7 Corporate governance
7.1 Chief Executive
The Secretary, Transport for NSW, appoints the Chief Executive of Roads and Maritime with the approval of the Minister for Roads, Maritime and Freight. Under the governance arrangements of the Transport Administration Act 1988, the Chief Executive manages and controls the affairs of Roads and Maritime, subject to the control and direction of the Minister for Roads, Maritime and Freight, and in accordance with any direction of Transport for NSW.
7.2 Governance framework
During 2016‑17 our agency's governance framework changed significantly. On 3 April 2017, a new operating OneRMS model was implemented. These changes improved the governance framework of the organisation by simplifying it and increasing accountability by transferring specific functions to Executive Directors and new committees.
Key changes included:
- the Executive Committee absorbed elements of previous committees with revised accountability (Finance, Human Resources, Work Health and Safety, Technology and Environment)
- a new Asset Management Committee was formed, chaired by the Chief Financial Officer, to oversee the prioritisation of investments
- an Engineering and Design Committee was formed to provide guidance on design aspects and commercial decisions for projects.
The Roads and Maritime Executive Committee remains the key governance body for the agency. The committee meets weekly to support the Chief Executive in the management and oversight of Roads and Maritime operations and holds a monthly meeting on strategic matters. The Chief Executive chairs the Committee, which includes the Chief Financial Officer and Executive Directors.
The Executive Committee is supported by the following committees:
- Asset Management Committee
- Audit and Risk Committee
- Engineering and Design Committee.
Audit and Risk Committee
The Audit and Risk Committee has responsibility under the Internal Audit and Risk Management Policy for the NSW Public Sector to provide independent assistance to the Chief Executive by monitoring, reviewing and providing advice about the agency's governance processes, risk management and control frameworks, and its external accountability obligations. The committee meets each quarter on risk, audit and governance matters. Responsibilities include review and oversight of the following areas for Roads and Maritime and any controlled entities:
- internal controls
- risk management
- corruption and fraud prevention
- external accountability (including the financial statements)
- applicable laws and regulations
- internal and external audits.
Asset Management Committee
The Asset Management Committee supports the Chief Financial Officer in relation to the prioritisation of the agency's asset investment portfolio. The Chief Financial Officer is accountable for decisions made based on the recommendation of the Committee, under delegation from the Chief Executive. In addition to setting the strategic direction and making decisions on asset investment priorities, the Committee reviews assurance activities and progress reports on high risk and high value projects. Membership is made up of Executive Directors and Chief Financial Officer from Roads and Maritime, as well as Executive Directors from Transport for NSW. The committee meets monthly.
Engineering and Design Committee
The Engineering and Design Committee oversees the agency's input into Austroads guidance and Transport for NSW requirements, promote consistency of engineering and technical approaches across programs and reviews exceptions to agreed approaches. Membership is made up of Executive Directors from Roads and Maritime, Executive Directors from Transport for NSW and two nominated specialist roads and/or bridge engineers. The committee meets quarterly. The committee is chaired by the Executive Director Regional and Freight.
Figure 15: New governance framework
7.3 Audit and risk management
Internal audits are used to provide independent assurance to the Chief Executive about the controls in place to manage priority risk areas. The Chief Audit and Risk Officer oversees the internal audit function, which is jointly accountable to the Audit and Risk Committee and Chief Executive.
A number of internal audits were completed during 2016‑17 that, among other things, included assessments of our:
- heavy vehicle competency based assessment scheme
- driver and boat licence application processing by Service NSW
- delivery of the Northern Beaches Hospital road upgrade
- school crossing program
- speed camera enforcement program
- heavy vehicle on-road enforcement program
- oversight of the delivery of NorthConnex
- management of safety in major aquatic activities
- Sydney region road maintenance delivery arrangements
- NSW blackspot program.
A rolling three-year internal audit strategy informs the selection of internal audit projects. The strategy and plan was reviewed and extended during the year to cover the period to 2019-20. The strategy and supporting annual work plans are comprehensively reviewed each year to cater for changes in our operating environment. Internal audit plans are endorsed by the Audit and Risk Committee and approved by the Chief Executive.
The Chief Audit and Risk Officer is responsible for advising the Chief Executive on the identification, recording and management of key risk areas across Roads and Maritime. The Chief Audit and Risk Officer provides regular reports on risk management to the Executive Committee and the Audit and Risk Committee.
The Audit and Risk Branch has been working across the agency to advise on and assess enterprise-wide, strategic, program and project related risks. During the year, team has supported and provided advice on:
- operating risks within divisions and branches
- development of crisis, incident management and business continuity plans for the agency
- heavy vehicle chain of responsibility compliance management
- fraud and corruption risk management
- procurement card use and management
- regulatory services accreditation scheme and system risk
- tolling system upgrade risks.
This work has contributed to improvements in risk management and business practice across the areas assessed.
Specialist functions also operate to coordinate risk management for work health and safety, information management and technology, contract and project management.
Corruption and fraud prevention
The Chief Audit and Risk Officer oversees the agency's corruption control framework and is responsible for receiving and assessing allegations of corrupt conduct on behalf of the Chief Executive. A Corruption Control Plan designed to minimise the likelihood of fraud and corruption across the organisation was approved by the Roads and Maritime Executive during February 2017. As part of this plan a review of public interest disclosure reporting processes was undertaken and a revised reporting policy was issued during June 2017. Training for nominated disclosure officers was delivered to a number of staff by the NSW Ombudsman's Office. Further information on public interest disclosures can be found in Appendix 9.
During 2016‑17 the Corruption Prevention and Investigations team facilitated detailed fraud and corruption risk assessments across high-risk areas within Roads and Maritime, including NSW Maritime and the Compliance and Regulatory Services Division. The team delivered corruption prevention and ethical decision making education sessions to more than 600 employees. This included routine training sessions in high risk areas as well as presentations as part of the Transport for NSW Corruption Prevention Month in September 2016.
Privacy protocols for Drives Vehicle System (DRIVES)
Our agency requires the NSW Police Force and the NSW Crime Commission to undertake audits of access to Roads and Maritime driver licence, photo cards and mobility parking scheme photos through the Driver Vehicle (DRIVES) system. The audits were performed in accordance with criteria specified in privacy protocols governing access.
The NSW Police Force submitted an audit report on 23 September 2016 and found that, for the period of 1 January 2016 to 30 June 2016, online access by NSW Police Force officers to Roads and Maritime driver licence photographs was in accordance with the privacy protocol. The NSW Crime Commission submitted an audit report on 20 September 2016 and found that, for the period of 1 January 2016 to 30 June 2016, all access was compliant with the privacy protocol.
Principal Arranged Insurance
Roads and Maritime continues to provide Principal Arranged Insurance (PAI) via its broker AON. The major focus of PAI is on construction and maintenance works for roads, bridges, associated structures and professional service agreements/contracts. PAI is also available as specific cover for real estate works, ferries operated on behalf of Roads and Maritime by external contractors, and various arrangements such as the Vehicle Safety Compliance Certification Scheme. The scope of PAI coverage includes contract works, third party liability, material damage and professional indemnity.
Treasury Managed Fund
The Treasury Managed Fund is a NSW Government arranged indemnity scheme, operated by iCare self-insurer. The scheme covers the insurable risks of participating government agencies arising from their own activities. The fund covers agencies for their exposure to loss or damage for workers compensation, motor vehicles, property, legal liability, fidelity guarantee and travel. In doing so it provides confidence that unforeseen losses and damages can be managed with minimal impact to the state budget.
Premium details and claim performance on the major insurance categories for the period 1 July 2016 to 30 June 2017 are as follows:
Table 14: Premium details and claim performance on major insurance categories
|Insurance type||Premium ($ million)||Claim performance|
|Workers compensation||$6.8||4.5 claims per 100 employees|
|Motor vehicle||$1.8||10.5 claims per 100 employees|
7.5 Digital information security policy attestation statement
For the 2016‑17 financial year for Roads and Maritime Services
I, Ken Kanofski, am of the opinion that Roads and Maritime Services had an information security management system in place during the 2016‑17 financial year that is consistent with the core requirements set out in the NSW Government Digital Information Security Policy.
The controls designed to mitigate identified risks to the digital information and digital information systems of Roads and Maritime Services are adequate.
Risks to the digital information and digital information systems of Roads and Maritime Services have been assessed with an independent Information Security Management System (ISMS) certified in accordance with the NSW Government Digital Information Security Policy.
Roads and Maritime Services has maintained certified compliance with ISO 27001 Information Technology - Security techniques - Information security management systems - Requirements by an Accredited Third Party during the 2016‑17 financial year.
The agency continues to provide innovative services while focusing on the protection and privacy of customers' information.
Roads and Maritime Services will continue to enhance awareness of security requirements and the classification and labelling of information to ensure efficient and effective management of sensitive information.
Roads and Maritime Services
7.6 Internal audit and risk management attestation statement
For the period ended 30 June 2017 for Roads and Maritime Services
I, Ken Kanofski, am of the opinion that Roads and Maritime Services has internal audit and risk management processes in operation that are, excluding the transitional arrangements described below, compliant with the eight core requirements set out in the Internal Audit and Risk Management Policy for the NSW Public Sector, specifically:
|Risk management framework|
|1.1 The agency head is ultimately responsible and accountable for risk management in the agency||Compliant|
|1.2 A risk management framework that is appropriate to the agency has been established and maintained and the framework is consistent with AS/NZS ISO 31000:2009||Compliant|
|Internal audit function|
|2.1 An internal audit function has been established and maintained||Compliant|
|2.2 The operation of the internal audit function is consistent with the International Standards for the Professional Practice of Internal Auditing||Compliant|
|2.3 The agency has an Internal Audit Charter that is consistent with the content of the 'model charter'||Compliant|
|Audit and Risk Committee|
|3.1 An independent Audit and Risk Committee with appropriate expertise has been established||In transition|
|3.2 The Audit and Risk Committee is an advisory committee providing assistance to the agency head on the agency's governance processes, risk management and control frameworks, and its external accountability obligations||Compliant|
|3.3 The Audit and Risk Committee has a charter that is consistent with the content of the 'model charter'||Compliant|
Those that held positions on the Audit and Risk Committee during the year are:
|Title||Name||Term commenced||Term finishes|
|Independent chair||Greg Fletcher||1 November 2011||16 November 2016|
|Independent chair||Lyn Baker||1 February 2017||1 February 2020|
|Independent member||Allan Cook||4 December 2013||4 December 2018|
|Independent member||Brian McGlynn||1 January 2016||1 January 2020|
|Non-independent member||Greg Evans||31 January 2015||31 January 2017|
Departures from core requirements
The internal audit and risk management processes for the agency depart from the following core requirements set out in the Internal Audit and Risk Management Policy for the NSW Public Sector:
|Departure||Reason for departure|
|Core requirement 3.1||Roads and Maritime Services had a management representative on the Audit and Risk Committee during the period. This transitioned to fully independent membership by 30 June 2017 consistent with the permitted transitional arrangements.|
These processes demonstrate that Roads and Maritime Services is establishing and maintaining frameworks, including systems, processes and procedures for appropriately managing audit and risk.
Roads and Maritime Services