Introduction

Governance boards

1.1 The governing board of a corporate Commonwealth entity is the accountable authority for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act)¹¹, with responsibility for ‘leading, governing and setting the strategic direction’ for the entity.¹²

1.2 Around 60 corporate Commonwealth entities subject to the PGPA Act have governing boards, comprising a total of approximately 510 board positions.¹³ Corporate Commonwealth entities with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

Boards and corporate governance

Duties and roles

1.3 Sections 15 to 19 of the PGPA Act impose duties on accountable authorities in relation to governing the corporate Commonwealth entity for which they are responsible (see Box 1).¹⁴ As the accountable authority, members of Commonwealth governing boards are also officials under the PGPA Act and subject to the general duties of officials in sections 25 to 29 of the Act (see Box 1).¹⁵ Guidance issued to accountable authorities by the Department of Finance (Finance) observes that ‘each of these duties is as important as the others’.¹⁶

Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, Summary: Governing your entity [Internet].

1.4 Boards play a key role in the effective governance of an entity. Corporate governance is generally considered to involve two dimensions, which are the responsibility of the governing board:

Performance — monitoring the performance of the organisation and CEO. This also includes strategy — setting organisational goals and developing strategies for achieving them, and being responsive to changing environmental demands, including the prediction and management of risk. The objective is to enhance organisational performance;

Conformance — compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

… it is important to understand that governing is not the same as managing. Broadly, governance involves the systems and processes in place that shape, enable and oversee management of an organisation. Management is concerned with doing–with co-ordinating and managing the day-to-day operations of the business.¹⁷

1.5 The relationship between effective corporate governance and organisational performance is summarised in Box 2.

Culture and governance

1.6 The interplay of the ‘hard’ and ‘soft’ attributes of governance — and the criticality of board and organisational culture to an entity’s performance, values and conduct — have been central themes in notable Australian inquiries into organisational misconduct. These have included the 2003 Royal Commission into the failure of HIH Insurance²⁰, the 2018 APRA Prudential Inquiry into the Commonwealth Bank of Australia²¹ and the 2019 Royal Commission into the financial services industry.²² While the specific focus of these inquiries was on financial institutions, their key insights on culture and governance have wider applicability and provide lessons for all accountable authorities, including governance boards. Many Auditor-General Reports have made findings consistent with those appearing in these inquiries.²³

2003 HIH Royal Commission

1.7 The HIH Royal Commissioner defined corporate governance as the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations — embracing not only the models or systems themselves but also the practices by which that exercise and control of authority is in fact effected. Justice Owen observed by way of introduction that:

A cause for serious concern arises from the [HIH] group’s corporate culture. By ‘corporate culture’ I mean the charism[a] or personality—sometimes overt but often unstated—that guides the decision-making process at all levels of an organisation …

The problematic aspects of the corporate culture of HIH—which led directly to the poor decision making—can be summarised succinctly. There was blind faith in a leadership that was ill-equipped for the task. There was insufficient ability and independence of mind in and associated with the organisation to see what had to be done and what had to be stopped or avoided. Risks were not properly identified and managed. Unpleasant information was hidden, filtered or sanitised. And there was a lack of sceptical questioning and analysis when and where it mattered.

At board level, there was little, if any, analysis of the future strategy of the company. Indeed, the company’s strategy was not documented and it is quite apparent to me that a member of the board would have had difficulty identifying any grand design …

… A board that does not understand the strategy may not appreciate the risks. And if it does not appreciate the risks it will probably not ask the right questions to ensure that the strategy is properly executed. This occurred in the governance of HIH. Sometimes questions simply were not posed; on other occasions the right questions were asked but the assessment of the responses was flawed.

1.8 More specifically, Justice Owen reported in chapter 6 of the report — which was dedicated to corporate governance — on key aspects of board operations and the importance of:

• clearly defined and recorded policies or guidelines;
• clearly defined limits on the authority of management, including in relation to staff emoluments;
• independent critical analysis by the board;
• recognition and resolution of conflicts of interest;
• dealing with governance concerns;
• maintaining control of the board agenda; and
• providing relevant information to the board.

2018 APRA Prudential Inquiry

1.9 The APRA Prudential Inquiry also dedicated substantial sections of its report to culture and governance. The review panel observed that:

Culture can be thought of as a system of shared values and norms that shape behaviours and mindsets within an institution. Once established, the culture can be difficult to shift. Desired cultural norms require constant reinforcement, both in words and in deeds. Statements of values are important in setting expectations but their impact is sotto voce. How an institution encourages and rewards its staff, for instance, can speak more loudly in reflecting the attitudes and behaviours that it truly values.²⁴

1.10 The Prudential Inquiry associated weaknesses in board oversight and organisational culture with:

• insufficient rigour and urgency by the Board and its Committees around holding management to account in ensuring that risks were mitigated and issues closed in a timely manner;
• gaps in reporting and metrics hampered the effectiveness of the Board and its Committees; and
• a heavy reliance on the authority of key individuals that weakened the Committee construct and the benefits that it provides.²⁵

2019 Hayne Royal Commission

1.11 The Hayne Royal Commission similarly incorporated a substantial chapter on culture, governance and remuneration in the final report. Commissioner Hayne reported that the evidence before the Commission showed that:

too often, boards did not get the right information about emerging non-financial risks; did not do enough to seek further or better information where what they had was clearly deficient; and did not do enough with the information they had to oversee and challenge management’s approach to these risks.

Boards cannot operate properly without having the right information. And boards do not operate effectively if they do not challenge management.²⁶

1.12 The Commissioner challenged governance boards to actively discharge their core functions, including the strategic oversight of non-financial risks such as compliance risk, conduct risk and regulatory risk:

Every entity must ask the questions provoked by the Prudential Inquiry into CBA:

• Is there adequate oversight and challenge by the board and its gatekeeper committees of emerging non-financial risks?
• Is it clear who is accountable for risks and how they are to be held accountable?
• Are issues, incidents and risks identified quickly, referred up the management chain, and then managed and resolved urgently? Or is bureaucracy getting in the way?
• Is enough attention being given to compliance? Is it working in practice? Or is it just ‘box-ticking’?
• Do compensation, incentive or remuneration practices recognise and penalise poor conduct? How does the remuneration framework apply when there are poor risk outcomes or there are poor customer outcomes? Do senior managers and above feel the sting?²⁷

1.13 Key observations made in the Hayne Royal Commission on governance boards’ use of information, and the link between culture, governance and remuneration, are summarised in Box 3.

Assessment of culture and governance by boards

1.14 Recommendation 5.6 of the Hayne Royal Commission — titled ‘changing culture and governance’ — was that entities should, as often as reasonably possible, take proper steps to: assess the entity’s culture and its governance; identify any problems with that culture and governance; deal with those problems; and determine whether the changes it has made have been effective.

1.15 Underlining the criticality of organisational culture to entity performance, values and conduct, the Royal Commissioner emphasised that this recommendation, ‘although it is expressed generally, can and should be seen as both reflecting and building upon all the other recommendations that I make.’³⁴

1.16 In a similar vein, the HIH Royal Commission had warned in 2003 of the dangers of a ‘tick the box’ mentality towards corporate governance, and the benefits of periodic review by boards of corporate governance practices to ensure their suitability.

The Public Governance, Performance and Accountability Act 2013 (PGPA Act)

1.17 The objects of the PGPA Act include: to establish a coherent system of governance and accountability across Commonwealth entities; and to require the Commonwealth and Commonwealth entities to meet high standards of governance, performance and accountability.³⁵

1.18 As discussed in paragraph 1.3 of this audit report, the PGPA Act includes both general duties of accountable authorities and general duties of officials. It also establishes obligations relating to the proper use of public resources (that is, the efficient, effective, ethical and economical use of resources).³⁶ In so doing, the PGPA Act establishes clear cultural expectations for all Commonwealth accountable authorities and officials in respect to resource management. Finance, which supports the Finance Minister in the administration of the PGPA Act framework, has also issued a range of guidance documents on the technical aspects of resource management under the framework.

1.19 Finance issued a Resource Management Guide (RMG 200) in December 2016 to assist accountable authorities³⁷, which is principally a factual and procedural guide with a focus on legal compliance. There is no equivalent in the Commonwealth public sector of resources built up over time — such as the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations³⁸ and Australian Institute of Company Directors (AICD) resources — to support public sector governance boards. In consequence, public sector accountable authorities would need to rely on a combination of personal experience and other resources to supplement the guidance released by Finance. As discussed, the recent APRA Prudential Inquiry and Hayne Royal Commission have again highlighted the criticality of effective board governance, corporate culture and the interplay of the ‘hard’ and ‘soft’ attributes of governance, and there would be merit in Finance issuing guidance which has regard to the key insights and messages of those inquiries directed to accountable authorities.

Recommendation

1.20 The first report in this series of board governance audits, Auditor-General Report No.34 of 2018–19 Effectiveness of Board Governance at Old Parliament House, includes a recommendation directed to the Department of Finance to update its guidance to accountable authorities having regard to the key insights and messages for accountable authorities identified in the recent inquiries and reviews referenced above. Finance agreed to the recommendation.

Rationale for undertaking the audit

1.21 This topic was selected for audit as part of the ANAO’s multi-year audit program that examines aspects of the implementation of the PGPA Act. This audit provides an opportunity for the ANAO to review whether boards have established effective arrangements to comply with selected legislative and policy requirements and adopted practices that support effective governance. The audit also contributes to the identification of practices that support effective governance that could be applied in other entities. This audit is one of a series of governance audits that apply a standard methodology to the governance of individual boards.

1.22 The four entities included in the ANAO’s 2018–19 board governance audit series are:

• Old Parliament House;
• the Special Broadcasting Service;
• the Australian Institute of Marine Science; and
• the Sydney Harbour Federation Trust.

Australian Institute of Marine Science (AIMS)

1.23 AIMS was established in 1972 as a Commonwealth statutory authority operating under the Australian Institute of Marine Science Act 1972 (AIMS Act). The key functions of AIMS include providing the research and knowledge of Australia’s marine estate required to support growth in its sustainable use, effective environmental management and protection of its unique ecosystems. AIMS seeks to deliver the science to help realise three key impacts:

• improve the health and resilience of marine and coastal ecosystems across northern Australia
• create economic, social and environmental net benefits for marine industries and coastal communities
• protect coral reefs and other tropical marine environments from the effects of climate change.³⁹

1.24 AIMS is accountable to the Minister for Industry, Science and Technology and is governed by a Council⁴⁰ (the board) that reports to the Minister. Under the AIMS Act, the board consists of a Chairperson, the Chief Executive Officer (CEO); a member nominated by James Cook University; and four other members.⁴¹ The board meets quarterly and sets strategic directions and research strategies and oversees management of the Institute. The CEO is responsible for managing the day-to-day affairs of AIMS.

1.25 AIMS has a staff of approximately 240, receives around $45 million in appropriations and generates approximately $23 million in own source revenue.

Audit approach

Audit objective, criteria and scope

1.26 The objective of the audit was to assess the effectiveness of the governance board in the Australian Institute of Marine Science.

1.27 To form a conclusion against the audit objective the following high level criteria were adopted:

• the board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance; and
• the board has established-fit-for-purpose arrangements to oversight compliance with key legislative and other requirements.

1.28 The audit examined the period July 2016 until March 2019.

1.29 Guidance to boards issued by Finance was reviewed by the ANAO having regard to the report of the 2019 Hayne Royal Commission⁴², which was released in the course of this audit, and other key reviews of board governance.⁴³

Audit methodology

1.30 In undertaking the audit the ANAO:

• reviewed board and audit committee papers and minutes from July 2016 to December 2018;
• reviewed a range of relevant documentation including entity corporate plans, strategy documents, audit committee charters, risk registers, and conflict of interest declarations;
• interviewed current and former board members;
• attended two board meetings (September and December 2018) and one audit committee meeting (November 2018) as an observer; and
• reviewed relevant guidance and reviews on board governance.

1.31 The audit was conducted in accordance with the ANAO Audit Standards at a cost to the ANAO of approximately $203,000. The team members for this audit were Grace Guilfoyle, Kelly Williamson, Shane Armstrong and Michelle Page.

Are the board’s governance and administrative arrangements consistent with relevant legislative requirements and has the board structured its own operations in a manner that supports effective governance?

2.1 The Australian Institute of Martine Science (AIMS) was established by its enabling legislation, the Australian Institute of Marine Science Act 1972 (AIMS Act). The ANAO examined whether:

• the board’s governance and administrative arrangements are consistent with the enabling legislation; and
• the board had structured its own operations in a manner that supports effective governance.

2.2 The results of the ANAO’s assessment against each of these requirements and any suggestions for improvement are outlined below.

Consistency of governance and administrative arrangements with the AIMS Act

Membership and appointment of board members

2.3 The AIMS Act outlines the requirements for board membership, with the Governor-General responsible for appointments. The Act requires the appointment of:

• a Chairperson;
• the Chief Executive Officer (CEO);
• a member nominated by James Cook University; and
• four other members.

2.4 In addition, at least three board members shall be persons possessing scientific qualifications and each member holds office for a period not exceeding five years but is eligible for re-appointment. The board met these requirements.

2.5 During the period July 2016 to March 2019, three board members (including the previous CEO) left the board and were replaced. There is evidence the board considered the skills needed for new board appointments. AIMS used a skills matrix that records details of the qualifications and background of current and potential new board members and provides ratings against eight skill areas. The board Chairperson wrote to the relevant Minister and provided the matrix to support recommendations for new appointments in 2017 and 2018. The skills matrix was the result of combined input from the portfolio department⁴⁴, the AIMS Executive and the board Chairperson.

2.6 There would be benefit in the board engaging with the department and the Minister in relation to the skill requirements for future board appointments.

Acting arrangements for the board Chairperson and board members

2.7 The AIMS Act contains provisions for board member and board chairperson acting arrangements. AIMS board members advised there were no acting arrangements required for board members or the board Chairperson in the period covered by the audit.

Meeting requirements, quorum, presiding at meetings and voting

2.8 The AIMS Act states that the Council shall hold such meetings as are necessary for the performance of its functions, and as directed by the Minister. Board induction papers state that the board typically meets four times a year with an additional teleconference for adoption of the financial statements. In both 2016–17 and 2017–18 this pattern was adopted. The AIMS board induction pack outlines that the dates and location of board meetings are discussed and agreed at the last meeting of the year, and that meetings are at a location convenient to the majority of members. There is evidence that in determining dates the board is cognisant of parliamentary sitting weeks and significant dates such as the dates of Senate estimates and the timing of science related events.⁴⁵

2.9 In relation to board meetings, the AIMS Act specifies that a quorum is constituted by not less than four members. A quorum was obtained at each board meeting during the period reviewed. The board Chairperson was present and presided at all meetings.

2.10 The AIMS Act specifies that questions arising at a meeting of the board shall be determined by a majority of the votes of the members present and the member presiding at a meeting of the board has a deliberative vote, and, in the event of an equality of votes, also has a casting vote. AIMS advised that all matters were resolved through consensus during the period examined by the audit.

Appointment and responsibilities of CEO

2.11 The AIMS Act specifies that the CEO is appointed by the board but does not outline any specific requirements regarding appointment. The term of the previous CEO expired in November 2016. The CEO was offered, and accepted, a twelve-month extension, to 29 November 2017. Board minutes indicate the extension was approved by the Minister and involved consultation with the Office of the Prime Minister. A new CEO was appointed to AIMS in June 2017. The board established a sub-committee to manage the selection process for a new CEO. The process of selecting a new CEO included:

• interviews of five short-listed candidates;
• the identification of a highly suitable candidate;
• the selection sub-committee presenting its recommendation to the board for consideration;
• board approval of the proposal;
• the board providing the Minister with the name of the candidate for consideration and approval;
• the Minister’s approval and recommendation to the Prime Minister for approval; and
• the Prime Minister’s and, at the Prime Minister’s discretion, Cabinet’s, approval.

2.12 The AIMS Act further states that subject to the general direction of the Council, the CEO shall manage the affairs of the Institute. There are no other requirements relating to CEO responsibilities. The board has delegated authority to the CEO, including responsibility for the Financial and Contract Delegations Policy. Board minutes indicated that the board approved delegations and a requirement for contracts to align with board strategies in 2013⁴⁶, and increased delegations in 2015.⁴⁷ Management last reviewed the policy in June 2018, and advised the board of the outcomes of the review.

Outside employment

2.13 The AIMS Act states that the CEO shall not engage in paid employment outside the duties of his or her office except with the approval of the board. To meet the requirements of the Act, the CEO’s contract, signed by the board Chairperson, includes approval in relation to books he authors, including the requirement that such activity takes place in his own time, and does not affect his ability to perform his role. As discussed in Table 3.1, declaration of interests is a standing agenda item at board meetings, and includes current CEO outside engagements.⁴⁸

Board operations

2.14 Paragraphs 1.3 to 1.16 of this audit report outlined key insights on corporate governance and board operations, including in recent reviews and inquiries. Key themes include the need for:

• recognition and management of conflicts of interest;
• board members to question and challenge management;
• risk to be properly identified, considered and managed;
• boards to consider future strategy and key policies including remuneration policy;
• boards to periodically assess corporate governance and organisational culture; and
• appropriate oversight of compliance.

2.15 The ANAO attended two AIMS board meetings (September and December 2018) and one audit committee meeting (November 2018). In those meetings, and through the review of board and audit committee papers and minutes and interviews and interactions with board members, the ANAO observed board members collectively displaying a range of qualities and behaviours that indicated the existence of a positive governance culture at board level. These included:

• an openness to declaring conflicts of interest;
• a willingness to challenge management, engage in robust debate, explore various options and seek further clarification as needed;
• an ability to conduct meetings in a professional, collegiate and respectful manner;
• an understanding of their obligations as the accountable authority and the challenges facing the entity;
• a desire and commitment to act in the best interests of the entity; and
• a willingness to undertake sufficient preparation to enable meetings to be conducted in a productive manner.

2.16 The board engaged a consultant to conduct a presentation on government boards, covering duties under the PGPA Act as an accountable authority, additional common law duties, conflict of interest, and board culture. The presentation took place at the December 2018 board meeting.

2.17 AIMS quarterly board meetings are held over two days and involve presentation of various management reports, as discussed in Table 3.1. In addition to CEO and Operations Officer (COO) reports, standing agenda items cover areas such as ministerial correspondence; health, safety and environment; the reef restoration initiative; research; corporate performance; potential business ventures; finance; external revenue; audit committee matters; government and public relations; risk management; significant contracts; and meeting evaluations. The board also receives a science presentation at each meeting, providing updates on a current area of research.

2.18 Board meetings also include a stakeholder function on the evening of the first day. The ANAO observed two stakeholder functions. Each function involved a presentation of the AIMS strategic plan and current activities. Board members have advised that these functions have been useful for board engagement with stakeholders and AIMS management. Attendees have included representatives from other science institutions, government and the private sector.

2.19 The remainder of this section examines specific aspects of the board’s governance and administrative arrangements.

Does the board have a charter?

2.20 A board charter is a written document that sets out such things as:

• the functions, powers, and membership of the board;
• roles, responsibilities and expectations of members, both individually and collectively, and of management⁴⁹;
• role and responsibilities of the Chairperson⁵⁰;
• procedures for the conduct of meetings⁵¹; and
• policies on board performance review.

2.21 The AIMS board does not have a charter. Board members are provided with some of the information that may be found in a charter. For example, the board member induction pack contains a high level overview of the board with information on the role of the board, executive and management team and board committees. However, the guidance related to the conduct of meetings is limited to specifying the frequency of board meetings. The AIMS Act, also provided at induction, provides information on board membership and meeting requirements. As discussed in paragraph 2.30 and Table 3.4, the induction pack also contains the code of conduct, which details expected standards of conduct. The code of conduct applies to the board⁵² as well as other employees.

Opportunities for improvement

2.22 There is an opportunity for the AIMS board to establish a board charter and include key behavioural and cultural expectations for board members. Numerous governance related organisations encourage boards to have a charter. For example the Australian Institute of Company Directors (AICD) states:

Board charters are used by many organisations. Many major inquiries, reports and leading governance practice recommendations refer to the need for board charters or similar documentation in delivering effective governance.⁵³

2.23 A charter can provide a single reference point that clearly sets out the functions, powers and membership of the board, as well as roles, responsibilities and accountabilities, consistent with relevant legislative requirements. Board charters can also articulate the desired culture of the board and address the ‘soft attributes’ of governance discussed in chapter 1 of this audit report relating to board culture and behaviours, which are critical to good governance.⁵⁴ The AICD has indicated that:

In most organisations the governance framework is determined by the legislation that it has been created under…However, there are many aspects of modern governance which the board must consider and act upon that lie outside legal requirements. The board charter is one way of documenting these matters.⁵⁵

2.24 It is important that board charters assist board members rather than inappropriately constrain them. For example, a board may consider including discretionary clauses in the charter to provide the necessary flexibility for the board to discharge its duties. The charter can be a living document, subject to thoughtful consideration and periodic review.

Does the accountable authority approve or have oversight of key policies?

2.25 The audit committee has oversight of a Policies and Procedures status report, which identifies when policies are due for review and who is responsible for authorisation. This is a practice that could be adopted by other entities. The Policies and Procedures status report states that the following policies are authorised by the board:

• Investment of Relevant Money;
• Fraud Control Plan;
• Public Interest Disclosure and Whistleblower Policy;
• Intellectual Property Policy;
• Declaration of Interests Protocol; and
• Appointment of AIMS Officers to External Boards Policy (this policy is recorded as authorised by the board and executive team).

2.26 The Investment of Relevant Money, Fraud Control Plan and Declaration of Interests Protocol were approved by the board during the period subject to review by the audit. The board last approved the Public Interest Disclosure and Whistleblower Policy in June 2014, and AIMS has advised it has been reviewed by management since then, with no changes required. The board approved the Appointment of AIMS Officers to External Boards and Intellectual Property policies in September 2013.

2.27 The executive team, not the board, is responsible for authorising the Risk Management Framework, Code of Conduct and Health and Safety Policy. As discussed in paragraph 2.12, the CEO is the authoriser of the Financial and Contract Delegations Policy.

Opportunities for improvement

2.28 There is an opportunity for the AIMS board to consider the policies it reviews and endorses with a view to ensuring the board periodically and systematically reviews and approves all key policies, particularly those that relate to the duties of an accountable authority. Board review of key policies and frameworks such as financial delegations, risk management, work health and safety and fraud can assist board members gain assurance that they are effectively discharging their duties as the accountable authority by setting the framework for compliance with relevant legislation. Having the board approve policies such as code of conduct, remuneration and key quality assurance frameworks (if applicable) enables boards to influence behaviours and can be an important mechanism in communicating the desired culture within the entity. Recent reviews such as the 2018 APRA Prudential Review and the 2019 Hayne Royal Commission have highlighted that boards need to be alive to how incentives in organisations can drive behaviours.⁵⁶ Periodic board review of key policies can assist a board in its messaging to the entity about the organisational culture it wishes to promote.

2.29 In relation to risk management policies and frameworks specifically, the Commonwealth Risk Management Policy (CRMP) requires the accountable authority to endorse an entity’s risk management policy and framework. Corporate Commonwealth entities, such as AIMS, are not required to comply with the policy but should review and align their risk management frameworks and systems with the policy as a matter of good practice. In AIMS, the board is responsible for determining risk appetite and the executive team is responsible for the review and approval of the risk framework. Given this, when reviewing the policies it reviews and endorses, the board should consider aligning its approval of the AIMS risk management framework and systems with the CRMP policy.

Are board members provided with appropriate induction?

2.30 Upon induction, board members are provided with a range of appropriate information. This includes:

• a high level overview of the role of the AIMS board, which includes references to the AIMS Act and PGPA Act;
• information on remuneration, annual fee increases, meetings and travel arrangements; and
• selected documents (for example, the corporate plan, annual report, Financial and Contract Delegations Policy, AIMS risk management framework, health and safety framework, fraud control plan, deed of confidentiality and intellectual property and code of conduct).

2.31 All board members indicated to the ANAO that they were satisfied with the information provided at induction.

Has the board set expectations for reporting to it by management?

2.32 The board has set expectations for reporting to it by management through occasional discussions at board meetings, including in the meeting evaluations discussed in paragraph 2.34. Management reports to the board through standing agenda items and a standard format for presenting papers that has evolved over time. ANAO discussions with board members indicated that when changes are requested, management is responsive.

Opportunities for improvement

2.33 The corporate governance reviews discussed in chapter 1 of this audit report have consistently highlighted the importance of holding management to account. There is an opportunity for the AIMS board to formally set expectations for reporting to it by management through a board charter. This could assist in ensuring that the board and management have a shared understanding of the board’s requirements and can assist the board in meeting its obligations as an accountable authority.

Is board performance collectively and individually assessed?

2.34 The ANAO was advised that during the period examined by this audit there had not been a formal assessment of the performance of the board either collectively or individually except for the CEO.⁵⁷ The performance of the CEO, who is also a board member, was formally assessed in September 2018 approximately a year after his appointment.⁵⁸ The board evaluates each meeting and records details in the meeting minutes. This is a practice that other entities could consider adopting.

2.35 The AIMS audit committee completed self-assessments of performance in November 2016 and November 2017.⁵⁹ The results of the self-assessments were included in the papers provided to the AIMS board and board meeting minutes indicated that the outcomes of the assessments were noted by the board.

Opportunities for improvement

2.36 Periodically evaluating board performance can enable a board to reflect on its operations and assess whether it has effectively met its purpose, objectives and obligations. This should include assessing performance in terms of the performance and conformance elements discussed in paragraph 1.4 of this report. Lessons learned from this process can assist the board in setting priorities and goals and contribute to enhancing overall board and organisational effectiveness. Documenting the process, performance criteria, outcomes, and any actions taken in response to issues identified can also assist in ensuring accountability and transparency. Boards could also consider reporting in their annual report that a performance evaluation has been undertaken, insights it has gained from the evaluation and any governance changes it has made as a result.

Does the board establish arrangements and expectations in relation to the board secretariat?

2.37 The AIMS Act does not include requirements relating to secretariat arrangements. The Executive Assistant to the COO performs the role of board secretary at meetings. AIMS advised that the role is formalised in the officer’s performance agreement. The Executive Assistant to the CEO organises all logistics for board meetings including travel and events. The AIMS board secretariat advised that papers are distributed one week prior to the board meeting. Interviews with board members indicate satisfaction with secretariat arrangements including the timely provision of papers, accuracy and level of detail recorded in minutes and general assistance to board members.

Are all meetings minuted and do minutes record all decisions made and action to be taken?

2.38 The ANAO reviewed minutes of board meetings held from July 2016 until December 2018. Actions arising are presented as a separate paper along with the minutes, and minutes also clearly indicate board actions, such as Accepted, Noted and Agreed.

Do board meeting papers include draft minutes of previous meetings for board approval?

2.39 Draft meeting minutes for the last board meeting are included in the papers for the next board meeting.⁶⁰ The board notes any changes and agrees to adopt the minutes as a true and accurate record of the previous meeting. The board Chairperson then signs and dates the minutes as a true and correct record of proceedings. Board members advised that they were satisfied with the minutes.

Has the board established procedures to handle decisions without meetings?

2.40 Sometimes it is necessary for boards to approve and action issues outside of scheduled meeting times. To effectively manage these instances it is useful to have established a process to support the making and recording of board decisions. The AIMS board has established a “flying minute” process to enable decisions without meetings. Flying minutes are sent out of session, the decision is made, and the minutes are ratified at the next board meeting.

2.41 AIMS advised that board members communicate on board business through a variety of channels including private email. Board members and the entity should be cognisant of the need to ensure that information relating to the entity is handled and maintained in accordance with applicable Commonwealth information security and record keeping requirements. These requirements apply to communication channels such as emails, which are official records.

Is reporting of performance results listed as an agenda item at each meeting?

2.42 At each meeting the board is provided with a corporate performance report that includes reporting of performance against the Corporate Plan performance criteria. Board meeting minutes indicate ongoing monitoring and discussion by the board of entity performance.

Is the board provided with information to assist members to gain a good understanding of the entity’s strategic environment and risks?

2.43 The board established a risk management framework in 2007. Within the framework, the board is responsible for determining risk appetite and the CEO is accountable to the board for the implementation of the framework and is responsible for the management of risk. The executive team are responsible for review and approval of the framework. The Risk Management Framework document was presented to the board in December 2016 and November 2018 for the purpose of approving the risk appetite statement. Information on various risks is included in board papers and minutes from board meetings indicate discussion relating to risks at each board meeting. Board meetings include risk management as a standing agenda item.

2.44 The AIMS audit committee regularly reviews the corporate risk register as a standing agenda item. The corporate risk register is not reviewed by the board. The corporate risk register should be regarded as a living document which the board actively reviews on an ongoing basis to drive the management of risk and the controls framework. Risks reported to the board are the ‘hot risks’. AIMS management advised these are emerging risks or where the status of a current risk had changed. Some of these risks are related to the strategic risks in the corporate register, but there is no explicit discussion of the relationship between the two sets of risks in the board papers.

2.45 Board members come from a range of backgrounds that would support an understanding of the strategic environment. Board members are also provided the opportunity to visit different sites through rotating board meeting locations.

2.46 In December 2017 the board received a Strategic Context discussion paper, to support the board in participating in the refresh of the AIMS strategy. There was evidence of active engagement by the board in strategic planning including in relation to the release of the AIMS Strategy 2025. This strategy articulates the AIMS values (safety, collaboration, passion, integrity, innovation, respect and environment) and is a key way of expressing the desired culture within the entity. AIMS management advised the ANAO that AIMS has mature processes in place for performance assessment, and the natural progression is to encourage certain behaviours. As part of this process AIMS management advised that it had established a leadership and culture program. The program is intended to enable AIMS to determine the existing culture within AIMS, the desired culture and take steps to shift culture as necessary. AIMS management further advised that the board is aware of the leadership and culture program, although it has not been presented to the board as one discreet piece of work.

2.47 Overall the board is provided with information to enable members to have a good understanding of the AIMS strategic environment and risks.

Opportunities for improvement

2.48 There is an opportunity for the board to actively review the risk register and use it to drive the management of risk and the controls framework. Better aligning the strategic risks reported to the board with the strategic risks recorded in the corporate risk register would assist this process.

In establishing the audit committee has the board considered structure, composition, size, skills and independence of mind of members to enable the committee to be effective, and has the board established an audit charter outlining key requirements?

2.49 The AIMS audit committee’s charter demonstrates the board’s consideration of these issues. The AIMS audit committee consists of three members, including a Chairperson who is also a board member, another board member, and one person who is not a board member or an employee of AIMS, consistent with the requirements of the charter. The charter, which is approved by the board, requires committee members, collectively, to have a broad range of skills and experience relevant to the operations of AIMS. At least one member of the committee is required to have accounting or related financial management experience and an understanding of accounting and auditing standards in a public sector environment. The charter outlines the committee’s responsibilities relating to financial reporting, performance reporting, systems of risk oversight and management, and systems of internal control. The audit committee charter allows internal audit to attend meetings, as determined by the Chairperson, and the external auditor (ANAO) is invited to all committee meetings. The audit committee Chairperson advised the ANAO that the audit committee considers it has had the necessary access to all relevant information.

Is there an internal audit function that provides assurance to the board and does the board have oversight of internal audit and the entity’s response to internal audit findings and recommendations?

2.50 AIMS has an outsourced internal audit function. There were 11 internal audits during the period reviewed covering topics related to finance, risk, work health and safety, governance, fraud, and information and communications technology. All internal audit reports were provided to the audit committee. The audit committee monitors a register of matters identified by internal audit and implementation by management. This includes details of the recommendations, management’s response to findings, and management actions although it is not always clear from the response whether or not each recommendation has been agreed.

2.51 Audit committee matters is a standing agenda item at board meetings, and involves presentation of audit committee minutes. There is no record that internal audit reports have been provided to the board and internal audit has not directly reported to the board. However, internal audit is a standing agenda item at audit committee meetings, and the minutes provided to the board include updates on internal audit. With the exception of two cases, it was clear from the audit committee minutes what the internal audit recommendations were, and management’s response to the recommendations.

2.52 The audit committee reviews and recommends the internal audit work plan to the board, who have provided approval.⁶¹ The board received assurance from the audit committee that AIMS risks have been considered in developing the internal audit plan.⁶² The audit committee also receives an annual internal audit report from the internal audit provider, which summarises the findings from the previous year’s program. The audit committee provides an annual audit committee report to the board, which includes a high level summary of internal audit matters.

2.53 Overall the board, through its audit committee, has oversight of the internal audit function and management’s response to internal audit findings and recommendations.

Has the board established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements?

3.1 The ANAO examined whether the Australian Institute of Marine Science’s (AIMS) board had established fit-for-purpose arrangements to ensure oversight of and compliance with:

• Ministerial Statements of Expectations and entity Statements of Intent (if applicable);
• selected parts of the entity’s enabling legislation; and
• selected parts of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) relating to: duties of accountable authorities; duties of officials; the corporate plan; financial statements; annual report and audit committees.

3.2 The results of the ANAO’s assessment against each of these requirements and any suggestions for improvement are outlined below.

Oversight of, and compliance with, Statement of Expectations and Statement of Intent

3.3 Sometimes entities are provided with a Statement of Expectations from their Minister. These statements generally outline the Minister’s key priorities and set out the Government’s expectations for the entity, including the priorities it is expected to observe in conducting its operations. Entities then respond to their Minister as to how they intend to deliver the identified priorities through a Statement of Intent.⁶³

3.4 On 4 June 2015 the Minister for Industry and Science provided AIMS with a Statement of Expectations, outlining the Minister’s expectations in relation to policy, partnerships and collaboration, assets and staff, and communication with the Minister and the portfolio department. In response, on 20 August 2015, the AIMS board Chairperson wrote to the Minister outlining AIMS’ Statement of Intent. Board papers and minutes reflect AIMS awareness that it is waiting on a new Statement of Expectations.

3.5 The Statement of Expectations and Statement of Intent are on the AIMS website. AIMS refers to the Statement of Expectations in its 2017–18 and 2018–19 corporate plans. In addition, AIMS annual reports from 2015–16 to 2017–18 have outlined its delivery against the Statement of Expectations. The board, as accountable authority, has oversight of and approves AIMS annual reports and corporate plans. Based on this high-level review, the AIMS board has demonstrated that it has a process in place to have regard to the Statement of Expectations.

Oversight of, and compliance with, elements of enabling legislation

3.6 Under the AIMS Act, the Chief Executive Officer (CEO) is responsible for managing the affairs of AIMS subject to the general direction of the board. The ANAO’s assessment of the AIMS board’s oversight of, and compliance with, selected key requirements of the AIMS Act is outlined below.

3.7 In terms of how the board oversights compliance with the requirements of its enabling legislation, and with other legislative and policy requirements, the process is largely the same as for compliance with the PGPA Act which is discussed further in Table 3.2. The annual certification of compliance process, overseen by the audit committee, includes requirements related to the PGPA Act, the AIMS Act and various other legislative and policy requirements. In terms of ensuring the list of legislative and policy requirements is complete and accurate, the AIMS Schedule of Compliance with Legislation & Policies document states that that the Department and Finance (Finance):

normally consult the Chairman of AIMS Council on proposed legislative amendments, new government policies and material changes to existing policies and guidance materials which impact AIMS. Management responds to these by implementing appropriate changes to AIMS’ procedures and policies in consultation with AIMS Council.

3.8 The annual compliance statement does not include details of what AIMS does to ensure it is compliant, other than including a broad description of the administrative process of receiving advice and making changes to policies. Including details of the basis of assurance, for example, what controls are in place and how they are tested, would assist board members gain a greater understanding of the robustness of internal controls supporting legal compliance. Without such information the potential exists for board members to have a gap in their understanding of AIMS compliance processes.

3.9 In addition to obtaining assurance from the annual certification process overseen by the audit committee, board members advised the ANAO (as discussed further in Table 3.2) that they gain assurance on legal compliance from their individual and collective experience in reviewing management reports, questioning entity management and their knowledge of the policies, procedures and processes in place that support compliance.

3.10 Board papers in December 2017 included details of an instance of non-compliance with legislation.⁶⁴ The board and the audit committee, including in subsequent meetings, discussed the non-compliance and the incident triggered an additional internal review of compliance with legislation. Minutes from an audit committee meeting in February 2018 indicate that the forward internal audit program was developed with attention to non-compliance risk.

Oversight of, and compliance with, selected PGPA Act requirements

3.11 The PGPA Act sets out requirements for the governance, reporting and accountability of Commonwealth entities. The PGPA Act is principles based and the accountable authority has the flexibility to establish the systems and processes that are appropriate for their entity. Finance provides entities with guidance on how to meet the various requirements of the PGPA Act including providing examples of how entities can demonstrate compliance.

3.12 The ANAO examined whether the AIMS board established fit-for-purpose arrangements for oversight of, and compliance with, the following parts of the PGPA Act and PGPA Rule relating to corporate governance:

• general duties of an accountable authority;
• duties as an official; and
• specific requirements relating to corporate plans, annual reports and the audit committee.

General duties as an accountable authority

3.13 The general duties imposed on an accountable authority, which are considered in the following section, are to:

1. govern the Commonwealth entity (section 15);
2. establish and maintain appropriate systems relating to risk management and oversight and internal controls (section 16);
3. encourage officials to cooperate with others to achieve common objectives (section 17);
4. take into account the effects of imposing requirements on others (section 18); and
5. keep their Minister and the Finance Minister informed (section 19).⁶⁵

(a) Duty to govern the Commonwealth entity (section 15)

3.14 Finance guidance states that governing an entity includes:

• promoting the proper (efficient, effective, economical and ethical) use and management of the public resources;
• promoting the achievement of the purposes of the entity;
• promoting the financial sustainability of the entity;
• taking account of the effect of decisions on public resources generally; and
• establishing appropriate systems of risk management and internal control, including measures directed at ensuring officials comply with the finance law (such as accountable authority instructions and delegations).⁶⁶

3.15 The ANAO’s assessment in relation to the AIMS board’s requirement to govern is outlined in Table 3.1.

(b) Duty to establish and maintain appropriate systems relating to risk management and oversight and internal controls (section 16)

3.18 The ANAO’s assessment in relation to the AIMS board’s requirement to establish appropriate systems of risk management and oversight and internal control is outlined in Table 3.2.

(c)–(e) Duty to encourage officials to cooperate with others to achieve common objectives (section 17); take into account the effects of imposing requirements on others (section 18); and keep the Minister and the Finance Minister informed (section 19)⁶⁷

3.19 The ANAO undertook a high-level review of the AIMS board’s oversight of, and compliance with, these requirements. The ANAO’s assessment is outlined in Table 3.3.

Table 3.3: Duty to cooperate, consider requirements on others and keep Ministers informed (PGPA Act sections 17–19)

Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities) - RMG 200, working with others and supporting ministers sections [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019] and ANAO analysis.

General duties as an official

3.20 In addition to the general duties for an accountable authority, the PGPA Act outlines duties applicable to all officials (which include the accountable authority). Officials are required to exercise a duty:

• of care and diligence (section 25);
• to act honestly, in good faith and for a proper purpose (section 26);
• not to misuse their position (section 27);
• not to misuse information (section 28); and
• to disclose material personal interests (section 29).⁶⁸

3.21 Officials also have a responsibility to:

• comply with the finance law;
• comply with the governance arrangements in the entity, for example, internal controls on the proper use and management of public resources; and
• meet high standards of governance, performance and accountability.⁶⁹

3.22 Officials who breach their duties or responsibilities under the PGPA Act can be subject to employment sanctions (including termination of appointment for board members) or criminal sanctions for intentional or serious misuse of public resources. For more details of the duties that apply to all officials under the PGPA Act, refer to Appendix 3 of this audit report.

3.23 The ANAO’s assessment in relation to the AIMS board’s oversight of, and compliance with, the requirements of officials is outlined in Table 3.4.

Table 3.4: General duties as an official (PGPA Act sections 25–29)

Note a: The wording of the policy suggest the requirements for proper use and management of public resources are principles when they are legal requirements.

Note b: The AIMS Intellectual Property Policy was out of date. AIMS advised that it is under an ongoing review following the release of the Privacy APP Code 2017.

Source: Department of Finance, General duties of officials-RMG 203 [Internet], Department of Finance, January 2018, available from https://www.finance.gov.au/resource-management/accountability/officials/ [accessed March 2019] and ANAO analysis.

Specific requirements relating to corporate plans, annual reports and audit committee

3.24 The PGPA Act and PGPA Rule set out a number of specific requirements relating to an entity’s corporate plan, annual report, performance and financial statements and audit committee. For more details, refer to Appendices 4 to 6 of this audit report.

3.25 The ANAO’s assessment of the AIMS board’s oversight of, and compliance with, selected key requirements is outlined in Table 3.5. For the purpose of this report, the most recent applicable document is discussed.

Table 3.5: Board oversight of, and compliance with, selected PGPA Act requirements

Note: The ANAO did not examine the quality of the corporate plan, annual report, performance statement or financial statements.

Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities)-RMG 200, Improving performance and accountability; and Governing your entity [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019], and ANAO analysis.

Appendix 1 Entity response

Appendix 2 General duties as an accountable authority

Source: Department of Finance, Guide to the PGPA Act for Secretaries, Chief Executives or governing boards (accountable authorities)-RMG 200, Summary: Your general duties as an accountable authority [Internet], Department of Finance, December 2016, available from https://www.finance.gov.au/resource-management/accountability/accountable-authorities/ [accessed March 2019].

Appendix 3 General duties as an official

Note a: Finance law includes the PGPA Act and rules and instruments made under the PGPA Act, as well as Appropriation Acts, and the systems of risk management and internal control in their entity established by their accountable authority (including any delegations or authorisations).

Source: Department of Finance, General duties of officials-RMG 203 [Internet], Department of Finance, January 2018, available from https://www.finance.gov.au/resource-management/accountability/officials/ [accessed March 2019].

Appendix 4 Selected PGPA Act requirements

Source: Public Governance, Performance and Accountability Act 2013

Appendix 5 Extract of PGPA Rule 2014

Source: Public Governance, Performance and Accountability Rule 2014.

Appendix 6 Extract of PGPA Rule 2014 section 17

Source: Public Governance, Performance and Accountability Rule 2014.