Corporate support functions

Overview

In 2021–2022, the department renewed and improved its Governance Framework and streamlined its governance committee structure. From 1 January to 30 June 2022, the previous Corporate Governance Group (CGG) and four subcommittees were replaced with the Executive Leadership Team and three subcommittees, as follows. For information about the previous governance committees (1 June to 31 December 2021) see Appendix B.

Executive Leadership Team

The Executive Leadership team (ELT) meets to assist the Director-General in discharging the accountabilities of the role and to achieve the department’s objectives.

ELT is scheduled to meet every week to address emerging issues, with one meeting every month held for a longer period to discuss in-depth strategic matters or subcommittee business. From 1 January to 30 June 2022, ELT held 29 meetings.

Membership

Chaired by the Director-General, ELT includes the following members:

• Associate Director-General, The Cabinet Office
• Associate Director-General, Governance and Engagement
• Associate Director-General, Brisbane 2032 Taskforce
• Queensland Parliamentary Counsel
• Executive Director, Office of the Director-General.

The role of ELT is to:

• support the Director-General in decision making and advising on matters of strategic importance
• identify and report on emerging governance issues and major activities
• provide assurance on the effectiveness of governance arrangements
• review and approve corporate policies and processes
• act as a forum for strategic information sharing
• embed risk management activities and manage risk mitigation strategies
• consider impacts of whole-of-government initiatives on the department’s activities
• act as DPC’s crisis management group and meet during a disruption to oversee DPC’s internal and whole-of-government responsibilities.

To manage the department’s key duties and responsibilities, subcommittees chaired by ELT members, support the function of ELT. These subcommittees provide regular updates to ELT on the progress of their respective key focus areas.

Finance, Performance and Planning, and Risk Subcommittee

The Finance, Performance and Planning, and Risk (FPPR) Subcommittee meets quarterly and reports to ELT. From 1 January to 30 June 2022, the subcommittee met two times and is chaired by the Executive Director, Brisbane 2032 Taskforce.

Role

The role of the FPPR Subcommittee is to assist the Director-General, as the accountable officer, in performing the following financial, performance management and risk functions:

Finance

• Achieve reasonable value-for-money by ensuring the operations of the department or statutory body are carried out efficiently, effectively and economically.
• Establish and maintain appropriate systems of internal control and risk management.
• Establish and keep funds and accounts in compliance with the prescribed requirements.
• Ensure annual financial statements are prepared, certified and tabled in Parliament in accordance with the prescribed requirements.
• Undertake planning and budgeting for the accountable officer’s department or the statutory authority appropriate to the size of the department or statutory authority.

Performance and Planning

• Set DPC’s overarching strategic direction through strategic and operational planning, internal quarterly reporting and the annual report.
• Oversee DPC’s performance measurement and reporting in accordance with the Queensland Government’s Performance Management Framework Policy, Financial and Performance Management Standard 2019 and Financial Accountability Act 2009.

Risk

• Monitor the identification and treatment of enterprise risks and operational risks (including the protective security of information, financial controls, personnel, assets, and Information and Communications Technology (ICT) matters).
• Ensure the risk management function operates effectively, efficiently and economically.
• Report promptly to the Director-General, ELT and the Audit and Risk Management Committee (ARMC) when issues are identified that could present a material risk or threat to the agency.

People and Culture Subcommittee

The People and Culture Subcommittee meets quarterly and reports to ELT. From 1 January to 30 June 2022, the subcommittee met two times, and was chaired by the Deputy Director-General, Policy.

Role

The role of the subcommittee is to assist the Director-General in overseeing and meeting the department’s responsibilities in relation to managing its workforce. Specifically, the subcommittee:

• drives the implementation of key workforce strategies that build a highly skilled and engaged workforce capable of delivering business outcomes now and into the future
• ensures emerging risks are identified and mitigation strategies implemented.

The subcommittee oversees and considers strategic priorities which:

• embed an innovative and effective workforce that is forward thinking, embraces better ways of working and is connected and collaborative
• build a strategic workforce that seeks out and embraces new information, broader perspectives, and opportunities for engagement
• drive a strong and accountable workforce that demonstrates leadership at all levels, and role models the highest standards of behaviour
• build a high performing workforce that is inclusive, and well-regarded for their capability, commitment and consistency.

Information Steering Subcommittee

The Information Steering Subcommittee meets quarterly and reports to ELT. From 1 January to 30 June 2022, the subcommittee met three times, and was chaired by the Deputy Director-General, People and Services.

Role

The role of the subcommittee is to oversee DPC’s Information Management (IM) and Information Security (IS) risks, initiatives, and overall ICT strategies to ensure departmental, responsible entities, and whole-of-government priorities are met. Specifically, the subcommittee:

• provides oversight to ELT of relevant ICT-based risks and initiatives
• enables collaboration and information sharing related to ICT-based risks and initiatives between the following entities:
  • DPC
  • Office of the Queensland Parliamentary Counsel (OQPC)
  • Public Service Commission (PSC)
• oversees the implementation, adherence, and maturity of the Information Security Management System (ISMS)
• ensures significant ICT-based risks and incidents affecting responsible entities and whole-of-government are identified and suitably mitigated
• reviews and endorses significant ICT security initiatives affecting responsible entities and whole-of-government
• reviews and endorses significant ICT policy changes prior to authorised delegate approval
• reviews and monitors the implementation of ICT-based audits and penetration tests across responsible entities
• reviews and monitors ICT contracts to ensure opportunities for cost-savings, improved business processes, and leveraging investments across responsible entities are realised
• ensures relevant ICT-based initiatives or discussions from external meetings, forums, or communities of practice that have potential impact, both positive or negative, on responsible entities or whole-of-government are tabled for review and discussion with a formal position as to how DPC manages or mitigates related risks.

Audit and Risk Management Committee

The department’s Audit and Risk Management Committee (ARMC) was established by the Director-General as required by section 30(1) of the Financial and Performance Management Standard 2019. As required by section 30(2) of the Standard, the terms of reference outline the role of the committee.

During 2021–2022, the ARMC observed its terms of reference and had due regard to Queensland Treasury’s Audit Committee Guidelines Improving Accountability and Performance. The ARMC met four times during 2021–2022.

A representative from the Queensland Audit Office (QAO) and a representative from the department’s internal audit service provider have standing invitations as observers to attend all committee meetings. Departmental officers are invited to attend meetings as required.

Role

The role of the ARMC is to provide independent assurance and assistance to the Director-General on the governance, risk, control, compliance and performance management frameworks and the department’s external accountability responsibilities. The ARMC’s responsibilities include overseeing the:

• adequacy of the annual financial statements, ensuring appropriateness of accounting policies and management assumptions
• operation of the internal audit function, including internal audit planning and monitoring audit findings
• Risk Management Framework
• performance management frameworks, including monitoring and reporting activities.

The ARMC also serves the Commission Chief Executive, Public Service Commission.

Key achievements for 2021–2022

• Endorsed the annual internal audit plan and monitored the ongoing delivery of the internal audit program.
• Received and noted updates to departmental risk management materials.
• Monitored progress of the implementation status of internal audit recommendations and business improvement opportunities.
• Received and considered external audit reports and monitored the implementation status of agreed actions against recommendations made (refer to External Scrutiny section for further information).
• Endorsed the financial statements for 2020–2021 and considered the ongoing financial position of the department.
• Considered the ongoing corporate governance and risk management activities of the department.

Membership

The ARMC comprises:

Name	Committee role	Position	Portion of the year in role	Number of meetings attended	Remuneration entitlement
Bronwyn Morris AM	Chair	Independent	July 2021 – August 2021	1	$1380
Paul Cooper	Chair	Independent	November 2021 – June 2022	3	$4140
Susan Rix AM	Member	Independent	July 2021 – June 2022	3	$3780
Philip Hennessy AO	Member	Independent	July 2021 – June 2022	4	$5040
Megan Barry	Member	Deputy Commissioner, PSC	July 2021 – June 2022	4	Nil
Filly Morgan	Member	A/Associate Director-General, Governance and Engagement, DPC	July 2021 – June 2022	4	Nil
Rachel Hunter	Attendee	Director-General, DPC	July 2021 – June 2022	2	Nil
Robert Setter	Attendee	Commission Chief Executive, PSC	July 2021 – June 2022	3	Nil

Risk management

In accordance with the Financial Accountability Act 2009, the Director-General, DPC has established appropriate systems of internal control and risk management. This has been achieved through the maintenance of a risk management framework, with oversight by the ARMC. DPC’s Risk Management Framework aligns with the International Standard ISO 31000: 2018 on risk management principles and guidelines, and includes appropriate governance arrangements, risk reporting and analysis.

DPC is committed to a philosophy and culture that ensures risk management is an integral part of all activities. The department has ensured risk management and business continuity plans are aligned, and that lessons learnt from the COVID-19 pandemic are reflected in its risk management approach.

Strategic risks, opportunities and challenges are reviewed regularly in relation to the operating environment of the department to ensure effective management. This minimises vulnerability to internal and external events and influences that could impact on the achievement of its objectives and strategic priorities.

To support the achievement of strategic objectives, risk management continues to be embedded throughout the department through proactive, executive involvement, and assessment and treatment of risk (including fraud and corruption risks).

The department’s Strategic Plan 2021-2025 states that the department will manage its strategic risks and their impacts. These risks are reflected in the department’s strategic risk register.

Divisions are responsible for identifying and managing operational risks. ARMC oversees the department’s risk management system, and it is a standing agenda item at ARMC meetings. The department’s Finance, Planning and Performance and Risk Subcommittee, which reports to ELT, can also refer matters to the ARMC for consideration.

Internal audit

During 2021–2022, the internal audit service was managed by the department’s Director of Internal Audit and Risk Services, with delivery of the program being outsourced to a third-party provider, EY.

The internal audit function provides independent assurance and advice to the Director-General, senior management and the ARMC. It enhances the department’s corporate governance environment through an objective, systematic approach to evaluating the effectiveness and efficiency of processes, internal controls, and risk management practices. This is in accordance with the role detailed in the Financial Accountability Act 2009.

The internal audit function operates in accordance with an approved Internal Audit Charter that incorporates professional standards and the Queensland Treasury Audit Committee Guidelines Improving Accountability and Performance. The function is independent of the activities it reviews, of management, and of the QAO. The internal audit function is monitored by the ARMC to ensure it operates effectively, efficiently, and economically.

Key achievements for 2021–2022

• Developed an internal audit plan based on strategic risks and operational risk registers and presented the plan to the Director-General for approval.
• Successfully reprioritised and executed the internal audit plan to ensure alignment with key and emerging risks and provided reports to the ARMC and Director-General.
• Monitored and reported on the status of the implementation of internal audit recommendations and business improvement opportunities to the ARMC.
• Supported management by providing advice on corporate governance and related issues including fraud and corruption prevention programs and risk management.

External scrutiny

External audits and reviews add value to the public sector through recommendations that improve business operations. The following reports were published in 2021–2022 and were relevant to the department:

QAO Report 4: 2021–2022 Status of Auditor-General’s recommendations

This report provided a summary of agencies’ selfassessed progress in implementing actions from QAO performance and assurance audit reports tabled during 2015–2016 to 2017–2018. During this period two reports impacted DPC:

• Report 1: 2016-17 – Strategic Procurement contained one recommendation for the department. DPC worked with Queensland Treasury and the Department of Energy and Public Works (EPW) and fully implemented agreed actions stemming from the recommendation.
• Report 16: 2016-17 - Government Advertising contained four recommendations for the department. DPC has fully implemented the agreed actions stemming from these four recommendations.

QAO Report 13: 2021–2022 – State Finances 2021

Each year, the Treasurer prepares consolidated Queensland Government financial statements. These statements separately disclose transactions and balances for the total state sector, including the general government sector.

The QAO found that the Queensland Government financial statements, the Consolidated Fund Financial Report, the Public Report of Ministerial Expenses, and the Public Report of Office Expenses of the Office of the Leader of the Opposition were reliable and complied with legislative requirements.

The Queensland Government’s consolidated financial statements received an unmodified opinion in 2020–2021, meaning the financial statements present a true and fair view of the state’s financial performance and position. QAO issued unmodified opinions for all significant entities consolidated in the Queensland Government’s financial statements.

QAO Report 14: 2021–2022 – State Entities 2021

This report summarises the results of 2021–2022 financial audits of Queensland Government entities, including the 21 government departments. The report also examined the impact of government restructuring, challenges with delivering government programs and internal controls.

The Queensland Auditor-General issued the department an unmodified audit opinion, with no key audit matter raised, indicating the department’s 2020–2021 financial statements were in accordance with prescribed requirements.

The QAO made three recommendations specific to the department regarding advice on machinery-of-government changes, provision of ministerial guidance for extension of annual report tabling, and updating accountability requirements regarding annual reports. The department accepted these, with agreed actions for two recommendations fully completed.

QAO Report 17: 2021–2022 – Appointing and Renewing Government Boards

This report examined the processes that government entities use to appoint and renew members of government boards.

The QAO found government entities have different policies and practices for appointing and renewing board members. While each process has its strengths and weaknesses, each could benefit from being aligned with better practice, including the ASX Corporate Governance Council and the Australian Institute of Company Directors.

The QAO made four recommendations specific to the department, all of which were accepted and an action plan is in progress.

Independent reviews

Kevin Yearbury PSM, Strategic Review of the Integrity Commissioner’s Functions (30 September 2021)

The Integrity Act 2009 requires a review of the Integrity Commissioner’s functions be conducted at least every five years to assess whether the functions are performed economically, effectively, and efficiently.

The Yearbury Report was presented to the Premier and Minister for the Olympics on 30 September 2021, and made 27 recommendations covering:

• Advisory functions (Recommendations 1 – 7, 27)
• Lobbying functions (Recommendations 8 – 18)
• Public awareness functions (Recommendations 19 – 21)
• Performance of the Integrity Commissioner’s functions (Recommendations 22 – 23)
• Organisational arrangements (Recommendations 24 – 26).

The Yearbury report was tabled in Parliament on 14 October 2021 and referred to the Economics and Governance Committee (the Committee) for consideration.

On 3 June 2022, the Committee tabled its Report No. 26, 57th Parliament -Inquiry into the report on the strategic review of the functions of the Integrity Commissioner, making three specific recommendations:

• that government consider legislative amendment to the Act to clarify the role of the Integrity Commissioner in providing post separation employment advice (Yearbury Report Recommendation 4)
• that the Act be amended to ensure that Ministers and Assistant Ministers are aware of the Integrity Commissioner advice being sought by a member of their staff (Yearbury Report Recommendation 5)
• that consultation be undertaken with a view to identify an appropriate body to undertake investigations into allegations of misconduct or corrupt conduct on the part of registered lobbyists or lobbying activity undertaken by unregistered lobbyists (Yearbury Report Recommendation 14).

The Government Response to the Committee Report was tabled on 2 August 2022 and supports or supports-in-principle all recommendations of the Committee and Yearbury Reports.

Emeritus Professor Peter Coaldrake AO, Let the Sunshine In: Review of culture and accountability in the public sector (28 June 2022)

The Coaldrake Report was commissioned to review the culture and accountability of the Queensland public sector to ensure an integrity framework that:

• is contemporary, fit-for-purpose and future-focused
• is effective in supporting an ethical public sector culture
• is underpinned by robust systems, including complaints mechanisms and training
• maintains the public’s trust in the decisions of the Queensland Government and its public sector agencies.

The Coaldrake Report made 14 key recommendations. Recommendations with direct impact for the department include:

• enhancing the independence of the Auditor-General
• enhancing independence of integrity bodies by aligning responsibility for financial arrangements and management practices with the Speaker of Parliament and appropriate Parliamentary Committee
• proactive release of Cabinet documents within 30 business days of a final decision being taken by Cabinet
• establishment of a mandatory data breach scheme
• a range of other specific initiatives to be considered to renew the capability and capacity of the public sector with a focus on performance and integrity culture.

The Queensland Government established the Integrity Reform Taskforce to lead the implementation of the Coaldrake Report recommendations. As noted in the Government’s Response to the Committee’s Report, some recommendations of the Yearbury Report will be considered in conjunction with the recommendations of the Coaldrake Report.

Information systems and recordkeeping

The Public Records Act 2002 and the department’s Records Governance Policy mandate that the department capture, create, manage, and dispose of public records in accordance with Queensland State Archives-approved disposal authorities. The department’s records are efficiently managed throughout their lifecycle and archived and disposed of accordingly.

In meeting its public records governance responsibilities, the department demonstrates mature recordkeeping to support sound business decision making, effective governance, and accountability.

The department purchases transactional processing services from Queensland Shared Services and uses whole-of-government systems for finance and human resource management services.

The department manages several electronic document and records management systems (eDRMS) to provide secure, effective, and efficient management of:

• Cabinet submissions and related documents
• Executive Council minutes and related documents
• departmental and portfolio agency records.

These eDRMS support approved business processes whilst enhancing information and cyber security functionality.

Roles and responsibilities for creating, managing and disposing of public records are documented in the department’s Records Governance Policy and Recordkeeping Guidelines.

Mandatory recordkeeping training is provided at induction for all new staff, along with mandatory online refresher training not less than every three years, augmented with the delivery of specialist recordkeeping training, as required.

A substantial percentage of records are created and captured electronically and managed through approval processes codified within the business system. Several initiatives have been developed and enhanced to reduce reliance on paper records.

Improvements around information security and managing sensitive data have been a priority for several years with a key initiative being the department’s commitment to the full implementation of the whole-of-government Information Security Management System (ISMS). This involves defining, implementing, and applying appropriate controls to safeguard confidentiality, integrity, and availability of information.

Key achievements for 2021–2022

• Continued to ensure staff were able to effectively work from any location whilst continuing to deliver services with technology as the key enabler.
• Complied with government cyber security requirements through maturing the department’s ISMS with supporting policies, procedures, processes, and tools to support a robust security posture.
• Performed a portfolio-wide cyber security exercise focusing on the department’s incident response and strategic communications.
• Prioritised active and anticipated ICT-related projects across the department.
• Replaced three end-of-life systems, ensuring continuity and security of departmental information.
• Renewed Microsoft licensing arrangements.

Future directions for 2022–2023

• Mature the department’s project management capability to improve project outcomes and project-based risk management.
• Continue to focus on delivering value through effective project and portfolio management, to ensure investments deliver benefits and outcomes.
• Contribute to the implementation of the Queensland Protective Security Framework (QPSF).
• Finalise the implementation of a simplified employee onboarding and resource-request management system to effectively manage onboarding and exiting processes within the department.
• Continue to develop and enhance correspondence and briefing note reporting to support business outcomes, including greater visibility of workflow processes, and an optimised user experience when used with mobile devices.
• Focus on realising greater value-for-money outcomes in existing technology investments.
• Continue to investigate, identify, and remediate potential, single points of failure in key business systems and address the retirement of end-of-life legacy systems.
• Continue to focus on optimising Microsoft Azure cloud services, from a value-for-money perspective, while ensuring appropriate continuity of services.
• Ongoing initiatives to improve the portfolio’s cyber security posture by leveraging extra security capabilities available through the enhanced Microsoft licensing agreement.

Information Security attestation statement

During the mandatory, annual, Information Security reporting process, the Director-General attested to the Queensland Government Chief Information Security Officer, the appropriateness of information security risk management within the department. It was noted that appropriate assurance activities have been undertaken to inform this opinion and the department’s information security risk position.

Open data

The following datasets are published on the open data website at www.data.qld.gov.au

• consultancies
• translator and interpreter services
• overseas travel expenditure.

^ to top