Corporate governance activities

National Archives of Australia and National Archives of Australia Advisory Council Annual Report 2015-16

During 2015–16 the Archives managed its key governance structures and activities in accordance with its responsibilities under the Public Service Act and the PGPA Act. These activities consisted of strategic planning, internal and external review and reporting, and the development and maintenance of risk management policies and plans. Together, they comprise the Archives’ internal control framework.

Five committees contribute to effective and accountable governance across the Archives:

  • Audit and Risk Committee
  • Business Continuity and Emergency Planning Committee
  • Human Resources Management Committee
  • Project Management and Investment Committee
  • Workplace Relations Committee.

Corporate planning

The National Archives of Australia Corporate Plan 2015–16 to 2018–19 outlines the Archives’ core business responsibilities and identifies its four strategic priorities.

During 2015–16 work progressed on a forward business plan cycle, which aims to set the strategic business priorities for the next five years and outline the means for delivering them. The Archives will continue to deliver its core business consistent with the government’s move towards digital information and records management, and consequential changes to legislation.

Internal audit

The Archives meets its corporate governance and legal responsibilities via an internal audit framework that:

  • monitors risk exposure
  • determines and reports on the extent to which the Archives complies with all statutory requirements
  • determines and reports on the reliability and effectiveness of managerial controls
  • suggests improvements to business processes and controls
  • reports to managers on whether the resources under their control are being effectively and efficiently managed
  • monitors fraud control and prevention mechanisms.

Each year the Archives develops an internal audit plan covering a range of compliance and performance audits. It is based on:

  • strategic priorities within the Corporate Plan
  • consultations with senior management, internal and external auditors, and the Audit and Risk Committee
  • information regarding strategic, significant operational and financial risks.

Internal audits provide the Archives with an independent review, assessment and recommendations in accordance with better practice guidelines, industry and government standards, and benchmarking against similar entities where applicable.

In 2015–16 work was undertaken on the following internal audits:

  • management of key projects
  • access programs
  • reference services
  • ICT disaster recovery planning.

Audit and Risk Committee

The Archives’ Audit and Risk Committee aims to:

  • enhance the Archives’ ability to control its governance and organisational processes and procedures through monitoring the internal control framework
  • improve the objectivity and reliability of financial information
  • help the Archives comply with legislative and other obligations
  • monitor the risk management framework and associated procedures for effective identification and management of the Archives’ strategic and financial risks, including fraud
  • provide assurance to the Director-General that the Archives’ responsibilities under the PGPA Act are met, and risks are being identified and mitigating action taken.

At 30 June 2016 committee membership comprised the Assistant Director-General Access and Communication; and two external members – Mr Geoff Knuckey (Chair) and Dr Margo Wade (Deputy Chair).

The committee met five times during 2015–16, including a special meeting to examine the Archives’ annual financial statements.

Risk management

Engaging with and managing risk are essential to achieving the Archives’ strategic and operational objectives and are fundamental to business planning and delivery of services. The Archives is committed to improving risk management practices to support and inform sound decision-making, to ensure risks are managed appropriately and to demonstrate good governance.

During the reporting period, the Archives revised its Risk Management Policy and Framework. It incorporates the nine elements of the Commonwealth Risk Management Policy and is consistent with AS/NZS ISO 31000:2009 Risk Management: principles and guidelines, PGPA Act and PGPA Rule 2014. The framework and its associated documents provide direction, information and tools to manage organisational risks for the Archives’ officials, contractors, temporary workers and volunteers.

In 2015–16 the Archives continued to strengthen stakeholder awareness of, and participation in, risk management through:

  • periodic and exception reporting to the Executive Board and the Audit and Risk Committee on risk management undertakings
  • delivery of online risk management awareness training to staff
  • regular review of the Archives’ Strategic Risk Register and scheduled revision of key operational risk registers for fraud and corruption control and business continuity
  • establishment of specific risk registers and management plans for all projects
  • annual review of risk management guidance materials and associated online information
  • completion of the annual Comcover Risk Management Benchmarking Program – a self-assessment survey on risk management practices and maturity
  • delivery of timely advice and support on risk management and Comcover insurance matters across the Archives.

Business continuity and emergency planning

The Archives’ business continuity management strategy is a risk management-based approach to respond to, and recover from, unexpected disruptions to critical business processes that have the potential to affect the Archives’ ability to meet its legislative and mandated obligations.

During the reporting period the Archives reviewed its business continuity policy and plan, which set out the strategy and practices to be undertaken before, during and after a business continuity event to protect, in order of priority:

  • its people
  • the collection (as a key asset)
  • important business information and recordkeeping resources.

To facilitate an appropriate response to disruption of the Archives’ business, continuity planning identifies and describes:

  • response priorities (safety of people, securing the collection, accounting for information, notifying stakeholders)
  • critical business processes that achieve the Archives’ organisational outcome
  • essential people, alternative work arrangements, and internal and external business process interdependencies
  • support requirements to achieve critical business processes (people, infrastructure, vital records and systems)
  • roles and responsibilities of business continuity response teams
  • plan activation and recovery, and communications strategy including points of contact.

During the reporting period the Archives strengthened business continuity practices and procedures by:

  • conducting emergency management and response training exercises
  • testing critical business processes
  • providing business continuity and emergency awareness training
  • reviewing emergency response plans
  • auditing disaster response, supplies and resources
  • revising the business continuity policy and plan
  • reviewing the business continuity risk register
  • conducting an annual review of business continuity guidance materials and associated online information.

Business Continuity and Emergency Planning Committee

The purpose of the Business Continuity and Emergency Planning Committee is to oversee the development, implementation, maintenance, exercise and evaluation of the Archives’ emergency arrangements that support the continuity of normal business.

This includes, but is not limited to:

  • emergency management
  • business continuity management
  • organisational risk
  • financial management
  • protective security matters
  • ICT matters
  • work health and safety matters.

As at 30 June 2016 committee membership comprised Director Strategic Planning and Governance, Director National Development and Communications, Director Facilities and Procurement, Director Information and Communication Technology Infrastructure Support and Systems, New South Wales State Director (state and territory representative), Director Preservation and Digitisation, Director People Management and Development, Assistant Director Management Accounting, Assistant Director Risk and Insurance, Agency Security Advisor, Chief Warden (Parkes), Chief Warden (Mitchell), Human Resources Advisor (Work Health and Safety representative).

The committee met twice during 2015–16.

Fraud measures

The Archives is committed to managing the risk of fraud and corruption to protect its:

  • people, working environment, quality of service and culture
  • record holdings, intellectual property and information
  • other publicly funded assets and resources
  • contractual and statutory obligations
  • image and reputation.

The Archives demonstrates its proactive approach to effective fraud management and control in accordance with the Commonwealth Fraud Control Framework (consisting of section 10 of the PGPA Rule 2014, Commonwealth Fraud Control Policy and Resource Management Guide No. 2014 – Preventing, detecting and dealing with fraud), through its fraud control plan and fraud control policy statement. Fraud risk identification, assessment, management and reporting are undertaken as part of the organisation-wide risk management framework and processes.

During 2015–16 fraud corruption and control awareness initiatives undertaken by the Archives included:

  • an annual review of risk management guidance materials and associated online information
  • participation in the Australian Institute of Criminology’s annual Fraud against the Commonwealth Survey
  • periodic all-staff messages on fraud and corruption control arrangements within the Archives
  • regular fraud control reporting to the Audit and Risk Committee and the Executive Board

In 2015–16 there were four instances of alleged fraud reported via the Archives’ fraud reporting telephone and email hotlines, or through written correspondence to the Fraud Control Officer. Two of these cases did not fall within the jurisdiction of the Archives and the claimant was referred elsewhere. The remaining two claims were found to be unsubstantiated.

Ethical standards

The Archives continued to create and promote a safe, healthy and productive workplace, free from discrimination, harassment and other forms of harmful behaviour in 2015–16. Regular training and the raising of awareness in the areas of mental health first aid, expected behaviours, and health and wellbeing were conducted. During 2015–16 the Archives’ Workplace Harassment Contact Officers were contacted four times regarding issues of bullying and/or harassment, all of which were resolved. A Mental Health First Aid Contact Officer network was established in July 2015.

There were no formal internal complaints or Public Interest Disclosures received in 2015–16. Regular training and information on obligations under the Public Service Act were provided to staff.

During 2015–16 one confirmed breach of the Australian Public Service Code of Conduct was determined. There were no requests to review a human resource decision and one appeal to external authorities was made.

Information and records management

The Archives strives for best practice in its information and records management and is progressively meeting the Digital Continuity 2020 policy targets. The Archives improved its information management in a number of ways, including:

  • working with business areas to increase the uptake and integration of digital processes and approvals
  • reduced its corporate paper holdings at its Greenway repository by 84 per cent in anticipation of the move to the National Archives Preservation Facility
  • upgraded the electronic records management system to HP Records Manager 8.

Since the Digital Transition policy was introduced in 2012, a total of 98.5 per cent of the Archives’ records created are managed digitally.

Project Management and Investment Committee

The Project Management and Investment Committee oversees and reports to the Executive Board on the Archives’ major program and project investments. The committee also reviews research and development initiatives and other strategic opportunities, including:

  • commercialisation and partnership projects
  • website developments
  • implementation and progress of the Digital Business Roadmap
  • cyclical asset capital replacement projects.

The committee membership comprised the Assistant Director-General Executive and Information Services, Assistant Director-General Collection Management, Assistant Director-General Access and Communication and Director Digital Strategy and Solutions.

The committee met 12 times during 2015–16.

Human Resources Management Committee

The Human Resources Management Committee is the primary people governance committee in the Archives. The committee’s terms of reference are to oversight the strategic human resource framework of the Archives.

The committee met monthly throughout the year to consider submissions including the staffing establishment, human resource policies, professional development, performance management, diversity, compensation, the Enterprise Agreement and workforce planning. The committee monitors the implementation of outcomes from changes and whole-of-Australian Public Service people management initiatives.

At 30 June 2016 committee membership comprised the Director-General, Assistant Director-General Corporate Services and Director People Management and Development, with the Chief Financial Officer acting in an advisory capacity.