Annual Report 2020 - 2021
Governance framework
The Legal Aid Commission of NSW is established under the Legal Aid Commission Act 1979 (NSW) to improve access to justice for socially and economically disadvantaged members of our community.
Legal Aid NSW has a Board that is responsible for establishing its broad policies and strategic plans.
Our daily management and operations are overseen by the CEO, who has a performance agreement with the NSW Attorney General. The Deputy CEO, the Executive Director Corporate Services and Chief Financial Officer, and directors assist and report to the CEO. Our CEO is also a member of the Board.
Our work is supported by a range of plans and policies to establish procedural requirements, standards and priorities, as well as compliance with the Legal Aid Commission Act 1979 (NSW).
Code of Conduct
The Legal Aid NSW Code of Conduct articulates how we address the requirements of the Public Service Commission and the ethical framework provisions in the Government Sector Employment Act 2013 (NSW).
The Code of Conduct:
- sets the legal, ethical and institutional context for ethical conduct by NSW Government sector employees
- provides advice to all employees on demonstrating ethical good practice in leadership, decision-making and other responsibilities, and
- clearly outlines the responsibility of all employees to know, understand and comply with the ethical and legal obligations that apply to them.
The Code of Conduct has been included in the Legal Aid NSW induction program and our Individual Planning tool.
All our lawyers are bound by professional practice standards and comply with continuing professional development requirements.
Financial performance
Legal Aid NSW has a strong financial focus, robust budgets and clear, concise reporting to internal and external stakeholders. Detailed monthly financial reports are prepared for the Audit and Risk Committee and the Board. A commentary including detailed analysis is also provided. The Executive Director Corporate Services and Chief Financial Officer provides expert advice at Audit and Risk Committee and Board meetings.
Members of the Audit and Risk Committee
Michael Coleman is a chartered accountant. He retired from KPMG in 2011 following a career that included 30 years as an audit partner and practice leader. Mr Coleman is the Chair of Legal Aid NSW’s Audit and Risk Committee and is also a member of the Legal Aid NSW Board. He also sits on a number of other boards and audit committees, including Macquarie Group and Macquarie Bank. He is currently an Adjunct Professor at the Australia School of Business, University of New South Wales.
Peter Whitehead is a lawyer and the former Public Trustee of NSW. Mr Whitehead was part of the original committee reviewing the role of audit within the NSW Government. He has since chaired a number of NSW Government audit and risk committees, including for the NSW Department of Premier and Cabinet, what was then the NSW Attorney General’s Department, the NSW Crime Commission and the Judicial Commission of NSW. He currently works in the financial services industry.
Robyn Gray is a lawyer and former Deputy Solicitor of Public Prosecutions. She brings to the committee more than 25 years’ experience as a prosecutor, investigator and legal manager in Commonwealth and NSW public sector agencies and several Royal Commissions. In 2007, Ms Gray established her own consultancy. She is an independent member of the Office of the Director of Public Prosecutions Executive Board and three public sector audit and risk committees.
Business continuity
We have an organisational Service Disruption Plan to respond to events that pose a risk to the continuation of business activities. We have also developed a Service Disruption Plan for each Legal Aid NSW office which is activated when an event renders Legal Aid NSW unable to continue to provide services from a regional office or a metropolitan office, including Central Sydney. The plans address a range of actions that are required to manage such events and provides a recovery management team to oversee the recovery process.
We have also developed a Service Disruption Plan for COVID-19 which identifies specific actions and strategies. This includes interacting with the general public in a variety of settings including in Legal Aid NSW offices, outreach clinics, correctional facilities and at courts. We have established a Pandemic Control Centre (PCC) to review and update this plan in light of the rapidly changing circumstances and to coordinate its implementation.
Fraud and corruption processes
Legal Aid NSW is committed to conducting business with honesty and transparency. Our Fraud and Corruption Prevention Plan outlines the steps we take to prevent fraud and other corrupt behaviour. The framework uses a number of controls including responsibility structures, risk assessments, reporting systems, investigation standards, and conduct and disciplinary standards. It complements related policies including the Code of Conduct and Protected Disclosure Policy.
A formal Fraud and Corruption Control Plan is under development.
The year ahead
- We will conduct nine internal audits.
- We will implement the fourth year of the Legal Aid NSW Strategic Plan 2018–2023.
Report from the Audit and Risk Committee 2020–2021
The objective of the Audit and Risk Committee is to provide independent assistance to the CEO and Board by monitoring, reviewing and providing advice about Legal Aid NSW governance processes, risk management and control frameworks, and its external accountability obligations.
The Committee comprises three independent members:
- Michael Coleman – Chair
- Peter Whitehead – Committee Member
- Robyn Gray – Committee Member
The CEO, Deputy CEO who is also the Chief Audit Executive and Chief Risk Officer, Executive Director Corporate Services and Chief Financial Officer, Senior Internal Auditor and representatives from the NSW Audit Office attend each meeting. The Committee also invites other key Executive staff and external service providers to attend as necessary.
The Committee met on six occasions in 2020–2021 and reviewed a range of matters including:
- monitoring of strategic plan and quarterly strategic project updates
- monitoring of financial position, trends and budget compliance
- monitoring of internal and external audits
- monitoring of the impact of COVID-19 on the organisation
- operations and service delivery
- panel lawyer audits
- CCMS post implementation review
- BUDSAS project implementation review
- Service Disruption Plans and COVID-19 risk register
- NSW Audit Office management letter
- six-monthly report on Gifts and Benefits Register
- six-monthly report on implementing Grants Efficiency Project
- six-monthly report on Fraud and Corruption Prevention Framework
- increased working from home, virtual court sittings and virtual client consultation
- disruption to ICT equipment supply chains
- cyber security risk
- financial, compliance and reputational risk
- risk assessment, identification, mitigation and reporting
- internal controls to mitigate risks in the areas of work health and safety, cyber security, fraud, corruption and compliance
- financial statements, external audit reports and external auditor’s management letters
- internal audit reports and reviews, and
- follow-up of implementation of internal and external audit recommendations.
The following internal audits and reviews were undertaken during the year:
- review of safety, work, health and wellbeing function
- internal controls and delegations
- review of ISMS for conformance with ISO 27001 controls and compliance with NSW Government Cyber Security Policy
- review of Conflict of Interest Policy (six-monthly audit completed in November 2020)
- review of SAP human resource processes (in progress)
- review of compliance with Transport for NSW’s DRIVES24 Terms of Access Agreement
- risk management maturity assessment, update of Enterprise Risk Management Framework and Strategic Risk Register (in progress)
- external assessment of internal audit function
- surveillance audit under ISO 27001, and
- review of Conflict of Interest Policy (six-monthly audit completed in June 2021).
For the year 2020–2021, we progressed or completed 10 internal audits and reviews, including an external assessment of the internal audit function (as mandated in TPP 20-08). The external assessment of the internal audit function was carried out by the Institute of Internal Auditors Australia. It concluded that the internal audit function at Legal Aid NSW is operating professionally and generally conforms with the Internal Audit Standards – the highest rating that can be achieved.
Performance audits completed
| 2016–17 | 6 |
| 2017–18 | 6 |
| 2018–19 | 5 |
| 2019–20 | 4 |
| 2020–21 | 9 |
Target for 2021–2022: 9
Monique Hitter
Deputy CEO, Chief Audit Executive and Chief Risk Officer
August 2021
Cyber Security Annual Attestation Statement for the 2020–2021 Financial Year for Legal Aid NSW
I, Brendan Thomas, CEO of Legal Aid NSW, am of the opinion that Legal Aid NSW has managed cyber security risks in a manner consistent with the mandatory requirements set out in the NSW Government Cyber Security Policy.
Governance is in place to manage the cyber security maturity and initiatives of Legal Aid NSW.
Risks to the information and systems of Legal Aid NSW have been assessed and continue to be reviewed and managed.
There exists a current cyber incident response plan for Legal Aid NSW which has been tested during the reporting period.
Legal Aid NSW has an Information Security Management System (ISMS) in place.
Legal Aid NSW is doing the following to continuously improve the management of cyber security governance and resilience:
- maintaining a certified ISMS that aligns to the ISO 27001:2013 standard, with the objective of continual information security improvements whilst supporting security policies and objectives
- utilising the Plan-Do-Check-Act (PDCA) model to achieve continuous improvement, and
- escalating cyber security incidents, should they occur, to Cyber Security NSW as required.
An independent audit of the ISO 27001-certified Legal Aid NSW Information Security Management System was undertaken during the reporting period by ISO-accredited auditors and found to be adequate.
Brendan Thomas
Chief Executive Officer
30 August 2021
Internal Audit and Risk Management Attestation Statement for 2020–2021
I, Brendan Thomas, am of the opinion that Legal Aid NSW has internal audit and risk management processes in operation that are, excluding the exemptions or transitional arrangements described below, compliant with the seven Core Requirements set out in the Internal Audit and Risk Management Policy for the General Government Sector, specifically:
| Core Requirements | Status* |
|---|---|
| Risk Management Framework | |
| 1.1 The Accountable Authority shall accept ultimate responsibility and accountability for risk management in the agency | Compliant |
| 1.2 The Accountable Authority shall establish and maintain a risk management framework that is appropriate for the agency. The Accountable Authority shall ensure the framework is consistent with AS ISO 31000:2018 | Compliant |
| Internal Audit Function | |
| 2.1 The Accountable Authority shall establish and maintain an internal audit function that is appropriate for the agency and fit for purpose | Compliant |
| 2.2 The Accountable Authority shall ensure the internal audit function operates consistent with the International Standards for Professional Practice for Internal Auditing | Compliant |
| 2.3 The Accountable Authority shall ensure the agency has an Internal Audit Charter that is consistent with the content of the ‘model charter’ | Compliant |
| Audit and Risk Committee | |
| 3.1 The Accountable Authority shall establish and maintain efficient and effective arrangements for independent Audit and Risk Committee oversight to provide advice and guidance to the Accountable Authority on the agency’s governance processes, risk management and control frameworks, and its external accountability obligations | Non-compliant with respect to the core requirement 3.1.16** which provides a maximum term of five years for the Chair of the Audit and Risk Committee |
| 3.2 The Accountable Authority shall ensure the Audit and Risk Committee has a Charter that is consistent with the content of the ‘model charter’ | Compliant |
*For each requirement, please specify whether compliant, non-compliant, or in transition.
**Core requirement 3.1.13 as per TPP 15-03.
Membership
The Chair and members of the Audit and Risk Committee are:
- Mr Michael Coleman – Independent Chair
29 June 2016 to 2 September 2022 - Mr Peter Whitehead – Independent Member
28 October 2014 to 28 October 2022 - Ms Robyn Gray – Independent Member
11 March 2017 to 11 March 2023
Departures from Core Requirements
I, Brendan Thomas, advise that the internal audit and risk management processes for Legal Aid NSW depart from the following Core Requirement set out in the Internal Audit and Risk Management Policy for the General Government Sector.
The circumstances giving rise to these departures have been determined by the Responsible Minister and Legal Aid NSW has implemented the following practicable alternative measures to meet the Core Requirements.
| Departure | Reason for departure and description of practicable alternative measures implemented/being implemented |
| Non-compliance | |
|
3.1.16 of TPP 20-08 (which corresponds to 3.1.13 of TPP 15-03):
“The chair of the ARC shall be appointed for one (1) term only for a period of at least three (3) years, with a maximum period of five (5) years. The term of appointment for the chair can be extended but any extension shall not cause the total term to exceed five (5) years as a chair of the ARC.” The Chair of ARC whose maximum term of office of five years expires on 23 June 2021 has been given an extension up to 2 September 2022. |
Mr Michael Coleman was appointed to the Legal Aid NSW Board from 23 June 2016 to 22 June 2019 and reappointed from 2 September 2019 to 2 September 2022. He was also appointed Chair of the Audit and Risk Committee (ARC) from 29 June 2016 to 22 June 2019 and reappointed from 23 June 2019 to 23 June 2021.
Mr Coleman’s maximum five-year term on the ARC will expire on 23 June 2021, however his appointment to the Board does not expire until 2 September 2022.
Mr Coleman is a highly respected member of the Board and has performed outstandingly as Chair of the ARC. He has significant expertise and experience as a director and chairman in various organisations. His corporate experience in managing risk and finance will be very difficult to replicate and it is the Board’s determination that the alignment of his term as both Chair of the ARC and as a Legal Aid NSW Board member will ensure continuity. It was therefore proposed to extend his term as Chair of the ARC to coincide with his term of appointment to the Board. Ministerial exemption from the Attorney General has been obtained for this extension. He has since been reappointed as Chair of the ARC for the term up to 2 September 2022. |
These processes, including the practicable alternative measures implemented, demonstrate that Legal Aid NSW has established and maintained frameworks, including systems, processes and procedures for appropriately managing audit and risk.
Brendan Thomas
Chief Executive Officer
19 August 2021