Skip links and keyboard navigation

    Corporate support functions

    The Corporate Governance Group (CGG)

    The Corporate Governance Group (CGG) meets regularly to assist the Director-General in discharging his accountabilities to achieve the department’s objectives. CGG held nine ordinary meetings during 2019–20. An additional 16 extraordinary meetings were held to plan COVID-19 response and recovery activities.


    Chaired by the Director-General, CGG also includes the following members:

    • Deputy Director-General, Corporate and Government Services
    • Deputy Director-General, Strategy and Engagement
    • Deputy Director-General, Policy
    • Cabinet Secretary
    • Queensland Parliamentary Counsel
    • Executive Director, Office of the Director-General.
    The role of the CGG is to:
    • support the Director-General in decision making and advising on matters of strategic importance
    • identify and report on emerging governance issues and major activities
    • provide assurance on the effectiveness of governance arrangements
    • review and approve corporate policies and processes
    • act as a forum for strategic information sharing
    • embed risk management activities and manage risk mitigation strategies
    • consider impacts of whole-of-government initiatives on the department’s activities
    • act as DPC’s crisis management group and meet during a disruption to oversee DPC’s internal and whole-of-government responsibilities.

    To manage the department’s key duties and responsibilities, sub-committees, chaired by CGG members, support the function of the CGG. These sub-committees provide regular updates to CGG on progress of their respective key focus areas.

    Corporate Governance Group sub-committee

    • Audit and Risk Management Committee (ARMC)
      • Corporate Governance Group (CGG)
        • Finance Committee
        • People and Capability Committee
        • Performance and Strategy Committee
        • Risk Committee

    The Finance Committee

    The Finance Committee meets quarterly and provides reports to the CGG. The committee met three times during 2019–20 and was chaired by the Queensland Parliamentary Counsel.


    The role of the Finance Committee is to:

    • achieve reasonable value for money by ensuring the operations of the department or statutory body are carried out efficiently, effectively and economically
    • establish and maintain appropriate systems of internal control and risk management
    • establish and keep funds and accounts in compliance with the prescribed requirements
    • ensure annual financial statements are prepared, certified and tabled in Parliament in accordance with the prescribed requirements
    • undertake planning and budgeting for the accountable officer’s department or the statutory body that is appropriate to the size of the department or statutory body.

    Performance and Strategy Committee

    The Performance and Strategy Committee meets quarterly and provides reports to the CGG. The committee met four times during 2019–20 and was chaired by the Deputy Director-General, Corporate and Government Services.


    The role of the Performance and Strategy Committee is to provide advice to the CGG on:

    • delivery of the department’s key commitments, objectives and milestones
    • the planning, performance and reporting cycle ensuring alignment of activities including:
      • the development of performance measures and dashboard performance reporting for the department
      • statutory reporting activities
      • business planning activities and improvements to existing business processes
      • compliance with the performance management legislative requirements
      • setting key priorities and guiding the department towards achievement of these priorities.
    • implementation of the strategic plan, ensuring it underpins all departmental activities
    • transformational projects (focusing on leading practice) and initiatives
    • changes to the operating model including the prioritisation and resourcing of new projects and initiatives (where needed)
    • commitment to continuous development and improvement
    • key stakeholder relationships, feedback and strategies via the customer survey process
    • learnings and outcomes
    • innovative approaches and projects.

    People and Capability Committee

    The People and Capability Committee meets quarterly and provides reports to the CGG. The committee met four times during 2019–20 and was chaired by the Deputy Director-General, Policy.


    The role of the People and Capability Committee is to:

    • drive the implementation of key workforce strategies that build a highly skilled and engaged workforce capable of delivering business outcomes now and into the future
    • ensure emerging risks are identified and mitigation strategies implemented
    • oversee and consider strategic priorities that:
      • embed an innovative and effective workforce that is forward thinking, embraces better ways of working and is connected and collaborative
      • builds a strategic workforce that seeks out and embraces new information, broader perspectives and opportunities for engagement
      • drive a strong and accountable workforce that demonstrates leadership at all levels, and role models the highest standards of behaviour
      • builds a high performing workforce that is inclusive, and well-regarded for their capability, commitment and consistency.

    Risk Committee

    The Risk Committee meets quarterly and provides reports to the CGG. The committee met four times during 2019–20 and was chaired by the Deputy Director-General, Strategy and Engagement.


    The role of the Risk Committee is to:

    • review the DPC Risk Management Framework to ensure it is appropriately managed in accordance with the Financial and Performance Management Standard 2019, Risk Management and Audit Committee Guidelinesissued by Queensland Treasury and the Australian/New Zealand Risk Management Standard – ISO 31000:2018
    • review and monitor DPC’s risk appetite and review its ongoing application
    • review and monitor DPC’s risk profile and exposure to significant risks
    • review and monitor DPC’s risk register and fraud and corruption register including risk treatment plans and follow up activities
    • monitor and assess the adequacy of risk management policies and procedures including the Fraud and Corruption Control Policy
    • oversee DPC’s information and communication technology (ICT) risks relating to the implementation of the ICT strategic plan and significant ICT projects
    • contribute to the audit planning processes relating to the risks and threats to DPC
    • review the effectiveness of DPC’s processes for identifying, monitoring and assessing significant emerging risks areas and where relevant provide recommendations to the CGG and the Audit and Risk Management Committee
    • review, through the internal audit function, whether relevant policies and procedures are in place and up to date, including those for the management and exercise of delegations, and whether they are complied with
    • review, through the Chief Finance Officer whether the financial internal controls are operating efficiently, effectively and economically.

    Audit and Risk Management Committee (ARMC)

    The department’s Audit and Risk Management Committee (ARMC) was established by the Director-General as required by section 35(1) of the Financial and Performance Management Standard 2019. As required by section 35(2) of the standard, the terms of reference outline the role of the committee.

    During 2019–20, the ARMC observed the terms of its charter and had due regard to Queensland Treasury’s Audit Committee Guidelines Improving Accountability and Performance. In accordance with its terms of reference the ARMC met four times during 2019–20.

    The Chief Finance Officer; the Director, Internal Audit and Risk Services; a representative from the Queensland Audit Office (QAO) and a representative from the internal audit service provider have standing invitations as observers to attend all committee meetings. Departmental officers are invited to attend meetings as required.


    The role of the ARMC is to provide independent assurance and assistance to the Director-General on the risk, control and compliance frameworks and the department’s external accountability responsibilities. The ARMC’s responsibilities include overseeing the:

    • annual financial statements, ensuring appropriateness of accounting policies and management assumptions
    • internal audit plan and audit findings
    • external audit reports
    • Risk Management Framework
    • performance, monitoring and reporting activities.

    The ARMC also serves the Commission Chief Executive, Public Service Commission. 


    The Chair of the committee (held by Neil Jackson and subsequently Bronwyn Morris) is entitled to be paid $230 (excluding GST) per hour, to prepare for and attend meetings. The Chair (Neil Jackson) attended one meeting during 2019–20 and received $1380 (excluding GST) in remuneration. The Chair (Bronwyn Morris) attended three meetings during 2019–20 and received $4140 (excluding GST) for this period.

    As an independent member of the committee, Bronwyn Morris AM is entitled to be paid $210 per hour (excluding GST) to prepare for and attend meetings. The independent member attended one meeting during 2019–20 and received $1260 (excluding GST) in remuneration.

    As an independent member of the committee, Susan Rix AM is entitled to $210 per hour (excluding GST) to prepare for and attend meetings. The independent member attended two meetings held during 2019–20 and received $1575 (excluding GST) in remuneration.

    As an independent member of the committee, Philip Hennessy AM is entitled to $210 per hour (excluding GST) to prepare for and attend meetings. The independent member attended three meetings held during 2019–20 and received $3780 (excluding GST) in remuneration.

    Key achievements for 2019–20

    • Endorsed the annual internal audit plan and monitored the ongoing delivery of the internal audit program.
    • Oversaw amendments to the annual internal audit plan to prioritise reviews covering emerging risks in relation to COVID-19.
    • Noted updates to departmental risk management materials.
    • Monitored progress of the implementation status of internal audit recommendations.
    • Received and considered external audit reports and monitored the implementation status of agreed actions against recommendations made (refer to External scrutiny for further information).
    • Endorsed the financial statements for 2018–19 and considered the ongoing financial position of the department.
    • Considered the ongoing corporate governance and risk management activities.


    The ARMC comprises:

    Name Committee role Position Portion of the year as a member

    Neil Jackson



    July 2019 – October 2019

    Bronwyn Morris AM



    November 2019 – June 2020

    Bronwyn Morris AM



    July 2019 – October 2019

    Susan Rix AM



    July 2019 – June 2020

    Philip Hennessy AO



    November 2019 – June 2020

    Megan Barry


    Deputy Commissioner, PSC

    July 2019 – June 2020

    Filly Morgan


    Deputy Director-General, Corporate and Government Services, DPC

    July 2019 – June 2020

    Dave Stewart


    Director-General, DPC

    July 2019 – June 2020

    Robert Setter


    Commission Chief Executive, PSC

    July 2019 – June 2020

    Risk management

    In accordance with the Financial Accountability Act 2009, the Director-General, DPC has established appropriate systems of internal control and risk management. This has been achieved through the maintenance of a risk management framework and oversight by the ARMC. DPC’s Risk Management Framework aligns with the International Standard ISO 31000:2018 on risk management principles and guidelines and includes appropriate governance arrangements and risk reporting and analysis.

    DPC is committed to a philosophy and culture that ensures risk management is an integral part of all activities. This has been illustrated by the implementation of the department’s COVID-19 response and recovery plans to highlight emerging COVID-related operational risks and help support continuity of services.

    Strategic risks, opportunities and challenges are reviewed regularly in relation to the operating environment of the department to ensure effective management. This minimises vulnerability to internal and external events and influences that could impact on the achievement of its objectives and strategic priorities. 

    To support the achievement of strategic objectives, risk management continues to be embedded throughout the department through proactive executive involvement and assessment and treatment of risk, including fraud and corruption risks.

    DPC’s Strategic Plan 2019–2023 states that the department will manage its strategic risks and their impacts. These risks are reflected in the department’s strategic risk register. DPC’s divisions are responsible for identifying and managing operational risks. ARMC oversees the department’s risk management system and it is a standing agenda item at their quarterly meetings. The DPC Risk Committee, which reports to the CGG, refers matters to the ARMC for consideration.

    Internal audit

    During 2019-20 the internal audit service was managed by the department’s Director of Internal Audit and Risk Services, with delivery of the program being outsourced to a third-party provider, Ernst and Young.

    Internal audit provides independent assurance and advice to the Director-General, senior management and the ARMC. It enhances the department’s corporate governance environment through an objective, systematic approach to evaluating the effectiveness and efficiency of processes, internal controls and risk management practices. This is in accordance with the role detailed in the Financial Accountability Act 2009.

    The internal audit function operates in accordance with an approved Internal Audit Charter that incorporates professional standards and the Queensland Treasury Audit Committee Guidelines Improving Accountability and Performance. The function is independent of the activities it reviews, of management and of the QAO. The internal audit function is monitored to ensure it operates effectively, efficiently and economically.

    Key achievements for 2019–20

    • Developed an internal audit plan based on strategic risks and operational risk registers and presented the plan to the Director-General for approval.
    • Successfully reprioritised and executed the internal audit plan to ensure alignment with key and emerging risks, providing reports to the ARMC and Director-General.
    • Monitored and reported on the status of implementation of internal audit recommendations to the ARMC.
    • Supported management by providing advice on corporate governance and related issues including fraud and corruption prevention programs and risk management.

    External scrutiny

    External audits and reviews add value to the public sector through recommendations that improve business operations. The following reports were published by the QAO in 2019–20 and were relevant to DPC:

    QAO Report 3: 2019–20 – Managing cyber security risks

    This audit examined whether entities effectively manage their cyber security risks. The QAO addressed this by assessing whether entities understand and assess the extent to which their information assets and organisational processes are exposed to cyber security risks, and design and implement effective information controls to mitigate identified cyber security risks.

    The QAO selected three entities for this audit. The QAO has not named the entities in this report. The QAO provided recommendations that all entities self-assess against the findings of the report and develop and implement processes where appropriate.

    QAO Report 8: 2019–20 – Queensland Government state entities: 2018–19 results of financial audits

    This report summarises the results of audits of Queensland state government entities for 2018–19, including the 21 government departments. The financial statements of all departments and government owned corporations, and most statutory bodies and controlled entities, are reliable and comply with relevant laws and standards.

    The Auditor-General has certified that DPC has completed all key processes by the target date, that acceptable draft financial statements were received on or prior to the planned date, and that no adjustments were required to the financial statements.

    The Auditor-General also issued an unmodified opinion that DPC’s financial statements are prepared in accordance with the relevant legislative requirements and Australian accounting standards for 2018–19.

    QAO Report 10: 2019–20 – Effectiveness of the State Penalties Enforcement Registry ICT reform

    The QAO audited the effectiveness of the governance of the program’s ICT component.

    Whilst the audit did not directly impact DPC, one of the recommendations within the report involves the Department of Housing and Public Works working together with Queensland Treasury and DPC to ensure that major ICT projects are established with appropriate governance arrangements before vendors are engaged.

    The Queensland Government Customer and Digital Group will work with Queensland Treasury and DPC to agree a process for the joint oversight of the start-up process of major ICT enabled initiatives ensuring appropriately skilled, independent and diverse governance capabilities are available to support initiatives.

    QAO Report 11: 2019–20 – Queensland Government state finances: 2018–19 results of financial audits

    Each year, the Treasurer prepares consolidated state government financial statements. These statements separately disclose transactions and balances for the total state sector, including the general government sector.

    The QAO found that the Queensland Government financial statements, the Consolidated Fund Financial Report, the Public Report of Ministerial Expenses, and the Public Report of Office Expenses of the Office of the Leader of the Opposition are reliable and comply with legislative requirements.

    The Queensland Government’s consolidated financial statements received an unmodified opinion in 2018–19, meaning the financial statements present a true and fair view of the state’s financial performance and position. The QAO issued unmodified opinions for all significant entities consolidated in the Queensland Government’s financial statements.

    The QAO issued unmodified audit opinions on the Public Report of Ministerial Expenses and the Public Report of Office Expenses for the Office of the Leader of the Opposition on 22 August 2019.

    Information systems and recordkeeping

    The department purchases transactional processing services from Queensland Shared Services and uses whole-of-government systems for finance and human resource management services.

    DPC uses several separate electronic document and records management systems (eDRMS) to provide secure, effective, and efficient management of:

    • Cabinet submissions and related documents
    • Executive Council minutes and related documents
    • departmental and portfolio agency records including ministerial and executive correspondence.

    These eDRMS support approved business processes and have enhanced information and cyber security functionality.

    Roles and responsibilities for creating, managing and disposing of public records are documented in the department’s Records Governance Policy and Recordkeeping Guidelines. Mandatory training is provided to all staff commencing in the department and refresher training via online training modules, is also available. The department’s policy applies to all public records as defined by the Public Records Act 2002.

    The department continues to work towards fostering digital processes to manage its information and records. A substantial percentage of records are received electronically and managed through internal electronic approval processes. A number of ongoing initiatives such as a digital briefing portal (known as SlimTRIM) support this transition, ultimately reducing the reliance on hard copy records while providing additional security of our information assets.

    Improvements around information security and managing sensitive data have been a priority during 2019–20 with work involved in defining, implementing and applying appropriate controls to safeguard confidentiality, integrity, and availability of information. The Public Records Act 2002 and the department’s Records Governance Policy mandate that the department capture, create, manage and dispose of public records in accordance with Queensland State Archives-approved disposal authorities. The department’s records are efficiently managed throughout their lifecycle and archived and disposed of accordingly.

    In meeting its public records governance responsibilities, DPC demonstrates mature recordkeeping to support sound business decision-making, effective governance and accountability. 

    Key achievements for 2019–20

    • Implemented a technology solution (known as Correspondence Inbox Automation) to streamline the registering of correspondence into the departmental eDRMS business system.
    • Developed a new intranet to increase staff engagement and collaboration leveraging existing licensing arrangements.
    • Continuous improvements in cyber security measures that protect our eDRMS business systems.
    • Ongoing development of briefing portal (SlimTRIM) to support improved decision making and team collaboration.

    Future directions for 2020–21

    • Implementing a new information security classification framework to improve confidentiality, integrity and availability of public records.
    • Implementing a new staff directory and resource request management system.
    • Identifying opportunities to leverage the department’s investment in its eDRMS business system with an improved reporting portal.
    • Increasing project management maturity to improve project outcomes and manage risk.
    • Developing the 2020–2021 ICT strategic plan, to align with the DPC operational and strategic plans.

    Open data

    The following datasets are published on the open data website at 

    • consultancies
    • language services
    • overseas travel.

    ^ to top

    Last updated:
    8 December, 2020