The objective of the audit was to assess the effectiveness of the governance board in the Australian Institute of Marine Science.

Summary and recommendations

Background

1. The governing board of a corporate Commonwealth entity is the accountable authority for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act)1, with responsibility for ‘leading, governing and setting the strategic direction’ for the entity.2

2. Around 60 corporate Commonwealth entities subject to the PGPA Act have governing boards, comprising a total of approximately 510 board positions.3 Corporate Commonwealth entities with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

Boards and corporate governance

Duties and roles

3. Sections 15 to 19 of the PGPA Act impose duties on accountable authorities in relation to governing the corporate Commonwealth entity for which they are responsible.4 As the accountable authority, members of Commonwealth governing boards are also officials under the PGPA Act and subject to the general duties of officials in sections 25 to 29 of the Act.5 Guidance issued to accountable authorities by the Department of Finance (Finance) observes that ‘each of these duties is as important as the others’.6

4. Boards play a key role in the effective governance of an entity. Corporate governance is generally considered to involve two dimensions, which are the responsibility of the governing board. These are:

Performance — monitoring the performance of the organisation and CEO.

Conformance — compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

…… it is important to understand that governing is not the same as managing. Broadly, governance involves the systems and processes in place that shape, enable and oversee management of an organisation. Management is concerned with doing – with co-ordinating and managing the day-to-day operations of the business.7

Australian Institute of Marine Science

5. The Australian Institute of Marine Science (AIMS) has a governing board and was established in 1972 as a Commonwealth statutory authority operating under the Australian Institute of Marine Science Act 1972 (AIMS Act).8 The key functions of AIMS include providing the research and knowledge of Australia’s marine estate required to support growth in its sustainable use, effective environmental management and protection of its unique ecosystems.

Rationale for undertaking the audit

6. This topic was selected for audit as part of the ANAO’s multi-year audit program that examines aspects of the implementation of the PGPA Act. This audit provides an opportunity for the ANAO to review whether boards have established effective arrangements to comply with selected legislative and policy requirements and adopted practices that support effective governance. The audit also contributes to the identification of practices that support effective governance that could be applied in other entities. This audit is one of a series of governance audits that apply a standard methodology to the governance of individual boards.

Audit objective, criteria and scope

7. The objective of the audit was to assess the effectiveness of the governance board in the Australian Institute of Marine Science (AIMS).

8. To form a conclusion against the audit objective the following high level criteria were adopted:

  • the board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance; and
  • the board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

9. The audit examined the period July 2016 until March 2019.

10. Guidance to boards issued by the Department of Finance was reviewed by the ANAO having regard to the report of the 2019 Hayne Royal Commission9, which was released during the course of this audit, and other key reviews of board governance.10

Conclusion

11. The governance and oversight arrangements adopted by the Australian Institute of Marine Science Council (the board) are effective.

Supporting findings

AIMS board governance arrangements

12. The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance.

13. The ANAO has identified a number of opportunities for improvement relating to:

  • establishing a board charter;
  • the board taking a more active role in approving key policies;
  • setting board expectations for reporting to it by management through a board charter;
  • periodically assessing board performance; and
  • the board actively reviewing the risk register and using it to drive the management of risk.

AIMS board arrangements to oversight compliance with key legislative and other requirements

14. The board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

15. The ANAO also made a number of suggestions for improvement including in relation to:

  • the board having a role in approving the Financial and Contract Delegations Policy;
  • including details of the basis of assurance in annual compliance certification summaries;
  • the board establishing Accountable Authority Instructions;
  • updating the Financial and Contract Delegations Policy to reflect legislative requirements; and
  • the board considering the Entertainment and Hospitality Policy, including its implications for board members.

Recommendation

Recommendation no. 1

Paragraph 3.16

The Australian Institute of Marine Science ensure its corporate plan meets all the minimum requirements of the Public Governance, Performance and Accountability Rule 2014.

Australian Institute of Marine Science: Agree.

Summary of entity response

16. The proposed report was provided to AIMS which provided a summary response that is set out below. The full response from AIMS is provided at Appendix 1.

Australian Institute of Marine Science

The AIMS Council welcomed the ANAO’s decision to conduct an audit of the effectiveness of its governance as a useful and timely undertaking. The AIMS Council is committed to delivering good governance and wishes to achieve and maintain best practice in meeting its responsibilities. In a changing environment, at a time when new standards and expectations for corporate and board governance are being set, including through the conduct of a number of Reviews and Enquiries, it has been beneficial to work through the audit process, to gain a clearer understanding of these changing standards and expectations and their implications for board governance, and also to receive considered advice about practices that support effective governance.

The Council was pleased with the central finding of the Audit Report: that the governance and oversight arrangements it has in place are effective, and with the supporting findings, that its governance and administrative arrangements are consistent with relevant legislative requirements, that it has structured its operations in a manner that supports effective governance, and that the Council has established fit-for-purpose arrangements to oversight compliance with ley legislative and other requirements.

The ANAO’s Recommendation that AIMS ensure full compliance of its Corporate Plan with PGPA Rule 2014 will be acted upon when AIMS prepares its next Corporate Plan.

Council welcomes the Audit Report’s identification of Opportunities for Improvement in a number of areas. These suggestions will be examined thoroughly, with a view to enhancing Council’s governance arrangements and practices.

Key messages from this audit for all Australian Government entities

17. This audit is one of a series of governance audits that apply a standard methodology to the governance of individual boards. The four entities included in the ANAO’s 2018–19 board governance audit series are:

  • Old Parliament House;
  • the Special Broadcasting Service;
  • the Australian Institute of Marine Science; and
  • the Sydney Harbour Federation Trust.

18. The first report in this series, Auditor-General Report No.34 2018–19 Effectiveness of Board Governance at Old Parliament House, includes a recommendation directed to the Department of Finance (Finance) to update its guidance to accountable authorities having regard to the key insights and messages for accountable authorities, including governance boards, identified in the recent inquiries and reviews referenced in paragraph 10. Finance agreed with the recommendation.

19. Key messages from the ANAO’s series of governance audits will be outlined in an upcoming ANAO Insights product available on the ANAO website.

1. Background

Introduction

Governance boards

1.1 The governing board of a corporate Commonwealth entity is the accountable authority for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act)11, with responsibility for ‘leading, governing and setting the strategic direction’ for the entity.12

1.2 Around 60 corporate Commonwealth entities subject to the PGPA Act have governing boards, comprising a total of approximately 510 board positions.13 Corporate Commonwealth entities with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

Boards and corporate governance

Duties and roles

1.3 Sections 15 to 19 of the PGPA Act impose duties on accountable authorities in relation to governing the corporate Commonwealth entity for which they are responsible (see Box 1).14 As the accountable authority, members of Commonwealth governing boards are also officials under the PGPA Act and subject to the general duties of officials in sections 25 to 29 of the Act (see Box 1).15 Guidance issued to accountable authorities by the Department of Finance (Finance) observes that ‘each of these duties is as important as the others’.16

Box 1: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) – RMG 200, December 2016

General duties as an official

You must exercise your powers, perform your functions and discharge your duties:

  • with the degree of care and diligence that a reasonable person would exercise if the person had the same responsibilities as you (section 25)
  • honestly, in good faith and for a proper purpose (section 26).

You must not improperly use your position, or information you obtain in that position, to:

  • gain, or seek to gain, a benefit or an advantage for yourself or any other person (section 27)
  • cause, or seek to cause, detriment to your entity, the Commonwealth or any other person (section 28).

Like all officials, you must disclose material personal interests that relate to the affairs of your entity (section 29) and you must meet the requirements of the finance law.

Accountable authorities who do not comply with these general duties can be subject to sanctions, including termination of employment or appointment.

General duties as an accountable authority

The additional duties imposed on you as an accountable authority are to:

  • properly govern your Commonwealth entity (section 15)
  • establish and maintain appropriate systems relating to risk management and oversight and internal controls (section 16)
  • encourage officials to cooperate with others to achieve common objectives (section 17)
  • take into account the effects of imposing requirements on others (section 18)
  • keep your minister and the Finance Minister informed (section 19).

Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity [Internet].

1.4 Boards play a key role in the effective governance of an entity. Corporate governance is generally considered to involve two dimensions, which are the responsibility of the governing board:

Performance — monitoring the performance of the organisation and CEO. This also includes strategy — setting organisational goals and developing strategies for achieving them, and being responsive to changing environmental demands, including the prediction and management of risk. The objective is to enhance organisational performance;

Conformance — compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

… it is important to understand that governing is not the same as managing. Broadly, governance involves the systems and processes in place that shape, enable and oversee management of an organisation. Management is concerned with doing–with co-ordinating and managing the day-to-day operations of the business.17

1.5 The relationship between effective corporate governance and organisational performance is summarised in Box 2.

Box 2: The relationship between corporate governance and organisational performance

Narrowly conceived, corporate governance involves ensuring compliance with legal obligations, and protection for shareholders against fraud or organisational failure. Without governance mechanisms in place — in particular, a board to direct and control — managers might ‘run away with the profits’. Understood in this way, good governance minimises the possibility of poor organisational performance…more recent definitions of good governance emphasise the contribution good governance can make to improved organisational performance by highlighting the strategic role of the board. Legal compliance, ongoing financial scrutiny and control, and fulfilling accountability requirements are fundamental features of good corporate governance. However, a high-performing board will also play a strategic role. It will plan for the future, keep pace with changes in the external environment, nurture and build key external relationships (for example, business contacts) and be alert to opportunities to further the business. The focus is on performance as well as conformance. The board is not there to simply monitor and protect but also to enable and enhance.18

In summary, research conducted by those working closely with boards suggests that:

  1. The ‘hard attributes’ of governance such as board independence may be necessary but are not sufficient. At best, they form minimal standards of good governance. More accurately, it is the interplay of these ‘hard’ but easy to measure attributes and ‘soft’ attributes that lead to good governance.
  2. The ‘soft attributes’ of governance such as the chair/CEO relationship, board behaviours and board culture are critical to good governance.19

Culture and governance

1.6 The interplay of the ‘hard’ and ‘soft’ attributes of governance — and the criticality of board and organisational culture to an entity’s performance, values and conduct — have been central themes in notable Australian inquiries into organisational misconduct. These have included the 2003 Royal Commission into the failure of HIH Insurance20, the 2018 APRA Prudential Inquiry into the Commonwealth Bank of Australia21 and the 2019 Royal Commission into the financial services industry.22 While the specific focus of these inquiries was on financial institutions, their key insights on culture and governance have wider applicability and provide lessons for all accountable authorities, including governance boards. Many Auditor-General Reports have made findings consistent with those appearing in these inquiries.23

2003 HIH Royal Commission

1.7 The HIH Royal Commissioner defined corporate governance as the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations — embracing not only the models or systems themselves but also the practices by which that exercise and control of authority is in fact effected. Justice Owen observed by way of introduction that:

A cause for serious concern arises from the [HIH] group’s corporate culture. By ‘corporate culture’ I mean the charism[a] or personality—sometimes overt but often unstated—that guides the decision-making process at all levels of an organisation …

The problematic aspects of the corporate culture of HIH—which led directly to the poor decision making—can be summarised succinctly. There was blind faith in a leadership that was ill-equipped for the task. There was insufficient ability and independence of mind in and associated with the organisation to see what had to be done and what had to be stopped or avoided. Risks were not properly identified and managed. Unpleasant information was hidden, filtered or sanitised. And there was a lack of sceptical questioning and analysis when and where it mattered.

At board level, there was little, if any, analysis of the future strategy of the company. Indeed, the company’s strategy was not documented and it is quite apparent to me that a member of the board would have had difficulty identifying any grand design …

… A board that does not understand the strategy may not appreciate the risks. And if it does not appreciate the risks it will probably not ask the right questions to ensure that the strategy is properly executed. This occurred in the governance of HIH. Sometimes questions simply were not posed; on other occasions the right questions were asked but the assessment of the responses was flawed.

1.8 More specifically, Justice Owen reported in chapter 6 of the report — which was dedicated to corporate governance — on key aspects of board operations and the importance of:

  • clearly defined and recorded policies or guidelines;
  • clearly defined limits on the authority of management, including in relation to staff emoluments;
  • independent critical analysis by the board;
  • recognition and resolution of conflicts of interest;
  • dealing with governance concerns;
  • maintaining control of the board agenda; and
  • providing relevant information to the board.
2018 APRA Prudential Inquiry

1.9 The APRA Prudential Inquiry also dedicated substantial sections of its report to culture and governance. The review panel observed that:

Culture can be thought of as a system of shared values and norms that shape behaviours and mindsets within an institution. Once established, the culture can be difficult to shift. Desired cultural norms require constant reinforcement, both in words and in deeds. Statements of values are important in setting expectations but their impact is sotto voce. How an institution encourages and rewards its staff, for instance, can speak more loudly in reflecting the attitudes and behaviours that it truly values.24

1.10 The Prudential Inquiry associated weaknesses in board oversight and organisational culture with:

  • insufficient rigour and urgency by the Board and its Committees around holding management to account in ensuring that risks were mitigated and issues closed in a timely manner;
  • gaps in reporting and metrics hampered the effectiveness of the Board and its Committees; and
  • a heavy reliance on the authority of key individuals that weakened the Committee construct and the benefits that it provides.25
2019 Hayne Royal Commission

1.11 The Hayne Royal Commission similarly incorporated a substantial chapter on culture, governance and remuneration in the final report. Commissioner Hayne reported that the evidence before the Commission showed that:

too often, boards did not get the right information about emerging non-financial risks; did not do enough to seek further or better information where what they had was clearly deficient; and did not do enough with the information they had to oversee and challenge management’s approach to these risks.

Boards cannot operate properly without having the right information. And boards do not operate effectively if they do not challenge management.26

1.12 The Commissioner challenged governance boards to actively discharge their core functions, including the strategic oversight of non-financial risks such as compliance risk, conduct risk and regulatory risk:

Every entity must ask the questions provoked by the Prudential Inquiry into CBA:

  • Is there adequate oversight and challenge by the board and its gatekeeper committees of emerging non-financial risks?
  • Is it clear who is accountable for risks and how they are to be held accountable?
  • Are issues, incidents and risks identified quickly, referred up the management chain, and then managed and resolved urgently? Or is bureaucracy getting in the way?
  • Is enough attention being given to compliance? Is it working in practice? Or is it just ‘box-ticking’?
  • Do compensation, incentive or remuneration practices recognise and penalise poor conduct? How does the remuneration framework apply when there are poor risk outcomes or there are poor customer outcomes? Do senior managers and above feel the sting?27

1.13 Key observations made in the Hayne Royal Commission on governance boards’ use of information, and the link between culture, governance and remuneration, are summarised in Box 3.

Box 3: 2019 Hayne Royal Commission

Information going to boards and its effective use

The Royal Commission observed that ‘it is the role of the board to be aware of significant matters arising within the business, and to set the strategic direction of the business in relation to those matters,’28 and identified ‘the importance of a board getting the right information and using it effectively’.29

Boards must have the right information in order to discharge their functions. In particular, boards must have the right information in order to challenge management on important issues including issues about breaches of law and standards of conduct, and issues that may give rise to poor outcomes for customers. Without the right information a board cannot discharge its functions effectively.

When I refer to boards having the right information, I am not referring to boards having more information … it is the quality, not the quantity, of information that must increase. Often, improving the quality of information given to boards will require giving directors less material and more information…

Boards must also use the information that they have to hold management to account. Boards cannot, and must not, involve themselves in the day-to-day management of the corporation. Nothing in this Report should be taken to suggest that they should. The task of the board is overall superintendence of the company, not its day-to-day management. But an integral part of that task is being able and willing to challenge management on key issues, and doing that whenever necessary.30

Culture, governance and remuneration

The Royal Commission highlighted the importance of governance boards focusing on entity remuneration policy, because ‘the remuneration arrangements of an entity show what the entity values’.31 The Commission concluded that ‘Culture, governance and remuneration march together.’32

When remuneration arrangements are designed or implemented in a way that sees executives rewarded with large bonuses despite their poor management of risks, those remuneration arrangements increase the likelihood that the entity will engage in misconduct, or conduct that falls below what the community expects. By contrast, when remuneration arrangements are designed and implemented in a way that properly takes into account the way that executives have managed risks—including compliance risk, conduct risk and regulatory risk—those remuneration arrangements will decrease the likelihood that the entity will engage in misconduct, or conduct falling below community standards and expectations. As I said earlier, an entity’s remuneration arrangements, especially variable remuneration programs, tell staff what the entity rewards and what the entity values.33

Assessment of culture and governance by boards

1.14 Recommendation 5.6 of the Hayne Royal Commission — titled ‘changing culture and governance’ — was that entities should, as often as reasonably possible, take proper steps to: assess the entity’s culture and its governance; identify any problems with that culture and governance; deal with those problems; and determine whether the changes it has made have been effective.

1.15 Underlining the criticality of organisational culture to entity performance, values and conduct, the Royal Commissioner emphasised that this recommendation, ‘although it is expressed generally, can and should be seen as both reflecting and building upon all the other recommendations that I make.’34

1.16 In a similar vein, the HIH Royal Commission had warned in 2003 of the dangers of a ‘tick the box’ mentality towards corporate governance, and the benefits of periodic review by boards of corporate governance practices to ensure their suitability.

The Public Governance, Performance and Accountability Act 2013 (PGPA Act)

1.17 The objects of the PGPA Act include: to establish a coherent system of governance and accountability across Commonwealth entities; and to require the Commonwealth and Commonwealth entities to meet high standards of governance, performance and accountability.35

1.18 As discussed in paragraph 1.3 of this audit report, the PGPA Act includes both general duties of accountable authorities and general duties of officials. It also establishes obligations relating to the proper use of public resources (that is, the efficient, effective, ethical and economical use of resources).36 In so doing, the PGPA Act establishes clear cultural expectations for all Commonwealth accountable authorities and officials in respect to resource management. Finance, which supports the Finance Minister in the administration of the PGPA Act framework, has also issued a range of guidance documents on the technical aspects of resource management under the framework.

1.19 Finance issued a Resource Management Guide (RMG 200) in December 2016 to assist accountable authorities37, which is principally a factual and procedural guide with a focus on legal compliance. There is no equivalent in the Commonwealth public sector of resources built up over time — such as the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations38 and Australian Institute of Company Directors (AICD) resources — to support public sector governance boards. In consequence, public sector accountable authorities would need to rely on a combination of personal experience and other resources to supplement the guidance released by Finance. As discussed, the recent APRA Prudential Inquiry and Hayne Royal Commission have again highlighted the criticality of effective board governance, corporate culture and the interplay of the ‘hard’ and ‘soft’ attributes of governance, and there would be merit in Finance issuing guidance which has regard to the key insights and messages of those inquiries directed to accountable authorities.

Recommendation

1.20 The first report in this series of board governance audits, Auditor-General Report No.34 of 2018–19 Effectiveness of Board Governance at Old Parliament House, includes a recommendation directed to the Department of Finance to update its guidance to accountable authorities having regard to the key insights and messages for accountable authorities identified in the recent inquiries and reviews referenced above. Finance agreed to the recommendation.

Rationale for undertaking the audit

1.21 This topic was selected for audit as part of the ANAO’s multi-year audit program that examines aspects of the implementation of the PGPA Act. This audit provides an opportunity for the ANAO to review whether boards have established effective arrangements to comply with selected legislative and policy requirements and adopted practices that support effective governance. The audit also contributes to the identification of practices that support effective governance that could be applied in other entities. This audit is one of a series of governance audits that apply a standard methodology to the governance of individual boards.

1.22 The four entities included in the ANAO’s 2018–19 board governance audit series are:

  • Old Parliament House;
  • the Special Broadcasting Service;
  • the Australian Institute of Marine Science; and
  • the Sydney Harbour Federation Trust.

Australian Institute of Marine Science (AIMS)

1.23 AIMS was established in 1972 as a Commonwealth statutory authority operating under the Australian Institute of Marine Science Act 1972 (AIMS Act). The key functions of AIMS include providing the research and knowledge of Australia’s marine estate required to support growth in its sustainable use, effective environmental management and protection of its unique ecosystems. AIMS seeks to deliver the science to help realise three key impacts:

  • improve the health and resilience of marine and coastal ecosystems across northern Australia
  • create economic, social and environmental net benefits for marine industries and coastal communities
  • protect coral reefs and other tropical marine environments from the effects of climate change.39

1.24 AIMS is accountable to the Minister for Industry, Science and Technology and is governed by a Council40 (the board) that reports to the Minister. Under the AIMS Act, the board consists of a Chairperson, the Chief Executive Officer (CEO); a member nominated by James Cook University; and four other members.41 The board meets quarterly and sets strategic directions and research strategies and oversees management of the Institute. The CEO is responsible for managing the day-to-day affairs of AIMS.

1.25 AIMS has a staff of approximately 240, receives around $45 million in appropriations and generates approximately $23 million in own source revenue.

Audit approach

Audit objective, criteria and scope

1.26 The objective of the audit was to assess the effectiveness of the governance board in the Australian Institute of Marine Science.

1.27 To form a conclusion against the audit objective the following high level criteria were adopted:

  • the board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance; and
  • the board has established-fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

1.28 The audit examined the period July 2016 until March 2019.

1.29 Guidance to boards issued by Finance was reviewed by the ANAO having regard to the report of the 2019 Hayne Royal Commission42, which was released in the course of this audit, and other key reviews of board governance.43

Audit methodology

1.30 In undertaking the audit the ANAO:

  • reviewed board and audit committee papers and minutes from July 2016 to December 2018;
  • reviewed a range of relevant documentation including entity corporate plans, strategy documents, audit committee charters, risk registers, and conflict of interest declarations;
  • interviewed current and former board members;
  • attended two board meetings (September and December 2018) and one audit committee meeting (November 2018) as an observer; and
  • reviewed relevant guidance and reviews on board governance.

1.31 The audit was conducted in accordance with the ANAO Audit Standards at a cost to the ANAO of approximately $203,000. The team members for this audit were Grace Guilfoyle, Kelly Williamson, Shane Armstrong and Michelle Page.

2. AIMS board governance arrangements

Areas examined

This chapter examines whether the board’s governance and administrative arrangements are consistent with relevant legislative requirements and whether the board has structured its own operations in a manner that supports effective governance.

Conclusion

The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance.

Areas for improvement

The ANAO has identified a number of opportunities for improvement relating to:

  • establishing a board charter;
  • the board taking a more active role in approving key policies;
  • setting board expectations for reporting to it by management through a board charter;
  • periodically assessing board performance; and
  • the board actively reviewing the risk register and using it to drive the management of risk.

Are the board’s governance and administrative arrangements consistent with relevant legislative requirements and has the board structured its own operations in a manner that supports effective governance?

The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance.

2.1 The Australian Institute of Martine Science (AIMS) was established by its enabling legislation, the Australian Institute of Marine Science Act 1972 (AIMS Act). The ANAO examined whether:

  • the board’s governance and administrative arrangements are consistent with the enabling legislation; and
  • the board had structured its own operations in a manner that supports effective governance.

2.2 The results of the ANAO’s assessment against each of these requirements and any suggestions for improvement are outlined below.

Consistency of governance and administrative arrangements with the AIMS Act

Membership and appointment of board members

2.3 The AIMS Act outlines the requirements for board membership, with the Governor-General responsible for appointments. The Act requires the appointment of:

  • a Chairperson;
  • the Chief Executive Officer (CEO);
  • a member nominated by James Cook University; and
  • four other members.

2.4 In addition, at least three board members shall be persons possessing scientific qualifications and each member holds office for a period not exceeding five years but is eligible for re-appointment. The board met these requirements.

2.5 During the period July 2016 to March 2019, three board members (including the previous CEO) left the board and were replaced. There is evidence the board considered the skills needed for new board appointments. AIMS used a skills matrix that records details of the qualifications and background of current and potential new board members and provides ratings against eight skill areas. The board Chairperson wrote to the relevant Minister and provided the matrix to support recommendations for new appointments in 2017 and 2018. The skills matrix was the result of combined input from the portfolio department44, the AIMS Executive and the board Chairperson.

2.6 There would be benefit in the board engaging with the department and the Minister in relation to the skill requirements for future board appointments.

Acting arrangements for the board Chairperson and board members

2.7 The AIMS Act contains provisions for board member and board chairperson acting arrangements. AIMS board members advised there were no acting arrangements required for board members or the board Chairperson in the period covered by the audit.

Meeting requirements, quorum, presiding at meetings and voting

2.8 The AIMS Act states that the Council shall hold such meetings as are necessary for the performance of its functions, and as directed by the Minister. Board induction papers state that the board typically meets four times a year with an additional teleconference for adoption of the financial statements. In both 2016–17 and 2017–18 this pattern was adopted. The AIMS board induction pack outlines that the dates and location of board meetings are discussed and agreed at the last meeting of the year, and that meetings are at a location convenient to the majority of members. There is evidence that in determining dates the board is cognisant of parliamentary sitting weeks and significant dates such as the dates of Senate estimates and the timing of science related events.45

2.9 In relation to board meetings, the AIMS Act specifies that a quorum is constituted by not less than four members. A quorum was obtained at each board meeting during the period reviewed. The board Chairperson was present and presided at all meetings.

2.10 The AIMS Act specifies that questions arising at a meeting of the board shall be determined by a majority of the votes of the members present and the member presiding at a meeting of the board has a deliberative vote, and, in the event of an equality of votes, also has a casting vote. AIMS advised that all matters were resolved through consensus during the period examined by the audit.

Appointment and responsibilities of CEO

2.11 The AIMS Act specifies that the CEO is appointed by the board but does not outline any specific requirements regarding appointment. The term of the previous CEO expired in November 2016. The CEO was offered, and accepted, a twelve-month extension, to 29 November 2017. Board minutes indicate the extension was approved by the Minister and involved consultation with the Office of the Prime Minister. A new CEO was appointed to AIMS in June 2017. The board established a sub-committee to manage the selection process for a new CEO. The process of selecting a new CEO included:

  • interviews of five short-listed candidates;
  • the identification of a highly suitable candidate;
  • the selection sub-committee presenting its recommendation to the board for consideration;
  • board approval of the proposal;
  • the board providing the Minister with the name of the candidate for consideration and approval;
  • the Minister’s approval and recommendation to the Prime Minister for approval; and
  • the Prime Minister’s and, at the Prime Minister’s discretion, Cabinet’s, approval.

2.12 The AIMS Act further states that subject to the general direction of the Council, the CEO shall manage the affairs of the Institute. There are no other requirements relating to CEO responsibilities. The board has delegated authority to the CEO, including responsibility for the Financial and Contract Delegations Policy. Board minutes indicated that the board approved delegations and a requirement for contracts to align with board strategies in 201346, and increased delegations in 2015.47 Management last reviewed the policy in June 2018, and advised the board of the outcomes of the review.

Outside employment

2.13 The AIMS Act states that the CEO shall not engage in paid employment outside the duties of his or her office except with the approval of the board. To meet the requirements of the Act, the CEO’s contract, signed by the board Chairperson, includes approval in relation to books he authors, including the requirement that such activity takes place in his own time, and does not affect his ability to perform his role. As discussed in Table 3.1, declaration of interests is a standing agenda item at board meetings, and includes current CEO outside engagements.48

Board operations

2.14 Paragraphs 1.3 to 1.16 of this audit report outlined key insights on corporate governance and board operations, including in recent reviews and inquiries. Key themes include the need for:

  • recognition and management of conflicts of interest;
  • board members to question and challenge management;
  • risk to be properly identified, considered and managed;
  • boards to consider future strategy and key policies including remuneration policy;
  • boards to periodically assess corporate governance and organisational culture; and
  • appropriate oversight of compliance.

2.15 The ANAO attended two AIMS board meetings (September and December 2018) and one audit committee meeting (November 2018). In those meetings, and through the review of board and audit committee papers and minutes and interviews and interactions with board members, the ANAO observed board members collectively displaying a range of qualities and behaviours that indicated the existence of a positive governance culture at board level. These included:

  • an openness to declaring conflicts of interest;
  • a willingness to challenge management, engage in robust debate, explore various options and seek further clarification as needed;
  • an ability to conduct meetings in a professional, collegiate and respectful manner;
  • an understanding of their obligations as the accountable authority and the challenges facing the entity;
  • a desire and commitment to act in the best interests of the entity; and
  • a willingness to undertake sufficient preparation to enable meetings to be conducted in a productive manner.

2.16 The board engaged a consultant to conduct a presentation on government boards, covering duties under the PGPA Act as an accountable authority, additional common law duties, conflict of interest, and board culture. The presentation took place at the December 2018 board meeting.

2.17 AIMS quarterly board meetings are held over two days and involve presentation of various management reports, as discussed in Table 3.1. In addition to CEO and Operations Officer (COO) reports, standing agenda items cover areas such as ministerial correspondence; health, safety and environment; the reef restoration initiative; research; corporate performance; potential business ventures; finance; external revenue; audit committee matters; government and public relations; risk management; significant contracts; and meeting evaluations. The board also receives a science presentation at each meeting, providing updates on a current area of research.

2.18 Board meetings also include a stakeholder function on the evening of the first day. The ANAO observed two stakeholder functions. Each function involved a presentation of the AIMS strategic plan and current activities. Board members have advised that these functions have been useful for board engagement with stakeholders and AIMS management. Attendees have included representatives from other science institutions, government and the private sector.

2.19 The remainder of this section examines specific aspects of the board’s governance and administrative arrangements.

Does the board have a charter?

2.20 A board charter is a written document that sets out such things as:

  • the functions, powers, and membership of the board;
  • roles, responsibilities and expectations of members, both individually and collectively, and of management49;
  • role and responsibilities of the Chairperson50;
  • procedures for the conduct of meetings51; and
  • policies on board performance review.

2.21 The AIMS board does not have a charter. Board members are provided with some of the information that may be found in a charter. For example, the board member induction pack contains a high level overview of the board with information on the role of the board, executive and management team and board committees. However, the guidance related to the conduct of meetings is limited to specifying the frequency of board meetings. The AIMS Act, also provided at induction, provides information on board membership and meeting requirements. As discussed in paragraph 2.30 and Table 3.4, the induction pack also contains the code of conduct, which details expected standards of conduct. The code of conduct applies to the board52 as well as other employees.

Opportunities for improvement

2.22 There is an opportunity for the AIMS board to establish a board charter and include key behavioural and cultural expectations for board members. Numerous governance related organisations encourage boards to have a charter. For example the Australian Institute of Company Directors (AICD) states:

Board charters are used by many organisations. Many major inquiries, reports and leading governance practice recommendations refer to the need for board charters or similar documentation in delivering effective governance.53

2.23 A charter can provide a single reference point that clearly sets out the functions, powers and membership of the board, as well as roles, responsibilities and accountabilities, consistent with relevant legislative requirements. Board charters can also articulate the desired culture of the board and address the ‘soft attributes’ of governance discussed in chapter 1 of this audit report relating to board culture and behaviours, which are critical to good governance.54 The AICD has indicated that:

In most organisations the governance framework is determined by the legislation that it has been created under…However, there are many aspects of modern governance which the board must consider and act upon that lie outside legal requirements. The board charter is one way of documenting these matters.55

2.24 It is important that board charters assist board members rather than inappropriately constrain them. For example, a board may consider including discretionary clauses in the charter to provide the necessary flexibility for the board to discharge its duties. The charter can be a living document, subject to thoughtful consideration and periodic review.

Does the accountable authority approve or have oversight of key policies?

2.25 The audit committee has oversight of a Policies and Procedures status report, which identifies when policies are due for review and who is responsible for authorisation. This is a practice that could be adopted by other entities. The Policies and Procedures status report states that the following policies are authorised by the board:

  • Investment of Relevant Money;
  • Fraud Control Plan;
  • Public Interest Disclosure and Whistleblower Policy;
  • Intellectual Property Policy;
  • Declaration of Interests Protocol; and
  • Appointment of AIMS Officers to External Boards Policy (this policy is recorded as authorised by the board and executive team).

2.26 The Investment of Relevant Money, Fraud Control Plan and Declaration of Interests Protocol were approved by the board during the period subject to review by the audit. The board last approved the Public Interest Disclosure and Whistleblower Policy in June 2014, and AIMS has advised it has been reviewed by management since then, with no changes required. The board approved the Appointment of AIMS Officers to External Boards and Intellectual Property policies in September 2013.

2.27 The executive team, not the board, is responsible for authorising the Risk Management Framework, Code of Conduct and Health and Safety Policy. As discussed in paragraph 2.12, the CEO is the authoriser of the Financial and Contract Delegations Policy.

Opportunities for improvement

2.28 There is an opportunity for the AIMS board to consider the policies it reviews and endorses with a view to ensuring the board periodically and systematically reviews and approves all key policies, particularly those that relate to the duties of an accountable authority. Board review of key policies and frameworks such as financial delegations, risk management, work health and safety and fraud can assist board members gain assurance that they are effectively discharging their duties as the accountable authority by setting the framework for compliance with relevant legislation. Having the board approve policies such as code of conduct, remuneration and key quality assurance frameworks (if applicable) enables boards to influence behaviours and can be an important mechanism in communicating the desired culture within the entity. Recent reviews such as the 2018 APRA Prudential Review and the 2019 Hayne Royal Commission have highlighted that boards need to be alive to how incentives in organisations can drive behaviours.56 Periodic board review of key policies can assist a board in its messaging to the entity about the organisational culture it wishes to promote.

2.29 In relation to risk management policies and frameworks specifically, the Commonwealth Risk Management Policy (CRMP) requires the accountable authority to endorse an entity’s risk management policy and framework. Corporate Commonwealth entities, such as AIMS, are not required to comply with the policy but should review and align their risk management frameworks and systems with the policy as a matter of good practice. In AIMS, the board is responsible for determining risk appetite and the executive team is responsible for the review and approval of the risk framework. Given this, when reviewing the policies it reviews and endorses, the board should consider aligning its approval of the AIMS risk management framework and systems with the CRMP policy.

Are board members provided with appropriate induction?

2.30 Upon induction, board members are provided with a range of appropriate information. This includes:

  • a high level overview of the role of the AIMS board, which includes references to the AIMS Act and PGPA Act;
  • information on remuneration, annual fee increases, meetings and travel arrangements; and
  • selected documents (for example, the corporate plan, annual report, Financial and Contract Delegations Policy, AIMS risk management framework, health and safety framework, fraud control plan, deed of confidentiality and intellectual property and code of conduct).

2.31 All board members indicated to the ANAO that they were satisfied with the information provided at induction.

Has the board set expectations for reporting to it by management?

2.32 The board has set expectations for reporting to it by management through occasional discussions at board meetings, including in the meeting evaluations discussed in paragraph 2.34. Management reports to the board through standing agenda items and a standard format for presenting papers that has evolved over time. ANAO discussions with board members indicated that when changes are requested, management is responsive.

Opportunities for improvement

2.33 The corporate governance reviews discussed in chapter 1 of this audit report have consistently highlighted the importance of holding management to account. There is an opportunity for the AIMS board to formally set expectations for reporting to it by management through a board charter. This could assist in ensuring that the board and management have a shared understanding of the board’s requirements and can assist the board in meeting its obligations as an accountable authority.

Is board performance collectively and individually assessed?

2.34 The ANAO was advised that during the period examined by this audit there had not been a formal assessment of the performance of the board either collectively or individually except for the CEO.57 The performance of the CEO, who is also a board member, was formally assessed in September 2018 approximately a year after his appointment.58 The board evaluates each meeting and records details in the meeting minutes. This is a practice that other entities could consider adopting.

2.35 The AIMS audit committee completed self-assessments of performance in November 2016 and November 2017.59 The results of the self-assessments were included in the papers provided to the AIMS board and board meeting minutes indicated that the outcomes of the assessments were noted by the board.

Opportunities for improvement

2.36 Periodically evaluating board performance can enable a board to reflect on its operations and assess whether it has effectively met its purpose, objectives and obligations. This should include assessing performance in terms of the performance and conformance elements discussed in paragraph 1.4 of this report. Lessons learned from this process can assist the board in setting priorities and goals and contribute to enhancing overall board and organisational effectiveness. Documenting the process, performance criteria, outcomes, and any actions taken in response to issues identified can also assist in ensuring accountability and transparency. Boards could also consider reporting in their annual report that a performance evaluation has been undertaken, insights it has gained from the evaluation and any governance changes it has made as a result.

Does the board establish arrangements and expectations in relation to the board secretariat?

2.37 The AIMS Act does not include requirements relating to secretariat arrangements. The Executive Assistant to the COO performs the role of board secretary at meetings. AIMS advised that the role is formalised in the officer’s performance agreement. The Executive Assistant to the CEO organises all logistics for board meetings including travel and events. The AIMS board secretariat advised that papers are distributed one week prior to the board meeting. Interviews with board members indicate satisfaction with secretariat arrangements including the timely provision of papers, accuracy and level of detail recorded in minutes and general assistance to board members.

Are all meetings minuted and do minutes record all decisions made and action to be taken?

2.38 The ANAO reviewed minutes of board meetings held from July 2016 until December 2018. Actions arising are presented as a separate paper along with the minutes, and minutes also clearly indicate board actions, such as Accepted, Noted and Agreed.

Do board meeting papers include draft minutes of previous meetings for board approval?

2.39 Draft meeting minutes for the last board meeting are included in the papers for the next board meeting.60 The board notes any changes and agrees to adopt the minutes as a true and accurate record of the previous meeting. The board Chairperson then signs and dates the minutes as a true and correct record of proceedings. Board members advised that they were satisfied with the minutes.

Has the board established procedures to handle decisions without meetings?

2.40 Sometimes it is necessary for boards to approve and action issues outside of scheduled meeting times. To effectively manage these instances it is useful to have established a process to support the making and recording of board decisions. The AIMS board has established a “flying minute” process to enable decisions without meetings. Flying minutes are sent out of session, the decision is made, and the minutes are ratified at the next board meeting.

2.41 AIMS advised that board members communicate on board business through a variety of channels including private email. Board members and the entity should be cognisant of the need to ensure that information relating to the entity is handled and maintained in accordance with applicable Commonwealth information security and record keeping requirements. These requirements apply to communication channels such as emails, which are official records.

Is reporting of performance results listed as an agenda item at each meeting?

2.42 At each meeting the board is provided with a corporate performance report that includes reporting of performance against the Corporate Plan performance criteria. Board meeting minutes indicate ongoing monitoring and discussion by the board of entity performance.

Is the board provided with information to assist members to gain a good understanding of the entity’s strategic environment and risks?

2.43 The board established a risk management framework in 2007. Within the framework, the board is responsible for determining risk appetite and the CEO is accountable to the board for the implementation of the framework and is responsible for the management of risk. The executive team are responsible for review and approval of the framework. The Risk Management Framework document was presented to the board in December 2016 and November 2018 for the purpose of approving the risk appetite statement. Information on various risks is included in board papers and minutes from board meetings indicate discussion relating to risks at each board meeting. Board meetings include risk management as a standing agenda item.

2.44 The AIMS audit committee regularly reviews the corporate risk register as a standing agenda item. The corporate risk register is not reviewed by the board. The corporate risk register should be regarded as a living document which the board actively reviews on an ongoing basis to drive the management of risk and the controls framework. Risks reported to the board are the ‘hot risks’. AIMS management advised these are emerging risks or where the status of a current risk had changed. Some of these risks are related to the strategic risks in the corporate register, but there is no explicit discussion of the relationship between the two sets of risks in the board papers.

2.45 Board members come from a range of backgrounds that would support an understanding of the strategic environment. Board members are also provided the opportunity to visit different sites through rotating board meeting locations.

2.46 In December 2017 the board received a Strategic Context discussion paper, to support the board in participating in the refresh of the AIMS strategy. There was evidence of active engagement by the board in strategic planning including in relation to the release of the AIMS Strategy 2025. This strategy articulates the AIMS values (safety, collaboration, passion, integrity, innovation, respect and environment) and is a key way of expressing the desired culture within the entity. AIMS management advised the ANAO that AIMS has mature processes in place for performance assessment, and the natural progression is to encourage certain behaviours. As part of this process AIMS management advised that it had established a leadership and culture program. The program is intended to enable AIMS to determine the existing culture within AIMS, the desired culture and take steps to shift culture as necessary. AIMS management further advised that the board is aware of the leadership and culture program, although it has not been presented to the board as one discreet piece of work.

2.47 Overall the board is provided with information to enable members to have a good understanding of the AIMS strategic environment and risks.

Opportunities for improvement

2.48 There is an opportunity for the board to actively review the risk register and use it to drive the management of risk and the controls framework. Better aligning the strategic risks reported to the board with the strategic risks recorded in the corporate risk register would assist this process.

In establishing the audit committee has the board considered structure, composition, size, skills and independence of mind of members to enable the committee to be effective, and has the board established an audit charter outlining key requirements?

2.49 The AIMS audit committee’s charter demonstrates the board’s consideration of these issues. The AIMS audit committee consists of three members, including a Chairperson who is also a board member, another board member, and one person who is not a board member or an employee of AIMS, consistent with the requirements of the charter. The charter, which is approved by the board, requires committee members, collectively, to have a broad range of skills and experience relevant to the operations of AIMS. At least one member of the committee is required to have accounting or related financial management experience and an understanding of accounting and auditing standards in a public sector environment. The charter outlines the committee’s responsibilities relating to financial reporting, performance reporting, systems of risk oversight and management, and systems of internal control. The audit committee charter allows internal audit to attend meetings, as determined by the Chairperson, and the external auditor (ANAO) is invited to all committee meetings. The audit committee Chairperson advised the ANAO that the audit committee considers it has had the necessary access to all relevant information.

Is there an internal audit function that provides assurance to the board and does the board have oversight of internal audit and the entity’s response to internal audit findings and recommendations?

2.50 AIMS has an outsourced internal audit function. There were 11 internal audits during the period reviewed covering topics related to finance, risk, work health and safety, governance, fraud, and information and communications technology. All internal audit reports were provided to the audit committee. The audit committee monitors a register of matters identified by internal audit and implementation by management. This includes details of the recommendations, management’s response to findings, and management actions although it is not always clear from the response whether or not each recommendation has been agreed.

2.51 Audit committee matters is a standing agenda item at board meetings, and involves presentation of audit committee minutes. There is no record that internal audit reports have been provided to the board and internal audit has not directly reported to the board. However, internal audit is a standing agenda item at audit committee meetings, and the minutes provided to the board include updates on internal audit. With the exception of two cases, it was clear from the audit committee minutes what the internal audit recommendations were, and management’s response to the recommendations.

2.52 The audit committee reviews and recommends the internal audit work plan to the board, who have provided approval.61 The board received assurance from the audit committee that AIMS risks have been considered in developing the internal audit plan.62 The audit committee also receives an annual internal audit report from the internal audit provider, which summarises the findings from the previous year’s program. The audit committee provides an annual audit committee report to the board, which includes a high level summary of internal audit matters.

2.53 Overall the board, through its audit committee, has oversight of the internal audit function and management’s response to internal audit findings and recommendations.

3. AIMS board arrangements to oversight compliance with key legislative and other requirements

Areas examined

This chapter examines whether the board established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

Conclusion

The board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

Recommendation

The ANAO made one recommendation aimed at improving the Australian Institute of Marine Science’s compliance with the Public Governance, Performance and Accountability Rule 2014.

Areas for improvement

The ANAO also made a number of suggestions for improvement including in relation to:

  • the board having a role in approving the Financial and Contract Delegations Policy;
  • including details of the basis of assurance in annual compliance certification summaries;
  • the board establishing Accountable Authority Instructions;
  • updating the Financial and Contract Delegations Policy to reflect legislative requirements; and
  • the board considering the Entertainment and Hospitality Policy, including its implications for board members.

Has the board established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements?

The board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

3.1 The ANAO examined whether the Australian Institute of Marine Science’s (AIMS) board had established fit-for-purpose arrangements to ensure oversight of and compliance with:

  • Ministerial Statements of Expectations and entity Statements of Intent (if applicable);
  • selected parts of the entity’s enabling legislation; and
  • selected parts of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) relating to: duties of accountable authorities; duties of officials; the corporate plan; financial statements; annual report and audit committees.

3.2 The results of the ANAO’s assessment against each of these requirements and any suggestions for improvement are outlined below.

Oversight of, and compliance with, Statement of Expectations and Statement of Intent

3.3 Sometimes entities are provided with a Statement of Expectations from their Minister. These statements generally outline the Minister’s key priorities and set out the Government’s expectations for the entity, including the priorities it is expected to observe in conducting its operations. Entities then respond to their Minister as to how they intend to deliver the identified priorities through a Statement of Intent.63

3.4 On 4 June 2015 the Minister for Industry and Science provided AIMS with a Statement of Expectations, outlining the Minister’s expectations in relation to policy, partnerships and collaboration, assets and staff, and communication with the Minister and the portfolio department. In response, on 20 August 2015, the AIMS board Chairperson wrote to the Minister outlining AIMS’ Statement of Intent. Board papers and minutes reflect AIMS awareness that it is waiting on a new Statement of Expectations.

3.5 The Statement of Expectations and Statement of Intent are on the AIMS website. AIMS refers to the Statement of Expectations in its 2017–18 and 2018–19 corporate plans. In addition, AIMS annual reports from 2015–16 to 2017–18 have outlined its delivery against the Statement of Expectations. The board, as accountable authority, has oversight of and approves AIMS annual reports and corporate plans. Based on this high-level review, the AIMS board has demonstrated that it has a process in place to have regard to the Statement of Expectations.

Oversight of, and compliance with, elements of enabling legislation

3.6 Under the AIMS Act, the Chief Executive Officer (CEO) is responsible for managing the affairs of AIMS subject to the general direction of the board. The ANAO’s assessment of the AIMS board’s oversight of, and compliance with, selected key requirements of the AIMS Act is outlined below.

3.7 In terms of how the board oversights compliance with the requirements of its enabling legislation, and with other legislative and policy requirements, the process is largely the same as for compliance with the PGPA Act which is discussed further in Table 3.2. The annual certification of compliance process, overseen by the audit committee, includes requirements related to the PGPA Act, the AIMS Act and various other legislative and policy requirements. In terms of ensuring the list of legislative and policy requirements is complete and accurate, the AIMS Schedule of Compliance with Legislation & Policies document states that that the Department and Finance (Finance):

normally consult the Chairman of AIMS Council on proposed legislative amendments, new government policies and material changes to existing policies and guidance materials which impact AIMS. Management responds to these by implementing appropriate changes to AIMS’ procedures and policies in consultation with AIMS Council.

3.8 The annual compliance statement does not include details of what AIMS does to ensure it is compliant, other than including a broad description of the administrative process of receiving advice and making changes to policies. Including details of the basis of assurance, for example, what controls are in place and how they are tested, would assist board members gain a greater understanding of the robustness of internal controls supporting legal compliance. Without such information the potential exists for board members to have a gap in their understanding of AIMS compliance processes.

3.9 In addition to obtaining assurance from the annual certification process overseen by the audit committee, board members advised the ANAO (as discussed further in Table 3.2) that they gain assurance on legal compliance from their individual and collective experience in reviewing management reports, questioning entity management and their knowledge of the policies, procedures and processes in place that support compliance.

3.10 Board papers in December 2017 included details of an instance of non-compliance with legislation.64 The board and the audit committee, including in subsequent meetings, discussed the non-compliance and the incident triggered an additional internal review of compliance with legislation. Minutes from an audit committee meeting in February 2018 indicate that the forward internal audit program was developed with attention to non-compliance risk.

Oversight of, and compliance with, selected PGPA Act requirements

3.11 The PGPA Act sets out requirements for the governance, reporting and accountability of Commonwealth entities. The PGPA Act is principles based and the accountable authority has the flexibility to establish the systems and processes that are appropriate for their entity. Finance provides entities with guidance on how to meet the various requirements of the PGPA Act including providing examples of how entities can demonstrate compliance.

3.12 The ANAO examined whether the AIMS board established fit-for-purpose arrangements for oversight of, and compliance with, the following parts of the PGPA Act and PGPA Rule relating to corporate governance:

  • general duties of an accountable authority;
  • duties as an official; and
  • specific requirements relating to corporate plans, annual reports and the audit committee.
General duties as an accountable authority

3.13 The general duties imposed on an accountable authority, which are considered in the following section, are to:

  1. govern the Commonwealth entity (section 15);
  2. establish and maintain appropriate systems relating to risk management and oversight and internal controls (section 16);
  3. encourage officials to cooperate with others to achieve common objectives (section 17);
  4. take into account the effects of imposing requirements on others (section 18); and
  5. keep their Minister and the Finance Minister informed (section 19).65
    (a) Duty to govern the Commonwealth entity (section 15)

    3.14 Finance guidance states that governing an entity includes:

    • promoting the proper (efficient, effective, economical and ethical) use and management of the public resources;
    • promoting the achievement of the purposes of the entity;
    • promoting the financial sustainability of the entity;
    • taking account of the effect of decisions on public resources generally; and
    • establishing appropriate systems of risk management and internal control, including measures directed at ensuring officials comply with the finance law (such as accountable authority instructions and delegations).66

    3.15 The ANAO’s assessment in relation to the AIMS board’s requirement to govern is outlined in Table 3.1.

    Table 3.1: Duty to govern the entity (PGPA Act section 15)

    Finance guidance

    ANAO observations and opportunities for improvement where applicable

    To address requirements relating to promote the proper (efficient, effective, economical and ethical) use and management of public resources. This can include establishing:

    • robust decision-making and control processes for the expenditure of relevant (public) money; and
    • appropriate oversight and reporting to address inappropriate use of resources by officials.

    Promote the achievement of the entity’s purposes. This includes:

    • ensuring the entity’s corporate plan sets out the purposes of the entity and the activities the entity will engage in to achieve those purposes; and considered all sources that contribute to defining the objectives of the entity, e.g. key government priorities and objectives and
    • establishing appropriate oversight and reporting arrangements for programs and activities in the entity.

    Promote financial sustainability by managing the risks, obligations and opportunities relevant to their entity.

    Take account of the effect of decisions on public resources generally.

    Establish appropriate systems of risk management and internal control (discussed in more detail in Table 3.2).

    Observations

    Upon induction, AIMS board members are provided with information outlining the role of the board and its principal functions and responsibilities including governance and a range of AIMS policies.

    As discussed in paragraph 2.12, the board delegated the CEO to be the authoriser for the Financial and Contract Delegations Policy that sets out requirements for expenditure of public money. The policy includes financial delegations and delegations related to its enterprise agreement, health, safety and environment, general administrative functions, project approval and purchasing.

    AIMS has established a range of policies and procedures that support governance, the proper use of resources and appropriate behaviours. This includes a declaration of interest protocol, which the board is responsible for approving, and a code of conduct, gifts and benefits register, and entertainment and hospitality policy, which the executive team is responsible for approving.

    AIMS has established an audit committee. The committee monitors policies and procedures and oversees an annual compliance process.

    A declaration of interests register is presented at each board meeting. AIMS has a declaration of interests protocol that outlines guidance for disclosures. This protocol is not in the board induction pack, although it was formally reviewed by the board in December 2018.

    The board reviewed and approved the AIMS 2018–19 corporate plan, which sets out the purpose of AIMS and the activities it undertakes to achieve its purpose. The plan refers to the AIMS Act, PGPA Act and Statement of Expectations and Statement of Intent.

    The AIMS Strategy 2025 released in August 2018 describes key research and development priorities for the next seven years. It also contains targets to track progress towards meeting its objectives. These targets differ from the key performance indicators included in the AIMS 2018–19 corporate plan which are also intended to show progress in achieving its purpose. AIMS management advised this was a timing issue and will be rectified as part of the next performance cycle.

    Board meeting papers and minutes provide evidence of oversight of various AIMS activities. Board papers contain details of declarations of interests, minutes from the previous meeting, actions arising, ministerial correspondence and briefings, board correspondence and health, safety and environment issues. They also contain a CEO report and reports on corporate performance, financial management, external revenue, audit committee matters, research reports, support services reports, government relations, risk management, business development and a range of other information. The reports on corporate performance include performance against corporate plan performance criteria.

    Financial risks are recorded in the AIMS risk register and the board receives financial management and external revenue informationa in board papers.

    The board receives reports involving systems related to risk management and internal control (discussed in more detail in Table 3.2).

    Board members have advised that they gain assurance on compliance from their individual and collective experience in reviewing management reports, questioning entity management and their knowledge of the policies, procedures and processes in place that support compliance.

    Opportunities for improvement

    The AIMS 2018–19 Corporate Plan did not meet all minimum requirements of the PGPA Rule. Specifically the plan did not address each of the four reporting periods covered by the plan in each of the environment, performance, capability and risk oversight and management systems sections of the corporate plan. In addition, the plan did not clearly identify AIMS’ purpose. Entities were first required to publish corporate plans by 31 August 2015. After four cycles AIMS should ensure its next corporate plan meets the minimum requirements outlined in the PGPA Rule.

    The board could take a more active role in review of the Financial and Contract Delegation policy.

       

    Note a: For example, philanthropic and/or co investment in research projects.

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019] and ANAO analysis.

    Recommendation no.1

    3.16 The Australian Institute of Marine Science ensure its corporate plan meets all the minimum requirements of the Public Governance, Performance and Accountability Rule 2014.

    Australian Institute of Marine Science response: Agreed.

    3.17 AIMS will ensure full compliance with PGPA Rule 2014 when AIMS prepares its next Corporate Plan.

    (b) Duty to establish and maintain appropriate systems relating to risk management and oversight and internal controls (section 16)

    3.18 The ANAO’s assessment in relation to the AIMS board’s requirement to establish appropriate systems of risk management and oversight and internal control is outlined in Table 3.2.

    Table 3.2: Duty to establish and maintain appropriate systems relating to risk management and oversight and internal controls (PGPA Act section 16)

    Finance guidance

    ANAO observations and opportunities for improvement where applicable

    To address requirements relating to risk management and oversight entities can:

    • establish an appropriate risk management framework to identify and manage risk
    • delegate or authorise officials to exercise functions and powers;
    • establish an audit committee; and
    • develop a fraud control framework.

    Observations

    As discussed in paragraph 2.43, the board established a risk management framework in 2007. Within the framework, the board is responsible for determining the AIMS risk appetite and the CEO is accountable to the board for the implementation of the framework and responsible for the management of risk. The executive team are responsible for the review and approval of the framework. The Risk Management Framework document was presented to the board in December 2016 and November 2018 for the purpose of approving the risk appetite statement. Information on various risks is included in board papers and minutes from board meetings indicate extensive discussion relating to risks at each board meeting. Board meetings include risk management as a standing agenda item.

    As discussed in paragraph 2.12 and Table 3.1, AIMS has a Financial and Contract Delegations Policy that includes financial delegations and delegations related to its enterprise agreement, health safety and environment, general administrative functions, project approval and purchasing. The CEO approves this policy.

    AIMS has an audit committee and its charter sets out, amongst other things, its purpose, responsibilities, functions and membership requirements. The committee meets quarterly and reviews risk oversight and management and internal controls. The audit committee reviews the corporate risk register at each meeting. The audit committee reports back to the board at each board meeting and copies of the audit committee minutes are included in board papers for review and discussion.

    The audit committee reviews a Policies and Procedures status report which details, among other things, when polices are due for renewal and who is responsible for updating them. The audit committee also has a role in reviewing and providing assurance on performance criteria contained in the corporate plan.

    AIMS has established a Schedule Of Compliance With Legislation & Policies document which lists a range of legislation and policies that apply to AIMS. It also identifies the officer/s with primary responsibility for compliance. As part of the annual financial statements process, senior AIMS staff — including the CEO, Chief Financial Officer (CFO), Corporate Services Manager, Chief Operating Officer (COO) and Research Manager — certify they have complied with legislative and policy requirements. The AIMS board receives a list of who has completed this certification process. The audit committee also oversees this process. There is some evidence of how instances of non-compliance are identified outside of the annual compliance process, as discussed in paragraph 3.10.

    AIMS has a current fraud control plan, approved by the board, which is included in the board induction pack and fraud risk features in the AIMS risk management framework. Minutes from board meetings also indicate that fraud has been discussed at board meetings.

    Prior to signing the financial statements the board receive certification from the CEO, CFO, and COO that there is an effective system of risk oversight and control, through a signed statement of compliance.

    Board members advised that, among other things, they gain assurance on the appropriateness of risk management and internal controls from their individual and collective experience in reviewing management reports, questioning entity management and their knowledge of the policies, procedures and processes in place at AIMS.

    Opportunities for improvement

    As discussed in paragraph 2.48, there is an opportunity for the board to take a more active role in reviewing the corporate risk register.

    As discussed in paragraph 3.8, the annual legal compliance certification process could include details of the basis of assurance, for example, what controls are in place and how they are tested. This would assist board members gain a greater understanding of the robustness of internal controls supporting legal compliance.

       

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, engaging with risk and establishing controls section [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019] and ANAO analysis.

    (c)–(e) Duty to encourage officials to cooperate with others to achieve common objectives (section 17); take into account the effects of imposing requirements on others (section 18); and keep the Minister and the Finance Minister informed (section 19)67

    3.19 The ANAO undertook a high-level review of the AIMS board’s oversight of, and compliance with, these requirements. The ANAO’s assessment is outlined in Table 3.3.

    Table 3.3: Duty to cooperate, consider requirements on others and keep Ministers informed (PGPA Act sections 17–19)

    Finance guidance

    ANAO observations and opportunities for improvement where applicable

    To encourage cooperation, consider requirements on others and keep Ministers informed entities can:

    • encourage officials to identify opportunities to cooperate with others, within or external to government to achieve common objectives where practicable;
    • take a proportional, risk-based approach to imposing administrative burdens on other parties that work with government; and
    • keep relevant Ministers informed of the activities of the entity and provide their Minister and the Finance Minister with any reports, documents and information they require about those activities.

    Observations

    Reporting to the AIMS board includes information relating to working/collaborating with others including through external co-investment with stakeholders and partners. AIMS demonstrates consideration of various risks associated with performing its functions, including stakeholder engagement.

    AIMS demonstrates a focus on a range of stakeholders in its corporate plan, its Strategy 2025 document, through reporting to the board and the board’s regular engagement with stakeholders via its stakeholder functions held in conjunction with board meetings.

    Board papers, minutes of board meetings, the AIMS risk management framework and AIMS suite of delegations, policies and procedures indicate that AIMS regularly takes a risk based approach to its activities. The AIMS risk appetite statement, endorsed by the board, addresses risks relating to strategic partnerships. This sets the parameters for risk management — that partnerships need to be managed on a professional and low risk basis.

    The Minister is provided with the AIMS corporate plans and annual reports. Board meetings have Ministerial correspondence and any notification to the Minister of significant events as a standing agenda item. This mechanism supports all board members being aware of all Ministerial correspondence.

    Board members advised that the AIMS board has actively engaged in developing and maintaining relationships with its various Ministers.

       

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, working with others and supporting ministers sections [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019] and ANAO analysis.

    General duties as an official

    3.20 In addition to the general duties for an accountable authority, the PGPA Act outlines duties applicable to all officials (which include the accountable authority). Officials are required to exercise a duty:

    3.21 Officials also have a responsibility to:

    • comply with the finance law;
    • comply with the governance arrangements in the entity, for example, internal controls on the proper use and management of public resources; and
    • meet high standards of governance, performance and accountability.69

    3.22 Officials who breach their duties or responsibilities under the PGPA Act can be subject to employment sanctions (including termination of appointment for board members) or criminal sanctions for intentional or serious misuse of public resources. For more details of the duties that apply to all officials under the PGPA Act, refer to Appendix 3 of this audit report.

    3.23 The ANAO’s assessment in relation to the AIMS board’s oversight of, and compliance with, the requirements of officials is outlined in Table 3.4.

    Table 3.4: General duties as an official (PGPA Act sections 25–29)

    Duty and Finance guidance

    ANAO observations and opportunities for improvement where applicable

    Duty to act with the degree of care and diligence that a reasonable person would exercise if the person had the same responsibilities as you (section 25).

    Establish guidance that sets out the need for officials to comply with the requirement. This can include establishing guidance that outlines that officials have to act with care and diligence and that there are sanctions if they do not. For example officials spending relevant (public) money will need to ensure that they have at least had due regard to guidance and their entity’s internal procedures.

    Observations

    AIMS has a code of conduct which is authorised by the executive team, and applies to the board, staff, visitors, external contractors and parties that have entered into arrangements with AIMS to participate in AIMS activities. The code requires people to discharge their duties with the highest degree of skill, care, diligence, efficiency and impartiality. Failure to apply the standards set out in the code can result in disciplinary action. The code of conduct is included in the board induction pack.

    Accountable Authority Instructions (AAIs), although not mandatory, are a common mechanism entities use to assist officials to understand their duties and responsibilities. AAIs can contain links to relevant legislative requirements, guidance material, authorisations and other instructions. AIMS advised it does not have AAIs. The AIMS Act states that subject to the general direction of the Council, the CEO shall manage the affairs of the Institute. The AIMS Financial and Contract Delegations Policy (which applies to any person expending AIMS money or signing agreements on behalf of AIMS) requires that ‘all expenditure must be in alignment with the proper use and management of public resources principles stipulated under the PGPA Act.’a This policy is included in the board induction pack.

    AIMS has a range of other policies and procedures that are reviewed periodically and outline requirements for officials to follow. The schedule of that review is monitored by the audit committee and AIMS advised that key changes for each policy are also advised to the audit committee. The board receives reports from the audit committee as a standing agenda item.

    1. The AIMS Strategy 2025 document outlines the AIMS values (safety, collaboration, passion, integrity, innovation, respect and environment).

    Opportunities for improvement

    There is an opportunity for the AIMS board to consider establishing AAIs and/or approving the Financial and Contract Delegations Policy currently authorised by the CEO.

    AIMS should ensure its delegations policy clearly reflects legislative requirements.

    Duty to act honestly, in good faith and for a proper purpose (section 26)

    Establish guidance that sets out the need for officials to comply with the requirement. This can include the requirement for an official to manage or use public resources in a proper (efficient, effective, economical and ethical) manner.

    Observations

    The AIMS code of conduct includes the requirement to never provide false or misleading information, and discharge with the highest degree of skill, care, diligence, efficiency and impartiality the duties and responsibilities required to be performed, and avoid waste or extravagance in the use of AIMS resources.

    The AIMS Financial and Contract Delegations Policy (referred to above) applies to any person expending AIMS’ money or signing agreements on behalf of AIMS. It requires that expenditure be in alignment with the proper use and management of public resources principles stipulated under the PGPA Act.

    Duty not to misuse position to gain, or seek to gain, a benefit or an advantage for yourself or any other person (section 27)

    Establish guidance that sets out the need for officials to comply with the requirement. This can include providing guidance that misusing a position can include using the entity’s property or information or taking advantage of opportunities that arise by virtue of the official’s employment with the entity.

    Observations

    AIMS has a code of conduct, Intellectual Property Policy, and Fraud Control Plan that relate to this duty.b These policies are provided to board members on induction.

     

    Duty not to misuse information to cause or seek to cause, detriment to your entity, the Commonwealth or any other person (section 28)

    Establish guidance that sets out the need for officials to comply with the requirement. This can include guidance that people do not cause, or seek to cause, detriment to the Commonwealth entity that employs or employed them, to the Commonwealth more broadly or any other person.

    Observations

    The AIMS board member induction pack includes the AIMS Code of Conduct and Intellectual Property Policy. The Code of Conduct includes a requirement to refrain from engaging in any activity, or be responsible for any act or omission, that could be detrimental to AIMS. The Intellectual Property Policy provides a framework for AIMS to manage intellectual property and requires AIMS staff to sign a deed of confidentiality. Deeds of confidentiality and intellectual property are signed by board members.

    The Intellectual Property Policy and Fraud Control Plan are both authorised by the board, and the Code of Conduct is authorised by the executive team.

    Audit committee and board meetings include declaration of interests as a standing agenda item.

    Duty to disclose material personal interests (section 29)

    Establish guidance that sets out the need for officials to comply with the requirement. This can include guidance that people do not cause, or seek to cause, detriment to the Commonwealth entity that employs or employed them, to the Commonwealth more broadly or any other person.

    Observations

    The board member induction pack includes the AIMS Code of Conduct, which includes guidance around conflict of interest.

    Declaration of interests is a standing agenda item at board meetings. The board papers include a table with details of each board member’s interests. This includes information on the company, location, nature of the business, when the business was established, whether it is public or private, position held and period the position has been held.

    The audit committee agenda includes declaration of interests as a standing agenda item.

    The Audit Committee Charter requires members to declare any conflicts at the start of each meeting with material personal interests declared, and actions taken, to be appropriately recorded in the minutes.

    AIMS has an Entertainment and Hospitality Policy that requires gifts offered to be declared, and has a gifts and benefits register used by staff. The policy does not apply to board members, is authorised by the executive team, and has not been reviewed or approved by the board. Board members are aware of the policy but advised they did not consider it likely that they will be offered any gifts.

    Opportunities for improvement

    There is an opportunity for the board to consider the Entertainment and Hospitality Policy, including its implications for board members.

       

    Note a: The wording of the policy suggest the requirements for proper use and management of public resources are principles when they are legal requirements.

    Note b: The AIMS Intellectual Property Policy was out of date. AIMS advised that it is under an ongoing review following the release of the Privacy APP Code 2017.

    Source: Department of Finance, General duties of officials-RMG 203 [Internet], Department of Finance, January 2018, available from https://www.finance.gov.au/resource-management/accountability/officials/ [accessed March 2019] and ANAO analysis.

    Specific requirements relating to corporate plans, annual reports and audit committee

    3.24 The PGPA Act and PGPA Rule set out a number of specific requirements relating to an entity’s corporate plan, annual report, performance and financial statements and audit committee. For more details, refer to Appendices 4 to 6 of this audit report.

    3.25 The ANAO’s assessment of the AIMS board’s oversight of, and compliance with, selected key requirements is outlined in Table 3.5. For the purpose of this report, the most recent applicable document is discussed.

    Table 3.5: Board oversight of, and compliance with, selected PGPA Act requirements

    PGPA Act or PGPA Rule requirement

    ANAO observations and opportunities for improvement where applicable

    Corporate plan (section 35 PGPA Act and section 16 E PGPA Rule)

    Prepare a corporate plan for the entity, provide the plan to the responsible Minister and Finance Minister; and the plan must meet the requirements prescribed in the PGPA Rule.

    Observations

    There is evidence of board discussion and approval of the AIMS 2018–19 corporate plan. The plan does not meet the minimum requirements of the PGPA Rule. Specifically, the plan did not address each of the four reporting periods covered by the plan in each of the environment, performance, capability and risk oversight and management systems section of the corporate plan. In addition, the plan did not clearly identify the entity’s purpose.

    AIMS provided its plan to the responsible Minister and the Finance Minister.

    Board minutes from March 2018 indicated that, consistent with its prerogatives, the board advised management that timeframes for approval of the previous annual report and corporate plan were unacceptably tight.

    Opportunities for improvement

    As discussed in Table 3.1 entities were first required to publish corporate plans by 31 August 2015. After four cycles AIMS should ensure its next corporate plan meets the minimum requirements outlined in the PGPA Rule.

    Annual report (sections 39, 42 and 46 PGPA Act)

    After the end of each reporting year, you must prepare an annual report for your entity that includes:

    • annual performance statements (section 39 of the PGPA Act); and
    • audited annual financial statements (section 42 of the PGPA Act).

    Unless otherwise provided by legislation, you must provide your entity’s annual report to your Minister by the 15th day of the fourth month after the end of the reporting period for your entity for tabling in Parliament by your Minister.

     

    Observations

    AIMS prepared an annual report for 2017–18 and the board approved it.

    The annual report included annual performance statements signed by the Chairperson of the AIMS board.

    The board receives a recommendation from the audit committee that the draft financial statements be accepted.

    The Chairperson of the AIMS board, the CEO and the CFO signs the AIMS financial statements and a copy of the audited financial statements is included in the AIMS 2017–18 annual report.

    The AIMS annual report for 2017–18 was provided to the responsible Minister by the required date.

    Audit committee (section 45 of PGPA Act and section 17 of the PGPA Rule)

    An audit committee must be established and perform functions prescribed by the PGPA Rule.

    Observations

    AIMS has an audit committee and audit committee matters is a standing agenda item at board meetings. Minutes of audit committee meetings are provided to the board and the board also receives verbal updates from the Chairperson of the audit committee.

    The audit committee has a charter that outlines its functions. These include reviewing the appropriateness of the AIMS’ financial reporting; performance reporting; system of risk oversight and management; and system of internal control. The charter is approved by the board.

    The AIMS audit committee consists of three members. Two members of the audit committee are also members of the AIMS board. The third member of the audit committee is neither a board member nor an employee of AIMS. The ANAO has been advised that the three members have the appropriate qualifications, knowledge, skills or experience to assist the audit committee to perform its functions.

    The audit committee is required to conduct a self-assessment every two years. The most recent audit committee self-assessment was conducted in November 2017, and the findings were reported to the board in December 2017.

       

    Note: The ANAO did not examine the quality of the corporate plan, annual report, performance statement or financial statements.

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities)-RMG 200, Improving performance and accountability; and Governing your entity [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019], and ANAO analysis.

    Appendices

    Appendix 1 Entity response

    Entity response page 1

    Entity response page 2

    Appendix 2 General duties as an accountable authority

    General duties as an accountable authority

     

    Section of

    PGPA Act

    Duty to govern the entity

     

    1. The accountable authority of a Commonwealth entity must govern the entity in a way that:
      1. promotes the proper (efficient, effective, economical and ethical) use and management of public resources for which the authority is responsible; and
      2. promotes the achievement of the purposes of the entity; and
      3. promotes the financial sustainability of the entity.
    2. In making decisions for the purposes of subsection (1), the accountable authority must take into account the effect of those decisions on public resources generally.

    15

    Duty to establish and maintain appropriate systems relating to risk management and oversight and internal controls

    The accountable authority of a Commonwealth entity must establish and maintain

    1. an appropriate system of risk oversight and management for the entity; and
    2. an appropriate system of internal control for the entity;

    including by implementing measures directed at ensuring officials of the entity comply with the finance law.

    16

    Duty to encourage cooperation with others to achieve common objectives

    The accountable authority of a Commonwealth entity must encourage officials of the entity to cooperate with others to achieve common objectives, where practicable.

    17

    Duty to take into account the effects of imposing requirements on others

    When imposing requirements on others in relation to the use or management of public resources for which the accountable authority of a Commonwealth entity is responsible, the accountable authority must take into account:

    1. the risks associated with that use or management; and
    2. the effects of imposing those requirements.

    18

    Duty to keep responsible Minister and Finance Minister informed

    This includes keeping the responsible Minister informed of the activities of the entity and providing any reports, documents and information in relation to those activities as that Minister requires.

    19

         

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities)-RMG 200, Summary: Your general duties as an accountable authority [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    Appendix 3 General duties as an official

    General duties of an official

    Section of the PGPA Act

    You must exercise your powers, perform your functions and discharge your duties

    with the degree of care and diligence that a reasonable person would exercise if the person had the same responsibilities as you

    25

    honestly, in good faith and for a proper purpose

    26

    You must not improperly use your position, or information you obtain in that position, to

    gain, or seek to gain, a benefit or an advantage for yourself or any other person

    27

    cause, or seek to cause, detriment to your entity, the Commonwealth or any other person

    28

    You must disclose material personal interests that relate to the affairs of your entity and you must meet the requirements of the finance law.a

     

    29

         

    Note a: Finance law includes the PGPA Act and rules and instruments made under the PGPA Act, as well as Appropriation Acts, and the systems of risk management and internal control in their entity established by their accountable authority (including any delegations or authorisations).

    Source: Department of Finance, General duties of officials-RMG 203 [Internet], Department of Finance, January 2018, available from https://www.finance.gov.au/resource-management/accountability/officials/ [accessed March 2019].

    Appendix 4 Selected PGPA Act requirements

    PGPA Act or PGPA Rule requirement

    Section

    Corporate plan for Commonwealth entities

    Commonwealth entities

    1. The accountable authority of a Commonwealth entity must:
      1. prepare a corporate plan for the entity, at least once each reporting period for the entity; and
      2. give the corporate plan to the responsible Minister and the Finance Minister in accordance with any requirements prescribed by the rules.
    2. The corporate plan must comply with, and be published in accordance with, any requirements prescribed by the rules.
    3. If:
      1. a statement of the Australian Government’s key priorities and objectives is published under section 34; and
      2. the purposes of the Commonwealth entity relate to those priorities and objectives;

    then the corporate plan must set out how the activities of the entity will contribute to achieving those priorities and objectives.

    35

    Annual performance statements for Commonwealth entities

    1. The accountable authority of a Commonwealth entity must:
      1. prepare annual performance statements for the entity as soon as practicable after the end of each reporting period for the entity; and
      2. include a copy of the annual performance statements in the entity’s annual report that is tabled in the Parliament.
    2. The annual performance statements must:
      1. provide information about the entity’s performance in achieving its purposes; and
      2. comply with any requirements prescribed by the rules.

    39

    Annual financial statements for Commonwealth entities

    1. The accountable authority of a Commonwealth entity must:
      1. prepare annual financial statements for the entity as soon as practicable after the end of each reporting period for the entity; and
      2. give the statements to the Auditor-General as soon as practicable after they are prepared.
    2. The annual financial statements must:
      1. comply with the accounting standards and any other requirements prescribed by the rules; and
      2. present fairly the entity’s financial position, financial performance and cash flows.

    42

    Audit committee for Commonwealth entities

    1. The accountable authority of a Commonwealth entity must ensure that the entity has an audit committee.
    2. The committee must be constituted, and perform functions, in accordance with any requirements prescribed by the rules.

    45

    Annual report

    1. After the end of each reporting period for a Commonwealth entity, the accountable authority of the entity must prepare and give an annual report to the entity’s responsible Minister, for presentation to the Parliament, on the entity’s activities during the period.

      Note: A Commonwealth entity’s annual report must include the entity’s annual performance statements and annual financial statements (see paragraph 39(1)(b) and subsection 43(4)).
    2. The annual report must be given to the responsible Minister by:
      1. the 15th day of the fourth month after the end of the reporting period for the entity; or
      2. the end of any further period granted under subsection 34C(5) of the Acts Interpretation Act 1901.
    3. The annual report must comply with any requirements prescribed by the rules.
    4. Before rules are made for the purposes of subsection (3), the rules must be approved on behalf of the Parliament by the Joint Committee of Public Accounts and Audit.

    46

         

    Source: Public Governance, Performance and Accountability Act 2013

    Appendix 5 Extract of PGPA Rule 2014

    Appendix 5 page 1

    Appendix 5 page 2

    Appendix 5 page 3

    Source: Public Governance, Performance and Accountability Rule 2014.

    Appendix 6 Extract of PGPA Rule 2014 section 17

    Appendix 6 page 1

    Appendix 6 page 2

    Source: Public Governance, Performance and Accountability Rule 2014.

    Footnotes

    1 Section 12 of the Public Governance, Performance and Accountability Act 2013.

    2 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity, [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountabl... [accessed March 2019].

    3 Under the PGPA Act, the accountable authority of a Commonwealth entity may be a single person or group of persons (section 12). This total is based on the Department of Finance’s List of Commonwealth entities and companies under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) as at 28 August 2018. It includes those corporate Commonwealth entities that have a collective accountable authority and includes governing bodies which have the title of board, authority, commission, corporation, council, executive committee, or trust. The number of people for each entity was derived from the number of people included as the accountable authority in each entity’s 2018 annual report as at 30 June 2018.

    4 For full details of the general duties as an accountable authority, refer to Appendix 2 of this audit report.

    5 For full details of the general duties as an official, refer to Appendix 3 of this audit report.

    6 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, December 2016, Summary: Your general duties as an accountable authority [Internet], Finance, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    7 M Edwards and R Clough, Corporate Governance and Performance: An Exploration of the Connection in a Public Sector Context, Corporate Governance ARC Project, Paper No.1, January 2005, pp. 2–3.

    8Australian Institute of Marine Science Act 1972 [Internet], Federal Register of Legislation, January 2012, available at https://www.legislation.gov.au/Details/C2012C00037 [accessed March 2019].

    9 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019.

    10 N Owen, The Failure of HIH Insurance, The HIH Royal Commission, 4 April 2003 and the Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018.

    11 Section 12 of the PGPA Act.

    12 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity, Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    13 Under the PGPA Act, the accountable authority of a Commonwealth entity may be a single person or group of persons (section 12). This total is based on the Department of Finance’s List of Commonwealth entities and companies under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) as at 28 August 2018. It includes those corporate Commonwealth entities that have a collective accountable authority and includes governing bodies which have the title of board, authority, commission, corporation, council, executive committee, or trust. The number of people for each entity was derived from the number of people included as the accountable authority in each entity’s 2018 annual report as at 30 June 2018.

    14 For full details of the general duties as an accountable authority, refer to Appendix 2 of this audit report.

    15 For full details of the general duties as an official, refer to Appendix 3 of this audit report.

    16 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, December 2016, Summary: Your general duties as an accountable authority [Internet], Finance, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    17 Edwards M & Clough R., Corporate Governance and Performance: An Exploration of the Connection in a Public Sector Context, Corporate Governance ARC Project, Paper No. 1, January 2005, pp. 2–3.

    18 Ibid., pp. 4–5.

    19 Ibid., p. 14.

    20 N Owen, The Failure of HIH Insurance Volume 1: A Corporate Collapse and its Lessons, The HIH Royal Commission, 4 April 2003 (all references in this audit are to vol. 1 of the report).

    21 Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018.

    22 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019 (all references in this audit are to vol. 1 of the report).

    23 Examples of such audits, with particular reference to the importance of culture in risk management, can be found in G Hehir (Auditor-General), Strategic governance of risk: Lessons learnt from public sector audit, [Internet], Australian National Audit Office, August 2018, available from https://www.anao.gov.au/work/speech/strategic-governance-risk-lessons-learnt-public-sector-audit [accessed March 2019].

    24 APRA, Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018, p. 81.

    25 Ibid., p. 14.

    26 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019, pp. 393–94.

    27 Ibid., pp. 332–33. The Commissioner also commented at p. 384 that ‘the value of the [APRA] Inquiry goes beyond its application to CBA. The report provides a very valuable, publicly available account of the ways in which failings of culture, governance and remuneration can act as drivers of misconduct. And it explains how those problems can be addressed.’

    28 Ibid., p. 397.

    29 Ibid., p. 394.

    30 Ibid., pp. 398–99. For example, the Royal Commission reported at pages 394–96 on instances where the audit committee and/or governance board did not ask to see a copy of key audit reports, and did not challenge, or at least adequately challenge, management about why successive audit reports for the same issue over a period of years had all been rated ‘red’, or about management’s assurances that the matter was being dealt with.

    31 Ibid., p. 365.

    32 Ibid., p. 409.

    33 Ibid., p. 346.

    34 Ibid., p. 391. The Commissioner indicated at pages 376 and 379 that the recommendation built on the APRA prudential standard issued in January 2015, which requires the board of an APRA-regulated institution to, among other things, ensure that it: forms a view of the risk culture in the institution, and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite; identifies any desirable changes to the risk culture; and ensures the institution takes steps to address those changes. The Commissioner went on to state that: ‘Culture can—and must—be assessed by financial services entities themselves … that is a requirement of APRA’s prudential standards (at least in relation to ‘risk culture’). It is also common sense. Given the potential for aspects of an entity’s culture to drive misconduct, an entity must form a view of its own culture, identify problematic aspects of that culture, develop and implement a plan to change them, and then re-assess to determine whether it has succeeded’ (p. 376).

    35 Section 5, PGPA Act.

    36 Section 8, PGPA Act.

    37 See Box 1 of this audit report. Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities)-RMG 200 [Internet].

    38 ASX Corporate Governance Council, Corporate Governance Principles and Recommendations [Internet], ASX, February 2019, available from https://www.asx.com.au/regulation/corporate-governance-council.htm [accessed March 2019]. The fourth edition, released on 27 February 2019, includes recommendations on corporate culture and references guidance provided in a joint publication of the Institute of Internal Auditors-Australia, The Ethics Centre, the Governance Institute of Australia and Chartered Accountants Australia and New Zealand, Managing Culture: A good practice guide [Internet], the Institute of Internal Auditors Australia, First edition, December 2017, available from http://iia.org.au/sf_docs/default-source/default-document-library/424_managing-culture-a-good-practice-guide_v8.pdf?sfvrsn=2) [accessed March 2019].

    39 Australian Institute of Marine Science, Corporate Plan 2018–19, p. 3 [Internet], Australian Institute of Marine Science, 2018, available from https://www.aims.gov.au/documents/30301/23122/AIMS_18_19_CorporatePlan_10Aug_FINAL_lowres.pdf/69792c39-9b59-44f4-bede-d6f9d58f6cab [accessed March 2019].

    40 For the purpose of this report the accountable authority will be referred to as the AIMS board, the board or the Council.

    41Australian Institute of Marine Science Act 1972 [Internet], Federal Register of Legislation, January 2012, available at https://www.legislation.gov.au/Details/C2012C00037 [accessed March 2019].

    42 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019.

    43 N Owen, The Failure of HIH Insurance, The HIH Royal Commission, 4 April 2003 and the Australian Prudential Regulation Authority (APRA) Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018.

    44 The Department of Industry, Innovation and Science.

    45 For example, the Prime Minister’s Prizes for Science award day and the Science Meets Parliament Gala Event.

    46 Financial authorisation for all contracts (funding, expenditure and procurement) that were consistent with board approved business strategies and research plans, and approved budgets were set at the following level: CEO up to $2.5 million and the board above $2.5 million.

    47 In 2015 the board endorsed an AIMS management recommendation to increase the CEO financial authorisation to $5 million (total contract value), maintaining the stipulation previously endorsed by the board that the CEO authorisation is for contracted projects or procurement that fit the strategic directions endorsed by the board.

    48 The declaration does not indicate whether the interests are paid, but does support the board’s awareness of the CEO’s outside engagements. AIMS have confirmed that none of the CEO’s declared interests are paid engagements.

    49 This can include: requiring members to act ethically and in the best interests of the entity; manage and declare conflicts of interest; conduct themselves in a professional and respectful manner; devote sufficient time to undertaking the required duties (for example, by reading papers prior to meetings and attending meetings); participate fully in meetings; apply due diligence; maintain confidentiality over information; provide guidance on how members can raise concerns outside board meetings; and provide protocols for dealing with media, politicians and lobbyists.

    50 This can include: promoting full participation by all members; ensuring meetings are conducted in a professional and constructive manner; summing up to obtain clarity of decisions made; ensuring adequate reporting of key decisions; and relationship management with the entity, Minister and key stakeholders.

    51 Relating, for example, to the agenda, papers, minutes, powers of the Chairperson, voting procedures and frequency of meetings.

    52 According to the policy and procedures status report presented at the May 2018 audit committee, the code of conduct is reviewed every three years. It was last reviewed in December 2016, and is due for review in December 2019. The code authorisers are the executive team and it is not approved by the board.

    53 Australian Institute of Company Directors, Director Tools Board charter Role of the board, p. 1 [Internet], available from https://aicd.companydirectors.com.au/-/media/cd2/resources/director-resources/director-tools/pdf/05446-5-3-mem-director-rob-board-charter_a4-web.ashx [accessed February 2019].

    54 That discussion begins at page 16.

    55 Australian Institute of Company Directors, Director Tools: Board charter Role of the board [Internet], Australian Institute of Company Directors, July 2016, p. 1, available from https://aicd.companydirectors.com.au/-/media/cd2/resources/director-resources/director-tools/pdf/05446-5-3-mem-director-rob-board-charter_a4-web.ashx [accessed February 2019].

    56 As noted at page 20 of this audit report, the Hayne Royal Commission concluded that ‘culture, governance and remuneration march together. The Australian Prudential Regulation Authority identified that ‘remuneration frameworks and the outcomes they produce are important barometers and influencers of an organisation’s risk culture, …and misaligned incentives and ineffective accountability [can create ] poor risk cultures and undermine risk management, leading to unbalanced and ill-considered decision-making.’ Australian Prudential Regulation Authority, Information Paper: Remuneration practices at large financial institutions [Internet], Australian Prudential Regulation Authority, April 2018, p. 4, available from https://www.apra.gov.au/sites/default/files/180328-Information-Paper-Remuneration-Practices.pd [accessed March 2019].

    57 In 2013 AIMS was invited to participate in an on-line governance survey by the Australian Institute of Company Directors. Overall, the results suggested that survey participants tended on average to believe governance processes were mature. Two areas with lower results were the performance of the board/board committees and information/papers provided to the board/board committees.

    58 The performance of the CEO was assessed on the basis of his role as CEO not his role as a board member.

    59 The audit committee charter states that audit committee performance is to be assessed every two years. The scheduled 2018 assessment was brought forward to November 2017 to enable feedback to be gained from a departing audit committee member. The next review is scheduled for 2019.

    60 There was one instance in December 2017 where the minutes from the previous meeting were distributed prior to the meeting but only by two days and separate to the other papers.

    61 The audit committee charter includes review and approval of the annual internal audit work plan as an audit committee function. In practice, the board approves the internal audit work plan subject to the audit committee’s recommendation.

    62 As discussed in paragraph 2.44, the audit committee reviews the corporate risk register whereas risks reported to the board are the ‘hot risks’.

    63 While there is no legislative requirement in relation to Statements of Expectations and Statements of Intent the ANAO reviewed whether the AIMS board had oversight and regard to any Statements of Expectations by the Minister and whether the AIMS board had responded to the Minister with any Statements of Intent.

    64 This was not in relation to the AIMS Act.

    65 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019]. For full details of the general duties as an accountable authority, refer to Appendix 2 of this audit report.

    66 Ibid.

    67 Department of Finance Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, December 2016, Governing your entity, General duties as an accountable authority https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    68 Department of Finance Commonwealth Resource Management eLearning Program PGPA Act Module 2 Officials’ Responsibilities General duties of officials [Internet], Department of Finance, available from https://www.finance.gov.au/sites/all/themes/finance/commonwealth-resource-management/ [accessed March 2019].

    69 Ibid.