This section outlines the major compliance and accountability considerations in five areas – governance, risk management, managing reputation, funding and finance, workforce management, programs and services and information management.


A critical responsibility of the CEO is managing the governance and reporting arrangements of their entity to ensure the board is able to fulfil its responsibilities. These arrangements enable the entity to be responsive and accountable to the directions of its board and the government of the day.

Governance encompasses processes by which entities are directed, controlled and held to account. It includes the processes whereby decisions important to the future of the entity are taken, communicated, monitored and assessed. It refers to the authority, accountability, stewardship, leadership, direction and control exercised in the entity.

CEOs need to continually evaluate the weight they place on each of these components to ensure they find a balance between responding to the day-to-day demands of their role and maintaining a focus on current and emerging strategic issues. In particular, attention should be paid to the weight given to ensuring the entity has the business and information systems, workforce and culture to provide for good governance.

Good governance underpins the entity’s ability to provide services for a public purpose. It ensures that services are developed and provided in an environment that is forward- and outward-looking and involves attention to process and a comprehensive understanding of the environmental context.

Governance gives practical meaning to public sector accountability obligations. Good governance provides the foundation for high performance of a public entity and the services it delivers. It strengthens community confidence in the public sector, and helps ensure the reputation of the public sector is maintained and enhanced. Good governance enables the public entity to perform efficiently and effectively, and to respond strategically to changing demands.

Subject to the provisions of the enabling legislation, a board may delegate to the CEO, a member of staff, or a committee some of its powers, duties and functions. However, the board may revoke a delegation at any time, as structures or priorities change. The board remains responsible for actions taken under delegation, and anything done under a delegation will not be invalidated by the later lapse, revocation or variation of the delegation.

Further resources to support good governance.

Questions to Consider

Theme Questions
governance and reporting arrangements what are the decision-making processes for the entity? which issues does the CEO take to the board? what issues does the senior executive team consider? what governance committees exist? (e.g. audit and risk, remuneration)
how well do the decision-making processes operate? do they meet the needs of the board, CEO and entity?
does membership of the senior executive team include all those necessary to facilitate good decision-making? (e.g. should the human resources director, chief finance and accounting officer or chief information officer be on the senior executive team? or should they have regular one-on-one meetings with the CEO?)
are the current reporting arrangements for the board and senior executive team adequate for the requirements of the entity?
do the current delegation arrangements meet the needs of the board, CEO and entity? (e.g. finance, employment, operational decisions)

Risk management

The CEO plays a pivotal role in managing risks to the board and to government. The CEO needs to ensure that they have appropriate mechanisms in place to ensure that major issues and risks are identified and managed and that the board and government are kept informed.

Risks are anything that stands in the way of an entity complying with legislation and government policy, and achieving its goals. Risk management is about identifying, evaluating and minimising those risks. It helps the entity to take advantage of opportunities while also taking calculated risks based on an analysis of their likelihood and impact.

Boards are responsible for ensuring that risk management frameworks and processes are in place, and should as a matter of course officially endorse risk management documentation including risk management frameworks and policies. The role of the CEO, in collaboration with their board, is to ensure the public entity has the capability and capacity to identify risks and develop, implement and evaluate risk management plans, and to define acceptable levels of risk for the entity.

Boards are required to ensure that inter-agency and state-wide risks are addressed within risk management processes. Section 2.5 of the Standing Directions of the Minister for Finance requires most public entities to establish an internal audit committee to oversee and advise the public entity on matters of accountability and internal control. CEOs should work with their boards to develop and implement appropriate risk management frameworks and processes.

The Victorian Managed Insurance Authority (VMIA) is a statutory authority which provides risk and insurance services to departments and public entities in order to minimise losses from adverse events. VMIA assists the Victorian public sector to establish programs for the identification, quantification and management of risks, monitors risk management across the sector, provide risk management advice and training, and advises the Victorian Government on risk management. It is also the provider of insurance services and indemnities to Victorian public sector bodies and officers.

Further resources to support management of risks.

Questions to Consider

Theme Questions
identified risks / issues

are there any major risks / issues for the public entity? do any of these present risks to government? for example:

·         is there any outstanding legal action or potential legal exposure?

·         are there any performance audits / investigations of the entity scheduled or underway?

·         is there any current media attention? what are the issues?

·         are there any FOI requests that present reputational or political risks?

·         are there any governance / management issues that the CEO should be aware of?

·         is the audit and risk committee properly constructed and compliant with government policy?

·         does the audit and risk committee meet the risk management needs of the board, CEO and entity?

·         has the audit and risk committee identified any critical issues?

·         are enterprise bargaining agreement (EBA) negotiations underway or about to begin?

·         are there any significant recent / ongoing occupational health and safety issues / legal action?

·         are there any significant recent / ongoing industrial relations issues?

·         what are the future exposure risks from current workforce trends?

·         are there any significant grievances currently being investigated?

·         are there any protected whistleblower disclosures currently being investigated?

·         are there any issues or concerns with the security or integrity of information held by the entity?

·         are there any other operational or strategic risks?

·         are there any other issues which could be politically sensitive?

how are these risks / issues being addressed?
have these risks / issues been communicated or escalated through to the relevant agencies?
external scrutiny what external regulators or portfolio-specific integrity bodies may hold the entity to account?
what areas of the entity’s business are subject to regulation? what are the key considerations the CEO should be aware of?
are there any major reviews underway or recently completed that are relevant to the functions of the entity? (e.g. reviews by the Productivity Commission, Victorian Competition and Efficiency Commission, Victorian Law Reform Commission, parliamentary committees, base reviews)
have there recently been any findings or recommendations made by a regulator or integrity body that directly name or are relevant to the work of the entity? how are these being addressed?
what are the contact points with the integrity bodies and regulators? what are the lines of communication?
risk management processes how are major issues identified and managed? what is the role of the CEO in these matters?
are risk management processes integrated into corporate and business planning?
does the culture of the entity support appropriate risk management?
is risk management used as an enabler or an inhibitor of effective outcomes?
at what point does the CEO brief the board, department and minister on potential or identified risks?
are preparations underway for upcoming audits listed in the Auditor-General’s Annual Plan that may affect functions in the entity / sector?
are there any Public Accounts and Estimates Committee (PAEC) hearings scheduled on the entity’s progress on findings from past audits? are the processes adequate to ensure ministers and departmental representatives are adequately briefed?
is the entity capable of ensuring adequate business continuity in the case of an emergency?

Managing reputation – stakeholders and communication

Managing reputational risks is a critical role for CEOs and their boards. However, reputation management alone is not a substitute for strong management, organisational integrity, due diligence and good governance.

The CEO plays a key role in managing the entity’s relationships with its clients and stakeholders on behalf of their board. In order to undertake this role, the CEO needs to have a clear understanding of the entity’s stakeholders, their issues, and the effectiveness of the entity’s engagement with them. A stakeholder engagement plan can be a critical tool in helping a new CEO plan and execute their stakeholder engagement strategy.

The community has a sense of ownership with regard to public entities. This results in a large degree of public scrutiny. Any loss of reputation by an entity may impact on the minister or government of the day. ‘Public money’ is viewed differently to ‘private money’ and the process of doing business is as important as the outcome of the transaction. Accountability for public entities is related to service delivery, and not just financial accountability.

Questions to Consider

Theme Questions
stakeholder engagement who are the main stakeholders? what are their issues?

what are the modes of communication between

·         stakeholders;

·         staff;

·         the board;

·         the minister; and

·         the department?

how effective are current stakeholder engagement strategies? what is the entity’s reputation with its stakeholders?
who should the CEO meet with in the first three months? with whom should the CEO meet regularly?
does the entity have a strategy for engaging stakeholders and communicating messages?
communications and media does the organisation have a communications strategy? does the strategy provide for appropriate, consistent and proactive communications? is the strategy appropriate for business needs?
what are the key current media issues? what are the key anticipated media issues?
who manages the entity’s interactions with the media?
have all staff interacting with the media taken advantage of media management training opportunities?
does the media unit have direct access to the CEO’s office?
does the organisation have processes to ensure the media unit is kept aware of potential risks / issues to enable proactive media management where appropriate?
is the media unit informed of all FOI requests – especially those requested by the media or members of parliament?
is the media unit represented on risk management committees?
what are the relationships between the entity’s media unit, the department and the minister’s office?
are the processes adequate for alerting the CEO, the board, the department and the minister’s office if there are any serious media issues?

Funding, revenue and finance

As part of the Victorian public sector, public entities are responsible for the stewardship of public assets and accountable for the expenditure of public funds.

Different funding and financial management arrangements apply to each public entity. While departments receive an annual budget appropriation from parliament, public entities typically have a variety of funding sources. They may receive a portion of the funding granted to a department, or rely on a direct funding allocation from parliament. Public entities may also derive some or all of their income from the sale of goods and services or from fees, fines and other charges.

CEOs should ensure that they understand the funding sources for their entity, the risks to ongoing funding levels, and the expectations that come with the funding. Where the entity’s funding is derived from non-budgetary sources, the CEO must ensure that there are appropriate systems and processes for managing the particular requirements of these funding streams.

CEOs should also ensure they understand the peculiarities of funding and finance within the public sector (e.g. different treatment of tax equivalents, depreciation and capital offsets).

In all cases, the relevant minister remains responsible for the expenditure of the public entity’s funds. In addition, legislation imposes a range of financial accountability requirements. The key legislative requirements relating to financial accountability are contained in the Financial Management Act 1994 and the Audit Act 1994. The requirements cover:

  • financial management governance and oversight;
  • financial management systems, policies and procedures;
  • financial reporting;
  • risk management;
  • investment management;
  • asset management; and
  • insurance.

In addition, whole-of-government and sector-specific regulations impose competitive neutrality requirements and, for some entities, provide for prices oversight.

Under Part 7 of the Financial Management Act the CEO of a public body must designate a position of Chief Finance and Accounting Officer (CFAO). The CFAO is responsible to the CEO for ensuring that proper accounting records and systems and other records are maintained in accordance with relevant regulations and directions.

The entity’s CFAO is central to supporting the CEO as the ‘accountable officer’ under the Financial Management Act. The accountable officer is responsible for ensuring that the management of the financial affairs of the entity is effective, accountable and transparent. This includes ensuring proper financial accounts are kept, risk management and audit requirements are met, financial reporting and annual reporting requirements are fulfilled, and ministerial requests for information are responded to.

In particular, the entity must:

  • meet the requirements of the Financial Management Act and subordinate legislation and policy frameworks;
  • provide relevant information to portfolio ministers and other relevant ministers;
  • provide information to the Department of Treasury and Finance (DTF);
  • compile non-performance information as prescribed in legislation, regulation and direction;
  • prepare and provide financial statements and associated notes to the Auditor-General for audit;
  • provide an annual report to be tabled in parliament;
  • develop and implement risk management frameworks and processes; and
  • attest to compliance with risk management obligations in the entity’s annual report.

The Standing Directions of the Minister for Finance form the basis of sound financial management for the public sector. The Standing Directions are designed to supplement the Financial Management Act by prescribing mandatory procedures that must be complied with by all Victorian public entities. Areas covered include governance and oversight, structure and systems, policies and procedures, and reporting.

The Financial Management Compliance Framework is a toolkit for financial management prescribed by the Standing Directions. The Framework helps public sector agencies establish and maintain effective financial management to support the achievement of their key objectives and goals. It also helps the Victorian Government monitor the standard of financial management in line with the Standing Directions. One of the key activities of the Framework is for agencies to self-certify their compliance with these requirements on an annual basis.

Both the Standing Directions and the Framework are supported by DTF, and further information can be found on the DTF website.

Departments are expected to monitor the performance of public entities against their obligations and to provide advice to DTF on the financial performance and public entities in their portfolios. The departmental secretary is expected to advise portfolio ministers on the delivery of financial and reporting responsibilities by public entities.

Questions to Consider

Theme Questions
financial management and reporting are there any compliance issues?
what processes are in place to address these issues?
funding / revenue how is the entity funded?
what expectations come with the funding?
does the entity have any non-budgetary funding streams?
what government requirements are there regarding non-budgetary funding streams? are there any compliance issues? what processes are in place to address these issues?
does the entity have appropriate systems and processes to manage the particular requirements of non-budgetary funding streams? E.g. what are the entity’s processes for dealing with debtors?
budget process what are the processes for providing information to support departmental budget submissions?
how are priorities established?
how is the entity progressing in the roll-out of its most recent budget initiatives?
financial delegations what are the entity’s financial delegation arrangements?
have instruments of delegation been reviewed in light of the appointment of a new CEO or board and do any need to be reissued?
risk management what assumptions underpin the entity’s future financial position? what risk mitigation strategies are in place to protect the entity’s finances?
are there any risks to ongoing funding / revenue streams?
does the entity have a debtor strategy? concession strategy? how does the entity ensure it meets its obligations to the community regarding the collection of revenue?
is the entity’s risk register reviewed regularly?
does the entity have any risks on the Victorian Managed Insurance Agency (VMIA) statewide risk register? how are these being addressed?
does VMIA have any concerns with the entity’s risk management processes?
does the entity’s approach to risk management support innovation?
investment management is the entity’s investment policy consistent with legislative requirements and government policy?
are investments performing in line with government expectations?
does the Victoran Fund Management Corporation (VFMC) manage all or part of the entity’s financial investments?
asset management what asset issues will need to be addressed to achieve service obligations and government policy expectations?
how are assets and capital works funded? if by government, what is the process for obtaining capital works funding? what is the role of DTF?
procurement are there any major procurement activities underway or impending?
are there any issues with delivery?
are there any issues with procurement processes?
how does the entity ensure due process and integrity in its procurement processes?
does the entity fall within the remit of any sector-specific government procurement bodies? (e.g. Health Purchasing Victoria)
insurance does the entity receive indemnities against liabilities or insurance from VMIA?
regulation does the entity conduct any activities that are subject to the competitive neutrality policy? are there any activities that require review due to changes in the structure of the activity, maturing market or changes in government policy?
is the entity subject to prices oversight to regulate pricing policies?
interaction with DTF are there any current or impending base reviews?
does the entity have a relationship with DTF? if so, what is the nature of relationship, lines of communication and key issues?
what expectations do DTF have regarding the entity’s performance? is the entity on track to achieving these objectives? what are the risks to achieving these objectives?

Workforce Management

As part of the Victorian public sector, public entities are responsible for delivering government services and accounting to government for their activities. An entity’s workforce represents a critical component in helping the entity fulfil these roles.

Some public entities employ staff under the Victorian Public Service employment agreement, and others employ staff under entity-specific, occupation-specific or sector-specific agreements or awards.

Boards of public entities are responsible for setting the direction on how their entity manages employment issues including planning for future needs. Key responsibilities of CEOs include:

  • ensuring compliance with relevant legislation governing employment and occupational health and safety conditions;
  • ensuring the entity has adequate plans and strategies in place to address its ongoing employment needs;
  • setting the direction for how conflict is managed;
  • setting the direction for how employees are developed;
  • playing a hands-on role in managing executive employment; and
  • mitigating the risks of industrial disputes.

Further resources on workforce management.

legislative requirements

To fulfil their responsibilities, public entities generally have the power to employ staff. Employment powers are generally vested with the board or chair for the CEO, and delegated to the CEO for all other employees. The employment power is generally specified in the enabling legislation.

The provision of employment powers confers a range of rights, powers, authorities and duties. These include general legislative responsibilities for occupational health and safety and employment conditions, as well as government-specific legislative responsibilities. The Public Administration Act outlines particular requirements for public sector employees and employers. These include requirements for public entity employees and employers to conform to:

Trust in and respect for government is based on the integrity of government institutions. The actions of each and every public sector employee – no matter what their role – shape the way they, their organisation and the sector as a whole are perceived.

To support the development of culture and practices that maintain the integrity of government, the Public Administration Act requires the CEO to apply the public sector values of responsiveness, integrity, impartiality, accountability, respect and the application of human rights to their work, and ensure that others in the entity also apply these values to their work.

Further details on the public sector values.

The Public Administration Act also establishes a series of employment principles which require public sector employers to establish processes to ensure:

  • employment decisions are based on merit;
  • employees are treated fairly and reasonably;
  • equal employment opportunity is provided;
  • human rights as set out in the Charter of Human Rights and Responsibilities Act 2006 are upheld; and
  • public sector employees have a reasonable avenue of redress against unfair or unreasonable treatment.

The VPSC provides a range of tools to support public entities to meet the requirements of the Public Administration Act. One of those tools is an annual survey of the public sector, conducted by the VPSC, called the People Matter Survey. The survey is a tool designed to assist public sector organisations in measuring and building positive and ethical workplaces and striving to achieve service excellence. It measures employees’ perceptions of the values and principles underpinning their organisation’s culture and operations. It provides participating organisations with valuable information about employee job satisfaction and perceptions of leadership and supervision, performance management, work-life balance, employee commitment and intention to leave.

The survey can assist public sector organisations in measuring and building positive and ethical workplaces and striving to achieve service excellence. It is easy to administer and complete, economical, and allows organisations to benchmark their performance against comparable public sector organisations and to measure changes over time.

It delivers benefits for all participants:

  • for organisation leaders and managers, it identifies strengths and emerging issues, establishes a benchmark for tracking future progress, and contributes to a positive relationship between management and staff;
  • for employees, it provides the opportunity to give feedback to the organisation’s leaders, to have their say in a non-threatening way, and to improve their working life; and
  • for the VPSC, it helps further our goal of developing a stronger values based culture in the public sector, meet our obligations under the Public Administration Act, and use the information collected to develop a wide range of products and services for public sector organisations.

Executive Remuneration and Conditions

The regulation of public sector executive remuneration and conditions is the responsibility of the Government Sector Executive Remuneration Panel (GSERP). GSERP oversees policies for executive remuneration and conditions on behalf of government.

The executive remuneration policy provides guidance and constraints on the payment of bonuses, requiring chairs to seek approval in writing from their portfolio department secretary to exceed the guidelines. The policy provides government with a tool to ensure executive remuneration is not excessive, and where increases are appropriate, they are broadly in line with wage movements in the general community and the public sector. The policy also ensures accountability to government through the disclosure of information on executive remuneration policy and practices through annual remuneration committee reports to the panel.

The policy applies to public entity staff with significant management responsibilities.

GSERP’s functions are to:

  • ensure there is a rigorous approach to monitoring and reporting on executive remuneration in the Victorian public sector;
  • oversee the government’s policy on executive remuneration for public entities;
  • advise government on executive remuneration policy and practice in public entities;
  • represent the government in setting CEO remuneration; and
  • monitor the implementation of executive remuneration policy by the boards of public entities.

Further resources on executive remuneration and conditions.

Industrial Relations

Whilst industrial disputes can affect all organisations, there are particular considerations for entities within the Victorian public sector due to their role in delivering essential public services, and, in most cases, the role of government in directly funding employee entitlements. CEOs need to ensure they understand government policies regarding EBA negotiations and implement policies to mitigate risks to service delivery from industrial disputes.

Centrally negotiated EBAs can have an impact on an entity’s flexibility. Industrial disputes, even at a local level, can have a broader political impact. However, working locally with employees can provide opportunity for further negotiations.

All public entities must have a process for assessing and responding to complaints. Complaints can involve issues relating to occupational health and safety, equal employment opportunities, bullying and harassment, employment conditions, and application of the public sector values, employment principles, standards or codes.

In most cases, if an employee’s complaint is in writing giving details of the basis of their complaint, the people involved and the remedy sought, their employer must decide whether the complaint has substance. Where the complaint is found to have substance it must be reviewed quickly, fairly and without formality. An offer to mediate or conciliate between those involved may be made.

To support both impartiality and fairness in responding to workplace issues, the VPSC has established a panel of independent and suitably qualified review officers who are available to all Victorian public sector organisations. Use of the service providers who make up the panel is not mandatory. Rather it is intended to assist public sector organisations in locating suitable service providers.

Questions to Consider

Theme Questions
legislative compliance are there any compliance issues?
what processes are in place to address these issues?
employment delegations who has employment powers?
what are the employment delegation arrangements? who is authorised to employ executives? who is authorised to employ non-executives? who is authorised to engage contractors?
have instruments of delegation been reviewed in light of the appointment of a new CEO or board and do any need to be reissued?
workforce climate how are values and culture managed in the entity?
does the entity undertake regular surveys of the extent to which the public sector values and employment principles are applied? (e.g. People Matter Survey)
what are the findings of these surveys?
what strategies are in place to address concerns?
workforce plan have workforce metrics been analysed? what are the key workforce issues?
does the entity have a workforce plan / people strategy?
if not, what other mechanisms are in place to ensure the entity will continue to be able to attract the right staff to deliver its functions for government?
what strategies does the entity employ to develop staff?
does the entity rely on contracted labour to deliver its functions? (either internally or externally) what strategies are in place to ensure the entity will continue to be able to rely on contractors to deliver its functions for government?
executive employment how many employees are subject to GSERP?
what is the CEO’s role in relation to GSERP?
what involvement does the department and the board have with GSERP?
does the entity have processes to ensure that executive remuneration is handled in accordance with government policy?
what are the policies and processes for determining bonuses? what is the process for liaising with the department around average bonuses?
industrial relations what are the relevant EBAs / awards / industrial instruments applicable to the public entity?
what is the current schedule and status of EBA negotiations? what is the government’s policy for negotiations? what is the role of the portfolio department? what is the role of DTF, as the department responsible for public sector EBAs?
who are the key unions, what are their priorities and what are the lines of communication?
are there any serious or long-term industrial disputes?
critical incidents how is the CEO advised of critical incidents? (e.g. serious bullying allegations, whistleblower allegations)
what is the CEO’s role in the grievance process?
do the processes ensure appropriate outcomes?

Programs and Services

The core business of most public entities is providing programs and services to the Victorian community, either directly, or in collaboration with or under contract to third parties. Many of these programs and services play a critical role in the overall wellbeing of Victorians, such as water, health, education, emergency and justice services.

To ensure that programs and services are provided in a manner that represents the best value for the Victorian public, and remain relevant to the needs of the Victorian community, CEOs need to ensure there are measures in place to:

  • evaluate the performance of existing programs and services to make certain they meet the needs of users and government; and
  • undertake ongoing scanning of the political, social and economic environment to inform future service development.


questions to consider

Theme Questions
performance are adequate processes in place to measure the performance of the entity?
how are programs / services performing against key performance indicators / targets?
are there any areas where services are not meeting performance objectives that could have a high impact, on clients and / or government?
are there any demand management and / or budget issues?
are there any concerns about the operations or sustainability of services?
are there any issues in the management or governance of programs / services?
are there any major disputes involving contracted service providers?
when are major service agreements due for renewal / renegotiation?
future planning what is the strategic plan for individual programs / operations areas?
what are the key service drivers and trends? are there factors which may result in a change in demand for the programs / services the entity provides? what plans are in place to respond to these needs?
are any programs / operations areas currently under review? by whom?
are there systematic processes for ongoing evaluation of services, both in-house and contracted?
are there any strategic service reform / improvement projects underway? how are these progressing?
operational delegations what are the operational delegation arrangements?
have instruments of delegation been reviewed in light of the appointment of a new CEO or board and do any need to be reissued?

Information Management

The effective functioning of public entities is dependent on the availability, quality and useability of information and knowledge. Information and data are critical to the day-to-day operations of the entity, as well as to the creation of new ideas and processes, and in the development of solutions to problems.

Knowledge management encompasses all the systems and processes within an organisation for the creation and use of corporate information. Equally importantly, it is about the business processes and practices that underpin the creation and use of information. It is also about the information itself, including the structure of information (‘information architecture’), metadata, content quality, and more. Knowledge management therefore encompasses people, process, technology and content.

Information systems can be critical enablers of most aspects of entities’ operations and services. However, the use and implementation of ICT systems pose significant financial, currency and failure risks, which increase with the employment of more complex systems. The impact of poorly designed and planned systems on employee productivity can be immense. As a result, entities should ensure they have in place appropriate strategies, systems and processes to identify their organisation’s ICT requirements, appropriately budget for upgrades, ensure appropriate use and manage implementation of new technology.

The collection of information is expensive. As a result, entities should only collect what is useful, verifiable and pertinent.

CEOs also play a critical role in determining the culture of an agency, particularly its approach to openness and disclosure. In addition, CEOs have specific responsibilities under legislation relating to information management. For example, under the Freedom of Information Act 1982, CEOs are ‘principal officers’, responsible for managing their entity’s obligations.

Further resources on managing information.

questions to consider

Theme Questions
privacy and accessibility who is the principal officer under the Freedom of Information Act 1982?
who is the protected discloure officer under the Protected Disclosures Act 2012?
are the entity’s information management systems equipped for compliance with the Information Privacy Act 2000Public Records Act 1973 and Freedom of Information Act 1982?
does the culture of the entity support appropriate record keeping?
is the entity resourced to ensure compliance with record keeping requirements?
are privacy policies used as an enabler or an inhibitor to effective outcomes?
do the processes and resources in place provide for adequate communication of potentially sensitive freedom of information (FOI) requests, within the entity, to the department and to the relevant minister?
information collection, management, integrity and risks how does information flow through the entity to the CEO? are there any issues?
is the information collected appropriate to current business needs? is it useful? verifiable? pertinent?
what is the quality of information, including consistency, duplication, and timely information? are there any issues? (e.g. issues with continuity, duplication and timelines)
does the entity collect and analyse all the information it needs for decision-making?
what are the enabling processes / systems to provide for evidence-based decision-making?
are the governance processes for data collection and reporting requirements adequate? are there processes in place to ensure ongoing evaluation of the impact on external organisations / individuals?
do all staff have the necessary skills, knowledge and experience to perform their information management responsibilities?
are there any risks or issues with the data collected or handled by the entity (including privacy, security and common terminology)? are appropriate control systems in place?
are formal assessments of the risks of confidential information exposure undertaken?
ICT risks is there a clear strategic direction for the overall technology environment?
is there a strategy in place for technology renewal and investment? is there a range of legacy systems requiring upgrading or replacement?
are controls in place to support implementation of system and technology changes? are these appropriate to business requirements?
is there direct competition between information management systems?
is there integration or coordination between information systems?
are robust and well-understood back-up systems and practices in place? is there a tested disaster recovery plan?
is information system security adequate to fulfilling legislative requirements, government policy and business needs?