Annual Report 2017/18 Governance
This year, we focused on implementing a new governance model to improve the alignment of our strategic objectives with our balanced scorecard (BSC) approach (see Figure 18: Strategic Objectives), prioritising the delivery of strategic initiatives across the four directorates of Business Services, Strategy and Policy, Regulatory Operations, and People and Culture.Key initiatives
- Developing our finance and HR systems and digital technology environment
- Implementing the consultation process and developing the operating model for Regulatory Operations
- Establishing People and Culture Committees, in response to our staff survey commitments
- Establishing the People and Culture directorate
In 2017/18 we undertook to establish a national function-based operating model to deliver all our regulatory functions. A national model for the legal and registration functions has been confirmed and is being implemented.
Arranging our regulatory teams along national reporting lines will enable national consistency in how we work, deliver national visibility of our work at any point in time, and allow us to mobilise the skills and expertise of all our staff. The national model relies on a viable AHPRA office in each state and territory and will provide clear points of contact for our stakeholders.
The finance function ensures that our financial systems and records are well managed, accurate and compliant with legislation, and provide financial reporting and guidance to AHPRA and the National Boards. The Finance, Audit and Risk Management Committee (FARMC) is the principal committee of the Agency Management Committee that oversees finance, audit and risk. This committee reviewed the annual financial reports and projections with management, focusing on the integrity and clarity of disclosure, compliance with relevant legal and financial reporting standards, and the application of accounting policies and judgements.
AHPRA, partnering with the National Boards, has established a review of equity and cost allocation reference group to review our equity holdings arrangements with the National Scheme to further enhance cost-effectiveness and efficiency. This work incorporates the design and implementation of activity-based costing which will provide a deeper level of understanding of the costs associated with each regulatory function.
AHPRA's income for the full financial year to 30 June 2018 was $184.8 million. Our income for the full year includes the following components, as shown in Table 31.
AHPRA and the National Boards work in partnership to deliver financial performance. AHPRA and the National Boards recorded a net deficit of $11.759 million this year.
The financial statements section of the annual report describes the performance in more detail, including the net result and equity position for each National Board.
Fees set for each National Board aim to meet the full costs of regulation for each profession, Table 32 provides an overview of registration fees by profession since the start of the National Scheme.
AHPRA's organisational structure and resources
Regulatory Operations is responsible for the efficient and effective delivery of core regulatory functions – Registration, Notifications, Compliance and Legal Services – under the National Law. It provides leadership and strategic direction in the development and delivery of operational policy and procedures that support decision-making across these regulatory functions.
Offices in each state and territory deal directly with local stakeholders and support the decision-making of local boards and committees. This directorate is accountable for operational performance across the regulatory functions. It is committed to continuous improvement and quality assurance of our regulatory processes, through the continued refinement of the service model.
Strategy and Policy is responsible for engaging with national and international stakeholders, consumers, practitioners and partners in regulation of other regulatory bodies. It manages our communication and media services, and coordinates and manages intergovernmental relationships.
Policy and governance advice is this directorate's responsibility, as is oversight of accreditation to the National Boards and their committees. It delivers an enduring program of research and analysis that ensures an empirical basis for regulation.
Other areas of focus include strategic analysis and planning, and management and support of the community and professions reference groups (CRG and PRG).
Business Services delivers corporate support, providing effective and efficient business systems and processes to reach our strategic objectives. It coordinates business planning processes and the performance reporting platform to help ensure continuous improvement.
This directorate delivers information technology architecture, finance and human resources (the latter until April 2018) functions to support AHPRA's people and culture. It delivers an ongoing and transparent corporate risk profile to ensure the organisation manages risk well.
People and Culture was created in May 2018 in recognition of its importance at the National Executive level and its contribution to the future of all AHPRA staff. It is both strategic as well as operational and is providing a customer responsive service. Initial work has focused on building a positive culture for AHPRA through local People and Culture Committees and the work of the Senior Leaders Forum, health and wellbeing services for all staff, streamlining recruitment and supporting learning and development.
The AHPRA Enterprise Agreement is in its final year of operation and plans for the negotiation of the next agreement are underway.
|Strategy and Policy||98|
|Business Services (including CEO office)||216|
|People and Culture||17|
The statutory appointments team provides strategic, governance and compliance advice and operational support across AHPRA in relation to statutory appointments. The statutory appointments team facilitated and managed 634 vacancies over 2017/18 (see Table 34), which included:
- National Boards
- National Board committees and panels (including advisory assessor panels and List of approved persons for panels)
- state, territory and regional boards, and
- state, territory and regional committees.
|National Board committees and panels||242|
|State, territory and regional boards||117|
|State, territory and regional committees||228|
Note: The data provided for statutory vacancies encompass those recruitment rounds that were completed and appointments made in 2017/18.
Corporate legal services
AHPRA's legal advisers operate in two broad streams:
- Lawyers in the Regulatory Operations directorate are located in offices in each state and territory. They provide day-to-day legal advice and services in relation to the operation and application of the National Law as in force in each state and territory, and the obligations of AHPRA and the National Boards under that Law.
- Lawyers in the Business Services directorate are located in our national office in Melbourne. They provide corporate legal services, such as contract negotiation and drafting, privacy analysis and advice, legislative compliance testing and advice about AHPRA's general compliance obligations as a statutory corporation.
Our lawyers work closely and cooperatively to ensure that decisions are made efficiently and in a timely manner under the National Law, and are consistent with legal requirements. Legal advisers manage legal risks relating to the administration of the National Law and the complex business of operating a number of entities that operate nationally under the National Law.
Our legal advisers, in conjunction with our panel of external legal service providers, conduct matters relating to decisions under the National Law, as in force in each state and territory, and the performance of functions under the National Law.
Data access and research
AHPRA collects comprehensive national data on regulation. While these data have registration, workforce planning, demographic, commercial and research value, the National Law, as in force in each state and territory, and the Privacy Act 1988 (Cth) impose strict limits on their use. Our data access and research policy focuses on assisting researchers and other parties to better understand the process for considering requests for data and research.
During the year, AHPRA updated the information on its website to provide additional clarity on how to request data and information. The website now clearly details what data are already available, how to access that data, as well as the processes for accessing data that are not publicly available and the policies and legislation that govern what can and cannot be released. A research framework was also developed and made available through the website which includes priorities to focus research efforts internally and externally, and research principles to guide the use of National Scheme data.
AHPRA and the National Boards understand the need for transparency and availability of data in the National Law and the Privacy Act 1988 (Cth), and have developed robust processes on data governance, access and release of National Scheme data.
Practitioner information exchange program
Table 35 excludes requests to participate in our practitioner information exchange (PIE) program, as well as any requests for extracts or copies of the national Register of practitioners that are received directly by the PIE mailbox. PIE provides information to employers about the registration of the health practitioners they employ, including any restrictions that a Board might have placed on a practitioner's registration.
PIE is a secure web-based system. It can help employers with connecting human resources, clinical management, risk management, IT security and customer management systems into an effective health practitioner registration data source.
This year, there were 87 subscribers to the PIE service from government departments, public and private hospitals, and the educational and research sectors.
For more on PIE, visit the Practitioner information exchange page on the AHPRA website.
Anyone can make a complaint about AHPRA, the Agency Management Committee or a National Board. A complaints form is available on the AHPRA website, along with our complaint-handling policy and procedure. Visit the Complaints page on the AHPRA website.
If anyone believes that they have been treated unfairly in our administrative processes, a complaint can also be lodged with the independent National Health Practitioner Ombudsman and Privacy Commissioner (NHPOPC). The NHPOPC will usually only deal with complaints that have already been lodged with AHPRA, and when AHPRA has been given a reasonable opportunity to resolve the complaint. Find out more on the NHPOPC website.
AHPRA is committed to resolving complaints. Feedback, whether positive or negative, is always welcome to help us improve our services. Complaints are considered at a senior level in AHPRA, in recognition of their importance. We record the details of all complaints received by AHPRA and all complaints directed to AHPRA from the NHPOPC.
In the year ending 30 June 2018, AHPRA received a total of 409 administrative complaints, an increase from 2016/17, when we received 341 complaints. While this is a significant increase in the number of complaints, this increase was largely driven by changes in the way we record complaints, as well as a new procedure for the transfer of complaints from the NHPOPC, which has meant that concerns raised that were not previously identified as complaints are now being captured in our complaint data. Of the 409 received, 234 were received directly by AHPRA and 175 complaints were received via the NHPOPC. Issues raised in complaints included:
- communication issues
- time to process a new registration application
- dissatisfaction with a Board decision, and
- concerns that due process was not followed during the notification process.
This year, nine complaints were received about Board matters (policy-related issues), the same as last year.
For the year, 215 registration complaints were received (an increase from the 161 registration-related complaints received last year). The most common issues raised were:
- 55 complaints were about the time taken to process a new registration application (up from 32 similar complaints last year).
- 50 complainants expressed dissatisfaction with the registration requirements not being clearly conveyed to them (two more than last year expressing a similar concern).
- seven registration renewal-related complaints were concerned with the time taken to finalise a registration renewal application (the same number as last year expressing a similar concern).
- eight complainants were concerned with the time taken to register an overseas applicant (an increase of four complaints from the four received last year).
There were 176 notification-related complaints received this year (an increase from the 164 received last year). The overwhelming majority of the complainants expressed dissatisfaction with Boards' deciding to take no further action in relation to their notification.
Three campaign-related complaints were made this year (down from 35 in 2015/16 and five in 2016/17). These complaints related to changes to information published on the national Register of practitioners.
See Table 36 for more information about administrative complaints.
Freedom of information
Section 215 of the National Law provides that the Commonwealth's Freedom of Information Act 1982 (FOI Act) applies to the National Law, as modified by regulations made under that Law.
During the year, AHPRA received 167 Freedom of Information (FOI) applications, including 19 applications for internal review and six tribunal/court related matters. Two FOI complaints were made to the NHPOPC and were addressed by AHPRA.
161 applications were finalised including 19 internal reviews, six tribunal/court-related matters and one FOI complaint to the NHPOPC. Outcomes are detailed in the table below.
As at 30 June 2018, 14 matters remain on hand.
1Not including six outcomes of tribunal/court-related matters and one FOI complaint to the NHPOPC.
AHPRA has maintained an active information governance program during the 2017/18 reporting period. The information governance group activities include:
- delivering a more risk-based approach to managing information-governance outcomes, such as an ability to apply the appropriate level security on our information assets
- conducting ongoing staff awareness campaigns that include information about security, privacy, records management and data access
- continuing compulsory privacy compliance training for all staff
- continuing to review and improve information policies and procedures, and
- continuing the information asset ownership project, which identifies, classifies and determines appropriate control requirements for information assets.
AHPRA has an established information security assurance program which incorporates a number of reviews of our cyber-preparedness and cyber security posture. These reviews have confirmed continual improvement in relation to our information security and cyber threat programs. We recognise the continuing volatility of the digital environment and maintain a high level of vigilance in relation to cyber threats. Informed by the outcomes of our cyber assurance program, we continue an active and responsive program of work through our annual work-plan.
How AHPRA manages its activities and risks
Corporate Assurance Framework
AHPRA has an agreed plan that assigns responsibility to each of the four Executive Directors for managing risks on a day-to-day operational level for their directorates. Each directorate has an assurance plan that records the risks relevant to that directorate.
Risks are identified, assessed, monitored and managed at a directorate level, but escalated in accordance with the requirements of the Corporate Assurance Framework and recorded in the Corporate Assurance Plan for review and monitoring by the CEO and the National Executive.
The Corporate Assurance Plan reports the escalated risks and risk ratings, along with the key controls and assurances put in place to mitigate the risks. The plan is reviewed by the Finance, Audit and Risk Management Committee (FARMC) to monitor the effective management of risks reported to the Agency Management Committee and the National Boards.
FARMC assures that systems are in place so AHPRA effectively and appropriately manages risk, and oversees the operation of those systems. AHPRA's internal audit function forms part of the review process, provides assurance on the risk management process, and advises the committee accordingly. The internal audit work done during the year provided an independent assessment of this to the committee.
AHPRA handles significant volumes of sensitive and personal information relating to registered health practitioners, students and notifiers. We recognise our obligations to protect this information, and have established a program of work to strengthen our current practices in minimising the risk of data loss, and to ensure data are collected, held and used in accordance with law and best practice. The information governance assurance group (IGAG) coordinates those activities through the information governance work program.
IGAG's work program for 2017/18 included development and maintenance of an IGAG risk assurance plan, delivery of an annual information awareness program aligned with external activities such as Privacy Week and an information asset ownership program. The information asset ownership program is being progressively delivered throughout AHPRA through a structured multifaceted project.
The system of internal control
The CEO is responsible for reviewing the effectiveness of the system of internal control, which has been in place at AHPRA from 1 July 2017 to 30 June 2018, and up to the date of approval of the annual report and accounts, in accordance with guidance from the Victorian Auditor-General's Office (VAGO).
The review is informed by the work of internal auditors and the senior managers in AHPRA who are responsible for the development and maintenance of the internal control framework, and comments made by external auditors in their management letter and other reports. We have been advised of the implications of the result of the review of the effectiveness of the system of internal control by FARMC. Plans are in place to address identified weaknesses and ensure continuous improvements.
The managers responsible for the system of internal control provided the CEO, through the Executive Director Business Services, with assurance that AHPRA's system of internal control is subject to consistent monitoring, review and improvement, and that AHPRA's key risks are being identified, assessed and managed appropriately to ensure the goals and objectives of the National Scheme are achieved.
This year, the assurance framework was subjected to a process of audit and review to ensure that it continued to provide the highest level of assurance possible. Because of the review, the assurance framework is being revitalised to incorporate a ‘three lines of defence' assurance model with closer alignment of the assurance framework, the strategic objectives and the strategic risk priorities.
AHPRA's internal financial and risk management staff, in liaison with the internal auditors, plan and carry out a FARMC-approved program of work to review the design and operation of the systems of internal control. Where weaknesses have been identified, they are reported to FARMC and an action plan is agreed with management to implement the recommendations as part of this process.
We are not aware of any significant internal control issues affecting AHPRA that do not have an effective management plan in place. We are satisfied the system of internal control has operated effectively and has identified risks that AHPRA is managing. We are also satisfied that significant work is continuing to better identify, assess and appropriately manage AHPRA's risks in the future. Importantly, AHPRA is committed to constant improvement in the way it manages risk to ensure the goals and objectives of the National Scheme are delivered.
Our risk mitigation strategy includes the appropriate and proportional placement of insurances. Throughout the financial year, our insurance portfolio was up-to-date and was reviewed and renewed for a further 12-month period on 30 June 2018. The insurance program is overseen by FARMC.
Capacity to handle risk
The Executive Director Business Services is the designated director with operational responsibility for maintaining and developing the organisation-wide system of internal control. The CEO is the designated executive with operational responsibility for the system of risk management and risk reporting.
The Agency Management Committee takes an active role in risk management, receiving periodic reports and reviewing the Corporate Assurance Framework.
FARMC has the role of overseeing AHPRA's governance processes and has reviewed the Corporate Assurance Plan at its meetings, together with movements in the risks identified through that framework and the management of them.
We are not aware of any significant risk management issues that would prevent AHPRA from delivering the National Scheme's goals and objectives that have not been identified, assessed and which do not have an appropriate plan. We are satisfied that work is underway that is designed to ensure AHPRA identifies, assesses, monitors and manages risks appropriately.
Compliance with state and territory laws
AHPRA is subject to a wide range of Commonwealth, state and territory legislation and subordinate rules made under that legislation, such as regulations and obligations under the general law. We are committed to constantly reviewing and improving our procedures and activities to comply with these laws and to promote a culture of compliance. We have carried out a range of activities, described below, to instil the principles set out in Australian Standard 3806–2006: Compliance programs into AHPRA's everyday activities.
We have compiled a register of Commonwealth, state and territory legislation that applies to AHPRA and the National Boards. Responsibility for compliance with particular legal obligations has been allocated to relevant AHPRA staff, who have been advised of their compliance responsibilities. We monitor compliance with applicable legislation and note when legislation is amended.
When compliance concerns have been identified through monitoring, or applicable legislation is amended, relevant staff have been allocated responsibility to take practical steps to ensure compliance. Responsible officers regularly report to AHPRA's senior executives and FARMC on the compliance steps they propose to take or have taken.
AHPRA engages a number of contractors to help with administering the National Law. AHPRA's standard contract terms require contractors to comply with applicable legislation and policies, including confidentiality, privacy, employment law and proper record-keeping obligations. Where it is appropriate, AHPRA requires contractors to permit AHPRA audits to ensure their compliance. A contract register is maintained, which is designed to help with monitoring contractor performance. We are in the process of implementing a new Contracts Module which will support expense resource planning and the monitoring of contractor performance.