Audit snapshot

Why did we do this audit?

  • Boards play a key role in the effective corporate governance of an entity, by maintaining a focus on organisational performance and conformance with relevant requirements such as the Commonwealth finance law and enabling legislation.
  • Hearing Australia has not been subject to an in-depth performance audit in recent years.
  • This audit provides the Parliament with independent assurance regarding board governance at Hearing Australia.

Key facts

  • Hearing Australia is a corporate Commonwealth entity established under the Australian Hearing Services Act 1991.
  • Hearing Australia’s mission is to provide world leading research and hearing services for the wellbeing of all Australians.
  • Hearing Australia’s governing legislation establishes the role of the board. The board of Hearing Australia is the accountable authority.

What did we find?

  • The governance board in Hearing Australia is largely effective.

What did we recommend?

  • There were four recommendations made to: improve administrative arrangements such as review of charters and confirmation of board committee membership; improve oversight of fraud risks; and ensure that the corporate plans and annual performance statements meet all minimum requirements of the Public Governance, Performance and Accountability Rule 2014.
  • Hearing Australia agreed to all four recommendations.

$274.5 million

total revenue for 2020–21

1,378

ongoing and non-ongoing employees at 30 June 2021

3

committees to assist the Hearing Australia board in carrying out its functions

Summary and recommendations

Background

1. The governing board of a corporate Commonwealth entity is the accountable authority for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act)1, with responsibility for ‘leading, governing and setting the strategic direction’ for the entity.2

2. Around 59 corporate Commonwealth entities subject to the PGPA Act have governing boards, comprising a total of approximately 600 board positions.3 Corporate Commonwealth entities with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

Boards and corporate governance

Duties and roles

3. Boards play a key role in the effective corporate governance of an entity. Corporate governance is generally considered to involve two dimensions, which are the responsibility of the governing board:

Performance — monitoring the performance of the organisation and CEO. This also includes strategy — setting organisational goals and developing strategies for achieving them, and being responsive to changing environmental demands, including the prediction and management of risk. The objective is to enhance organisational performance;

Conformance — compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

it is important to understand that governing is not the same as managing. Broadly, governance involves the systems and processes in place that shape, enable and oversee management of an organisation. Management is concerned with doing – with co-ordinating and managing the day-to-day operations of the business.4

4. In the Australian Government sector context, boards must govern the entity in a way that complies with the requirements of any enabling legislation, the Commonwealth finance law (which includes the PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule)), and other applicable laws and requirements.

5. Sections 15 to 19 of the PGPA Act impose duties on accountable authorities in relation to governing the corporate Commonwealth entity for which they are responsible. As the accountable authority, members of Commonwealth governing boards are also officials under the PGPA Act and subject to the general duties of officials in sections 25 to 29 of the PGPA Act.

Hearing Australia

6. Hearing Australia is a corporate Commonwealth entity established under the Australian Hearing Services Act 1991 (AHS Act). Hearing Australia’s mission is to provide world leading research and hearing services for the wellbeing of all Australians. Hearing Australia’s governing legislation establishes the role of the board. Under Hearing Australia’s governing legislation, the functions of the board are to decide the objectives, strategies and policies to be followed by the entity and to ensure that the entity performs its functions in a proper, efficient and economical manner. The board of Hearing Australia is the accountable authority.

Rationale for undertaking the audit

7. This topic was selected for audit as part of the ANAO’s multi-year audit program that examines aspects of the implementation of the PGPA Act. Amongst other things, the PGPA Act requires the accountable authority of an entity to establish and maintain an appropriate system of risk oversight and management, and an appropriate system of internal controls.

8. This audit is part of a series of performance audits of board governance which provides independent assurance to the Parliament on whether the selected boards have established effective arrangements to comply with the audited legislative and policy requirements and adopted practices that support effective governance. The audits also focus on any examples of better practice which may be worth highlighting as a learning for other boards.5

9. Four entities were included in the ANAO’s 2018–19 board governance audit series.6 For this second tranche of audits, the ANAO selected three corporate Commonwealth entities7 with enabling legislation (statutory authorities) that had no performance audit coverage in recent years. This enabled the ANAO to examine selected aspects of legal compliance and board governance in entities not often subject to in-depth performance audit, to ensure the selected entities were getting the basics right.

10. This report outlines the audit of Hearing Australia in the Social Services portfolio.

Audit objective and criteria

11. The objective of the audit was to assess the effectiveness of the governance board in Hearing Australia.

12. To form a conclusion against this objective, the following high-level criteria were adopted.

  • The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance.
  • The board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements, and the achievement of entity purposes.

13. The audit examined the period July 2019 until March 2022. This is referred to as the review period.

Conclusion

14. The governance board in Hearing Australia is largely effective.

15. The board has been largely effective in ensuring that its governance and administrative arrangements are consistent with relevant legislative requirements and structuring its own operations in a manner that supports effective governance. In the period reviewed by the ANAO the board’s arrangements were effective except for full compliance with governance committee requirements and reporting arrangements.

16. The board has established largely fit-for-purpose arrangements to oversight compliance with key legislative and other requirements, and the achievement of entity purposes. In the review period the board’s arrangements were effective except for: the alignment of elements of fraud risk planning with Commonwealth finance law requirements; compliance with the corporate plan and annual performance statements requirements of the finance law; and the audit and risk management committee not reviewing the 2019–20 and 2020–21 annual performance statements.

Supporting findings

Board governance and structure

17. Board directors and the chairperson were appropriately appointed, and acting arrangements were properly conducted. The chairperson was proactive in identifying suitable nominations for director appointments and providing information to the minister to assist with reappointment and appointment decision-making. (See paragraphs 2.3 to 2.13)

18. Board meetings were properly constituted and there were mechanisms for enabling decisions to be taken without meetings. The board did not approve changes to committee composition and membership and board committee charters were not updated in a timely manner. Information on committee membership and attendance was not accurately recorded in annual reports to Parliament. (See paragraphs 2.14 to 2.32)

19. The board has established a fit-for-purpose charter, set expectations for entity management and the board secretariat, and assessed its own performance. The policies approved by the board did not include a number which relate directly to the Public Governance, Performance and Accountability Act 2013, Public Governance, Performance and Accountability Rule 2014 and other key legislative responsibilities of the board. For example, the Business Ethics Policy, Procurement Policy and Work Health and Safety Policy are not approved by the board or its committees. Board committees did not fully discharge the responsibilities and reporting obligations outlined in their charters. For example, the research and innovation committee and the remuneration committee did not provide annual reports to the board about their operations and activities. (See paragraphs 2.38 to 2.68)

20. There is an internal audit function that provides assurance to the board. The board, through the audit and risk management committee, has oversight of internal audit and the entity’s response to internal audit findings and recommendations. (See paragraphs 2.69 to 2.78)

Oversight of compliance and the achievement of entity purposes

21. The board established arrangements to oversight compliance with the elements of enabling legislation selected for ANAO review. The oversight arrangements include a compliance policy, a compliance framework, an internal risk and compliance function, and arrangements to inform the board of significant breaches of compliance obligations as soon as practicably possible. The compliance policy does not identify the legislation that gives rise to Hearing Australia’s key compliance obligations. The audit and risk management committee reviews the appropriateness of the internal control system and reports annually to the board on its conclusions. (See paragraphs 3.3 to 3.18)

22. There is oversight of, and compliance with the PGPA Act corporate governance requirements selected for ANAO review, with the exception of fraud risks. The audit and risk management committee (or board) have not been provided with a fraud risk assessment and plan that outlines how Hearing Australia will deal with specific fraud risks. Consequently, the board has not met its obligations under section 16 of the PGPA Act and section 10 of the PGPA Rule.

23. Whilst the board reviewed a range of documents containing information on changes to its risk profile and activities, the board did not receive an annual update on risk management as outlined in its Risk Management Policy. Hearing Australia has not prepared an operational risk register or project level risk registers, as described in the Risk Management Framework. (See paragraphs 3.19 to 3.57)

24. The publicly available corporate plan for 2021–25 did not fully address three of the five minimum requirements of the PGPA Rule related to key activities, operating context and performance. During the period reviewed, the audit and risk management committee did not examine the development of performance measures included in the corporate plan. (See paragraphs 3.62 to 3.80)

25. The board undertakes regular review of financial and non-financial performance information. A standing board agenda item for ‘operational and financial results’ provides opportunity for the board to monitor progress against the annual business plan and is included for each board meeting. For this agenda item, the board receives material such as a strategic imperative scorecard, a business plan scorecard, and information on profit and loss, the customer experience, commercial performance and the workforce. (See paragraphs 3.83 to 3.85)

26. The 2020–21 annual performance statements did not fully address two of the three minimum requirements of the PGPA Rule related to the reporting of results and analysis. The 2019–20 and 2020–21 annual performance statements were not reviewed by the audit and risk management committee. Nor was there a committee recommendation for the board to approve the annual performance statements. The board did not receive the assurance and advice set out in the committee’s charter. (See paragraphs 3.86 to 3.98)

Recommendations

Recommendation no. 1

Paragraph 2.33

The Hearing Australia board:

  1. follow the charter procedures for the preparation and approval of its meeting minutes, including for emergency meetings;
  2. approve proposed changes to committee composition and membership, with approval either recorded in meeting minutes or using out-of-session decision-making processes outlined in the board charter;
  3. approve changes to committee charters in a timely manner; and
  4. confirm that information on committee membership and meeting attendance is accurately recorded in its annual reports to Parliament.

Hearing Australia response: Agreed.

Recommendation no. 2

Paragraph 3.45

The Hearing Australia board meets its obligations under section 16 of the Public Governance, Performance and Accountability Act 2013 and section 10 of the Public Governance, Performance and Accountability Rule 2014 by preparing a fraud risk assessment and plan that outlines how Hearing Australia will deal with specific fraud risks.

Hearing Australia response: Agreed.

Recommendation no. 3

Paragraph 3.81

The Hearing Australia board ensure that the publicly available corporate plan meets all minimum requirements of the Public Governance, Performance and Accountability Rule 2014 and provides meaningful information to the Parliament and the public on how performance will be measured.

Hearing Australia response: Agreed.

Recommendation no. 4

Paragraph 3.92

The Hearing Australia board ensure that the annual performance statements meet all minimum requirements of the Public Governance, Performance and Accountability Rule 2014 and provide meaningful information to the Parliament and the public on the use of resources and the entity’s efficiency and effectiveness in delivering outcomes.

Hearing Australia response: Agreed.

27. The ANAO also suggested nine areas of improvement related to board governance in Hearing Australia.

Summary of entity responses

28. A summary response from Hearing Australia is provided below and Hearing Australia’s full response can be found at Appendix 1. An extract of the draft report was also provided to the Department of Finance (Finance). A summary response from Finance is provided below and Finance’s full response can be found at Appendix 1.

Hearing Australia

The Board notes the central finding in the report that its governance and oversight arrangements are largely effective and consistent with relevant legislative requirements.

The Board also notes the report’s findings that it has structured its operations in a manner that supports effective governance, including providing real-time oversight of key decisions and risks at the onset of the pandemic, has fit-for purpose oversight arrangements, and has established a positive governance culture.

The Board further notes the report’s recommendations and will discuss their implementation at its next meeting.

The Board would also like to take this opportunity to acknowledge Hearing Australia’s response to the pandemic and express its gratitude to its management team and staff for their commitment to supporting people with hearing loss.

Hearing Australia’s network of 171 hearing centres have stayed open throughout the pandemic and each week Hearing Australia has helped over 11,000 children, adults, pensioners and veterans across urban, regional and remote Australia, achieving client satisfaction rates of over 85 per cent.

The Board is also proud of the organisation’s work in improving the hearing health of Aboriginal and Torres Strait Islander children and the work of its research arm, the National Acoustics Laboratories.

Department of Finance

The Department of Finance (Finance) welcomes this report.

As the ANAO notes, accountable authorities have certain duties and responsibilities under the Public Governance, Performance and Accountability Act 2013 (PGPA Act). To assist accountable authorities in understanding and meeting these duties, Finance provides all new accountable authorities with PGPA framework guidance and an offer of in-person briefings with Finance officials. These in-person briefings are also provided to boards, councils and senior executives where requested.

Key messages from this audit for all Australian Government entities

29. This audit is part of a series of governance audits that have applied a standard methodology to the governance of individual boards. Key messages from this ongoing series of audits will be drawn on to update the ANAO Insights product on Board Governance available on the ANAO website.8

1. Background

Introduction

1.1 The governing board of a corporate Commonwealth entity is the accountable authority for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act)9, with responsibility for ‘leading, governing and setting the strategic direction’ for the entity.10

1.2 Around 59 corporate Commonwealth entities subject to the PGPA Act have governing boards, comprising a total of approximately 600 board positions.11 Corporate Commonwealth entities with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

Boards and corporate governance

1.3 Sections 15 to 19 of the PGPA Act impose duties on accountable authorities in relation to governing the corporate Commonwealth entity for which they are responsible (see Box 1).12 As the accountable authority, members of Commonwealth governing boards are also officials under the PGPA Act and subject to the general duties of officials in sections 25 to 29 of the PGPA Act.13

Box 1: Department of Finance, Duties of Accountable Authorities (RMG 200), April 2021

Your general duties as an accountable authority

The additional duties imposed on you as an accountable authority are to:

  • properly govern your Commonwealth entity
  • establish and maintain appropriate systems relating to risk management and oversight and internal controls
  • encourage officials to cooperate with others to achieve common objectives
  • take into account the effects of imposing requirements on others
  • keep your minister and the Finance Minister informed.

Governing your entity

You are responsible for leading, governing and setting the strategic direction for your entity. Governing your entity includes:

  • promoting the proper (efficient, effective, economical and ethical) use and management of the public resources for which you are responsible
  • promoting the achievement of the purposes of your entity
  • promoting the financial sustainability of your entity
  • importantly, taking account of the effect of your decisions on public resources generally
  • establishing appropriate systems of risk management and internal control, including measures directed at ensuring officials comply with the finance law (such as accountable authority instructions and delegations).

1.4 Boards play a key role in the effective governance of an entity. Corporate governance is generally considered to involve two dimensions, which are the responsibility of the governing board:

Performance — monitoring the performance of the organisation and CEO. This also includes strategy — setting organisational goals and developing strategies for achieving them, and being responsive to changing environmental demands, including the prediction and management of risk. The objective is to enhance organisational performance;

Conformance — compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

it is important to understand that governing is not the same as managing. Broadly, governance involves the systems and processes in place that shape, enable and oversee management of an organisation. Management is concerned with doing – with co-ordinating and managing the day-to-day operations of the business.14

1.5 The relationship between effective corporate governance and organisational performance is summarised in Box 2.

Box 2: The relationship between corporate governance and organisational performance

Narrowly conceived, corporate governance involves ensuring compliance with legal obligations, and protection for shareholders against fraud or organisational failure. Without governance mechanisms in place — in particular, a board to direct and control — managers might ‘run away with the profits’. Understood in this way, good governance minimises the possibility of poor organisational performance … more recent definitions of good governance emphasise the contribution good governance can make to improved organisational performance by highlighting the strategic role of the board. Legal compliance, ongoing financial scrutiny and control, and fulfilling accountability requirements are fundamental features of good corporate governance. However, a high-performing board will also play a strategic role. It will plan for the future, keep pace with changes in the external environment, nurture and build key external relationships (for example, business contacts) and be alert to opportunities to further the business. The focus is on performance as well as conformance. The board is not there to simply monitor and protect but also to enable and enhance.a

In summary, research conducted by those working closely with boards suggests that:

  • The ‘hard attributes’ of governance such as board independence may be necessary but are not sufficient. At best, they form minimal standards of good governance. More accurately, it is the interplay of these ‘hard’ but easy to measure attributes and ‘soft’ attributes that lead to good governance.
  • The ‘soft attributes’ of governance such as the chair/CEO relationship, board behaviours and board culture are critical to good governance.b

Note a: M Edwards and R Clough, Corporate Governance and Performance: An Exploration of the Connection in a Public Sector Context, Corporate Governance ARC Project, Paper No. 1, January 2005, pp. 4–5.

Note b: ibid., p.14.

Culture and governance

1.6 The interplay of the ‘hard’ and ‘soft’ attributes of governance — and the criticality of board and organisational culture to an entity’s performance, values and conduct — have been central themes in notable Australian inquiries into organisational misconduct. These have included the 2003 Royal Commission into the failure of HIH Insurance15, the 2018 Australian Prudential Regulation Authority (APRA) Prudential Inquiry into the Commonwealth Bank of Australia16 and the 2019 Royal Commission into the financial services industry.17 While the specific focus of these inquiries was on financial institutions, their key insights on culture and governance (Box 3) have wider applicability and provide lessons for all accountable authorities, including governance boards.18

Box 3: Key insights for governance boards — Hayne Royal Commission, APRA Prudential Inquiry, HIH Royal Commission

The 2019 Hayne Royal Commission emphasised the need for boards to get the right information about emerging non-financial risks; to seek further or better information where what they had was clearly deficient; and ensure they use information to oversee and challenge management’s approach to these risks. The 2019 Hayne Royal Commission further emphasised that every entity must ask the questions raised by the 2018 APRA Prudential Inquiry:

  • Is there adequate oversight and challenge by the board and its gatekeeper committees of emerging non-financial risks?
  • Is it clear who is accountable for risks and how they are to be held accountable?
  • Are issues, incidents and risks identified quickly, referred up the management chain, and then managed and resolved urgently? Or is bureaucracy getting in the way?
  • Is enough attention being given to compliance? Is it working in practice? Or is it just ‘box ticking’?
  • Do compensation, incentive or remuneration practices recognise and penalise poor conduct? How does the remuneration framework apply when there are poor risk outcomes or there are poor customer outcomes? Do senior managers and above feel the sting?

The 2019 Hayne Royal Commission recommended that entities should, as often as reasonably possible, take proper steps to:

  • assess the entity’s culture and its governance;
  • identify any problems with that culture and governance;
  • deal with those problems; and
  • determine whether the changes it has made have been effective.

The earlier HIH Royal Commission similarly warned in 2003 of the dangers of a ‘tick the box’ mentality towards corporate governance and highlighted the benefits of periodic review by boards of corporate governance practices to ensure their suitability.

Source: ANAO, Audit Insights: Board Governance, 17 May 2019, available from https://www.anao.gov.au/work/audit-insights/board-governance.

1.7 Many Auditor-General reports have made findings consistent with those appearing in the reports of these inquiries.19 In April and May 2019, the Auditor-General presented a series of performance audits that reviewed whether the boards of four corporate Commonwealth entities had established effective arrangements to comply with selected legislative and policy requirements, and adopted practices that support effective governance:

  • Report No.34 2018–19 Effectiveness of Board Governance at Old Parliament House — published on 18 April 2019;
  • Report No.35 2018–19 Governance of the Special Broadcasting Service Corporation — published on 26 April 2019;
  • Report No.36 2018–19 Effectiveness of Board Governance at the Australian Institute of Marine Science — published on 30 April 2019; and
  • Report No.37 2018–19 Effectiveness of Board Governance at the Sydney Harbour Federation Trust — published on 2 May 2019.20

1.8 The ANAO also published an audit insights product from this series, which outlined a number of key messages that may be relevant to the operations of other Commonwealth boards as well as broader governance arrangements in Commonwealth entities.21 22

The Public Governance, Performance and Accountability Act 2013 (PGPA Act)

1.9 The objects of the PGPA Act include: to establish a coherent system of governance and accountability across Commonwealth entities; and to require the Commonwealth and Commonwealth entities to meet high standards of governance, performance and accountability.23

1.10 As discussed in paragraph 1.3, the PGPA Act includes both general duties of accountable authorities and general duties of officials. It also establishes obligations relating to the proper use of public resources (that is, the efficient, effective, economical and ethical use of resources).24 In so doing, the PGPA Act establishes clear cultural expectations for all Commonwealth accountable authorities and officials in respect of resource management.

1.11 The Department of Finance (Finance), which supports the Finance Minister in the administration of the PGPA Act framework, has also issued a range of guidance documents on the technical aspects of resource management under the framework.

1.12 In April 2019 the Auditor-General made an agreed recommendation to Finance to update its guidance to accountable authorities having regard to the key insights and messages for accountable authorities identified in recent inquiries and reviews (the Hayne Royal Commission and APRA Prudential Inquiry).25

1.13 In November 2019 Finance released a two-page paper titled: Lessons learned from the private sector: Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. This paper highlights that accountable authorities should be mindful of inquiries and reviews undertaken in the private sector and should consider any lessons that could be learned in their entity’s context. The paper also states the following.

  • The accountable authority cannot simply rely upon the information presented by senior executive staff, they have the responsibility to request more information where necessary to fulfil their duties.
  • The delegation of its powers does not discharge the duties of the accountable authority to ensure that those powers are being exercised correctly.
  • The practical effectiveness of an entity’s governance model and internal controls should be periodically tested. Technically ticking every best practice box is not functional as culture and governance are never ‘fixed’.26 27

1.14 Relevantly, Finance also released A guide for corporate Commonwealth entities on the role of audit committees in September 2021.28 The guide states that:

Audit committees are integral to good corporate governance. They provide advice to accountable authorities, assist them to meet their duties and obligations, and support the development of key practice and capacity within [corporate Commonwealth entities] CCEs.29

1.15 In December 2021 Finance advised the ANAO that:

  • it monitors the appointment of new accountable authorities on a regular basis;
  • to support accountable authorities in meeting their responsibilities under the PGPA Act, the Finance Secretary issues a new accountable authority with an introductory email providing guidance material, tools and resources available on the Finance website. These emails also offer in-person briefings from senior officials on their duties under the PGPA Act;
  • it also provides broader PGPA framework briefings to senior executives and officials of PGPA Act entities and companies on request; and
  • during 2020–21, it provided 17 new accountable authority introductory emails and delivered 14 in-person briefings. The briefings delivered by Finance officials in 2020–21 were to a combination of accountable authorities, officials and board members. Of the 14 in-person briefings, six were delivered to board members.

Rationale for undertaking the audit

1.16 This topic was selected for audit as part of the ANAO’s multi-year audit program that examines aspects of the implementation of the PGPA Act. Amongst other things, the PGPA Act requires the accountable authority of an entity to establish and maintain an appropriate system of risk oversight and management, and an appropriate system of internal controls.

1.17 This audit is part of a series of performance audits of board governance which provides independent assurance to the Parliament on whether the selected boards have established effective arrangements to comply with the audited legislative and policy requirements and adopted practices that support effective governance. As discussed in paragraph 1.8, the audits also focus on any examples of better practice which may be worth highlighting as a learning for other boards.

1.18 As discussed in paragraph 1.7, four entities were included in the ANAO’s 2018–19 board governance audit series. For this second tranche of audits, the ANAO selected three corporate Commonwealth entities with enabling legislation (statutory authorities) that had no performance audit coverage in recent years. This enabled the ANAO to examine selected aspects of legal compliance and board governance in entities not often subject to in-depth performance audit, to ensure the selected entities were getting the basics right. Each entity in this series of audits will be subject to a separate audit with three audit reports to be tabled.

1.19 The three entities included in the ANAO’s 2021–22 board governance audit series are:

  • Commonwealth Superannuation Corporation (CSC) in the Finance portfolio;
  • Australian Hearing Services (Hearing Australia) in the Social Services portfolio; and
  • Australian Film, Television and Radio School (AFTRS) in the Infrastructure portfolio.

Hearing Australia

1.20 Hearing Australia is a corporate Commonwealth entity established under the Australian Hearing Services Act 1991 (AHS Act). Hearing Australia’s mission is to provide world leading research and hearing services for the wellbeing of all Australians.

1.21 Hearing Australia’s governing legislation establishes the role of the board. The functions of the board are to decide the objectives, strategies and policies to be followed by the entity and to ensure that the entity performs its functions in a proper, efficient and economical manner.30 The board of Hearing Australia is the accountable authority.

1.22 The AHS Act requires the board to consist of a chairperson, the managing director, four other members and such members as are appropriate for a special purpose.31 All board directors are appointed by the responsible minister, currently the Minister for Government Services, by written instrument. All directors (except the managing director) are appointed on a part-time basis and are paid remuneration that is determined by the Remuneration Tribunal. The managing director is appointed on a full-time basis with terms and conditions (including remuneration and allowances) determined by the board.

1.23 The board is supported by three committees to assist it in carrying out its functions: the audit and risk management committee, the research and innovation committee and the remuneration committee.

1.24 At 30 June 2021, there was a total of 1,180 ongoing and 198 non-ongoing employees. Services were provided to customers through tele-services, online, in-home and within Hearing Australia’s network of 170 hearing centres Australia-wide.

1.25 Total revenue for the 2020–21 financial year was $274.5 million. Hearing Australia receives funding from the Australian Government under an agreement with the Department of Health to deliver hearing services, constituting approximately one-third of its income. Hearing Australia also offers services under the Government’s Hearing Services (‘Voucher’) Program, which is a competitive market involving some 300 other hearing service providers. Hearing Australia provides goods and services to members of the community who are not eligible for government-subsidised services, under user-pays arrangements. Two thirds of Hearing Australia’s income is derived from its operations in commercial markets.

Audit approach

Audit objective, criteria and scope

1.26 The objective of the audit was to assess the effectiveness of the governance board in Hearing Australia.

1.27 To form a conclusion against this objective, the following high-level criteria were adopted.

  • The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance.
  • The board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements, and the achievement of entity purposes.

1.28 The audit examined the period July 2019 until March 2022. This is referred to as the review period.

Audit methodology

1.29 In undertaking the audit the ANAO:

  • reviewed board and committee papers and minutes from July 2019 to March 2022;
  • reviewed a range of relevant documentation including entity corporate plans, strategy documents, board and committee charters, risk registers, conflict of interest declarations and other key policy and process documentation;
  • held discussions with the current board chair, managing director and other senior entity staff;
  • observed one board meeting and one audit and risk management committee meeting in November 2021;
  • reviewed relevant guidance and reviews on board and corporate governance; and
  • examined internal audit and assurance reports.

1.30 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $170,000.

1.31 The team members for this audit were Michelle Page, Peter Bell and Susan Ryan.

2. Board governance and structure

Areas examined

This chapter examines if the board’s governance and administrative arrangements are consistent with relevant legislative requirements, including the Commonwealth finance law, and the board has structured its own operations in a manner that supports effective governance.

Conclusion

The board has been largely effective in ensuring that its governance and administrative arrangements are consistent with relevant legislative requirements and structuring its own operations in a manner that supports effective governance. In the period reviewed by the ANAO the board’s arrangements were effective except for full compliance with governance committee requirements and reporting arrangements.

Areas for improvement

The ANAO made one recommendation aimed at the board:

  • following the charter procedures for the preparation and approval of its meeting minutes, including for emergency meetings;
  • approving proposed changes to committee composition and membership, with approval either recorded in meeting minutes or using out-of-session decision-making processes outlined in the board charter;
  • approving changes to committee charters in a timely manner; and
  • confirming that information on committee membership and meeting attendance is accurately recorded in its annual reports to Parliament.

The ANAO also suggested six areas of improvement related to:

  • formalising the use of a Board Skills Matrix;
  • confirming that committee charter requirements have been satisfied and that committees report to the board annually on the adequacy of the discharge of their responsibilities;
  • identifying in the board charter the key policies it will approve which impact the board’s legislative responsibilities and support the organisational culture it wishes to promote;
  • formalising induction processes in the board charter;
  • reviewing the arrangements to assess the performance of board and committee members; and
  • reviewing the inconsistency in the remuneration provided to the special purpose member and the amount referenced in the audit committee charter.

2.1 Board governance and structure encompasses how the entity establishes and manages the board in accordance with its duties and responsibilities under the Commonwealth finance law — which includes the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) — its enabling legislation and other regulatory requirements. Hearing Australia’s enabling legislation is the Australian Hearing Services Act 1991 (AHS Act). To assess the effectiveness of the governance board in Hearing Australia the ANAO examined whether:

  • the board’s governance and administrative arrangements are consistent with relevant legislative requirements; and
  • the board has structured its own operations in a manner that supports effective governance.

Are the board’s governance and administrative arrangements consistent with relevant legislative requirements?

Board directors and the chairperson were appropriately appointed, and acting arrangements were properly conducted. The chairperson was proactive in identifying suitable nominations for director appointments and providing information to the minister to assist with reappointment and appointment decision-making.

Board meetings were properly constituted and there were mechanisms for enabling decisions to be taken without meetings. The board did not approve changes to committee composition and membership and board committee charters were not updated in a timely manner. Information on committee membership and attendance was not accurately recorded in annual reports to Parliament.

2.2 To assess if Hearing Australia’s governance and administrative arrangements were consistent with legislative requirements, the ANAO examined the structure, membership, nomination, appointment and reappointment of board directors, the constitution of board meetings and the transparency of board decision-making. The audit examined the period July 2019 until March 2022. This is referred to as the review period.

Were board members and the chair appropriately appointed, and were acting arrangements properly conducted?

2.3 The AHS Act requires the board to consist of a chairperson, the managing director, four other members and such members as are appropriate for a special purpose.32

2.4 All board directors are appointed by the responsible minister by written instrument. During the period of review, there were four reappointments and two new board director appointments. Hearing Australia maintained evidence of all reappointments and appointments of board directors.

2.5 The chairperson was reappointed for a third term of two years commencing 8 December 2020, however this appointment finished early (on 31 December 2021) as the chairperson accepted another position at the request of the minister. An acting chairperson has been appointed, by written instrument, for the period 1 January 2022 to 31 March 2022.

2.6 The special purpose director was reappointed in April 2019 to support the delivery of an organisational transformation and to assist with the transition of eligible clients to the National Disability Insurance Scheme and the implementation of the new Indigenous Hearing Assessment Program. The term of appointment is ongoing until this special purpose is complete.

2.7 Acting arrangements for the managing director during the period of review were also approved by the minister by written instrument.

2.8 The chairperson wrote to the minister in November 2019 in preparation for upcoming reappointments and appointments of board directors.33 This letter outlined the changing, and required, skill mix of the board in order to support Hearing Australia as it undergoes significant strategic and operational change. The chairperson used a Skills Matrix as a tool to assist in the identification of qualified nominations for the new appointments, should the minister so choose. The Skills Matrix identified required skills in areas such as: strategy, public sector regulation, policy, IT and cyber, compliance, digital markets, customer, aged care and organisational transformation.

2.9 The Skills Matrix was also used by the chairperson to consider which board members/nominated persons could provide value to, and supplement the existing skillsets of board committees, including the skills mix and expertise of the audit and risk management committee.

2.10 The letter to the minister also provided information to assist in ongoing improvements to the sequencing of board member appointments.

2.11 The board is limited by statute to six directors, plus any special purpose directors. The chairperson wrote to the minister in March 2019 to provide information on how the board was strengthening its governance by constituting a board research and innovation committee to help guide changes to innovation initiatives, including digital offerings. The chairperson outlined the rationale for, and choice of, a special purpose member outside of the existing board directors to supplement board expertise in this area.

2.12 Whilst the Skills Matrix was used to support the board’s appointment of a special purpose member for the research and innovation committee, there was no evidence of its use by the board when reappointing a special purpose member to the audit and risk management committee.

Opportunity for improvement

2.13 There is an opportunity for improvement for the board to formalise the use of a Board Skills Matrix as a tool to be used by the accountable authority to assist in the nomination of board directors, board director succession planning and to support decision-making for the allocation of board members and non-board members to committees.

Were meetings properly constituted, and is there a mechanism enabling decisions to be taken without meetings?

Board meetings

2.14 The board should hold such meetings as are necessary for the efficient performance of its functions. The board must hold at least two meetings in each financial year.34 Hearing Australia’s board charter identifies that current practice is that the board meets six times per calendar year.

2.15 A quorum at a board meeting is the majority of directors.35 For voting, all questions are to be decided by a majority of votes of the directors present and voting. The director presiding has a deliberative vote and, in the event of an equality of votes, also has a casting vote.36 Quorum requirements were met during the period reviewed.

2.16 Board meetings are minuted, and minutes record decisions made and actions to be taken. Meeting minutes record, for each decision made, the names of the board members who ‘moved’ and ‘seconded’ each decision. Board meeting papers include draft minutes of the previous meeting for board approval and the chairperson also signed a copy of the approved minutes.

2.17 Hearing Australia’s board charter outlines procedures for the preparation and approval of meeting minutes and outlines the mechanisms to facilitate decisions without meetings. Out-of-session decisions are facilitated through the circulation of a ‘flying minute’ approved by the chairperson and board members will generally have five working days to respond to these minutes. The timing of more urgent matters is at the discretion of the chairperson.

2.18 Between 20 March 2020 and 23 April 2020 nine emergency board meetings were held to address issues arising from COVID-19. During this time, the secretariat maintained records on: the agenda of these board meetings, attendance, board decisions and any action items. However, the records of board meetings during this period were not formally approved by the board (for example, approved at the next meeting) or signed by the chairperson. These meetings did not follow the charter procedures for the preparation and approval of board meeting minutes. The ANAO has made a recommendation on this matter at paragraph 2.33 below. While the minutes for the board’s emergency meetings were not formally approved by the board, the content of the meeting agenda and papers themselves evidence that during this time, the board provided real-time oversight and assessment of emerging operational, financial and safety risks, and monitored management’s responses to them.

Board committees

2.19 Section 33 of the AHS Act states that the board may establish committees to assist in the performance of its functions and the exercise of its powers. A committee is to be constituted wholly by directors or partly by directors and partly by other persons.37 The board has established three committees to assist it carrying out its functions: the audit and risk management committee; the research and innovation committee; and the remuneration committee.

2.20 The board has approved charters for each of its committees. The charters document the minimum required number of meetings, quorum requirements and the need to ensure that minutes of the meetings are prepared and maintained. The charters do not document how to handle out-of-session decisions.

2.21 Each committee prepared meeting minutes for the period reviewed by the ANAO. The committee papers included draft minutes of the previous meeting for approval. The committee chair also signed a copy of the approved minutes.

2.22 Quorum requirements for the audit and risk management committee meetings were met during the period reviewed. The audit and risk management committee regularly updated the board on its activities and made recommendations to the board as appropriate.

2.23 The research and innovation committee’s charter states that the committee is to be appointed by the board. The charter that was in effect in June 2019 outlined membership to be: chair of the committee; the managing director; other board members; director of the National Acoustic Laboratories (NAL)38; and a special purpose member.

2.24 On 1 October 2019, the chairperson wrote to all board directors to outline a change to the operation and membership of the research and innovation committee. The new membership would consist of: the chair of the committee; the managing director; three board directors; and a special purpose member. That is, the letter indicated that the director of NAL was no longer a member of the committee. The research and innovation committee charter was not updated to reflect this change. There is no evidence this change was approved by the board.39

2.25 On 24 September 2020, a letter from the chairperson to all board directors outlined the memberships of all board committees, including the research and innovation committee. This letter confirmed the membership of the research and innovation committee to be that as outlined in the letter dated 1 October 2019. That is, the director of NAL was not a member of the committee. The charter was not updated or approved by the board to reflect this reiteration of committee membership.

2.26 In December 2020 the board approved a new research and innovation committee charter. This charter stated that the director of NAL was a member of the committee. The Annual Report 2020–21 does not record the director of NAL as a member of the research and innovation committee, despite being a member in line with the board approved charter in December 2020 and attending three meetings (December 2020, February 2021 and April 2021). The Annual Report 2020–21 also recorded two board directors as attending all meetings, when approved minutes indicate they were not ‘members’ but rather ‘also present’ at these meetings.

2.27 The remuneration committee charter states that the committee is to be appointed by the board. The charter that was in effect in June 2019 outlined membership to be: chair of the committee; managing director; a minimum of three other board members; and special purpose members.

2.28 On 1 October 2019, the chairperson wrote to all board directors to outline a change to the operation and membership of the remuneration committee. The letter indicated that membership would consist of a chair, the managing director and three board directors. That is, the letter indicated that there would not be a special purpose member. There was no evidence that this change in committee composition was approved by the board.40

2.29 On 24 September 2020, a letter from the chairperson to all board directors outlined the memberships of all board committees, including the remuneration committee. This letter changed the membership of the remuneration committee, by removing the managing director as a member and reducing the number of other board directors from three to two. There was no evidence that this change in committee composition was approved by the board or updated in the charter.41

2.30 In December 2020 the board approved a new remuneration committee charter. This charter stated the membership of the committee would be: chair of the committee; a minimum of two other board directors; and may include a special purpose member(s). That is, the composition was changed from September 2020 to include the option to have a special purpose member.

2.31 The Annual Report 2019–20 recorded the remuneration committee as holding three meetings. Approved meeting minutes indicate that only one meeting was held in this financial year. The charter required the committee to meet at least two times a year. Hearing Australia advised the ANAO that the committee did not meet this requirement due to other priorities related to COVID-19.

2.32 The board should ensure that board and committee charters include sufficient information and process to guide the recording and approval of out-of-session decisions.

Recommendation no.1

2.33 The Hearing Australia board:

  1. follow the charter procedures for the preparation and approval of its meeting minutes, including for emergency meetings;
  2. approve proposed changes to committee composition and membership, with approval either recorded in meeting minutes or using out-of-session decision-making processes outlined in the board charter;
  3. approve changes to committee charters in a timely manner; and
  4. confirm that information on committee membership and meeting attendance is accurately recorded in its annual reports to Parliament.

Hearing Australia’s response: Agreed.

2.34 The Board accepts this recommendation. The Board also notes the report’s findings that (a) Board Directors have been appropriately appointed, (b) acting arrangements have been properly conducted, (c) the Board provided real-time oversight of emerging operational, financial and safety risks through its emergency meetings in March and April 2020, and (d) that Board meetings have been properly constituted. Hearing Australia can also confirm that the Board agreed to the membership of its current Committees in September 2020. The Board further notes that Hearing Australia’s Board and Committee Charters have been updated several times over the past three years, with the current Charters approved by the Board on 1 March 2022.

Has the board structured its own operations in a manner that supports effective governance?

The board has established a fit-for-purpose charter, set expectations for entity management and the board secretariat, and assessed its own performance. The policies approved by the board did not include a number which relate directly to the Public Governance, Performance and Accountability Act 2013, Public Governance, Performance and Accountability Rule 2014 and other key legislative responsibilities of the board. For example, the Business Ethics Policy, Procurement Policy and Work Health and Safety Policy are not approved by the board or its committees. Board committees did not fully discharge the responsibilities and reporting obligations outlined in their charters. For example, the research and innovation committee and the remuneration committee did not provide annual reports to the board about their operations and activities.

There is an internal audit function that provides assurance to the board. The board, through the audit and risk management committee, has oversight of internal audit and the entity’s response to internal audit findings and recommendations.

2.35 During the period reviewed by the ANAO, the board was supported by three committees.

  • Audit and risk management committee — provides independent advice and assurance to the board to assist the board to discharge its responsibilities under the AHS Act and the PGPA Act, with respect to: financial reporting; risk oversight and management; internal controls; and compliance with relevant laws and policies. This committee includes one member who is not a board director.
  • Research and innovation committee — provides guidance, support and oversight of NAL’s research initiatives as well as Hearing Australia’s innovation in service delivery. This includes approving, supporting and oversighting strategic directions and funding arrangements and the transformation of Hearing Australia’s services through innovation and the use of technology. The committee is to provide advice to the board in relation to NAL’s research and Hearing Australia’s innovation activities to assist the board to perform its functions. This committee includes one member who is not a board director.
  • Remuneration committee — assists and advises the board on matters relating to the compensation, bonuses, incentives and remuneration of the managing director and staff of Hearing Australia. It includes providing the board with advice in relation to key annual performance indicators for the managing director, the managing director’s processes, policies and decisions regarding the remuneration of Hearing Australia’s senior executive and staff and Hearing Australia’s enterprise agreement and associated policies and frameworks for staff remuneration, allowances, performance payment and entitlements.

2.36 The governance structure of the board and its committees is illustrated in Figure 2.1.

Figure 2.1: Board committees

A figure that presents the Hearing Australia board’s governance structure. It shows the board’s direct committee reports of the audit and risk management committee, research and innovation committee and remuneration committee.

Source: ANAO analysis of Hearing Australia’s board and committee charters, meeting minutes and papers.

2.37 To assess if Hearing Australia’s board has structured its own operations in a manner that supports effective governance, the ANAO examined the charters, committee arrangements, oversight of key policies, induction, board performance assessments and arrangements for the establishment and operation of the internal audit function. The ANAO also considered behavioural observations of the operation of the board.

Does the board have a fit-for-purpose charter, set expectations for entity management and the board secretariat, and assess its own performance?

Charter

2.38 A board charter is a written document that sets out such things as:

  • the functions, powers, and membership of the board;
  • role, responsibilities and expectations of members, both individually and collectively, and of management42;
  • role and responsibilities of the chairperson43;
  • procedures for the conduct of meetings44; and
  • policies on board performance review.

2.39 A charter can provide a single reference point that clearly sets out the functions, powers and membership of the board, as well as roles, responsibilities and accountabilities, consistent with relevant legislative requirements. Board charters can also articulate the desired culture of the board and address the ‘soft attributes’ of governance discussed in Chapter 1 of this audit relating to board culture and behaviours, which are critical to good governance.45

2.40 The Australian Institute of Company Directors has indicated that:

In most organisations the governance framework is determined by the legislation that it has been created under … However, there are many aspects of modern governance which the board must consider and act upon that lie outside legal requirements. The board charter is one way of documenting these matters.46

2.41 Hearing Australia’s board charter outlines the legislation under which Hearing Australia was established and responsibilities of the board under the PGPA Act. The board charter refers to the establishment of committees to assist it to discharge its responsibilities. The board charter includes information on: composition; functions and roles; and operating arrangements, including the need to declare any conflicts of interest at the start of each meeting or before discussion of the relevant agenda items or topic.

2.42 The audit and risk management committee charter refers to its specific functions outlined in section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) to review the appropriateness of the board’s: financial reporting; performance reporting; system of risk oversight and management; and system of internal controls for Hearing Australia. In line with its charter, the committee provided annual reports to the board on the discharge of its responsibilities.

2.43 Board approved charters have been prepared for all three board committees.

2.44 The charters for the research and innovation committee and remuneration committee outline specific reporting requirements to the board. This includes providing a report, at least once a year, to the board on its operations and activities. This should include details of meetings held, summary of work performed and if it has fully discharged its responsibilities during the preceding year. These reports were not provided by the research and innovation committee or remuneration committee for the period reviewed by the ANAO.

Opportunity for improvement

2.45 An opportunity for improvement for the board is to confirm that committee charter requirements have been satisfied and that committees report to the board annually on the adequacy of the discharge of their responsibilities.

Board expectations for entity management and the board secretariat

2.46 The board has set expectations for entity management in its charter by outlining:

  • the role of the managing director, including responsibilities as required by the AHS Act;
  • the six key documents that the board will approve each year, including the: corporate plan, annual financial statements, annual performance statements, annual report, risk management policy and operating and cash budget; and
  • contracts and delegations, including when the minister’s written approval is required before entering into a contract.

2.47 A board and committee work program is also prepared for each financial year and included in board papers. This program outlines when key documents will be provided to the board and committees to assist in discharging their responsibilities.

2.48 Although the board’s work program outlines some of the key policies that the board approves, no consolidated list is maintained (for example, in the board charter). From a review of the board meeting papers and minutes, the ANAO identified that the board approved key policies such as: Delegation of Authority Policy (November 2021); Risk Management Policy (June 2021); Compliance Policy (August 2020); Whistleblower Policy (October 2020); and Performance Schemes. The audit and risk management committee approved the Risk Management Framework (May 2021).

2.49 The policies approved by the board do not include a number which relate directly to the PGPA Act and PGPA Rule, and other key legislative responsibilities of the board. For example, the Business Ethics Policy47, Procurement Policy, Fraud and Corruption Control Plan, Fraud and Corruption Risk Management Policy and Work Health and Safety Policy are not approved by the board or its committees. Policies such as these enable boards to influence behaviours and can be an important mechanism in communicating the desired culture within the entity. Reviews such as the 2018 APRA Prudential Review48 and the 2019 Hayne Royal Commission49 have highlighted that boards need to be alive to how incentives in organisations can drive inappropriate behaviours. Periodic board review of these policies can assist a board in its messaging to the entity about the organisational culture it wishes to promote. In March 2022, Hearing Australia advised the ANAO that an updated board work program was being prepared and would address the review of key policies to ensure the policies remained fit-for-purpose.

2.50 The board charter outlines arrangements and expectations for the board secretariat through the identification of requirements related to meeting agenda, papers and minutes and other secretariat support that will be provided, such as:

  • providing advice and support to board members in relation to their duties;
  • ensuring that board procedures are followed;
  • ensuring that an agenda for each meeting and supporting papers are circulated; and
  • ensuring that minutes of meetings are prepared and maintained.

Opportunity for improvement

2.51 An opportunity for improvement is for the board to identify in its charter the key policies it will approve which impact the board’s legislative responsibilities and support the organisational culture it wishes to promote.

Board induction, education and performance

2.52 The board charter does not identify induction requirements. There were two new director appointments during the period reviewed, both were in September 2020. A welcome email and induction information pack was sent to these directors by the managing director. This included documents such as: information on the executive team; quarterly performance results; current corporate and business plans; recent reports on emerging issues; a copy of the AHS Act; board and committee charters; and a high-level review of the risk register. The welcome email also indicated an initial briefing would be provided by the senior executive team and that this session would be open to all board directors if they were interested.

2.53 In addition, the chairperson developed a one-page document outlining board engagement activities to be undertaken over the period September 2020 to December 2020. This outlined the steps that would be taken to ‘get the board functional and connected’, ‘make the first round of meetings a success’ and ‘to finish the year on a high’. On 24 September 2020 the chairperson also wrote to all directors to reiterate the board priorities, responsibilities and particular focus areas for the coming 12 months (including responding to the COVID-19 pandemic, transformation, rollout of the system modernisation program and stakeholder engagement).

2.54 The research and innovation committee charter identifies induction activities, including that ‘new members will receive relevant information and briefings on their appointments to assist them to meet their committee responsibilities’. During the review period, one new member was appointed to the research and innovation committee. This person, as a director, received the general board induction summarised above and received a one-on-one briefing from the board chairperson.

2.55 The audit and risk management committee charter states that the committee will ‘adopt and maintain a program of induction, training and awareness-raising for its members, with the objective of enabling the committee to keep abreast of contemporary developments and leading practices in relation to its functions’. During the period reviewed, one new member was appointed to the audit and risk management committee. This person, as a director, received the general board induction summarised above and briefings from board members and executive staff. The other training and awareness activities received by the audit and risk management committee members during the period reviewed was training on understanding PGPA Act requirements and Consumer and Competition Law (other board members outside of this committee also received this training).

2.56 To assist the board in understanding the entity’s strategic environment and risks, the board established a number of standard meeting agenda items covering these areas, including: the managing director’s report, finance and performance reports, strategic planning, procurement strategy and ‘proof points.’50

2.57 The board also holds strategy days, during which the board is able to engage with management on the direction of the entity. Board strategy days were held in March 2020, February 2021 and March 2022.

2.58 In April 2021 the board also held a special board meeting on governance. The purpose of this meeting was to:

  • discuss and note the responsibilities of the board under the AHS Act;
  • discuss and note the responsibilities of the accountable authority and of officials under the PGPA Act;
  • examine the findings and implications from the government initiated investigation into the use of public resources at Australia Post; and
  • examine the findings of the interim report on performance pay for senior executives in government entities prepared by the Department of the Prime Minister and Cabinet and the Australian Public Service Commission.

2.59 The board charter requires the board to review its operations and effectiveness on an annual basis. The charter states that the chairperson will implement a system which, subject to consultation with the board, may include: a collective review of effectiveness; individual performance reviews of members; opportunities for members to give private feedback to the chairperson on board effectiveness; and such other review mechanisms as the board determines.

2.60 The chair’s report in August 2020 requested directors to complete a survey related to board performance. The survey consisted of 30 questions related to: the quality of board papers; meeting preparation; minutes; conduct of board meetings; if the board was sufficiently focused on high-profile risk issues; mix of board skills; succession planning; training; and level of engagement with management. The survey included one question related to committee performance: ‘are board committees functioning properly’. The survey also asked three ‘freeform’ questions related to usefulness and suggested improvements to the board strategy days, what was considered to be the board’s greatest strengths and weaknesses and other comments.

2.61 The survey was responded to by seven directors. An email was provided to board members (this excluded the two new board members) on 5 November 2020 outlining the survey results. This included an excel spreadsheet attachment outlining results. The results of the survey identified a number of low scoring areas which may indicate where improvement is required. These included the level of discussion at board meetings, focus on high-profile risk issues, board skills mix and liaison with management (‘steering not rowing’). No action plans were developed to address the survey results. The email indicated that the chairperson would discuss the results during one-on-one catchups with each board director. Hearing Australia advised the ANAO that these discussions did take place.

2.62 The approach used to assess board performance did not seek feedback from committee non-director members or senior executives. It did not assess board committee effectiveness in meeting charter objectives, or assess committee chair performance. Formal action plans, to track improvements and progress were also not prepared. These areas are better practice approaches to assessing board performance. An area for improvement related to reviewing the arrangements to assess the performance of the board and its committee members has been identified at paragraph 2.67.

2.63 The board completed an effectiveness assessment in February 2022. This assessment consisted of the completion of the same survey as in 2020 as detailed above. The results of the survey were discussed at the March 2022 board meeting, including actions to address opportunities for improvement identified as part of the survey outcomes.

2.64 The audit and risk management committee charter states that the chair of the committee, in consultation with the board chairperson, will initiate a review of the performance of the committee and its members at least every year. The review is to be conducted on a self-assessment basis (unless otherwise determined by the board) with input sought, where appropriate, from the board, the managing director, the internal auditor, the ANAO, the service provider contracted by the ANAO, management, and any other relevant stakeholders as determined by the committee. The assessment arrangements are to include a board assessment of the committee members’ skills, qualifications and experience. These reviews were not conducted in the period reviewed for the audit.

2.65 The audit and risk management committee has one non-director special purpose member. This person has been a special purpose member since 2017. The terms of the appointment for this special purpose member do not align to the approved charter. The audit and risk management committee charter requires a special purpose member to receive 50 per cent of the payment determined by the Remuneration Tribunal for audit and risk management committee members (stated in the charter as $4,080). The special purpose member was paid $19,136 in both 2019–20 and 2020–21, almost 4.7 times more than the payment amount documented in the charter. The actual remuneration paid to the special purpose member was accurately recorded in Hearing Australia’s 2019–20 and 2020–21 annual reports. The inconsistency between the remuneration amount documented in the committee charter and the actual payments to the special purpose member should be reviewed by the board.

2.66 The research and innovation committee charter states that the chair of the committee, in consultation with the board, will initiate a review of the performance of the committee at least every two years. The review is to be conducted on a self-assessment basis (unless otherwise determined by the board) with appropriate input sought from the board, the managing director, internal auditors, management, and any other person the board considers appropriate. These reviews were not conducted in the period reviewed for the audit.

Opportunities for improvement

2.67 Opportunities for improvement for the board are to:

  • formalise induction processes in the board charter;
  • review the arrangements to assess the performance of board and committee members; and
  • review the inconsistency between the remuneration amount for the special purpose member documented in the charter of the audit and risk management committee, and the actual remuneration provided to that committee member.
Behavioural observations

2.68 The ANAO attended one board meeting and one audit and risk management committee meeting in November 2021. The ANAO interviewed the former chairperson of the board in January 2022. Interviews were also held with key senior executive officers, including the managing director. In those meetings, and through a review of board and committee papers and minutes, the ANAO observed board directors collectively displaying a range of qualities and behaviours that indicate a positive governance culture at the board level.51 These included:

  • an openness to declaring conflicts of interest;
  • an ability to conduct meetings in a professional, collegiate and respectful manner;
  • a willingness to undertake sufficient preparation to enable meetings to be conducted in a productive manner;
  • an understanding of their obligations as the accountable authority under the Public Governance, Performance and Accountability Act 2013 and the challenges facing the entity;
  • a desire and commitment to act in the best interest of the entity;
  • a willingness to invest in their own understanding of issues and entity operations; and
  • direct engagement with the executive on key areas of interest.

Is there an internal audit function that provides assurance to the board and does the board have oversight of internal audit and the entity’s response to internal audit findings and recommendations?

2.69 The audit and risk management committee charter outlines specific responsibilities related to the oversight of internal audit. These include:

(a) act as a forum for communication between the Board, senior management and internal audit;

(b) review the proposed internal audit coverage and annual work plan, ensure the plan is based on Hearing Australia’s key risks, and approve the audit plan and internal audit budget;

(c) advise the Board on the adequacy of internal audit resources to carry out its responsibilities, including completion of the approved internal audit plan;

(d) oversee the coordination of audit programs conducted by internal and external audit and other review functions;

(e) review all audit reports and provide advice to the Board on significant issues identified in audit reports and action taken on issues raised, including identification and dissemination of good practice;

(f) monitor management’s implementation of internal audit recommendations;

(g) at least once a year, assess the performance of the internal audit service provider; and

(h) meet separately, as required, with internal audit service provider and obtain an annual report for the overall state of Hearing Australia’s internal control.

2.70 In February 2021 the audit and risk management committee noted management’s approach to sourcing a new internal audit provider. This included approaching four firms for a quotation. Results of the process were provided to the audit and risk management committee in May 2021 and final approval of a new internal audit provider (KPMG) was provided via a flying minute. Appointment was for an initial three-year term commencing 1 July 2021. The previous internal audit provider (EY) had been engaged since 2015.

2.71 The audit and risk management committee approves an internal audit plan each financial year. In June 2020 the committee approved the 2020–21 internal audit plan. The objective in the development of the plan was to provide appropriate coverage of fundamental processes and controls of Hearing Australia to assess whether they were designed and operating effectively. Six audits were approved plus a range of ongoing activities, including the follow-up of management actions. The audit plan included internal audits for consideration in the three-year period from 2021–22 to 2023–24.

2.72 In August 2021 the audit and risk management committee approved the internal audit plan for 2021–22. The plan included six internal audit activities, which included the preparation of assurance mapping. The outcome of the assurance mapping was provided to the committee in November 2021.

2.73 The audit and risk management committee approves the scope of individual internal audit activities. The committee also reviews the outcomes of internal audit activities. This includes management responses to audit findings and recommendations.

2.74 The internal audit provider prepares a regular status report on internal audit activities. This status report includes a ‘status of internal audit findings follow-up’ log which identifies when internal audit recommendations have been closed by management.

2.75 In August 2020, the audit and risk management committee approved its annual report to be provided to the board. The report outlined the committee’s operations and activities during 2019– 20, including:

  • meetings held;
  • what items/theme areas were discussed at each meeting;
  • conclusions drawn about the appropriateness of financial statements/financial reporting;
  • assessment of the risk, control and compliance framework and progress made; and
  • summary of progress in addressing internal and external audit findings and recommendations.

2.76 A similar report was provided to the board on the committee’s operations and activities during 2020–21.

2.77 These reports indicate that the committee considered matters related to performance reporting, as required by its charter. However, the committee meeting minutes indicate that performance reporting was not considered. This is discussed in more detail in paragraphs 3.95 to 3.98 of this audit. The reports also did not include an annual report from the internal audit provider on the overall state of Hearing Australia’s internal control, as required by the audit and risk management committee charter.

2.78 At each board meeting during the review period, the audit and risk management committee chair provided an oral report on the activities of the committee. During the review period the board, through the audit and risk management committee, had effective oversight of the internal audit function and management’s response to internal audit findings and recommendations.

3. Oversight of compliance and the achievement of entity purposes

Areas examined

This chapter examines if the board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements, including the Commonwealth finance law, and the achievement of entity purposes.

Conclusion

The board has established largely fit-for-purpose arrangements to oversight compliance with key legislative and other requirements, and the achievement of entity purposes. In the review period the board’s arrangements were effective except for: the alignment of elements of fraud risk planning with Commonwealth finance law requirements; compliance with the corporate plan and annual performance statements requirements of the finance law; and the audit and risk management committee not reviewing the 2019–20 and 2020–21 annual performance statements.

Areas for improvement

The ANAO made three recommendations aimed at:

  • ensuring it meets its obligations under section 16 of the PGPA Act and section 10 of the PGPA Rule by preparing a fraud risk assessment and plan that outlines how Hearing Australia will deal with specific fraud risks; and
  • ensuring that the publicly available corporate plan and the annual performance statements meet all minimum requirements of the PGPA Rule.

The ANAO also suggested three areas for improvement, related to the board ensuring that:

  • risk registers, assessments and updates are prepared and submitted for consideration in accordance with entity policy, to support the system of risk oversight and management;
  • there is appropriate delegation of responsibilities for the management and oversight of fraud control;
  • the audit and risk management committee fully discharges its assurance and advisory functions relating to entity performance and the annual performance statements.

3.1 Accountable authorities have a duty to establish and maintain an appropriate system of internal control for the entity, including by implementing measures directed at ensuring officials of the entity comply with the Commonwealth finance law.52 To assess the effectiveness of the governance board in Hearing Australia, the ANAO examined whether the board has established fit-for-purpose arrangements to oversight:

  • compliance with key legislative and other requirements; and
  • the achievement of entity purposes.

Has the board established fit-for-purpose arrangements to oversight compliance with key legislation and other requirements?

The board established arrangements to oversight compliance with the elements of enabling legislation selected for ANAO review. The oversight arrangements include a compliance policy, a compliance framework, an internal risk and compliance function, and arrangements to inform the board of significant breaches of compliance obligations as soon as practicably possible. The compliance policy does not identify the legislation that gives rise to Hearing Australia’s key compliance obligations. The audit and risk management committee reviews the appropriateness of the internal control system and reports annually to the board on its conclusions.

There is oversight of, and compliance with the PGPA Act corporate governance requirements selected for ANAO review, with the exception of fraud risks. The audit and risk management committee (or board) have not been provided with a fraud risk assessment and plan that outlines how Hearing Australia will deal with specific fraud risks. Consequently, the board has not met its obligations under section 16 of the PGPA Act and section 10 of the PGPA Rule.

Whilst the board reviewed a range of documents containing information on changes to its risk profile and activities, the board did not receive an annual update on risk management as outlined in its Risk Management Policy. Hearing Australia has not prepared an operational risk register or project level risk registers, as described in the Risk Management Framework.

3.2 To assess if the board has established fit-for-purpose arrangements to oversight compliance with key legislation and other requirements, the ANAO examined processes to identify, monitor and report on relevant enabling legislation, and actions to address any identified breaches. The audit examined the period July 2019 until March 2022. This is referred to as the review period.

Is there oversight of compliance with elements of enabling legislation?

3.3 Hearing Australia’s enabling legislation is the Australian Hearing Services Act 1991 (AHS Act), and as a corporate Commonwealth entity, it must also comply with the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). Hearing Australia must also make annual disclosures under the following legislation:

  • Work Health and Safety Act 2011;
  • Freedom of information Act 1982; and
  • Environment Protection and Biodiversity Conservation Act 1999.

3.4 The board has approved a Compliance Policy (August 2020). The policy sets out the principles, objectives and responsibilities for compliance in Hearing Australia to ensure the identification and fulfilment of compliance obligations, whether they are legislative, regulatory, policy-based, standards or better practice. This policy does not identify the legislation that gives rise to Hearing Australia’s key compliance obligations.

3.5 The Compliance Policy, along with the supporting Compliance Framework53, is intended to ensure a consistent approach to compliance across the organisation. A risk-based approach is to be taken for managing compliance risk, with priority given to compliance risks which may have the most significant organisational impact.

3.6 The Compliance Framework uses a three lines of defence model. The first line is at the business level, where business areas identify, manage and mitigate their compliance risks. The second line is an arms-length internal risk and compliance function, headed by the Head of Risk and Compliance, which is intended to provide oversight of compliance risks. The third line is the internal audit function which monitors both first and second line compliance activities.

3.7 The board is responsible for oversight of the compliance management system. If an instance of a significant breach of compliance obligations is identified, this should be reported to the board as soon as practicably possible. A significant breach of compliance obligations is where the potential consequence(s) to the organisation is assessed as major or severe.

3.8 The audit and risk management committee reviews the appropriateness of Hearing Australia’s internal control system and reports annually to the board on its conclusions.

3.9 The internal risk and compliance function has been set up to:

  • identify and maintain compliance obligations;
  • assess and manage compliance risk;
  • integrate compliance obligations into policies, procedure and practices;
  • facilitate regular training for staff;
  • establish and maintain a compliance/non-compliance reporting system;
  • analyse compliance performance to identify the need for corrective action;
  • provide advice to the organisation on compliance-related matters; and
  • undertake assurance work and provision of independent reports.

3.10 The risk and compliance function performs quarterly testing of compliance within Hearing Australia and reports the results to the audit and risk management committee. Each quarter the risk and compliance function selects five obligation areas for testing and reviews the controls in place. In order to test controls, the risk and compliance function interviews the obligation owner and conducts sample testing. The selection of legislation and areas of compliance to be examined is determined by the risk and compliance function.

3.11 A key element of the Compliance Framework is the development of an Annual Compliance Plan. The plan provides an overview of the compliance related processes and activities that will be undertaken at the enterprise level over the course of the relevant financial year. In November 2019 the audit and risk management committee noted the development of the annual compliance plan for 2019–20. This plan was aimed at formalising, testing and monitoring compliance. In August 2020, the compliance plan for 2020–21 was also noted by the committee.

3.12 In 2018–19 internal audit activities included an examination of a selection of compliance obligations. This review included testing the operating effectiveness of key controls noted in policies and procedures related to the AHS Act and PGPA Act. The results of the assurance activity were reported to the audit and risk management committee in August 2019.

3.13 In August 2021, the internal audit provider completed a Compliance Management Framework Post Implementation Review. The reviewers considered that Hearing Australia had made significant progress in establishing an overarching Compliance Management Framework to coordinate, formalise and support compliance activities across the organisation. The review identified a number of ‘quick wins’ and made five medium term recommendations and six long term recommendations aimed at formalising and improving compliance oversight and management in Hearing Australia. All recommendations were accepted by management.

3.14 Quarterly compliance updates and reports are provided by management to the audit and risk management committee. This includes the tracking of the progress of activities on the Annual Compliance Plan. A Risk and Compliance Dashboard is also provided which contains information on the strategic risk profile (risk register) and compliance matters. A compliance measures dashboard is also presented which tracks the progress of key compliance measures including:

  • working with children check status;
  • mandatory induction training completion rate;
  • information technology security training completion rate;
  • number of children protection reports;
  • number of complaints open >28 days;
  • notifiable privacy breaches;
  • number of clinical incidents; and
  • substantiated fraud incidents.

3.15 The audit and risk management committee receives a regular IT Protective Security Update to provide an overview of the current state of security risk management within Hearing Australia’s IT systems. This includes information on what the entity is doing to address compliance with the Protective Security Policy Framework (PSPF) Essential 8 mitigation strategies. Information is also provided on key attributes of the entity’s information security operations, such as the number of incidents and action taken related to data breach notification, email phishing, the number of domain administration members, network traffic and external threat prevention. This report provides a succinct, clear and accessible snapshot of Hearing Australia’s cyber security position.

3.16 The audit and risk management committee receives regular compliance information on clinical incidents and child protection reporting.

3.17 As part of the financial statement close process, the audit and risk management committee oversights the preparation of management, board and audit and risk management committee representation letters asserting compliance with finance policy and procedures.

3.18 During the review period the board, through the audit and risk management committee, had effective and fit-for-purpose arrangements for the oversight of compliance with the key elements of its enabling legislation and related policies and procedures.

Is there oversight of, and compliance with, selected PGPA Act requirements?

3.19 The PGPA Act sets out requirements for the governance, reporting and accountability of Commonwealth entities. The PGPA Act is principles based and the accountable authority has the flexibility to establish the systems and processes that are appropriate for their entity. The Department of Finance (Finance) provides entities with guidance on how to meet the various requirements of the PGPA Act and PGPA Rule including providing examples of how entities can demonstrate compliance.

3.20 The ANAO examined if the board had established fit-for-purpose arrangements for oversight of, and compliance with, the following parts of the PGPA Act and PGPA Rule relating to corporate governance: the general duties of an accountable authority and the duties of officials.

General duties of an accountable authority

3.21 The general duties imposed on an accountable authority in the PGPA Act, which are considered in the following section, are to:

  • govern the Commonwealth entity (section 15);
  • establish and maintain appropriate systems relating to risk management and oversight and internal controls (section 16);
  • encourage officials to cooperate with others to achieve common objectives (section 17);
  • take into account the effects of imposing requirements on others (section 18); and
  • keep their minister, and the Finance Minister, informed (section 19).

3.22 The ANAO’s assessment in relation to Hearing Australia’s compliance with these requirements has been detailed below.

Duty to govern the entity

Box 4: PGPA Act — duty to govern the entity (section 15)

1. The accountable authority of a Commonwealth entity must govern the entity in a way that:

  1. promotes the proper (efficient, effective, economical and ethical) use and management of public resources for which the authority is responsible; and
  2. promotes the achievement of the purposes of the entity; and
  3. promotes the financial sustainability of the entity.

2. In making decisions for the purposes of subsection (1), the accountable authority must take into account the effect of those decisions on public resources generally.

3.23 The board has developed a charter for how the board performs its functions in a proper, efficient and effective manner. As outlined in Chapter 2 of this report, the board has also structured its own operations to include the use of board committees to support its decision-making and assist it in meeting its responsibilities. This includes providing oversight and reporting on the use and management of public resources for which the accountable authority is responsible.

3.24 Under section 14 of the AHS Act, the board has specific functions for deciding the objectives, strategies and policies to be followed by the entity. This includes preparing and providing a corporate plan and financial plan to the responsible minister and the Finance Minister.54

3.25 The corporate plan and financial plan provided to the responsible minister and Finance Minister outlines information on the vision, function, key drivers of the operating environment and the landscape of hearing loss in Australia. It also provides information on the strategic pillars that will guide Hearing Australia over the next four years. The financial plan component includes information on the dividend policy which is paid in accordance with a 2012 directive from the responsible minister under section 63A of the AHS Act. It also outlines estimated financial performance for future years. Performance metrics and relevant performance targets are also outlined in the corporate plan.

3.26 The board approves financial forecasts and budgets for the entity and receives regular financial reporting to track the use and management of public resources and to monitor the financial sustainability of the entity. The board regularly approves the Delegations of Authority Policy which outlines financial and people services delegations. The board also receives regular reporting on the achievement of financial and non-financial performance measures.

3.27 Other policies reviewed by the board are described in paragraphs 2.48 and 2.49.

Duty to establish and maintain systems relating to risk and control

Box 5: PGPA Act — duty to establish and maintain systems relating to risk and control (section 16)

The accountable authority of a Commonwealth entity must establish and maintain:

  1. an appropriate system of risk oversight and management for the entity; and
  2. an appropriate system of internal control for the entity;

including by implementing measures directed at ensuring officials of the entity comply with the finance law.

3.28 The board has approved a Risk Management Policy (June 2021) which sets out the principles, objectives and responsibilities for risk management in Hearing Australia. The policy has been developed with reference to ISO 31000:2018 Risk Management – Guidelines, and the Commonwealth Risk Management Policy. This policy is supported by the Risk Management Framework (approved by the audit and risk management committee).

3.29 The entity’s Risk Management Policy outlines the board’s risk appetite and tolerances. The risk appetite is ‘the amount of risk on a broad level that Hearing Australia is willing to accept in the pursuit of its objectives and expresses the attitude towards risk taking. Risk tolerance represents the practical application of risk appetite and is aligned to a specific category of risk’.

3.30 The entity’s Risk Management Framework (May 2021) supports the policy and formalises the principles and approach Hearing Australia has adopted for risk management. The framework contains the risk matrix and likelihood table, consequence descriptor table, escalation table and risk reporting requirements.

3.31 The risk escalation table in the Risk Management Framework requires that residual risks rated as ‘high’ should be reported to the audit and risk management committee through regular reporting and that for residual risks rated as ‘extreme’ immediate action is required by the executive, including briefings for the board and audit and risk management committee.

3.32 The Risk Management Framework states that risk registers are developed using three tiers: the strategic level, the operational level (Hearing Centres and National Support Office) and the project level.

3.33 A strategic risk register is maintained and has ten strategic risks. This strategic risk register is reviewed annually by the audit and risk management committee. The committee also receives quarterly updates from management on risk generally which includes any changes to strategic risks.

3.34 Hearing Australia has not prepared an operational risk register or project level risk registers, as described in its Risk Management Framework. Consequently, the audit and risk management committee does not have oversight of non-strategic risks outside of the board’s risk appetite.

3.35 The entity’s Risk Management Policy requires management to provide a risk update to the board annually. Hearing Australia did not provide the ANAO with evidence that this update was provided to the board during the period of review. However, as noted at paragraph 2.56, the board receives a range of information to assist it in understanding the entity’s strategic environment and risks, including the managing director’s report, finance report and performance reports.

3.36 In February 2021 internal audit completed a Risk Management Framework Post Implementation Review. The reviewers reported that Hearing Australia: had made progress in establishing and embedding risk management practices; and is meeting the requirements of a ‘developed’/‘systematic’ maturity level within the Commonwealth Risk Management Maturity Model. This is a six-level maturity model. The ‘developed’/‘systematic’ range reflects Level 2–3 maturity. The review report states that Hearing Australia’s ideal maturity is ‘optimal’ (Level 6). The review identified seven ‘quick wins’ and made ten medium term and two long term recommendations for improvement. All recommendations were accepted by management.

3.37 Hearing Australia has a Fraud and Corruption Risk Management Policy (April 2021) and a Fraud and Corruption Control Plan (January 2021). These documents indicate that the managing director approved these documents as the ‘board’s representative’. There is no evidence of delegation of these powers by the board.

3.38 The Fraud and Corruption Risk Management Policy articulates Hearing Australia’s approach to the prevention, detection and response to fraudulent and corrupt behaviour. The policy states that ‘fraudulent and corrupt conduct will not be tolerated at any level of Hearing Australia and all instances of suspected fraud and corruption will be thoroughly investigated’. This is consistent with the stated risk appetite of the board for fraud risks.

3.39 The policy also states that the managing director is ‘responsible for coordinating Hearing Australia’s fraud and corruption control initiatives, including the review of the policy every two years, coordination of the fraud risk assessment process and conducting or co-ordinating investigations into suspected fraudulent or corrupt behaviour that have been reported’. The policy further states that ‘Hearing Australia conducts fraud and corruption risk assessments every two years’.

3.40 The Fraud and Corruption Control Plan states that the audit and risk management committee will assess the appropriateness of Hearing Australia’s fraud control arrangements and will monitor reports on fraud that outline any significant or systemic allegations of fraud, the status of any ongoing investigations and any changes to identified fraud risks.

3.41 The plan also states that the Hearing Australia risk assessment process will consider internal and external fraud risks and should be refined on an ongoing basis.

3.42 The plan indicates that:

As at 1 July 2018, there were 13 potential fraud risks that were assessed … Of the 13, 13 (100%) were assessed as having an acceptable Low to Moderate residual risk level. On this basis the overall potential for fraud in Hearing Australia is considered low.

3.43 A risk assessment analysis in the plan indicates that there are two moderate, two minor and nine low residual rated risks.55 Hearing Australia did not have a fraud risk assessment or risk register to support this analysis. The audit and risk management committee (or board) have not been provided with a fraud risk assessment or plan that outlines how Hearing Australia will deal with specific fraud risks. Under section 10 of the PGPA Rule the accountable authority has explicit governance responsibilities in relation to the management of fraud risks, including:

(a) conducting fraud risk assessments regularly and when there is a substantial change in the structure, functions or activities of the entity; and

(b) developing and implementing a fraud control plan that deals with identified risks as soon as practicable after conducting a risk assessment.56

3.44 Hearing Australia advised the ANAO in March 2022 that management is developing a fraud risk register. This is intended to formally document fraud risks and Hearing Australia’s approach to mitigating the identified risks. It is expected that this information will be presented to the audit and risk management committee in May 2022.

Recommendation no.2

3.45 The Hearing Australia board meets its obligations under section 16 of the Public Governance, Performance and Accountability Act 2013 and section 10 of the Public Governance, Performance and Accountability Rule 2014 by preparing a fraud risk assessment and plan that outlines how Hearing Australia will deal with specific fraud risks.

Hearing Australia’s response: Agreed.

3.46 The Board accepts this recommendation. The Board also notes the report’s finding that the Board has established largely fit-for-purpose arrangements to oversee compliance with key legislative and other requirements via a compliance policy, a compliance framework, an internal risk and compliance function, an external audit function, and arrangements to inform the Board of significant breaches of compliance obligations as soon as practicably possible. The Board also notes that it is in the process of updating its existing fraud risk assessment and control plan and that this will be finalised at the Board’s next meeting.

3.47 The board receives regular updates related to instances of fraud and suspected fraud, as part of the managing director’s report and ‘workplace updates’. Workplace updates include information on whistleblower reports, workplace grievances, fraud investigations and serious misconduct. The board and the audit and risk management committee are also briefed on any specific incidents of fraud being investigated.

3.48 The 2021–22 internal audit plan included a fraud and corruption health check, scheduled for Quarter 2. The ANAO was advised in March 2022 that this health check is scheduled to be reported to the audit and risk management committee in May 2022.

3.49 For information related to establishing and maintaining an appropriate system of internal control for the entity, refer to paragraphs 2.69 to 2.78 on the oversight of the internal audit function and paragraphs 3.3 to 3.18 on arrangements for the oversight of compliance with key legislation.

Opportunities for improvement

3.50 There are opportunities for improvement for the board to ensure that:

  • risk registers, assessments and updates are prepared and submitted for consideration in accordance with entity policy, to support the system of risk oversight and management; and
  • there is appropriate delegation of responsibilities for the management and oversight of fraud control.
Duty to encourage cooperation with others and duty in relation to requirements imposed on others

Box 6: PGPA Act — duty to encourage cooperation with others (section 17) and duty in relation to requirements imposed on others (section 18)

17. The accountable authority of a Commonwealth entity must encourage officials of the entity to cooperate with others to achieve common objectives, where practicable.

18. When imposing requirements on others in relation to the use or management of public resources for which the accountable authority of a Commonwealth entity is responsible, the accountable authority must take into account:

  1. the risks associated with that use or management; and
  2. the effects of imposing those requirements.

3.51 Encouraging officials of the entity to cooperate with others to achieve common objectives is an underlying theme of Hearing Australia’s corporate and business planning activities. The Hearing Australia Corporate Plan FY 2021–25 outlines three strategic pillars to guide the organisation over the period of the plan. One strategic pillar is ‘providing great value to government and partners’. The priorities for this strategic pillar are:

Productive Government Engagement: Strengthen and deepen engagement with government on policy, advice and program implementation to deliver greater value for government funded services.

Productive Partner Engagement: Build collaboration with strategic partners for mutually beneficial outcomes in research, products, and services that deliver better hearing health outcomes for all clients.

3.52 The Risk Management Framework (May 2021) states that:

The framework defines the approach to the management of risk and how this approach supports effective planning and decision-making that is guided by Hearing Australia’s strategic objectives and legislative functions and accountabilities.

At Hearing Australia, staff at all levels consider, understand and consciously manage risk as a fundamental part of their day-to-day work and decision making.

Duty to keep responsible Minister and Finance Minister informed

Box 7: PGPA Act — duty to keep responsible Minister and Finance Minister informed (section 19)

The accountable authority of a Commonwealth entity must do the following:

  1. keep the responsible minister informed of the activities of the entity and any subsidiaries of the entity;
  2. give the responsible minister or the Finance Minister any reports, documents and information in relation to those activities as that minister requires;
  3. notify the responsible minister as soon as practicable after the accountable authority makes a significant decision in relation to the entity or any of its subsidiaries;
  4. give the responsible minister reasonable notice if the accountable authority becomes aware of any significant issue that may affect the entity or any of its subsidiaries;
  5. notify the responsible minister as soon as practicable after the accountable authority becomes aware of any significant issue that has affected the entity or any of its subsidiaries.

3.53 At each board meeting there is a chair’s report and managing director’s report. The minutes of board meetings indicate that these agenda items are used to provide documents and/or oral updates on engagement to/from the responsible minister and Finance Minister and to discuss the implications or actions by the board. For example, at the February 2021 board meeting, the chair’s report included attachments of correspondence from the Finance Minister on obligations under the PGPA Act and a letter to the Finance Minister in response outlining how Hearing Australia was addressing these requirements and how it was embedding an understanding of PGPA Act responsibilities into its oversight activities.

General duties of officials

3.54 In addition to the general duties of an accountable authority discussed above, the PGPA Act specifies duties applicable to all officials (which include the accountable authority). Officials are required to exercise a duty:

  • of care and diligence (section 25);
  • to act honestly, in good faith and for a proper purpose (section 26);
  • not to misuse position (section 27);
  • not to misuse information (section 28); and
  • to disclose material personal interests (section 29).

3.55 Officials also have a responsibility to:

  • comply with the finance law;
  • comply with the governance arrangements in the entity, for example, internal controls on the proper use and management of public resources; and
  • meet high standards of governance, performance and accountability.

3.56 Officials who breach their duties or responsibilities under the PGPA Act can be subject to employment sanctions (including termination of appointment for board members) or criminal sanctions for intentional or serious misuse of public resources. For more details of the duties that apply to all officials under the PGPA Act, refer to Appendix 4 of this audit.

3.57 Hearing Australia has a range of policies and procedures that describe the general duties of officials. These are summarised in Table 3.1.

Table 3.1: Analysis of Hearing Australia’s policies to address the general duties of officials

 

General duties of officials (PGPA Act sections 25–29)

Hearing Australia’s policies that cover aspects of the PGPA Act requirement

Duty of care and diligence

Duty to act honestly, in good faith and for a proper purpose

Duty in relation to use of position

Duty in relation to the use of information

Duty to disclose interests

Board and subcommittee charters

Business Ethics Policy

Compliance Policy

Delegations of Authority Policy

Procurement Policy

Fraud and Corruption Risk Management Policy

Source: ANAO analysis of Hearing Australia’s policies and procedures.

Has the board established fit-for-purpose arrangements to oversight the achievement of entity purposes?

The publicly available corporate plan for 2021–25 did not fully address three of the five minimum requirements of the PGPA Rule related to key activities, operating context and performance. During the review period, the audit and risk management committee did not examine the development of performance measures included in the corporate plan.

The board undertakes regular review of financial and non-financial performance information. A standing board agenda item for ‘operational and financial results’ provides opportunity for the board to monitor progress against the annual business plan and is included for each board meeting. For this agenda item, the board receives material such as a strategic imperative scorecard, a business plan scorecard, and information on profit and loss, the customer experience, commercial performance and the workforce.

The 2020–21 annual performance statements did not fully address two of the three minimum requirements of the PGPA Rule related to the reporting of results and analysis. The 2019–20 and 2020–21 annual performance statements were not reviewed by the audit and risk management committee. Nor was there a committee recommendation for the board to approve the annual performance statements. The board did not receive the assurance and advice set out in the committee’s charter.

3.58 The corporate plan is the primary planning document published by an entity57, setting out its purposes, the operating context in which it will operate, the key activities it intends to pursue, and how performance will be measured and assessed over at least four reporting periods.58

3.59 The annual performance statements are the mechanism by which an accountable authority provides information about the entity’s performance in achieving its purposes.59 The annual performance statements are intended to complete the cycle of performance reporting that commenced at the start of the reporting period with the corporate plan. An entity’s annual performance statements should report the actual results achieved against the performance measures and targets set for the entity in its corporate plan.60

3.60 Performance measurement involves collecting, analysing and reporting information about the performance of an entity against its purposes. Having effective performance reporting and monitoring arrangements is a key aspect of good governance. Finance guidance states that:

Effective performance measurement enables entities to:

  • measure and assess their progress toward achieving their purposes;
  • drive desired changes in the efficiency and effectiveness of services;
  • demonstrate whether the use of public resources is making a difference and delivering on government objectives;
  • make decisions about how best to deploy its resources to achieve competing priorities; and
  • demonstrate and promote their achievements and explain any variance from expectations or reference points/enables entities to identify and report on their achievements.61

3.61 To assess if the board has established fit-for-purpose arrangements to oversight the achievement of entity purposes, the ANAO examined the content of the corporate plans and the annual performance statements and assessed whether these documents complied with the PGPA Rule and reflected Finance resource management guidance. The level of assurance sought by the board over the content of these documents was also considered. In addition, the ANAO assessed the arrangements for monitoring by the board of financial and non-financial performance.

Is there oversight of entity performance against the purposes and performance measures identified in the corporate plan?

Corporate plans

3.62 Under section 14 of the AHS Act, the board has specific functions for deciding the objectives, strategies and policies to be followed by the entity. This includes providing a corporate plan and financial plan to the responsible minister and Finance Minister.

3.63 The corporate plan and financial plan provided to the responsible minister and Finance Minister outline information on the vision, function, key drivers of the operating environment and the landscape of hearing loss in Australia. It also provides information on the strategic pillars that will guide the entity over the next four years. The financial plan component includes information on the dividend policy which is paid in accordance with the 2012 directive from the responsible minister under section 63A of the AHS Act. It outlines estimated financial performance for future years. Performance metrics and relevant performance targets are also included.

3.64 Section 38 of the AHS Act includes specific financial targets and performance information to be considered by the board when preparing the financial plan. This includes:

(a) the objectives and policies of the Commonwealth Government known to the Board; and

(b) any directions given by the Minister under section 12; and

(c) any payments by the Commonwealth to the Authority to fund functions referred to in paragraph (f); and

(d) the need to maintain a reasonable level of reserves, having regard to estimated future infrastructure requirements; and

(e) the need to maintain the extent of the Commonwealth equity in the Authority; and

(f) the need to earn a reasonable rate of return on the Authority’s assets (other than assets wholly or principally used in the performance of functions that are directly funded by the Commonwealth); and

(g) any other commercial consideration the Board thinks appropriate.

3.65 The corporate plan and financial plan are included in a single document, and there are considered to be commercial sensitivities associated with the financial planning of this corporate Commonwealth entity. An extract of the corporate plan is therefore published on Hearing Australia’s website. This public version of the corporate plan contains information on the strategic direction of the organisation and relevant performance measures. It does not include specific details of how the strategic pillars are to be implemented, or financial planning information.

3.66 For the period examined, the board approved components of the corporate plan (public and non-public versions) and financial plan (including non-public components). It did not approve these plans in their entirety.

3.67 The non-public Hearing Australia Corporate Plan FY 2020–24 was discussed at the board strategy day in March 2020 and was approved in an emergency board meeting on 23 April 2020. The board approved the revenue information, profit forecast and capital expenditure information. The board agreed that the chairperson would liaise with the managing director to finalise the non-public corporate plan (and financial plan) for 2020–24.62

3.68 The non-public Hearing Australia Corporate Plan FY 2021–25 was approved by the board in April 2021. The board approved the strategic priorities, key performance indicators, revenue information, profit forecast and capital expenditure information. The board agreed that the chairperson and the managing director would finalise the document for submission to the minster by 30 April 2021.

3.69 The components of the publicly available corporate plan that were not examined by the board included: foreword, introduction, our purpose, our operating environment, our governance arrangements and risk management sections of the document.

3.70 The nature and complexity of an entity determines the scope and complexity of its internal planning processes and, by extension, the content of its corporate plan. However, the PGPA Rule provides that the corporate plan must cover a period of at least four reporting periods and there are another five PGPA Rule minimum requirements that must be addressed in the corporate plan. Table 3.2 summarises the ANAO’s assessment of the publicly available Hearing Australia Corporate Plan FY 2021–25, available to Parliament and the public, against these minimum requirements. Results of the assessment are further analysed below.

Table 3.2: Analysis of Hearing Australia’s compliance with corporate plan requirements

PGPA Rule 16E component

Requirement

Compliance assessment

Period corporate plan must cover

A corporate plan is prepared for a single reporting period; however, each plan must cover at least four reporting periods: the reporting period for which the plan is prepared and at least the following three reporting periods.

1. Introduction

A statement that the plan is prepared for paragraph 35(1) of the PGPA Act, the reporting period for which the plan is prepared and the reporting periods covered by the plan.

2. Purposes

The purposes of the entity.

3. Key activities

The key activities that the entity will undertake in order to achieve its purposes.

4. Operating context

For the entire period covered by the plan, the following:

  1. the environment in which the entity will operate;
  2. the strategies and plans the entity will implement to have the capability it needs to undertake its key activities and achieve its purposes;
  3. a summary of the risk oversight and management systems of the entity, and the key risks that the entity will manage and how those risks will be managed;
  4. details of any organisation or body that will make a significant contribution towards achieving the entity’s purposes through cooperation with the entity, including how that cooperation will help achieve those purposes;
  5. how any subsidiary of the entity will contribute to achieving the entity’s purposes.

5. Performance

For each reporting period covered by the plan, details of how the entity’s performance in achieving the entity’s purposes will be measured and assessed through:

  1. specified performance measures for the entity that meet the requirements of section 16EA; and
  2. specified targets for each of those performance measures for which it is reasonably practicable to set a target.

Key:  Fully compliant Partially compliant Not compliant

Source: ANAO analysis of public version of Hearing Australia Corporate Plan FY 2021–25.

3.71 In the following section, the ANAO has set out details of the ‘partially compliant’ assessments in the table above.

Partially compliant results

3.72 Key activities: The key activities of the entity have been described using the three strategic pillars that will be used to guide the entity over the next four years:

  • ‘delivering excellent outcomes’;
  • ‘providing great value to Government and our partners’; and
  • ‘continuing our journey to bring a high performing organisation.’

3.73 For each of these pillars, Hearing Australia has identified two priorities and each priority has between one and three activities associated with it. These activities are not further described in the publicly available corporate plan, but are described in the complete (not publicly available) corporate plan.

3.74 Operating context: The publicly available corporate plan describes the operating environment in which Hearing Australia operates. The publicly available corporate plan describes the focus areas for the coming twelve months to enhance Hearing Australia’s abilities and to deliver services. Performance measures are also identified for the strategic pillars over the four-year planning horizon.

3.75 The publicly available corporate plan provides a description of risk oversight and management activities, including how strategic risks are reviewed. Although the publicly available corporate plan outlines a strategic pillar related to productive government and partner engagement, it does not provide details of the organisations and bodies that will make a significant contribution towards achieving the entity’s purposes through cooperation with the entity, including how that cooperation will help achieve those purposes.

3.76 Performance: Finance guidance on developing good performance information states that:

Accountable authorities are required to measure and assess the performance of the entity in achieving its purposes. One of the objects of the [PGPA] Act is to require Commonwealth entities to provide meaningful information to the Parliament and the public to assist them in understanding how entities are performing, and how they are using the resources that have been entrusted to them.63

3.77 Section 17(2)(b) of the PGPA Rule states that the functions of an audit committee must include ‘reviewing the appropriateness of the accountable authority’s … performance reporting’. The audit and risk management committee charter includes this requirement and outlines that one of the committee’s performance reporting responsibilities is ‘to review how Hearing Australia measures and reports on its performance’. During the period reviewed, the audit and risk management committee did not examine the development of performance measures included in the corporate plan. The performance measures included in the corporate plan were discussed by the board on the relevant strategy day and were approved by the board. The minutes did not evidence board consideration or review of whether the audit and risk management committee had reviewed the appropriateness of performance reporting as required by the PGPA Rule.

3.78 Section 16EA of the PGPA Rule outlines the requirements for the performance measures of a Commonwealth entity that are included in the entity’s corporate plan. Section 16EA requires entities to use sources of information and methodologies that are reliable and verifiable and provide an unbiased basis for the measurement and assessment of the entity’s performance. The ANAO identified that the performance targets included in the Hearing Australia Corporate Plan FY 2021–25 document did not always provide sufficient information on the measures to meet these requirements. Table 3.3 below outlines, by way of example, a selection of performance criteria and targets.

Table 3.3: Corporate Plan 2021–25 performance information

Activity

Performance criteria

Target 2021–22

Implement agreed hearing loss prevention initiatives

Hearing Australia projects successfully managed and delivered

Achieved

Provision of high-quality advice and support to Government and to Partners to improve national hearing health outcomes

Quality of advice and support

Achieved

Lifting people capability

Capability program milestones achieved

Achieved

Source: Publicly available Hearing Australia Corporate Plan FY 2021–25, pp.16–17.

3.79 The performance criteria and targets in Table 3.3 do not provide sufficient information to the public on what will be measured (for example, what constitutes quality advice or what would constitute ‘achieved’). Without sufficient information Hearing Australia cannot demonstrate that the measures are reliable, verifiable or unbiased.

3.80 Section 16EA of the PGPA Rule requires that where reasonably practicable, performance measures should comprise a mix of qualitative and quantitative performance measures and include measures of the entity’s outputs, efficiency and effectiveness. Hearing Australia did not provide the ANAO with evidence of the board considering the number, type and balance of performance information included in the Corporate Plan 2021–25.

Recommendation no.3

3.81 The Hearing Australia board ensure that the publicly available corporate plan meets all minimum requirements of the Public Governance, Performance and Accountability Rule 2014 and provides meaningful information to the Parliament and the public on how performance will be measured.

Hearing Australia response: Agreed.

3.82 The Board accepts this recommendation. The Board further notes that, consistent with section 16E(4) of the Public Governance, Performance and Accountability Rule 2014, Hearing Australia produces two versions of its Corporate Plan. The first version is provided to the Minister for Government Services and the Minister for Finance by 30 April each year and contains extensive commercial in confidence information about Hearing Australia’s key performance indicators and how they are measured. The second version is the publicly released version which does not contain commercially sensitive information, including information on Hearing Australia’s commercial targets which could cause detriment to Hearing Australia if published given it operates in a highly competitive market. Finally, Hearing Australia notes that its Annual Report contains extensive information about its operations and achievements to enable Parliament and the public to assess the organisation’s performance.

Performance monitoring

3.83 The board monitors the achievement of performance measures included in the corporate plan quarterly, via a standing agenda item at its board meetings on ‘finance and performance’. A corporate plan scorecard has been developed which provides progressive tracking of the achievement of the corporate plan performance measures. It tracks year to date targets and provides traffic light information on status (for example, is Hearing Australia on track to meet the annual target).

3.84 The board also regularly monitors the broader performance and activities of the entity. Each June, the board approves an annual business plan, which outlines the strategic imperatives, scorecards and steps for achieving Hearing Australia’s purposes. It is based on information discussed with the board on relevant strategy days and provides more detailed information than is included in the corporate plans. The business plan provides detailed information on the strategic priorities of the entity including success measures for execution and how progress will be monitored over the twelve-month period of the plan.

3.85 A standing board agenda item for ‘operational and financial results’ provides opportunity to monitor progress against the annual business plan and is included for each board meeting. For this agenda item, the board receives material such as a strategic imperative scorecard, a business plan scorecard, and information on profit and loss, the customer experience, commercial performance and the workforce. There is evidence that this information is reviewed and challenged by the board.

Annual performance statements

3.86 Annual performance statements are approved by the board as part of its approval of the annual report. Annual reports for 2019–20 and 2020–21 were reviewed and approved by the board. Each of the annual reports was approved out-of-session by a majority of board members.

3.87 There are three PGPA Rule minimum requirements that must be addressed in an entity’s annual performance statements. Table 3.4 summarises the ANAO’s assessment of compliance for Hearing Australia’s annual performance statements included in the Annual Report 2020–21.

Table 3.4: Analysis of Hearing Australia’s compliance with annual performance statements requirements

PGPA Rule 16F

Requirement

Compliance assessment

1. Statements

  1. a statement that the performance statements are prepared for paragraph 39(1)(a) of the Act;
  2. a statement specifying the reporting period for which the performance statements are prepared;
  3. a statement that, in the opinion of the accountable authority of the entity, the performance statements:
    1. accurately present the entity’s performance in the reporting period; and
    2. comply with subsection 39(2) of the Act

2. Results

The results of the measurement and assessment referred to in subsection (1) of this section of the entity’s performance in the reporting period in achieving its purposes

3. Analysis

An analysis of the factors that may have contributed to the entity’s performance in achieving its purposes in the reporting period, including any changes to:

  1. the entity’s purposes, activities or organisational capability; or
  2. the environment in which the entity operated;

that may have had a significant impact on the entity’s performance in the reporting period.

Key:  Fully compliant Partially compliant Not compliant

Source: ANAO analysis of Hearing Australia’s Annual Report 2020–21.

3.88 In the following section, the ANAO has set out details of the ‘not compliant’ and ‘partially compliant’ assessments in the table above.

Not compliant results

3.89 Analysis: An entity’s annual performance statements must include an analysis of the factors that contributed to its performance in achieving its purposes. Finance guidance states that:

Entities should provide an informative analysis beyond simply listing specific achievements.

It is also good practice for the analysis of the factors that contributed to performance be included for individual performance measures as well as at an entity-wide level.

The intent of the PGPA Rule requirement is for the annual performance statements to include factors that have contributed in both a positive and negative way to an entity’s performance.64

3.90 Hearing Australia’s annual performance statements do not include an analysis of performance. The annual performance statements limit information on performance to a performance activities table which states performance results (discussed in more detail below). Information which would contribute to an analysis of performance information is included in the body of the annual report, including relevant case studies and factors that have contributed in a positive and negative way to the entity’s success in delivering on its purposes. The performance information is not referred to, or cross referenced in the annual performance statements. The annual performance statements should stand alone and address all the minimum requirements of the PGPA Rule. Better practice information in Finance guidance indicates that one method of achieving this is through the use of cross-referencing to the body of the annual report.65

Partially compliant results

3.91 Results: The annual performance statements must include the results of the measurement and assessment of the entity’s performance in the reporting period. As a matter of good practice, annual performance statements should also include a clearly presented summary of results to enable readers to readily assess the degree of achievement against entity purposes.66 Hearing Australia’s annual performance statements include information to indicate the percentage of targets that have been achieved and partially met during the period. It also includes a table of results which indicates if the individual performance measure results have been ‘exceeded’, ‘met’ or ‘partially met’. The quality of the annual performance statements and its ability to provide informative results for an entity‘s performance stems from the quality of the performance measures included in the corporate plan. Refer to paragraphs 3.76 to 3.80 for the performance measures and targets included in Hearing Australia’s corporate plans.

Recommendation no.4

3.92 The Hearing Australia board ensure that the annual performance statements meet all minimum requirements of the Public Governance, Performance and Accountability Rule 2014 and provide meaningful information to the Parliament and the public on the use of resources and the entity’s efficiency and effectiveness in delivering outcomes.

Hearing Australia response: Agreed.

3.93 The Board accepts this recommendation. The Board also notes that its annual performance statement is published as part of Hearing Australia’s Annual Report which contains extensive information about its operations and achievements to enable Parliament and the public to assess the organisation’s performance.

Are there arrangements to provide the board with assurance relating to entity performance against the purposes and performance measures identified in the corporate plan?

3.94 The audit and risk management committee charter outlines the following responsibilities related to performance reporting:

satisfy itself and provide assurance to the Board that Hearing Australia has a performance management framework that is linked to organisational objectives and outcomes, to ensure that Hearing Australia can measure and assess its performance in achieving its purposes as required under section 38 of the PGPA Act;

advise the Board on the preparation, and review of, Hearing Australia’s annual performance statement;

3.95 In August 2019, the audit and risk management committee reviewed the annual performance statements for 2018–19. This included an analysis of source data prepared by management. Management prepared a table of source data, where, for each performance measure, it provided information on where the data was extracted from, including if it was manually collated, and screenshots of data extraction. The committee recommended that the board approve the 2018–19 annual performance statements.

3.96 The audit and risk management committee’s annual report to the board on its operations and activities during the financial year outlines whether the committee has examined the annual performance statements. The report for 2020–21 indicates that the committee reviewed the annual performance statements. The ANAO’s review of the committee minutes and papers indicates that the 2019–20 and 2020–21 annual performance statements were not reviewed by the audit and risk management committee nor was there a recommendation for the board to approve the annual performance statements.

3.97 Finance provides a range of better practice guidance and suggestions for audit committees to consider when addressing the PGPA Rule requirements for reviewing the appropriateness of performance reporting. This includes considering the efficiency of undertaking a rolling approach to detailed review of performance reporting.67

Opportunity for improvement

3.98 There is an opportunity for improvement for the board to ensure that the audit and risk management committee fully discharges its assurance and advisory functions relating to entity performance and the annual performance statements.

Appendices

Appendix 1 Entity responses

Response from Hearing Australia. You can find a summary of the response in the summary and recommendations chapter of this report.

Response from the Department of Finance. You can find a summary of the response in the summary and recommendations chapter of this report.

Appendix 2 Improvements observed by the ANAO

1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of ANAO audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s 2021–22 Corporate Plan states that the ANAO’ s annual performance statements will provide a narrative that will consider, amongst other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

  • strengthening governance arrangements;
  • introducing or revising policies, strategies, guidelines or administrative processes; and
  • initiating reviews or investigations.

4. During the course of the audit, the ANAO observed changes in Hearing Australia’s approach to board governance. These included: updates to the board and committee terms of reference; commencement of the preparation of a fraud risk register; and more transparent documentation of board decision-making. It is not clear whether these actions and/or the timing of these actions were planned in response to proposed or actual audit activity. The ANAO has not sought to obtain assurance over the source of these actions or whether they have been appropriately implemented.

Appendix 3 General duties as an accountable authority

General duties as an accountable authority

Section of PGPA Act

Duty to govern the Commonwealth entity

  1. The accountable authority of a Commonwealth entity must govern the entity in a way that:
  1. promotes the proper (efficient, effective, economical and ethical) use and management of public resources for which the authority is responsible; and
  2. promotes the achievement of the purposes of the entity; and
  3. promotes the financial sustainability of the entity.
    1. In making decisions for the purposes of subsection (1), the accountable authority must take into account the effect of those decisions on public resources generally.

15

Duty to establish and maintain systems relating to risk and controls

The accountable authority of a Commonwealth entity must establish and maintain:

  1. an appropriate system of risk oversight and management for the entity; and
  2. an appropriate system of internal control for the entity; including by implementing measures directed at ensuring officials of the entity comply with the finance law.

16

Duty to encourage cooperation with others

The accountable authority of a Commonwealth entity must encourage officials of the entity to cooperate with others to achieve common objectives, where practicable.

17

Duty in relation to requirements imposed on others

When imposing requirements on others in relation to the use or management of public resources for which the accountable authority of a Commonwealth entity is responsible, the accountable authority must take into account:

  1. the risks associated with that use or management; and
  2. the effects of imposing those requirements

18

Duty to keep responsible Minister and Finance Minister informed

This includes keeping the responsible Minister informed of the activities of the entity and providing any reports, documents and information in relation to those activities as that Minister requires.

19

     

Source: ANAO analysis of sections 15–19 of the Public Governance, Performance and Accountability Act 2013.

Appendix 4 General duties of an official

General duties of an official

Section of PGPA Act

Duty of care and diligence

You must exercise your powers, perform your functions and discharge your duties with the degree of care and diligence that a reasonable person would exercise if the person had the same responsibilities as you.

25

Duty to act honestly, in good faith and for a proper purpose

You must exercise your powers, perform your functions and discharge your duties honestly, in good faith and for a proper purpose.

26

Duty in relation to use of position

You must not improperly use your position, or information you obtain in that position:

  1. to gain, or seek to gain a benefit or an advantage for yourself or any other person; or
  2. to cause, or seek to cause, detriment to the entity, the Commonwealth or any other person.

27

Duty in relation to the use of information

You must not improperly use information:

  1. to gain, or seek to gain a benefit or an advantage for yourself or any other person; or
  2. to cause, or seek to cause, detriment to the entity, the Commonwealth or any other person.

28

Duty to disclose interests

You must disclose material personal interests that relate to the affairs of your entity and you must meet the requirements of the finance law.

29

     

Source: ANAO analysis of sections 25–29 of the Public Governance, Performance and Accountability Act 2013.

Appendix 5 Director qualities and behaviours

1. The ANAO sought to determine whether board directors demonstrated corporate governance better practice qualities and behaviours drawn from key themes in recent reviews of corporate governance. These included:

  • an openness to declaring conflicts of interest;
  • an ability to conduct meetings in a professional, collegiate and respectful manner;
  • a willingness to undertake sufficient preparation to enable meetings to be conducted in a productive manner;
  • an understanding of their obligations as the accountable authority under the Public Governance, Performance and Accountability Act 2013 and the challenges facing the entity;
  • a desire and commitment to act in the best interest of the entity;
  • a willingness to invest in their own understanding of issues and entity operations, including participation in voluntary training sessions; and
  • direct engagement with the entity executive on key areas of interest.

2. A comparable list of qualities and behaviours was adopted in the ANAO’s 2019 audit series on board governance discussed in paragraph 1.7 of this report.

Footnotes

1Public Governance, Performance and Accountability Act 2013, section 12.

2 Department of Finance, Duties of Accountable Authorities (RMG 200), April 2021, available from https://www.finance.gov.au/government/managing-commonwealth-resources/managing-risk-internal-accountability/duties/duties/duties-accountable-authorities-rmg-200 [accessed December 2021].

3 Under the PGPA Act, the accountable authority of a Commonwealth entity may be a single person or group of persons (section 12). This total is based on the Department of Finance’s List of Commonwealth entities and companies under the Public Governance, Performance and Accountability Act 2013 as at 30 June 2021. It includes those entities that have a collective accountable authority and includes governing bodies which have the title of board, authority, commission, corporation, council, or trust.

4 M Edwards and R Clough, Corporate Governance and Performance: An Exploration of the Connection in a Public Sector Context, Corporate Governance ARC Project, Paper No. 1, January 2005, pp.2–3.

5 In addition to this series of governance audits, an upcoming Auditor-General report titled Reporting on Governing Boards of Commonwealth Entities and Companies will be presented for tabling in June 2022. This information report prepared by the ANAO will provide transparency and insights on the governing boards of Commonwealth entities and companies and the membership of these boards.

6 The previous audits are discussed in paragraphs 1.7 to 1.8 of this report.

7 The related audits are discussed in paragraph 1.19 of this report.

8 Australian National Audit Office, Audit Insights: Board Governance, 17 May 2019, available from https://www.anao.gov.au/work/audit-insights/board-governance [accessed 22 February 2022].

9Public Governance, Performance and Accountability Act 2013, section 12.

10 Department of Finance, Duties of Accountable Authorities (RMG 200), April 2021, available from https://www.finance.gov.au/government/managing-commonwealth-resources/managing-risk-internal-accountability/duties/duties/duties-accountable-authorities-rmg-200 [accessed December 2021].

11 Under the PGPA Act, the accountable authority of a Commonwealth entity may be a single person or group of persons (section 12). This total is based on the Department of Finance’s List of Commonwealth entities and companies under the Public Governance, Performance and Accountability Act 2013 as at 30 June 2021. It includes those entities that have a collective accountable authority and includes governing bodies which have the title of board, authority, commission, corporation, council, or trust.

12 For full details of the general duties as an accountable authority, refer to Appendix 3.

13 For full details of the general duties as an official, refer to Appendix 4.

14 M Edwards and R Clough, Corporate Governance and Performance: An Exploration of the Connection in a Public Sector Context, Corporate Governance ARC Project, Paper No. 1, January 2005, pp. 2–3.

15 N Owen, The Failure of HIH Insurance Volume 1: A Corporate Collapse and its Lessons, The HIH Royal Commission, 4 April 2003 (all references in this audit are to vol. 1 of the report).

16 Australian Prudential Regulation Authority, Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018.

17 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019 (all references in this audit are to vol. 1 of the report).

18 For additional information on these inquiries, refer to Auditor-General Report No. 34 2018–19, Effectiveness of Board Governance at Old Parliament House, paragraphs 1.7 to 1.16.

19 With particular reference to the importance of culture in risk management, see G Hehir (Auditor-General), Strategic governance of risk: Lessons learnt from public sector audit, [Internet], Australian National Audit Office, August 2018, available from https://www.anao.gov.au/work/speeches-and-papers/strategic-governance-risk-lessons-learnt-public-sector-audit [accessed February 2022].

20 A specific aspect of board governance — relating to the role played by a number of boards in promoting probity — was also examined in Auditor-General Report No.21 2019–20 Probity Management in Rural Research and Development Corporations. The report was published in December 2019.

21 Australian National Audit Office, Audit Insights: Board Governance, 17 May 2019, available from https://www.anao.gov.au/work/audit-insights/board-governance [accessed 22 February 2022].

The key audit insights were: establish a board charter; periodically evaluate board performance; actively consider current and future board skill requirements; recognise and manage conflicts of interest; retain adequate documentation and records of decisions and actions; actively question and challenge management; review key strategic risks in corporate risk registers and set risk appetite; ensure that the audit committee and its operating arrangements support the board obtaining the external advice and assurance it requires; approve and periodically review key policies and frameworks particularly those that relate to the duties of an accountable authority; provide appropriate induction to assist board members’ understanding of their obligations; seek management assurance regarding internal controls and compliance; and seek consolidated progress reports on results against all performance targets in the corporate plan.

22 In addition to this series of governance audits, an upcoming Auditor-General report titled Reporting on Governing Boards of Commonwealth Entities and Companies will be presented for tabling in June 2022. This information report prepared by the ANAO will provide transparency and insights on the governing boards of Commonwealth entities and companies and the membership of these boards.

23Public Governance, Performance and Accountability Act 2013, section 5.

24Public Governance, Performance and Accountability Act 2013, section 8.

25 Auditor-General Report No. 34 2018–19, Performance Audit, Effectiveness of Board Governance at Old Parliament House, recommendation 1, p. 22.

26 The Department of Finance, Lessons Learned from the private sector: Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, November 2019.

27 In December 2019 Finance also updated its guidance for the directors of Government Business Enterprises (GBEs). The guide is intended to assist directors in familiarising themselves with GBE governance requirements. It is available from https://www.finance.gov.au/business/government-business-enterprises/role-directors-commonwealth-gbes-guidelines [accessed 6 June 2022].

28 Australian National Audit Office, Audit Insights: Board Governance, 17 May 2019, available from https://www.anao.gov.au/work/audit-insights/board-governance [accessed 22 February 2022].

The ANAO observed, in its May 2019 audit insights publication on board governance, the importance of ensuring that the audit committee and its operating arrangements support the board obtaining the external advice and assurance it requires.

29 Department of Finance, A guide for corporate Commonwealth entities on the role of audit committees, September 2021, p.5 available from https://www.finance.gov.au/sites/default/files/2020-06/A%20guide%20for%20CCEs%20on%20the%20role%20of%20audit%20committees.pdf [accessed 22 February 2022].

30Australian Hearing Services Act 1991 (AHS Act), section 14.

31Australian Hearing Services Act 1991 (AHS Act), section 15.

32Australian Hearing Services Act 1991 (AHS Act), section 15.

33 The chairperson advised the ANAO that this letter was prepared after engagement with board members on board composition. Hearing Australia was not able to provide evidence of the content of such conversations.

34Australian Hearing Services Act 1991 (AHS Act), section 17.

35Australian Hearing Services Act 1991 (AHS Act), section 19.

36Australian Hearing Services Act 1991 (AHS Act), section 20.

37Australian Hearing Services Act 1991 (AHS Act), section 34.

38 The NAL is the research division of Hearing Australia.

39 The chairperson advised the ANAO that they had a number of conversations with board members on board composition, however Hearing Australia was not able to provide evidence of the content of such conversations.

40 The chair had a number of conversations with board members on board composition, however Hearing Australia was not able to provide evidence of the content of such conversations.

41 The chair had a number of conversations with board members on board composition, however Hearing Australia was not able to provide evidence of the content of such conversations.

42 This can include: requiring members to act ethically and in the best interests of the entity; manage and declare conflicts of interest; conduct themselves in a professional and respectful manner; devote sufficient time to undertaking the required duties (for example, by reading papers prior to meetings and attending meetings); participate fully in meetings; apply due diligence; maintain confidentiality over information and provide guidance on how members can raise concerns outside board meetings; and protocols for dealing with media, politicians and lobbyists.

43 This can include: promoting full participation by all members; ensuring meetings are conducted in a professional and constructive manner; summing up to obtain clarity of decisions made; ensuring adequate reporting of key decisions; and relationship management with the entity, minister and key stakeholders.

44 Relating, for example, to the agenda, papers, minutes, powers of the chair, voting procedures, and frequency of meetings.

45 This discussion begins at paragraph 1.5.

46 Australian Institute of Company Directors, Director Tools: Board charter Role of the board [Internet], Australian Institute of Company Directors, July 2016, p. 1, available from https://aicd.companydirectors.com.au/-/media/cd2/resources/director-resources/director-tools/pdf/05446-5-3-mem-director-rob-board-charter_a4-web.ashx [accessed February 2022].

47 The Business ethics policy sets out the behaviours and ethical standards Hearing Australia expects from all employees and contractors – including board members. It outlines behaviours related to conflicts of interest or duties, accepting money, gifts and hospitality and making public comment.

48 Australian Prudential Regulation Authority, Prudential Inquiry into the Commonwealth Bank of Australia (CBA) Final Report, 30 April 2018.

49 K M Hayne, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report, 1 February 2019 (all references in this audit are to vol. 1 of the report).

50 Proof points track progress against the key metrics that define how Hearing Australia is executing against strategic priorities within the corporate plan.

51 A full list of director qualities and behaviours considered by the ANAO is included in Appendix 5.

52Public Governance, Performance and Accountability Act 2013, section 16.

53 The Compliance Framework (July 2021) states that its purpose is to detail a compliance methodology that supports the systematic management of compliance and compliance risk in the entity. The methodology is known as the Compliance Management System. The audience for the framework is all Hearing Australia Staff.

54 See section 36 Corporate Plans, section 37 Financial plans and section 38 Financial targets and performance information, of the Australian Hearing Services Act 1991.

55 The level and language associated with ratings included in the Fraud and Corruption Control Plan do not reflect the risk matrix and ratings included in the board approved Risk Management Framework.

56 Public Governance, Performance and Accountability Rule 2014, subsections 10(a) and 10(b).

57 The following statement — ‘The corporate plan is the primary planning document of an entity’ — appeared in the Explanatory Memorandum (para. 226), Replacement Explanatory Memorandum (para. 231) and Revised Explanatory Memorandum (para. 231) of the Public Governance, Performance and Accountability Bill 2013. Available from https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/ Result?bId=r5058 [accessed 6 June 2022].

58 Section 16E of the PGPA Rule requires an entity’s corporate plan to state the entity’s purpose over the next four years. The PGPA Act defines purpose as including the objectives, functions or role of an entity. The aim of the purpose statement is to give context to the significant activities that the entity will pursue over that period.

59Public Governance, Performance and Accountability Act 2013, section 39.

60 Department of Finance, Annual performance statements for Commonwealth Entities, Resource Management Guide No. 134, March 2020, para. 4.

61 Department of Finance, Developing good performance information, Resource Management Guide No. 131, May 2020, para. 4.

62 Refer to paragraph 2.18 of this audit for discussion related to the approval of emergency board meeting decisions.

63 Department of Finance, Developing good performance information, Resource Management Guide No. 131, May 2020, p. 5.

64 Department of Finance, Annual performance statements for Commonwealth entities, Resource Management Guide No. 134, p. 20.

65 Department of Finance, Annual performance statements for Commonwealth entities, Resource Management Guide No. 134, p. 5.

Finance guidance states that: ‘While entities have discretion in determining the content of these statements, entities are encouraged to present their annual performance statements in a concise way and to use cross-references to other information included in the annual report where an entity wishes to expand on aspects of its performance.’

66 Department of Finance, Annual performance statements for Commonwealth entities, Resource Management Guide No. 134, p. 13.

67 Department of Finance, A guide for Corporate Commonwealth entities on the role of audit committees (RMG 202), September 2021, p.32.