Background

1. The governing board of a corporate Commonwealth entity is the accountable authority for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act)¹, with responsibility for ‘leading, governing and setting the strategic direction’ for the entity.²

2. Around 59 corporate Commonwealth entities subject to the PGPA Act have governing boards, comprising a total of approximately 600 board positions.³ Corporate Commonwealth entities with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

Boards and corporate governance

Duties and roles

3. Boards play a key role in the effective corporate governance of an entity. Corporate governance is generally considered to involve two dimensions, which are the responsibility of the governing board:

Performance — monitoring the performance of the organisation and CEO. This also includes strategy — setting organisational goals and developing strategies for achieving them, and being responsive to changing environmental demands, including the prediction and management of risk. The objective is to enhance organisational performance;

Conformance — compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

…

it is important to understand that governing is not the same as managing. Broadly, governance involves the systems and processes in place that shape, enable and oversee management of an organisation. Management is concerned with doing – with co-ordinating and managing the day-to-day operations of the business.⁴

4. In the Australian Government sector context, boards must govern the entity in a way that complies with the requirements of any enabling legislation, the Commonwealth finance law (which includes the PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule)), and other applicable laws and requirements.

5. Sections 15 to 19 of the PGPA Act impose duties on accountable authorities in relation to governing the corporate Commonwealth entity for which they are responsible. As the accountable authority, members of Commonwealth governing boards are also officials under the PGPA Act and subject to the general duties of officials in sections 25 to 29 of the PGPA Act.

Hearing Australia

6. Hearing Australia is a corporate Commonwealth entity established under the Australian Hearing Services Act 1991 (AHS Act). Hearing Australia’s mission is to provide world leading research and hearing services for the wellbeing of all Australians. Hearing Australia’s governing legislation establishes the role of the board. Under Hearing Australia’s governing legislation, the functions of the board are to decide the objectives, strategies and policies to be followed by the entity and to ensure that the entity performs its functions in a proper, efficient and economical manner. The board of Hearing Australia is the accountable authority.

Rationale for undertaking the audit

7. This topic was selected for audit as part of the ANAO’s multi-year audit program that examines aspects of the implementation of the PGPA Act. Amongst other things, the PGPA Act requires the accountable authority of an entity to establish and maintain an appropriate system of risk oversight and management, and an appropriate system of internal controls.

8. This audit is part of a series of performance audits of board governance which provides independent assurance to the Parliament on whether the selected boards have established effective arrangements to comply with the audited legislative and policy requirements and adopted practices that support effective governance. The audits also focus on any examples of better practice which may be worth highlighting as a learning for other boards.⁵

9. Four entities were included in the ANAO’s 2018–19 board governance audit series.⁶ For this second tranche of audits, the ANAO selected three corporate Commonwealth entities⁷ with enabling legislation (statutory authorities) that had no performance audit coverage in recent years. This enabled the ANAO to examine selected aspects of legal compliance and board governance in entities not often subject to in-depth performance audit, to ensure the selected entities were getting the basics right.

10. This report outlines the audit of Hearing Australia in the Social Services portfolio.

Audit objective and criteria

11. The objective of the audit was to assess the effectiveness of the governance board in Hearing Australia.

12. To form a conclusion against this objective, the following high-level criteria were adopted.

• The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance.
• The board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements, and the achievement of entity purposes.

13. The audit examined the period July 2019 until March 2022. This is referred to as the review period.

Conclusion

14. The governance board in Hearing Australia is largely effective.

15. The board has been largely effective in ensuring that its governance and administrative arrangements are consistent with relevant legislative requirements and structuring its own operations in a manner that supports effective governance. In the period reviewed by the ANAO the board’s arrangements were effective except for full compliance with governance committee requirements and reporting arrangements.

16. The board has established largely fit-for-purpose arrangements to oversight compliance with key legislative and other requirements, and the achievement of entity purposes. In the review period the board’s arrangements were effective except for: the alignment of elements of fraud risk planning with Commonwealth finance law requirements; compliance with the corporate plan and annual performance statements requirements of the finance law; and the audit and risk management committee not reviewing the 2019–20 and 2020–21 annual performance statements.

Supporting findings

Board governance and structure

17. Board directors and the chairperson were appropriately appointed, and acting arrangements were properly conducted. The chairperson was proactive in identifying suitable nominations for director appointments and providing information to the minister to assist with reappointment and appointment decision-making. (See paragraphs 2.3 to 2.13)

18. Board meetings were properly constituted and there were mechanisms for enabling decisions to be taken without meetings. The board did not approve changes to committee composition and membership and board committee charters were not updated in a timely manner. Information on committee membership and attendance was not accurately recorded in annual reports to Parliament. (See paragraphs 2.14 to 2.32)

19. The board has established a fit-for-purpose charter, set expectations for entity management and the board secretariat, and assessed its own performance. The policies approved by the board did not include a number which relate directly to the Public Governance, Performance and Accountability Act 2013, Public Governance, Performance and Accountability Rule 2014 and other key legislative responsibilities of the board. For example, the Business Ethics Policy, Procurement Policy and Work Health and Safety Policy are not approved by the board or its committees. Board committees did not fully discharge the responsibilities and reporting obligations outlined in their charters. For example, the research and innovation committee and the remuneration committee did not provide annual reports to the board about their operations and activities. (See paragraphs 2.38 to 2.68)

20. There is an internal audit function that provides assurance to the board. The board, through the audit and risk management committee, has oversight of internal audit and the entity’s response to internal audit findings and recommendations. (See paragraphs 2.69 to 2.78)

Oversight of compliance and the achievement of entity purposes

21. The board established arrangements to oversight compliance with the elements of enabling legislation selected for ANAO review. The oversight arrangements include a compliance policy, a compliance framework, an internal risk and compliance function, and arrangements to inform the board of significant breaches of compliance obligations as soon as practicably possible. The compliance policy does not identify the legislation that gives rise to Hearing Australia’s key compliance obligations. The audit and risk management committee reviews the appropriateness of the internal control system and reports annually to the board on its conclusions. (See paragraphs 3.3 to 3.18)

22. There is oversight of, and compliance with the PGPA Act corporate governance requirements selected for ANAO review, with the exception of fraud risks. The audit and risk management committee (or board) have not been provided with a fraud risk assessment and plan that outlines how Hearing Australia will deal with specific fraud risks. Consequently, the board has not met its obligations under section 16 of the PGPA Act and section 10 of the PGPA Rule.

23. Whilst the board reviewed a range of documents containing information on changes to its risk profile and activities, the board did not receive an annual update on risk management as outlined in its Risk Management Policy. Hearing Australia has not prepared an operational risk register or project level risk registers, as described in the Risk Management Framework. (See paragraphs 3.19 to 3.57)

24. The publicly available corporate plan for 2021–25 did not fully address three of the five minimum requirements of the PGPA Rule related to key activities, operating context and performance. During the period reviewed, the audit and risk management committee did not examine the development of performance measures included in the corporate plan. (See paragraphs 3.62 to 3.80)

25. The board undertakes regular review of financial and non-financial performance information. A standing board agenda item for ‘operational and financial results’ provides opportunity for the board to monitor progress against the annual business plan and is included for each board meeting. For this agenda item, the board receives material such as a strategic imperative scorecard, a business plan scorecard, and information on profit and loss, the customer experience, commercial performance and the workforce. (See paragraphs 3.83 to 3.85)

26. The 2020–21 annual performance statements did not fully address two of the three minimum requirements of the PGPA Rule related to the reporting of results and analysis. The 2019–20 and 2020–21 annual performance statements were not reviewed by the audit and risk management committee. Nor was there a committee recommendation for the board to approve the annual performance statements. The board did not receive the assurance and advice set out in the committee’s charter. (See paragraphs 3.86 to 3.98)

Recommendations

27. The ANAO also suggested nine areas of improvement related to board governance in Hearing Australia.

Summary of entity responses

28. A summary response from Hearing Australia is provided below and Hearing Australia’s full response can be found at Appendix 1. An extract of the draft report was also provided to the Department of Finance (Finance). A summary response from Finance is provided below and Finance’s full response can be found at Appendix 1.

Hearing Australia

The Board notes the central finding in the report that its governance and oversight arrangements are largely effective and consistent with relevant legislative requirements.

The Board also notes the report’s findings that it has structured its operations in a manner that supports effective governance, including providing real-time oversight of key decisions and risks at the onset of the pandemic, has fit-for purpose oversight arrangements, and has established a positive governance culture.

The Board further notes the report’s recommendations and will discuss their implementation at its next meeting.

The Board would also like to take this opportunity to acknowledge Hearing Australia’s response to the pandemic and express its gratitude to its management team and staff for their commitment to supporting people with hearing loss.

Hearing Australia’s network of 171 hearing centres have stayed open throughout the pandemic and each week Hearing Australia has helped over 11,000 children, adults, pensioners and veterans across urban, regional and remote Australia, achieving client satisfaction rates of over 85 per cent.

The Board is also proud of the organisation’s work in improving the hearing health of Aboriginal and Torres Strait Islander children and the work of its research arm, the National Acoustics Laboratories.

Department of Finance

The Department of Finance (Finance) welcomes this report.

As the ANAO notes, accountable authorities have certain duties and responsibilities under the Public Governance, Performance and Accountability Act 2013 (PGPA Act). To assist accountable authorities in understanding and meeting these duties, Finance provides all new accountable authorities with PGPA framework guidance and an offer of in-person briefings with Finance officials. These in-person briefings are also provided to boards, councils and senior executives where requested.

Key messages from this audit for all Australian Government entities

29. This audit is part of a series of governance audits that have applied a standard methodology to the governance of individual boards. Key messages from this ongoing series of audits will be drawn on to update the ANAO Insights product on Board Governance available on the ANAO website.⁸

Introduction

1.1 The governing board of a corporate Commonwealth entity is the accountable authority for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act)⁹, with responsibility for ‘leading, governing and setting the strategic direction’ for the entity.¹⁰

1.2 Around 59 corporate Commonwealth entities subject to the PGPA Act have governing boards, comprising a total of approximately 600 board positions.¹¹ Corporate Commonwealth entities with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

Boards and corporate governance

1.3 Sections 15 to 19 of the PGPA Act impose duties on accountable authorities in relation to governing the corporate Commonwealth entity for which they are responsible (see Box 1).¹² As the accountable authority, members of Commonwealth governing boards are also officials under the PGPA Act and subject to the general duties of officials in sections 25 to 29 of the PGPA Act.¹³

1.4 Boards play a key role in the effective governance of an entity. Corporate governance is generally considered to involve two dimensions, which are the responsibility of the governing board:

Performance — monitoring the performance of the organisation and CEO. This also includes strategy — setting organisational goals and developing strategies for achieving them, and being responsive to changing environmental demands, including the prediction and management of risk. The objective is to enhance organisational performance;

Conformance — compliance with legal requirements and corporate governance and industry standards, and accountability to relevant stakeholders.

…

it is important to understand that governing is not the same as managing. Broadly, governance involves the systems and processes in place that shape, enable and oversee management of an organisation. Management is concerned with doing – with co-ordinating and managing the day-to-day operations of the business.¹⁴

1.5 The relationship between effective corporate governance and organisational performance is summarised in Box 2.

Note a: M Edwards and R Clough, Corporate Governance and Performance: An Exploration of the Connection in a Public Sector Context, Corporate Governance ARC Project, Paper No. 1, January 2005, pp. 4–5.

Note b: ibid., p.14.

Culture and governance

1.6 The interplay of the ‘hard’ and ‘soft’ attributes of governance — and the criticality of board and organisational culture to an entity’s performance, values and conduct — have been central themes in notable Australian inquiries into organisational misconduct. These have included the 2003 Royal Commission into the failure of HIH Insurance¹⁵, the 2018 Australian Prudential Regulation Authority (APRA) Prudential Inquiry into the Commonwealth Bank of Australia¹⁶ and the 2019 Royal Commission into the financial services industry.¹⁷ While the specific focus of these inquiries was on financial institutions, their key insights on culture and governance (Box 3) have wider applicability and provide lessons for all accountable authorities, including governance boards.¹⁸

Source: ANAO, Audit Insights: Board Governance, 17 May 2019, available from https://www.anao.gov.au/work/audit-insights/board-governance.

1.7 Many Auditor-General reports have made findings consistent with those appearing in the reports of these inquiries.¹⁹ In April and May 2019, the Auditor-General presented a series of performance audits that reviewed whether the boards of four corporate Commonwealth entities had established effective arrangements to comply with selected legislative and policy requirements, and adopted practices that support effective governance:

• Report No.34 2018–19 Effectiveness of Board Governance at Old Parliament House — published on 18 April 2019;
• Report No.35 2018–19 Governance of the Special Broadcasting Service Corporation — published on 26 April 2019;
• Report No.36 2018–19 Effectiveness of Board Governance at the Australian Institute of Marine Science — published on 30 April 2019; and
• Report No.37 2018–19 Effectiveness of Board Governance at the Sydney Harbour Federation Trust — published on 2 May 2019.²⁰

1.8 The ANAO also published an audit insights product from this series, which outlined a number of key messages that may be relevant to the operations of other Commonwealth boards as well as broader governance arrangements in Commonwealth entities.^{21 22}

The Public Governance, Performance and Accountability Act 2013 (PGPA Act)

1.9 The objects of the PGPA Act include: to establish a coherent system of governance and accountability across Commonwealth entities; and to require the Commonwealth and Commonwealth entities to meet high standards of governance, performance and accountability.²³

1.10 As discussed in paragraph 1.3, the PGPA Act includes both general duties of accountable authorities and general duties of officials. It also establishes obligations relating to the proper use of public resources (that is, the efficient, effective, economical and ethical use of resources).²⁴ In so doing, the PGPA Act establishes clear cultural expectations for all Commonwealth accountable authorities and officials in respect of resource management.

1.11 The Department of Finance (Finance), which supports the Finance Minister in the administration of the PGPA Act framework, has also issued a range of guidance documents on the technical aspects of resource management under the framework.

1.12 In April 2019 the Auditor-General made an agreed recommendation to Finance to update its guidance to accountable authorities having regard to the key insights and messages for accountable authorities identified in recent inquiries and reviews (the Hayne Royal Commission and APRA Prudential Inquiry).²⁵

1.13 In November 2019 Finance released a two-page paper titled: Lessons learned from the private sector: Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. This paper highlights that accountable authorities should be mindful of inquiries and reviews undertaken in the private sector and should consider any lessons that could be learned in their entity’s context. The paper also states the following.

• The accountable authority cannot simply rely upon the information presented by senior executive staff, they have the responsibility to request more information where necessary to fulfil their duties.
• The delegation of its powers does not discharge the duties of the accountable authority to ensure that those powers are being exercised correctly.
• The practical effectiveness of an entity’s governance model and internal controls should be periodically tested. Technically ticking every best practice box is not functional as culture and governance are never ‘fixed’.^{26 27}

1.14 Relevantly, Finance also released A guide for corporate Commonwealth entities on the role of audit committees in September 2021.²⁸ The guide states that:

Audit committees are integral to good corporate governance. They provide advice to accountable authorities, assist them to meet their duties and obligations, and support the development of key practice and capacity within [corporate Commonwealth entities] CCEs.²⁹

1.15 In December 2021 Finance advised the ANAO that:

• it monitors the appointment of new accountable authorities on a regular basis;
• to support accountable authorities in meeting their responsibilities under the PGPA Act, the Finance Secretary issues a new accountable authority with an introductory email providing guidance material, tools and resources available on the Finance website. These emails also offer in-person briefings from senior officials on their duties under the PGPA Act;
• it also provides broader PGPA framework briefings to senior executives and officials of PGPA Act entities and companies on request; and
• during 2020–21, it provided 17 new accountable authority introductory emails and delivered 14 in-person briefings. The briefings delivered by Finance officials in 2020–21 were to a combination of accountable authorities, officials and board members. Of the 14 in-person briefings, six were delivered to board members.

Rationale for undertaking the audit

1.16 This topic was selected for audit as part of the ANAO’s multi-year audit program that examines aspects of the implementation of the PGPA Act. Amongst other things, the PGPA Act requires the accountable authority of an entity to establish and maintain an appropriate system of risk oversight and management, and an appropriate system of internal controls.

1.17 This audit is part of a series of performance audits of board governance which provides independent assurance to the Parliament on whether the selected boards have established effective arrangements to comply with the audited legislative and policy requirements and adopted practices that support effective governance. As discussed in paragraph 1.8, the audits also focus on any examples of better practice which may be worth highlighting as a learning for other boards.

1.18 As discussed in paragraph 1.7, four entities were included in the ANAO’s 2018–19 board governance audit series. For this second tranche of audits, the ANAO selected three corporate Commonwealth entities with enabling legislation (statutory authorities) that had no performance audit coverage in recent years. This enabled the ANAO to examine selected aspects of legal compliance and board governance in entities not often subject to in-depth performance audit, to ensure the selected entities were getting the basics right. Each entity in this series of audits will be subject to a separate audit with three audit reports to be tabled.

1.19 The three entities included in the ANAO’s 2021–22 board governance audit series are:

• Commonwealth Superannuation Corporation (CSC) in the Finance portfolio;
• Australian Hearing Services (Hearing Australia) in the Social Services portfolio; and
• Australian Film, Television and Radio School (AFTRS) in the Infrastructure portfolio.

Hearing Australia

1.20 Hearing Australia is a corporate Commonwealth entity established under the Australian Hearing Services Act 1991 (AHS Act). Hearing Australia’s mission is to provide world leading research and hearing services for the wellbeing of all Australians.

1.21 Hearing Australia’s governing legislation establishes the role of the board. The functions of the board are to decide the objectives, strategies and policies to be followed by the entity and to ensure that the entity performs its functions in a proper, efficient and economical manner.³⁰ The board of Hearing Australia is the accountable authority.

1.22 The AHS Act requires the board to consist of a chairperson, the managing director, four other members and such members as are appropriate for a special purpose.³¹ All board directors are appointed by the responsible minister, currently the Minister for Government Services, by written instrument. All directors (except the managing director) are appointed on a part-time basis and are paid remuneration that is determined by the Remuneration Tribunal. The managing director is appointed on a full-time basis with terms and conditions (including remuneration and allowances) determined by the board.

1.23 The board is supported by three committees to assist it in carrying out its functions: the audit and risk management committee, the research and innovation committee and the remuneration committee.

1.24 At 30 June 2021, there was a total of 1,180 ongoing and 198 non-ongoing employees. Services were provided to customers through tele-services, online, in-home and within Hearing Australia’s network of 170 hearing centres Australia-wide.

1.25 Total revenue for the 2020–21 financial year was $274.5 million. Hearing Australia receives funding from the Australian Government under an agreement with the Department of Health to deliver hearing services, constituting approximately one-third of its income. Hearing Australia also offers services under the Government’s Hearing Services (‘Voucher’) Program, which is a competitive market involving some 300 other hearing service providers. Hearing Australia provides goods and services to members of the community who are not eligible for government-subsidised services, under user-pays arrangements. Two thirds of Hearing Australia’s income is derived from its operations in commercial markets.

Audit approach

Audit objective, criteria and scope

1.26 The objective of the audit was to assess the effectiveness of the governance board in Hearing Australia.

1.27 To form a conclusion against this objective, the following high-level criteria were adopted.

• The board’s governance and administrative arrangements are consistent with relevant legislative requirements and the board has structured its own operations in a manner that supports effective governance.
• The board has established fit-for-purpose arrangements to oversight compliance with key legislative and other requirements, and the achievement of entity purposes.

1.28 The audit examined the period July 2019 until March 2022. This is referred to as the review period.

Audit methodology

1.29 In undertaking the audit the ANAO:

• reviewed board and committee papers and minutes from July 2019 to March 2022;
• reviewed a range of relevant documentation including entity corporate plans, strategy documents, board and committee charters, risk registers, conflict of interest declarations and other key policy and process documentation;
• held discussions with the current board chair, managing director and other senior entity staff;
• observed one board meeting and one audit and risk management committee meeting in November 2021;
• reviewed relevant guidance and reviews on board and corporate governance; and
• examined internal audit and assurance reports.

1.30 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $170,000.

1.31 The team members for this audit were Michelle Page, Peter Bell and Susan Ryan.

2.1 Board governance and structure encompasses how the entity establishes and manages the board in accordance with its duties and responsibilities under the Commonwealth finance law — which includes the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) — its enabling legislation and other regulatory requirements. Hearing Australia’s enabling legislation is the Australian Hearing Services Act 1991 (AHS Act). To assess the effectiveness of the governance board in Hearing Australia the ANAO examined whether:

• the board’s governance and administrative arrangements are consistent with relevant legislative requirements; and
• the board has structured its own operations in a manner that supports effective governance.

Are the board’s governance and administrative arrangements consistent with relevant legislative requirements?

2.2 To assess if Hearing Australia’s governance and administrative arrangements were consistent with legislative requirements, the ANAO examined the structure, membership, nomination, appointment and reappointment of board directors, the constitution of board meetings and the transparency of board decision-making. The audit examined the period July 2019 until March 2022. This is referred to as the review period.

Were board members and the chair appropriately appointed, and were acting arrangements properly conducted?

2.3 The AHS Act requires the board to consist of a chairperson, the managing director, four other members and such members as are appropriate for a special purpose.³²

2.4 All board directors are appointed by the responsible minister by written instrument. During the period of review, there were four reappointments and two new board director appointments. Hearing Australia maintained evidence of all reappointments and appointments of board directors.

2.5 The chairperson was reappointed for a third term of two years commencing 8 December 2020, however this appointment finished early (on 31 December 2021) as the chairperson accepted another position at the request of the minister. An acting chairperson has been appointed, by written instrument, for the period 1 January 2022 to 31 March 2022.

2.6 The special purpose director was reappointed in April 2019 to support the delivery of an organisational transformation and to assist with the transition of eligible clients to the National Disability Insurance Scheme and the implementation of the new Indigenous Hearing Assessment Program. The term of appointment is ongoing until this special purpose is complete.

2.7 Acting arrangements for the managing director during the period of review were also approved by the minister by written instrument.

2.8 The chairperson wrote to the minister in November 2019 in preparation for upcoming reappointments and appointments of board directors.³³ This letter outlined the changing, and required, skill mix of the board in order to support Hearing Australia as it undergoes significant strategic and operational change. The chairperson used a Skills Matrix as a tool to assist in the identification of qualified nominations for the new appointments, should the minister so choose. The Skills Matrix identified required skills in areas such as: strategy, public sector regulation, policy, IT and cyber, compliance, digital markets, customer, aged care and organisational transformation.

2.9 The Skills Matrix was also used by the chairperson to consider which board members/nominated persons could provide value to, and supplement the existing skillsets of board committees, including the skills mix and expertise of the audit and risk management committee.

2.10 The letter to the minister also provided information to assist in ongoing improvements to the sequencing of board member appointments.

2.11 The board is limited by statute to six directors, plus any special purpose directors. The chairperson wrote to the minister in March 2019 to provide information on how the board was strengthening its governance by constituting a board research and innovation committee to help guide changes to innovation initiatives, including digital offerings. The chairperson outlined the rationale for, and choice of, a special purpose member outside of the existing board directors to supplement board expertise in this area.

2.12 Whilst the Skills Matrix was used to support the board’s appointment of a special purpose member for the research and innovation committee, there was no evidence of its use by the board when reappointing a special purpose member to the audit and risk management committee.

Were meetings properly constituted, and is there a mechanism enabling decisions to be taken without meetings?

Board meetings

2.14 The board should hold such meetings as are necessary for the efficient performance of its functions. The board must hold at least two meetings in each financial year.³⁴ Hearing Australia’s board charter identifies that current practice is that the board meets six times per calendar year.

2.15 A quorum at a board meeting is the majority of directors.³⁵ For voting, all questions are to be decided by a majority of votes of the directors present and voting. The director presiding has a deliberative vote and, in the event of an equality of votes, also has a casting vote.³⁶ Quorum requirements were met during the period reviewed.

2.16 Board meetings are minuted, and minutes record decisions made and actions to be taken. Meeting minutes record, for each decision made, the names of the board members who ‘moved’ and ‘seconded’ each decision. Board meeting papers include draft minutes of the previous meeting for board approval and the chairperson also signed a copy of the approved minutes.

2.17 Hearing Australia’s board charter outlines procedures for the preparation and approval of meeting minutes and outlines the mechanisms to facilitate decisions without meetings. Out-of-session decisions are facilitated through the circulation of a ‘flying minute’ approved by the chairperson and board members will generally have five working days to respond to these minutes. The timing of more urgent matters is at the discretion of the chairperson.

2.18 Between 20 March 2020 and 23 April 2020 nine emergency board meetings were held to address issues arising from COVID-19. During this time, the secretariat maintained records on: the agenda of these board meetings, attendance, board decisions and any action items. However, the records of board meetings during this period were not formally approved by the board (for example, approved at the next meeting) or signed by the chairperson. These meetings did not follow the charter procedures for the preparation and approval of board meeting minutes. The ANAO has made a recommendation on this matter at paragraph 2.33 below. While the minutes for the board’s emergency meetings were not formally approved by the board, the content of the meeting agenda and papers themselves evidence that during this time, the board provided real-time oversight and assessment of emerging operational, financial and safety risks, and monitored management’s responses to them.

Board committees

2.19 Section 33 of the AHS Act states that the board may establish committees to assist in the performance of its functions and the exercise of its powers. A committee is to be constituted wholly by directors or partly by directors and partly by other persons.³⁷ The board has established three committees to assist it carrying out its functions: the audit and risk management committee; the research and innovation committee; and the remuneration committee.

2.20 The board has approved charters for each of its committees. The charters document the minimum required number of meetings, quorum requirements and the need to ensure that minutes of the meetings are prepared and maintained. The charters do not document how to handle out-of-session decisions.

2.21 Each committee prepared meeting minutes for the period reviewed by the ANAO. The committee papers included draft minutes of the previous meeting for approval. The committee chair also signed a copy of the approved minutes.

2.22 Quorum requirements for the audit and risk management committee meetings were met during the period reviewed. The audit and risk management committee regularly updated the board on its activities and made recommendations to the board as appropriate.

2.23 The research and innovation committee’s charter states that the committee is to be appointed by the board. The charter that was in effect in June 2019 outlined membership to be: chair of the committee; the managing director; other board members; director of the National Acoustic Laboratories (NAL)³⁸; and a special purpose member.

2.24 On 1 October 2019, the chairperson wrote to all board directors to outline a change to the operation and membership of the research and innovation committee. The new membership would consist of: the chair of the committee; the managing director; three board directors; and a special purpose member. That is, the letter indicated that the director of NAL was no longer a member of the committee. The research and innovation committee charter was not updated to reflect this change. There is no evidence this change was approved by the board.³⁹

2.25 On 24 September 2020, a letter from the chairperson to all board directors outlined the memberships of all board committees, including the research and innovation committee. This letter confirmed the membership of the research and innovation committee to be that as outlined in the letter dated 1 October 2019. That is, the director of NAL was not a member of the committee. The charter was not updated or approved by the board to reflect this reiteration of committee membership.

2.26 In December 2020 the board approved a new research and innovation committee charter. This charter stated that the director of NAL was a member of the committee. The Annual Report 2020–21 does not record the director of NAL as a member of the research and innovation committee, despite being a member in line with the board approved charter in December 2020 and attending three meetings (December 2020, February 2021 and April 2021). The Annual Report 2020–21 also recorded two board directors as attending all meetings, when approved minutes indicate they were not ‘members’ but rather ‘also present’ at these meetings.

2.27 The remuneration committee charter states that the committee is to be appointed by the board. The charter that was in effect in June 2019 outlined membership to be: chair of the committee; managing director; a minimum of three other board members; and special purpose members.

2.28 On 1 October 2019, the chairperson wrote to all board directors to outline a change to the operation and membership of the remuneration committee. The letter indicated that membership would consist of a chair, the managing director and three board directors. That is, the letter indicated that there would not be a special purpose member. There was no evidence that this change in committee composition was approved by the board.⁴⁰

2.29 On 24 September 2020, a letter from the chairperson to all board directors outlined the memberships of all board committees, including the remuneration committee. This letter changed the membership of the remuneration committee, by removing the managing director as a member and reducing the number of other board directors from three to two. There was no evidence that this change in committee composition was approved by the board or updated in the charter.⁴¹

2.30 In December 2020 the board approved a new remuneration committee charter. This charter stated the membership of the committee would be: chair of the committee; a minimum of two other board directors; and may include a special purpose member(s). That is, the composition was changed from September 2020 to include the option to have a special purpose member.

2.31 The Annual Report 2019–20 recorded the remuneration committee as holding three meetings. Approved meeting minutes indicate that only one meeting was held in this financial year. The charter required the committee to meet at least two times a year. Hearing Australia advised the ANAO that the committee did not meet this requirement due to other priorities related to COVID-19.

2.32 The board should ensure that board and committee charters include sufficient information and process to guide the recording and approval of out-of-session decisions.

Has the board structured its own operations in a manner that supports effective governance?

2.35 During the period reviewed by the ANAO, the board was supported by three committees.

• Audit and risk management committee — provides independent advice and assurance to the board to assist the board to discharge its responsibilities under the AHS Act and the PGPA Act, with respect to: financial reporting; risk oversight and management; internal controls; and compliance with relevant laws and policies. This committee includes one member who is not a board director.
• Research and innovation committee — provides guidance, support and oversight of NAL’s research initiatives as well as Hearing Australia’s innovation in service delivery. This includes approving, supporting and oversighting strategic directions and funding arrangements and the transformation of Hearing Australia’s services through innovation and the use of technology. The committee is to provide advice to the board in relation to NAL’s research and Hearing Australia’s innovation activities to assist the board to perform its functions. This committee includes one member who is not a board director.
• Remuneration committee — assists and advises the board on matters relating to the compensation, bonuses, incentives and remuneration of the managing director and staff of Hearing Australia. It includes providing the board with advice in relation to key annual performance indicators for the managing director, the managing director’s processes, policies and decisions regarding the remuneration of Hearing Australia’s senior executive and staff and Hearing Australia’s enterprise agreement and associated policies and frameworks for staff remuneration, allowances, performance payment and entitlements.

2.36 The governance structure of the board and its committees is illustrated in Figure 2.1.

Figure 2.1: Board committees

 

 

Source: ANAO analysis of Hearing Australia’s board and committee charters, meeting minutes and papers.

2.37 To assess if Hearing Australia’s board has structured its own operations in a manner that supports effective governance, the ANAO examined the charters, committee arrangements, oversight of key policies, induction, board performance assessments and arrangements for the establishment and operation of the internal audit function. The ANAO also considered behavioural observations of the operation of the board.

Does the board have a fit-for-purpose charter, set expectations for entity management and the board secretariat, and assess its own performance?

Charter

2.38 A board charter is a written document that sets out such things as:

• the functions, powers, and membership of the board;
• role, responsibilities and expectations of members, both individually and collectively, and of management⁴²;
• role and responsibilities of the chairperson⁴³;
• procedures for the conduct of meetings⁴⁴; and
• policies on board performance review.

2.39 A charter can provide a single reference point that clearly sets out the functions, powers and membership of the board, as well as roles, responsibilities and accountabilities, consistent with relevant legislative requirements. Board charters can also articulate the desired culture of the board and address the ‘soft attributes’ of governance discussed in Chapter 1 of this audit relating to board culture and behaviours, which are critical to good governance.⁴⁵

2.40 The Australian Institute of Company Directors has indicated that:

In most organisations the governance framework is determined by the legislation that it has been created under … However, there are many aspects of modern governance which the board must consider and act upon that lie outside legal requirements. The board charter is one way of documenting these matters.⁴⁶

2.41 Hearing Australia’s board charter outlines the legislation under which Hearing Australia was established and responsibilities of the board under the PGPA Act. The board charter refers to the establishment of committees to assist it to discharge its responsibilities. The board charter includes information on: composition; functions and roles; and operating arrangements, including the need to declare any conflicts of interest at the start of each meeting or before discussion of the relevant agenda items or topic.

2.42 The audit and risk management committee charter refers to its specific functions outlined in section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) to review the appropriateness of the board’s: financial reporting; performance reporting; system of risk oversight and management; and system of internal controls for Hearing Australia. In line with its charter, the committee provided annual reports to the board on the discharge of its responsibilities.

2.43 Board approved charters have been prepared for all three board committees.

2.44 The charters for the research and innovation committee and remuneration committee outline specific reporting requirements to the board. This includes providing a report, at least once a year, to the board on its operations and activities. This should include details of meetings held, summary of work performed and if it has fully discharged its responsibilities during the preceding year. These reports were not provided by the research and innovation committee or remuneration committee for the period reviewed by the ANAO.

Board expectations for entity management and the board secretariat

2.46 The board has set expectations for entity management in its charter by outlining:

• the role of the managing director, including responsibilities as required by the AHS Act;
• the six key documents that the board will approve each year, including the: corporate plan, annual financial statements, annual performance statements, annual report, risk management policy and operating and cash budget; and
• contracts and delegations, including when the minister’s written approval is required before entering into a contract.

2.47 A board and committee work program is also prepared for each financial year and included in board papers. This program outlines when key documents will be provided to the board and committees to assist in discharging their responsibilities.

2.48 Although the board’s work program outlines some of the key policies that the board approves, no consolidated list is maintained (for example, in the board charter). From a review of the board meeting papers and minutes, the ANAO identified that the board approved key policies such as: Delegation of Authority Policy (November 2021); Risk Management Policy (June 2021); Compliance Policy (August 2020); Whistleblower Policy (October 2020); and Performance Schemes. The audit and risk management committee approved the Risk Management Framework (May 2021).

2.49 The policies approved by the board do not include a number which relate directly to the PGPA Act and PGPA Rule, and other key legislative responsibilities of the board. For example, the Business Ethics Policy⁴⁷, Procurement Policy, Fraud and Corruption Control Plan, Fraud and Corruption Risk Management Policy and Work Health and Safety Policy are not approved by the board or its committees. Policies such as these enable boards to influence behaviours and can be an important mechanism in communicating the desired culture within the entity. Reviews such as the 2018 APRA Prudential Review⁴⁸ and the 2019 Hayne Royal Commission⁴⁹ have highlighted that boards need to be alive to how incentives in organisations can drive inappropriate behaviours. Periodic board review of these policies can assist a board in its messaging to the entity about the organisational culture it wishes to promote. In March 2022, Hearing Australia advised the ANAO that an updated board work program was being prepared and would address the review of key policies to ensure the policies remained fit-for-purpose.

2.50 The board charter outlines arrangements and expectations for the board secretariat through the identification of requirements related to meeting agenda, papers and minutes and other secretariat support that will be provided, such as:

• providing advice and support to board members in relation to their duties;
• ensuring that board procedures are followed;
• ensuring that an agenda for each meeting and supporting papers are circulated; and
• ensuring that minutes of meetings are prepared and maintained.

Board induction, education and performance

2.52 The board charter does not identify induction requirements. There were two new director appointments during the period reviewed, both were in September 2020. A welcome email and induction information pack was sent to these directors by the managing director. This included documents such as: information on the executive team; quarterly performance results; current corporate and business plans; recent reports on emerging issues; a copy of the AHS Act; board and committee charters; and a high-level review of the risk register. The welcome email also indicated an initial briefing would be provided by the senior executive team and that this session would be open to all board directors if they were interested.

2.53 In addition, the chairperson developed a one-page document outlining board engagement activities to be undertaken over the period September 2020 to December 2020. This outlined the steps that would be taken to ‘get the board functional and connected’, ‘make the first round of meetings a success’ and ‘to finish the year on a high’. On 24 September 2020 the chairperson also wrote to all directors to reiterate the board priorities, responsibilities and particular focus areas for the coming 12 months (including responding to the COVID-19 pandemic, transformation, rollout of the system modernisation program and stakeholder engagement).

2.54 The research and innovation committee charter identifies induction activities, including that ‘new members will receive relevant information and briefings on their appointments to assist them to meet their committee responsibilities’. During the review period, one new member was appointed to the research and innovation committee. This person, as a director, received the general board induction summarised above and received a one-on-one briefing from the board chairperson.

2.55 The audit and risk management committee charter states that the committee will ‘adopt and maintain a program of induction, training and awareness-raising for its members, with the objective of enabling the committee to keep abreast of contemporary developments and leading practices in relation to its functions’. During the period reviewed, one new member was appointed to the audit and risk management committee. This person, as a director, received the general board induction summarised above and briefings from board members and executive staff. The other training and awareness activities received by the audit and risk management committee members during the period reviewed was training on understanding PGPA Act requirements and Consumer and Competition Law (other board members outside of this committee also received this training).

2.56 To assist the board in understanding the entity’s strategic environment and risks, the board established a number of standard meeting agenda items covering these areas, including: the managing director’s report, finance and performance reports, strategic planning, procurement strategy and ‘proof points.’⁵⁰

2.57 The board also holds strategy days, during which the board is able to engage with management on the direction of the entity. Board strategy days were held in March 2020, February 2021 and March 2022.

2.58 In April 2021 the board also held a special board meeting on governance. The purpose of this meeting was to:

• discuss and note the responsibilities of the board under the AHS Act;
• discuss and note the responsibilities of the accountable authority and of officials under the PGPA Act;
• examine the findings and implications from the government initiated investigation into the use of public resources at Australia Post; and
• examine the findings of the interim report on performance pay for senior executives in government entities prepared by the Department of the Prime Minister and Cabinet and the Australian Public Service Commission.

2.59 The board charter requires the board to review its operations and effectiveness on an annual basis. The charter states that the chairperson will implement a system which, subject to consultation with the board, may include: a collective review of effectiveness; individual performance reviews of members; opportunities for members to give private feedback to the chairperson on board effectiveness; and such other review mechanisms as the board determines.

2.60 The chair’s report in August 2020 requested directors to complete a survey related to board performance. The survey consisted of 30 questions related to: the quality of board papers; meeting preparation; minutes; conduct of board meetings; if the board was sufficiently focused on high-profile risk issues; mix of board skills; succession planning; training; and level of engagement with management. The survey included one question related to committee performance: ‘are board committees functioning properly’. The survey also asked three ‘freeform’ questions related to usefulness and suggested improvements to the board strategy days, what was considered to be the board’s greatest strengths and weaknesses and other comments.

2.61 The survey was responded to by seven directors. An email was provided to board members (this excluded the two new board members) on 5 November 2020 outlining the survey results. This included an excel spreadsheet attachment outlining results. The results of the survey identified a number of low scoring areas which may indicate where improvement is required. These included the level of discussion at board meetings, focus on high-profile risk issues, board skills mix and liaison with management (‘steering not rowing’). No action plans were developed to address the survey results. The email indicated that the chairperson would discuss the results during one-on-one catchups with each board director. Hearing Australia advised the ANAO that these discussions did take place.

2.62 The approach used to assess board performance did not seek feedback from committee non-director members or senior executives. It did not assess board committee effectiveness in meeting charter objectives, or assess committee chair performance. Formal action plans, to track improvements and progress were also not prepared. These areas are better practice approaches to assessing board performance. An area for improvement related to reviewing the arrangements to assess the performance of the board and its committee members has been identified at paragraph 2.67.

2.63 The board completed an effectiveness assessment in February 2022. This assessment consisted of the completion of the same survey as in 2020 as detailed above. The results of the survey were discussed at the March 2022 board meeting, including actions to address opportunities for improvement identified as part of the survey outcomes.

2.64 The audit and risk management committee charter states that the chair of the committee, in consultation with the board chairperson, will initiate a review of the performance of the committee and its members at least every year. The review is to be conducted on a self-assessment basis (unless otherwise determined by the board) with input sought, where appropriate, from the board, the managing director, the internal auditor, the ANAO, the service provider contracted by the ANAO, management, and any other relevant stakeholders as determined by the committee. The assessment arrangements are to include a board assessment of the committee members’ skills, qualifications and experience. These reviews were not conducted in the period reviewed for the audit.

2.65 The audit and risk management committee has one non-director special purpose member. This person has been a special purpose member since 2017. The terms of the appointment for this special purpose member do not align to the approved charter. The audit and risk management committee charter requires a special purpose member to receive 50 per cent of the payment determined by the Remuneration Tribunal for audit and risk management committee members (stated in the charter as $4,080). The special purpose member was paid $19,136 in both 2019–20 and 2020–21, almost 4.7 times more than the payment amount documented in the charter. The actual remuneration paid to the special purpose member was accurately recorded in Hearing Australia’s 2019–20 and 2020–21 annual reports. The inconsistency between the remuneration amount documented in the committee charter and the actual payments to the special purpose member should be reviewed by the board.

2.66 The research and innovation committee charter states that the chair of the committee, in consultation with the board, will initiate a review of the performance of the committee at least every two years. The review is to be conducted on a self-assessment basis (unless otherwise determined by the board) with appropriate input sought from the board, the managing director, internal auditors, management, and any other person the board considers appropriate. These reviews were not conducted in the period reviewed for the audit.

Behavioural observations

2.68 The ANAO attended one board meeting and one audit and risk management committee meeting in November 2021. The ANAO interviewed the former chairperson of the board in January 2022. Interviews were also held with key senior executive officers, including the managing director. In those meetings, and through a review of board and committee papers and minutes, the ANAO observed board directors collectively displaying a range of qualities and behaviours that indicate a positive governance culture at the board level.⁵¹ These included:

• an openness to declaring conflicts of interest;
• an ability to conduct meetings in a professional, collegiate and respectful manner;
• a willingness to undertake sufficient preparation to enable meetings to be conducted in a productive manner;
• an understanding of their obligations as the accountable authority under the Public Governance, Performance and Accountability Act 2013 and the challenges facing the entity;
• a desire and commitment to act in the best interest of the entity;
• a willingness to invest in their own understanding of issues and entity operations; and
• direct engagement with the executive on key areas of interest.

Is there an internal audit function that provides assurance to the board and does the board have oversight of internal audit and the entity’s response to internal audit findings and recommendations?

2.69 The audit and risk management committee charter outlines specific responsibilities related to the oversight of internal audit. These include:

(a) act as a forum for communication between the Board, senior management and internal audit;

(b) review the proposed internal audit coverage and annual work plan, ensure the plan is based on Hearing Australia’s key risks, and approve the audit plan and internal audit budget;

(c) advise the Board on the adequacy of internal audit resources to carry out its responsibilities, including completion of the approved internal audit plan;

(d) oversee the coordination of audit programs conducted by internal and external audit and other review functions;

(e) review all audit reports and provide advice to the Board on significant issues identified in audit reports and action taken on issues raised, including identification and dissemination of good practice;

(f) monitor management’s implementation of internal audit recommendations;

(g) at least once a year, assess the performance of the internal audit service provider; and

(h) meet separately, as required, with internal audit service provider and obtain an annual report for the overall state of Hearing Australia’s internal control.

2.70 In February 2021 the audit and risk management committee noted management’s approach to sourcing a new internal audit provider. This included approaching four firms for a quotation. Results of the process were provided to the audit and risk management committee in May 2021 and final approval of a new internal audit provider (KPMG) was provided via a flying minute. Appointment was for an initial three-year term commencing 1 July 2021. The previous internal audit provider (EY) had been engaged since 2015.

2.71 The audit and risk management committee approves an internal audit plan each financial year. In June 2020 the committee approved the 2020–21 internal audit plan. The objective in the development of the plan was to provide appropriate coverage of fundamental processes and controls of Hearing Australia to assess whether they were designed and operating effectively. Six audits were approved plus a range of ongoing activities, including the follow-up of management actions. The audit plan included internal audits for consideration in the three-year period from 2021–22 to 2023–24.

2.72 In August 2021 the audit and risk management committee approved the internal audit plan for 2021–22. The plan included six internal audit activities, which included the preparation of assurance mapping. The outcome of the assurance mapping was provided to the committee in November 2021.

2.73 The audit and risk management committee approves the scope of individual internal audit activities. The committee also reviews the outcomes of internal audit activities. This includes management responses to audit findings and recommendations.

2.74 The internal audit provider prepares a regular status report on internal audit activities. This status report includes a ‘status of internal audit findings follow-up’ log which identifies when internal audit recommendations have been closed by management.

2.75 In August 2020, the audit and risk management committee approved its annual report to be provided to the board. The report outlined the committee’s operations and activities during 2019– 20, including:

• meetings held;
• what items/theme areas were discussed at each meeting;
• conclusions drawn about the appropriateness of financial statements/financial reporting;
• assessment of the risk, control and compliance framework and progress made; and
• summary of progress in addressing internal and external audit findings and recommendations.

2.76 A similar report was provided to the board on the committee’s operations and activities during 2020–21.

2.77 These reports indicate that the committee considered matters related to performance reporting, as required by its charter. However, the committee meeting minutes indicate that performance reporting was not considered. This is discussed in more detail in paragraphs 3.95 to 3.98 of this audit. The reports also did not include an annual report from the internal audit provider on the overall state of Hearing Australia’s internal control, as required by the audit and risk management committee charter.

2.78 At each board meeting during the review period, the audit and risk management committee chair provided an oral report on the activities of the committee. During the review period the board, through the audit and risk management committee, had effective oversight of the internal audit function and management’s response to internal audit findings and recommendations.

3.1 Accountable authorities have a duty to establish and maintain an appropriate system of internal control for the entity, including by implementing measures directed at ensuring officials of the entity comply with the Commonwealth finance law.⁵² To assess the effectiveness of the governance board in Hearing Australia, the ANAO examined whether the board has established fit-for-purpose arrangements to oversight:

• compliance with key legislative and other requirements; and
• the achievement of entity purposes.

Has the board established fit-for-purpose arrangements to oversight compliance with key legislation and other requirements?

3.2 To assess if the board has established fit-for-purpose arrangements to oversight compliance with key legislation and other requirements, the ANAO examined processes to identify, monitor and report on relevant enabling legislation, and actions to address any identified breaches. The audit examined the period July 2019 until March 2022. This is referred to as the review period.

Is there oversight of compliance with elements of enabling legislation?

3.3 Hearing Australia’s enabling legislation is the Australian Hearing Services Act 1991 (AHS Act), and as a corporate Commonwealth entity, it must also comply with the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). Hearing Australia must also make annual disclosures under the following legislation:

• Work Health and Safety Act 2011;
• Freedom of information Act 1982; and
• Environment Protection and Biodiversity Conservation Act 1999.

3.4 The board has approved a Compliance Policy (August 2020). The policy sets out the principles, objectives and responsibilities for compliance in Hearing Australia to ensure the identification and fulfilment of compliance obligations, whether they are legislative, regulatory, policy-based, standards or better practice. This policy does not identify the legislation that gives rise to Hearing Australia’s key compliance obligations.

3.5 The Compliance Policy, along with the supporting Compliance Framework⁵³, is intended to ensure a consistent approach to compliance across the organisation. A risk-based approach is to be taken for managing compliance risk, with priority given to compliance risks which may have the most significant organisational impact.

3.6 The Compliance Framework uses a three lines of defence model. The first line is at the business level, where business areas identify, manage and mitigate their compliance risks. The second line is an arms-length internal risk and compliance function, headed by the Head of Risk and Compliance, which is intended to provide oversight of compliance risks. The third line is the internal audit function which monitors both first and second line compliance activities.

3.7 The board is responsible for oversight of the compliance management system. If an instance of a significant breach of compliance obligations is identified, this should be reported to the board as soon as practicably possible. A significant breach of compliance obligations is where the potential consequence(s) to the organisation is assessed as major or severe.

3.8 The audit and risk management committee reviews the appropriateness of Hearing Australia’s internal control system and reports annually to the board on its conclusions.

3.9 The internal risk and compliance function has been set up to:

• identify and maintain compliance obligations;
• assess and manage compliance risk;
• integrate compliance obligations into policies, procedure and practices;
• facilitate regular training for staff;
• establish and maintain a compliance/non-compliance reporting system;
• analyse compliance performance to identify the need for corrective action;
• provide advice to the organisation on compliance-related matters; and
• undertake assurance work and provision of independent reports.

3.10 The risk and compliance function performs quarterly testing of compliance within Hearing Australia and reports the results to the audit and risk management committee. Each quarter the risk and compliance function selects five obligation areas for testing and reviews the controls in place. In order to test controls, the risk and compliance function interviews the obligation owner and conducts sample testing. The selection of legislation and areas of compliance to be examined is determined by the risk and compliance function.

3.11 A key element of the Compliance Framework is the development of an Annual Compliance Plan. The plan provides an overview of the compliance related processes and activities that will be undertaken at the enterprise level over the course of the relevant financial year. In November 2019 the audit and risk management committee noted the development of the annual compliance plan for 2019–20. This plan was aimed at formalising, testing and monitoring compliance. In August 2020, the compliance plan for 2020–21 was also noted by the committee.

3.12 In 2018–19 internal audit activities included an examination of a selection of compliance obligations. This review included testing the operating effectiveness of key controls noted in policies and procedures related to the AHS Act and PGPA Act. The results of the assurance activity were reported to the audit and risk management committee in August 2019.

3.13 In August 2021, the internal audit provider completed a Compliance Management Framework Post Implementation Review. The reviewers considered that Hearing Australia had made significant progress in establishing an overarching Compliance Management Framework to coordinate, formalise and support compliance activities across the organisation. The review identified a number of ‘quick wins’ and made five medium term recommendations and six long term recommendations aimed at formalising and improving compliance oversight and management in Hearing Australia. All recommendations were accepted by management.

3.14 Quarterly compliance updates and reports are provided by management to the audit and risk management committee. This includes the tracking of the progress of activities on the Annual Compliance Plan. A Risk and Compliance Dashboard is also provided which contains information on the strategic risk profile (risk register) and compliance matters. A compliance measures dashboard is also presented which tracks the progress of key compliance measures including:

• working with children check status;
• mandatory induction training completion rate;
• information technology security training completion rate;
• number of children protection reports;
• number of complaints open >28 days;
• notifiable privacy breaches;
• number of clinical incidents; and
• substantiated fraud incidents.

3.15 The audit and risk management committee receives a regular IT Protective Security Update to provide an overview of the current state of security risk management within Hearing Australia’s IT systems. This includes information on what the entity is doing to address compliance with the Protective Security Policy Framework (PSPF) Essential 8 mitigation strategies. Information is also provided on key attributes of the entity’s information security operations, such as the number of incidents and action taken related to data breach notification, email phishing, the number of domain administration members, network traffic and external threat prevention. This report provides a succinct, clear and accessible snapshot of Hearing Australia’s cyber security position.

3.16 The audit and risk management committee receives regular compliance information on clinical incidents and child protection reporting.

3.17 As part of the financial statement close process, the audit and risk management committee oversights the preparation of management, board and audit and risk management committee representation letters asserting compliance with finance policy and procedures.

3.18 During the review period the board, through the audit and risk management committee, had effective and fit-for-purpose arrangements for the oversight of compliance with the key elements of its enabling legislation and related policies and procedures.

Is there oversight of, and compliance with, selected PGPA Act requirements?

3.19 The PGPA Act sets out requirements for the governance, reporting and accountability of Commonwealth entities. The PGPA Act is principles based and the accountable authority has the flexibility to establish the systems and processes that are appropriate for their entity. The Department of Finance (Finance) provides entities with guidance on how to meet the various requirements of the PGPA Act and PGPA Rule including providing examples of how entities can demonstrate compliance.

3.20 The ANAO examined if the board had established fit-for-purpose arrangements for oversight of, and compliance with, the following parts of the PGPA Act and PGPA Rule relating to corporate governance: the general duties of an accountable authority and the duties of officials.

General duties of an accountable authority

3.21 The general duties imposed on an accountable authority in the PGPA Act, which are considered in the following section, are to:

• govern the Commonwealth entity (section 15);
• establish and maintain appropriate systems relating to risk management and oversight and internal controls (section 16);
• encourage officials to cooperate with others to achieve common objectives (section 17);
• take into account the effects of imposing requirements on others (section 18); and
• keep their minister, and the Finance Minister, informed (section 19).

3.22 The ANAO’s assessment in relation to Hearing Australia’s compliance with these requirements has been detailed below.

Duty to govern the entity

3.23 The board has developed a charter for how the board performs its functions in a proper, efficient and effective manner. As outlined in Chapter 2 of this report, the board has also structured its own operations to include the use of board committees to support its decision-making and assist it in meeting its responsibilities. This includes providing oversight and reporting on the use and management of public resources for which the accountable authority is responsible.

3.24 Under section 14 of the AHS Act, the board has specific functions for deciding the objectives, strategies and policies to be followed by the entity. This includes preparing and providing a corporate plan and financial plan to the responsible minister and the Finance Minister.⁵⁴

3.25 The corporate plan and financial plan provided to the responsible minister and Finance Minister outlines information on the vision, function, key drivers of the operating environment and the landscape of hearing loss in Australia. It also provides information on the strategic pillars that will guide Hearing Australia over the next four years. The financial plan component includes information on the dividend policy which is paid in accordance with a 2012 directive from the responsible minister under section 63A of the AHS Act. It also outlines estimated financial performance for future years. Performance metrics and relevant performance targets are also outlined in the corporate plan.

3.26 The board approves financial forecasts and budgets for the entity and receives regular financial reporting to track the use and management of public resources and to monitor the financial sustainability of the entity. The board regularly approves the Delegations of Authority Policy which outlines financial and people services delegations. The board also receives regular reporting on the achievement of financial and non-financial performance measures.

3.27 Other policies reviewed by the board are described in paragraphs 2.48 and 2.49.

Duty to establish and maintain systems relating to risk and control

3.28 The board has approved a Risk Management Policy (June 2021) which sets out the principles, objectives and responsibilities for risk management in Hearing Australia. The policy has been developed with reference to ISO 31000:2018 Risk Management – Guidelines, and the Commonwealth Risk Management Policy. This policy is supported by the Risk Management Framework (approved by the audit and risk management committee).

3.29 The entity’s Risk Management Policy outlines the board’s risk appetite and tolerances. The risk appetite is ‘the amount of risk on a broad level that Hearing Australia is willing to accept in the pursuit of its objectives and expresses the attitude towards risk taking. Risk tolerance represents the practical application of risk appetite and is aligned to a specific category of risk’.

3.30 The entity’s Risk Management Framework (May 2021) supports the policy and formalises the principles and approach Hearing Australia has adopted for risk management. The framework contains the risk matrix and likelihood table, consequence descriptor table, escalation table and risk reporting requirements.

3.31 The risk escalation table in the Risk Management Framework requires that residual risks rated as ‘high’ should be reported to the audit and risk management committee through regular reporting and that for residual risks rated as ‘extreme’ immediate action is required by the executive, including briefings for the board and audit and risk management committee.

3.32 The Risk Management Framework states that risk registers are developed using three tiers: the strategic level, the operational level (Hearing Centres and National Support Office) and the project level.

3.33 A strategic risk register is maintained and has ten strategic risks. This strategic risk register is reviewed annually by the audit and risk management committee. The committee also receives quarterly updates from management on risk generally which includes any changes to strategic risks.

3.34 Hearing Australia has not prepared an operational risk register or project level risk registers, as described in its Risk Management Framework. Consequently, the audit and risk management committee does not have oversight of non-strategic risks outside of the board’s risk appetite.

3.35 The entity’s Risk Management Policy requires management to provide a risk update to the board annually. Hearing Australia did not provide the ANAO with evidence that this update was provided to the board during the period of review. However, as noted at paragraph 2.56, the board receives a range of information to assist it in understanding the entity’s strategic environment and risks, including the managing director’s report, finance report and performance reports.

3.36 In February 2021 internal audit completed a Risk Management Framework Post Implementation Review. The reviewers reported that Hearing Australia: had made progress in establishing and embedding risk management practices; and is meeting the requirements of a ‘developed’/‘systematic’ maturity level within the Commonwealth Risk Management Maturity Model. This is a six-level maturity model. The ‘developed’/‘systematic’ range reflects Level 2–3 maturity. The review report states that Hearing Australia’s ideal maturity is ‘optimal’ (Level 6). The review identified seven ‘quick wins’ and made ten medium term and two long term recommendations for improvement. All recommendations were accepted by management.

3.37 Hearing Australia has a Fraud and Corruption Risk Management Policy (April 2021) and a Fraud and Corruption Control Plan (January 2021). These documents indicate that the managing director approved these documents as the ‘board’s representative’. There is no evidence of delegation of these powers by the board.

3.38 The Fraud and Corruption Risk Management Policy articulates Hearing Australia’s approach to the prevention, detection and response to fraudulent and corrupt behaviour. The policy states that ‘fraudulent and corrupt conduct will not be tolerated at any level of Hearing Australia and all instances of suspected fraud and corruption will be thoroughly investigated’. This is consistent with the stated risk appetite of the board for fraud risks.

3.39 The policy also states that the managing director is ‘responsible for coordinating Hearing Australia’s fraud and corruption control initiatives, including the review of the policy every two years, coordination of the fraud risk assessment process and conducting or co-ordinating investigations into suspected fraudulent or corrupt behaviour that have been reported’. The policy further states that ‘Hearing Australia conducts fraud and corruption risk assessments every two years’.

3.40 The Fraud and Corruption Control Plan states that the audit and risk management committee will assess the appropriateness of Hearing Australia’s fraud control arrangements and will monitor reports on fraud that outline any significant or systemic allegations of fraud, the status of any ongoing investigations and any changes to identified fraud risks.

3.41 The plan also states that the Hearing Australia risk assessment process will consider internal and external fraud risks and should be refined on an ongoing basis.

3.42 The plan indicates that:

As at 1 July 2018, there were 13 potential fraud risks that were assessed … Of the 13, 13 (100%) were assessed as having an acceptable Low to Moderate residual risk level. On this basis the overall potential for fraud in Hearing Australia is considered low.

3.43 A risk assessment analysis in the plan indicates that there are two moderate, two minor and nine low residual rated risks.⁵⁵ Hearing Australia did not have a fraud risk assessment or risk register to support this analysis. The audit and risk management committee (or board) have not been provided with a fraud risk assessment or plan that outlines how Hearing Australia will deal with specific fraud risks. Under section 10 of the PGPA Rule the accountable authority has explicit governance responsibilities in relation to the management of fraud risks, including:

(a) conducting fraud risk assessments regularly and when there is a substantial change in the structure, functions or activities of the entity; and

(b) developing and implementing a fraud control plan that deals with identified risks as soon as practicable after conducting a risk assessment.⁵⁶

3.44 Hearing Australia advised the ANAO in March 2022 that management is developing a fraud risk register. This is intended to formally document fraud risks and Hearing Australia’s approach to mitigating the identified risks. It is expected that this information will be presented to the audit and risk management committee in May 2022.

3.47 The board receives regular updates related to instances of fraud and suspected fraud, as part of the managing director’s report and ‘workplace updates’. Workplace updates include information on whistleblower reports, workplace grievances, fraud investigations and serious misconduct. The board and the audit and risk management committee are also briefed on any specific incidents of fraud being investigated.

3.48 The 2021–22 internal audit plan included a fraud and corruption health check, scheduled for Quarter 2. The ANAO was advised in March 2022 that this health check is scheduled to be reported to the audit and risk management committee in May 2022.

3.49 For information related to establishing and maintaining an appropriate system of internal control for the entity, refer to paragraphs 2.69 to 2.78 on the oversight of the internal audit function and paragraphs 3.3 to 3.18 on arrangements for the oversight of compliance with key legislation.

Duty to encourage cooperation with others and duty in relation to requirements imposed on others

3.51 Encouraging officials of the entity to cooperate with others to achieve common objectives is an underlying theme of Hearing Australia’s corporate and business planning activities. The Hearing Australia Corporate Plan FY 2021–25 outlines three strategic pillars to guide the organisation over the period of the plan. One strategic pillar is ‘providing great value to government and partners’. The priorities for this strategic pillar are:

Productive Government Engagement: Strengthen and deepen engagement with government on policy, advice and program implementation to deliver greater value for government funded services.

Productive Partner Engagement: Build collaboration with strategic partners for mutually beneficial outcomes in research, products, and services that deliver better hearing health outcomes for all clients.

3.52 The Risk Management Framework (May 2021) states that:

The framework defines the approach to the management of risk and how this approach supports effective planning and decision-making that is guided by Hearing Australia’s strategic objectives and legislative functions and accountabilities.

At Hearing Australia, staff at all levels consider, understand and consciously manage risk as a fundamental part of their day-to-day work and decision making.

Duty to keep responsible Minister and Finance Minister informed

3.53 At each board meeting there is a chair’s report and managing director’s report. The minutes of board meetings indicate that these agenda items are used to provide documents and/or oral updates on engagement to/from the responsible minister and Finance Minister and to discuss the implications or actions by the board. For example, at the February 2021 board meeting, the chair’s report included attachments of correspondence from the Finance Minister on obligations under the PGPA Act and a letter to the Finance Minister in response outlining how Hearing Australia was addressing these requirements and how it was embedding an understanding of PGPA Act responsibilities into its oversight activities.

General duties of officials

3.54 In addition to the general duties of an accountable authority discussed above, the PGPA Act specifies duties applicable to all officials (which include the accountable authority). Officials are required to exercise a duty:

• of care and diligence (section 25);
• to act honestly, in good faith and for a proper purpose (section 26);
• not to misuse position (section 27);
• not to misuse information (section 28); and
• to disclose material personal interests (section 29).

3.55 Officials also have a responsibility to:

• comply with the finance law;
• comply with the governance arrangements in the entity, for example, internal controls on the proper use and management of public resources; and
• meet high standards of governance, performance and accountability.

3.56 Officials who breach their duties or responsibilities under the PGPA Act can be subject to employment sanctions (including termination of appointment for board members) or criminal sanctions for intentional or serious misuse of public resources. For more details of the duties that apply to all officials under the PGPA Act, refer to Appendix 4 of this audit.

3.57 Hearing Australia has a range of policies and procedures that describe the general duties of officials. These are summarised in Table 3.1.

Table 3.1: Analysis of Hearing Australia’s policies to address the general duties of officials

Source: ANAO analysis of Hearing Australia’s policies and procedures.

Has the board established fit-for-purpose arrangements to oversight the achievement of entity purposes?

3.58 The corporate plan is the primary planning document published by an entity⁵⁷, setting out its purposes, the operating context in which it will operate, the key activities it intends to pursue, and how performance will be measured and assessed over at least four reporting periods.⁵⁸

3.59 The annual performance statements are the mechanism by which an accountable authority provides information about the entity’s performance in achieving its purposes.⁵⁹ The annual performance statements are intended to complete the cycle of performance reporting that commenced at the start of the reporting period with the corporate plan. An entity’s annual performance statements should report the actual results achieved against the performance measures and targets set for the entity in its corporate plan.⁶⁰

3.60 Performance measurement involves collecting, analysing and reporting information about the performance of an entity against its purposes. Having effective performance reporting and monitoring arrangements is a key aspect of good governance. Finance guidance states that:

Effective performance measurement enables entities to:

• measure and assess their progress toward achieving their purposes;
• drive desired changes in the efficiency and effectiveness of services;
• demonstrate whether the use of public resources is making a difference and delivering on government objectives;
• make decisions about how best to deploy its resources to achieve competing priorities; and
• demonstrate and promote their achievements and explain any variance from expectations or reference points/enables entities to identify and report on their achievements.⁶¹

3.61 To assess if the board has established fit-for-purpose arrangements to oversight the achievement of entity purposes, the ANAO examined the content of the corporate plans and the annual performance statements and assessed whether these documents complied with the PGPA Rule and reflected Finance resource management guidance. The level of assurance sought by the board over the content of these documents was also considered. In addition, the ANAO assessed the arrangements for monitoring by the board of financial and non-financial performance.

Is there oversight of entity performance against the purposes and performance measures identified in the corporate plan?

Corporate plans

3.62 Under section 14 of the AHS Act, the board has specific functions for deciding the objectives, strategies and policies to be followed by the entity. This includes providing a corporate plan and financial plan to the responsible minister and Finance Minister.

3.63 The corporate plan and financial plan provided to the responsible minister and Finance Minister outline information on the vision, function, key drivers of the operating environment and the landscape of hearing loss in Australia. It also provides information on the strategic pillars that will guide the entity over the next four years. The financial plan component includes information on the dividend policy which is paid in accordance with the 2012 directive from the responsible minister under section 63A of the AHS Act. It outlines estimated financial performance for future years. Performance metrics and relevant performance targets are also included.

3.64 Section 38 of the AHS Act includes specific financial targets and performance information to be considered by the board when preparing the financial plan. This includes:

(a) the objectives and policies of the Commonwealth Government known to the Board; and

(b) any directions given by the Minister under section 12; and

(c) any payments by the Commonwealth to the Authority to fund functions referred to in paragraph (f); and

(d) the need to maintain a reasonable level of reserves, having regard to estimated future infrastructure requirements; and

(e) the need to maintain the extent of the Commonwealth equity in the Authority; and

(f) the need to earn a reasonable rate of return on the Authority’s assets (other than assets wholly or principally used in the performance of functions that are directly funded by the Commonwealth); and

(g) any other commercial consideration the Board thinks appropriate.

3.65 The corporate plan and financial plan are included in a single document, and there are considered to be commercial sensitivities associated with the financial planning of this corporate Commonwealth entity. An extract of the corporate plan is therefore published on Hearing Australia’s website. This public version of the corporate plan contains information on the strategic direction of the organisation and relevant performance measures. It does not include specific details of how the strategic pillars are to be implemented, or financial planning information.

3.66 For the period examined, the board approved components of the corporate plan (public and non-public versions) and financial plan (including non-public components). It did not approve these plans in their entirety.

3.67 The non-public Hearing Australia Corporate Plan FY 2020–24 was discussed at the board strategy day in March 2020 and was approved in an emergency board meeting on 23 April 2020. The board approved the revenue information, profit forecast and capital expenditure information. The board agreed that the chairperson would liaise with the managing director to finalise the non-public corporate plan (and financial plan) for 2020–24.⁶²

3.68 The non-public Hearing Australia Corporate Plan FY 2021–25 was approved by the board in April 2021. The board approved the strategic priorities, key performance indicators, revenue information, profit forecast and capital expenditure information. The board agreed that the chairperson and the managing director would finalise the document for submission to the minster by 30 April 2021.

3.69 The components of the publicly available corporate plan that were not examined by the board included: foreword, introduction, our purpose, our operating environment, our governance arrangements and risk management sections of the document.

3.70 The nature and complexity of an entity determines the scope and complexity of its internal planning processes and, by extension, the content of its corporate plan. However, the PGPA Rule provides that the corporate plan must cover a period of at least four reporting periods and there are another five PGPA Rule minimum requirements that must be addressed in the corporate plan. Table 3.2 summarises the ANAO’s assessment of the publicly available Hearing Australia Corporate Plan FY 2021–25, available to Parliament and the public, against these minimum requirements. Results of the assessment are further analysed below.

Table 3.2: Analysis of Hearing Australia’s compliance with corporate plan requirements

Key: ◆ Fully compliant ▲ Partially compliant ■ Not compliant

Source: ANAO analysis of public version of Hearing Australia Corporate Plan FY 2021–25.

3.71 In the following section, the ANAO has set out details of the ‘partially compliant’ assessments in the table above.

Partially compliant results

3.72 Key activities: The key activities of the entity have been described using the three strategic pillars that will be used to guide the entity over the next four years:

• ‘delivering excellent outcomes’;
• ‘providing great value to Government and our partners’; and
• ‘continuing our journey to bring a high performing organisation.’

3.73 For each of these pillars, Hearing Australia has identified two priorities and each priority has between one and three activities associated with it. These activities are not further described in the publicly available corporate plan, but are described in the complete (not publicly available) corporate plan.

3.74 Operating context: The publicly available corporate plan describes the operating environment in which Hearing Australia operates. The publicly available corporate plan describes the focus areas for the coming twelve months to enhance Hearing Australia’s abilities and to deliver services. Performance measures are also identified for the strategic pillars over the four-year planning horizon.

3.75 The publicly available corporate plan provides a description of risk oversight and management activities, including how strategic risks are reviewed. Although the publicly available corporate plan outlines a strategic pillar related to productive government and partner engagement, it does not provide details of the organisations and bodies that will make a significant contribution towards achieving the entity’s purposes through cooperation with the entity, including how that cooperation will help achieve those purposes.

3.76 Performance: Finance guidance on developing good performance information states that:

Accountable authorities are required to measure and assess the performance of the entity in achieving its purposes. One of the objects of the [PGPA] Act is to require Commonwealth entities to provide meaningful information to the Parliament and the public to assist them in understanding how entities are performing, and how they are using the resources that have been entrusted to them.⁶³

3.77 Section 17(2)(b) of the PGPA Rule states that the functions of an audit committee must include ‘reviewing the appropriateness of the accountable authority’s … performance reporting’. The audit and risk management committee charter includes this requirement and outlines that one of the committee’s performance reporting responsibilities is ‘to review how Hearing Australia measures and reports on its performance’. During the period reviewed, the audit and risk management committee did not examine the development of performance measures included in the corporate plan. The performance measures included in the corporate plan were discussed by the board on the relevant strategy day and were approved by the board. The minutes did not evidence board consideration or review of whether the audit and risk management committee had reviewed the appropriateness of performance reporting as required by the PGPA Rule.

3.78 Section 16EA of the PGPA Rule outlines the requirements for the performance measures of a Commonwealth entity that are included in the entity’s corporate plan. Section 16EA requires entities to use sources of information and methodologies that are reliable and verifiable and provide an unbiased basis for the measurement and assessment of the entity’s performance. The ANAO identified that the performance targets included in the Hearing Australia Corporate Plan FY 2021–25 document did not always provide sufficient information on the measures to meet these requirements. Table 3.3 below outlines, by way of example, a selection of performance criteria and targets.

Table 3.3: Corporate Plan 2021–25 performance information

Source: Publicly available Hearing Australia Corporate Plan FY 2021–25, pp.16–17.

3.79 The performance criteria and targets in Table 3.3 do not provide sufficient information to the public on what will be measured (for example, what constitutes quality advice or what would constitute ‘achieved’). Without sufficient information Hearing Australia cannot demonstrate that the measures are reliable, verifiable or unbiased.

3.80 Section 16EA of the PGPA Rule requires that where reasonably practicable, performance measures should comprise a mix of qualitative and quantitative performance measures and include measures of the entity’s outputs, efficiency and effectiveness. Hearing Australia did not provide the ANAO with evidence of the board considering the number, type and balance of performance information included in the Corporate Plan 2021–25.

Performance monitoring

3.83 The board monitors the achievement of performance measures included in the corporate plan quarterly, via a standing agenda item at its board meetings on ‘finance and performance’. A corporate plan scorecard has been developed which provides progressive tracking of the achievement of the corporate plan performance measures. It tracks year to date targets and provides traffic light information on status (for example, is Hearing Australia on track to meet the annual target).

3.84 The board also regularly monitors the broader performance and activities of the entity. Each June, the board approves an annual business plan, which outlines the strategic imperatives, scorecards and steps for achieving Hearing Australia’s purposes. It is based on information discussed with the board on relevant strategy days and provides more detailed information than is included in the corporate plans. The business plan provides detailed information on the strategic priorities of the entity including success measures for execution and how progress will be monitored over the twelve-month period of the plan.

3.85 A standing board agenda item for ‘operational and financial results’ provides opportunity to monitor progress against the annual business plan and is included for each board meeting. For this agenda item, the board receives material such as a strategic imperative scorecard, a business plan scorecard, and information on profit and loss, the customer experience, commercial performance and the workforce. There is evidence that this information is reviewed and challenged by the board.

Annual performance statements

3.86 Annual performance statements are approved by the board as part of its approval of the annual report. Annual reports for 2019–20 and 2020–21 were reviewed and approved by the board. Each of the annual reports was approved out-of-session by a majority of board members.

3.87 There are three PGPA Rule minimum requirements that must be addressed in an entity’s annual performance statements. Table 3.4 summarises the ANAO’s assessment of compliance for Hearing Australia’s annual performance statements included in the Annual Report 2020–21.

Table 3.4: Analysis of Hearing Australia’s compliance with annual performance statements requirements

Key: ◆ Fully compliant ▲ Partially compliant ■ Not compliant

Source: ANAO analysis of Hearing Australia’s Annual Report 2020–21.

3.88 In the following section, the ANAO has set out details of the ‘not compliant’ and ‘partially compliant’ assessments in the table above.

Not compliant results

3.89 Analysis: An entity’s annual performance statements must include an analysis of the factors that contributed to its performance in achieving its purposes. Finance guidance states that:

Entities should provide an informative analysis beyond simply listing specific achievements.

It is also good practice for the analysis of the factors that contributed to performance be included for individual performance measures as well as at an entity-wide level.

The intent of the PGPA Rule requirement is for the annual performance statements to include factors that have contributed in both a positive and negative way to an entity’s performance.⁶⁴

3.90 Hearing Australia’s annual performance statements do not include an analysis of performance. The annual performance statements limit information on performance to a performance activities table which states performance results (discussed in more detail below). Information which would contribute to an analysis of performance information is included in the body of the annual report, including relevant case studies and factors that have contributed in a positive and negative way to the entity’s success in delivering on its purposes. The performance information is not referred to, or cross referenced in the annual performance statements. The annual performance statements should stand alone and address all the minimum requirements of the PGPA Rule. Better practice information in Finance guidance indicates that one method of achieving this is through the use of cross-referencing to the body of the annual report.⁶⁵

Partially compliant results

3.91 Results: The annual performance statements must include the results of the measurement and assessment of the entity’s performance in the reporting period. As a matter of good practice, annual performance statements should also include a clearly presented summary of results to enable readers to readily assess the degree of achievement against entity purposes.⁶⁶ Hearing Australia’s annual performance statements include information to indicate the percentage of targets that have been achieved and partially met during the period. It also includes a table of results which indicates if the individual performance measure results have been ‘exceeded’, ‘met’ or ‘partially met’. The quality of the annual performance statements and its ability to provide informative results for an entity‘s performance stems from the quality of the performance measures included in the corporate plan. Refer to paragraphs 3.76 to 3.80 for the performance measures and targets included in Hearing Australia’s corporate plans.

Are there arrangements to provide the board with assurance relating to entity performance against the purposes and performance measures identified in the corporate plan?

3.94 The audit and risk management committee charter outlines the following responsibilities related to performance reporting:

satisfy itself and provide assurance to the Board that Hearing Australia has a performance management framework that is linked to organisational objectives and outcomes, to ensure that Hearing Australia can measure and assess its performance in achieving its purposes as required under section 38 of the PGPA Act;

…

advise the Board on the preparation, and review of, Hearing Australia’s annual performance statement;

3.95 In August 2019, the audit and risk management committee reviewed the annual performance statements for 2018–19. This included an analysis of source data prepared by management. Management prepared a table of source data, where, for each performance measure, it provided information on where the data was extracted from, including if it was manually collated, and screenshots of data extraction. The committee recommended that the board approve the 2018–19 annual performance statements.

3.96 The audit and risk management committee’s annual report to the board on its operations and activities during the financial year outlines whether the committee has examined the annual performance statements. The report for 2020–21 indicates that the committee reviewed the annual performance statements. The ANAO’s review of the committee minutes and papers indicates that the 2019–20 and 2020–21 annual performance statements were not reviewed by the audit and risk management committee nor was there a recommendation for the board to approve the annual performance statements.

3.97 Finance provides a range of better practice guidance and suggestions for audit committees to consider when addressing the PGPA Rule requirements for reviewing the appropriateness of performance reporting. This includes considering the efficiency of undertaking a rolling approach to detailed review of performance reporting.⁶⁷

Appendix 1 Entity responses

 

 

 

 

Appendix 2 Improvements observed by the ANAO

1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of ANAO audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s 2021–22 Corporate Plan states that the ANAO’ s annual performance statements will provide a narrative that will consider, amongst other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

• strengthening governance arrangements;
• introducing or revising policies, strategies, guidelines or administrative processes; and
• initiating reviews or investigations.

4. During the course of the audit, the ANAO observed changes in Hearing Australia’s approach to board governance. These included: updates to the board and committee terms of reference; commencement of the preparation of a fraud risk register; and more transparent documentation of board decision-making. It is not clear whether these actions and/or the timing of these actions were planned in response to proposed or actual audit activity. The ANAO has not sought to obtain assurance over the source of these actions or whether they have been appropriately implemented.

Appendix 3 General duties as an accountable authority

Source: ANAO analysis of sections 15–19 of the Public Governance, Performance and Accountability Act 2013.

Appendix 4 General duties of an official

Source: ANAO analysis of sections 25–29 of the Public Governance, Performance and Accountability Act 2013.

Appendix 5 Director qualities and behaviours

1. The ANAO sought to determine whether board directors demonstrated corporate governance better practice qualities and behaviours drawn from key themes in recent reviews of corporate governance. These included:

• an openness to declaring conflicts of interest;
• an ability to conduct meetings in a professional, collegiate and respectful manner;
• a willingness to undertake sufficient preparation to enable meetings to be conducted in a productive manner;
• an understanding of their obligations as the accountable authority under the Public Governance, Performance and Accountability Act 2013 and the challenges facing the entity;
• a desire and commitment to act in the best interest of the entity;
• a willingness to invest in their own understanding of issues and entity operations, including participation in voluntary training sessions; and
• direct engagement with the entity executive on key areas of interest.

2. A comparable list of qualities and behaviours was adopted in the ANAO’s 2019 audit series on board governance discussed in paragraph 1.7 of this report.