The Secretary, Transport for NSW appoints the Chief Executive of Roads and Maritime with the approval of the Minister for Roads, Maritime and Freight. Under the governance arrangements of the Transport Administration Act 1988, the Chief Executive manages and controls the affairs of Roads and Maritime, subject to the control and direction of the Minister for Roads, Maritime and Freight, and in accordance with any direction of Transport for NSW.
The Roads and Maritime Executive Committee meets once a month to support the Chief Executive in the management and oversight of Roads and Maritime operations. The Chief Executive chairs the Committee, which includes the Chief Operating Officer, Chief Finance Officer, Directors and the General Counsel. The Chief Executive and the Roads and Maritime Executive are supported by several committees organised around function, as shown below.
The collective role of Roads and Maritime governance committees is to provide oversight and assurance to the Chief Executive that the agency is managing decisions, risks and performance effectively and efficiently and in alignment with Roads and Maritime's 2017-18 Priorities and Delivery Plan and the NSW Government's reform objectives.
In addition to the governance committees in place, additional committees have been established by the Chief Executive to advise on significant initiatives within Roads and Maritime.
The Chief Executive has established a Business Review Unit to review proposals for new non-infrastructure projects or business initiatives. The scope of the unit includes advising the Chief Executive on procurement issues, professional service contract usage and contingent workforce utilisation.
The Audit and Risk Committee is an integral component of Roads and Maritime's governance arrangements. The Committee provides advice to the Chief Executive on audit, risk and governance matters.
Responsibilities include review and oversight of the following areas for Roads and Maritime and any controlled entities:
Internal audits are used to provide independent assurance to the Chief Executive about the controls in place to manage priority risk areas. The Chief Audit and Risk Officer oversees the internal audit function, which is jointly accountable to the Audit and Risk Committee and Chief Executive.
During 2015-16 internal audit reviews undertaken included an assessment of:
To ensure the internal audit function provides continued value to the Roads and Maritime Executive and supports ongoing compliance with legal and regulatory requirements, a three-year internal audit strategy to 2017-18 was initially established during 2015. The plan was reviewed and extended to cover the period to 2018-19 during the year. The Audit and Risk Committee endorsed the strategy and supporting annual work plan, which is reviewed annually to cater for changes in the Roads and Maritime operating environment.
The Chief Audit and Risk Officer is responsible for advising the Chief Executive on the identification, recording and management of key risk areas across Roads and Maritime. The Chief Audit and Risk Officer provides regular reports on risk management to the Executive Committee and the Audit and Risk Committee.
The risk services team has been working across Roads and Maritime to identify and assess enterprise-wide, strategic, program and project related risks. As well as supporting risk identification and assessment within Roads and Maritime branches, the risk services team has supported functional risk assessments and control reviews across the organisation including those associated with:
These risk assessments have contributed to improvements in business practice across the areas assessed.
Specialist risk and assurance functions coordinate risk management for work health and safety, information management and technology, contract and project management.
Roads and Maritime continues to provide Principal Arranged Insurance via its broker AON. The major focus of PAI is on construction and maintenance works for roads, bridges, associated structures and professional service agreements/contracts. PAI is also available as specific cover for real estate works, ferries operated on behalf of Roads and Maritime by external contractors, and various arrangements such as the Vehicle Safety Compliance Certification Scheme. The scope of PAI coverage includes contract works, third party liability, material damage and professional indemnity.
The Treasury Managed Fund is a NSW Government arranged indemnity scheme, operated by iCare self-insurer. The scheme covers the insurable risks of participating Government agencies arising from their own activities. The fund covers agencies for their exposure to loss or damage for workers compensation, motor vehicles, property, legal liability, fidelity guarantee and travel. In doing so it provides confidence that unforeseen losses and damages can be managed with minimal impact to the State budget.
Premium details and claim performance on the major insurance categories for the period 1 July 2015 to 30 June 2016 are as follows:
|Insurance type||Premium ($ million)||Claim performance|
|Workers compensation||$7.5 million||4.3 claims per 100 employees|
|Motor vehicle||$2.0 million||8.6 claims per 100 employees|
The Audit and Risk Branch oversees the Roads and Maritime corruption and fraud control framework. The branch receives and assesses allegations of corrupt conduct on behalf of the Chief Executive and determines the appropriate way to address them. The team is responsible for developing and promoting the Roads and Maritime fraud control framework designed to minimise the likelihood of fraud and corruption across the organisation and for managing public interest disclosures raised regarding Roads and Maritime. Further information on public interest disclosures can be found in Appendix 9.
During 2015-16 the Audit and Risk Branch facilitated detailed fraud and corruption risk assessments across high-risk areas within Roads and Maritime including procurement, property management and asset maintenance functions.
Roads and Maritime requires the NSW Police Force and the NSW Crime Commission to undertake audits of access to Roads and Maritime driver licence, photo cards and mobility parking scheme photos through the Driver Vehicle (DRIVES) system. The audits are performed in accordance with criteria specified in privacy protocols governing access.
The NSW Police Force submitted an audit report on 31 March 2016 and found that, for the period of 1 July 2015 to 31 December 2015, online access by NSW Police Force officers to Roads and Maritime driver licence photographs was made in accordance with the Privacy Protocol. The NSW Crime Commission submitted an audit report on 29 March 2016 and found that, for the period of 1 July 2015 to 31 December 2015, all accesses were found to be compliant with the Privacy Protocol.
For details of Roads and Maritime's financial performance for the period 1 July 2015 to 30 June 2016, refer to the financial statements in Volume 2 (PDF, 7.8mb).
I, Ken Kanofski, am of the opinion that Roads and Maritime Services has internal audit and risk management processes in operation that are, excluding the transitional arrangements described below, compliant with the eight core requirements set out in the Internal Audit and Risk Management Policy for the NSW Public Sector, specifically:
|Risk management framework|
|1.1 The agency head is ultimately responsible and accountable for risk management in the agency||Compliant|
|1.2 A risk management framework that is appropriate to the agency has been established and maintained and the framework is consistent with AS/NZS ISO 31000:2009||Compliant|
|Internal audit function|
|2.1 An internal audit function has been established and maintained||Compliant|
|2.2 The operation of the internal audit function is consistent with the International Standards for the Professional Practice of Internal Auditing||Compliant|
|2.3 The agency has an Internal Audit Charter that is consistent with the content of the 'model charter'||Compliant|
|Audit and Risk Committee|
|3.1 An independent Audit and Risk Committee with appropriate expertise has been established||In transition|
|3.2 The Audit and Risk Committee is an advisory committee providing assistance to the agency head on the agency's governance processes, risk management and control frameworks, and its external accountability obligations||Compliant|
|3.3 The Audit and Risk Committee has a Charter that is consistent with the content of the 'model charter'||Compliant|
The chair and members of the Audit and Risk Committee are:
|Title||Name||Term commenced||Term finishes|
|Independent Chair||Greg Fletcher||1 November 2011||31 October 2016|
|Independent Member||Allan Cook||4 December 2013||4 December 2016|
|Independent Member||Brian McGlynn||31 January 2016||31 January 2020|
|Non-independent Member||Greg Evans||31 January 2015||31 January 2017|
The internal audit and risk management processes for Roads and Maritime depart from the following core requirements set out in the Internal Audit and Risk Management Policy for the NSW Public Sector:
|Departure||Reason for departure|
|Core requirement 3.1||Roads and Maritime Services has retained a management representative on the Audit and Risk Committee during the transition to fully independent membership by 30 June 2017 as provided for by the transitional arrangements.|
These processes demonstrate that Roads and Maritime Services is establishing and maintaining frameworks, including systems, processes and procedures for appropriately managing audit and risk.
Roads and Maritime Services
I, Ken Kanofski, am of the opinion that Roads and Maritime Services had an Information Security Management System in place during the 2015-16 financial year that is consistent with the core requirements set out in the NSW Government Digital Information Security Policy.
The controls designed to mitigate identified risks to the digital information and digital information systems of Roads and Maritime Services are adequate.
Risks to the digital information and digital information systems of Roads and Maritime Services have been assessed with an independent Information Security Management System (ISMS) certified in accordance with the NSW Government Digital Information Security Policy.
Roads and Maritime Services has maintained certified compliance with ISO 27001 Information Technology - Security techniques - Information security management systems - Requirements by an Accredited Third Party during the 2015-16 financial year.
The agency continues to provide innovative services while focussing on the protection and privacy of customers' information.
Roads and Maritime Services will continue to enhance awareness of security requirements and the classification and labelling of information to ensure efficient and effective management of sensitive information.
Roads and Maritime Services
You are using an unsupported browser
Roads and Maritime Services are aware that visitors will use a diverse variety of operating systems and browsers to access this site.
While we want every visitor to have the best possible experience on our Web site, we recognise that it is impossible to develop applications and sites that work identically, efficiently, and effectively with all browsers.
Please upgrade your browser.