Skip to Content

Corporate governance

The Department of Veterans' Affairs' (DVA) governance and management framework is based on the principles of performance assurance and accountability within a risk management framework.

DVA's governance framework is outlined in Figure 3. The framework supports the Secretary in implementing government and departmental priorities and ensures that appropriate decisions are made, consistent with Public Governance, Performance and Accountability Act 2013 (PGPA Act) obligations.

Figure 3: DVA governance framework at 30 June 2018

This image shows the DVA governance framework as at 30 June 2018.

Back to top

Risk management

Risk management is an integral part of delivering services to veterans and their families and being accountable to the Government. The Department's focus on risk management is reflected in the DVA Towards 2020 Strategic Plan and the Risk Management Framework 2016–2020.

The risk management framework provides the necessary foundations and organisational arrangements for managing risk across the Department. It complies with the PGPA Act and aligns with the Commonwealth Risk Management Policy and the international standard ISO 31000:2018 Risk Management—Guidelines. Business risks and fraud risks receive oversight from internal governance committees and the Audit and Risk Committee.

During 2017–18, DVA continued to embed a strong risk culture and behaviours across all levels of the organisation. DVA reviewed its existing enterprise risks under the oversight of the independent Audit and Risk Committee. The Risk Management Framework 2016–2020 and related policies were reviewed and updated to reflect changes in the Department's environment.


The annual Comcover Risk Management Benchmarking Survey provides DVA with an opportunity to benchmark its risk management maturity and review and measure the extent to which risk management has been integrated into business operations. The survey also assists DVA in identifying areas for improvement and prioritising its risk management activities.

In the 2018 survey, DVA achieved an overall maturity level of 'Advanced'. This was the same as DVA's level in 2017 and one level above the average maturity of all 2018 survey participants, which was assessed as 'Integrated'.

Business continuity

DVA's Business Continuity Plan provides assurance that essential services will continue to be provided in the event of a major disaster or significant interruption to services. It is an integral part of DVA's risk management framework.

In 2017–18, the Business Continuity Plan was activated twice.

Internal audit

In 2017–18, DVA's internal audit services were provided by KPMG contractors based in Canberra. KPMG carried out independent and objective assurance activities in accordance with DVA's internal audit and assurance strategy and the Institute of Internal Auditors standards. Activities included performance, financial and program reviews; ICT audits; and assistance and advice relating to fraud control, risk management and corporate governance.

Back to top

Fraud and noncompliance

DVA has an obligation under the Commonwealth Fraud Control Framework to prevent, detect, investigate and report fraud-related activities and outcomes. DVA ensures compliance through the community compliance model. This model allows those who want to comply to easily do so, while those who choose not to comply will have appropriate action taken against them, including prosecution where necessary.

During 2017–18, DVA:

  • established the Risk and Fraud Management Committee to strengthen DVA's corporate governance structure
  • updated the Fraud Control Plan and fraud policies
  • undertook a stocktake and review of all fraud and noncompliance activities across DVA and conducted an enterprise-level fraud risk assessment
  • provided continuing education for staff to inform them of their obligations in relation to fraud control through two mandatory e-learning courses
  • conducted a fraud awareness campaign during International Fraud Awareness Week in November 2017.

DVA identifies potential fraud matters through activities such as post-payment monitoring, data matching and internal audits, and allegations from members of the public. The Department received 333 allegations of fraud in 2017–18, an increase from 299 allegations in 2016–17. The allegations predominantly referred to client and service provider matters.

DVA undertakes fraud investigations and, where appropriate, refers matters to the Commonwealth Director of Public Prosecutions. As a result of fraud investigations undertaken in 2017–18, $896,247 in ineligible payments was identified and referred to the relevant business areas for debt recovery.

Back to top


Business areas are obliged to notify the Legal Services and Assurance Branch of any potential privacy breaches.

In 2017–18, the branch received 75 notifications of potential breaches. Following investigation, 49 matters were determined to be privacy breaches and 16 were found not to breach privacy. The remaining cases were still under investigation at the end of 2017–18.

In cases where a privacy breach did occur, staff involved in the breach were counselled and the importance of all staff exercising care and caution when processing matters dealing with personal information was reiterated. In applicable cases, recommendations and changes were made to relevant practices and procedures in an effort to minimise the risk of future breaches.

DVA is required to report significant privacy breaches to the Office of the Australian Information Commissioner. In 2017–18, no significant breaches were reported to the Australian Information Commissioner, and the Commissioner made no reports to the Minister under section 30 of the Privacy Act 1988 about any act or practice of DVA.

No votes yet