Skip to Content

Corporate governance

DVA's governance and management framework is based on the principles of performance assurance and accountability within a risk management framework.

DVA's governance framework is outlined in figure 11 and supports the Secretary in implementing government and departmental priorities as well as ensuring appropriate decisions consistent with Public Governance, Performance and Accountability Act 2013 (PGPA Act) obligations. The framework reflects the importance of collaborative partnerships in shaping the Department's overall performance results. This results in a tailored governance framework that is fit for purpose and able to be adjusted to meet DVA's changing needs. For example, an information technology representative from the Department of Human Services (DHS) sits on the Information Committee.

Figure 11—Governance framework at 30 June 2017

This image shows DVA's governance and management framework as at June 2017


The primary legislation administered by the Minister for Veterans' Affairs during 2016–17 was:

  • Anzac Day Act 1995
  • Australian War Memorial Act 1980
  • Defence Service Homes Act 1918
  • Military Memorials of National Significance Act 2008
  • Military Rehabilitation and Compensation Act 2004, except to the extent administered by the Minister for Defence
  • Safety, Rehabilitation and Compensation Act 1988, Part XI except for sections 143(2) and (3), 144(4), 149, 150, 153(2), 156, 158 and 159
  • Veterans' Entitlements Act 1986.

A full list of the legislation administered by the Minister for Veterans' Affairs, as detailed in the Administrative Arrangements Order, is available from the Department of the Prime Minister and Cabinet website (

Back to top

Risk management

Risk assessment and management are critical to DVA being able to achieve its objectives efficiently and effectively.

DVA's risk management framework complies with the PGPA Act and aligns with the Commonwealth Risk Management Policy and the international standard AS/NZS ISO 3100:2009 Risk Management—Principles and Guidelines.

During 2016–17, work was undertaken to review and update DVA's risk management framework, define risk appetite statements, develop a risk management learning and development plan and formalise the Chief Risk Officer role at the Senior Executive level. As a result, DVA's Chief Operating Officer has taken on the added responsibility of Chief Risk Officer and is responsible for embedding a strong risk culture and behaviours across all levels of the organisation.

DVA's Enterprise Risk Management Framework 2016–2020 provides the necessary foundations and organisational arrangements for managing risk across DVA. Through the framework and its supporting processes, DVA communicates its risk appetite, guiding staff in their actions and ability to accept and manage risks.

For 2017–18, DVA's Risk Management Learning and Development Plan will play an important role in meeting DVA's ambition to foster a positive risk culture through a standardised understanding of risk management.

Back to top


The annual Comcover Risk Management Benchmarking Survey provides DVA with an opportunity to benchmark its risk management maturity and review and measure the extent to which risk management has been integrated into business operations. The survey also assists DVA in identifying areas for improvement and prioritising its risk management activities.

In the 2017 survey, DVA saw an improvement, achieving a maturity level of 'Advanced'. DVA's results fall within the 35 percent of entities that achieved 'Advanced' or 'Optimal' maturity. The majority of entities (62 percent) achieved a maturity level of 'Systematic' or 'Integrated'.

Back to top

Business continuity

DVA's business continuity plan provides assurance that essential services will continue to be provided in the event of a major disaster or significant interruption to services. The business continuity plan is an integral part of the DVA's risk management framework. While local emergency plans were invoked for severe weather events in Adelaide and Far North Queensland, there was no requirement to invoke the plan at a departmental level for 2016–17. DVA tested the business continuity plan in June 2017 through a desktop exercise with its Senior Executive.

Back to top

Internal audit

In 2016–17, DVA's internal audit services were provided by KPMG contractors based in Canberra. KPMG carried out independent and objective assurance activities in accordance with DVA's internal audit and assurance strategy and the Institute of Internal Auditors standards. Activities included performance, financial and program reviews; ICT audits; and assistance and advice relating to fraud control, risk management and corporate governance.

Back to top

Fraud and non-compliance

DVA has an obligation under the Commonwealth Fraud Control Framework to prevent, detect, investigate and report fraud-related activities and outcomes. DVA ensures compliance through the community compliance model. This model allows those who want to comply to easily do so, while those who choose not to comply will have action taken against them, including prosecution where necessary.

During 2016–17, DVA undertook a number of activities in relation to fraud control, including undertaking a fraud risk assessment linked to the business planning process; continuing education for staff to inform them of their obligations in relation to fraud control through two mandatory e-learning courses; and a fraud awareness campaign conducted during International Fraud Awareness Week in November 2016.

An internal audit of fraud management resulted in structural changes in the management of fraud policy. These changes and initiatives will allow DVA to strengthen its fraud control environment during the 2017–18 period and beyond.

In 2016–17, DVA undertook fraud investigations and where appropriate referred matters to the Commonwealth Director of Public Prosecutions. The Department receives allegations through activities such as post-payment monitoring, data matching, internal audits and public tip-offs.

DVA received 299 allegations of fraud in 2016–17, a decrease compared to 338 allegations in 2015–16. The allegations referred mostly to client and service provider matters.

As a result of the fraud investigations undertaken in 2016–17, $5.58 million was identified as possible fraudulent activity or administrative overpayments to clients and service providers. This figure is higher than in 2015–16. The 2015–16 figures only reported on debt recovery that directly arose from cases investigated where there was a finding of fraud. Of the 2016–17 figure of $5.58 million, approximately $200,000 relates to cases referred to the CDPP for consideration for prosecution. The figure of $5.58 million also includes identified administrative overpayments of $446,844. These have been referred to relevant business areas to undertake appropriate administrative action. The balance of the $5.58 million is subject to ongoing investigation and involves a small number of significant cases

Back to top


Business areas are obliged to notify the Legal Services and Assurance Branch of any potential privacy breaches.

In 2016–17, the branch received 43 notifications of potential breaches, 29 of which related to mail or email. Investigations concluded that breaches occurred in 34 cases. The remaining cases were resolved in another way or were still under investigation at the end of 2016–17.

In cases where a privacy breach occurs, privacy refresher training is offered to staff and changes are made to relevant procedures to minimise the risk of future breaches.

DVA is required to report significant privacy breaches to the Office of the Australian Information Commissioner. DVA notified the Australian Information Commissioner that there were no significant breaches in 2016–17.

In 2016–17, no reports were served under section 30 of the Privacy Act 1988 and no determinations were made under section 52 or section 72 of the Privacy Act 1988.

Back to top

Freedom of information

Agencies subject to the Freedom of Information Act 1982 are required to publish information to the public as part of the Information Publication Scheme. The scheme specifies categories of information that agencies must publish online and encourages agencies to proactively release information in a consistent way. Each agency must publish on its website a plan describing the information it publishes in accordance with the scheme's requirements. DVA's plan is available at Information Publication Scheme (

Back to top

No votes yet