Corporate governance

• Our legislative framework
• Our governance structure
• Our planning framework
• Our internal audit program
• How we manage risk
• How we prevent fraud
• How we manage business process
• How we manage information
• How we manage procurement
• How we manage consultancies
• How we manage non-compliance

We operate within a governance structure to inform decision-making and to produce accountable business outcomes and sound organisational performance.

Our legislative framework

The legislative framework we operate in influences our governance structure. The most important pieces of legislation are the DHA Act and the PGPA Act.

DHA Act

This Act established DHA as a statutory authority⁷ and sets out our functions and powers, corporate structure and delegations. In accordance with section 5 of the Act:

1. The main function of DHA is to provide adequate and suitable housing for, and housing-related services to:
   1. members of the Defence Force and their families; and
   2. officers and employees of the Department and their families; and
   3. persons contracted to provide goods or services to the Department, and their families; and
   4. persons contracted to provide goods or services to the Defence Force and their families;
      
      in order to meet the operational needs of the Defence Force and the requirements of the Department.

In 1992, we became a GBE⁸ to undertake commercial business activities on behalf of the Australian Government.

PGPA Act

Under the PGPA Act, DHA is both a corporate Commonwealth entity⁹ and GBE. This Act sets the standards of governance, performance and accountability for all GBEs and imposes specific duties on our Board of Directors and Executive Group relating to the use and management of resources.

The GBE guidelines provide additional guidance on board and corporate governance, financial governance, planning and reporting.

A principal objective is that we add to shareholder value by making commercial returns and paying commercial dividends. We must deliver on these requirements while also fulfilling our functions under the DHA Act.

Other applicable legislation

As a GBE, we also operate within the following Commonwealth legislation:

• Freedom of Information Act 1982
• Privacy Act 1988
• Public Interest Disclosure Act 2013
• Archives Act 1983.

As an Australian Government employer, we also adhere to the provisions and statutes of various employment-related legislation, including but not limited to, the Public Service Act 1999 and the Work, Health and Safety Act 2011.

Our governance structure

Section 1 of this report summarised our organisational structure. This subsection provides more information about each group and their governance responsibilities. Reviews of our governance arrangements occur regularly, in line with legislative changes and significant organisational change.

Shareholder Ministers

DHA sits within the Defence portfolio of the Australian Government. However, our Board of Directors report to both the Minister for Defence and the Minister for Finance as Shareholder Ministers.

As at 30 June 2016, our Shareholder Ministers were:

• Minister for Defence
  
  Senator the Hon Marise Payne
  
  
• Minister for Finance
  
  Senator the Hon Mathias Cormann.

In 2015–16, the Minister for Defence delegated responsibility for operational matters to the Assistant Minister for Defence. At 30 June 2016, the Hon Michael McCormack MP held this role.

The following members of Parliament were also responsible for DHA during the reporting period:

• Minister for Defence
  
  Hon Kevin Andrews MP: 1 July 2015 to 20 September 2015
  
  
• Assistant Minister for Defence
  
  Hon Stuart Robert MP: 1 July 2015 to 20 September 2015
  
  Hon Darren Chester MP: 21 September 2015 to 17 February 2016.

We did not receive any direction by a Minister under an Act or instrument or any government policy orders in 2015–16.

Board of Directors

Our Board is the accountable authority for DHA under the PGPA Act and is responsible, through the Shareholder Ministers, for the proper and efficient performance of our functions.

The Board makes decisions on organisational direction and strategy, largely through our Corporate Plan.

In accordance with section 12 of the DHA Act:

1. The Board consists of the following members:
   1. the Chairperson;
   2. a current or former APS [Australian Public Service] employee or Agency Head within the meaning of the Public Service Act 1999, with a background in Defence, nominated by the Secretary of the Department;
   3. a current or former member of the Defence Force nominated by the Chief of the Defence Force;
   4. a person nominated by the Finance Secretary;
   5. the Managing Director (the only executive member of the Board);
   6. four (4) commercial members.

Board committees

Three committees assist our Board in the discharge of its responsibilities: the Audit Committee, the Property Committee and the Nomination and Remuneration Committee. Amendments to the DHA Act in 2006 established the DHA Advisory Committee to advise on the performance of our functions.

Board Audit Committee (BAC)

The BAC meets at least quarterly and reports to the Board on its activities at least twice a year. Its key functions are to:

• improve the effectiveness and efficiency of our internal control framework
• ensure we have appropriate risk identification and management practices in place
• improve the objectivity and reliability of significant financial reporting
• ensure we have adequate procedures on matters of audit independence
• assist the Board to comply with all governance and other obligations.

Board Property Committee (BPC)

The BPC meets at least quarterly and acts in an advisory capacity to the Board on major property transactions and property matters generally. Its key functions are to:

• review management proposals in relation to major property transactions
• review submissions for major property transactions (contracts above $10.0 million) to ensure that they contain all necessary information for the Board to make fully informed decisions or refer the matter to the Minister for Defence for approval as required (contracts above $15.0 million)
• consider property projects that are environmentally or politically sensitive or carry a high level of risk
• examine any other property project, if requested to do so, by the Board or management.

Nomination and Remuneration Committee (N&RC)

The N&RC meets at least annually. Its key functions are to:

• assist the Board in relation to the review of the Managing Director's performance and remuneration
• assist in informing Shareholder Ministers of impending vacancies on the Board and advise, where appropriate, of possible candidates.

DHA Advisory Committee (DHA AC)

The DHA AC typically meets quarterly. Its key functions are to provide general advice and information on the performance of DHA's role. It is composed of:

• the Secretary of Defence or Chief of Defence nominated Board Director (who is Chair of the DHA AC)
• the National Convenor of Defence Families Australia (DFA)
• up to three persons appointed by the Chief of the Defence Force
• a person appointed by DHA.

Board members

The Board comprised the following members as at 30 June 2016:

Board meetings

The Board met seven times during the reporting period. The Board also considered a number of time-critical resolutions between scheduled meetings. Refer to Appendix B for details of Director attendance at meetings.

Board performance

An external review of the Board's performance was conducted in September 2015 to confirm that, as a decision-making body, it is working within the principles of good governance as detailed in its Charter. The findings were reported to our Shareholder Ministers and the recommendations are being progressively implemented.

Director professional development

During the reporting period, the Board received briefings from:

• Department of Finance representatives on the PGPA Act
• CBA chief economist on the outlook for the housing sector, including interest rates and investor sentiment
• Executive Group members on the Defence White Paper and its implications for DHA, the future direction of housing policy and the United States Defence accommodation model.

Directors also visited Darwin and Tindal (NT) in June 2016 to meet with staff, senior Defence personnel and participate in tours of:

• our construction and upgrade projects at Larrakeyah, Tindal and Katherine
• the Lee Point Road precinct, including our developments at Lyons, Muirhead and the 2CRU site
• Defence establishments (Robertson Barracks and RAAF Base Tindal).

Director related entity transactions

We recorded no disclosure of related entity transactions during the reporting period.¹⁰

Executive Group

An Executive Group comprising the most senior staff in the organisation, supports the Managing Director in fulfilling our role. The Executive Group has four broad purposes:

1. Provide leadership
2. Guide performance
3. Implement and deliver against the Corporate Plan
4. Ensure accountability of our activities.

Executive Group members and responsibilities

Executive Group members and responsibilities as at 30 June 2016 were as follows:

Other committees

Executive Property Committee (EPC)

The EPC acts in an advisory capacity to the Executive Group on property-related matters. It is responsible for monitoring progress against the capital program, reviewing and approving property-related activities in accordance with financial delegations, and making submissions to the BPC and Board where their endorsement and approval is required.

National Safety, Health, Environment and Quality (SHEQ) Committee

Formerly called the National WHS Committee, the committee was restructured during the reporting period. It is now chaired by the Acting Managing Director and its role has been expanded to include:

• facilitating a positive and cooperative environment within DHA and overseeing the development, implementation and reporting of measures designed to ensure worker's health and safety in connection with the workplace
• overseeing the development and implementation of SHEQ and rehabilitation return-to-work management strategies
• ensuring the successful implementation of management programs during periods of significant business change
• any other functions prescribed by relevant legislative Acts or regulations, or agreed by the committee.

The inclusion of quality and change management will enhance our approach to systematically manage significant projects and ensure effective strategies are implemented consistently and transparently, particularly when undertaking mandatory people and project risk assessments.

Our planning framework

We prepare a series of corporate and performance reports in accordance with the PGPA Act and GBE guidelines.

Corporate Plan

Our four-year Corporate Plan sets the strategic direction of the business, including corporate objectives, KPIs and a long-term outlook of future priorities. We review and update the plan annually, in line with our service agreements with Defence and in consultation with our shareholder departments.

Statement of Corporate Intent (SCI)

We prepare a SCI annually based on the Corporate Plan. The SCI is a high level, plain English overview of our key objectives and priorities for the financial year. It is tabled in the Parliament and published on our website.

Business plans

Each division develops a business plan that incorporates all relevant responsibilities from the Corporate Plan, together with extra activities and measures linked to budget. Within divisions, some teams also develop plans specific to program delivery. Staff use this information to develop their individual performance development agreements.

Annual Report

At the end of each financial year, we prepare an Annual Report in accordance with legislation. The report sets out our performance in delivering the stated objectives and strategies in our Corporate Plan and provides our audited financial statements. It is tabled in the Parliament and published on our website.

Quarterly performance report

Each quarter, we provide our Shareholder Ministers with a report on our operations, including progress against KPIs, an update on key programs and projects, and any material changes and risks affecting the business.

Our internal audit program

Internal audit services give objective and independent assurance to the BAC and senior management that financial and operational controls are operating efficiently, effectively and ethically. In the reporting period, we outsourced internal audit services to KPMG.

An internal audit plan provides a systematic and disciplined approach to evaluating and improving the effectiveness and efficiency of risk and financial management, controls and governance processes. It promotes best practice by identifying potential risks that could impede achievement of outcomes and recommending business performance improvements.

The BAC monitors the implementation of internal audit recommendations and reports progress to the Board.

How we manage risk

We are committed to operating within a risk minimisation and control framework, effective at Board, senior management and staff levels. This means we formally assess identified risks and implement controls to mitigate the level of risk to within an acceptable threshold.

Risk management is centrally coordinated and relies on:

• regular reviews of documentation, such as the risk management plan, business continuity plan and related policies and processes (including financial delegations)
• mandatory education and training on risk identification and management, including modules on fraud and conflict of interest (see subsection on how we prevent fraud).

Risk management plan

Our enterprise-wide annual risk management plan is developed to align with the outcomes of the corporate planning process. It is informed by the Corporate Plan, the previous financial year risk plan and detailed operational risk assessments.

It is prepared based on the methodology set out in the Australian Standards on Risk Management AS/NZS ISO 31000:2009 and aligns with elements contained in the Commonwealth risk management policy.

The 2015−16 plan was endorsed by the BAC before being formally approved by our Board.

Insurance and indemnities

We maintain insurance with Comcover for liability (including fraud and business interruption), property, motor vehicles and travel outside of Australia. This includes insurance cover for Directors and officers of DHA in respect of legal liabilities, including legal expenses that they may be legally obliged to pay in certain circumstances. The policy has some exclusions, such as wilful breach of duty, breach of professional duty and any claim arising out of libel, slander or defamation. We also have a policy with QBE to cover owners (lessors) of DHA-managed properties where a home business is being operated and the lessor's policy is not effective in providing cover. This type of cover is not offered by Comcover.

Risk management benchmarking survey

Under the PGPA Act, participation in Comcover's benchmarking survey is mandatory for Comcover fund members. Apart from benchmarking our risk management maturity, the survey provides a basis for measuring how successfully risk management has been integrated into enterprise-wide business operations.

In 2016, we achieved a risk management maturity of 'integrated', which is the third highest level. Our rating was consistent with the average maturity level of all fund members.

How we prevent fraud

We are committed to an ethical organisational culture and minimising the incidence of fraud through the development, implementation and regular review of fraud prevention and detection strategies.

In 2015−16, we completed a fraud risk assessment (FRA) consistent with the PGPA Act (including PGPA Rule 2014) and in accordance with Australian and international standards AS/NZS ISO 31000:2009 and AS 8001–2008. The FRA is a proactive approach to minimising the potential for fraud, whether by staff or external third parties.

Our Board also approved a fraud control plan (FCP) and fraud policy that provides guidance on actions to deter and detect fraud. The FCP is based on the FRA and summarises our fraud-control strategies.

During the reporting period, staff were required to complete mandatory training modules on fraud and conflict of interest. This aided staff in distinguishing the difference between real and perceived fraud and conflict, as well as knowing how to manage potential or actual breaches.

One instance of possible fraud was detected in 2015–16 and was under investigation at the end of the reporting period.

Public interest disclosure (PID)

We are committed to the highest standards of ethical and accountable conduct, and encourage people to report suspected wrongdoing in the public sector in line with the Public Interest Disclosure Act 2013.

We will do our best to ensure that those who report, or who are considering making a report, are properly supported and protected from any adverse consequence related to the reporting.

Further information about making a report is available on our website.

Reports of suspected wrongdoing should be made in writing to:

Authorised Officer
Defence Housing Australia
26 Brisbane Ave
Barton ACT 2600
E: pid@dha.gov.au

How we manage business process

We are committed to delivering consistent products and services that meet client and customer expectations. Refer to Purpose 1 in Section 2 of this report for more information about our customer service approach.

Business management certification

In 2014−15, we undertook a program of works to achieve certification against international standard ISO 9001—the world's most recognised quality standard. Final certification was received on 15 July 2015.

During July 2015, we also underwent ISO 9001:2008 certification. The external audit group praised us for our commitment to the provision of quality and repeatable processes, and highlighted the organisation's drive to develop and certify our QMS framework.

External ISO 9001 licensor quality surveillance audits commenced in April 2016. Following an internal gap analysis, no major non-conformances were identified.

A program of work was undertaken during the reporting period so that internal AS4801/ISO 18001 WHS surveillance audits can commence in 2016–17, as part of our regular SHEQ audit and standard certification program.

How we manage information

Privacy

We take our obligations of handling staff, customer and contractor information seriously and adhere to the Australian Privacy Principles as detailed in the Privacy Act 1988. A copy of our privacy policy, including details about the information we collect and how we use it, is available on our website.

Freedom of information (FOI)

We are required to comply with the Freedom of Information Act 1982 (FOI Act) to give the community access to information held by the Australian Government.

In 2015–16, we received 32 requests for information. As at 30 June 2016, the status of the requests was as follows:

• 5 were waiting assessment
• 2 were granted in full
• 21 were granted in part
• 1 received practical refusal notification under section 24AB
• 2 were withdrawn
• 1 was refused due to access (includes where the agency could find no relevant information).

We were 100 per cent compliant with legislative deadlines. We also conducted one internal review in accordance with section 54 of the FOI Act.

Further information about submitting requests for information and our FOI disclosure log is on our website.

Requests for access to information must be made in writing to:

Company Secretary
Defence Housing Australia
26 Brisbane Ave
Barton ACT 2600
E: foi@dha.gov.au

How we manage procurement

Our approach to procuring goods and services, including consultancies, is consistent with and reflects the core policies and principles of the Commonwealth Procurement Rules.

Our procurement policy provides staff with a framework to obtain value for money, ensure risks are assessed and are acceptable, ensure the efficient, effective, economical and ethical use of resources, and maintain accountability and transparency in decision-making.

We advertise tender opportunities via AusTender on a periodic basis for a range of goods and services. We also use AusTender to manage our tenders, including releasing tender opportunities, issuing addenda and taking receipt of tender submissions.

Interested parties can register their details with AusTender to receive notifications about our tenders. Information is also available via the partnering section of our website.

The Forensic Review into our operations made a number of recommendations regarding our procurement activities. This led to the creation and implementation of a revised single procurement policy and process instruction that can be applied consistently across the organisation. Further work is being undertaken in 2016–17 to streamline our procurement activities, improve contract management and upskill personnel through targeted training.

How we manage consultancies

We engage consultants as required when specialist expertise is not available in-house and the services are required for a defined period of time. In 2015–16, we entered into new consultancy contracts or deeds of variation for existing consultants to the value of $15.9 million.

Almost all (98.1 per cent) of consultancies related to our property provisioning activity, including architectural design, town planning, quantity surveying, acoustic investigation, impact assessment (heritage, flora and fauna, etc.), social and cultural planning, legal services and graphic design services. The remainder was for corporate-related items such as strategic planning, information technology, financial management and quality management.

More information about our use of advertising and market research services in 2015–16 is provided in Appendix F.

How we manage non-compliance

In previous reporting periods, we have been required to provide a Certificate of Compliance in accordance with the Commonwealth Authorities and Companies Act 1997.

This requirement has been replaced by section 19 of the PGPA Act, which requires our Board (as accountable authority) to notify our Shareholder Ministers as soon as practicable after a significant non-compliance with finance law¹¹ issue is identified.

Significant non-compliance includes, but is not limited to:

• failure to comply with the duties of accountable authorities (sections 15 to 19 of the PGPA Act)
• significant fraudulent activity by an official and other serious breaches of the general duties of officials (sections 25 to 29 of the PGPA Act)
• systemic issues reflecting internal control failings
• high volume instances of non-compliance with finance law.

The following compliance matters were raised during the reporting period:

• Misuse of corporate credit cards
  
  We identified a number of issues pertaining to staff use of corporate credit cards, including instances of accidental personal use, not providing appropriate documentation (e.g. receipt or invoice) to support the transaction, and unauthorised use of another staff member's corporate credit card for business purposes while the cardholder was on leave.
  
  We conducted an in-house review of credit card policy and processes, revised the policy, introduced more detailed training for cardholders and implemented coordinated internal and external monitoring systems. Our internal auditor has also been engaged to conduct regular quarterly reviews of credit card transactions.
  
  
• Late submission of our 2014–15 Annual Report
  
  A copy of our 2014–15 Annual Report was provided to Shareholder Ministers five calendar days after the required deadline.
  
  We have updated the timeline for the preparation of future annual reports to ensure that we comply with the prescribed lodgement deadline.
  
  
• Breach of our financial delegations
  
  A staff member approved transactions for which one-up approval was required. Although the approvals were within the staff member's delegation, they should have referred the transactions to their manager as the appropriate delegate.
  
  The staff member concerned receive additional training.
  
  
• Exceeding our functions under the DHA Act
  
  We exceeded our functions under the DHA Act by providing property management services under Agreements with the Australian Maritime Safety Authority (AMSA).
  
  In accordance with the DHA Act, we can provide adequate and suitable housing for, and housing-related services to, officials and contracted service providers of a non-corporate Commonwealth entity (within the meaning of the PGPA Act). AMSA is a corporate Commonwealth entity, therefore, by providing property management services to AMSA we exceeded our function.
  
  The most recent Agreement with AMSA has expired and we did not seek a further extension to this arrangement. We have subsequently implemented stricter governance and approval processes for all major projects and contracts.
  
  
• Breach of finance law
  
  We entered into an employment contract with a SES employee after not complying with the APS merit principle that applies to ongoing and non-ongoing appointments. The matter has since been resolved.
  
  We updated our recruitment processes and procedures to include greater human resources oversight of selection processes and more robust approval practices.

---

7 A body created by the Parliament for a specific purpose.

8 A body created when government wishes to conduct some form of commercial enterprise at arm's length from usual departmental structures and processes.

9 A corporate body, established by a law of the Commonwealth but legally separated from it. Corporate Commonwealth entities can act in their own right and exercise certain legal rights such as entering into contracts and owning property.

10 A related entity transaction is where a Board member approves payment for a good or service from another entity or provision of a grant to another entity where a Director of DHA is also a Director of the other entity, and the value of the transaction (or, if there is more than one transaction, the aggregate value of those transactions) exceeds $10,000 (GST inclusive).

11 Finance law incorporates the PGPA Act, any rules created under the PGPA Act, any instrument under the PGPA Act, and an Appropriation Act.