The office has structures and processes in place to implement the principles and objectives of corporate governance.
The Inspector-General is supported by an Assistant IGIS, who has responsibility for legal and parliamentary matters, as well as finance and office management. In addition, a small number of Executive Level 2 officers share responsibility for oversight of the inspection programme, complaint-handling, projects, risk management and fraud control.
Senior positions occupied during 2015–16 were as follows:
Inspector-General of Intelligence and Security (statutory officer)
Dr Vivienne Thom 01–18 July 2015
The Hon Margaret Stone from 24 August 2015
Assistant Inspector-General of Intelligence and Security (SES Band 1)
Mr Jake Blight
During the reporting period Mr Jake Blight was the Acting Inspector-General, for the period between the departure of the previous and arrival of the current Inspectors-General.
Ms Annette Willing filled the role of Assistant Inspector-General of Intelligence and Security during Mr Blight's absence on leave from October 2015 until the end of the reporting period.
Senior management committees
The OIGIS Audit Committee is the only senior management committee for the agency.
The functions of this committee are described in the 'Internal Audit and Risk Management' section of this chapter.
Corporate and operational planning
Our corporate and operational planning processes are straightforward, reflecting the small size and specialist function of the office.
The office addresses these matters through:
- an annual forward planning process to set strategic priorities
- weekly meetings between the IGIS and senior staff members, to review and document operational priorities
- monthly meetings between the IGIS and all office staff, during which internal guidelines, procedures and governance issues are discussed
- a forward plan for inspection activities in each intelligence agency, which is determined in consultation with the relevant agency head (in accordance with section 9A of the IGIS Act).
The Australian Government's Protective Security Policy Framework provides a structure for Australian government agencies to manage security risks proportionately and effectively, and provide the necessary protection of the Government's people, information and assets. The governance arrangements and core policies in the framework describe the higher level protective security outcomes and identify mandatory compliance requirements which IGIS must meet.
As at 30 June 2016, we were fully compliant with 35 of the 36 mandatory requirements and partially compliant with one. A risk mitigation strategy is in place for the partially compliant requirement.
Internal audit and risk management
The membership and functions of the Audit Committee are structured according to the PGPA Act. At 30 June 2016 the members were Mr Matthew King (Treasury) as Chair, Mr Trevor Kennedy (Attorney-General's Department) and Ms Annette Willing (OIGIS) as members. The Inspector-General attends the meetings as an observer.
The Audit Committee meets on a periodic basis to consider matters including:
- risk management
- internal control
- financial statements
- compliance requirements
- internal audit
- external audit
- governance arrangements.
The Committee reviews the Risk Management Plan annually based on its assessment of the office's risk performance over the period. The Risk Management Plan includes controls designed to mitigate risks including the following:
- personnel related risks
- accidental or intentional loss of information
- segregation of duties
- failure or compromise of information technology systems
- physical security of the office and facilities
- corporate liability
- fraud prevention, detection and management
- corporate compliance requirements.
Through its various mitigation strategies, the residual risk accepted by the office is maintained within the low-medium levels in each of the categories listed above.
Ethical standards and fraud control
We maintained our commitment to ethical standards, ensuring staff were aware of the relevant requirements.
We have established and maintained appropriate systems of risk oversight, management and internal controls in accordance with section 16 of the PGPA Act and the Commonwealth Risk Management Policy.
The Risk Management Plan includes controls designed to mitigate risks including personnel related risks, accidental or intentional loss of information, segregation of duties, failure or compromise of information technology systems, physical security of the office and facilities, fraud prevention, detection and management, and corporate compliance requirements.
Regular monitoring of risks is undertaken, considered by the management team, and reported to the Audit Committee. The Audit Committee is established and structured in accordance with section 45 of the PGPA Act and the PGPA Rules. It meets on a periodic basis to consider matters including risk management, internal control, financial reporting, compliance requirements, performance reporting and governance arrangements.
Employment of SES officers
The office has one SES position filled by Mr Jake Blight. The terms and conditions of Mr Blight's employment, including salary, are set out in a Section 24(1) determination and are based broadly on SES remuneration within the Department of the Prime Minister and Cabinet.
During the reporting period, Ms Annette Willing filled the role of the Assistant Inspector-General of Intelligence and Security, under a non-Average Staffing Level affecting agreement.
Employment of persons for a particular inquiry
Section 35(2AA) of the IGIS Act requires the Inspector-General to report on the employment under section 32(3) of any person to perform functions and exercise powers for the purposes of a particular inquiry, and any delegation under section 32AA to such a person. No such person was employed in the reporting period.
Work health and safety
The following information is provided in accordance with Schedule 2, Part 4 of the Work Health and Safety Act 2011.
Due to its small size, the office does not have a Workplace Health and Safety Committee. Instead, workplace health and safety matters are addressed at all-staff meetings, Audit Committee meetings, and, as the need arises, directly with the Inspector-General through team leaders and the Workplace Health and Safety Representative.
No notifiable incidents resulting from undertakings carried out by the office that would require reporting under the Work Health and Safety Act 2011 (WHS Act) have occurred during the year.
No investigations were conducted relating to undertakings carried out by the office and no notices were given to the office under Part 10 of the WHS Act.
Reports by the Auditor-General, Parliamentary Committees, the Commonwealth Ombudsman or an agency capability review
There were no reports on the operation of the office (other than the report on financial statements) by any of the above bodies. It should be noted that the office is not within the jurisdiction of the Commonwealth Ombudsman.
The office has received an unqualified audit report from the Australian National Audit Office (ANAO) in relation to its financial statements.
Further details of our interaction with parliamentary committees are available in the Performance section of this report.
Decisions by the judiciary, tribunals or the Australian Information Commissioner
No judicial decisions or decisions of administrative tribunals or of the Australian Information Commissioner made in 2015–16 had, or may have, a significant impact on the operations of the office.