The objective of the audit was to assess the effectiveness of the governance board in the Sydney Harbour Federation Trust.

Summary and recommendations

Background

1. The governing board of a corporate Commonwealth entity is the accountable authority for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act)1, with responsibility for ‘leading, governing and setting the strategic direction’ for the entity.2

2. Around 60 corporate Commonwealth entities subject to the PGPA Act have governing boards, comprising a total of approximately 510 board positions.3 Corporate Commonwealth entities with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

Boards and corporate governance

Duties and roles

3. Sections 15 to 19 of the PGPA Act impose duties on accountable authorities in relation to governing the corporate Commonwealth entity for which they are responsible.4 As the accountable authority, members of Commonwealth governing boards are also officials under the PGPA Act and subject to the general duties of officials in sections 25 to 29 of the Act.5 Guidance issued to accountable authorities by the Department of Finance (Finance) observes that ‘each of these duties is as important as the others’.6

4. Boards play a key role in the effective governance of an entity. Corporate governance is generally considered to involve two dimensions, which are the responsibility of the governing board. These are:

Performance—monitoring the performance of the organisation and CEO…

Conformance—compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

… it is important to understand that governing is not the same as managing. Broadly, governance involves the systems and processes in place that shape, enable and oversee management of an organisation. Management is concerned with doing – with co-ordinating and managing the day-to-day operations of the business. 7

Sydney Harbour Federation Trust

5. The Sydney Harbour Federation Trust (SHFT) has a governing board and was established in September 2001 as a corporate Commonwealth entity under the Sydney Harbour Trust Act 2001 (SHFT Act) to conserve and preserve land in the Sydney Harbour region for the benefit of present and future generations of Australians.8 This includes land at Chowder Bay, Cockatoo Island, Georges Heights, Macquarie Lightstation, Marine Biological Station, Middle Head, North Head, Sub Base Platypus, and Woolwich.

Rationale for undertaking the audit

6. This topic was selected for audit as part of the ANAO’s multi-year audit program that examines aspects of the implementation of the PGPA Act. This audit provides an opportunity for the ANAO to review whether boards have established effective arrangements to comply with selected legislative and policy requirements and adopted practices that support effective governance. The audit also contributes to the identification of practices that could be applied in other entities. This audit is one of a series of governance audits that apply a standard methodology to the governance of individual boards.

Audit objective, criteria and scope

7. The objective of the audit was to assess the effectiveness of the governance board in the Sydney Harbour Federation Trust (SHFT).

8. To form a conclusion against the audit objective the following high level criteria were adopted:

  • the board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance; and
  • the board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

9. The audit examined the period July 2016 until March 2019.

10. Guidance to boards issued by the Department of Finance was reviewed by the ANAO having regard to the report of the 2019 Hayne Royal Commission9, which was released during the course of this audit, and other key reviews of board governance.10

Conclusion

11. The governance and oversight arrangements adopted by the Sydney Harbour Federation Trust board were effective, although board members have limited visibility of the work done by the entity’s Portfolio Audit Committee and place limited reliance on it for assurance purposes.

Supporting findings

SHFT board governance arrangements

12. The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance. However, board members have limited visibility of the work done by the entity’s Portfolio Audit Committee and place limited reliance on it for assurance purposes. To gain assurance in relation to financial reporting, performance reporting, risk oversight and management and internal controls, board members primarily rely on their own review and questioning of management reports and assertions rather than the advice and assurance provided by SHFT’s audit committee.

13. The ANAO has identified a number of opportunities for improvement relating to:

  • the board having more active engagement with the department and the Minister in relation to the skill requirements for future board appointments;
  • enhancing the board charter by including requirements relating to acting and Deputy Chair arrangements;
  • the board focusing its review and approval of policies on key policies, frameworks, and instructions (particularly those related to its duties as an accountable authority) and having a more active role in determining the timing and frequency of review;
  • improving board induction by providing board members with key policies;
  • setting board expectations for reporting to it by management; and
  • periodically evaluating board performance.

SHFT board arrangements to oversight compliance with key legislative and other requirements

14. With the exception of the Sydney Harbour Federation Trust board’s use of its Portfolio Audit Committee, and arrangements to oversight compliance with a Government Policy Order, the board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

15. The ANAO also made suggestions for improvement including in relation to:

  • enhancing the board’s oversight of SHFT compliance with a Government Policy Order; and
  • improving SHFT record keeping practices.

Recommendations

Recommendation no.1

Paragraph 2.53

The Sydney Harbour Federation Trust board review its audit committee arrangements to ensure it obtains the external advice and assurance it requires from its audit committee.

Sydney Harbour Federation Trust: Agree.

Recommendation no.2

Paragraph 3.5

The Sydney Harbour Federation Trust ensure its annual report meets the requirements of the Public Governance, Performance and Accountability Rule 2014.

Sydney Harbour Federation Trust: Agree.

Recommendation no.3

Paragraph 3.16

The Sydney Harbour Federation Trust ensure its corporate plan meets all the minimum requirements of the Public Governance, Performance and Accountability Rule 2014.

Sydney Harbour Federation Trust: Agree.

Summary of entity responses

16. The proposed report was provided to SHFT which provided a summary response that is set out below. An extract of the report was provided to the Department of the Environment and Energy (Environment). The full responses from SHFT and Environment are provided at Appendix 1.

Sydney Harbour Federation Trust

The Sydney Harbour Federation Trust (the Harbour Trust) welcomes the proposed report and agrees with the recommendations.

The Harbour Trust was pleased that the ANAO found that the board’s governance and administrative arrangements are consistent with relevant legislative requirements and that the board has structured its own operations in a manner that supports effective governance.

The Harbour Trust is confident that implementing the report’s recommendations will further strengthen the robust structures and processes that are in place.

Key messages from this audit for all Australian Government entities

17. This audit is one of a series of governance audits that apply a standard methodology to the governance of individual boards. The four entities included in the ANAO’s 2018–19 board governance audit series are:

  • Old Parliament House;
  • the Special Broadcasting Service;
  • the Australian Institute of Marine Science; and
  • the Sydney Harbour Federation Trust.

18. The first report in this series, Auditor-General Report No.34 2018–19 Effectiveness of Board Governance at Old Parliament House, includes a recommendation directed to the Department of Finance (Finance) to update its guidance to accountable authorities having regard to the key insights and messages for accountable authorities, including governance boards, identified in the recent inquiries and reviews referenced in paragraph 10. Finance agreed with the recommendation.

19. Key messages from the ANAO’s series of governance audits will be outlined in an upcoming ANAO Insights product available on the ANAO website.

1. Background

Introduction

Governance boards

1.1 The governing board of a corporate Commonwealth entity is the accountable authority for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act)11, with responsibility for ‘leading, governing and setting the strategic direction’ for the entity.12

1.2 Around 60 corporate Commonwealth entities subject to the PGPA Act have governing boards, comprising a total of approximately 510 board positions.13 Corporate Commonwealth entities with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

Boards and corporate governance

Duties and roles

1.3 Sections 15 to 19 of the PGPA Act impose duties on accountable authorities in relation to governing the corporate Commonwealth entity for which they are responsible (see Box 1).14 As the accountable authority, members of Commonwealth governing boards are also officials under the PGPA Act and subject to the general duties of officials in sections 25 to 29 of the Act (see Box 1).15 Guidance issued to accountable authorities by the Department of Finance (Finance) observes that ‘each of these duties is as important as the others’.16

Box 1: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) – RMG 200, December 2016

General duties as an official

You must exercise your powers, perform your functions and discharge your duties:

  • with the degree of care and diligence that a reasonable person would exercise if the person had the same responsibilities as you (section 25)
  • honestly, in good faith and for a proper purpose (section 26)

You must not improperly use your position, or information you obtain in that position, to:

  • gain, or seek to gain, a benefit or an advantage for yourself or any other person (section 27)
  • cause, or seek to cause, detriment to your entity, the Commonwealth or any other person (section 28).

Like all officials, you must disclose material personal interests that relate to the affairs of your entity (section 29) and you must meet the requirements of the finance law.

Accountable authorities who do not comply with these general duties can be subject to sanctions, including termination of employment or appointment.

General duties as an accountable authority

The additional duties imposed on you as an accountable authority are to:

  • govern your Commonwealth entity (section 15)
  • establish and maintain appropriate systems relating to risk management and oversight and internal control (section 16)
  • encourage officials to cooperate with others to achieve common objectives (section 17)
  • take into account the effects of imposing requirements on others (section 18)
  • keep your minister and the Finance Minister informed (section 19).

Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity [Internet].

1.4 Boards play a key role in the effective governance of an entity. Corporate governance is generally considered to involve two dimensions, which are the responsibility of the governing board:

Performance—monitoring the performance of the organisation and CEO. This also includes strategy—setting organisational goals and developing strategies for achieving them, and being responsive to changing environmental demands, including the prediction and management of risk. The objective is to enhance organisational performance;

Conformance—compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

… it is important to understand that governing is not the same as managing. Broadly, governance involves the systems and processes in place that shape, enable and oversee management of an organisation. Management is concerned with doing – with co-ordinating and managing the day-to-day operations of the business.17

1.5 The relationship between effective corporate governance and organisational performance is summarised in Box 2.

Box 2: The relationship between corporate governance and organisational performance

Narrowly conceived, corporate governance involves ensuring compliance with legal obligations, and protection for shareholders against fraud or organisational failure. Without governance mechanisms in place—in particular, a board to direct and control—managers might ‘run away with the profits’. Understood in this way, good governance minimises the possibility of poor organisational performance…more recent definitions of good governance emphasise the contribution good governance can make to improved organisational performance by highlighting the strategic role of the board. Legal compliance, ongoing financial scrutiny and control, and fulfilling accountability requirements are fundamental features of good corporate governance. However, a high-performing board will also play a strategic role. It will plan for the future, keep pace with changes in the external environment, nurture and build key external relationships (for example, business contacts) and be alert to opportunities to further the business. The focus is on performance as well as conformance. The board is not there to simply monitor and protect but also to enable and enhance.18

In summary, research conducted by those working closely with boards suggests that:

  1. The ‘hard attributes’ of governance such as board independence may be necessary but are not sufficient. At best, they form minimal standards of good governance. More accurately, it is the interplay of these ‘hard’ but easy to measure attributes and ‘soft’ attributes that lead to good governance.
  2. The ‘soft attributes’ of governance such as the chair/CEO relationship, board behaviours and board culture are critical to good governance.19

Culture and governance

1.6 The interplay of the ‘hard’ and ‘soft’ attributes of governance — and the criticality of board and organisational culture to an entity’s performance, values and conduct — have been central themes in notable Australian inquiries into organisational misconduct. These have included the 2003 Royal Commission into the failure of HIH Insurance20, the 2018 APRA Prudential Inquiry into the Commonwealth Bank of Australia21 and the 2019 Royal Commission into the financial services industry.22 While the specific focus of these inquiries was on financial institutions, their key insights on culture and governance have wider applicability and provide lessons for all accountable authorities, including governance boards. Many Auditor-General reports have made findings consistent with those appearing in these inquiries.23

2003 HIH Royal Commission

1.7 The HIH Royal Commissioner defined corporate governance as the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations — embracing not only the models or systems themselves but also the practices by which that exercise and control of authority is in fact effected. Justice Owen observed by way of introduction that:

A cause for serious concern arises from the [HIH] group’s corporate culture. By ‘corporate culture’ I mean the charism[a] or personality—sometimes overt but often unstated—that guides the decision-making process at all levels of an organisation …

The problematic aspects of the corporate culture of HIH—which led directly to the poor decision making—can be summarised succinctly. There was blind faith in a leadership that was ill-equipped for the task. There was insufficient ability and independence of mind in and associated with the organisation to see what had to be done and what had to be stopped or avoided. Risks were not properly identified and managed. Unpleasant information was hidden, filtered or sanitised. And there was a lack of sceptical questioning and analysis when and where it mattered.

At board level, there was little, if any, analysis of the future strategy of the company. Indeed, the company’s strategy was not documented and it is quite apparent to me that a member of the board would have had difficulty identifying any grand design …

… A board that does not understand the strategy may not appreciate the risks. And if it does not appreciate the risks it will probably not ask the right questions to ensure that the strategy is properly executed. This occurred in the governance of HIH. Sometimes questions simply were not posed; on other occasions the right questions were asked but the assessment of the responses was flawed.

1.8 More specifically, Justice Owen reported in chapter 6 of the report — which was dedicated to corporate governance — on key aspects of board operations and the importance of:

  • clearly defined and recorded policies or guidelines;
  • clearly defined limits on the authority of management, including in relation to staff emoluments;
  • independent critical analysis by the board;
  • recognition and resolution of conflicts of interest;
  • dealing with governance concerns;
  • maintaining control of the board agenda; and
  • providing relevant information to the board.
2018 APRA Prudential Inquiry

1.9 The APRA Prudential Inquiry also dedicated substantial sections of its report to culture and governance. The review panel observed that:

Culture can be thought of as a system of shared values and norms that shape behaviours and mindsets within an institution. Once established, the culture can be difficult to shift. Desired cultural norms require constant reinforcement, both in words and in deeds. Statements of values are important in setting expectations but their impact is sotto voce. How an institution encourages and rewards its staff, for instance, can speak more loudly in reflecting the attitudes and behaviours that it truly values.24

1.10 The Prudential Inquiry associated weaknesses in board oversight and organisational culture with:

  • insufficient rigour and urgency by the Board and its Committees around holding management to account in ensuring that risks were mitigated and issues closed in a timely manner;
  • gaps in reporting and metrics hampered the effectiveness of the Board and its Committees; and
  • a heavy reliance on the authority of key individuals that weakened the Committee construct and the benefits that it provides.25
2019 Hayne Royal Commission

1.11 The Hayne Royal Commission similarly incorporated a substantial chapter on culture, governance and remuneration in the final report. Commissioner Hayne reported that the evidence before the Commission showed that:

too often, boards did not get the right information about emerging non-financial risks; did not do enough to seek further or better information where what they had was clearly deficient; and did not do enough with the information they had to oversee and challenge management’s approach to these risks.

Boards cannot operate properly without having the right information. And boards do not operate effectively if they do not challenge management.26

1.12 The Commissioner challenged governance boards to actively discharge their core functions, including the strategic oversight of non-financial risks such as compliance risk, conduct risk and regulatory risk:

Every entity must ask the questions provoked by the Prudential Inquiry into CBA:

  • Is there adequate oversight and challenge by the board and its gatekeeper committees of emerging non-financial risks?
  • Is it clear who is accountable for risks and how they are to be held accountable?
  • Are issues, incidents and risks identified quickly, referred up the management chain, and then managed and resolved urgently? Or is bureaucracy getting in the way?
  • Is enough attention being given to compliance? Is it working in practice? Or is it just ‘box-ticking’?
  • Do compensation, incentive or remuneration practices recognise and penalise poor conduct? How does the remuneration framework apply when there are poor risk outcomes or there are poor customer outcomes? Do senior managers and above feel the sting?27

1.13 Key observations made in the Hayne Royal Commission on governance boards’ use of information, and the link between culture, governance and remuneration, are summarised in Box 3.

Box 3: 2019 Hayne Royal Commission

Information going to boards and its effective use

The Royal Commission observed that ‘it is the role of the board to be aware of significant matters arising within the business, and to set the strategic direction of the business in relation to those matters,’28 and identified ‘the importance of a board getting the right information and using it effectively’.29

Boards must have the right information in order to discharge their functions. In particular, boards must have the right information in order to challenge management on important issues including issues about breaches of law and standards of conduct, and issues that may give rise to poor outcomes for customers. Without the right information a board cannot discharge its functions effectively.

When I refer to boards having the right information, I am not referring to boards having more information … it is the quality, not the quantity, of information that must increase. Often, improving the quality of information given to boards will require giving directors less material and more information. …

Boards must also use the information that they have to hold management to account. Boards cannot, and must not, involve themselves in the day-to-day management of the corporation. Nothing in this Report should be taken to suggest that they should. The task of the board is overall superintendence of the company, not its day-to-day management. But an integral part of that task is being able and willing to challenge management on key issues, and doing that whenever necessary.30

Culture, governance and remuneration

The Royal Commission highlighted the importance of governance boards focusing on entity remuneration policy, because ‘the remuneration arrangements of an entity show what the entity values’.31 The Commission concluded that ‘Culture, governance and remuneration march together.’32

When remuneration arrangements are designed or implemented in a way that sees executives rewarded with large bonuses despite their poor management of risks, those remuneration arrangements increase the likelihood that the entity will engage in misconduct, or conduct that falls below what the community expects. By contrast, when remuneration arrangements are designed and implemented in a way that properly takes into account the way that executives have managed risks—including compliance risk, conduct risk and regulatory risk—those remuneration arrangements will decrease the likelihood that the entity will engage in misconduct, or conduct falling below community standards and expectations. As I said earlier, an entity’s remuneration arrangements, especially variable remuneration programs, tell staff what the entity rewards and what the entity values.33

Assessment of culture and governance by boards

1.14 Recommendation 5.6 of the Hayne Royal Commission — titled ‘changing culture and governance’ — was that entities should, as often as reasonably possible, take proper steps to: assess the entity’s culture and its governance; identify any problems with that culture and governance; deal with those problems; and determine whether the changes it has made have been effective.

1.15 Underlining the criticality of organisational culture to entity performance, values and conduct, the Royal Commissioner emphasised that this recommendation, ‘although it is expressed generally, can and should be seen as both reflecting and building upon all the other recommendations that I make.’34

1.16 In a similar vein, the HIH Royal Commission had warned in 2003 of the dangers of a ‘tick the box’ mentality towards corporate governance, and the benefits of periodic review by boards of corporate governance practices to ensure their suitability.

The Public Governance, Performance and Accountability Act 2013 (PGPA Act)

1.17 The objects of the PGPA Act include: to establish a coherent system of governance and accountability across Commonwealth entities; and to require the Commonwealth and Commonwealth entities to meet high standards of governance, performance and accountability.35

1.18 As discussed in paragraph 1.3 of this audit report, the PGPA Act includes both general duties of accountable authorities and general duties of officials. It also establishes obligations relating to the proper use of public resources (that is, the efficient, effective, ethical and economical use of resources).36 In so doing, the PGPA Act establishes clear cultural expectations for all Commonwealth accountable authorities and officials in respect to resource management. Finance, which supports the Finance Minister in the administration of the PGPA Act framework, has also issued a range of guidance documents on the technical aspects of resource management under the framework.

1.19 Finance issued a Resource Management Guide (RMG 200) in December 2016 to assist accountable authorities37, which is principally a factual and procedural guide with a focus on legal compliance. There is no equivalent in the Commonwealth public sector of resources built up over time — such as the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations38 and Australian Institute of Company Directors resources — to support public sector governance boards. In consequence, public sector accountable authorities would need to rely on a combination of personal experience and other resources to supplement the guidance released by Finance. As discussed, the recent APRA Prudential Inquiry and Hayne Royal Commission have again highlighted the criticality of effective board governance, corporate culture and the interplay of the ‘hard’ and ‘soft’ attributes of governance, and there would be merit in Finance issuing guidance which has regard to the key insights and messages of those inquiries directed to accountable authorities.

Recommendation

1.20 The first report in this series of board governance audits, Auditor-General Report No.34 of 2018–19 Effectiveness of Board Governance at Old Parliament House, includes a recommendation directed to the Department of Finance to update its guidance to accountable authorities having regard to the key insights and messages for accountable authorities identified in the recent inquiries and reviews referenced above. Finance agreed to the recommendation.

Rationale for undertaking the audit

1.21 This topic was selected for audit as part of the ANAO’s multi-year audit program that examines aspects of the implementation of the PGPA Act. This audit provides an opportunity for the ANAO to review whether boards have established effective arrangements to comply with selected legislative and policy requirements and adopted practices that support effective governance. The audit also contributes to the identification of practices that support effective governance that could be applied in other entities. This audit is one of a series of governance audits that apply a standard methodology to the governance of individual boards.

1.22 The four entities included in the ANAO’s 2018–19 board governance audit series are:

  • Old Parliament House;
  • the Special Broadcasting Service;
  • the Australian Institute of Marine Science; and
  • the Sydney Harbour Federation Trust.

Sydney Harbour Federation Trust (SHFT)

1.23 SHFT was established in September 2001 as a corporate Commonwealth entity under the Sydney Harbour Trust Act 2001 (SHFT Act) to conserve and preserve land in the Sydney Harbour region for the benefit of present and future generations of Australians.39 This includes land at Chowder Bay, Cockatoo Island, Georges Heights, Macquarie Lightstation, Marine Biological Station, Middle Head, North Head, Sub Base Platypus, and Woolwich. The Parliament established the Trust as a transitional body to manage the land and facilitate its return in good order. The SHFT Act requires that as soon as practicable after the end of 19 September 2033, the Minister must, by notice published in the Gazette, specify a day on which the Act is to be repealed.40 At this time the Trust will transfer suitable land to New South Wales for inclusion in the national parks and reserves system.41

1.24 SHFT is governed by a Board of Trustees42 appointed by the Minister for the Environment and Energy. Under the SHFT Act membership of the board consists of a Chair and seven other members. At the time of audit fieldwork there were seven members, including the Chair. Under the SHFT Act the board has power to do all things necessary or convenient to be done for, or in connection with, the performance of its functions. The Executive Director is to manage the affairs of the SHFT subject to the directions of, and in accordance with policies determined by, the board.

1.25 SHFT had 72 staff and 250 volunteers at the end of 2017–1843 and generates approximately $19 million in own source revenue. SHFT does not receive operational funding from the government, however it occasionally receives capital funding.

Audit approach

Audit objective, criteria and scope

1.26 The objective of the audit was to assess the effectiveness of the governance board in the Sydney Harbour Federation Trust.

1.27 To form a conclusion against the audit objective the following high level criteria were adopted:

  • the board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance; and
  • the board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

1.28 The audit examined the period July 2016 until March 2019.

1.29 Guidance to boards issued by the Department of Finance was reviewed by the ANAO having regard to the report of the 2019 Hayne Royal Commission44, which was released in the course of this audit, and other key reviews of board governance.45

Audit methodology

1.30 In undertaking the audit the ANAO:

  • reviewed board and audit committee papers and minutes from July 2016 to December 2018;
  • reviewed a range of relevant documentation including entity corporate plans, strategy documents, board and audit committee charters, risk registers, and conflict of interest declarations;
  • interviewed current and former board members;
  • attended two board meetings (June and September 2018) and one audit committee meeting (September 2018) as an observer; and
  • reviewed relevant guidance and reviews on board governance.

1.31 The audit was conducted in accordance with the ANAO Audit Standards at a cost to the ANAO of approximately $203,000. The team members for this audit were Grace Guilfoyle, Kelly Williamson, Shane Armstrong and Michelle Page.

2. SHFT board governance arrangements

Areas examined

This chapter examines whether the board’s governance and administrative arrangements are consistent with relevant legislative requirements and whether the board has structured its own operations in a manner that supports effective governance.

Conclusion

The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance although board members have limited visibility of the work done by the entity’s Portfolio Audit Committee and place limited reliance on it for assurance purposes.

Recommendation

The ANAO made one recommendation to the Sydney Harbour Federation Trust board relating to reviewing its audit committee arrangements to ensure it obtains the external advice and assurance it requires from its audit committee.

Areas for improvement

The ANAO has identified a number of opportunities for improvement relating to:

  • the board having more active engagement with the department and the Minister in relation to the skill requirements for future board appointments;
  • enhancing the board charter by including requirements relating to acting and Deputy Chair arrangements;
  • the board focusing its review and approval of policies on key policies, frameworks, and instructions (particularly those related to its duties as an accountable authority) and having a more active role in determining the timing and frequency of review;
  • improving board induction by providing board members with key policies;
  • setting board expectations for reporting to it by management; and
  • periodically evaluating board performance.

Are the board’s governance and administrative arrangements consistent with relevant legislative requirements and has the board structured its own operations in a manner that supports effective governance?

The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance. However, board members have limited visibility of the work done by the entity’s Portfolio Audit Committee and place limited reliance on it for assurance purposes. To gain assurance in relation to financial reporting, performance reporting, risk oversight and management and internal controls, board members primarily rely on their own review and questioning of management reports and assertions rather than the advice and assurance provided by SHFT’s audit committee.

2.1 SHFT was established as a statutory body by its enabling legislation, the Sydney Harbour Trust Act 2001 (SHFT Act). Prior to this, it existed as an interim body. The ANAO examined whether:

  • the board’s governance and administrative arrangements are consistent with the enabling legislation; and
  • the board had structured its own operations in a manner that supports effective governance.

2.2 The results of the ANAO’s assessment against each of these requirements and any suggestions for improvement are outlined below.

Consistency of governance and administrative arrangements with the SHFT Act

Membership and appointment of board members

2.3 The SHFT Act outlines the requirements for board membership, with the Minister responsible for appointments. The Act requires the appointment of:

  • a Chair; and
  • seven other members.

2.4 Two board positions are to be held by persons recommended by the Government of New South Wales (NSW). In addition, one of the board members must, in the Minister’s opinion, represent the interests of Indigenous people, and another must be an elected member of an affected local government council. Appointments are to be for a period not exceeding three years.

2.5 During the period under review (July 2016 to March 2019), the number of members on the board varied from five to eight. The terms of two board members (the previous Chair and another member) expired during this time. The member was reappointed and a new Chair was appointed. The new Chair had previously been a member on the board. In addition, two new appointments were made. One of the new appointments resigned prior to attending any board meetings. Appointment of the current board members was made by the Minister, for the three-year term allowed for in the legislation. There were two NSW appointments, one Indigenous representative, and one local government representative in accordance with the requirements.

2.6 Other than the Chair, board members were not directly involved in developing the skill requirements for board vacancies, although they were aware of communication between the Chair and the Minister on this issue. The ANAO was advised that in respect to oversight of the appointments process, candidates are generally identified through initial informal discussions between the portfolio department46, the Chair of the SHFT board, the Executive Director of SHFT and the Minister’s Office. The department completed a skills analysis of board members to identify gaps for the new appointments in April 2018, and there is no evidence that the board was consulted. The department then wrote to the Minister recommending candidates. Following the Minister’s agreement, the Minister wrote to the Prime Minister seeking agreement to present the nominees for Cabinet consideration. Records indicate that appointments to the board are deemed significant and require Cabinet approval.

Opportunities for improvement

2.7 There is an opportunity for the board to have more active engagement with the department and the Minister in relation to the skill requirements for future board appointments.

Acting arrangements for the board Chair

2.8 The SHFT Act requires that the board members present appoint a Commonwealth member to preside if the Chair is not present, or that the Minister appoint a member to act as Chair during a vacancy. There were four occasions when the Deputy Chair was acting Chair during the period reviewed by the ANAO. This is authorised in the Deputy Chair’s instrument of appointment provided by the Minister and fulfils the requirements of the SHFT Act. The board charter does not provide information on acting or Deputy Chair arrangements.

Opportunities for improvement

2.9 There is an opportunity for the SHFT board to enhance its board charter by including requirements relating to acting and Deputy Chair arrangements.

Meeting requirements, quorum, presiding at meetings and voting

2.10 The SHFT Act states that the board is to hold such meetings as are necessary for the efficient performance of its functions, with at least four meetings to be held each year, including two meetings that are open to the public. During the period reviewed by the ANAO the board met more frequently than these minimum requirements. In both 2016–17 and 2017–18 the board had at least four standard private meetings and additional meetings in relation to specific issues, such as the approval of management plans, consideration of leasing matters and SHFT’s financial statements.

2.11 In relation to board meetings, the SHFT Act specifies that a majority of the members holding office constitutes a quorum. The ANAO reviewed board minutes from July 2016 to December 2018 and a quorum was obtained at each board meeting.

2.12 The SHFT Act specifies that a question is decided by a majority of the votes of the members present and voting, and that the person presiding at a meeting has a deliberative vote and, if necessary, also a casting vote. SHFT advised the ANAO that all matters were resolved through consensus during the period examined by the audit.

2.13 The SHFT Act requires that the name of each person who moves or seconds a motion be recorded in the minutes, and that minutes must be made publicly available. These requirements have been met during the period reviewed by the ANAO, and the minutes are available on the SHFT website. The ANAO’s review of minutes of board meetings held from July 2016 until December 2018 found that minutes clearly indicate board actions.

Notice of meetings

2.14 Under the SHFT Act, members are entitled to receive 24 hours notice of urgent meetings, seven days notice of other meetings, and the public are entitled to receive seven days notice of public meetings. For the last two financial years there have been no urgent meetings. Notices of public meetings have been posted on the SHFT website with at least seven days notice. SHFT board meeting dates are arranged with board members using an online mechanism.

Decisions without meetings

2.15 The SHFT Act allows for resolutions without meetings where a majority that would have constituted a quorum at a board meeting indicate agreement with the resolution under the method determined by the board. The ANAO identified two instances of decisions without meetings, both of which met the legislative requirements. This was done through an emailed request to board members to approve documents via a circular resolution.

2.16 SHFT advised that board members communicate on board business through a variety of channels including private email. Board members and the entity should be cognisant of the need to ensure that information relating to the entity is handled and maintained in accordance with applicable Commonwealth information security and record keeping requirements. These requirements apply to communication channels such as emails, which are official records.

Appointment and responsibilities of the Executive Director

2.17 The SHFT Act specifies that there is to be an Executive Director, appointed by the Minister on the recommendation of the board, who is not a member of the board. A new Executive Director was appointed in April 2017. The portfolio department facilitated the search for an Executive Director, with the panel comprising the SHFT board Chair, a board member, and a person with no involvement with the board. A recommendation from the panel was provided to the Minister, who in turn provided a recommendation to the Prime Minister.

2.18 The SHFT Act further states that the Executive Director is to manage the affairs of SHFT, subject to the directions of, and in accordance with policies determined by, the board. There are no other requirements relating to Executive Director duties in the Act. The board has delegated powers and functions to the Executive Director, including through an Instrument of Financial Delegations. As discussed in Table 3.2, the Executive Director provided the board with a signed declaration confirming that delegations have been properly exercised every six months, with one exception. The declaration does not include details of the basis of assurance, for example, what controls are in place and how they are tested.

Outside employment

2.19 The SHFT Act states that the Executive Director must not engage in paid employment outside the duties of his or her office except with the approval of the board. SHFT advised the ANAO that the Executive Director has not engaged in any paid outside employment. As discussed further in Table 3.1, declarations of interest is a standing agenda item at board meetings.

Board operations

2.20 Paragraphs 1.3 to 1.16 of this audit report outlined key insights on corporate governance and board operations, including in recent reviews and inquiries. Key themes include the need for:

  • recognition and management of conflicts of interest;
  • board members to question and challenge management;
  • risk to be properly identified, considered and managed;
  • boards to consider future strategy and key policies including remuneration policy;
  • boards to periodically assess corporate governance and organisational culture; and
  • appropriate oversight of compliance.

2.21 The ANAO attended two board meetings at SHFT (June and September 2018) and one Portfolio Audit Committee (PAC) meeting (September 2018). In those meetings, and through the review of board and audit committee papers and minutes, and interviews and interactions with board members, the ANAO observed board members collectively displaying a range of qualities and behaviours that indicated the existence of a positive governance culture at board level. These included:

  • an openness to declaring conflicts of interest;
  • a willingness to challenge management, engage in robust debate, explore various options and seek further clarification as needed;
  • an ability to conduct meetings in a professional, collegiate and respectful manner;
  • an understanding of their obligations as the accountable authority and the challenges facing the entity;
  • a desire and commitment to act in the best interests of the entity; and
  • a willingness to undertake sufficient preparation to enable meetings to be conducted in a productive manner.

2.22 At board meetings the ANAO observed discussion, consistent with SHFT’s functions, related to the use of SHFT land and community consultation. Board meetings included various standing agenda items, including an Executive Director’s report and matters relating to governance, risk and compliance; work health and safety; finance; leasing and property; internal controls; and performance.

2.23 As discussed in Table 3.3, SHFT has a community advisory committee, which is expected to meet quarterly, and the board, as required under the SHFT Act, conducts two board meetings each year that are open to the public. The board receives community advisory committee updates at each board meeting.

2.24 The remainder of this section examines specific aspects of the board’s governance and administrative arrangements.

Does the board have a charter?

2.25 A board charter is a written document that sets out such things as:

  • the functions, powers, and membership of the board;
  • role, responsibilities and expectations of members, both individually and collectively, and of management47;
  • role and responsibilities of the Chair48;
  • procedures for the conduct of meetings49; and
  • policies on board performance review.

2.26 A charter can provide a single reference point that clearly sets out the functions, powers and membership of the board, as well as roles, responsibilities and accountabilities, consistent with relevant legislative requirements. Board charters can also articulate the desired culture of the board and address the ‘soft attributes’ of governance discussed in chapter 1 of this audit report relating to board culture and behaviours, which are critical to good governance.50 The Australian Institute of Company Directors has indicated that:

In most organisations the governance framework is determined by the legislation that it has been created under…However, there are many aspects of modern governance which the board must consider and act upon that lie outside legal requirements. The board charter is one way of documenting these matters.51

2.27 SHFT has a board charter that details the objects, functions and powers of SHFT and the responsibilities of the board, in accordance with the SHFT Act. The charter outlines the SHFT board’s relationship with government, as well as responsibilities and accountabilities to the Minister, entity and Executive Director. The charter also contains behavioural expectations for board members via a code of conduct, which includes general obligations as well as confidentiality, conflict of interest, and gifts, benefits and hospitality requirements. The charter contains a provision for sanctions to be imposed where the code of conduct has been breached, which may include a reprimand, or a recommendation to the Minister for termination of the board member’s engagement. The charter provides guidance on meeting procedures, including quorum requirements, voting, minutes, and resolutions without meetings, in accordance with the SHFT Act.

2.28 The board charter is included in the induction kit for board members. In addition, the code of conduct is publicly available on the SHFT website.

2.29 The SHFT board’s inclusion of behavioural expectations in its board charter is a practice that other entities could consider adopting.

Does the accountable authority approve or have oversight of key policies?

2.30 The SHFT board has oversight of most key SHFT policies.52 Various policies have been reviewed by the board during the period reviewed by the ANAO although board minutes do not always indicate board approval. Policies reviewed by the board include:

  • gifts and hospitality policy, noted and taken as read in September 2016;
  • crisis and emergency management policy, noted and taken as read in September 2016;
  • personal protective equipment policy, noted and taken as read in September 2016;
  • injury management and rehabilitation policy, noted and taken as read in September 2016;
  • fitness for work policy, noted and taken as read in September 2016;
  • health and wellbeing policy, noted and taken as read in September 2016;
  • workplace surveillance policy, noted and taken as read in September 2016;
  • rental subsidy policy for contributory and delivery partners, approved in December 2016;
  • strategic financial plan, taken as read, March 201753;
  • leasing policy, approved in June 2017;
  • work health and safety policy, approved in October 2017;
  • event policy, approved in September 2018; and
  • strategic asset management plan, noted in December 2018.

2.31 The board was advised in June 2017 that the policies taken as read by the board in September 2016 had been updated by SHFT management. Other policies that the board is the listed authoriser for, but which were last approved by the board prior to the period reviewed by the ANAO include:

  • Fraud control policy, last approved by the board in December 2014;
  • Risk management policy, last approved by the board in July 2015, and reviewed by management with no changes required in November 2017; and
  • Procurement policy, last approved by the board in December 2014.

2.32 SHFT has financial delegations, as discussed in paragraph 2.18, which are reviewed and approved by the board each year, most recently in June 2018. SHFT also has accountable authority instructions, approved by the board in 2015, and subsequently reviewed by management. SHFT has a code of conduct, reviewed and approved by management, who advise the board of changes.

Opportunities for improvement

2.33 There is an opportunity for the SHFT board to focus its review and approval of policies on key policies, frameworks, and instructions (particularly those related to its duties as an accountable authority) and having a more active role in determining the timing and frequency of review. Board review of key policies and frameworks such as financial delegations, fraud, risk management and work health and safety can assist board members gain assurance that they are effectively discharging their duties as the accountable authority by setting the framework for compliance with relevant legislation. Having the board approve policies such as code of conduct, remuneration and key quality assurance frameworks (if applicable) enables boards to influence behaviours and can be an important mechanism in communicating the desired culture within the entity. Recent reviews such as the 2018 APRA Prudential Review and the 2019 Hayne Royal Commission have highlighted that boards need to be alive to how incentives in organisations can drive inappropriate behaviours.54 Periodic board review of key policies can assist a board in its messaging to the entity about the organisational culture it wishes to promote.

2.34 In relation to risk management policies and frameworks specifically, the Commonwealth Risk Management Policy (CRMP) requires the accountable authority to endorse an entity’s risk management policy and framework. Corporate Commonwealth entities, such as SHFT, are not required to comply with the CRMP but should review and align their risk management frameworks and systems with the policy as a matter of good practice. Given the SHFT risk management policy was last approved by the board in July 2015, when considering which policies to focus on, the board should consider aligning its approval of the SHFT risk management framework and systems with the CRMP.

Are board members provided with appropriate induction?

2.35 Upon induction, board members are provided with a range of appropriate information. This includes:

  • visits to SHFT sites;
  • discussion with the Chair and key personnel;
  • selected documents (for example, relevant legislation, the Corporate Governance Framework, the Governance Framework, Organisation Chart, annual and corporate reports, Reconciliation Action Plan, Comprehensive Plan, Management Plan, Leasing Policy and the board charter); and
  • previous minutes, future meeting dates and board member contact details.

2.36 All board members indicated to the ANAO that they were satisfied with the information provided at induction.

Opportunities for improvement

2.37 There are some key policies related to the accountable authority role that are not provided at induction, including those related to risk, delegations, and fraud control. This is further discussed in Table 3.2. Early provision of these documents to new board members may be beneficial in helping them understand the risk appetite and control processes of the entity.

Has the board set expectations for reporting to it by management?

2.38 The SHFT board has not formally set expectations for reporting to it by management. Management reports to the board through standing agenda items and a standard format for presenting papers that has evolved over time.

Opportunities for improvement

2.39 The corporate governance reviews discussed in chapter 1 of this report have consistently highlighted the importance of holding management to account. There is an opportunity for the SHFT board to formally set expectations for reporting to it by management through its board charter. This could assist in ensuring that the board and management have a shared understanding of the board’s requirements and could assist the board in meeting its obligations as an accountable authority. This could be particularly useful given recent turnover in board membership.

Is board performance collectively and individually assessed?

2.40 SHFT advised the ANAO that during the period examined by this audit (July 2016 to December 2018), there had not been a formal assessment of the performance of the board (collectively or of individual members).55

Opportunities for improvement

2.41 Periodically evaluating board performance can enable a board to reflect on its operations and assess whether it has effectively met its objectives and obligations. This should include assessing performance in terms of the performance and conformance elements discussed in paragraph 1.4 of this report. Lessons learned from this process can assist the board in setting priorities and goals and contribute to enhancing overall board and organisational effectiveness. Documenting the process, performance criteria, outcomes, and any actions taken in response to issues identified can also assist in ensuring accountability and transparency. Boards could also consider reporting in their annual report that a performance evaluation has been undertaken, insights it has gained from the evaluation and any governance changes it has made as a result. It may also be helpful for boards to evaluate their meetings, such as through informal discussion at the end of each meeting.

Does the board establish arrangements and expectations in relation to the board secretariat?

2.42 The SHFT Act does not provide requirements relating to secretariat arrangements. The Executive Assistant to the Executive Director performs the role of board secretary at meetings. SHFT advised the ANAO that there is no documentation formalising this role. Interviews with board members indicate satisfaction with secretariat arrangements, with staff able to access information required and no issues raised regarding timeliness of papers or accuracy of minutes.

Is reporting of performance results listed as an agenda item at each meeting?

2.43 At each meeting the board is provided with an Executive Director report that includes reporting of performance against corporate plan performance criteria.

Is the board provided with information to assist members to gain a good understanding of the entity’s strategic environment and risks?

2.44 SHFT has a risk management framework, endorsed by the PAC and approved by the board in 2015. The framework includes a risk management policy, which contains a risk appetite statement. The risk management policy has not been reviewed or approved by the board since approved in 2015, although the board was advised of a review, with no changes required, in November 2017. The risk management policy is not included in the board induction pack. There is risk reporting at each SHFT board meeting, with a standing agenda item on risk, governance and compliance involving presentation of current risk issues, the strategic risk register, a risk treatment schedule, a risk heat map, the internal controls action plan, and a work health and safety report.

2.45 The board demonstrates engagement in strategic planning, which requires an understanding of the strategic environment, through its involvement in corporate plan approval and the approval of management plans of sites managed by SHFT. Board members have a range of backgrounds including local government, military and Indigenous. This can be expected to support an understanding of SHFT’s particular operating environment.

2.46 SHFT uses a PAC rather than having its own audit committee. The PAC acts as a single joint audit committee for the Department of the Environment and Energy, SHFT and the Director of National Parks. The PAC was set up by the department to gain process efficiencies whilst also providing effective oversight of SHFT operations with respect to public sector requirements. The PAC reviews a sub-set of the risk documentation that is provided to the board, seeing only the current risk issues and the work health and safety report. As discussed further in paragraphs 2.48 to 2.52 and Tables 3.1, 3.2 and 3.5, board members advised the ANAO that they placed limited reliance on the PAC for assurance as they have limited visibility of the PAC’s operations. Those board members further advised that due to the limitations of the PAC, they primarily rely on their own review of management reporting to obtain the necessary assurance.

2.47 Overall, the board is provided with information to enable members to have a good understanding of SHFT’s strategic environment and risks although, as discussed below, the SHFT board needs to manage the risk that its current use of the PAC is not providing the board with the advice and assurance it needs.

In establishing the audit committee has the board considered structure, composition, size, skills and independence of mind of members to enable the committee to be effective and has the board established an audit charter outlining key requirements?

2.48 PAC members are appointed by the Secretary of the Department of the Environment and Energy. SHFT has not been directly involved in PAC member appointments but has been advised by the department when an appointment has been made.

2.49 The PAC has five members, including an independent Chair, two independent members, and two portfolio department officials. Membership is consistent with the charter which states that it must comprise at least three members, and that the majority of members must be independent. The current Chair of the PAC is independent of the portfolio department and SHFT. The charter also specifies that entity Chief Executive Officers, Chief Financial Officers, Chief Audit Executives or accountable authorities cannot be PAC members. No SHFT board members or SHFT officials are PAC members. The SHFT Executive Director or Chief Financial Officer are invited to attend PAC meetings as observers and one or both, or their acting representatives, have been in attendance at all meetings in the period examined by this audit. No PAC representatives attend SHFT board meetings and the ANAO has not seen evidence of reporting from the PAC to the board, other than in relation to the financial statements.56 The PAC charter does not require the internal and external auditors of entities to be invited to its meetings. In practice, external audit representatives have attended all PAC meetings, and internal audit representatives have attended occasionally during the period examined by the ANAO.

2.50 The PAC charter further states that the charter will be reviewed annually, and that this review will include consultation with the accountable authorities of entities. The charter also states that any substantive changes will be recommended by the Committee and formally approved by the accountable authorities. The PAC charter was last reviewed by the PAC in June 2018, with proposed changes endorsed for recommendation to the PAC’s accountable authorities. After the PAC endorsed the charter, the draft charter was sent to SHFT, and SHFT formally approved the document.

2.51 The process by which the PAC provides assurance to the SHFT board in relation to SHFT financial statements is via a SHFT finance sub-committee. The SHFT finance sub-committee comprises two members of the PAC and a member of the SHFT board. There are no terms of reference for the sub-committee and the ANAO was advised that terms of reference will be implemented. For SHFT’s 2017–18 financial statements the SHFT finance sub-committee met with the board Chair, Executive Director, Chief Financial Officer and an ANAO officer was present as an observer.57 The sub-committee agreed to provide advice to the PAC in relation to the financial statements. On the basis of this advice, the PAC provided written advice to the board. The letter from the sub-committee to the PAC and the letter from the PAC to the board were tabled at the SHFT board meeting prior to the approval of the financial statements.

2.52 As discussed above, a number of board members interviewed by the ANAO indicated that they placed limited reliance on the PAC for assurance purposes due to a lack of visibility over what it does and instead relied primarily on reports provided by SHFT management. Board minutes reviewed by the ANAO did not indicate a board level discussion of these issues. Further, the ANAO was advised that these issues had not been raised with the PAC or the portfolio department. The concerns of board members communicated to the ANAO should be discussed at board level and if necessary raised with the PAC to ensure that the full potential of the PAC as a source of external advice and assurance to the SHFT accountable authority is realised.

Recommendation no.1

2.53 The Sydney Harbour Federation Trust board review its audit committee arrangements to ensure it obtains the external advice and assurance it requires from its audit committee.

Sydney Harbour Federation Trust response: Agree.

2.54 Enhanced formal communication to the SHFT board of PAC’s role and responsibilities and its actions in oversighting SHFT activities has already been implemented.

Is there an internal audit function that provides assurance to the board and does the board have oversight of internal audit and the entity’s response to internal audit findings and recommendations?

2.55 SHFT has an outsourced internal audit function, contracted through the portfolio department’s internal audit panel arrangement. SHFT has had two internal audits during the period reviewed by the ANAO, covering cyber security (a portfolio department internal audit involving SHFT and other entities within the portfolio), and contractor management.58 All internal audit reports are provided to the PAC. The PAC monitors an internal audit recommendation tracker. This includes details of the recommendations and implementation status, although it is not always clear whether each recommendation has been agreed. The portfolio department’s cyber security internal audit contained a recommendation relating to all of the agencies within the portfolio, including SHFT.59 This has not been included in SHFT’s internal audit recommendation tracker. SHFT has advised that their existing mechanisms partially address the recommendation, and that further action is planned.

2.56 As discussed in paragraph 2.49, the board does not receive direct reporting from the PAC other than in relation to the financial statements. This limits the board’s visibility of the PAC’s work in reviewing internal audit findings and tracking management actions. The board was provided with the contractor management internal audit report, which includes details of the recommendations and management’s response. The board was provided with some information on the portfolio department’s cyber security audit, but the board papers do not include reference to recommendations.

2.57 The SHFT board approved the internal audit work plan. There is evidence that the board considered the work plan, including requesting a particular audit topic. While the PAC also reviewed the internal audit work plan, there is no evidence of the PAC providing advice to the board on the plan, other than through discussion with management at the meeting. The PAC was provided with assurance from SHFT management that the internal audit plan was developed with consideration of SHFT risks.

2.58 In September 2017, the board requested that internal audit present at board meetings at least annually. Internal audit joined the December 2018 meeting via teleconference to discuss the findings of an internal audit on contract management.

2.59 Overall the board has oversight of its internal audit function and management’s response to internal audit findings and recommendations. However, it has limited visibility of the work done by the PAC regarding internal audit matters.

3. SHFT board arrangements to oversight compliance with key legislative and other requirements

Areas examined

This chapter examines whether the board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

Conclusion

With the exception of the SHFT board’s use of its Portfolio Audit Committee, and arrangements to oversight compliance with a Government Policy Order, the board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

Recommendations

The ANAO made two recommendations aimed at improving SHFT compliance with the Public Governance, Performance and Accountability Rule 2014.

Areas for improvement

The ANAO also made suggestions for improvement including in relation to:

  • enhancing the board’s oversight of SHFT compliance with a Government Policy Order; and
  • improving SHFT record keeping practices.

Has the board established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements

The board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements except in relation to the SHFT board’s oversight of compliance with a Government Policy Order. In addition, the SHFT board should review its audit committee arrangements to ensure it obtains the external advice and assurance it requires from its audit committee.

3.1 The ANAO examined whether the board had established fit-for-purpose arrangements to ensure oversight of and compliance with:

  • Government Policy Orders60;
  • selected parts of the entity’s enabling legislation; and
  • selected parts of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) relating to: duties of accountable authorities; duties of officials; the corporate plan; financial statements, annual report and audit committees.

3.2 The results of the ANAO’s assessment against each of these requirements for the SHFT board are outlined below.

Oversight of, and compliance with, Government Policy Order

3.3 SHFT is subject to a Government Policy Order (GPO) issued by the Finance Minister under section 22 of the PGPA Act.61 Under the order, SHFT is required to comply with the Public Governance, Performance and Accountability (Charging for Regulatory Activities) Order 2017.62 Evidence of how the board is provided assurance of compliance with the GPO could not be provided. In addition, there is no reference to the GPO in the SHFT annual report as required by section 17BE(e) of the PGPA Rule.63

3.4 SHFT management advised that SHFT complies with the Finance Minister Order (Order 2017) through charging for regulatory activities such as Liquor Licence Fees and Development Applications.

Recommendation no.2

3.5 The Sydney Harbour Federation Trust ensure its annual report meets the requirements of the Public Governance, Performance and Accountability Rule 2014.

Sydney Harbour Federation Trust response: Agree.

3.6 The SHFT Annual Report will refer to the Government Policy Order.

Opportunities for improvement

3.7 There is an opportunity for the SHFT board to enhance its oversight of, and compliance with, key legislative and other requirements by including the GPO in its existing compliance and assurance mechanisms. Including details of the basis of assurance, for example, what controls are in place and how they are tested, would assist board members gain a greater understanding of the robustness of internal controls supporting legal compliance.

Oversight of, and compliance with, elements of enabling legislation

3.8 SHFT is required to comply with its enabling legislation, the Sydney Harbour Federation Trust Act 2001 (SHFT Act) and Regulations. Under the SHFT Act, the Executive Director is responsible for managing the affairs of SHFT subject to the directions of, and in accordance with policies determined by, the board. The ANAO’s assessment of the SHFT board’s oversight of, and compliance with, selected key requirements of the SHFT Act is outlined below.

3.9 In terms of how the board oversights compliance with the requirements of its enabling legislation, the primary mechanism is regular reporting through the governance, risk and compliance standing agenda item. This includes quarterly reporting on management compliance statements, discussion of any breaches, and an annual compliance report. The quarterly management compliance statements certify that the signing staff member complied with a list of internal policies and procedures and a list of relevant legislation, including the SHFT Act. The quarterly compliance statements are not included in the board papers but SHFT management advised the ANAO that they can be made available at board meetings for members to see. The annual compliance report focuses on the PGPA Act rather than the enabling legislation. This is discussed further in Table 3.2.

3.10 Board members advised the ANAO they gain assurance on compliance with the enabling legislation from their individual and collective experience in reviewing management reports, questioning entity management and their knowledge of the policies, procedures and processes in place that support compliance.

Oversight of, and compliance with, selected PGPA Act requirements

3.11 The PGPA Act sets out requirements for the governance, reporting and accountability of Commonwealth entities. The PGPA Act is principles based and the accountable authority has the flexibility to establish the systems and processes that are appropriate for their entity. The Department of Finance (Finance) provides entities with guidance on how to meet the various requirements of the PGPA Act including providing examples of how entities can demonstrate compliance.

3.12 The ANAO examined whether the SHFT board established fit-for-purpose arrangements for oversight of, and compliance with, the following parts of the PGPA Act and PGPA Rule relating to corporate governance:

  • general duties of an accountable authority;
  • duties as an official; and
  • specific requirements relating to corporate plans, annual reports and the audit committee.
General duties as an accountable authority

3.13 The general duties imposed on an accountable authority, which are considered in the following section, are to:

  1. govern the Commonwealth entity (section 15);
  2. establish and maintain appropriate systems relating to risk management and oversight and internal controls (section 16);
  3. encourage officials to cooperate with others to achieve common objectives (section 17);
  4. take into account the effects of imposing requirements on others (section 18); and
  5. keep their Minister and the Finance Minister informed (section 19).64
    (a) Duty to govern the Commonwealth entity (section 15)

    3.14 Finance guidance states that governing an entity includes:

    • promoting the proper (efficient, effective, economical and ethical) use and management of public resources;
    • promoting the achievement of the purposes of the entity;
    • promoting the financial sustainability of the entity;
    • taking account of the effect of decisions on public resources generally; and
    • establishing appropriate systems of risk management and internal control, including measures directed at ensuring officials comply with the finance law (such as accountable authority instructions and delegations).65

    3.15 The ANAO’s assessment in relation to the SHFT board’s requirement to govern the entity is outlined in Table 3.1.

    Table 3.1: Duty to govern the entity (PGPA Act section 15)

    Finance guidance

    ANAO observations and opportunities for improvement where applicable

    To address requirements relating to promote the proper (efficient, effective, economical and ethical) use and management of public resources. This can include establishing:

    • robust decision-making and control processes for the expenditure of relevant (public) money; and
    • appropriate oversight and reporting to address inappropriate use of resources by officials.

    Promote the achievement of the entity’s purposes. This includes:

    • ensuring the entity’s corporate plan sets out the purposes of the entity and the activities the entity will engage in to achieve those purposes; and considered all sources that contribute to defining the objectives of the entity, e.g. key government priorities and objectives; and
    • establishing appropriate oversight and reporting arrangements for programs and activities in the entity.

    Promote financial sustainability by managing the risks, obligations and opportunities relevant to their entity.

    Take account of the effect of decisions on public resources generally.

    Establish appropriate systems of risk management and internal control (discussed in more detail in Table 3.2).

    Observations

    Upon induction, SHFT board members are provided with information outlining the role of the board and its principal functions and responsibilities including governance and some policies.

    SHFT maintained an instrument of financial delegations, reviewed by the board at least once a year during the period examined in the audit. Delegations are further discussed in Table 3.2.

    SHFT has established a range of policies and procedures that support governance, the proper use of resources and appropriate behaviours including a gifts policy and a board charter that contains a code of conduct for board members.

    Declaration of interests is a standing agenda item at board meetings, and often includes a list of current outside engagements for board members and the Executive Director in the board papers. However, the list does not cover financial or non-financial interests other than employment, and does not indicate whether positions are paid.

    A controls assessment is reported to the board annually, and a controls action plan is reported to the board quarterly.

    The board discusses and approves the corporate plan. The SHFT 2018–22 Corporate Plan sets out SHFT’s purpose and the activities it undertakes to achieve its purpose.

    Board meeting papers and minutes provide evidence of oversight of various SHFT activities through standing agenda items that cover: risk management; workplace health and safety; performance reporting against the corporate plan; and financial reporting. Board member interviews and board papers demonstrate active engagement in discussions around the financial sustainability of SHFT.

    SHFT has mechanisms to support management compliance with its legislative and policy requirements.a Compliance practices are embedded through regular reporting at board meetings through the governance, risk and compliance standing agenda item. This includes reporting on quarterly compliance statements from management, including discussion of breaches, and an annual compliance report.

    The annual compliance report comprises: a management compliance statement, to be signed by the Executive Director and Chief Financial Officer (CFO), stating that they complied with the PGPA Act, PGPA Rule and code of conduct; certification by the CFO and ED that various internal controls were effective; and a PGPA Act and PGPA Rule compliance summary which outlines compliance with individual sections of the PGPA Act and PGPA Rule, and provides details on the basis of assurance.b Including information on the basis of assurance in compliance documentation is a useful practice that other entities could consider adopting.

    The board receives regular reporting on systems established by SHFT related to risk management and internal control (discussed in more detail in Table 3.2).

    Board members advised the ANAO that they gain assurance on compliance from their individual and collective experience in reviewing management reports, questioning entity management and their knowledge of the policies, procedures and processes in place that support compliance.

     

    Opportunities for improvement

    As discussed in paragraphs 2.46 to 2.52 and Tables 3.2 and 3.5, SHFT uses a Portfolio Audit Committee rather than having its own audit committee. The current arrangement results in a risk that the SHFT board is not receiving the external advice and assurance it needs from its audit committee. The ANAO has recommended that the SHFT board review its audit committee arrangements with a view to ensuring the arrangements enable the board to obtain the external advice and assurance it requires from its audit committee.

    The SHFT 2018–22 Corporate Plan does not meet all the minimum requirements of the PGPA Rule. In particular, it did not clearly address each of the four reporting periods covered by the plan in the risk oversight and management section. Entities were first required to publish corporate plans by 31 August 2015. After four cycles SHFT should ensure its next corporate plan meets the minimum requirements outlined in the PGPA Rule.

    During the audit the ANAO observed, and was advised of, difficulties in SHFT staff locating records due to the absence of a key person and staff turnover. There is an opportunity for SHFT to review its record keeping practices with a view to reducing the impact of staff turnover.

     

       

    Note a: This includes maintaining a: compliance policy; compliance manual; manager’s compliance guide; compliance with legislation schedule, which lists relevant legislation, assigns a risk rating, details the nature of assurance, and assigns a responsible officer; Environmental Protection and Biodiversity Conservation Act checklist; PGPA Act checklist; SHFT Act checklist; and breach register. Aside from the PGPA Act checklist and compliance policy, these documents are not provided to the board for review or approval but support management in monitoring compliance with their obligations.

    Note b: SHFT has been unable to locate the signed 2016–17 Annual Compliance statements and the signed Joint Certification by the Chief Financial Officer and Executive Director in the 2017–18 Annual Compliance statements. This is an example of the recording keeping issue discussed as an opportunity for improvement in Table 3.1. The ANAO did sight the unsigned certificates in the board papers.

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019] and ANAO analysis.

    Recommendation no.3

    3.16 The Sydney Harbour Federation Trust ensure its corporate plan meets all the minimum requirements of the Public Governance, Performance and Accountability Rule 2014.

    Sydney Harbour Federation Trust response: Agree.

    3.17 The SHFT Corporate Plan will address the four reporting periods covered by the plan in the risk oversight and management section.

    (b) Duty to establish and maintain appropriate systems relating to risk management and oversight and internal controls (section 16)

    3.18 The ANAO’s assessment in relation to the SHFT board’s requirement to establish appropriate systems of risk management and oversight and internal controls is outlined in Table 3.2.

    Table 3.2: Duty to establish and maintain appropriate systems relating to risk management and oversight and internal controls (PGPA Act section 16)

    Finance guidance

    ANAO observations and opportunities for improvement where applicable

    To address requirements relating to risk management and oversight entities can:

    • establish an appropriate risk management framework to identify and manage risk;
    • delegate or authorise officials to exercise functions and powers;
    • establish an audit committee; and
    • develop a fraud control framework.

    Observations

    As discussed in paragraph 2.44, SHFT has a risk management framework, endorsed by the Portfolio Audit Committee (PAC) and approved by the board in 2015. The framework includes a risk management policy, which contains a risk appetite statement. The risk management policy has not been reviewed or approved by the board since approved in 2015, although the board was advised of a review by SHFT management, with no changes required, in November 2017. The risk management policy is not included in the board induction pack. There is risk reporting at each SHFT board meeting, with a standing agenda item on risk, governance and compliance involving presentation of current risk issues, the strategic risk register, a risk treatment schedule, a risk heat map, the internal controls action plan, and a work health and safety report.

    SHFT maintains an instrument of delegations, which the board has reviewed each year during the audit test period. The register delegates various powers, including leasing payments, spending approvals, opening bank accounts, receiving money, investing money and entering into contracts, and other items. The Executive Director has provided the board with a confirmation that delegations have been properly exercised every six months, with one exception during the testing period.a SHFT also has Accountable Authority Instructions (AAIs), reviewed by management, but it is not evident that these have been reviewed or approved by the board since first approved by the board in 2015.

    SHFT has an internal controls framework, last presented to the board in October 2017. From 2017 the board and the PAC have received an annual internal controls assessment, including areas flagged for improvement. In addition, a quarterly internal controls action plan has been provided to the board and the PAC since October 2017.

    SHFT has a fraud control and corruption plan and fraud control policy. The plan was presented to the board for information in October 2017. The policy has not been reviewed or approved by the board since it was initially approved in 2014, although the board was advised in October 2017 that the policy did not require revision other than a minor change. The board is provided with an annual Fraud Control report, including an updated fraud risk assessment. In addition, the annual internal controls and compliance reports discussed above provide assurance to the board that various controls are in place, including for delegations and fraud control.

    There is evidence of how instances of non-compliance are identified and reported to the board through the annual compliance process. There is also evidence of how breaches are addressed at a management level through the breach register.

    The SHFT board reviews a wide range of policies. This includes policies related to workplace health and safety, gifts and hospitality, crisis and emergency management, personal protective equipment, injury management and rehabilitation, fitness for work, health and wellbeing, workplace surveillance, rental subsidy, leading, events, and procurement.

    Opportunities for improvement

    As discussed in paragraph 2.33 the SHFT board reviews a wide range of policies and there is benefit in the board focusing on the review of the key policies, frameworks, and instructions related to its duties as an accountable authority, including having active engagement in determining the frequency of review. This would include the AAIs, Risk Management Framework, and Fraud Control Policy.

    As discussed, there is limited evidence of direct reporting to the board on PAC activities, and board members generally do not rely on the committee for assurance. As discussed in paragraphs 2.46 to 2.52 and Tables 3.1, 3.2 and 3.5, the SHFT board should review its audit committee arrangements with a view to ensuring the arrangements enable the board to obtain the external advice and assurance it requires.

     

       

    Note a: The Executive Director delegation confirmation was adopted as a standing item as of the 20 December 2017 board meeting.

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, engaging with risk and establishing controls section [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019] and ANAO analysis.

    (c)–(e) Duty to encourage officials to cooperate with others to achieve common objectives (section 17); take into account the effects of imposing requirements on others (section 18); and keep the Minister and the Finance Minister informed (section 19).66

    3.19 The ANAO undertook a high-level review of the board’s oversight of, and compliance with, the requirements to cooperate, consider requirements on others and keep Ministers informed. The ANAO’s assessment is outlined in Table 3.3.

    Table 3.3: Duty to cooperate, consider requirements on others and keep Ministers informed (PGPA Act sections 17–19)

    Finance guidance

    ANAO observations and opportunities for improvement where applicable

    To encourage cooperation, consider requirements on others and keep Ministers informed entities can:

    • encourage officials to identify opportunities to cooperate with others, within or external to government to achieve common objectives where practicable;
    • take a proportional, risk-based approach to imposing administrative burdens on other parties that work with government; and
    • keep relevant ministers informed of the activities of the entity and provide their Minister and the Finance Minister with any reports, documents and information they require about those activities.

    Observations

    Reporting to the SHFT board includes information relating to working/collaborating with others, including a standing agenda item for reporting on community advisory committee activities. Reporting also demonstrates consideration of various risks associated with performing SHFT functions, including collaboration, through the risk reporting mechanisms discussed in Table 3.2. This includes tracking treatments in the risk treatment schedule.

    SHFT demonstrates a focus on a range of stakeholders in its 2018–22 corporate plan. SHFT has a community advisory committee, which is expected to meet quarterly, and the board, as required under the SHFT Act, conducts two board meetings each year that are open to the public.

    The SHFT 2018–22 corporate plan includes reference to the Government’s deregulation agenda and SHFT’s role in ensuring its regulatory tools are streamlined.

    The Minister was provided with the SHFT corporate plan and annual report.

    Board members advised the ANAO that the SHFT board has actively engaged in developing and maintaining relationships with its Minister.

       

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, working with others and supporting ministers sections [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019] and ANAO analysis.

    General duties as an official

    3.20 In addition to the general duties for an accountable authority, the PGPA Act outlines duties applicable to all officials (which include the accountable authority). Officials are required to exercise a duty:

    3.21 Officials also have a responsibility to:

    • comply with the finance law;
    • comply with the governance arrangements in the entity, for example, internal controls on the proper use and management of public resources; and
    • meet high standards of governance, performance and accountability.68

    3.22 Officials who breach their duties or responsibilities under the PGPA Act can be subject to employment sanctions (including termination of appointment for board members) or criminal sanctions for intentional or serious misuse of public resources. For more details of the duties that apply to all officials under the PGPA Act, refer to Appendix 3 of this audit report.

    3.23 The ANAO’s assessment in relation to the SHFT board’s oversight of, and compliance with, the requirements of officials (sections 25–29 of the PGPA Act) is outlined in Table 3.4.

    Table 3.4: General duties as an official (PGPA Act sections 25–29)

    Duty and Finance guidance

    ANAO observations and opportunities for improvement where applicable

    Duty to act with the degree of care and diligence that a reasonable person would exercise if the person had the same responsibilities as you (section 25)

    Establish guidance that sets out the need for officials to comply with the requirement. This can include establishing guidance that outlines that officials have to act with care and diligence and that there are sanctions if they do not. For example officials spending relevant (public) money will need to ensure that they have at least had due regard to guidance and their entity’s internal procedures.

    Observations

    SHFT has a code of conduct that requires staff to act with care and diligence. The board has reviewed and endorsed the code of conduct during the testing period. The board has a charter that contains a board code of conduct with similar requirements for board members. Both codes of conduct involve sanctions if breached.

    SHFT also has accountable authority instructions (AAIs), approved by the board that require all staff and officials to act in accordance with their general duties under the PGPA Act.

    Duty to act honestly, in good faith and for a proper purpose (section 26)

    Establish guidance that sets out the need for officials to comply with the requirement and include the requirement that an official is required to manage or use public resources in a proper (efficient, effective, economical and ethical) manner.

    Observations

    The SHFT code of conduct requires staff to use SHFT resources in a proper manner.

    The board has a charter that contains a board code of conduct with requirements for board members to use their powers for a proper purpose and to behave honestly and with integrity.

    The SHFT procurement policy was approved by the board in 2014, and provides a requirement for efficient, effective, economical and ethical procurement. The policy states that SHFT is committed to reviewing its procurement policy and manual annually. The SHFT Audit, Risk and Compliance Committeea and Executive are responsible for recommending to the board the approval of the procurement policy. Review of the procurement policy by the board has not been evident during the testing period. SHFT management advised the ANAO that it is currently undertaking work on the procurement policy, and that the policy was last reviewed by management in November 2017 with no amendments made.

    The board’s instrument of financial delegations, reviewed each year during the testing period, requires the delegate to comply with financial instructions, directions of the board, directions of the Executive Director, and any other conditions.

    SHFT has AAIs that require all staff and officials to act in accordance with their general duties under the PGPA Act.

    Duty not to misuse position to gain, or seek to gain, a benefit or an advantage for yourself or any other person (section 27)

    Establish guidance that sets out the need for officials to comply with the requirement and make clear that misusing a position can include using the entity’s property or information or taking advantage of opportunities that arise by virtue of the official’s employment with the entity.

    Observations

    SHFT has a number of policies and procedures related to not improperly using a position to gain an advantage. This includes a Gifts and Hospitality Policy and a Fraud Control Policy. The SHFT code of conduct instructs staff to ‘not make improper use of inside information or the worker’s duties, status, power or authority in order to gain, or seek to gain, a benefit or advantage for the worker or for any other person’. The board code of conduct contains similar requirements.

    SHFT has AAIs that require all staff and officials of SHFT to act in accordance with their general duties under the PGPA Act.

    Duty not to misuse information to cause, or seek to cause, detriment to your entity, the Commonwealth or any other person (section 28)

    Establish guidance that sets out the need for officials to comply with the requirement and ensure people do not cause, or seek to cause, detriment to the Commonwealth entity that employs or employed them, to the Commonwealth more broadly or any other person.

    Observations

    The SHFT code of conduct requires staff to adhere to confidentiality requirements to avoid damage to the relationships between SHFT, its stakeholders and the community.

    The board charter code of conduct for board members also addresses confidentiality requirements.

    Declaration of interests is a standing agenda item at board meetings, and the agenda item often includes a list of current outside interests in the board papers.

    Duty to disclose material personal interests (section 29)

    Establish guidance that sets out the need for officials to comply with the requirement and ensure people do not cause, or seek to cause, detriment to the Commonwealth entity that employs or employed them, to the Commonwealth more broadly or any other person.

    Observations

    The SHFT code of conduct provides guidance on avoiding and disclosing real or apparent conflicts of interest, ‘arms’ length transactions’, and gifts. The board’s review of the code of conduct during the period examined by the ANAO included adding protocols on the disclosure of close personal relationships.

    The code of conduct in the board charter also provides conflict of interest declaration requirements for board members.

    Declaration of interests is a standing agenda item at board meetings, and often involves a list of current outside interests in the board papers.

    The Executive Director provides a report as a standing agenda item. This includes a list of events that the Executive Director has been invited to and attended.

    SHFT has a gifts policy, reviewed by the board in September 2016 and a gifts register. The board charter also provides guidance on gifts, benefits and hospitality. Board members are aware of the policy and register, but do not consider it likely that they will be offered any gifts and have not declared any.

       

    Note a: Prior to SHFT using its Portfolio Audit Committee SHFT had its own Audit, Risk and Compliance Committee.

    Source: Department of Finance, General duties of officials-RMG 203 [Internet], Department of Finance, January 2018, available from https://www.finance.gov.au/resource-management/accountability/officials/ [accessed March 2019] and ANAO analysis.

    Specific requirements relating to corporate plans, annual reports and audit committee

    3.24 The PGPA Act and PGPA Rule set out a number of specific requirements relating to an entity’s corporate plan, annual report, performance and financial statements and audit committee. For further detail, refer to Appendices 4 to 6 of this report. The ANAO’s assessment of the SHFT board’s oversight of, and compliance with, selected key requirements is outlined in Table 3.5. For the purpose of this report, the most recent applicable document is discussed.

    Table 3.5: Board oversight of, and compliance with, selected PGPA Act requirements

    PGPA Act or PGPA Rule requirement

     

    ANAO observations and opportunities for improvement where applicable

    Corporate plan (section 35 PGPA Act and section 16E PGPA Rule)

    Prepare a corporate plan for the entity, provide the plan to the responsible Minister and Finance Minister, and the plan must meet the requirements prescribed in the PGPA Rule.

    Observations

    There is evidence of board discussion and approval of the SHFT 2018–22 corporate plan. The corporate plan does not meet the minimum requirements of the PGPA Rule. Specifically the plan did not address each of the four reporting periods covered by the plan in the risk oversight and management systems section.

    SHFT provided its plan to the responsible Minister and the Finance Minister by the required due date.

    Opportunities for improvement

    As discussed in Table 3.1, entities were first required to publish corporate plans by 31 August 2015. After four cycles SHFT should ensure its next corporate plan meets the minimum requirements outlined in the PGPA Rule.

    Annual report (sections 39, 42 and 46 PGPA Act)

    After the end of each reporting year, you must prepare an annual report for your entity that includes:

    • annual performance statements (section 39 of the PGPA Act); and
    • audited annual financial statements (section 42 of the PGPA Act).

    Unless otherwise provided by legislation, you must provide your entity’s annual report to your Minister by the 15th day of the fourth month after the end of the reporting period for your entity for tabling in Parliament by your Minister.

    Observations

    SHFT prepared an annual report for 2017–18 and the board approved it. The annual report included annual performance statements.

    The board was provided with the Portfolio Audit Committee’s (PAC) endorsement of the financial statements prior to approving the 2017–18 financial statements.

    The SHFT board Chair signed the SHFT financial statements and a copy of the audited financial statements was included in the SHFT 2017–18 annual report.

    The SHFT annual report for 2017–18 was provided to the Minister by the required due date.

    Audit committee (section 45 PGPA Act)

    Audit committee must be established and perform functions prescribed by the PGPA Rule.

    Observations

    The PAC has a charter, which it reviewed during the period examined in this audit. The charter states that its role is to provide independent assurance to the accountable authority on each entity’s financial and performance reporting responsibilities, risk oversight and management, and system of internal control and compliance. The PAC comprises five members, and the majority are required to be independent members. The ANAO has been advised that the members are considered to have the appropriate qualifications, knowledge, skills or experience to assist the committee to perform its functions. SHFT representative(s) are invited to attend meetings of the PAC as observers.

    As discussed in paragraphs 2.46 to 2.52 and Table 3.1 and Table 3.2, SHFT uses a PAC and a number of SHFT board members advised the ANAO that they have limited visibility of its functions and place limited reliance on it for assurance purposes.

    See recommendation No.1 paragraph 2.53 relating to the SHFT board reviewing its audit committee arrangements to enable it to obtain the external advice and assurance it requires from its audit committee.

     

      284

    Note: The ANAO did not examine the quality of the corporate plan, annual report, performance statement and financial statements.

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities)-RMG 200, Improving performance and accountability; and Governing your entity [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019], and ANAO analysis.

    Appendices

    Appendix 1 Entity responses

    Entity response SHFT

    Entity response Environment

    Appendix 2 General duties as an accountable authority

    General duties as an accountable authority

    Section of

    PGPA Act

    Duty to govern the entity

     

    1. The accountable authority of a Commonwealth entity must govern the entity in a way that:
      1. promotes the proper (efficient, effective, economical and ethical) use and management of public resources for which the authority is responsible; and
      2. promotes the achievement of the purposes of the entity; and
      3. promotes the financial sustainability of the entity.
    2. In making decisions for the purposes of subsection (1), the accountable authority must take into account the effect of those decisions on public resources generally.

    15

    Duty to establish and maintain appropriate systems relating to risk management and oversight and internal controls

    The accountable authority of a Commonwealth entity must establish and maintain:

    1. an appropriate system of risk oversight and management for the entity; and
    2. an appropriate system of internal control for the entity;

    including by implementing measures directed at ensuring officials of the entity comply with the finance law.

    16

    Duty to encourage cooperation with others to achieve common objectives

    The accountable authority of a Commonwealth entity must encourage officials of the entity to cooperate with others to achieve common objectives, where practicable.

    17

    Duty to take into account the effects of imposing requirements on others

    When imposing requirements on others in relation to the use or management of public resources for which the accountable authority of a Commonwealth entity is responsible, the accountable authority must take into account:

    1. the risks associated with that use or management; and
    2. the effects of imposing those requirements.

    18

    Duty to keep responsible Minister and Finance Minister informed

    This includes keeping the responsible Minister informed of the activities of the entity and providing any reports, documents and information in relation to those activities as that Minister requires.

    19

         

    Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities)-RMG 200, Summary: Your general duties as an accountable authority [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    Appendix 3 General duties as an official

    General duties of an official

    Section of the PGPA Act

    You must exercise your powers, perform your functions and discharge your duties

    with the degree of care and diligence that a reasonable person would exercise if the person had the same responsibilities as you

    25

    honestly, in good faith and for a proper purpose

    26

    You must not improperly use your position, or information you obtain in that position, to

    gain, or seek to gain, a benefit or an advantage for yourself or any other person

    27

    cause, or seek to cause, detriment to your entity, the Commonwealth or any other person

    28

    You must disclose material personal interests that relate to the affairs of your entity and you must meet the requirements of the finance law.a

     

    29

         

    Note a: Finance law includes the PGPA Act and rules and instruments made under the PGPA Act, as well as Appropriation Acts, and the systems of risk management and internal control in their entity established by their accountable authority (including any delegations or authorisations).

    Source: Department of Finance, General duties of officials-RMG 203 [Internet], Department of Finance, January 2018, available from https://www.finance.gov.au/resource-management/accountability/officials/ [accessed March 2019].

    Appendix 4 Selected PGPA Act requirements

    PGPA Act or PGPA Rule requirement

    Section

    Corporate plan for Commonwealth entities

    Commonwealth entities

    1. The accountable authority of a Commonwealth entity must:
      1. prepare a corporate plan for the entity, at least once each reporting period for the entity; and
      2. give the corporate plan to the responsible Minister and the Finance Minister in accordance with any requirements prescribed by the rules.
    2. The corporate plan must comply with, and be published in accordance with, any requirements prescribed by the rules.
    3. If:
      1. a statement of the Australian Government’s key priorities and objectives is published under section 34; and
      2. the purposes of the Commonwealth entity relate to those priorities and objectives;

    then the corporate plan must set out how the activities of the entity will contribute to achieving those priorities and objectives.

    35

    Annual performance statements for Commonwealth entities

    1. The accountable authority of a Commonwealth entity must:
      1. prepare annual performance statements for the entity as soon as practicable after the end of each reporting period for the entity; and
      2. include a copy of the annual performance statements in the entity’s annual report that is tabled in the Parliament.
    2. The annual performance statements must:
      1. provide information about the entity’s performance in achieving its purposes; and
      2. comply with any requirements prescribed by the rules.

    39

    Annual financial statements for Commonwealth entities

    1. The accountable authority of a Commonwealth entity must:
      1. prepare annual financial statements for the entity as soon as practicable after the end of each reporting period for the entity; and
      2. give the statements to the Auditor-General as soon as practicable after they are prepared.
    2. The annual financial statements must:
      1. comply with the accounting standards and any other requirements prescribed by the rules; and
      2. present fairly the entity’s financial position, financial performance and cash flows.

    42

    Audit committee for Commonwealth entities

    1. The accountable authority of a Commonwealth entity must ensure that the entity has an audit committee.
    2. The committee must be constituted, and perform functions, in accordance with any requirements prescribed by the rules.

    45

    Annual report

    1. After the end of each reporting period for a Commonwealth entity, the accountable authority of the entity must prepare and give an annual report to the entity’s responsible Minister, for presentation to the Parliament, on the entity’s activities during the period.

      Note: A Commonwealth entity’s annual report must include the entity’s annual performance statements and annual financial statements (see paragraph 39(1)(b) and subsection 43(4)).
    2. The annual report must be given to the responsible Minister by:
      1. the 15th day of the fourth month after the end of the reporting period for the entity; or
      2. the end of any further period granted under subsection 34C(5) of the Acts Interpretation Act 1901.
    3. The annual report must comply with any requirements prescribed by the rules.
    4. Before rules are made for the purposes of subsection (3), the rules must be approved on behalf of the Parliament by the Joint Committee of Public Accounts and Audit.

    46

         

    Source: Public Governance, Performance and Accountability Act 2013

    Appendix 5 Extract of PGPA Rule 2014

    Appendix 5 page 1

    Appendix 5 page 2

    Appendix 5 page 3

    Source: Public Governance, Performance and Accountability Rule 2014.

    Appendix 6 Extract of PGPA Rule 2014 section 17

    Appendix 6 page 1

    Appendix 6 page 2

    Source: Public Governance, Performance and Accountability Rule 2014.

    Footnotes

    1 Section 12 of the Public Governance, Performance and Accountability Act 2013.

    2 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    3 Under the PGPA Act, the accountable authority of a Commonwealth entity may be a single person or group of persons (section 12). This total is based on the Department of Finance’s List of Commonwealth entities and companies under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) as at 28 August 2018. It includes those corporate Commonwealth entities that have a collective accountable authority and includes governing bodies which have the title of board, authority, commission, corporation, council, executive committee, or trust. The number of people for each entity was derived from the number of people included as the accountable authority in each entity’s 2018 annual report as at 30 June 2018.

    4 For full details of the general duties as an accountable authority, refer to Appendix 2 of this audit report.

    5 For full details of the general duties as an official, refer to Appendix 3 of this audit report.

    6 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Your general duties as an accountable authority [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    7 M Edwards and R Clough, Corporate Governance and Performance: An Exploration of the Connection in a Public Sector Context, Corporate Governance ARC Project, Paper No. 1, January 2005, pp. 2–3.

    8Sydney Harbour Federation Trust Act 2001 preamble [Internet], Federal Register of Legislation, July 2016, available from https://www.legislation.gov.au/Details/C2016C00881 [accessed January 2019].

    9 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019.

    10 N Owen, The Failure of HIH Insurance, The HIH Royal Commission, 4 April 2003 and the Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018.

    11 Section 12 of the Public Governance, Performance and Accountability Act 2013.

    12 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities)-RMG 200, Summary: Governing your entity [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    13 Under the PGPA Act, the accountable authority of a Commonwealth entity may be a single person or group of persons (section 12). This total is based on the Department of Finance’s List of Commonwealth entities and companies under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) as at 28 August 2018. It includes those entities that have a collective accountable authority and includes governing bodies which have the title of board, authority, commission, corporation, council, or trust. The number of people for each entity was derived from the number of people included as the accountable authority in each entity’s 2018 annual report as at 30 June 2018.

    14 For full details of the general duties as an accountable authority, refer to Appendix 2 of this audit report.

    15 For full details of the general duties as an official, refer to Appendix 3 of this audit report.

    16 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Your general duties as an accountable authority [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    17 Edwards M & Clough R, Corporate Governance and Performance: An Exploration of the Connection in a Public Sector Context, Corporate Governance ARC Project, Paper No. 1, January 2005, pp. 2–3.

    18 Ibid., pp. 4–5.

    19 Ibid., p. 14.

    20 N Owen, The Failure of HIH Insurance Volume 1: A Corporate Collapse and its Lessons, The HIH Royal Commission, 4 April 2003 (all references in this audit are to vol. 1 of the report).

    21 Australian Prudential Regulation Authority (APRA), Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018.

    22 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019 (all references in this audit are to vol. 1 of the report).

    23 Examples of such audits, with particular reference to the importance of culture in risk management, can be found in G Hehir (Auditor-General), Strategic governance of risk: Lessons learnt from public sector audit, [Internet], Australian National Audit Office, August 2018, available from https://www.anao.gov.au/work/speech/strategic-governance-risk-lessons-learnt-public-sector-audit [accessed March 2019].

    24 APRA, Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018, p. 81.

    25 Ibid., p. 14.

    26 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019, pp. 393–94.

    27 Ibid., pp. 332–33. The Commissioner also commented at p. 384 that ‘the value of the [APRA] Inquiry goes beyond its application to CBA. The report provides a very valuable, publicly available account of the ways in which failings of culture, governance and remuneration can act as drivers of misconduct. And it explains how those problems can be addressed.’

    28 Ibid., p. 397.

    29 Ibid., p. 394.

    30 Ibid., pp. 398–99. For example, the Royal Commission reported at pages 394–96 on instances where the audit committee and/or governance board did not ask to see a copy of key audit reports, and did not challenge, or at least adequately challenge, management about why successive audit reports for the same issue over a period of years had all been rated ‘red’, or about management’s assurances that the matter was being dealt with.

    31 Ibid., p. 365.

    32 Ibid., p. 409.

    33 Ibid., p. 346.

    34 Ibid., p. 391. The Commissioner indicated at pages 376 and 379 that the recommendation built on the APRA prudential standard issued in January 2015, which requires the board of an APRA-regulated institution to, among other things, ensure that it: forms a view of the risk culture in the institution, and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite; identifies any desirable changes to the risk culture; and ensures the institution takes steps to address those changes. The Commissioner went on to state that: ‘Culture can—and must—be assessed by financial services entities themselves … that is a requirement of APRA’s prudential standards (at least in relation to ‘risk culture’). It is also common sense. Given the potential for aspects of an entity’s culture to drive misconduct, an entity must form a view of its own culture, identify problematic aspects of that culture, develop and implement a plan to change them, and then re-assess to determine whether it has succeeded’ (p. 376).

    35 Section 5, PGPA Act.

    36 Section 8, PGPA Act.

    37 See Box 1 of this audit report. Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities)-RMG 200 [Internet].

    38 ASX Corporate Governance Council, Corporate Governance Principles and Recommendations [Internet], ASX, February 2019, available from https://www.asx.com.au/regulation/corporate-governance-council.htm [accessed March 2019]. The fourth edition, released on 27 February 2019, includes recommendations on corporate culture and references guidance provided in a joint publication of the Institute of Internal Auditors–Australia, The Ethics Centre, the Governance Institute of Australia and Chartered Accountants Australia and New Zealand, Managing Culture: A good practice guide [Internet], the Institute of Internal Auditors–Australia, First edition, December 2017, available from http://iia.org.au/sf_docs/default-source/default-document-library/424_managing-culture-a-good-practice-guide_v8.pdf?sfvrsn=2) [accessed March 2019].

    39Sydney Harbour Federation Trust Act 2001 preamble [Internet], Federal Register of Legislation, July 2016, available from https://www.legislation.gov.au/Details/C2016C00881 [accessed January 2019].

    40 Ibid., section 66.

    41 Ibid., preamble.

    42 For the purpose of this report the accountable authority will be referred to as the SHFT board or the board.

    43 SHFT advised that as at January 2019, the staff headcount was 61 or 59.5 Full Time Equivalent (FTE) positions.

    44 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019.

    45 N Owen, The Failure of HIH Insurance, The HIH Royal Commission, 4 April 2003 and the Australian Prudential Regulation Authority (APRA) Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018.

    46 The Department of the Environment and Energy.

    47 This can include: requiring members to act ethically and in the best interests of the entity; manage and declare conflicts of interest; conduct themselves in a professional and respectful manner; devote sufficient time to undertaking the required duties, for example, by reading papers prior to meetings and attending meetings; participate fully in meetings; apply due diligence; maintain confidentiality over information and provide guidance on how members can raise concerns outside board meetings; and protocols for dealing with media, politicians and lobbyists.

    48 This can include promoting: full participation by all members; ensuring meetings are conducted in a professional and constructive manner; summing up to obtain clarity of decisions made; ensuring adequate reporting of key decisions; and relationship management with the entity, Minister and key stakeholders.

    49 Relating, for example, to the agenda, papers, minutes, powers of the Chair, voting procedures, and frequency of meetings.

    50 That discussion begins at page 16.

    51 Australian Institute of Company Directors, Director Tools: Board charter Role of the board [Internet], Australian Institute of Company Directors, July 2016, p. 1, available from https://aicd.companydirectors.com.au/-/media/cd2/resources/director-resources/director-tools/pdf/05446-5-3-mem-director-rob-board-charter_a4-web.ashx [accessed February 2019].

    52 In addition to the policies listed above, the board has accountable authority instructions, discussed in Table 3.2, which have not been reviewed by the board since their initial approval by the board in 2015.

    53 Board minutes state the strategic financial plan was taken as read and the report will be finalised once the asset management strategy and plan and workforce plan are completed.

    54 As noted at page 20 of this audit report, the Hayne Royal Commission concluded that ‘culture, governance and remuneration march together.’ The Australian Prudential Regulation Authority identified that ‘remuneration frameworks and the outcomes they produce are important barometers and influencers of an organisation’s risk culture, …and misaligned incentives and ineffective accountability [can create ] poor risk cultures and undermine risk management, leading to unbalanced and ill-considered decision-making.’ Australian Prudential Regulation Authority, Information Paper: Remuneration practices at large financial institutions [Internet], Australian Prudential Regulation Authority, April 2018, p. 4, available from https://www.apra.gov.au/sites/default/files/180328-Information-Paper-Remuneration-Practices.pd [accessed March 2019].

    55 SHFT advised the ANAO that a performance assessment of the Executive Director, who is not a board member, was undertaken in May–June 2018 by the previous board Chair and relevant documents were provided to the acting board Chair. The board held a closed session in the June 2018 meeting and advised the ANAO that the Executive Director’s performance was discussed during that session.

    56 The PAC has an operating protocol which states that the role of the PAC Chair includes to ‘engage actively the support of, and maintain regular dialogue with … Accountable Authorities.’

    57 The Chair of the PAC and Chair of the SHFT board participated via teleconference with another member of the SHFT board, another member of the PAC and members of the SHFT executive management team.

    58 In April 2016, just prior to the period subject to ANAO testing, a Work Health and Safety Review was completed, and information on an Accreditation of Contractors internal audit was provided to the board.

    59 The recommendation is for all divisions to review and update their divisional risk registers for completeness and accuracy, with a particular emphasis on IT and cyber security risks.

    60 A Government Policy Order (GPO) is an order made by the Finance Minister under the PGPA Act, that specifies a policy of the Australian Government that is to apply to one or more corporate Commonwealth entities. For a corporate commonwealth entity that is subject to a GPO, the accountable authority must ensure the GPO is complied with by their entity and must include details of the GPO in their annual report. Non-compliance with the GPO may constitute significant non-compliance with finance law and needs to be disclosed to the responsible Minister by the entity as soon as practicable.

    61 Subsection 22(1) of the PGPA Act states the Finance Minister may make an order (a government policy order) that specifies a policy of the Australian Government that is to apply in relation to one or more corporate Commonwealth entities.

    62 The order relates to Australian Government policy regarding charging for regulatory activities. It is the policy of the Australian Government that such entities have Australian Government policy approval and statutory authority to charge for certain regulatory activities. For such an activity, entities are to: (a) ensure that expenses and revenue relating to the activity balance out over a reasonable period; and (b) develop and maintain a cost recovery implementation statement relating to the activity; and (c) measure, assess and document performance for the activity.

    63 Section 17 BE of the PGPA Rule outlines requirements in relation to the contents of an entity’s annual report. Paragraph 17BE(e) requires any government policy orders that applied in relation to the entity during the period under section 22 of the Act be included in the annual report.

    64 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].For full details of the general duties as an accountable authority, refer to Appendix 2 of this audit report.

    65 Ibid.

    66 Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Governing your entity, General duties as an accountable authority, [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

    67 Department of Finance, Commonwealth Resource Management eLearning Program PGPA Act Module 2 Officials’ Responsibilities General duties of officials [Internet], Department of Finance, available from https://www.finance.gov.au/sites/all/themes/finance/commonwealth-resource-management/ [accessed March 2019].

    68 Ibid.