Skip links and keyboard navigation

Governance framework

The Board of Management (BoM) is the department’s principal policy‑setting and decision‑making authority.

It supports the Director‑General as the department’s accountable officer to ensure the department implements and operates within an appropriate governance framework.

Corporate governance arrangements are based on the principles of best practice outlined in the Public Sector Governance: Better Practice Guide, the Australian Public Service Commission’s Building Better Governance Guide and by the Australian Audit Office.

Corporate governance arrangements are the principles, elements and mechanisms used by the department to support a focus on effective governance through strong leadership, responsible and ethical decision-making, management and accountability, and performance improvement.

The leadership and accountability model is part of the department’s corporate governance framework and illustrates the accountability mechanisms in place to effectively control business activities.

BoM works collectively to:

  • set agency strategy, objectives and priorities
  • develop our agency and workforce capabilities
  • increase and harness the diversity of our workforce
  • drive innovation across the agency and through our partnerships
  • oversee the implementation of programs and policies
  • monitor performance and reporting requirements
  • scrutinise risk mitigation strategies
  • review recommendations implemented from management and audit reports to improve business processes and work practices.

BoM, one governance committee and three sub-committees support the Director-General in the effective discharge of legislative accountabilities. They also provide opportunities for developing leaders to promote a performance culture and facilitate relationship-building and communication.

The DSITI Leadership and Accountability Model

The DSITI Leadership and Accountability Model diagram

Text description of The DSITI Leadership and Accountability Model

Board of Management (BoM)

Members and purpose statement

  • Director-General (Chair)
  • Deputy Director-General, Corporate
  • Deputy Director-General, Strategy and Innovation
  • Queensland Government Chief Information Officer
  • Assistant Director-General, Science
  • Assistant Director-General, Digital Productivity and Services
  • Assistant Director-General, Strategic ICT
  • Assistant Director-General, Queensland Shared Services
  • Chief Finance Officer
  • Chief Information Officer
  • Chief Human Resources Officer
  • Executive Director, Communications and Engagement
  • Senior Director, Office of the Director-General

BoM meets weekly and is the primary governance body for DSITI.

As well as decision-making responsibilities, the BoM is informed about sub-committee outcomes to facilitate effective corporate governance.

An organisational governance and performance reporting meeting is held each quarter, with additional attendees:

  • Director, Internal Audit
  • Director, Strategic Governance Performance and Reporting.

Audit and Risk Management Committee (independent of BoM)

Members and purpose statement

  • Director-General
  • Deputy Director-General, Corporate
  • Assistant Director-General, Queensland Shared Services
  • Partner, Risk Advisory Services, BDO (Qld) Pty Ltd (Chair)—paid as per agreed rates
  • Deputy Director-General, Corporate Services, Department of Communities, Child Safety and Disability Services.

The committee met five times and paid $10,000 (ex-GST) remuneration to one external member during the 2016–17 financial year.

The Audit and Risk Management Committee is directly responsible to, and supports, the Director-General to effectively discharge legislative accountabilities in the Financial Accountability Act 2009 and the Financial and Performance Management Standard 2009 (FPMS).

The committee provides independent assurance and assistance to the Director-General on:

  • risk management, internal control and compliance frameworks
  • financial statements
  • internal audit and external audit matters
  • performance management
  • client agency assurance reporting.

The committee does not replace nor replicate established management responsibilities and delegations, the responsibilities of other executive management groups within DSITI, or the reporting lines and responsibilities of either internal audit or external audit functions.

Information Steering Sub‑committee (ISC)

Members and purpose statement

  • Deputy Director-General, Strategy and Innovation (Chair)
  • Deputy Director-General, Corporate
  • Assistant Director-General, Strategic ICT
  • Assistant Director-General, Science
  • Executive Director, Strategic Policy and Innovation
  • Assistant Director-General, Digital Productivity and Services
  • Assistant Director-General, Queensland Shared Services
  • Queensland Government Chief Information Officer
  • Chief Information Officer
  • Chief Finance Officer
  • Chief Human Resources Officer

External member:

  • Group CIO, Youi Insurance.

The sub-committee meets every six weeks as a sub-committee of BoM. The primary functions of the ISC include:

  • providing strategic oversight and direction to the department’s portfolio of ICT investments
  • ensuring appropriate controls and governance exist for the various ICT programs and projects managed within the department
  • approving the department’s ICT strategy and objectives in support of the ICT Strategic Plan
  • assessing and determining investment priorities for programs, projects and corporate ICT service activities, based on their alignment with strategic objectives
  • reviewing performance of the portfolio of ICT programs and projects to ensure progress is appropriate, all risks and issues are identified and addressed, and benefits are identified and monitored
  • endorsing and monitoring ICT and information management-related departmental policies, standards and guidelines
  • assuring that service performance standards of ICT operation are efficient, effective and economical, and meet the department’s business requirements.

Finance and Procurement Sub‑committe (formerly the Finance Sub‑committee)

Members and purpose statement

  • Assistant Director-General, Strategic ICT (Chair)
  • Deputy Director-General, Corporate
  • Deputy Director-General, Strategy and Innovation
  • Assistant Director-General, Queensland Shared Services
  • General Manager, Smart Service Queensland
  • Executive Director Science Delivery, Science
  • Principal Architecture Consultant, Queensland Government Chief Information Office
  • Chief Finance Officer
  • Chief Procurement Officer

The sub-committee meets each month to provide assurance about the effective financial and procurement management of the department, which includes:

  • consideration of financial performance
  • procurement priorities and commitments
  • financial and procurement policies and procedures
  • budget submissions
  • procurement plans and implications
  • resourcing issues.

People Sub‑committee

Members and purpose statement

  • Assistant Director-General, Queensland Shared Services (Chair)
  • Deputy Director-General, Corporate
  • Chief Human Resources Officer
  • Executive Director and State Archivist, Queensland State Archives
  • Executive Director, Innovation, Policy and Governance
  • Executive Director, Science Development
  • Executive Director, Strategic Sourcing
  • Executive Director, Queensland Government Chief Information Office

The sub-committee meets every six weeks to ensure a strategic whole-of-department focus in relation to human resource management and workplace health and safety.

Audit arrangements

Internal Audit is a key component of DSITI’s corporate governance, providing independent assurance and advisory services to the Director-General and the Audit and Risk Management Committee (ARMC). These services use a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal controls and governance activities within the department.

Internal Audit operates under the powers pursuant to section 61 of the Financial Accountability Act 2009 and its approved charter that incorporates the internal audit professional standards. Due regard is also given to Queensland Treasury’s Audit Committee Guidelines (June 2012) to provide secretariat support to the ARMC.

The ARMC monitors the internal audit function to ensure it operates ethically and professionally.

The Internal Audit unit, together with its co-source internal audit partner (KPMG), focuses on delivering a high-quality, professional internal audit function and on completing the annual internal audit program of work.

During 2016–17, Internal Audit:

  • developed a comprehensive, risk-based strategic internal audit plan and annual internal audit plan, endorsed by the ARMC and approved by the Director-General
  • executed the annual internal audit plan that covered key financial controls, major systems, project management and operations
  • reported on the results of assurance and advisory reviews to the ARMC and Director-General
  • monitored and reported on the implementation status of internal audit recommendations.

Risk management

The DSITI risk management policy and framework, based on the international risk management standard AS/NZS ISO 31000:2009 and Queensland Treasury’s risk management guidelines, ensure risks are managed consistently across the department and minimised through a robust system of internal controls. The framework encompasses threats and opportunities, reflecting the potential for either of these to impact positively or negatively on the department’s objectives, strategic priorities and innovation.

Key strategic risks and opportunities are identified as part of our annual strategic planning process. All business areas, as part of their business planning, identify risks that may impact upon their business objectives. Significant risks are reported quarterly at the corporate governance forum and the ARMC.

During the year, we continued to embed the risk appetite statement into our business planning and day-to-day operations, building upon an existing risk awareness culture and encouraging prudent risk-taking.

Establishing the new Information Communication and Technology (ICT) federated operating model and governance framework has led to a more systemic approach to managing ICT risks. The Information Steering Sub-committee oversees strategic and systemic ICT risks, supported by the ICT Risk, Business Continuity Plan and Disaster Recovery Working Group. This model drives ICT risk management improvement initiatives across the department.

In 2016–17, we increased our number of business continuity exercises, emphasising cyber risks. To strengthen the department’s resilience to disruptive events, learning insights and mitigating actions are tracked and regularly reported to the Board of Management.

Our annual preparation for the 2016–17 storm season meant we effectively responded to and recovered from TC Debbie, and met our commitments to state disaster management.

We have refreshed our annual assurance map. Based on the Three Lines of Defence model, the framework helps officer accountabilities to be understood and contributes towards effectively managing risk. We recognise the importance of being a risk-capable organisation. We embrace the government values that emphasise taking calculated risks to foster a culture of innovation and creating greater public value.

External assurance

Audits and reviews

In 2016–17, the Queensland Audit Office (QAO) tabled in Parliament three audit reports that mentioned the department.

  1. Auditor-General Report No. 1 for 2016–17: Strategic procurementThe review assessed if the 21 state government departments were achieving and enabling value-for-money procurement through effective strategies. Two of the six recommendations applied to DSITI, requiring us to develop a procurement data strategy and an agency procurement plan. We implemented our agency procurement plan and we are now developing a procurement data strategy with the Office of the Chief Advisor, Queensland Government Procurement, Department of Housing and Public Works.
  2. Auditor-General Report No. 3 for 2016–17: Follow-up: monitoring and reporting performanceThe review assessed how effectively departments were implementing recommendations from the Monitoring and reporting performance (Report 18: 2013–14) audit report. All departments were recommended to ‘apply a service logic approach to define their service areas so that they only group services where they contribute to common objectives and outcomes’. DSITI has met this recommendation.
  3. Auditor-General Report No. 8 for 2016–17: Queensland State Government: 2015–16 results of financial auditsThe department’s financial statements were included in the Queensland Government’s consolidated financial statements audit. An unmodified audit opinion was issued about the department’s financial statements for the year ending 30 June 2016.

In 2016–17, the QAO also performed three audits for DSITI.

  1. ASAE 3402 Assurance audit of Queensland Shared Services 2016–17QAO reported on QSS’ description of its accounts payable, payroll and general IT control systems for processing customers’ transactions from 1 July 2016 to 30 June 2017 and on the design and operation of controls related to the control objectives stated in the description. QAO concluded that, in all material respects, the QSS control objectives in the system descriptions were suitably designed and operated from 1 July 2016 to 30 June 2017. A total of 28 audit recommendations were made to QSS to strengthen internal controls. QSS agreed to implement them.
  2. ASAE 3402 Assurance audit of CITEC 2016–17QAO assessed CITEC’s description of its internal controls over ICT infrastructure and related services as at 28 February 2017 and on the design of controls related to the control objectives stated in the description. QAO concluded that, in all material respects, CITEC’s description of its internal controls over ICT infrastructure and related services were suitably designed as at 28 February 2017. Eight audit recommendations were made to CITEC to strengthen internal controls. CITEC agreed to implement these.
  3. Audit of the department’s Financial statements 2016–17QAO audits the department’s financial statements each year. On 28 April 2017, QAO issued an Interim Management Report about the operating effectiveness of controls in three areas of the financial statements: cash, payroll and expenditure for the period 1 July 2016 to 28 February 2017. No significant internal control deficiencies were identified or reported.

Other external audits and reviews that took place in 2016–17 are detailed below:

  • QAO conducted a performance audit on government cloud computing management and tabled a report to Parliament in February 2016.
    • The Education, Tourism, Innovation and Small Business Parliamentary Committee’s implementation of the Auditor-General’s recommendations about cloud computing report No. 34 was released in May 2017.
    • The Queensland Government Chief Information Officer attended the hearing on 22 March 2017 to respond to the committee’s questions regarding progress in implementing the recommendations from the Cloud computing report released in 2016.
    • The committee was satisfied the information provided by the Queensland Government Chief Information Officer and departments demonstrated significant progress in implementing the Auditor-General’s recommendations.
  • The National Association of Testing Authorities, Australia (NATA) audited the Chemistry Centre Laboratories. NATA accredits laboratories, inspection bodies, calibration services, producers of certified reference materials and proficiency testing scheme providers throughout Australia. It provides independent assurance of technical competence through an established network of best practice industry experts for customers who require confidence in their products and services. Accreditation was obtained following the audit.
  • The Department of Agriculture and Water Resources Audit Services team audited the Chemistry Centre Laboratories for the accredited Biosecurity Containments level 1 (BC1) Approved Arrangement facilities. This audit was required as the Chemistry Centre analyses imported material subject to biosecurity control. The audit results concluded the facilities complied with the standards set by the Department of Agriculture and Water Resources.
  • The Queensland Productivity Commission (QPC) completed its investigation into a competitive neutrality complaint made against CITEC Information Brokerage. QPC found CITEC Information Brokerage’s services did not breach the principle of competitive neutrality as defined in section 32 of the Queensland Productivity Commission Act 2015. QPC did not identify any adverse findings or corrective actions.
  • CITEC is routinely audited by independent government organisations for compliance and assurance. In 2016–17, the QAO audited CITEC SAP Information Technology General Controls. No major issues were identified.

Information systems and knowledge management

DSITI’s Digital Enterprise Office (formerly the Chief Information Office) develops record-keeping policy and provides several services to DSITI business units. These include advice and guidance on appropriate record-keeping practices. A communication, awareness and training program is being developed to keep educating staff about records and records management.

To enable a collaborative and consistent approach to record-keeping across the department, an Information Management and Records Working Group has been established under the department’s new Federated ICT operating model. The working group includes representatives from all business units. This enables broader support for records management initiatives and for increased records management expertise and knowledge to be shared across the department.

With the move to 1 William Street and many staff relocating to Terrica Place, paper-reduction initiatives and practices continue to be a focus in day-to-day work practices. The Digital Enterprise Office is continuing to drive the department towards a digital workplace by investigating requirements for digitising paper and manual processes, including whole-of-department cloud-based technology to support digital records management. DSITI is also leveraging productivity tools to enable greater access to information anywhere and anytime, and for staff collaboration across the department.

Creative Commons Attribution 4.0 International (CC BY 4.0)
Last updated
9 October 2017
  1. Is your feedback about:
  2. (If you chose ‘website’ above)

    Page feedback

    1. How satisfied are you with your experience today? *
  3. (If you chose ‘service’ above)

    Feedback on government services, departments and staff

    Please use our complaints and compliments form.