The Director-General of Security is the accountable authority for ASIO under the Public Governance, Performance and Accountability (PGPA) Act. Our Executive Board and corporate governance committees support the Director-General to fulfil his responsibilities under the PGPA Act.
Their role is to provide strategic direction, manage risk, coordinate effort and evaluate performance in support of ASIO’s mission and the corporate governance arrangements for the work programs for which they are responsible.
ASIO Executive Board
The Executive Board is the Director-General’s peak advisory committee. Its membership comprises the Director-General, the Deputy Directors-General, an external member and the Chief Transformation Officer.
The board met on a monthly basis during this reporting period, setting ASIO’s overall strategic direction and overseeing the management of its resources.
The board received regular reporting from our corporate committees on matters such as developments in the security environment, our budget, capability development, performance and risk management, as well as reporting on progress toward our enterprise transformation, and diversity and inclusion goals.
The Intelligence Committee (IC) oversees the governance arrangements and makes decisions relating to ASIO’s security intelligence program. The IC met fortnightly during the reporting period and conducted triannual reviews of performance and risk relating to the key activities as defined in ASIO’s Corporate Plan 2018–19. The IC reported to the Executive Board on ASIO’s performance against the key activities.
The Security Committee (SC) oversees the governance arrangements and makes decisions relating to ASIO’s internal security program. The SC met bimonthly during the reporting period and conducted a triannual review of performance and risk relating to its support of the key activities as defined in ASIO’s Corporate Plan 2018–19.
The Finance Committee (FC) oversaw the governance arrangements and made decisions relating to ASIO’s financial management program. The FC met twice during the reporting period and conducted a triannual review of performance and risk relating to its support of the key activities as defined in ASIO’s Corporate Plan 2018–19.
The Workforce Committee (WC) oversaw the governance arrangements and made decisions relating to ASIO’s workforce program. The WC met four times during the reporting period and conducted a triannual review of performance and risk relating to its support of the key activities as defined in ASIO’s Corporate Plan 2018–19.
ASIO Diversity and Inclusion Committee
The ASIO Diversity and Inclusion Committee (ADIC) oversaw the governance arrangements and made decisions relating to ASIO’s diversity and inclusion program. The ADIC met five times during the reporting period and conducted a triannual review of performance and risk relating to its support of the key activities as defined in ASIO’s Corporate Plan 2018–19.
Audit and Risk Committee
The Director-General of Security established the Audit and Risk Committee (ARC) in compliance with section 45 of the PGPA Act. During this reporting period, the committee provided independent assurance and advice to the Director-General and the Executive Board on ASIO’s financial and performance reporting responsibilities, system of risk oversight and management, and system of internal control.
Under the ARC’s terms of reference, the committee had four external members, including an external chair, as well as observers from the Australian National Audit Office.
Fraud control and management
Our Fraud Management Group continued to oversee fraud control and management arrangements within ASIO, reporting to the Audit and Risk Committee.
Fraud is managed in line with the Commonwealth Fraud Control Framework. ASIO’s fraud control and management arrangements were revised during the reporting period, with the development of the ASIO Fraud Strategy Statement 2019–21, underpinned by the ASIO Fraud Control Plan 2019–2021.
The Fraud Control Plan 2019–2021 was informed by an ASIO-wide fraud risk assessment conducted during the reporting period, and documents ASIO’s approach to fraud awareness, prevention, detection, reporting and investigation. As part of this framework, all staff must complete mandatory e-Learning on ethics and accountability, which includes modules on fraud, every three years.
The updated Fraud Strategy Statement 2019–21 outlines our fraud control and management arrangements, and is available online at www.asio.gov.au/asio-fraud-strategy-statement.html.
Internal Audit directorate
The Internal Audit directorate is an important element of ASIO’s governance framework. Its function provides assurance to the Director-General that ASIO’s risk, control and compliance measures are appropriate and efficient.
As part of its responsibility for ASIO’s assurance and audit function, the directorate undertakes compliance audits and performance reviews. Subject to security policies and operational considerations, it has unrestricted access to all ASIO premises, work areas, documentation and information that it considers necessary to meet its responsibilities.
ASIO Strategy 2018–23
During the reporting period, ASIO took critical steps towards the enterprise transformation recommended in David Thodey AO’s report A digital transformation of the Australian Security Intelligence Organisation. One such step was the preparation of the ASIO Strategy 2018–23 (see Figure 2) to provide a roadmap for the transformation process. The strategy reframed our vision and purpose, and set out the steps we will take over the coming years to ensure we evolve as a modern, fit-for-purpose security intelligence organisation. The vision and plans within the strategy have been incorporated into the ASIO Corporate Plan 2019–20.
Trusted intelligence to secure Australia
As the nation's security service, ASIO protects Australia from violent, clandestine and deceptive efforts to harm its people and undermine its sovereignty.
|ASIO Strategy 2018-23 summary|
We will achieve our vision, and deliver our purpose, by focusing our efforts on three services – Counter, Shape, and Build.
Counter violent, clandestine or deceptive efforts to harm Australians and undermine Australia's democratic institutions and system of government.
Shape and inform efforts to foster institutional and community resilience, through the use of our unique understanding of the Australian and global security environments.
Build capability across Australia's national security community through investing in our people, sharing our experience with partners and leading the development of intelligence capabilities.
ASIO's success is built on six core activities – access, analyse, assess, advise, assist, and act.
We commit to continually refine and innovate how we conduct these activities to drive comprehensive change and improve how we all work.
We will invest in tradecraft and capability development, adopt new systems to automate many low-value manual processes, and explore new ways to apply sophisticated technology and data analytics to advance our intelligence efforts and enterprise management.
Imperative to the success of our core activities are eight key enablers – people and culture; authorising environment and assurance; security; risk; technology; capabilities and infrastructure; information, data and systems; governance and strategic partnerships.
We will deliver reforms to our work practices to become more agile and adaptive, invest in our people to meet our future workforce needs, acquire new technologies to modernise our operations, and elevate our engagement with our partners.
Parliamentary Joint Committee on Intelligence and Security
The Parliamentary Joint Committee on Intelligence and Security (PJCIS) is a key element of the external independent oversight and accountability framework that serves to provide assurance to the Australian community in relation to ASIO’s performance of its functions. The PJCIS performs an annual review of ASIO’s administration and expenditure and scrutinises the non-operational aspects of ASIO’s work, focusing on the effectiveness of policies, governance and expenditure. During the reporting period, we provided unclassified and classified written submissions to the PJCIS Review of Administration and Expenditure No. 17 (2017–18), as well as further supporting information to questions on notice.
In addition, the PJCIS conducts inquiries into national security legislation and matters relating to ASIO and other intelligence agencies. During 2018–19, ASIO contributed either directly or through consultation with the Department of Home Affairs to a number of PJCIS inquiries, including inquiries on the listing of terrorist organisations, the Review of the Counter-Terrorism Legislation Amendment Bill, three inquiries (one ongoing) on the Telecommunications and Other Legislation (Assistance and Access) legislation, the Review of the Australian Citizenship Amendment (Strengthening the Citizenship Loss Provisions) Bill, and the Review of the Counter-Terrorism (Temporary Exclusion Orders) Bill 2019, as well as the ongoing inquiry into Australia’s mandatory data retention framework.
Senate Legal and Constitutional Affairs Committee
We appeared before the Senate Legal and Constitutional Affairs Committee as part of the Senate estimates process on 22 October 2018, 18 February 2019 and 8 April 2019. Our evidence to the committee can be found in the estimates Hansard for those days (refer to www.aph.gov.au/Parliamentary_Business/Senate_Estimates and navigate to the relevant hearing).
Inspector-General of Intelligence and Security
The primary role of the Inspector-General of Intelligence and Security (IGIS) is to assist ministers in overseeing and reviewing the activities of the intelligence agencies for legality and propriety. The IGIS performs this function through inspections, inquiries and investigations into complaints. The Inspector-General is also required to assist the government in assuring the parliament and the public that intelligence and security matters relating to Commonwealth agencies are open to scrutiny. The IGIS retains statutory powers akin to those of a royal commission.
The Australian community’s trust and confidence in how we fulfil our legislative requirements and embody ethical standards is critical to our reputation and ongoing effectiveness as Australia’s security intelligence organisation. Every ASIO officer is responsible for complying with our legislative requirements as well as internal policies and procedures. This includes acting with propriety and meeting the ethical standards expected by the Australian community.
During 2018–19 the IGIS regularly inspected activities across our operational functions, and investigated a small number of complaints that were received by the office. In addition the IGIS finalised an inspection project on surveillance devices. Details of the project and inspections can be found in the IGIS annual report, available online from www.igis.gov.au. We are committed to acting with legality and propriety, and in 2018–19 continued to take action to address areas identified by the IGIS as requiring improvement and further attention.
In the 2018–19 reporting period, the IGIS finalised and made recommendations on three inquiries. We have accepted all inquiry recommendations and are at various stages of implementation in consultation with the Office of the IGIS and relevant agencies.
During the reporting period, we continued to support the IGIS’s important work by providing information briefings to IGIS staff on operational matters, including new operational capabilities and initiatives.
Independent National Security Legislation Monitor
The Independent National Security Legislation Monitor’s (INSLM) role is to review the operation, effectiveness and implications of Australia’s counter-terrorism and national security legislation, and report to the Prime Minister and the parliament on an ongoing basis. This includes considering whether the laws contain appropriate safeguards for protecting individuals’ rights, remain proportionate to any threat of terrorism or threat to national security or both, and remain necessary. Under the Act, the Prime Minister may also refer a counter-terrorism or national security matter to the INSLM, either at the INSLM’s suggestion or on the Prime Minister’s initiative.
The current INSLM, Dr James Renwick SC CSC, was appointed on 13 February 2017. During the reporting period, we contributed to his current inquiry on the Citizenship Act’s citizenship loss provisions for terrorism offences, through the provision of classified briefings and documentation.
Independent Reviewer of Adverse Security Assessments
The role of the Independent Reviewer of Adverse Security Assessments is to conduct an independent advisory review of ASIO adverse security assessments furnished to the Department of Home Affairs for persons who remain in immigration detention, having been found by the department to be owed protection obligations under international law and to be ineligible for a permanent protection visa, or who have had their permanent protection visa cancelled because they are the subject of an adverse security assessment. The Independent Reviewer conducts an initial primary review of each adverse security assessment and conducts subsequent reviews every 12 months for the duration of the adverse assessment.
In performing their task, the Independent Reviewer examines all ASIO material that ASIO relied on in making the adverse assessment as well as other relevant material, which may include submissions or representations made by the eligible person. The Independent Reviewer closely considers the overall security environment, which is informed by ASIO’s contemporary assessment of security threats, and any changes to the applicant’s circumstances or ideology during their time in detention.
In March 2019, Mr Robert Cornall AO was reappointed as the Independent Reviewer for a further two years. His annual report for the reporting period is at Appendix I.
Significant legal matters affecting ASIO’s business
Our involvement in legal proceedings in courts, tribunals and other forums continued at a high tempo. Matters included terrorism prosecutions, judicial and merits review of security assessments, and civil lawsuits.
The Administrative Appeals Tribunal (AAT) reviewed a number of security assessments. While they primarily involve matters concerning politically motivated violence, we saw an increasing trend in applications for review of personnel security assessments.
Separately, current and former ASIO employees brought review proceedings challenging Comcare decisions. AAT decisions are reported on the Australasian Legal Information Institute website, Austlii, www.austlii.edu.au.
Tribunal reviews—security assessments
Over this reporting period, we managed 15 adverse security assessment reviews before the AAT, including those relating to cancelled passports, visas and security clearances.
- four matters were pending at the end of this reporting period;
- three assessments were remitted to ASIO for new assessments to be prepared, which resulted in the issuing of three non-prejudicial assessments in this reporting period;
- five applications were dismissed;
- two matters were heard, with both decisions remaining reserved at the end of this reporting period; and
- one decision was handed down, affirming the adverse security assessment which was the subject of the review.
Working collaboratively with law enforcement partners and prosecuting authorities, we provided information for use as evidence, with appropriate protections, to prosecutions, and responded to subpoenas and disclosure requests.
Federal and High Court reviews—security assessments
ASIO was involved in Federal and High Court proceedings, both as a respondent and as an interested third party, working closely with other stakeholders to manage the collective Commonwealth interest.
Our commitment to diversity and inclusion
Management of human resources
Management of human resources
The Thodey Review made key recommendations about the importance of reforming organisational culture and people management processes to achieve enterprise transformation. In 2018–19 we continued to advance these key recommendations by:
- using more agile recruiting models,
and improving the management, development and deployment of professional staff and skills; and
- raising digital literacy across the workforce.
We began this process in 2018 while continuing to advance key human resource (HR) initiatives.
We continued to operate under our 10th Workplace Agreement, which was agreed in 2016 and expires in 2019. The agreement meets our requirements under the ASIO Act to adopt the employment principles of the Australian Public Service, when they are consistent with the effective performance of the Organisation.
The planning and consultation process for our 11th Workplace Agreement commenced in late 2018, and formal negotiations commenced in June 2019.
We reinstated the Staff Workplace Relations Officer position, which is embedded in Human Resources and helps to ensure effective communication with employees.
Strategic workforce management
We developed and launched the ASIO People Strategy 2019–23, which focuses on our vision for our workforce of ‘the right people with the right capabilities, in the right place at the right time, performing to their full potential to achieve organisational objectives’.
This strategy guides our people and strategic workforce initiatives to ensure the Organisation is flexible and forward-looking, in order to identify duplication and create efficiencies; make informed, data-driven decisions on the development (internal) or acquisition (external) of future capabilities; position our Organisation to realise capabilities at the time they are required; and internally reskill or redeploy capabilities as our environmental and technological drivers evolve.
We continued to refine our performance framework through the year. We again achieved a 100 per cent rate of compliance for employee participation in the performance cycle, and we shifted to measuring contributions against ASIO’s Leadership Charter and employees’ broader corporate contribution. A new behavioural indicators tool that identifies examples of leadership behaviours across all levels of the organisation was developed to assist staff in assessing their contribution within the refined performance framework.
Our early intervention initiatives continue to mature as line managers and employees employ our coaching framework and supporting tools to further strengthen our high-performance culture.
Further, we refined our probation procedures, with a focus on organisational suitability and more tailored support for both probationers and line managers. This fortified our recruitment and performance methodology and broader performance framework.
Diversity and inclusion
We continued to embed diversity and inclusion practices in our work. Initiatives included the creation of a diversity and inclusion blog and two new staff-led diversity networks, focusing on Aboriginal and Torres Strait Islander people and an equitable workplace for all genders.
ASIO’s gender equity network, AGENda, was officially launched in March 2019. AGENda aims to unlock the potential of the whole organisation by making ASIO equitable for staff regardless of gender. By attracting and retaining a dedicated and diverse workforce, ASIO will be better able to meet the challenges of our increasingly complex mission.
Other diversity and inclusion staff-led networks—focused on cultural heritage, disability and introverts—have been very active this year and are having a positive impact. ‘Listen and learn’ sessions provided the opportunity for senior leaders to hear firsthand the stories and opportunities of individuals from diverse backgrounds, to continue strengthening our workplaces’ inclusiveness. In May 2019 ASIO became the first organisation to achieve silver in the first year of participation in the Australian Workplace Equality Index—Australia’s national benchmarking instrument for LGBTI workplace inclusion. ASIO ranked third among federal government agencies and 15th nationwide in a field of 158 entrants.
Statistics on the diversity of our workforce are provided at Appendix E.
Mudyi—Aboriginal and Torres Strait Islander Staff Network
ASIO’s Mudyi Network was formally established in February 2019. Mudyi, which means ‘friend’ in the Wiradjuri language, is committed to promoting an inclusive workplace culture that values and celebrates ASIO’s Aboriginal and Torres Strait Islander staff and culture and their contribution to ASIO’s mission.
The ASIO Ombudsman is an external service provider who works to resolve staff issues or concerns impartially and informally, through advice, consultation and mediation.
The ASIO Ombudsman met regularly with senior management and ASIO Staff Association representatives to discuss the health of the workplace, and provided advice on the development and formulation of our human resources policy.
The ASIO Ombudsman provided valuable support and advice to employees and line managers during this reporting year, including:
- providing advice and guidance in response to four formal contacts from staff;
- undertaking one preliminary review of investigative matters;
- responding to HR on four policy matter queries;
- undertaking two health checks of business areas; and
- carrying out two investigations relating to the Code of Conduct.
The Ombudsman met weekly with the Assistant Director-General of Human Resources; every fortnight with the First Assistant Director-General of Corporate and Security; and every two months with the Deputy Director-General of the Strategic Enterprise Management Group. In addition, senior ASIO managers drew on the Ombudsman’s unique skills and experience to inform their decision-making on the application of policy.
In 2018–19 the ASIO Ombudsman did not participate in any work related to public interest disclosures.
ASIO commenced a procurement process to engage the next ASIO Ombudsman.
The Ben Chifley Building continued to support the business and capability needs of ASIO and its partners. Our corporate suites, including Australia’s largest security-accredited auditorium, hosted a range of events over 2018–19. ASIO continues to collaborate closely with the Australian Federal Police and other key partners on a range of joint accommodation projects.
Throughout 2018–19 we adhered to the Commonwealth Procurement Rules and associated policy and guidelines. Our compliance was monitored through our Audit and Risk Committee. No significant issues were identified, and overall compliance was acceptable.
We support small business participation in the Australian Government procurement market. Small- and medium-sized enterprise participation statistics are available on the Department of Finance’s website at www.finance.gov.au/procurement/statistics-on-commonwealth-purchasing-contracts.
Our procurement practices to support small- and medium-sized enterprises include:
- standardising contracts and approach-to-market templates, which use clear and simple language;
- ensuring information is easily accessible through the electronic advertisement of business opportunities and electronic submission for responses; and
- using electronic systems to facilitate the Department of Finance’s Procurement On-Time Payment Policy for Small Businesses, including payment cards.
We recognise the importance of ensuring that small businesses are paid on time. The results of the survey of Australian Government payments to small business are available on the Treasury’s website, www.treasury.gov.au.
We entered into 39 new consultancy contracts involving total actual expenditure of $17.7 million (GST inclusive). In addition, 15 ongoing consultancy contracts were active during the period, involving total actual expenditure of $1.8 million (GST inclusive).
We applied the Commonwealth Procurement Rules and Department of Finance guidance when selecting and engaging consultants. We also followed internal policy and associated procedures on identifying and determining the nature of a contract. This ensured that we used appropriate methods for engaging and contracting consultants. We engaged consultants when we needed professional, independent and expert advice or services that were not available from within the Organisation.
Annual reports contain information about actual expenditure on contracts for consultancies; information on the value of contracts and consultancies is available on the AusTender website. However, we are not required to publish information on the AusTender website, in line with authorised exemptions to avoid prejudice to our national security activities. A list of consultancy contracts to the value of $10 000 or more during this reporting period, and the total value over the life of each contract, is available on request to the PJCIS, which oversees our administration and expenditure.
This incorporates our annual reporting obligations under Public Governance, Performance and Accountability Rule 2014—17AG Information on management and accountability.
Australian National Audit Office access clauses
During this reporting period, we did not enter into any contracts valued at $100 000 or more that did not provide the Auditor-General with access to the contractor’s premises.
The Director-General has applied measures necessary to protect national security which exempt ASIO from publishing details of contract arrangements, including standing offers, in accordance with clause 2.6 of the Commonwealth Procurement Rules. Details of our arrangements, contracts and standing offers are available on request to the PJCIS.
This incorporates our annual reporting requirements for Public Governance, Performance and Accountability Rule 2014—17AG Information on management and accountability.
Other mandatory information
Advertising and market research
We spent $1.02 million on advertising in 2018–19, predominantly on recruitment campaigns (see also Appendix G). ASIO does not fall within the definition of agencies covered by the reporting requirements of section 311A of the Commonwealth Electoral Act 1918.
Since 1994, non-corporate Australian Government entities have reported on their performance as policy advisers, purchasers, employers, regulators and providers under the Commonwealth Disability Strategy. In 2007–08, reporting on the employer role was transferred to the Australian Public Service Commission’s State of the service reports and the APS statistical bulletin. These reports are available at www.apsc.gov.au. Since 2010–11, entities have not been required to report on these functions.
The Commonwealth Disability Strategy has been replaced by the National Disability Strategy 2010–20, which sets out a 10-year national policy framework to improve the lives of people with a disability, promote participation and create a more inclusive society. A high-level, two-yearly report will track progress against each of the six outcome areas of the strategy and show how people with a disability are faring. The first of these progress reports was published in 2014 and can be found at www.dss.gov.au.
Appendix E provides information on the diversity of our workforce, including statistics on people with a disability.
Information required by another Act or instrument
Archives Act 1983
ASIO is an exempt agency under the Freedom of Information Act 1982 but is subject to the release of records under the Archives Act 1983, which allows public access to Commonwealth records in the ‘open period’. In accordance with changes to the Archives Act in 2010, the open period is transitioning from 30 to 20 years and currently covers all Commonwealth records created before 1998. ASIO works closely with the National Archives of Australia in facilitating access to ASIO records, while balancing various and sometimes competing priorities.
In 2018–19, ASIO received 344 applications for access to ASIO records and completed a total of 410 requests, equating to 57 783 folios. Sixty per cent of requests were completed within the 90-day legislative timeframe: despite the completion of longstanding cases, this percentage reflects the higher volume and complexity of assessments.
Table 3: Access to ASIO records
|Applications for record access||480||345||344|
|Pages assessed||46 997||36 312||57 783|
|Percentage of requests completed within 90 days||77.8%||66.7%||60%|
Australian Security Intelligence Organisation Act 1979
Section 94 of the Australian Security Intelligence Organisation Act 1979 (ASIO Act) requires that ASIO’s annual report include statements on the Organisation’s questioning and questioning and detention warrants, special intelligence operation authorisations, telecommunications data access authorisations, and use of technical assistance requests, technical assistance notices and technical capability notices.
The statement on questioning and questioning and detention warrants is provided at Appendix J. In order to ensure compliance with the determination made by the Minister for Finance under section 105D of the PGPA Act, and to avoid prejudice to ASIO’s activities, Appendix K relating to special intelligence operations, Appendix L relating to telecommunications data access authorisations, Appendix M relating to technical assistance requests, technical assistance notices and technical capability notices, and Appendix N relating to the use of special powers under warrant have been removed from the annual report tabled in the Parliament.
These classified appendices will be separately provided to ASIO’s minister and, as required by the ASIO Act, to the Leader of the Opposition. Copies of the classified appendices will also be provided to the Attorney-General, Inspector-General of Intelligence and Security, and the Independent National Security Legislation Monitor. Appendix L relating to telecommunications data authorisations will also be provided to the Parliamentary Joint Committee on Intelligence and Security.
Work Health and Safety Act 2011
Schedule 2, Part 4 of the Work Health and Safety Act 2011 requires non-corporate Commonwealth entities to include in their annual report information on health and safety outcomes and initiatives taken during the reporting period to ensure the health, safety and welfare of workers who carry out work for them.
Our report for 2018–19 is provided at Appendix F.
Commonwealth Electoral Act 1918—advertising and market research
Section 311A of the Commonwealth Electoral Act 1918 requires annual reporting by each Commonwealth department on amounts paid by, or on behalf of, the Commonwealth department for advertising and market research.
Our report for 2018–19 is provided at Appendix G.
Environment Protection and Biodiversity Conservation Act 1999
Section 516A of the Environment Protection and Biodiversity Conservation Act 1999 requires Commonwealth entities to report on how the activities of the entity during the period accorded with the principles of ecologically sustainable development.
Our report for 2018–19 is provided at Appendix H.