Management and Accountability

Corporate governance

Our governance processes guide us in achieving our mission and meeting public expectations of probity, accountability and transparency.

The Director-General of Security is the accountable authority for ASIO under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

During the reporting period, we introduced a new governance framework to establish clearer points of accountability and streamline decision-making processes. The new structure consists of an Executive Committee, supported by two advisory committees (the Security and Compliance Committee, and the Capability and Investment Committee) and an independent advisory committee (the Audit and Risk Committee).

ASIO governance framework

Executive Committee

The Executive Committee, chaired by the Director-General, is ASIO’s peak governing body. It provides executive oversight of all ASIO activities, including:

  • setting the strategic direction for the Organisation;
  • setting priorities, and reviewing and assessing performance; and
  • managing enterprise risks.

The Executive Committee receives regular reporting from supporting advisory committees on matters including developments in the security environment, capability development and management, performance and risk management, and diversity and inclusion goals.

Security and Compliance Committee

The Security and Compliance Committee, chaired by the Deputy Director-General Intelligence Service Delivery, advises the Executive Committee on security and compliance matters.

Capability and Investment Committee

The Capability and Investment Committee, chaired by the Deputy Director-General Enterprise Service Delivery, advises the Executive Committee on Organisational capability and investment. Capability refers to the capacity, materials and expertise to perform the necessary functions of the Organisation, including people, finance, technology, systems and property.

ASIO’s response to COVID-19

Steps taken

In response to COVID-19, ASIO adapted its operating model to maintain coverage of high-priority targets related to our counter-terrorism and counter–espionage and foreign interference missions. ASIO reprioritised its production of intelligence advice, with a focus on national security threats impacted by COVID-19 pandemic responses, and provided assessments in response to emerging customer demand.

In March 2020 we mobilised our COVID-19 Crisis Management Team (CMT). The CMT manages our Organisation-wide posture to the pandemic to mitigate potential impacts on our people and daily operations, and coordinates our contribution to whole-of-government COVID responses.

To reduce the risk of COVID-19 infection within ASIO and the broader community, our staff working in Canberra, the regions and overseas quickly commenced modified working arrangements. Each of our sites and offices continue to monitor local conditions, and have in place appropriately calibrated contingency planning procedures to maintain workforce safety and business continuity.

Minimising disruption to our daily operations has been another CMT priority. We have activated business continuity plans to support our workflows and avert any disruption to our core systems and key services. Because of security challenges, our daily workflows cannot easily be done remotely, but the pandemic has provided fresh impetus to existing programs that test our ability to work beyond the office.

Our partnerships

Nothing we do is done in isolation, so our partnerships within the Australian community, the private sector, and members of the intelligence community and law enforcement—in Australia and overseas—have been vital. By leveraging our partnership networks, we were able to enhance our understanding of competing priorities and local and international stakeholder positions.

During the COVID-19 pandemic, we explored new ways to manage our partnerships within the constraints of new workplace measures. This ranged from proactively supporting our public and private sector stakeholders to manage the additional security challenges brought about by the pandemic, to providing tailored technical working-from-home advice.

Outlook

The challenges presented by COVID-19 are fluid. We continue to closely monitor the COVID-19 situation in Australia and overseas, assess potential risks to our workflows, and develop mitigation strategies to ensure business continuity. As situations evolve nationally and worldwide, we will continue to assess and update our response.

External scrutiny

Parliamentary Joint Committee on Intelligence and Security

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) performs a key role in the independent oversight and accountability framework by providing assurance to the Australian community about ASIO’s performance of its functions.

The PJCIS remit includes overseeing ASIO’s administration and expenditure; reviewing national security bills; and ensuring national security legislation remains necessary, proportionate and effective.

In 2019–20, ASIO provided written submissions to the PJCIS Review of Administration and Expenditure No. 18 (2018–19). During 2019–20, ASIO also contributed, either directly or through consultation with Home Affairs, to a number of other PJCIS inquiries, including:

  • inquiries on the listing and relisting of terrorist organisations;
  • the review of the Counter-Terrorism Legislation Amendment (2019 Measures No. 1) Bill 2019;
  • the review of the Telecommunications and Other Legislation (Assistance and Access) Act 2018;
  • the review of the Australian Citizenship Amendment (Citizenship Cessation) Bill 2019;
  • the review of the renunciation by conduct and cessation provisions in the Australian Citizenship Act 2007;
  • the ongoing review into the mandatory data retention regime;
  • the review of the ASIO Amendment Bill 2020;
  • the inquiry into the impact of the exercise of law enforcement and intelligence powers on the freedom of the press;
  • the review of the Telecommunications Legislation Amendment (International Production Orders) Bill 2020; and
  • the review of the Identity-matching Services Bill 2019.

Other parliamentary committee inquiries

ASIO provides submissions to other parliamentary committees as appropriate. In 2019–20, ASIO contributed, either directly or through consultation with Home Affairs, to:

  • the Senate Environment and Communications Committee’s inquiry into press freedom;
  • the Senate Select Committee on Foreign Interference through Social Media;
  • the Senate Standing Committee on Finance and Public Administration’s Review of the Intelligence and Security Legislation Amendment (Implementing Independent Intelligence Review) Bill 2020; and
  • the Joint Standing Committee on Electoral Matters inquiry into the 2019 federal election.

Senate Legal and Constitutional Affairs Committee

ASIO appeared before the Senate Legal and Constitutional Affairs Committee as part of the Senate estimates process on 2 March 2020. ASIO’s evidence to the committee can be found in the estimates’ Hansard for those days (refer to www.aph.gov.au/Parliamentary_Business/Senate_Estimates and navigate to the relevant hearing).

Inspector-General of Intelligence and Security

The Inspector-General of Intelligence and Security (IGIS) assists ministers to oversee and review the activities of intelligence agencies for legality and propriety.

The IGIS performs this function through inspections, inquiries and investigations into complaints. The Inspector-General is also required to assist the government to assure the public and the parliament that Commonwealth intelligence and security matters are open to scrutiny. The IGIS retains statutory powers akin to those of a standing royal commission.

Meeting our legal obligations and embodying the highest ethical standards is critical to maintaining the trust of the Australian public and our ongoing effectiveness as Australia’s security intelligence organisation.

Every ASIO officer is responsible for complying with our legislated requirements, the Minister’s Guidelines for ASIO, and associated internal policies and procedures. Central to this is acting with integrity and ensuring proportionality in all our work.

During 2019–20 the IGIS regularly inspected activities across our operational functions, and investigated a small number of complaints received by the Office. In the 2019–20 reporting period, the Office of the IGIS finalised and made recommendations on three inquiries, the results of which were reported to the ASIO Audit and Risk Committee for review. ASIO accepted all inquiry recommendations and is at various stages of implementation in consultation with the Office of the IGIS and relevant agencies. We are committed to acting with legality and propriety, and in 2019–20 we acted comprehensively and systematically to address issues the IGIS identified as requiring improvement.

During the reporting period, we continued to support the IGIS’s important work by proactively briefing IGIS staff on a number of operational matters, including new capabilities and initiatives.

Independent National Security Legislation Monitor

The Independent National Security Legislation Monitor (INSLM) reviews the operation, effectiveness and implications of Australia’s counter-terrorism and national security legislation, and reports to the Prime Minister and parliament on an ongoing basis.

The INSLM considers whether the laws contain appropriate safeguards to protect individuals’ rights, remain proportionate to threats of terrorism or national security, and remain necessary. The Prime Minister may also refer a counter-terrorism or national security matter to the INSLM, either at the INSLM’s suggestion or on the Prime Minister’s initiative, under the Act.

During 2019–20, ASIO provided submissions to the INSLM’s review of the Telecommunications and Other Legislation (Assistance and Access) Act 2018.

Independent Reviewer of Adverse Security Assessments

The Independent Reviewer of Adverse Security Assessments reviews ASIO assessments which negatively impact on certain individuals (refer to Appendix I for eligibility criteria) who are in immigration detention and seeking an Australian visa. The Independent Reviewer conducts an initial primary review of each adverse security assessment, followed by reviews every 12 months for the duration of the adverse assessment.

In conducting reviews, the Independent Reviewer examines all ASIO material relied on in making the adverse assessment, as well as any other relevant material. This may include submissions or representations made by the applicant.

The Independent Reviewer also considers the overall security environment, informed by ASIO’s assessment of security threats, and any changes to the applicant’s circumstances or ideology during their time in detention.

Appendix I provides the Independent Reviewer’s annual report for the current reporting period.

Compliance

Ethical behaviour and integrity are core values of the Organisation, and are essential to sustain the confidence and trust of the parliament and the Australian people. We earn this confidence through strict compliance with the law, stringent application of policies and procedures, and active cooperation with external oversight bodies.

Centralised internal audit and compliance functions are key components of ASIO’s approach to corporate governance. These provide assurance to the Director-General that our risk, control and compliance measures ensure our resources are used efficiently, effectively and ethically. This includes taking all reasonable steps to prevent, deter and address fraud. These efforts also serve to ensure ASIO is positioned to meet current and future security challenges.

Internal audit function

ASIO’s internal audit function is designed to add value and improve our operations and service delivery. By applying a systematic and disciplined approach to evaluation and advice, the function supports effective and efficient internal control and governance frameworks.

Subject to security policies and operational considerations, our internal audit function has unrestricted access to all ASIO premises, work areas, documentation and information necessary to meet its responsibilities.

During the reporting period, ASIO undertook a program of compliance audits and performance reviews.

Compliance function

ASIO’s compliance function is focused on ensuring the Organisation continues to demonstrate our commitment to the highest standards of ethics and compliance with all applicable laws, regulations, rules and policies.

During the reporting period, we continued to mature internal assurance frameworks, including establishing a centralised compliance function. This created a formal and structured Organisation-wide mechanism to improve and monitor our compliance and assurance practices.

ASIO Audit and Risk Committee

The ASIO Audit and Risk Committee is an independent advisory body, responsible for providing independent assurance and advice to the Director-General and the Executive Committee on ASIO’s risk oversight and management, financial and performance reporting responsibilities, and internal control systems.

The committee operates under a charter which sets out its functions and responsibilities in accordance with section 45 of the PGPA Act and section 17 of the Public Governance Performance and Accountability Rule*.

*In accordance with the determination issued to ASIO under section 105D of the Public Governance Performance and Accountability Act 2013, the annual report has not provided a direct electronic address for the charter determining the function of the ASIO Audit and Risk Committee.

Under the Audit and Risk Committee’s charter, the committee has four external members, including an external chair as well as observers from the Australian National Audit Office**. The audit committee members have a broad range of appropriate qualifications, knowledge, skills and experience relevant to ASIO’s operations. This includes at least one member with accounting or related financial management experience, with an understanding of accounting and auditing standards in a public sector environment. On appointment, committee members receive an induction briefing on ASIO governance and operations.

**In accordance with the determination issued to ASIO under section 105D of the Public Governance Performance and Accountability Act 2013, the annual report has not provided membership and remuneration details.

During this reporting period, the committee met five times (four quarterly meetings and an extraordinary meeting convened for the Financial Statements review). Each meeting had a quorum, with all members attending two meetings, and all but one attending the remaining three.

Fraud control and management

ASIO has zero tolerance for fraudulent behaviour. ASIO treats both suspected and actual fraud seriously and takes all reasonable steps to prevent, detect and deal with fraudulent behaviour. The ASIO Fraud Control Plan 2019–21 documents our approach to fraud awareness, prevention, detection, reporting and investigation, and our commitment to ensuring efficient, effective and ethical use of resources—including the information and data we collect as well as the resources received from government. Our fraud prevention measures are in line with the Commonwealth Fraud Control Framework.

During the reporting period, we conducted a fraud risk assessment and reviewed the ASIO Fraud Control Plan 2019–21 to address identified risks. As part of this framework, all staff must complete mandatory eLearning on ethics and accountability, including modules on fraud, every three years.

The ASIO Fraud Strategy Statement 2019–21 (www.asio.gov.au/asio-fraud-strategy-statement.html) provides further information on our fraud control and management arrangements.

Significant legal matters affecting ASIO’s business

ASIO continued to be involved in numerous legal proceedings in courts, tribunals and other forums. Matters included terrorism prosecutions; judicial and merits reviews of security assessments; and civil lawsuits.

Administrative Appeals Tribunal

The Administrative Appeals Tribunal (AAT) reviewed a number of security assessments in the 2019–20 reporting period, most of which involved review of personnel security assessments.

Separately, three current and former ASIO employees brought review proceedings challenging Comcare decisions. AAT decisions are reported on the Australasian Legal Information Institute (AustLII) website, www.austlii.edu.au.

Tribunal reviews—security assessments

Over the 2019–20 reporting period, ASIO managed 13 adverse security assessment reviews before the AAT, including those relating to cancelled or refused passports, visas and security clearances.

Of these 13 matters:

  • three decisions were handed down, affirming the adverse security assessment which was the subject of the review;
  • three assessments were remitted to ASIO for new assessments to be prepared, which resulted in the issuing of three non-prejudicial assessments in this reporting period;
  • one matter was heard, with the decision remaining reserved at the end of this reporting period; and
  • six matters were pending at the end of this reporting period.

Tribunal reviews—archives matters

Over this reporting period, we managed two AAT reviews of National Archives matters.

Criminal prosecutions

In collaboration with our law enforcement partners and prosecuting authorities—and with appropriate protections—we provided information for use as evidence to prosecutions, and responded to subpoenas and disclosure requests.

Federal and High Court reviews—security assessments

ASIO was involved in Federal and High Court proceedings, both as a respondent in security assessment reviews and as an interested third party in other proceedings. We worked closely with other stakeholders to manage the collective Commonwealth interest.

Management of human resources

Current workplace agreement

ASIO’s terms and conditions of employment are set out in a determination approved by the Director-General under the ASIO Act.

Formal negotiations for ASIO’s 11th Workplace Agreement concluded in March 2020, with 91.5 per cent of employees voting in favour of the new determination, which took effect from 2 April 2020. Consistent with Australian Government policy, ASIO paused the implementation of the initial pay rise for six months to allow the circumstances surrounding COVID-19 to become clearer.

Performance management

ASIO continued to refine its performance framework through the reporting year and achieved greater alignment with the business planning process. This was supported by workshops for team deliverables and objectives. All ASIO staff required to participate in the performance cycle did so in 2019–20.

Our early intervention initiatives continue to assist line managers and employees to address performance issues and further strengthen the high performance culture.

People strategy

A focus over the past year has been to mature our workforce analytics capability to enable strategic workforce management. The development of an enterprise data warehouse has enabled the delivery of automated real-time workforce reports to support strategic workforce-related decision-making. This has also enabled line managers to use self-service dashboard reporting to support their day-to-day considerations.

Diversity and inclusion

ASIO has made significant progress towards increasing the diversity of its workforce and ensuring the workplace is inclusive. Guided by our Diversity and Inclusion Strategy 2018–20, progress has been overseen by ASIO’s Diversity and Inclusion Council and supported by ASIO’s diversity champions and networks.

While COVID-19 restrictions affected some of the planned diversity and inclusion awareness-raising initiatives, the Organisation made significant progress during the year, including:

  • launching the ASIO Innovate Reconciliation Action Plan (RAP) endorsed by Reconciliation Australia;
  • achieving silver accreditation in the Australian Workplace Equality Index—Australia’s national benchmarking instrument for gender and sexually diverse workplace inclusion—for the second consecutive year. As part of our submission, we demonstrated improvements in visibility, training and inclusive human resources policies to help ensure best practice as an employer of choice for gender-diverse and sexually diverse people. ASIO ranked fourth among participating federal government agencies;
  • improving gender balance in general entry-level programs; and
  • establishing a new staff-led network focused on parents.

ASIO’s progress can be seen in the results of an all-staff survey conducted in March 2020 where 90 per cent of staff reported diversity and inclusion was valued by the Organisation; an increase of 11 per cent from the previous survey. The staff survey also showed that most women reported high engagement and positive intentions to remain with ASIO. The survey confirmed support at all levels for the Organisation’s ‘if not, why not’ approach to flexible working.

Diversity networks

ASIO has seven staff-led networks which are an essential part of creating a diverse and inclusive culture. The networks provide support to staff and empower them to initiate organisational change to achieve ASIO’s diversity and inclusion goals. Senior Executive Service sponsorship ensures that issues of particular concern to a network can be deliberated at senior levels within the Organisation.

Statistics on the diversity of our workforce are provided at Appendix E.

ASIO Ombudsman

The ASIO Ombudsman is an external service provider who works to resolve employee issues or concerns—both impartially and informally—through advice, consultation and mediation.

During the reporting year, the ASIO Ombudsman provided support and advice to employees and line managers, including in response to contacts from employees; and undertook one preliminary review of investigative matters.

Asset management

The Ben Chifley Building continued to support the business and capability needs of ASIO and its partners. Our corporate suites, including Australia’s largest security-accredited auditorium, hosted a range of events over 2019–20 before the introduction of COVID-19 restrictions.

Purchasing

Throughout 2019–20 we adhered to the Commonwealth Procurement Rules (CPR) and associated policy and guidelines. Our compliance was monitored through our Audit and Risk Committee. No significant issues were identified, and overall compliance was acceptable.

Consultants

We entered into 27 new consultancy contracts involving total actual expenditure of $4 714 610 (Goods and Services Tax (GST)–inclusive). In addition, five ongoing consultancy contracts were active during the period, involving total actual expenditure of $885 631 (GST-inclusive).

Table 3: ASIO contract and consultant data

  Total
Number of new contracts entered into during the period 27
Total actual expenditure on new contracts during the period (inc. GST) $4 714 610
Number of ongoing contracts engaging consultants which were entered into during the previous period 5
Total actual expenditure on ongoing contracts during the period (inc. GST) $885 631

We applied the CPR and Department of Finance guidance when selecting and engaging consultants. We also followed internal policy and associated procedures on identifying and determining the nature of a contract. This ensured that we used appropriate methods for engaging and contracting consultants.

We engaged consultants when we needed professional, independent and expert advice or services that were not available from within the Organisation.

Annual reports contain information about actual expenditure on contracts for consultancies; information on the value of contracts and consultancies is available on the AusTender website. However, we are not required to publish information on the AusTender website, in line with authorised exemptions to avoid prejudice to our national security activities. A list of consultancy contracts to the value of $10 000 or more during this reporting period, and the total value of each of those contracts over the life of each contract, is available on request to the PJCIS, which oversees our administration and expenditure.>

Australian National Audit Office access clauses

During this reporting period, we did not enter into any contracts valued at $100 000 or more that did not provide the Auditor-General with access to the contractor’s premises.

Exempt contracts

The Director-General has applied measures necessary to protect national security which exempt ASIO from publishing details of contract arrangements, including standing offers, in accordance with clause 2.6 of the CPR. Details of our arrangements, contracts and standing offers are available on request to the PJCIS.

Procurement initiatives to support small business

Throughout 2019–20 we adhered to the CPR and associated policy and guidelines. Our compliance was monitored through our Audit and Risk Committee. No significant issues were identified, and overall compliance was acceptable.

ASIO supports small business participation in the Australian Government procurement market. Small and medium enterprises (SME) and small enterprise participation statistics are available on the Department of Finance’s website.

Our procurement practices to support SME include:

  • standardising contracts and approach-to-market templates, using clear and simple language;
  • ensuring information is easily accessible through the electronic advertisement of business opportunities and electronic submission for responses; and
  • using electronic systems to facilitate the Department of Finance’s Procurement On-Time Payment Policy for Small Business, including payment cards.

We recognise the importance of ensuring that small businesses are paid on time. Statistics on SMEʼs participation in Commonwealth Government procurement are available on the Department of Finance's website at https://finance.gov.au/government/procurement/statistics-australian-government-procurement-contracts.

This incorporates our annual reporting requirements for Public Governance, Performance and Accountability Rule 2014—17AG ‘Information on management and accountability’.

Other mandatory information

Advertising and market research

In the financial year 2019–20, ASIO expended $313 025 on marketing and advertising for recruitment activities and campaigns. Further information on these advertising campaigns is available at www.asio.gov.au and in the reports on Australian Government advertising prepared by the Department of Finance. Those reports are available on the Department of Finance’s website (see also Appendix G).

ASIO does not fall within the definition of agencies covered by the reporting requirements of section 311A of the Commonwealth Electoral Act 1918.

Disability reporting

Since 1994, non-corporate Australian Government entities have reported on their performance as policy advisers, purchasers, employers, regulators and providers under the Commonwealth Disability Strategy. In 2007–08, reporting on the employer role was transferred to the Australian Public Service Commission’s State of the service reports and the APS Statistical Bulletin. These reports are available at www.apsc.gov.au. Since 2010–11, entities have not been required to report on these functions.

The Commonwealth Disability Strategy has been replaced by the National Disability Strategy 2010–20, which sets out a 10-year national policy framework to improve the lives of people with a disability, promote participation, and create a more inclusive society. It acts to ensure the principles underpinning the United Nations Convention on the Rights of Persons with Disabilities are incorporated into Australia’s policies and programs that affect people with disability, their families and carers.

All levels of government will continue to be held accountable for the implementation of the strategy through biennial progress reporting to the Council of Australian Governments. Progress reports can be found at www.dss.gov.au. Disability reporting is included in the Australian Public Service Commission’s State of the service reports and the APS Statistical Bulletin. These reports are available at www.apsc.gov.au.

Appendix E provides information on the diversity of our workforce, including statistics on people with a disability.

Information required by another Act or instrument

Archives Act 1983

ASIO is an exempt agency under the Freedom of Information Act 1982 but is subject to the release of records under the Archives Act 1983, which allows public access to Commonwealth records in the ‘open period’. In accordance with changes to the Archives Act in 2010, the open period is transitioning from 30 to 20 years, and currently covers all Commonwealth records created before 2000. ASIO works closely with the National Archives of Australia to facilitate access to ASIO records, while balancing various and sometimes competing priorities.

In 2019–20, ASIO received 334 applications for access to ASIO records and completed a total of 399 requests, equating to 72 820 pages. A total of 59 per cent of requests were completed within the 90-day legislative time frame. The small reduction in requests completed in the reporting period is due to the complexity of assessments, and an increase in the completion of longstanding cases, in addition to new requests. Further, the way we conduct some of our routine assessments was affected by COVID-19 restrictions; COVID-19 also had an impact on our resourcing during the latter half of the reporting period.

Table 4: Access to ASIO records

  2017–18 2018–19 2019–20
Applications for record access 345 344 334
Requests completed 310 410 399
Pages assessed 36 312 57 783 72 820
Percentage of requests completed within 90 days 66.7% 60% 59%

Australian Security Intelligence Organisation Act 1979

Section 94 of the Australian Security Intelligence Organisation Act 1979 (ASIO Act) requires that ASIO’s annual report include statements on the Organisation’s questioning warrants and questioning and detention warrants, special intelligence operation authorisations, and telecommunications data access authorisations.

The statement on questioning warrants and questioning and detention warrants is provided at Appendix J. To ensure compliance with the determination made by the Minister for Finance under section 105D of the PGPA Act, and to avoid prejudice to ASIO’s activities, Appendix K relating to special intelligence operation authorities, Appendix L relating to telecommunications data access authorisations, Appendix M relating to use of technical assistance requests, technical assistance notices and technical capability notices and Appendix N relating to use of special powers under warrant have been removed from the annual report tabled in parliament.

These classified appendices will be separately provided to ASIO’s minister and, as required by the ASIO Act, to the Leader of the Opposition. Copies of the classified appendices will also be provided to the Attorney-General, the IGIS, and the INSLM. Appendix L relating to telecommunications data access authorisations will also be provided to the PJCIS.

Work Health and Safety Act 2011

Schedule 2, Part 4 of the Work Health and Safety Act 2011 requires non-corporate Commonwealth entities to include in their annual report information on health and safety outcomes and initiatives taken during the reporting period to ensure the health, safety and welfare of workers who carry out work for them.

Our report for 2019–20 is provided at Appendix F.

Commonwealth Electoral Act 1918–advertising and market research

Section 311A of the Commonwealth Electoral Act 1918 requires annual reporting by each Commonwealth department on amounts paid by, or on behalf of, the Commonwealth department for advertising and market research.

Our report for 2019–20 is provided at Appendix G.

Environment Protection and Biodiversity Conservation Act 1999

Section 516A of the Environment Protection and Biodiversity Conservation Act 1999 requires Commonwealth entities to report on how the activities of the entity during the period accorded with the principles of ecologically sustainable development.

Our report for 2019–20 is provided at Appendix H.