The Board annually approves a Governance Statement which outlines the most significant aspects of our governance arrangements and processes.

www.airservicesaustralia.com/wp-content/uploads/Governance-Statement.pdf

As a corporate Commonwealth entity, we comply with the Public Governance, Performance and Accountability Act 2013 (PGPA Act) to ensure the effective, efficient, economical and ethical use of our resources.

The Board articulates its expectations through 11 organisational policies that are operationalised through 15 established governance frameworks. These governance frameworks support the delivery of our corporate objectives. Reflecting a ‘3 lines’ model of risk and compliance management and assurance, they comprise the documents, structures, systems and processes through which we ensure that our legal and regulatory obligations are met, our risks are managed and there is effective governance and assurance as to these activities.

The Board and Executive receive regular reporting on our GRC performance.

Risk management

We support a culture of proactive risk management by embedding sound risk management practices across our functions. Our risk management approach meets the requirements of Section 16 of the PGPA Act and is aligned to ISO 31000:2018 Risk Management – Guidelines and the Commonwealth Risk Management Policy.

Our Risk Appetite Statement is reviewed regularly to ensure it continues to drive effective risk management and consistent decision making through a common understanding of the level of risk that we are willing to accept. It also articulates our need to maintain the safety of air navigation as the most important consideration while delivering value and reliable services for our customers and the aviation industry.

Compliance management

We have a fundamental responsibility to ensure ongoing compliance with our legal and regulatory obligations. Our compliance management approach is broadly aligned to ISO 37301:2021 Compliance Management Systems Guidelines.

We maintain compliance obligation registers that are supported by legislative monitoring processes, compliance management activities, and reporting.

Ethical standards and fraud control

We promote the highest standards of ethical behaviour and do not tolerate fraudulent or corrupt conduct. We maintain strong and effective fraud control arrangements consistent with Section 10 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Fraud Rule).

The Board and Executive monitor the implementation of our Fraud Control Plan through regular reporting. Performance against ethical standards and fraud control is reported to the Board through the People, Culture and Remuneration Committee and Board Audit and Risk Committee.

Our Ethics and Fraud Control Policy and Bullying, Harassment and Discrimination Policy, supported by the Code of Conduct Policy, inform employees, contractors and consultants about our ethical standards and our approach to fraud and corruption. All alleged incidents of fraud, corruption and bribery are managed in accordance with our Handling Suspected Misconduct Procedure, as well as the Public Interest Disclosure Procedure (where alleged ‘disclosable conduct’ under the Public Interest Disclosure Act 2013 is reported). This includes investigations and any required reporting to external law enforcement agencies. We regularly review fraud risks and monitor fraud controls for effectiveness. All reasonable measures are undertaken to prevent, detect and investigate incidents of fraud.

Resilience

We have continued to demonstrate our commitment to organisational resilience. This focus has been to refine, challenge and mature the organisation’s resilience capability in partnership with internal business areas, our customers, the wider aviation industry and government agencies. To further strengthen our capability, lessons identified from real-life responses and exercises are being incorporated into the program.

During 2022-23, the annual exercise program has been extended to incorporate an all-hazards approach to resilience. Scenarios requiring more centralised coordination have been used to test the integration of multiple plans and stakeholders, uplifting the awareness and capability of leaders and key roles responsible for crisis management.

Exploration of supplier resilience assessments and interdependent systems with IT and operations will continue into the next financial year to consider global trends and look to mitigate risks related to supply chain, cyber and digital transformation.

Security

We take physical, personnel, information and cyber security very seriously and are committed to providing a secure and resilient environment through the application of our Security Framework. This includes a risk-based approach to the dynamic security threat environment in which we operate.

Our Security Plan demonstrates how we align with the core requirements of the Australian Government’s Protective Security Policy Framework (PSPF) and meet legislative requirements and international standards specific to the aviation security sector. It also outlines how we are implementing recommendations arising from an external review of physical security conducted during the latter half of 2021, embedding security requirements into change activities including the OneSKY program and asset management, and improving cyber resilience.

Significant investments in both our physical and personnel security functions have continued, representing a substantial increase to our security posture, including site security assessments being completed at over 70 sites and a governance review. National security clearances are also progressing to support the requirements for our OneSKY program.

As an Aviation Industry Participant (AIP), we maintain a Transport Security Program (TSP) and an associated Aviation Security Identification Card (ASIC) program, both of which are governed by the requirements of the Department of Home Affairs (the Regulator).