The ANAO audit program includes topics that examine the implementation of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the Public Governance, Performance and Accountability Rule 2014.

Under the PGPA Act, the governing board of a corporate Commonwealth entity is responsible for leading, governing and setting the strategic direction for the entity. The Auditor-General presented a series of audits in April and May 2019 that reviewed whether the boards of four corporate Commonwealth entities had established effective arrangements to comply with selected legislative and policy requirements, and adopted practices that support effective governance:

• Report No. 34 of 2018–19 Effectiveness of Board Governance at Old Parliament House (OPH)—published on 18 April 2019;
• Report No. 35 of 2018–19 Governance of the Special Broadcasting Service Corporation (SBS)—published on 26 April 2019;
• Report No. 36 of 2018–19 Effectiveness of Board Governance at the Australian Institute of Marine Science (AIMS)—published on 30 April 2019; and
• Report No. 37 of 2018–19 Effectiveness of Board Governance at the Sydney Harbour Federation Trust (SHFT)—published on 2 May 2019.

This edition of audit insights outlines a number of the key messages from this series of audits that may be relevant for the operations of other Commonwealth boards as well as broader governance arrangements in Commonwealth entities.

In this series of reports the Auditor-General concluded that the governance and oversight arrangements adopted by the selected boards were effective. The small number of recommendations directed to the audited entities indicates a high level of compliance with the key governance requirements of the principles-based framework established by the PGPA Act and PGPA Rule. The Auditor-General observed that the Department of Finance (Finance) has issued guidance, such as Resource Management Guide 200 of December 2016, to assist accountable authorities in the discharge of their legal obligations. This guidance is principally a factual and procedural guide with a focus on legal compliance.

The audit observations from this series of reports, which were largely welcomed by boards, relate primarily to the ‘soft’ attributes of effective governance and culture highlighted in key independent reviews of organisational behaviour. These include the 2018 APRA Prudential Inquiry into the Commonwealth Bank of Australia and the 2019 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (2019 Hayne Royal Commission).

The Auditor-General observed that there is no equivalent in the Commonwealth public sector of resources built up over time—such as the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations and the resources made available by the Australian Institute of Company Directors—to support public sector governance boards in this respect. In consequence, public sector accountable authorities would need to rely on a combination of personal experience and other resources to supplement the guidance released by Finance. The first report in this series included a recommendation that Finance issue guidance which has regard to the key insights and messages of those inquiries directed to accountable authorities. Finance agreed to the recommendation.

Boards play a key role in the effective governance of an entity. Corporate governance involves two dimensions, which are the responsibility of the governing board:

• performance—which involves monitoring the performance of the organisation and CEO. This also includes strategy, the process of setting organisational goals and developing strategies for achieving them. The objective is to enhance organisational performance; and
• conformance—which involves compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

Governing is not the same as managing. Governance involves the systems and processes in place that shape, enable and oversee the management of an organisation. Management is concerned with doing, such as coordinating and managing the day-to-day operations of the entity’s business.

The interplay of the ‘hard’ attributes of governance (such as board composition, appointment processes and independence) and the ‘soft’ attributes of governance (such as the chair/CEO relationship, board behaviours and board culture) are critical to good governance and organisational performance. This interplay and the importance of board and organisational culture to an entity’s performance, values and conduct have been central themes in notable Australian reviews into organisational misconduct.

Notable reviews that have examined governance and its role in organisational performance have included the 2003 Royal Commission into the failure of HIH Insurance, the 2018 APRA Prudential Inquiry into the Commonwealth Bank of Australia and the 2019 Hayne Royal Commission into the financial services industry.

While the specific focus of these inquiries was on financial institutions, their key insights on culture and governance have wider applicability and provide lessons for all Commonwealth accountable authorities, including governance boards. Many Auditor-General reports have made findings consistent with these reviews.

The 2019 Hayne Royal Commission emphasised the need for boards to get the right information about emerging non-financial risks; to seek further or better information where what they had was clearly deficient; and ensure they use information to oversee and challenge management’s approach to these risks. The 2019 Hayne Royal Commission further emphasised that every entity must ask the questions raised by the 2018 APRA Prudential Inquiry:

• Is there adequate oversight and challenge by the board and its gatekeeper committees of emerging non-financial risks?
• Is it clear who is accountable for risks and how they are to be held accountable?
• Are issues, incidents and risks identified quickly, referred up the management chain, and then managed and resolved urgently? Or is bureaucracy getting in the way?
• Is enough attention being given to compliance? Is it working in practice? Or is it just ‘box ticking’?
• Do compensation, incentive or remuneration practices recognise and penalise poor conduct? How does the remuneration framework apply when there are poor risk outcomes or there are poor customer outcomes? Do senior managers and above feel the sting?

The 2019 Hayne Royal Commission recommended that entities should, as often as reasonably possible, take proper steps to:

• assess the entity’s culture and its governance;
• identify any problems with that culture and governance;
• deal with those problems; and
• determine whether the changes it has made have been effective.

The earlier HIH Royal Commission similarly warned in 2003 of the dangers of a ‘tick the box’ mentality towards corporate governance, and highlighted the benefits of periodic review by boards of corporate governance practices to ensure their suitability.

Establish a board charter

A board charter can support board members by providing a single reference point that clearly sets out the functions, powers and membership of the board, as well as roles, responsibilities and accountabilities, consistent with relevant legislative requirements. Including key behavioural and cultural expectations for board members can assist in articulating the desired culture of the board. The charter should be a living document, subject to thoughtful consideration and periodic review. The charter can also assist a board to formally set expectations for reporting to it by management.

Periodically evaluate board performance

Periodically evaluating board performance can enable a board to reflect on its operations and assess whether it has effectively met its purpose, objectives and obligations. Lessons learned from this process can assist the board in setting priorities and goals and contribute to enhancing overall board and organisational effectiveness. Documenting the process, performance criteria and outcomes — as well as any actions taken in response to issues identified — can also assist in ensuring accountability and transparency. Boards could also consider reporting in their governed entities' annual report that a performance evaluation has been undertaken, insights it has gained from the evaluation and any governance changes it has made as a result.

Actively consider current and future board skill requirements

Actively engaging with the portfolio department and minister in relation to the skills requirements for future board appointments, and providing advice accordingly to the relevant decision-maker, can assist in achieving the optimum skill mix.

Recognise and manage conflicts of interest

Including conflicts of interest as a standing agenda item supports board members in focussing attention on this key issue. This can include having board members verbally declare conflicts of interest at each meeting. Including details of each board member's interests in board papers, including paid and unpaid external engagements, can also assist board members to ensure that all their interests are actively considered. Disclosure also increases board member awareness of the previously declared interests of fellow board members. Members should be clear on their obligations relating to gifts and hospitality, such as through codes of conduct, board charters, and gifts and hospitality policies. Gifts and hospitality registers can be useful in improving transparency in cases where gifts and hospitality are accepted.

Retain adequate documentation and records of decisions and actions

Keeping sufficient evidence of decision-making processes and outcomes is fundamental to effective governance, accountability and transparency. It also contributes to efficient practice, the utilisation of evidence and enabling a learning organisation. Board members and entities should be mindful of the need to ensure that information relating to the entity is handled and maintained in accordance with applicable Commonwealth information-security and record-keeping requirements. These requirements also apply to communication channels such as emails, as these are official records.

Actively question and challenge management

Board members must hold management to account. Setting expectations for management reporting to the board can assist in ensuring that the board and management have a shared understanding of the board's requirements and can assist the board in meeting its obligations as the accountable authority. This series of audits observed that members of the selected boards displayed a willingness to challenge management.

Review key strategic risks in corporate risk registers and set risk appetite

Maintaining a strategic focus on risk can assist a board in ensuring the risk management framework is appropriate and the entity is operating within its risk appetite, as well as enhancing the board's understanding of the strategic context and enabling it to govern more effectively. Including risk management as a standard agenda item for board meetings encourages the regular consideration of risk.

The oversight of risk by boards featured prominently in the 2003 HIH Royal Commission, 2018 APRA Prudential Inquiry and 2019 Hayne Royal Commission and this is discussed at paragraphs 1.7–1.13 of each audit report. The 2019 Hayne Royal Commission highlighted the importance of strategic oversight of non-financial risks such as compliance risk, conduct risk and regulatory risk.

Ensure that the audit committee and its operating arrangements support the board obtaining the external advice and assurance it requires

In establishing an audit committee, boards need to consider the structure, composition, size, skills and independence of members to enable the committee to be effective. Having the board establish, approve and periodically review its audit committee charter can assist the board in ensuring it is receiving the desired external advice and assurance. An audit committee charter can reflect the desired culture and set out such things as the committee's roles and responsibilities, authority, composition, membership requirements, structure and processes. Board oversight of audit committees should involve regular reporting from the committee, including on internal audit findings, the implementation of ANAO and parliamentary recommendations and regular review of the audit committee charter and work plan.

Approve and periodically review key policies and frameworks particularly those that relate to the duties of an accountable authority

Board approval of key policies and frameworks such as financial delegations, risk management, work health and safety, and fraud, can assist board members to gain assurance that they are effectively discharging their duties as the accountable authority, by setting the framework for compliance with relevant legislation.

Having the board approve policies such as the code of conduct, remuneration and key quality assurance frameworks (if applicable) enables boards to influence behaviour and can be an important mechanism in communicating the desired culture within the entity. Recent reviews such as the 2018 APRA Prudential Review and the 2019 Hayne Royal Commission have highlighted that boards need to be cognisant of how incentives and controls in organisations can drive behaviours and culture. Monitoring when policies are due for review, such as through the audit committee, can assist this process.

Provide appropriate induction to assist board members' understanding of their obligations

Induction processes should include details of members' legal responsibilities as part of the accountable authority and other legislative requirements. It is also important that board members receive all key policies and procedures related to their role as the accountable authority.

Seek management assurance regarding internal controls and compliance

Obtaining assurance from management regarding internal controls and compliance with relevant legislation and government policies can assist a board directly, or through its audit committee, gain assurance of compliance. Maintaining a register of compliance breaches and providing board members with details of the nature of assurance mechanisms used within the entity can further assist board members.

Seek consolidated progress reports on results against all performance targets in the corporate plan

Receiving regular reporting on progress against corporate plan performance criteria can assist board members in their ongoing oversight of entity performance. This can also support board member assurance over annual performance statement reporting.

Further insights from related audit activity

For further insights from the ANAO's multiyear audit program relating to implementation of the PGPA Act and the PGPA Rule, see:

• Corporate planning and performance statements under the PGPA Act, August 2018.
• Corporate planning, performance statements and risk management under the PGPA Act, November 2017.
• Commonwealth resource management framework and the clear read principle