Governance framework

Brendan Thomas left Legal Aid NSW on 1 November 2021 to take on the new role of Deputy Secretary, Transforming Aboriginal Outcomes at the Department of Communities and Justice (DCJ).

Monique Hitter, previously the Deputy Chief Executive Officer of Legal Aid NSW, acted in the role from 2 November 2021.

Cherie Pittman was appointed to the temporary role of Director, Legal Services on 8 November 2021.  This role was created to manage some of the areas that previously reported to the Deputy CEO including the In-house Counsel Unit, the Strategic Law Reform Unit, the Client Eligibility Unit, the Community Legal Education Unit, Facilities, Administration Transformation, the Private Lawyer Quality Standards Unit and the Senior Internal Auditor. The role is also responsible for service disruption and serious incidents.

Helen Jessop, Executive Director of Business and Corporate Services and Chief Financial Officer, commenced a secondment on 1 December 2021 leading process and technology harmonisation at DCJ. This role has not been filled while Ms Jessop is on secondment. Instead, two new temporary roles were created. Trent Wilson was appointed to the role of Executive Director, Digital Transformation from 31 January 2022 to 30 January 2023. Michael Brodie was appointed to the position of Director, Finance from 24 January 2022 to 27 November 2023.

A new role of Director, Aboriginal Services was created on 8 June 2022. Kimberley Wilson is currently acting in this role.

Robert Hoyles was appointed as Director, Criminal Law on 23 December 2021 after a period acting in the role following Annmarie Lumsden’s departure on 27 October 2021 to take on the position of Director of the Northern Territory Legal Aid Commission.

Melissa Burgess was appointed to the role of Deputy Director, Criminal Law on 6 June 2022. Harriet Ketley acted in this role from 28 October 2021 to 3 June 2022.

Alexandra Colquhoun was appointed to the role of Director, Family Law on 3 November 2021. She acted in the role from 23 November 2020 to 1 November 2021 following Kylie Beckhouse’s appointment as a Judge of the Federal Circuit and Family Court of Australia.

Katie Kelso was appointed to the newly established temporary position of Deputy Director, Family Law on 23 May 2022 until 25 November 2022. This role is approved to 30 June 2023.

A new temporary role of Deputy Director, Civil Law will be created in the next reporting period.

Michael Coleman is a chartered accountant. He retired from KPMG in 2011 following a career that included 30 years as an audit partner and practice leader. Mr Coleman is the Chair of Legal Aid NSW’s Audit and Risk Committee and is also a member of the Legal Aid NSW Board. He also sits on other boards and audit committees, including at Macquarie Group and Macquarie Bank. He is currently an Adjunct Professor at the Australia School of Business, University of New South Wales.

Peter Whitehead is a lawyer and the former Public Trustee of NSW. Mr Whitehead was part of the original committee reviewing the role of audit within the NSW Government. He has since chaired several NSW Government audit and risk committees, including for the NSW Department of Premier and Cabinet, what was then the NSW Attorney General’s Department, the NSW Crime Commission and the Judicial Commission of NSW. He currently works in the financial services industry.

Leah Fricke has had a 20-year executive career as a lawyer, governance professional and lecturer, and 10 years’ experience as a non-executive director. She is an independent non-executive director of Columbus Capital and Forager Funds, the Independent Chair of the Audit and Risk Committee (ARC) for Western NSW Local Health District, and an independent member of the ARC of Sydney Local Health District. Ms Fricke is a qualified lawyer and holds a Bachelor of Laws/Bachelor of Arts from the University of Melbourne as well as an MBA from the University of Sydney. She is a Fellow of the Australian Institute of Company Directors (AICD), a Fellow of the Governance Institute of Australia and a member of the Association of Professional Futurists.

We have an Organisational Service Disruption Plan to respond to events that pose a risk to the continuation of business activities, and service disruption plans for each Legal Aid NSW office. These are activated when Legal Aid NSW is unable to continue to provide services from a regional office or a metropolitan office, including Central Sydney. The plans address required actions and specify a recovery management team to oversee the recovery process.

We have also developed a Service Disruption Plan for COVID-19 which identifies specific actions and strategies for dealing with the ongoing impacts of the pandemic. It outlines risk management strategies for interacting with the general public in a variety of settings including in Legal Aid NSW offices, outreach clinics, correctional facilities and at courts. We have established a Pandemic Control Centre (PCC) to review and update this plan and to coordinate its implementation.

Legal Aid NSW is committed to conducting business with honesty and transparency. Our Fraud and Corruption Prevention Plan outlines the steps we take to prevent fraud and other corrupt behaviour. Controls include responsibility structures, risk assessment, reporting systems, investigation standards, and conduct and disciplinary standards. The Fraud and Corruption Prevention Plan implements key parts of the framework and complements related policies including the Code of Conduct and  Protected Disclosure Policy.

• We will conduct 10 internal audits.
• We will implement the fifth year of the Legal Aid NSW Strategic Plan 2018–2023.

The objective of the Audit and Risk Committee is to provide independent assistance to the Chief Executive Officer and Board by monitoring, reviewing, and providing advice about Legal Aid NSW governance processes, risk management and control frameworks, and its external accountability obligations.

The committee comprised the following independent members in 2021–2022.

• Michael Coleman – Chair.
• Peter Whitehead – Committee Member.
• Robyn Gray – Committee Member (until 20 November 2021).
• Leah Fricke – Committee Member (since 1 March 2022).

The CEO, Deputy CEO (who is also the Chief Audit Executive and Chief Risk Officer), Executive Director Corporate Services and Chief Financial Officer (or Director Finance and Executive Director Digital Transformation), Acting Director Legal Services (when acting for the Chief Audit Executive), Senior Internal Auditor and representatives from the NSW Audit Office attend each meeting. The committee also invites other key Executive staff and external service providers to attend as necessary.

• The committee met on eight occasions in 2021–2022 and reviewed a range of matters including:
• monitoring of strategic plan and strategic project updates
• monitoring of financial position, trends, and budget compliance
• monitoring of internal and external audits
• monitoring of the impact of COVID-19 on the organisation
• operations and service delivery
• payroll process reviews
• compliance with financial delegations
• panel lawyer audits
• CCMS post implementation review
• procurement processes in the context of  the Procurement Reform Program of Stronger Communities (Procurement Board Reform Program)
• PaTH Project
• Digital Transformation Project
• proposal to give a delegation under section 69 of the Legal Aid Commission Act 1979 (NSW) to lawyers on our private lawyer panels
• the process for ensuring panel lawyers not recover costs and disbursements from legally assisted persons under section 41 of the Legal Aid Commission Act 1979 (NSW)
• Service Disruption Plans (SDP) and COVID-19 risk register
• NSW Audit Office’s management letter
• NSW Audit Office’s Your-Disability-Story Acquittal Audit report
• six-monthly report on Gifts and Benefits Register
• six-monthly report on implementing Grants Efficiency Project
• six-monthly report on Fraud and Corruption Prevention Framework
• increased working from home, virtual court sittings and virtual client consultation
• cybersecurity risk including risk maturity assessment under NSW Cyber Security Policy and the Essential Eight
• financial, compliance and reputational risk
• updated Enterprise Risk Management Policy and Framework, strategic risk register and risk maturity assessment
• record management maturity assessment
• circulars and guidelines of NSW Treasury, Department of Customer Service (Cybersecurity) and Independent Commission Against Corruption (Fraud and Corruption) and sector-wide performance reports of the NSW Audit Office as applicable
• internal controls to mitigate risks in the areas of work, health and safety, cybersecurity, fraud and corruption and compliance
• financial statements, external audit reports and external auditor’s management letters
  internal audit reports and reviews, and
• follow up of implementation of internal and external audit recommendations.

The following internal audits and reviews were undertaken during the year:

1. Data Loss Prevention and Privacy processes.
2. Purchasing cards, travel expenses and claims for minor expenses.
3. Processes for interpreter fees.
4. Accounts payable – payment to private practitioners.
5. ISMS for conformance with ISO 27001 controls and compliance with NSW Government Cyber Security Policy.
6. Conflict of Interest Policy (two six-monthly audits).
7. Compliance with TfNSW’s DRIVES24 Terms of Access Agreement.
8. Surveillance audit under ISO 27001.

Performance audits completed

Target for 2022–2023: 10

Monique Hitter
Deputy CEO, Acting CEO and Chief Audit Executive and Chief Risk Officer

I, Monique Hitter, CEO of Legal Aid NSW, am of the opinion that Legal Aid NSW has managed cyber security risks in a manner consistent with the mandatory requirements set out in the NSW Government Cyber Security Policy.

Governance is in place to manage the cyber security maturity and initiatives of Legal Aid NSW.

Risks to the information and systems of Legal Aid NSW have been assessed and continue to be reviewed and managed.

There exists a current cyber incident response plan for Legal Aid NSW which has been tested during the reporting period.

Legal Aid NSW has an ISO 27001 certified Information Security Management System (ISMS) in place.

Legal Aid NSW is doing the following to continuously improve the management of cyber security governance and resilience:

• maintaining a certified Information Security Management System (ISMS) that aligns to the ISO27001:2013 standard, with the objective of continual information security improvements whilst supporting security policies and objectives
• progressing a Cyber Security Uplift Program to improve cyber security maturity at Legal Aid NSW.
• escalating cyber security incidents, should they occur, to Cyber Security NSW as required.

An independent audit of the ISO 27001-certified Legal Aid NSW Information Security Management System was undertaken during the reporting period by ISO-accredited auditors and found to be adequate.

Monique Hitter
Chief Executive Officer

20 October 2022

I, Monique Hitter, am of the opinion that Legal Aid NSW has internal audit and risk management processes in operation that are, excluding the exemptions or transitional arrangements described below, compliant with the seven (7) Core Requirements set out in the Internal Audit and Risk Management Policy for the General Government Sector, specifically:

*For each requirement, please specify whether compliant, non-compliant, or in transition.
**Core requirement 3.1.13 as per TPP 15-03.

Membership

The Chair and members of the ARC are:

• Mr Michael Coleman – Independent Chair
  29 June 2016 to 2 September 2022
• Mr Peter Whitehead – Independent Member
  28 October 2014 to 28 October 2022
• Ms Robyn Gray – Independent Member
  11 March 2017 to 20 November 2021
• Ms Leah Fricke – Independent Member
  1 March 2022 to 28 February 2025

I, Monique Hitter advise that the internal audit and risk management processes for Legal Aid NSW depart from the following Core Requirements set out in the Internal Audit and Risk Management Policy for the General Government Sector.

The circumstances giving rise to these departures have been determined by the Responsible Minister and Legal Aid NSW has implemented the following practicable alternative measures to meet the Core Requirements.

These processes, including the practicable alternative measures implemented, demonstrate that Legal Aid NSW has established and maintained frameworks, including systems, processes and procedures for appropriately managing audit and risk.

Monique Hitter
Chief Executive Officer

23 August 2022