20 April 2018
15 13
Stephanie Newell 20 April 2016 to 20 April 2019 15 14
Dr Bennie Ng 20 April 2016 to 20 April 2019 15 15
Michael Walsh 20 April 2016 to 20 April 2017
20 April 2017 to 20 April 2018
15 11
Professor Johanna Westbrook 20 April 2016 to 20 April 2019 15 10

Back to top

Advisory committees

The Board utilises expert advisory committees to provide strategic thought leadership in their areas of specialist remit, and to assist the Board more broadly in the performance of its functions.

A number of committees are created expressly by the Agency Rule, which prescribes the eligibility requirements for membership (such as relevant expertise) and gives an overview of functions:

Jurisdictional Advisory Committee

The Jurisdictional Advisory Committee gives guidance on all matters for consideration by the Board in order to facilitate national coordination and consistency across geographic and health sector boundaries. Its members are senior representatives of Commonwealth, State and Territory health departments.

Clinical and Technical Advisory Committee The Clinical and Technical Advisory Committee advises on:
  • The efficient and effective delivery of clinical care using digital health;
  • The architectural integration of digital health systems;
  • Changes to digital health system design to improve clinical usability and usefulness based on experience with the use of digital systems;
  • Proposed innovations and measures to improve the efficiency and effectiveness of digital health systems for clinicians and users of the system; and
  • Recommendations in relation to priorities of investment in, and development and implementation of, national digital health systems.
Consumer Advisory Committee The Consumer Advisory Committee advises on:
  • How to ensure key messages about digital health are communicated effectively to relevant stakeholders and health consumer groups;
  • Recognising the interests of minority and special interest groups so as to ensure that their interests are taken into account in the design and implementation of digital health systems; and
  • Establishing and maintaining collaboration with health consumers and providers in relation to digital health systems.
Privacy and Security Advisory Committee The Privacy and Security Advisory Committee advises on:
  • Legal issues in relation to digital health systems, including copyright, data privacy issues, confidentiality issues, data security and legal liability;
  • The long-term legal framework of digital health systems;
  • Privacy and security issues encountered by users of digital health systems, and the resolution of any problems arising from monitoring these issues; and
  • Standards (including compliance with standards) relating to privacy and security in relation to digital health systems.

The Agency Rule also allows the Board to establish additional committees as it considers appropriate. In that context, the Digital Health Safety and Quality Governance Committee was formed:

The Digital Health Safety and Quality Governance Committee: The Digital Health Safety and Quality Governance Committee advises on:
  • All safety, quality and clinical governance aspects of services and contracts undertaken or managed by Australian Digital Health Agency;
  • Oversight of the development, implementation and monitoring of all safety, quality and clinical governance approaches and mechanisms, inclusive of continuous quality improvement and clinical risk management undertaken by the Agency;
  • Safety, quality and clinical governance matters, including policies, that are referred to the Digital Health Safety and Quality Governance Committee by the Agency Board, the Australian Commission on Safety and Quality, Advisory Committees or the Australian Department of Health; and
  • Approving and recommending the Agency Clinical Quality Plan which will include consideration of the outcomes and recommendations provided by the Australian Commission on Safety and Quality in Health Care based upon the conduct of audits and reviews of Agency clinical approaches.

The final advisory body, an audit committee, is mandated by section 45 of the PGPA Act, and section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) sets out its powers of review:

Audit and Risk Committee:

The Audit and Risk Committee was established to assist the Board discharge its responsibilities under the PGPA Act and PGPA Rule through review of the Agency’s financial reporting, performance monitoring, risk oversight and management, internal control and legislative and policy compliance:

  • Financial reporting: activities such as advising on the entity’s preparation and review of its annual financial statements, the adequacy of the entity’s internal budgeting and reporting, and the entity’s obligations under the PGPA Act and other relevant Acts.
  • Performance reporting: reviewing the framework of key performance indicators and other performance measures, or the entity’s annual performance statement; or making recommendations on concerns or opportunities identified by internal or external audits.
  • System of risk oversight and management: advising the entity about internal audit plans; advising about professional standards to be used by internal auditors in the course of carrying out audits; reviewing the entity’s response to internal and external audits and reviewing the entities risk management framework which may include review of the entity’s risk management plan and business continuity plan.
  • System of internal control: reviewing the entity’s compliance framework, governance arrangements and internal control environment.

Back to top

Internal governance


The CEO, Tim Kelsey, leads the Agency in implementing a portfolio of work that supports the Board’s vision. Under section 53 of the Agency Rule, Tim manages the day-to-day administration of the Agency and does so in accordance with the strategy, plans and policies approved by the Agency Board. He is the primary point of liaison between the Board and senior management.

Executive leadership team

The CEO is supported by the Executive Leadership Team, comprised of five Executive General Managers (Division heads) and a Chief Medical Adviser. The team meets weekly with the CEO and is active in the implementation of the governance framework through strategic and financial planning, consideration of ongoing and emerging risks, review of controls, and monitoring the delivery of performance outcomes. It is the primary forum for operational decision-making in the Agency.

Senior leadership team

The Senior Leadership Team also has a role in overseeing operational activities and in guiding the ongoing development of the Agency’s governance policies and processes. The Senior Leadership Team, comprising General Managers (Branch heads) meets with the Executive Leadership Team every three weeks. It provides a mechanism for information sharing, cooperation and collaboration across the leadership group to drive organisational capability and performance.

Directors’ forum

Opportunities to provide input on strategic issues and resolve operational issues are extended to Directors (Section heads) through the Directors’ Forum, which meets fortnightly with a representative of the Executive and Senior Leadership Teams. This forum has a dual purpose: as a communication channel to cascade key messaging from the Executive, and as critical feedback loop. It allows upward communication of staff insights on emerging challenges, resourcing priorities, performance progress, and the operation of policies and processes in practice, leading to their continuous improvement. Together, these forums set the cultural and ethical tone for the Agency and enrich Agency-wide strategic thinking.

Internal Committees

A range of internal committees also support the Agency's leadership and its ability to deliver on its strategic priorities.

Internal committee Purpose
Portfolio Management Committee  Oversees the planning and delivery of the Agency’s annual work program.  
Clinical Programs Management Committee Manages operational aspects of the Agency’s Clinical Programs: Medicines Safety, Pathology and Diagnostic Imaging programs, and any new programs identified by the Agency’s Board.
Digital Health Safety and Quality Management Committee Establishes a forum where clinical governance mechanisms are in place and effective across the Agency.
Workplace Health and Safety Steering Committee Brings together staff and management to develop and review health and safety policies and procedures across the Agency. 

Back to top

Risk management

The Agency is committed to a comprehensive and coordinated approach to managing risk at the enterprise, program and project levels.

In its first year of operations, the Agency designed and implemented a system of internal controls for the oversight and management of risk, including policy guidelines, tools and templates. The framework is aimed at building a positive and transparent risk culture by embedding risk management principles and processes into ‘business as usual’ activities.

The risk management framework is modelled on better practice methodologies, and aligned with the international standard on risk management (AS/NSW ISO 310000) and the Commonwealth Risk Management Policy 2014.

It is designed to support the delivery of the strategic objectives determined by the Board by ensuring that potential adverse events, threats and uncertainties are identified, measured, managed and mitigated. An equal focus is placed on the active and ongoing reporting of risks to ensure they are captured and escalated, where appropriate, to allow visibility by senior management.

Enterprise-wide or strategic risks that could materially impact on the success of the Agency, are owned and reviewed by the Agency board. The Board determines the nature and extent of risk it is prepared to accept to achieve the Agency’s purpose, consistent with the Agency’s risk appetite and prudent use of public funds.

Audit and risk committee

The Audit and Risk Committee is independent of the Agency and provides assurance and advice to the Board on the Agency’s risk, governance and control framework, and the integrity of its performance and financial reporting.

Its efforts are aimed at championing a risk-aware culture that encourages robust risk assessment, risk-informed decision-making, and anticipation of risk in the pursuit of Agency objectives. A primary responsibility of the Committee under its charter is to oversee the preparation and implementation of the Agency’s key risk management initiatives, including audit, fraud control, and business continuity activities.

The risk framework is complemented by an assurance framework designed to confirm the operation and effectiveness of key controls. It is developed to industry standards and scaled to Agency requirements. Consistent with annual obligations in its charter, during the reporting period the Committee commissioned an Agency-wide assurance map to identify the Agency’s key assurance arrangements. This yearly exercise will allow for early detection and correction of any gaps or duplications in assurance coverage, thereby strengthening the Agency’s compliance and review processes and freeing up resources for other use.

Risk management forum

Given that responsibility for risk management rests with all of the Agency’s staff, a Risk Management Forum was established with membership across business, product and program areas, to build and nurture a risk management capability and a broader understanding of risk exposures across the Agency.

Portfolio management committee

The Agency’s Portfolio Management Committee, which monitors delivery of the annual work program and derivative projects, also maintains a broad entity-wide perspective of risks which facilitates a consistent approach to their identification, treatment and monitoring on an ongoing basis.

Audit arrangements

The Agency relies on audit activities as an essential tool to identify opportunities to deliver better practices that will drive performance and greater transparency of the Agency’s governance and decision-making arrangements.

Internal audit

The Agency appointed Axiom Associates as its internal auditors in February 2017, and they prepared a Strategic Internal Audit Plan extending through June 2019. The audit program was informed by a consultative and collaborative risk assessment process to target areas of highest risk and those of high value warranting independent appraisal of financial and operational controls.

Financial reporting and shared services audits were underway during the reporting period. The findings will be presented to the Audit and Risk Committee, with an accompanying plan to action any recommendations as part of ongoing efforts to improve Agency processes and performance.

Priority areas for 2017-18 activity include security controls, business continuity and contract management. The Agency will continue to focus audit resources on identified areas of significant or financial risk while being flexible enough to respond to emerging risks and changing demands. The audit program will be reviewed and revised to account for significant changes in the internal and external environment, and also to reflect the continued growth in the Agency’s maturity and capability.

External audit

The Auditor-General is the external auditor for the Agency, as required by the PGPA Act. The Auditor-General, through the Australian National Audit Office (ANAO), has audited the Agency’s financial statements to ensure they have been prepared in accordance with the Australian Accounting Standards and other requirements prescribed by the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015. The Agency’s financial statements are presented in Part 4 of this report.

Under its Charter, the Audit and Risk Committee is empowered to act as the liaison point between Agency management and the ANAO, and to review both the financial accounts and the processes in place that support the integrity of financial information published in the Annual Report.

The Audit and Risk Committee also oversees the Agency’s fraud control arrangements.

Back to top

Fraud control

The Agency has developed an integrity framework aimed at ensuring standards of professionalism, individual accountability and ethical behaviour are valued and shared across the organisation. The framework is underpinned by polices, plans and procedures such as Accountable Authority Instructions that encourage responsible public administration and minimise the risk of misappropriation of Agency resources.

The Agency recognises that all staff must do their part to safeguard Agency assets against loss through fraud, negligence or other misconduct and promote a positive workplace culture by supporting fraud control efforts. The Agency also recognises its responsibility to support individuals who report suspected wrongdoing.

During 2016-17, the Agency conducted a risk assessment of its possible exposure to fraud, corrupt or improper conduct. That assessment allowed for the preparation of a Fraud Control Plan tailored to Agency requirements. The plan documents the Agency’s fraud governance arrangements, risk mitigation measures and reporting responsibilities. It also provides for training and awareness activities to assist Agency staff to identify suspected fraud and understand their disclosure obligations. The plan is supported by appropriate fraud prevention, detection and response strategies to minimise the incidence and impact of fraud.

The fraud control plan accords with the Commonwealth Fraud Control Framework and with the ANAO Better Practice Guide, Fraud Control in Australian Government entities, and gives effect to the fraud control provisions of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Rule 10 of the Public Governance, Performance and Accountability Rule 2014.

No material instances of fraud were reported during the financial year.

Back to top

Business continuity management

The Agency has developed a Business Continuity Plan aimed at building operational resilience by ensuring that critical services continue in the aftermath of a major business disruption, and ordinary functions resume within acceptable recovery timeframes.

The plan is mapped to the Agency’s risk profile and details contingencies and related controls to reduce the likelihood and effect of a business interruption. Disaster recovery plans are also in place to safeguard ICT systems that are intrinsic to the Agency’s operations.

The Agency’s second year of operations will focus on testing and validating business continuity arrangements and incorporating any lessons learned from disaster recovery exercises. Training will also take priority so staff are aware of their roles and responsibilities during a crisis and understand Agency measures to centralise and coordinate its response and prioritise and restore system and workforce availability.

Back to top