Go to content

Annual Report 2019 - 2020

Governance framework

The Legal Aid Commission of NSW is established under the Legal Aid Commission Act 1979 (NSW) to improve access to justice for socially and economically disadvantaged members of our community.

Legal Aid NSW has a Board that is responsible for establishing its broad policies and strategic plans. Our daily management is overseen by the CEO, who has a performance agreement with the NSW Attorney General, with assistance from the Deputy CEO and directors listed at Senior Executive, July 1, 2019 to June 30, 2020. The Deputy CEO and directors report to the CEO. Our CEO is also a member of the Board. Our work is supported by a range of plans and policies to establish procedural requirements, standards and priorities, as well as compliance with the Legal Aid Commission Act 1979 (NSW).

Code of Conduct

The Legal Aid NSW Code of Conduct addresses the requirements of the Public Service Commission and the Government Sector Employment Act 2013 (NSW) ethical framework provisions.

The code:

  • sets the legal, ethical and institutional context for ethical conduct by NSW Government sector employees
  • provides advice to all employees on demonstrating ethical good practice in leadership, decision-making and other responsibilities, and
  • clearly outlines the responsibility of all employees to know, understand and comply with the ethical and legal obligations that apply to them.

Financial performance

Legal Aid NSW has a strong financial focus, robust budgets and clear, concise reporting to internal and external stakeholders. Detailed monthly financial reports are prepared for the Audit and Risk Committee and the Board. A commentary including detailed analysis is also provided. The Director of Finance provides expert advice at Audit and Risk Committee and Board meetings.

Governance flow

Members of the Audit and Risk Committee

Michael Coleman is a chartered accountant. He retired from KPMG in 2011 following a career that included 30 years as an audit partner and practice leader. Mr Coleman is the Chair of Legal Aid NSW’s Audit and Risk Committee and is also a member on the Legal Aid NSW Board. He also sits on a number of other boards and audit committees, including Macquarie Group and Macquarie Bank. He is currently an Adjunct Professor at the Australian School of Business, University of New South Wales.

Peter Whitehead is a lawyer and the former Public Trustee of NSW. Mr Whitehead was part of the original committee reviewing the role of audit within the NSW Government. He has since chaired a number of NSW Government audit and risk committees, including for the NSW Department of Premier and Cabinet, what was then the NSW Attorney General’s Department, the NSW Crime Commission and the Judicial Commission of NSW. He currently works in the financial services industry.

Robyn Gray is a lawyer, accredited mediator and principal of Herne Gray and Associates Pty Ltd. She brings to the committee more than 25 years’ experience as a prosecutor, investigator and legal manager in Commonwealth and NSW public sector agencies and several Royal Commissions. In 2007, Ms Gray established her own consultancy to serve public sector and not-for-profit agencies. She is an independent member of the Office of the Director of Public Prosecutions Executive Board, the Justice Health Human Research Ethics Committee and three public sector audit and risk committees.

Business continuity

We have a Service Disruption Plan that is activated when an event renders Legal Aid NSW unable to continue to provide services from a regional office or a metropolitan office, including Central Sydney.

The plan addresses a range of actions that are required to manage such events and provides for a recovery management team to oversee the recovery process.

Fraud and corruption processes

Legal Aid NSW is committed to conducting business with honesty and transparency. Our Fraud and Corruption Prevention Framework outlines the steps we take to prevent fraud and other corrupt behaviour.

The framework uses a number of controls including responsibility structures, risk assessment, reporting systems, investigation standards, and conduct and disciplinary standards. It complements related policies such as the Code of Conduct and Protected Disclosure Policy.

Year ahead iconThe year ahead

  • We will conduct six performance audits.
  • We will implement the third year of the Legal Aid NSW Strategic Plan 2018–2023

Governance flow

Internal Audit and Risk Management Attestation Statement for 2019–2020

I, Brendan Thomas, am of the opinion that Legal Aid NSW has internal audit and risk management processes in operation that are, excluding the exceptions or transitional arrangements described below, compliant with the eight (8) core requirements set out in the Internal Audit and Risk Management Policy for the NSW Public Sector, specifically:

Core RequirementsStatus*
Risk Management Framework
1.1 The agency head is ultimately responsible and accountable for risk management in the agency.Compliant
1.2 A risk management framework that is appropriate to the agency has been established and maintained and the framework is consistent with AS/NZS ISO 31000:2009Compliant
Internal Audit Function
2.1 An internal audit function has been established and maintainedCompliant
2.2 The operation of the internal audit function is consistent with the International Standards for the Professional Practice of Internal AuditingCompliant
2.3 The agency has an Internal Audit Charter that is consistent with the content of the ‘model charter’Compliant
Audit and Risk Committee
3.1 An independent Audit and Risk Committee with appropriate expertise has been establishedCompliant
3.2 The Audit and Risk Committee is an advisory committee providing assistance to the agency head on the agency’s governance processes, risk management and control frameworks, and its external accountability obligationsCompliant
3.3 The Audit and Risk Committee has a Charter that is consistent with the content of the ‘model charter’Compliant

* For each requirement, please specify whether compliant, non-compliant, or in transition


The chair and members of the Audit and Risk Committee are:

  • Mr Michael Coleman – Independent Chair
    Start term date: June 29, 2016
    Finish term date: June 22, 2019
    Reappointed for the period June 23, 2019 to June 23, 2021
  • Mr Peter Whitehead – Independent Member
    Start term date: March 11, 2017
    Finish term date: March 11, 2020
    Reappointed for the period March 11, 2020 to March 11, 2023
  • Ms Robyn Gray – Independent Member
    Start term date: March 11, 2017
    Finish term date: March 11, 2020
    Reappointed for the period March 11, 2020 to March 11, 2023

Brendan Thomas
August 2020

Cyber Security Annual Attestation Statement for the 2019–2020 Financial Year for Legal Aid NSW

I, Brendan Thomas, CEO, am of the opinion that Legal Aid NSW has managed cyber security risks in a manner consistent with the mandatory requirements set out in the NSW Government Cyber Security Policy.

Governance is in place to manage the cyber security maturity and initiatives of Legal Aid NSW.

Risks to the information and systems of Legal Aid NSW have been assessed and continue to be reviewed and managed.

There exists a current cyber incident response plan for Legal Aid NSW which has been tested during the reporting period.

Legal Aid NSW has an Information Security Management System (ISMS) in place.

Legal Aid NSW is doing the following to continuously improve the management of cyber security governance and resilience:

  • maintaining a certified Information Security Management System (ISMS) that aligns to the ISO27001:2013 standard, with the objective of continual information security improvement, whilst supporting security policies and objectives
  • utilising the Plan-Do-Check-Act (PDCA) model to achieve continuous improvement
  • escalating cyber security
    incidents, should they occur, to Cyber Security NSW as required.

Brendan Thomas
August 2020

Report from the Audit and Risk Committee 2019–2020

The primary objective of the Audit and Risk Committee is to advise the Board, including the Chief Executive Officer, on financial reporting practices, business ethics, policies and practices, accounting policies and internal controls.

Accordingly, the Committee oversees a range of activities, including the financial performance of Legal Aid NSW and the internal audit function.

The Committee comprises three independent members:

Michael Coleman – Chair
Peter Whitehead – Committee Member
Robyn Gray – Committee Member

The Chief Executive Officer, Deputy Chief Executive Officer and Chief Audit Executive, Director of Finance and Director of Policy, Planning and Programs also attend each meeting. Representatives from the NSW Audit Office also attend each meeting.

The Committee met on six occasions in 2019–2020 and reviewed a range of matters including:

Financial reports

  • Financial reports
  • End-of-year financial statements
  • Strategic plan, associated risks and program progress
  • Updates on internal audits and the implementation of recommendations
  • Work, health and safety
  • Grants management efficiency assessment
  • Service disruption plans
  • Information security and cyber security
  • Client and Case Management System (CCMS)
  • Legal Aid NSW risk assessment, risk framework, COVID-19 risk register and safety plan
  • Audit and Risk Committee (ARC) Charter and Internal Audit Charter
  • Internal audit plan
  • NSW Treasury Circulars or policy papers and any NSW Premier’s Memoranda and Circulars relevant to the ARC, and any changes to the accounting standards
    Assessment of ARC performance
  • Fraud and corruption prevention framework and the legal compliance framework.

The following internal audits were undertaken during the year:

  • IT risk assessment
  • Procurement
  • Client privacy – information and confidentiality management including data and information privacy
  • Audit of compliance with the Conflict of Interest Policy
  • ISO27001 Information Security Management System Surveillance Review.

Monique Hitter
Deputy CEO and Chief Audit Executive
August 2020