The ABS’ corporate governance framework ensures transparency in decision making, operation and accountability, by promoting strong leadership, sound management and effective planning and review processes.
The key features of the ABS’ corporate governance framework are:
a planning cycle to ensure that the ABS work program reflects current and emerging statistical priorities of users, and is consistent with the ABS mission and overall strategic directions
senior management committees involved in developing policies and strategies, identifying priorities and monitoring the ABS’ performance
advisory bodies and user groups, which enable the ABS to consult widely with the user community about the ABS work program
an audit and review program covering the different facets of ABS operations, overseen by the Audit Committee
a risk management framework to assist in identifying and managing risks at organisational, operational and project level, and
instructions and manuals to ensure staff have access to ABS policies and practices.
Underlying the corporate governance framework are the Australian Public Service (APS) and ABS values, which are the basis for the ethical standards for ABS employees.
As an APS agency, ABS employees are required to abide by the APS Values and the Code of Conduct. In addition, the ABS Corporate Plan sets out values specific to the ABS, which are essential to the ABS’ role as an independent provider of information for Australia.
These values are promoted through training courses and awareness raising. They are used as a reference for the actions and decisions of ABS staff, from senior management down.
The ABS values are:
trust of providers, and
access for all.
For more information on ABS values, see Chapter 18, Management of human resources.
SENIOR MANAGEMENT COMMITTEES
An important feature of ABS corporate governance is the role played by senior management committees, which are active in developing policies and strategies, identifying ABS priorities, assessing and responding to risks and opportunities, and monitoring ABS performance.
Following the organisational re-structure (see Chapter 2 and Chapter 16) and in line with best practice guidelines to regularly review corporate governance framework, the ABS commenced a review of high level committees and forums, with completion scheduled for July 2008. The aims of the project are to:
i. review the ABS’ framework for corporate governance, and
ii. develop options for a refreshed corporate governance framework.
The ABS is also conducting a strategic alignment project. This project is examining executive roles and accountabilities, to ensure the agency is well placed to meet objectives.
The major senior management committees in place during 2007–08 are outlined below:
|Division Heads Meetings
|Division Heads Meetings (DHMs) are the ABS executive meetings held weekly to address emerging issues, corporate strategies and policies, and ABS performance.
DHM is attended by the Statistician, the Deputy Statisticians, and the First Assistant Statisticians, with other attendees as required for particular items.
Branch heads and regional directors provide regular reports on their functional area of responsibility to DHM.
|ABS Management Meetings
|The Management Meetings play a major role in determining ABS strategic directions, priorities and resource allocations.
These meetings involve DHM members, as well as the regional directors. The Management Meeting is held twice a year, and discusses the ABS forward work program, as well as a range of other strategic issues.
|Accountability Division Heads Meeting
|Accountability Division Heads Meetings (Accountability DHMs) provide a forum for reviewing the ABS financial position and the risk management strategy. They also play a role in the planning cycle, providing the opportunity for senior managers to discuss work program priorities within the broader budgetary context, and the allocation of funds.
Accountability DHMs are scheduled four times a year and are chaired by the Australian Statistician. Other members are DHM members, together with the ABS Chief Financial Officer.
|The ABS Audit Committee provides assurance to the Australian Statistician that: a comprehensive control framework is in place and is working effectively for all business systems; the operation and management of ABS systems are sufficiently adequate to ensure the ABS complies with all its legislative and other obligations; and externally published information generated by these systems is of appropriate quality and conforms with legislative and other obligations. The committee identifies significant issues of concern or non-compliance.
The ABS Audit Committee is chaired by a Deputy Australian Statistician, and comprises four other ABS officers chosen for their personal qualities, experience and skills including their ability to demonstrate independence on matters before the Committee. Throughout 2007–08, the Committee included two experienced external members.
The Audit Committee meets four times a year and reports to DHM as appropriate.
|Human Resources Division Heads Meeting
|Human Resources Division Heads Meetings (HR DHM) provide a forum for members to actively contribute to strategic directions for human resources and engage in discussion about proposed human resource management practices to ensure that they contribute to, and align with, ABS goals.
Members of the HR DHM undertake a governance role in respect to people strategies by:
providing assistance in determining human resource priorities
monitoring progress on significant strategic human resource projects, and
identifying human resource opportunities, issues and risks.
During 2007–08, a wide range of matters were considered at HR DHMs, including workforce planning, capability building, occupational health and safety, remuneration and recruitment.
HR DHMs are scheduled twice a year and are chaired by the Australian Statistician. Other members include DHM members, a nominated Regional Director, the Assistant Statistician, Human Resources Branch, the Assistant Statistician, Business Support Branch, and an external member. The external member has extensive public service management experience.
|Protective Security Management Committee||The ABS maintains a comprehensive security framework, overseen by a Protective Security Management Committee chaired by a Deputy Australian Statistician. This security framework ensures that both physical and computer security are maintained. The committee is a key means of ensuring the ABS meets its legal requirement not to divulge identifiable information and to make sure there is policy to meet the security and privacy related requirements of legislation including the Financial Management and Accountability Act 1997, Census and Statistics Act 1905,Australian Bureau of Statistics Act 1975, Privacy Act 1988 and Crimes Act 1914.|
|Information Resources Management Committee||The Information Resources Management Committee considers matters of strategic significance concerning data and information management, and related policy, and major issues relating to the application of information and communication technology in the ABS. It also has responsibility for the strategic management of cost recovery activities of the information technology and technology services areas of the ABS. The Committee meets four times each year, and reports to each Management Meeting and the DHM as appropriate.
In 2007–08, the committee was chaired by a Deputy Australian Statistician, and consisted of another Deputy Australian Statistician, all First Assistant Statisticians, a nominated Regional Director, and selected Assistant Statisticians.
The ABS mission statement and the corporate plan provide the context for decision making on the forward work program.
|REVIEW OF PLANNING AND BUDGETING CYCLE
During 2007–08, the ABS reviewed its planning and budgeting activities, to ensure it is well placed to carry out its legislated role and can anticipate and respond effectively to future opportunities and risks.
Some modifications were made to the activities, so that decision making about the forward work program is more closely aligned to the ABS budget. The cycle has been extended from three years to four, so the agency has a better information base for the fourth year government appropriation. Corporate and resource centre business plans will be developed, with both a strategic and operational focus. The new process also embeds the risk management strategy into the planning and budgeting processes.
The next phase of activity will be redevelopment of the ABS’ performance monitoring and reporting system, scheduled for later in 2008.
While much of the ABS work program continues from year to year, the planning process requires the ABS to examine the environment in which it is working and identify statistical needs for the next four years. Through the planning process, the ABS considers how it can best meet emerging needs within its finite human and financial resources.
Within this framework, the annual ABS planning cycle comprises a series of high level meetings and forums, where senior managers consider the relative priorities and competing resource requirements of program components. In doing this, particular attention is given to:
input from user consultations
strategic directions the ABS has set for the next four years
the cost imposed on respondents to collections, in terms of time and effort
consideration of enterprise opportunities and risks
prospective total resources available to the ABS within the next four years
productivity gains that have been achieved or may be possible to achieve in the future
the contribution statistical activities make to meeting National Statistical Service objectives, and
the extent to which particular statistical activities, with user demand, continue to be justified in relation to other work.
Aspects of the proposed forward work program and resource estimates that emerge are considered by the Australian Statistics Advisory Council (ASAC). The statistical work program is then finalised, taking into consideration the advice provided by ASAC.
Participants at the ASAC meeting on 24 June 2008.
The Forward Work Program is published every year in hard copy, and is also available on the ABS website <http://www.abs.gov.au>.
AUDIT AND RISK MANAGEMENT
The ABS has a Risk Management Framework, which provides a basis for identifying and mitigating risks the ABS may be exposed to. In 2007, the ABS developed a new Risk Management Strategy, drawing on feedback from an external review of ABS’ risk management activities undertaken in 2006–07, as well as the outcomes of the annual Comcover Risk Management Benchmarking exercise.
Implementation of the new strategy has commenced, initially focusing on a comprehensive review of the ABS’ enterprise risks. These are risks that are strategic in nature and have the potential to significantly impact on the organisation. ABS senior management will be closely involved in monitoring and managing these risks.
At the operational level, the program of facilitated risk management workshops for key areas continued, to ensure that risk assessments for these areas were applied consistently and given priority. These workshops assist program directors to ensure risks that have the potential to impact on a program’s objectives are appropriately identified and managed. During 2007–08, workshops were carried out in areas such as the National Accounts Branch, the Survey of Mental Health and Wellbeing, web publishing, the Labour Price Index and the National Information and Referral Service.
The management of project risks is largely facilitated through the inclusion of risk management templates in the ABS Project Management Framework. Project managers have the responsibility for identifying and managing risks at the project level.
During 2007–08, the ABS participated in the Comcover Risk Management Benchmarking exercise. The marginal increase in the score received reflects that the ABS is in the early stages of implementing the new ABS risk management strategy. The feedback from the benchmarking exercise is being integrated into the next stages of the new strategy.
A work program of internal audits, endorsed by the Audit Committee and DHM, is developed annually to address performance, compliance and risk management issues. The internal audits are undertaken by an external audit provider. A complementary program of internal reviews is also carried out annually. The internal reviews are conducted by ABS staff and so can cover aspects where the external audit provider would not have the necessary expertise, particularly in relation to the statistical work program. Internal reviews usually address issues around effectiveness, efficiency and quality.
Internal audits in 2007–08 examined issues relating to confidentiality of information, security of data, compliance with statutory requirements, efficient and effective use of resources, and risk mitigation. Two examples of the use of audits are as follows:
An audit was commissioned to examine the processes for forecasting and reporting revenue, and this recommended the development of a simplified and more integrated approach, with a single area coordinating the revenue reporting and forecasting processes. Work is underway to implement these recommendations.
The ABS commissioned an audit to assess the control framework for management of access rights to IT systems and data. Recommendations were to centralise responsibility for identity and access management, develop better management information on security access issues, and improve the guidelines for managers in relation to developing good security practices. A number of the recommendations have already been completed.
|BUSINESS CONTINUITY IN THE ABS
The Business Continuity Plan identifies the ABS’ key business activities, and strategies to resume business, as quickly as possible, should those business activities be affected.
The ABS Business Continuity Plan (BCP) is a live document, continuing to be developed and refined, as incidences occur or issues are identified. During 2007–08, the BCP was expanded and now incorporates emergency management, as well as crisis management and business resumption.
BCP has been activated on several occasions in 2007–08, with the most significant event being a major power outage in the ABS South Australian Office (SA Office).
ABS (SA Office) major power outage—a case study
On 17 August 2007, the ABS was advised that power would be cut to the SA Office, as a result of an overflow of water into the tenant electrical riser. At the time, it was expected the problem would be rectified the following day (Saturday). As it turned out, power was fully restored six days later.
On the Sunday evening, a teleconference of the combined SA Office and Central Office (CO) Crisis Management Team decided to activate the ABS Business Continuity Plan, and assigned the Director of Corporate Services SA to be the Regional Office Resumption Coordinator, to manage the situation locally. The severity of the crisis was discussed and various aspects, including staff safety, security, critical business and available infrastructure (information technology and facilities) and communication strategy with staff, were considered.
The SA Crisis Management Team monitored and managed the situation, with regular reports provided to the CO Crisis Management Team.
The ABS Business Continuity Plan communication strategy was activated to convey information to staff. Communication channels utilised include:
a 1800 toll free message bank, and
publication of messages on a specified page located on the ABS website (for ABS staff only).
The combined use of these communication channels worked well. The ABS bulk SMS messaging facility, available as part of the communication strategy, was not deemed necessary.
The SA office has responsibility for one of the ABS’ critical business activities, and the SA Office Crisis Management Team determined the immediate work priorities and appropriate contingencies for implementation, in the event that the situation was not quickly resolved. To keep essential business running, staff with laptops were set up to work off-site.
On restoration of power, debriefing sessions were held and action was taken on lessons learnt. This information contributed to the review and improvement of the ABS Business Continuity Plan in readiness for the next crisis.
Key reviews conducted during 2007–08 include a review of clearance documentation and related aspects of the clearance process (i.e. the process to obtain approval for release of ABS statistics) for business surveys, and a review of the testing of the Business Continuity Plan.
The ABS has introduced a new strategy for internal reviews, which will increase the management focus on reviews classed as strategic or major.
|ABS TRIAL OF QUALITY REVIEWS
Quality reviews involve forming small cross-functional teams (with methodological, systems and operational expertise) to conduct an intensive review of a specific issue over a short period of time. Quality reviews will provide an additional tool for ABS managers to examine an aspect of their work in a specialist area.
As required by the Commonwealth Fraud Control Guidelines, the Australian Statistician has certified that the ABS has prepared appropriate fraud risk assessments and fraud control plans, and has in place appropriate fraud prevention, detection, investigation, reporting and data collection procedures and processes that meet the specific needs of the ABS and comply with the guidelines.
The ABS Fraud Control Plan was reviewed in the first half of 2008. This showed the ABS has a relatively low exposure to fraud, but that there were some aspects where mitigation actions could be taken to provide increased protections. Progress will be monitored and reported to the Audit Committee over the coming year.
SECURITY OF PREMISES
The ABS relies on the trust and confidence of data providers to operate effectively and to fulfil the ABS mission statement.
The security of ABS premises and information technology environment is one aspect of maintaining that trust and confidence and is key to minimising risks in a number of areas, including fraud.
All ABS premises are physically secured against unauthorised access. Entry is through electronically controlled access systems activated by individually coded access cards, and monitored by closed circuit television. Areas of the ABS producing particularly sensitive data, such as main economic indicators, are subject to further physical security measures.
The ABS computer network has a secure gateway, which allows connection to some Internet services only. The secure gateway has been established in accordance with Australian Government guidelines and is subject to annual accreditation by the National Communications and Computer Security Advisory Authority, Defence Signals Directorate.
Internal access to ABS computing systems is based on personal identifiers that are password protected. Databases are only accessible by approved users. The computer systems are regularly monitored and usage audited. There were no unauthorised access incidents into the ABS computing systems during 2007–08.
Additional access control systems are used to protect any data designated ‘sensitive’. Access to sensitive data is only granted under the authority of area line management (the ‘owners’ of the data), on the basis that access is required by the staff member to carry out their duties.
Included in the ABS strategic audit plan is an ongoing program of security audits and reviews of computer systems and the physical environment.
The ABS is subject to external scrutiny from a range of bodies. These include the Australian Statistics Advisory Council (ASAC), and other advisory groups, which comment on the ABS work program. For more information on ASAC, please refer to Chapter 2, Overview of the ABS.
There are a range of bodies established by the Australian Government that can examine the operations of the ABS. The ABS assisted in providing information to the Commonwealth Auditor General and the Commonwealth Ombudsman during 2007–08.
ABS assistance with the Australian National Audit Office (ANAO) studies is detailed below, and ABS obligations under Freedom of Information are examined in Appendix 5. Information on submissions made to Parliamentary Committees, and documents tabled in Parliament by the ABS are available in the Online Appendix (for more information see Online Appendix 3).
There were no adverse comments relating to the ABS from the Commonwealth Auditor General, the Commonwealth Ombudsman, Parliamentary Committees, or courts or tribunals during 2007–08.
AUSTRALIAN NATIONAL AUDIT OFFICE
The ABS has input into ANAO studies in a number of ways:
the ABS provided assistance with the ANAO’s performance audit on Proof of Identity for Accessing Centrelink Payments, in relation to methodological issues associated with sample selection for the audit and estimation work undertaken on the sample results
the ABS also provided conceptual advice to the ANAO on the ABS’ Government Finance Statistics manual, which was requested in relation to an ANAO performance audit on the preparation of the Tax Expenditure Statement
the ABS participated in Australian Government Agencies Management of their Website, and
the ABS was surveyed as part of Cross Portfolio Performance Audit on Green Office Procurement and Sustainable Office Management.
As an Australian Government department, the ABS must comply with the Privacy Act 1988, and the associated Information Privacy Principles, which govern the way personal information should be collected, stored, used and disclosed. These obligations cover information on staff, clients and respondents. They are in addition to the protection of confidentiality of data provided by respondents from the Census and Statistics Act 1905. For more information see Chapter 10, Provider/respondent relationships.
The ABS has a privacy officer who, providing the perspective of a privacy advocate, advises on privacy issues internally, and monitors the external environment to keep up-to-date on privacy issues that could impact upon ABS operations.
The ABS maintains a close relationship with the Australian Government’s Office of the Privacy Commissioner (OPC), advising the Commissioner regularly of the ABS forward work program, attending OPC quarterly privacy officer network meetings, and seeking advice on any new ABS initiatives about which privacy advocates may have concerns. Every year the ABS contributes to the Commissioner’s Personal Information Digest, which is published to inform the general public of the types of personal information that Government departments hold.
The ABS contributed to the Australian Law Reform Commission’s Review of the Privacy Act 1988, making a submission on aspects of the review potentially impacting on the ABS’ statistical work, and following this with further discussions with the review team.