Skip to main content

ASD Annual Report 2018–19

Letter of transmittal

Senator Linda Reynolds
Minister for Defence
Parliament House
CANBERRA ACT 2600

Dear Minister

Australian Signals Directorate Annual Report 2018–19

In accordance with section 46 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), I am pleased to present to you the Australian Signals Directorate's (ASD) annual report for 2018–19. This report contains information required by the PGPA Rule 2014, except where some content has been aggregated or not included in accordance with ASD's s105D Determination.

As required by section 42A of the Intelligence Services Act 2001, I will provide you with a separate classified report of the activities of ASD during 2018–19.

As required by subsection 17AG(2) of the PGPA Rule, I certify that fraud and risk assessments and control plans have been prepared for ASD, that we have appropriate mechanisms in place for preventing, investigating, detecting and reporting incidents of fraud, and that all reasonable measures have been taken to deal appropriately with fraud.

Yours sincerely

Lieutenant-General John Frewen DSC, AM
Acting Director-General
Australian Signals Directorate
10 October 2019

Chapter 1  |  Director-General ASD's overview

I am pleased to present the 2018–19 Australian Signals Directorate (ASD) Annual Report.

ASD defends Australia from global threats, and advances the national interest through the provision of foreign signals intelligence, cyber security and offensive cyber operations, as directed by Government.

ASD's foreign signals intelligence operations support a range of activities that protect the lives of Australians. These include providing support to Australian Defence Force operations across the globe, tracking the foreign communications of extremists who pose a threat to Australians and Australia's interests, and supporting the safe release of Australians who have been taken hostage overseas.

Against the backdrop of growth in use cases for technology in the daily lives of Australians, our cyber security functions have never been more important. Throughout 2018–19, Australia was targeted by a range of actors who conducted persistent cyber operations that posed significant threats to Australia's national security and economic prosperity. The most concerning activity was the deliberate targeting of private and public sector organisations for valuable intellectual property, the personal information of Australians, and Australian Government and Defence information.

Cybercrime continued to be a pervasive and endemic threat to Australia's economic and social prosperity throughout 2018–19. Cyber criminals follow the money — and Australia was an attractive target due to its wealth and widespread internet connectivity.

Throughout 2018–19, cyber criminals operated at scale, applying the principle of 'quantity over quality'. They targeted individuals and organisations by exploiting poor cyber-hygiene practices, including the use of default, simplistic or generic passwords. There were significant phishing campaigns, business email compromises, cryptocurrency mining, credential harvesting and the use of ransomware.

Throughout 2018–19, ASD's Australian Cyber Security Centre (ACSC) has remained focused on emerging cyber threats, including those to critical infrastructure, the Internet of Things, supply chain security, and cloud computing and online storage.

2018–19 has been a year of significant change for ASD, and a year of 'firsts'.

On 1 July 2018, ASD became a statutory agency within the Defence portfolio, as recommended by the 2017 Independent Intelligence Review. This marked the biggest change to ASD since its creation in the aftermath of the Second World War. Additionally, from 1 July 2018, the ACSC began operating as part of ASD, making ASD both an intelligence and a security agency, with its knowledge and expertise in each of these broad functions informing the other in the protection of Australia's national interests.

During 2018–19, ASD has taken deliberate steps to be more transparent about its role. The Director-General delivered a series of public speeches designed to bring ASD out of the shadows and provide Australians with a better sense of what we do and why we do it – and assure the public that we act legally and ethically in support of the Government's priorities.

As a new statutory agency, ASD has taken steps to establish appropriate governance and enterprise management frameworks. These frameworks will continue to mature and improve over coming years, and as they improve, so too will our ability to find the right balance between informing the Parliament and the Australian public of our performance, while necessarily keeping the details of our operations and capabilities classified. In the interim, the performance information in this 2018–19 Annual Report is weighted heavily in favour of our cyber security functions.

In 2018–19, ASD mirrored the majority of the Department of Defence's financial policies and processes through a shared services arrangement, which allowed ASD to establish an effective financial management framework across its first year of operation as an independent statutory entity. In the independent auditor's report, which can be found on page 2, the Australian National Audit Office has provided its opinion that ASD's 2018–19 financial statements fairly present the agency's financial position and financial performance, and are free from material misstatement. Further analysis of ASD's financial position is provided in the performance section of this report, and in the financial statements in Chapter 5 of this report.

As we look to the next reporting period, it is clear that ASD's operating environment will remain complex and challenging. We are mindful of major shifts in the strategic landscape, including security and stability across the Indo-Pacific. We face a rising threat to our national security, economic prosperity and social wellbeing from foreign interference, espionage and cybercrime. We are also mindful of the rapid change in the technology environment, which is critical for us to master in order to identify and disrupt threats, and protect Australian interests. ASD's workforce will remain the key to addressing these challenges – a group of talented, dedicated people with an extensive diversity of skills willing to meet these challenges in support of Australia's interests. I thank the men and women of ASD for their extraordinary efforts across a challenging year.

I also thank the inaugural Director-General of ASD, Mr Mike Burgess, who left ASD in September 2019 to commence as the Director-General of Security. His leadership, guidance and vision for ASD have been instrumental in setting the course for ASD's growth as a statutory agency over the course of the 2018–19 reporting period.

Lieutenant-General John Frewen DSC, AM
Acting Director-General
Australian Signals Directorate

Chapter 2 | Overview of ASD

Purpose

ASD's purpose is to defend Australia against global threats and advance our national interests through the provision of foreign signals intelligence, cyber security and offensive cyber operations, as directed by Government.

In order to do this, ASD masters technology and its application to inform (signals intelligence), protect (cyber security) and disrupt (offensive cyber operations).

ASD's strategic objectives are to:

  • Deliver strategic advantage for Australia by providing intelligence that protects and advances Australia's national interests.
  • Lead in cyber security, making Australia the safest place to connect online, and foster national cyber security resilience.
  • Support military operations, enabling the war fighter, and protecting Defence personnel and assets.
  • Counter cyber-enabled threats, protecting Australia and Australians by countering cyber-enabled crime and disrupting terrorists' use of the internet.
  • Provide trusted advice and expertise, delivering timely, quality advice to government, law enforcement, businesses and the community.

ASD is committed to fulfilling its purpose in accordance with the law. This is reflected in our values: to be meticulous in execution, always acting legally and ethically, and being accountable to the public, through Government, for everything we do. ASD recognises that its foreign signals intelligence capabilities are uniquely intrusive, and its offensive cyber operations even more so. This is why maintaining the trust of the Australian Government and the Australian public, by demonstrating that ASD operates legally and with propriety, is of the utmost importance to ASD.

ASD operates under the Intelligence Services Act 2001 (ISA), which specifies that ASD's functions are to:

  • collect foreign signals intelligence
  • communicate foreign signals intelligence
  • prevent and disrupt offshore cyber-enabled crime
  • provide cyber security advice and assistance to Australian governments, businesses and individuals
  • support military operations
  • protect the specialised tools ASD uses to fulfil its functions, and
  • cooperate with and assist the national security community's performance of its functions.

Organisational structure 2018–19

Figure 1: ASD organisational structure at 30 June 2019

ASD organisational structure at 30 June 2019: Minister for Defence, Senator the Hon Linda Reynolds; Director-General, Mr Mike Burgess; Principal Deputy Director-General, LTGEN John Frewen; Head Australian Cyber Security Centre, LTGEN John Frewen; Deputy Director-General Sigint and Network Operations, Mr Simeon Gilding;  Deputy Director-General Corporate and Capability, Ms Hazel Bennett.

Notes:

  1. As at 30 June 2019

  2. Mr Alastair MacGibbon left the role of Head Australian Cyber Security Centre in May 2019. LTGEN Frewen assumed responsibility for the centre in addition to his responsibilities as the Principal Deputy Director-General until the commencement of Ms Rachel Noble in July 2019.

Mike Burgess was ASD's Accountable Authority for the 2018–19 reporting period.

Chapter 3 | Report on performance

Annual performance statements

Introductory statement

ASD's purpose is to defend Australia against global threats and advance our national interests through the provision of foreign signals intelligence, cyber security and offensive cyber operations, as directed by Government.

Following ASD's establishment as a statutory agency in July 2018, ASD has committed to strengthening and, where required, building new enterprise-level governance and performance frameworks. This is an ongoing body of work, with ASD already implementing a new planning framework and establishing internal reporting mechanisms to oversee our performance against our objectives. ASD's ability to report on its performance will be limited by the classified nature of its work; however, the agency is committed in 2019–20 to improving its performance methodologies, with the aim of ensuring we have robust measures for determining our performance and providing as much detail as possible in the 2019–20 ASD Annual Report.

As Acting Director-General of the Australian Signals Directorate and the accountable authority of ASD, I present the 2018–19 annual performance statements for ASD, as required by paragraph 39(1) of the Public Governance, Performance and Accountablility Act 2013 (PGPA Act). In my opinion, the annual performance statement is based on properly maintained records, accurately reflects the performance of ASD in achieving its purpose and complies with section 39(2) of the PGPA Act.

Lieutenant-General John Frewen DSC, AM
Acting Director-General
Australian Signals Directorate
10 October 2019

ASD's performance

ASD's 2018–19 Corporate Plan focused on three core activities – foreign signals intelligence, cyber security and offensive cyber operations. Figure 2 sets out these activities, and the associated measure and benefit.

Figure 2: ASD's performance activities.

Performance

  1 FOREIGN SIGNALS INTELLIGENCE 2 CYBER SECURITY 3 OFFENSIVE CYBER OPERATIONS
ACTIVITY  Provide foreign signals intelligence. Provide cyber security services. Conduct offensive cyber operations.
MEASURE  Our intelligence informs strategic, operations and tactical decision making. Our cyber security services prevent, deter and remediate cyber threats to Australia. Our offensive cyber operations deliver real world impact, including providing advantage to military operations.
BENEFIT  Enhance Australia's prosperity and security by delivering strategic and tactical advantage. Improve cyber security and resilience across Australia. Distribute threats to Australia's national interests.

Target for activities
Our stakeholders value our unique and timely insights that enable their missions.
Source – ASD Corporate Plan 2018–19, addresses ASD Portfolio Budget Statements 2018–19.

Foreign signals intelligence – performance analysis

During 2018–19, ASD obtained and provided foreign signals intelligence to Government that met the Government's priorities and requirements. This intelligence helped to inform strategic, operational and tactical decision-making. In accordance with section 42A of the Intelligence Services Act 2001 (ISA), the Director-General of ASD has provided the Minister for Defence with a report of ASD's activities during the year.

During 2019–20, ASD will introduce new performance measures that will provide a performance baseline. In following years, ASD will enhance and evolve its performance measures and methodologies, developing a robust performance assessment process that effectively demonstrates the value of ASD's activities to the Australian Government. Due to the nature of ASD's work, some performance measures will continue to be reported through existing performance frameworks in classified channels.

Cyber security services – performance analysis

As of 1 July 2018, ASD's ACSC commenced delivering its new whole-of-economy functions, in line with an expanded remit to provide cyber security advice and assistance to Australian governments, business and critical infrastructure, as well as communities and individuals.

During 2018–19, ASD established a 24/7 cyber incident monitoring and response capability, delivering situational awareness, incident response, crisis management as well as providing cyber advice and assistance.

The ACSC's incident response capabilities span the full range of cyber incidents from national crises to incidents affecting individual members of the public. In order to manage the broad range of cyber incidents, the ACSC uses a Cyber Incident Categorisation Matrix (see Figure 3) to triage and prioritise the immediate defensive response to mitigate each cyber incident. This allows the ACSC to focus its resources more effectively, ensuring consistent messaging and an appropriate level of response measures are activated.

Figure 3: Cyber Incident Categorisation Matrix

Table summarising incidents by severity and organisation size, as described in following text
Includes number of incidents between 1 July 2018 and 30 June 2019.

During 2018–19, the ACSC responded to 2164 incidents of varying significance, including Australia's first national cyber crisis (C1). The C1 incident saw the ACSC operate at a heightened state of activity to provide advice and assistance to Australia's major political parties and government agencies after they were targeted by a sophisticated state-sponsored actor; see Case study 1: Malicious intrusion into the Australian Parliament House computer network.

Of the other incidents reported to the ACSC, 40 per cent were for low-level malicious attacks, including targeted reconnaissance, phishing emails and non-sensitive data loss. Members of the public reported the highest number of incidents, making up approximately one quarter of all reports received.

Case study 1: Malicious intrusion into the Australian Parliament House computer network

In the first half of 2019, the ACSC investigated an incident on government networks that included the major political parties and the Australian Parliament House network. While the intrusion was widespread, it was caught early. The Department of Parliamentary Services had implemented security practices that helped to identify and restrict the extent of the compromise, minimising the potential impact.

Following the Prime Minister's announcement of this incident in February 2019, the ACSC collaborated with state and territory counterparts to activate the Cyber Incident Management Arrangements, the national coordination framework between Australian, state and territory governments to rapidly share threat intelligence, as well as techniques, tactics and procedures used by the actor.

The ACSC released an advisory that explained the malicious activity, together with a custom-built software tool that enabled customers – such as Australian, state and territory government agencies and critical infrastructure providers – to scan their networks to identify any potential similar indicators of compromise.

Our collaboration on this matter extended to our Five-Eyes intelligence partners. It is our long-standing practice to share intelligence as it relates to national security, and the assistance provided by our partners was integral to our understanding of this incident.

The ACSC worked actively with public and private sector organisations to strengthen cyber security arrangements and build resilience. Key activities included:

  • amplifying the ACSC's National Exercise Program, which supported 25 cyber security exercises across government and the energy, banking and finance, telecommunications, transport, water, health and resource sectors
  • commencing an Energy Sector Cyber Security Readiness and Resilience Program, which supported the vision outlined in the Independent Review into the Future Security of the National Electricity Market: Blueprint for the Future (Commonwealth of Australia, 2017), for a National Electricity Market that has a strong cyber security posture
  • expanding the Joint Cyber Security Centre (JCSC) Program by opening new centres in Perth and Adelaide. The centres provide a tangible interface between industry and government on cyber security issues. The JCSCs are also the ACSC's primary mechanism for regular engagement with state and territory governments and, increasingly, local governments
  • initiating a Whole of Government Cyber Uplift for Federal Government Systems for government agencies (see Case study 2: Whole of Government Cyber Uplift for Federal Government Systems)
  • providing cyber security support to the Australian Electoral Commission (see Case study 3: Support to the Australian Electoral Commission).

Case study 2: Whole of Government Cyber Uplift for Federal Government systems

The cyber campaign against departments, agencies and political parties, reported in late 2018 (see Case study 1: Malicious intrusion into the Australian Parliament House computer network), demonstrated hostile actors' capacity and intent to identify and exploit vulnerabilities in the Australian Government's internet-facing networks.

In response, the ACSC initiated a program to provide strategic technical assistance to Australian government agencies to support an increase – or 'uplift' – to their cyber security posture and implementation.

As part of this service, the ACSC launched the Essential Eight+Sprint Program in April 2019 to help 25 government organisations improve their Essential Eight maturity and overall cyber security posture.

ASD's Essential Eight Strategies to Mitigate Cyber Security Incidents is a list of proven mitigation strategies designed to assist organisations in prioritising those measures which will provide the strongest and most effective baseline to protect their systems against current cyber threats.

During 2018-19, the ACSC updated ASD's Essential Eight Strategies to Mitigate Cyber Security Incidents Maturity Model to reflect improved knowledge obtained through the sprint engagement with Australian government agencies, and hosted the inaugural Chief Information Officer and Chief Information Security Officer forum. This forum has now established a community of like-minded cyber specialists across the Australian government, who remain focused and energised on improving cyber security.

In addition to the Whole of Government Cyber Uplift for Federal Government Systems, the ACSC continued to provide strategic technical assistance to improve the cyber hygiene of agencies within local, state and Commonwealth agencies, as well as academic institutions. Across these sectors, the ACSC provided recommendations for improvements to cyber security, through tailored advice and targeted interventions, to effect change with speed, scale and impact.

Case study 3: Support to the Australian Electoral Commission (AEC)

In support of Australia's whole-of-government approach to securing the 2019 Federal Election from interference, the ACSC, along with the AEC, Department of Finance, Department of Home Affairs, Department of the Prime Minister and Cabinet, Department of Communication and the Arts, the Attorney-General's Department, Australian Federal Police and the National Intelligence Community worked together as the Electoral Integrity Assurance Taskforce (the Taskforce). The ACSC provided physical resourcing by facilitating collocation of Taskforce members.

The Taskforce provided a valuable platform for sharing information on issues such as possible foreign interference, undisclosed foreign influence activities and cyber threats. The ACSC was focused on providing cyber security advice and assistance to the AEC, and supporting the AEC's efforts to increase their resilience to cyber security threats. The ACSC also provided 24-hour monitoring of the AEC network for malicious activity until June 2019, with ongoing monitoring support until the return of writs. The ACSC did not identify any cyber incidents that undermined the integrity of the election.

The ACSC also launched a Critical Infrastructure Lab to raise awareness of the security issues in critical infrastructure and research best practice in system configuration. The Lab currently comprises tabletop exercise and learning components, as well as a small-scale functioning system emulating that used by Australian Critical Infrastructure providers (see Figure 4). Extensions to this lab are planned to increase research efforts on security issues around smart cities and emerging technologies.

Figure 4: Defending a mini-village run by Industrial Control Systems

During 2018–19, the ACSC used a variety of means to provide accurate and timely cyber security advice to Australians.

The ACSC produced:

  • sixty PROTECT publications on cyber.gov.au for public consumption, including appropriate updates to several existing publications
  • the inaugural unclassified Sector Snapshot, which focused on the energy sector and was designed to inform decisions about investment and allocation of internal resources by executives and cyber security professionals
  • a Practitioners Guide and an Executive Companion used to inform organisations about key cyber security issues related to cyber supply chain management
  • updates to the Essential Eight Maturity Model
  • six Australian Communications Security Instructions to Australian government agencies and associated contractors tasked with the control, handling and maintenance of cryptographic products used to protect classified government information
  • a new version of the Information Security Manual which provides significant updates to its risk management framework
  • seven Information Security product certifications under the Australasian Information Security Evaluation Program.

In August 2018, the first phase of the ACSC's new digital platform — cyber.gov.au — was launched. This represented the first step in consolidating a number of Government cyber security websites and services, to simplify how Australians access government cyber security advice and assistance, and report issues such as security and cybercrime incidents. In April 2019, an improved version of cyber.gov.au was released, presenting content in a much more user-friendly manner. On final release, cyber.gov.au will provide all Australians, from individuals to businesses, a single place to report cybercrime and find advice on cyber security practices.

From 8–14 October 2018, the ACSC ran its annual Stay Smart Online national awareness-raising week to promote safe cyber practices. The aim of the campaign was to create a nationally-recognised movement that disrupts complacency on cyber security and motivates Australians to apply simple 'cyber sense' to everyday engagements online. The 2018 Stay Smart Online Week generated major media coverage and content was shared by Stay Smart Online partners to reach over 2.6 million Australians, achieve 15 million news media impressions and drive a 50 per cent increase in visitors to the Stay Smart Online website.

The ACSC collaborated with industry and government stakeholders on cyber security matters, including:

  • working with the Australian Energy Market Operator to develop the Australian Energy Sector Cyber Security Framework
  • providing cyber security advice in support of the foreign investment applications and licence condition reviews, primarily associated with systems of national significance
  • contributing expertise to the Department of Home Affairs' critical infrastructure protection policies.

Throughout 2018–19, the ACSC helped inform policy makers of the key trends and continuously evolving and sophisticated nature of the threat environment, including by:

  • establishing a Commonwealth Chief Information Security Officer Forum, where senior government officials with responsibility for cyber security are able to leverage the collective knowledge and experience of members to improve cyber resilience
  • supporting major government policy initiatives to publicly attribute malicious cyber activity
  • producing upwards of 50 classified intelligence assessments, covering the actions of state and non-state actors, global cyber policy developments of relevance to Australia, and the challenges posed by new cyber technologies. The ACSC also provided input on the cyber threat to other intelligence products across government agencies, including supporting the Office of National Intelligence and Defence Intelligence Organisation.

Case study 4: 5G policy

5th Generation (5G) is an evolution of wireless telecommunications. It requires network architecture with significantly different characteristics to previous mobile generations. The unique nature of 5G has fundamental implications for the security of critical infrastructure over the decades ahead because it is a much more powerful and pervasive technology. This change means that traditional cyber security controls will not be as effective.

In consultation with operators and vendors, ASD worked to see if there were ways to protect Australia's 5G networks if high-risk vendor equipment was present anywhere in these networks. The review concluded that persistent and legitimate access to 5G networks by high-risk vendors – who are likely to be subject to extrajudicial directions from a foreign government that conflict with Australian law – no matter how tightly controlled, will provide hostile intelligence services with an enduring presence in the network. This could be leveraged to undermine the confidentiality, integrity and availability of our networks.

Partnerships and engagements

Cyber security threats and incidents often traverse international borders and there is a growing mutual reliance on maintaining strong international relationships to address these threats. The ACSC has strong international relationships with cyber security counterparts around the world in order to share information, mitigate incidents and enhance Australia's cyber security resilience. In addition, the ACSC leads numerous international engagement and capacity-building activities in our region, to build our collective regional resilience to cyber security threats and, ultimately, further Australia's national cyber security objectives. During 2018–19 these included the following:

  • The Asia-Pacific Computer Emergency Response Team (APCERT) is a community of Computer Emergency Response Teams and Computer Security Incident Response Teams dedicated to encouraging and supporting cyber security cooperation in the Asia-Pacific region. APCERT has an operational focus with objectives to help create a safe and reliable cyberspace in the Asia-Pacific through global collaboration. The APCERT community continues to collectively detect, prevent and mitigate malicious cyber activity through the sharing of threat information, working-group activities, training and drills. In 2018, the ACSC was re-elected Chair of the APCERT Steering Committee for a fourth and final term. With fellow Steering Committee Members, the ACSC is leading changes to encourage closer cyber security cooperation across the region to reduce cyber threats and strengthen Australia's cyber security resilience.
  • The Pacific Cyber Security Operational Network (PaCSON) is designed to facilitate cooperation and collaboration across the Pacific to strengthen the region's cyber security posture. PaCSON provides a working-level network of cyber security incident response professionals in the Pacific — its members are the people responsible for their respective governments' responses to cyber security incidents. In 2019, the ACSC facilitated the second annual face-to-face meeting of PaCSON members – in Nuku'alofa, Tonga, from 29 April to 3 May 2019 – which included a cyber security information exchange, an annual general meeting and a series of technical and strategic workshops.

Offensive cyber operations – performance analysis

ASD's offensive cyber capability protects Australians and Australia's national interests through a broad range of offshore activities designed to disrupt, degrade or deny our adversaries. Specifically we:

  • deter and respond to malicious cyber intrusions and attacks
  • support the Australian Defence Force (ADF) and coalition partners to conduct military campaigns in the Middle East and degrade Daesh propaganda networks
  • disrupt, degrade, deny and deter organised offshore cyber criminals.

On 27 March 2019, Director-General ASD gave a public speech that, for the first time, disclosed operational details of ASD's offensive cyber capability. This disclosure was a significant event that highlights ASD's commitment to increasing transparency around our activities, legal authorities and ethical responsibility. The Director-General's remarks also served to increase public awareness of ASD, including to assist with ASD's recruitment efforts to build a specialist workforce.

The Director-General shared various case studies highlighting ASD's real-world impact, using ASD's computer network attack and covert online operation capabilities. The first example highlighted how an ASD offensive cyber operation, conducted in support of the ADF, planned and executed under direction of the ADF's Chief of Joint Operations, helped degrade Daesh communications on the battlefield in order to disrupt their ability to launch attacks. The second example highlighted how an ASD covert online operator developed a false online identity to build rapport with an extremist. Through effective analyst tradecraft techniques, ASD successfully persuaded him not to become a foreign fighter in an overseas terrorist organisation, preventing harm to himself and others.

Report on financial performance

In 2018–19, ASD mirrored the majority of the Department of Defence's policies and processes through a shared services arrangement, which allowed ASD to immediately establish an effective financial management framework during its first year as an independent statutory agency.

Restructuring arrangements provided ASD with assets or liabilities from the following entities:

  • the Department of Defence
  • the Attorney-General's Department
  • the Department of the Prime Minister and Cabinet
  • the Digital Transformation Agency.

ASD received $286.5 million in assets through this restructuring, and accepted $65.3 million in liabilities.

In 2018–19, the Government provided ASD with $743.5 million in appropriation funding for ordinary annual services and a further $125.0 million for capital investment. Included in its appropriation was $95.2 million in new funding, provided to enhance ASD's capabilities in areas of high priority to the Government. In addition, ASD received $11.5 million to compensate for unfavourable movements in foreign exchange and $4.5 million in cost recovery revenue from other government entities, primarily for the provision of TOP SECRET ICT services.

ASD's financial statements show a deficit attributable to the Australian Government of $31.3 million. When adjusted for depreciation, which is an unfunded Government-approved expense, ASD's result from operations in 2018–19 is a surplus of $28.7 million (3.7 per cent of revenue).

Throughout 2018–19, ASD's management has worked in partnership with the Department of Defence and the Department of Finance to resolve a range of issues created by ASD's change in status to an independent statutory agency. While many issues have been resolved, some budget and financial management practices continue to be agreed, including through the shared service arrangements between ASD and the Department of Defence.

ASD's financial statements are provided in Chapter 5 of this report, and a table summarising ASD's total resources and total payments is provided at Appendix B.

The nature of ASD's activities require it to continuously invest in talented people and new technology to ensure its capabilities remain contemporary and relevant to its purpose. Breakthrough technologies, and rapid advancements in existing technologies, are likely to place pressure on ASD's financial position across the forward estimates. ASD will continue to identify and implement efficiencies, and rigorously prioritise activities, to ensure it delivers optimal outcomes while operating within future budget allocations.

Chapter 4 | Management and accountability

Corporate governance

Principles, objectives, structures and processes

As a statutory agency in the Defence portfolio, ASD reports directly to the Minister for Defence. It operates under the Intelligence Services Act 2001 (ISA) )and Public Governance, Performance and Accountability Act 2013 (PGPA Act). All of ASD's activities are subject to oversight from the Inspector-General of Intelligence and Security (IGIS). The Parliamentary Joint Committee on Intelligence and Security (PJCIS) provides further oversight of ASD's administration, expenditure, enabling legislation, and any matters referred by the Australian Senate, House of Representatives, or a Minister of the Australian Government. ASD also appears before the Senate Standing Committee on Foreign Affairs, Defence and Trade during estimates.

Corporate Plan

In August 2018, ASD published its first Corporate Plan, covering 2018–19 to 2021–22 and reflecting a strong focus on the key deliverables of the ASD transition to a statutory agency. It also highlighted significant challenges in the ASD operating environment, in particular the importance of recruiting and retaining specialist staff and ensuring that we can meet, and exceed, our stakeholders' expectations. ASD's second Corporate Plan was published on 28 August 2019 and outlines the ongoing work of the organisation to strengthen its reporting and performance framework, optimise its governance mechanisms, and define new performance measures to provide a baseline for ASD's performance against its purpose.

ASD Governance Framework

Under the Public Governance, Performance and Accountability Act 2013, the Director-General ASD is the Accountable Authority for ASD. The ASD Executive Committee is the primary support to the Director-General ASD in the governance and management of ASD. In line with the Commonwealth Risk Management Policy 2014, the initial ASD Governance Framework has six committees overseeing the management of risk across five domains (see Figure 5). These committees assist the Director-General ASD in ensuring ASD is meeting the highest standards of governance, performance and accountability.

Figure 5: ASD Governance Framework

ASD Governance Framework. The ASD Executive Committee is the primary support to the Director-General; the governance framework has six committes overseeing the management of rick across five domains, outlined in the text.
* According to Public Governance, Performance and Accountability Act 2013 requirements, the Audit and Risk Committee will report to the Director-General as ASD's accountable authority.
Executive Committee

ASD's Executive Committee is the primary decision-making committee within ASD and is chaired by the Director-General ASD. The Executive Committee meets fortnightly and its objectives include, but are not limited to: providing advice to the Director-General ASD; setting the strategic direction for ASD, and providing oversight of all ASD activities. The Executive Committee assists the Director-General ASD in ensuring ASD meets the highest standards of governance, performance, and accountability, with the Director-General ASD having ultimate decision-making authority on all issues.

Management Review Committee

ASD's Management Review Committee (MRC) is the key body for managing staff wellbeing and personnel security risks for the agency. Where required, the MRC considers potential issues of concern related to employee organisational suitability in a manner which balances intelligence-related equities and appropriate personnel management. The MRC does not consider issues related to the security clearance process, broader employment conditions, Code of Conduct, other administrative investigations or performance management activities.

Audit and Risk Committee

The ASD Audit and Risk Committee (ASDARC) was established in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013. The ASDARC is an integral part of improving ASD's enterprise-level risk management and provides independent advice on risk management directly to the Director-General ASD. ASDARC's responsibilities are to monitor, review, and, where appropriate, make recommendations to the Director-General ASD with respect to: financial reporting; performance reporting; the system of risk oversight, including fraud risk and prevention; system of internal control; and internal and external audit. The ASDARC comprises three external members and two internal members to advise ASD on risk and governance issues. This committee has met four times over the last financial year.

Enterprise Performance Committee

ASD's Enterprise Performance Committee (EPC) is responsible for providing advice to the Executive Committee on any significant matter related to enterprise performance and plays a key role fulfilling ASD's responsibilities in accordance with the Performance and Accountability Act 2013. The EPC's objectives include, but are not limited to: reviewing enterprise performance and risks, discussing performance gaps, and overseeing relationships with key customers. The EPC is chaired by the Principal Deputy Director-General ASD and meets three times per year.

Data, Technology and Infrastructure Committee

ASD's Data, Technology and Infrastructure Committee (DTIC) provides advice to the Executive Committee on significant matters related to data, technology and infrastructure, and plays a key role in ensuring that any such investment is effectively administered to achieve ASD's strategic objectives. The committee's objectives include, but are not limited to: reviewing and endorsing prioritisation of gaps, monitoring outcomes in relation to relevant strategies, and monitoring resource allocation across the data, technology and infrastructure spheres. The DTIC is chaired by the Deputy Director-General Corporate and Capability and meets at least quarterly.

People Committee

ASD's People Committee provides oversight for matters relating to the technical and operational people capability required to ensure ASD achieves its strategic objectives and commitment to Government, and advises the Executive Committee on any significant matter related to enterprise-level human resources. The committee's objectives include, but are not limited to: employment conditions, conduct, values and behaviours frameworks, and diversity and inclusion. The People Committee is chaired by the Deputy Director-General Corporate and Capability and meets on a quarterly basis.

Finance Committee

ASD's Finance Committee considers, monitors and advises the Executive Committee on any significant matter related to ASD's budget and estate, plays a key role in optimising the financial effectiveness and efficiency of ASD, and establishes and maintains best-practice financial management and compliance. The committee's objectives include, but are not limited to: ASD's financial statements, shared service liaison, and compliance with relevant legislation. The committee is chaired by the Deputy Director-General Corporate and Capability and meets on a quarterly basis.

Ethical framework

ASD's ethical framework is aligned to the legislation that governs ASD business and activities, and is embedded in our organisational values.

ASD staff are committed to upholding our organisational values (see Figure 6), which are an integral aspect of ASD's culture and are reflected in our Code of Conduct.

Figure 6: ASD Values

ASD Values: We make a difference, we strive for excellence, we belong to a great team, we are audacious in concept, we are meticulous in execution.

ASD is also subject to the Public Interest Disclosure Act 2013 (PID Act), which facilitates disclosure and investigation of wrongdoing and maladministration in the Commonwealth public sector. ASD-authorised officers are appointed by Director-General ASD to fulfil the purposes and direction of the Act.

Fraud control and prevention

ASD does not tolerate fraudulent behaviour and treats both suspected and actual fraud seriously. ASD takes a risk-based approach to fraud and uses the philosophy of 'educate, trust and verify' to balance effective oversight with the need to deliver across the full spectrum of is operations. This means that ASD takes all reasonable measures to inform ASD staff members of the rules and their responsibilities to prevent fraud, trusts them to get on with the job and uphold those requirements, and also implements verification mechanisms to ensure any unauthorised behaviour is detected and investigated swiftly.

Fraud risks are present across all functions and processes. Identifying, analysing and mitigating fraud risk is considered an integral part of managing ASD's overall business. ASD takes all reasonable measures to prevent, detect and deal with fraud. In 2019, ASD undertook a fraud risk assessment and developed a control plan to ensure that fraud risks are adequately mitigated, monitored, reported and controlled. The endorsed fraud control plan will be promoted throughout ASD in late 2019.

ASD employees must complete annual mandatory training on fraud awareness. Fraud awareness and risks are routinely identified through workshops with key stakeholders and educational awareness messaging. ASD staff members can also make disclosures of suspected wrongdoing through the Public Interest Disclosure Scheme or to the Inspector-General of Intelligence and Security.

Risk management

ASD is embedding risk-management principles to support timely decision-making and reporting, prioritisation of resources, increased compliance and efficiency, and continual improvement in operations.

ASD has established systems of internal control and risk oversight to ensure it is efficiently and effectively managing its resources. The ASDARC is an important aspect of improving ASD's enterprise-level risk management.

ASD is shaping a culture that encourages risk reporting, risk-based decision-making, accountability and oversight. The ASD Executive have identified nine key enterprise risks which will inform a refresh of the existing Enterprise Risk Management Plan. This work is expected to be completed in early 2020.

External scrutiny

Parliamentary Joint Committee on Intelligence and Security

Section 28 of the Intelligence Services Act 2001 establishes the Parliamentary Joint Committee on Intelligence and Security, and section 29 gives the committee the function to review ASD's administration and expenditure.

ASD appeared before the committee on 16 August 2018 in relation to the committee's 2016–17 review into ASD's administration and expenditure. In April 2019, ASD responded to Questions on Notice from the committee in relation to its 2017–18 report into ASD's administration and expenditure. A hearing was not conducted for this review during 2018–19.

ASD appeared before the committee, on 19 October 2018 and 26 November 2018, as part of the committee's inquiry into the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018.

Senate Standing Committee on Foreign Affairs, Defence and Trade

ASD appears before the Senate Standing Committee on Foreign Affairs, Defence and Trade as a statutory agency within the Defence portfolio. ASD testified before the committee on 25 October 2018, 20 February 2019, 5 April 2019 and 10 April 2019. Records of ASD's evidence to the committee can be found in the Estimates' Hansards.

Inspector-General of Intelligence and Security

The Inspector-General of Intelligence and Security (IGIS) is an independent Statutory Officer who reviews the activities of the National Intelligence Community, including the activities of ASD. IGIS undertakes independent checks across ASD's operational activities, investigates complaints received by her office, and reports ASD's compliance performance in her annual report.

During 2018–2019, IGIS undertook a regular inspection program of activities across ASD's operational functions, which included visits to ASD facilities, meetings with ASD staff and audit of ASD documentation.

ASD works closely with IGIS to provide information about ASD's activities, particularly where questions of legal compliance or propriety might arise. During 2018–19, this included providing technical briefings and operational updates, support for two IGIS-initiated projects, and details about legal advice provided to ASD.

During 2018–19, ASD reported three confirmed breaches of legislation and two potential breaches of legislation to IGIS.

During 2017–18, IGIS initiated two formal inquiries into ASD activities that continued throughout 2018–19. Both were concluded in the first half of 2019. ASD is implementing the recommendations made in those inquiries.

Briefings to the Leader of the Opposition

Section 27D of the Intelligence Services Act 2001 requires the Director-General ASD to consult regularly with the Leader of the Opposition in the House of Representatives for the purposes of keeping him or her informed on matters relating to ASD. During 2018–19, the Director-General ASD met with the Leader of the Opposition for this purpose.

People capability

Human resource management

As a statutory agency, ASD operates under the Intelligence Services Act 2001 in relation to employment of staff. ASD has the flexibility to set the overall size and composition of the agency, while operating within its budget, which provides flexibility to recognise the skills of its specialised workforce.

ASD operates in close proximity to many public service agencies. The Intelligence Services Act 2001 states that ASD must adopt the principles of the Public Service Act 1999 in relation to employees of ASD to the extent to which the Director-General ASD considers they are consistent with the effective performance of the functions of the agency. Mobility across the public sector is recognised as an important tool to bring critical talent into ASD and, therefore, prior service in the public service will continue to be recognised by ASD.

On 1 July 2018, some staff from the Attorney-General's Department, the Digital Transformation Agency and the Department of the Prime Minister and Cabinet moved into ASD as part of the Machinery of Government (MoG) change.

During 2018–19, ASD continued to utilise a shared service arrangement with the Department of Defence to supplement the provision of human resource (HR) functions alongside its small internal People, Learning and Development Branch.

In January 2019, ASD initiated a review of its HR, learning and development operating model and strategies, to identify the key activities, resources and capabilities that ASD requires to deliver a sufficient and sustainable function, linked to Defence shared services and capable of meeting the priorities of ASD in the next one, two and five-year periods.

Year one has focused on establishing ASD's people vision, shaping key strategies and addressing any key barriers. In year two, we will strengthen the role of HR and its contribution to organisational objectives. During years three to five, HR will mature to deliver strategic value to the business. ASD will continue to grow its HR function to deliver these outcomes.

Recruitment

At the end of the 2018–19 financial year, ASD employed 1775 full-time equivalent staff. Our separation rate was 8.3 per cent in 2018–19.

The attraction of high-quality and specialised candidates to meet ASD's mission requirements is one of ASD's highest priorities. At the same time, it presents one of the greatest challenges due to the highly competitive external market for specialised skills (particularly within the technical sphere) and the need for candidates to meet stringent security clearance requirements.

ASD's aim for the future is to implement strategies and policy which will provide agility to recruit successfully at scale, and ensure candidate care is actively managed during the security clearance process.

ASD has continued to shape and refine our selection approach for assessing candidates to ensure the capability requirements of the Directorate are met. This includes utilising bulk recruitment processes, online assessments – including information technology technical tests and cognitive assessments – and streamlined processes.

Entry-level programs

ASD engaged in the whole-of-government Emerging Talent Programs through the Digital Apprentice and Digital Cadet Programs. The Digital Apprentice program offers school leavers, or candidates wanting a career change, full-time employment while studying in a digital field. The Digital Cadet program offers current undergraduates or postgraduates part-time work while they complete their studies. During 2018–19, 14 Emerging Talent candidates joined ASD: 11 Cadets (technology) and 3 Apprentices (technology).

ASD participates in the Defence Graduate Program (Defence Policy and Intelligence Pathway). The Defence Graduate Program allows graduates across all degree disciplines, including languages, technical, cyber security, ICT, science technology engineering and mathematics (STEM), political science, and international relations to apply for permanent employment within ASD. During 2018–19, 52 graduates joined ASD across three streams: 10 Technology, 4 Corporate and 38 Analysts.

Learning and development

ASD designs and delivers bespoke training to support ASD's mission, and facilitates access to external development opportunities for ASD staff.

During 2018–19, our tailored training reached over 2800 staff and focused on intelligence skillsets and skill applications unique to the classified environment. Training and learning requirements are reviewed and evaluated regularly to ensure ASD's workforce is suitably skilled to meet current and future operational challenges. ASD's People, Learning and Development Branch has also worked closely with the National Intelligence Community on the development of community training.

Diversity and inclusion

ASD is committed to a respectful and inclusive workplace where it is safe for our people to bring their whole selves to work. Our strength, resilience, and creativity derive from our different ages, backgrounds, caring responsibilities, cultures, neurodiversity, physical abilities, religions and sexualities.

ASD has developed a Diversity and Inclusion Strategy that provides enterprise-level guidance to drive cultural change, achieve workforce capability requirements and align diversity and inclusion activities with strategic and corporate plans. ASD has an overarching senior leader (SES) champion for diversity and inclusion, as well as SES champions for each of its employee networks. These SES champions meet regularly through the Diversity and Inclusion Working Group to discuss matters of diversity and inclusion of importance to staff.

The staff-initiated and led diversity networks – which form an essential part of creating a diverse and inclusive culture where all staff feel valued, respected, included and safe – include:

  • Women's Leadership Council (Gender Equity)
  • ATSI@ASD (Aboriginal and Torres Strait Islander Network)
  • Disability for future development
  • ASD+ (LGBTIQ+ network)
  • CALD (culturally and linguistically diverse) for future development
  • Neurodiversity for future development.

ASD is a member of the Diversity Council of Australia and Pride in Diversity. ASD employees use the tools and services provided by these networks to help guide best practice initiatives and actions in workplace diversity and inclusion. ASD also participated in the Australian Workplace Equality Index submission for the first time in 2019 – which benchmarks LGBTIQ workplace inclusion – and achieved a 'Participating' level, which demonstrated ASD's commitment to LGBTIQ inclusion and activity in this area.

In 2018–19 ASD undertook a range of diversity and inclusion initiatives, including:

  • Diversity and Inclusion focused employee networks regularly held events supporting days of commemoration and celebration. ASD raised money and awareness for LGBTIQ causes while celebrating Wear it Purple and the International Day Against Homophobia, Biphobia and Transphobia.
  • ASD celebrated International Women's Day (IWD) 2019, via both involvement in the National Intelligence Community-wide IWD forum, and by hosting an ASD event focusing on women in STEM.
  • A White Ribbon Day event was also held to acknowledge family and domestic violence faced within the community.
Reconciliation – Indigenous talent attraction and development

ATSI@ASD is a community of support for Indigenous Australians; key activities through the year included:

  • establishing a Reconciliation Action Plan (RAP) Working Group
  • facilitating the ongoing development of ASD's Reflect RAP
  • facilitating access to culturally informed learning and development for network members and wider ASD staff, including Australian War Memorial tours, for ASD staff members, focusing on the contribution of Aboriginal and Torres Strait Islander peoples
  • sustaining support for Aboriginal and Torres Strait Islander candidates recruited through the 2017 and 2019 recruitment rounds
  • celebrating NAIDOC Week and Reconciliation Week, including organising Amy Thunig to speak with ASD staff.
Domestic and family violence

ASD remains committed to supporting employees affected by family and domestic violence, through embracing the Defence Family and Domestic Violence Strategy 2017–22 and the Commanders and Managers Guide to Responding to Family and Domestic Violence, which provide managers with basic information about how to support someone experiencing domestic violence.

In marking the 2019 International Day for the Elimination of Violence against Women, ASD hosted Nathan Costigan, Chair of the Tara Costigan Foundation, who spoke to staff about family and domestic violence.

Flexible working arrangements

ASD is committed to providing flexible working arrangements that support employees in balancing their professional and personal commitments and maximise participation in the workforce. ASD has adopted the assumption that all roles can be conducted flexibly, through the practice of If not, why not?

The If not, why not? approach to flexible work practices encourages employees across the organisation to think about how their roles, and roles within teams, could be delivered in a flexible manner. This approach emphasises an employee's right to request a flexible working arrangement and to discuss this with their manager. The onus is on managers to demonstrate why a role cannot be filled flexibly, rather than an employee demonstrating why it can.

ASD favourably considers requests for flexible working arrangements from mature-aged employees who wish to phase into retirement, and employees with school-age or young children, children with disabilities, and elder-care responsibilities.

The types of flexible work arrangements currently available in ASD include flexible working hours, working arrangements for Executive Level employees, make-up time, time off in lieu, local working arrangements, telework, part-time work, and shiftwork.

ASD has adopted the Government's Paid Parental Leave scheme so staff are able to access up to ten 'Keeping in Touch' days. These days allow staff to return to work for short periods so as to stay connected with the workplace and help the transition back into work, while retaining access to the payments provided under the Government's Paid Parental Leave scheme.

ASD supports the Parenting Outreach Program, which was established to help new parents keep up professional and personal networks while on longer-term leave. It is also designed to provide a support network to assist mothers and fathers to manage the balancing act upon their return to work, including through the use of flexible work arrangements.

Work health and safety

ASD is committed to providing a safe working environment and ensuring the health, safety and welfare of our staff. In 2018–19, a review of work health and safety in ASD was conducted to ensure ASD is able to meet its obligations under the Work Health and Safety Act 2011. ASD continues to implement the recommendations, and enhanced governance and performance monitoring structures are being implemented to ensure we strengthen our work health and safety culture, and we continue to integrate health and safety considerations across the spectrum of our day-to-day work activities.

Pivotal to health and safety in ASD is a focus on mental health and wellbeing. ASD hosts a Mental Health Speaker Series designed to support the physical health and safety of our staff.

Further work is ongoing to ensure our workforce is supported through the Health and Safety Representative network and has representation through the ASD and Defence Work Health and Safety Committees. The network continues to engage with work teams and inform them about the importance of maintaining a safe workplace – and this includes ASD's first aid officers who provide a critical first-response function when safety incidents occur.

ASD has maintained our active early intervention and preventative approach to compensation and rehabilitation. As ASD builds its internal work health and safety capability, and implements the ASD WHS Management System, we continue to be supported by the Department of Defence. ASD is also establishing its own relationship with Comcare in relation to both work health and safety, and rehabilitation.

ASD staff and their immediate families have access to the Defence Intelligence Agencies' Employee Assistance Services panel, which provides counselling and therapy interventions for a range of issues. The panel consists of registered psychologists, who have wide experience, including specialists in areas such as drug and alcohol addictions, relationship counselling, trauma treatment, and children and adolescents. Staff also have access to the in-house psychological services team who can provide a higher level of support. A representative from the psychology team presents at all staff inductions so that new employees are aware of these services.

ASD psychologists provide a range of training and presentations to staff on mental health topics. These are delivered in group format and reflect wellbeing concerns that have been identified as relevant across the National Intelligence Community psychology forums.

In line with legislated notification obligations, ASD reported two incidents to Comcare in 2018–19. Comcare initiated an investigation into the events, with one incident deemed to be natural causes and not a notifiable incident; the second remains under investigation. There were no notices issued to ASD under the Work Health and Safety Act 2011.

Performance management

All ASD employees and their ASD and Australian Defence Force supervisors are required to participate in the Performance Feedback Assessment and Development Scheme (PFADS).

PFADS supports a strong performance culture, as it provides a framework for employees and their supervisors to discuss and establish expectations regarding performance and behaviour, to recognise, reward and reinforce strong performance, and to identify and encourage improvement where improvements need to be made.

The foundation of the performance framework is frequent quality performance conversations, between an employee and their supervisor, throughout the performance cycle. By regularly discussing performance, sharing ongoing feedback and acknowledging achievements and performance, supervisors and employees create a sustainable strong performance culture.

ASD's annual performance cycle runs from 1 September until 31 August. Key events in the performance cycle include:

  • frequent Clarity, Check-In and Closing conversations, that occur continually throughout the performance cycle, to discuss particular work activities
  • three defined checkpoint conversations to Set Expectations, Review Performance and Assess Performance, that occur at distinct points within the performance cycle, to discuss the standard of work performance and expectations of the employee.

ASD's performance management process is underpinned by policies to assist supervisors to lead and encourage employees to high performance and improve poor performance.

ASD Determination

ASD operates under its first ASD Determination, Terms and Conditions (ASD Employment Conditions [non-SES]) Determination, which was made by the Director-General ASD under subsection 38A(3) of the Intelligence Services Act 2001.

The determination was made on 21 June 2018, and came into effect on 1 July 2018, to align with ASD's transition to an independent statutory agency. The current determination will nominally expire on 15 August 2020. Consultation for ASD's second employment conditions determination will be undertaken in the 2019–20 reporting period.

ASD's SES workforce are employed under the ASD Determination, Terms and Conditions (ASD SES Employment Conditions) Determination 2018.

These two determinations provide for a range of non-salary benefits, including leave entitlements, access to flexible working arrangements, and part-time work. ASD invests heavily in training and development of staff, and has a number of formal and informal schemes to recognise exemplary performance and achievements.

Table 2 shows the types of employment arrangements covering SES and non-SES arrangements in ASD as at 30 June 2018.

Table 2: SES and non-SES employees by employment arrangement, as at 30 June 2019

Employment arrangement (headcount) Non-SES SES
ASD Determination, Terms and Conditions (non-SES) 1879 0
ASD Determination, Terms and Conditions (SES) 0 36

Grievances process

ASD has established a grievance process that provides a fair process of review of ASD actions. It retains the principles of a respectful, collegiate and professional process that applied when ASD was integrated in the Department of Defence, and has introduced some new features, including the additional benefit of providing employees with the ability to request a second internal review of relevant matters. The Inspector-General of Intelligence and Security (IGIS) has now also been given powers to investigate complaints regarding employment-related grievances from ASD employees.

The provisions of the Fair Work Act 2009 continue to apply to ASD employees and provide them with an avenue for redress for their employment-related grievances. Additionally, the right of employees to be members of industrial associations continues.

Security

ASD undertakes signals intelligence, cyber security and effects missions in accordance with sound, risk-based security practices that protect the organisation's most important equities, and are attuned to the sensitivity of the functions and activities being performed. ASD is also a shared-service provider of security assurance to the Defence Intelligence Agencies.

Through 2018–19, ASD has met its mandatory security obligations under the Protective Security Policy Framework (PSPF).

To conduct these tasks in a coordinated, consistent, and prioritised manner, ASD's protective information, personnel and physical security areas have been consolidated into a single Security Branch. In August 2018, the Director-General ASD designated the Assistant Director-General Security to be ASD's inaugural Chief Security Officer and also the delegated authority for all ASD security risk decisions.

ASD's security framework is a critical factor in shaping the behaviour of ASD's staff. This framework enables ASD to undertake its mission in accordance with sound, risk-based practices and supports obligations under the PGPA Act and the PSPF. Security training provides a strong foundation for reinforcing the importance of a sound security posture and culture through a suite of mandatory training and iterative security education programs tailored to the workforce, with one such initiative being the Trusted Insider Roadshow.

Consolidation of ASD's security offerings, including incident response, has set the scene for substantive improvements to ASD's protective security services during the 2018–19 reporting period. These improvements include supporting ASD in the successful integration of multi-security personnel and facilities following Machinery of Government changes enacted on 1 July 2018, and the management of an increased footprint of staff and sites across Australian state capital cities.

During 2018–19, ASD has implemented the PSPF security classification changes in ASD's corporate Top Secret environment and record management system. ASD is on track for completing the changes on all systems before the Attorney-General's Department mandated deadline of October 2020.

Portfolio management

A key part of ASD's planning and performance framework is the portfolio management function. In the early stages of becoming a statutory agency, it has been important to define and establish a portfolio management function that can ensure sound decisions around the identification, selection, prioritisation and oversight of investment in major capability programs. This function was reviewed in 2019 to assess its current state and to ensure that mechanisms are in place to align the agency's programs to its strategic objectives.

ICT shared services delivery

ASD provides shared services at the TOP SECRET level of classification to a number of Commonwealth entities.

Property and procurement

Property

ASD operates under the shared service agreement with the Department of Defence for the provision of property services, including estate planning and overall management of buildings and related infrastructure, internal fit-out, waste management and cleaning services, and cafeteria services.

During the year, ASD commenced an extensive upgrade of the foyer at its site in Russell, ACT, and ASD's newest facility, the ACSC site located in Brindabella Park, ACT, was opened to provide an essential collaboration hub for working with government and industry stakeholders in support of ASD's cyber defence operations.

Asset management

ASD manages $452.563 million of total assets. This includes:

  • $42.033 million of buildings and infrastructure
  • $262.257 million of plant and equipment
  • $24.125 million of intangibles
  • $0.244 million of heritage assets, and
  • $123.904 million of other items, including cash, receivables and prepayments.

ASD is accountable for the underlying business transactions and records that substantiate the reported financial balances of assets under its control. ASD undertakes accounting processes to enable the accurate and timely reporting of asset balances and ensures that they are consistent with the requirements for financial statement reporting defined in the Australian Accounting Standards. ASD conducted a fair value assessment of all assets.

Procurement

During the 2018–19 reporting period, ASD adhered to the Commonwealth Procurement Rules (CPRs) and associated policy and guidelines.

ASD used its two professional services panels to meet the majority of its contractor capability delivery and support requirements. In accordance with the CPRs, ASD made use of whole-of-government and coordinated procurement arrangements, with a particular focus on the purchase of equipment and systems, through the Digital Transformation Agency.

ASD leverages Department of Defence procurement mechanisms where these offer economy of scale benefits to both parties.

ASD's procurement compliance is reviewed by management and reported to the ASD Audit and Risk Committee. No significant issues have been identified and compliance was acceptable during the reporting period.

Consultants

In 2018–19, ASD applied the CPRs and Department of Finance and Department of Defence guidance relating to the categorisation, selection and engagement of consultants. ASD entered into ten new consultancy contracts involving total actual expenditure of $2.42 million. No additional consultancy contracts were active during the period.

In support of its establishment as a statutory agency, ASD engaged consultants to provide independent and expert advice on a range of functional areas that are key to ASD's successful operation, including security processes and practices, a people capability framework (inclusive of recruitment and skilling), a portfolio management framework, a capability delivery and technical roadmap, and a review of ASD's financial capabilities, budgeting and financial reporting obligations.

In accordance with the CPRs, details all of these contracts have been reported on AusTender.

Exempt contracts

ASD publishes information on the value of contracts and consultancies on the AusTender website. ASD is not required to publish this information on AusTender, as it has been exempted by the Director-General ASD on the basis that publication would disclose exempt matters under the Freedom of Information Act 1982. During 2018–19, ASD exempted 99 contracts with a total value of $219 million.

Small business

ASD supports small business participation in the Australian Government procurement market. Small and medium-sized enterprise participation statistics are available on the Department of Finance's website at www.finance.gov.au/government/procurement/statistics-australian-government-procurement-contracts.

ASD's procurement practices to support small and medium enterprises include:

  • adoption of standing offers such as the Digital Marketplace, which provides access to a large number of small and medium enterprises
  • the selection of small and medium enterprises, under ASD's standing-offer panel arrangement, for the provision of contractor personnel providing ICT capability and support roles
  • the use of the Commonwealth Contracting Suite for relevant procurements valued at less than $200 000
  • the use of electronic systems to facilitate the Department of Finance's Procurement On-Time Payment Policy for Small Business, including payment cards.

Advertising

ASD has no material advertising expenditure to report for the 2018–19 reporting period.

Grants

ASD did not provide any grants in the 2018–19 reporting period.

Disability reporting

Since 1994, non-corporate Commonwealth entities have reported on their performance as policy adviser, purchaser, employer, regulator and provider under the Commonwealth Disability Strategy. In 2007–08, reporting on the employer role was transferred to the Australian Public Service (APS) Commission's State of the Service reports and the APS Statistical Bulletin. These reports are available at www.apsc.gov.au. Since 2010–11, entities have no longer been required to report on these functions.

The Commonwealth Disability Strategy has been replaced by the National Disability Strategy 2010–20, which sets out a ten-year national policy framework to improve the lives of people with a disability, promote participation and create a more inclusive society. A high-level, two-yearly report will track progress against each of the six outcome areas of the strategy and show how people with a disability are faring. The first of these progress reports was published in 2014, and can be found at www.dss.gov.au.

The percentage of ASD employees who have self-identified as having a disability is 1.3 per cent, as at 30 June 2019.

ASD's reporting of the number of employees with disability or chronic illness relies on individuals self-identifying. One of the ongoing challenges is the reluctance to report for fear of stigma and negative stereotypes associated with disability in the workplace. The 2015 Defence Census indicated that 20.3 per cent of Defence APS employees had at least one form of disability or chronic medical condition. This increased level of reporting reflects the anonymity of the census as well as the broader definition of disability to include chronic illness or injury.

Appendix C provides information on the diversity of ASD's workforce, including statistics on people with a disability.

Information Publication Scheme

ASD is exempt from the operation of the Freedom of Information Act 1982 and does not have an Information Publication Scheme.

Non-compliance with finance law

No significant instances of non-compliance, requiring a report to the responsible Minister in accordance with the PGPA Act, have been recorded in ASD for 2018–2019.

Electoral expenses

ASD does not fall within the definition of agencies covered by the reporting requirements of section 311A of the Commonwealth Electoral Act 1918.

Ecologically sustainable development and environmental performance

ASD's shared service agreement includes the provision of a range of property and estate services. The Department of Defence has a Defence environmental policy which applies to these services ensuring the:

  • delivery of a sustainable estate
  • understanding and management of environmental impacts
  • minimisation of pollution and contamination
  • increasing efficiency of resource consumption
  • recognition and management of Defence estate heritage values.

Defence runs an ecologically sustainable development program, which includes projects such as solar systems, lighting upgrades, and water efficiency fittings. In 2018–19, this contributed to more than $15 million in savings.

Chapter 5 | Financial statements 

Independent Auditor's Report

Financial statements for the period ended 30 June 2019

STATEMENT OF COMPREHENSIVE INCOME

2019
$'000
  Original
Budget
$'000
  Notes      
EXPENSES        
Employee benefits 1.1A 240,419   247,283
Suppliers expenses 1.1B 475,871   477,164
Depreciation and amortisation 2.2A 60,027   -
Write-down and impairment of assets 1.1C 2,997   -
Foreign exchange losses 1.1D 161   -
Total Expenses   779,475   724,447
         
OWN-SOURCE INCOME        
Provision of goods and rendering of services 1.2A 4,515   2,715
Total own-source revenue   4,515   2,715
         
Gains        
Reversals of previous asset write-downs and impairment 2.2A 115   -
Total Gains   115   -
Total own-source income   4,630   2,715
         
Net cost of services   (774,845)   (721,732)
         
Revenue from Government 1.2B 743,530   721,732
Deficit attributable to the Australian Government   (31,315)   -
         
OTHER COMPREHENSIVE INCOME
Items not subject to subsequent reclassification to net cost of services        
Changes in asset revaluation reserves 2.2A 11,302   -
Total other comprehensive income   11,302   -
         
Total comprehensive loss attributable to the Australian Government   (20,013)   -

The above statement should be read in conjunction with the accompanying notes.

The original budgeted financial statement that was first presented to Parliament in respect of the reporting period (i.e. from the 2018-19 Portfolio Budget Statements). The budget is not audited. Budget variance analysis is included in note 8.

STATEMENT OF FINANCIAL POSITION

2019
$'000
  Original
Budget
$'000
  Notes      
ASSETS        
Financial Assets        
Trade and other receivables 2.1A 16,056   5
Total financial assets   16,056   5
         
Non-financial assets        
Buildings and Infrastructure 2.2A 42,033   -
Plant and Equipment 2.2A 262,275   101,567
Intangibles 2.2A 24,115   1,311
Heritage assets 2.2A 244   -
Prepayments 2.2B 107,848   -
Total non-financial assets   436,497   102,878
         
Total Assets   452,553   102,883
         
LIABILITIES        
Payables        
Bank overdraft 2.3A 2,245    
Suppliers payables   38,146    
Employee payables 2.3B 4,406    
Other payables 2.3C 5,983    
Total payables   50,780   -
         
Provisions        
Employee provisions   76,474   -
Total provisions   76,474   -
         
Total Liabilities   127,254   -
         
NET ASSETS   325,299   102,883
         
EQUITY         
Contributed equity   345,312   102,883
Asset Revaluation Reserve    11,302   -
Accumulated Deficit    (31,315)   -
TOTAL EQUITY    325,299   102,883

The above statement should be read in conjunction with the accompanying notes.

The original budgeted financial statement that was first presented to Parliament in respect of the reporting period (i.e. from the 2018-19 Portfolio Budget Statements). The budget is not audited. Budget variance analysis is included in note 8.

STATEMENT OF CHANGES IN EQUITY

2019
$'000
  Original
Budget
$'000
  Notes      
CONTRIBUTED EQUITY        
Opening balance   -   -
Contribution by owners        
Equity injection - Appropriations 3.1A 124,200   102,883
Restructuring 6.1 221,112   -
Closing balance as at 30 June   345,312   102,883
         
ACCUMULATED DEFICIT        
Opening balance   -   -
Comprehensive income        
Deficit for the period   (31,315)   -
    (47,380)   -
         
ASSET REVALUATION RESERVE        
Opening balance   -   -
Comprehensive income        
Other comprehensive income 2.2A 11,302   -
Closing balance as at 30 June   11,302   -
         
TOTAL EQUITY        
Opening Balance        
Balance carried forward from previous period   -   -
Comprehensive (loss)/gain for the period   (20,013)   -
Transactions with owners   345,312   102,883
Closing balance as at 30 June   325,299   102,883

The above statement should be read in conjunction with the accompanying notes.

The original budgeted financial statement that was first presented to Parliament in respect of the reporting period (i.e. from the 2018-19 Portfolio Budget Statements). The budget is not audited. Budget variance analysis is included  in note 8.

Accounting Policy

(a) Equity Injections
Amounts appropriated which are designated as ‘equity injections’ (less any formal reductions) are recognised directly in contributed equity in that year.  

(b) Restructuring of Administrative Arrangements
Net assets/liabilities received from or relinquished to another Australian Government agency or authority under a restructuring of administrative arrangements are recognised as contributions or distributions of equity respectively, at their net book value.

CASH FLOW STATEMENT

2019
$'000
  Original
Budget
$'000
  Notes      
OPERATING ACTIVITIES        
Cash received        
Appropriations   737,884   721,732
Goods and services (including cost recovery)   3,023   2,710
Interest received   1   -
GST received   12,287   -
Other   1,170   -
Total cash received   754,365   724,442
         
Cash used        
Employees   (222,730)   (247,283)
Suppliers   (509,596)   (442,801)
GST paid   (14,571)   -
Section 74 receipts transferred to OPA   (1)   -
Other   (14)   -
Total cash used   (746,912)   (690,084)
Net cash from/(used by) operating activities    7,452   34,538
         
INVESTING ACTIVITIES        
Cash used        
Purchase of buildings and infrastructure   (25,723)   -
Purchase of plant and equipment   (105,722)   (135,930)
Purchase of intangibles   (8,890)   (1,311)
Total cash used   (140,335)   (137,241)
         
Net cash used by investing activities   (140,335)   (137,241)
         
FINANCING ACTIVITIES        
Cash received        
Contributed equity   130,636   102,883
Net cash from financing activities   130,636   102,883
         
Net increase/(decrease) in cash held   (2,245)    
         
Cash and cash equivalents at the beginning of the reporting period   -   -
Effect of exchange rate movements on cash and cash equivalents at the beginning of the reporting period   1   -
Cash and cash equivalents at the end of the reporting period 2.3A (2,245)   -

The above statement should be read in conjunction with the accompanying notes.

The original budgeted financial statement that was first presented to Parliament in respect of the reporting period (i.e. from the 2018-19 Portfolio Budget Statements). The budget is not audited. Budget variance analysis is included in note 8.

 

ADMINISTERED SCHEDULE OF COMPREHENSIVE INCOME

2019
$'000
  Original
Budget
$'000
NET COST OF SERVICES       
Net cost of services -   -
Deficit attribute to the Australian Government -   -
       
Total comprehensive income/(loss) -   -

The original budgeted financial statement that was first presented to Parliament in respect of the reporting period (i.e. from the 2018-19 Portfolio Budget Statements). The budget is not audited. Budget variance analysis is included in note 8.

 

ADMINISTERED SCHEDULE OF ASSETS AND LIABILITIES

2019
$'000
  Original
Budget
$'000
ASSETS      
Cash and cash equivalents 19,568   -
TOTAL ASSETS ADMINISTERED ON BEHALF OF GOVERNMENT 19,568   -
       
LIABILITIES      
Other payables 19,568   -
Total payables 19,568   -
       
TOTAL LIABILITIES ADMINISTERED ON BEHALF OF GOVERNMENT 19,568    
NET LIABILITIES -   -

The original budgeted financial statement that was first presented to Parliament in respect of the reporting period (i.e. from the 2018-19 Portfolio Budget Statements). The budget is not audited. Budget variance analysis is included in note 8.

 

ADMINISTERED RECONCILIATION SCHEDULE

2019
$'000
   
Opening assets less liabilities as at 1 July -    
Closing assets less liabilities as at 30 June -    

Accounting Policy

Cash Transfers to and from the Official Public Account
Revenue collected by ASD for use by the Government rather than ASD is administered revenue. Collections are transferred to the Official Public Account (OPA) maintained by the Department of Finance. Conversely, cash is drawn from the OPA to make payments under Parliamentary appropriations on behalf of Government. These transfers to and from the OPA are adjustments to the administered cash held by ASD on behalf of the Government and reported as such in the schedule of administered cash flows and in the administered reconciliation schedule.

ADMINISTERED CASH FLOW STATEMENT

2019
$'000
OPERATING ACTIVITIES  
Cash from the Official Public Account for:  
Special Accounts 25,978
Total cash from the Official Public Account 25,978
   
Cash to the Official Public Account for:  
Special Accounts (6,410)
Total cash to the Official Public Account (6,410)
   
Cash and cash equivalents at the end of the reporting period 19,568


Overview - Notes to the financial statements

The basis of preparation

The financial statements including notes are required by section 42 and section 105D of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and are general purpose financial statements.

The financial statements have been prepared in accordance with:

  • Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (FRR)
  • Australian Accounting Standards and Interpretations - Reduced Disclosure Requirements issued by the Australian Accounting Standards Board (AASB) that apply for the reporting period as amended by section 105D of the PGPA Act 2013.

The financial statements have been prepared on an accrual basis and are in accordance with the historical cost convention,except for certain assets at fair value. Except where stated, no allowance is made for the effect of changing prices on the results or the financial position. The financial statements are presented in Australian dollars and values are rounded to the nearest thousand dollars unless otherwise specified. 

Future accounting standard requirement

The following new, revised and amending standards and interpretations were issued by the AASB prior to the signing of the statement by the Director-General and Chief Financial Officer:

New Standard Expected Impact
AASB 15 Revenue from
Contracts with Customers
No material change to revenue recognised during a reporting period.
AASB 1058 Income of Not-for-Profit Entities No material impact anticipated
AASB 16 Leases An overall increase in expenses related to lease agreements in reporting periods following adoption with progressive decrease in expenses toward the end of the lease agreements. Leases identified are limited to leases for property and motor vehicles.

All other new, revised, and amending standards or interpretations that have been issued by the AASB prior to sign-off date that are applicable to the future reporting period(s) are not expected to have a future material financial impact on the ASD's financial statements.

Significant accounting judgements and estimates

Except where specifically identified and disclosed, ASD has determined that no accounting assumptions and estimates have a significant risk of causing a material adjustment to carrying amounts of assets and liabilities within the next accounting period.

Taxation

ASD is exempt from all forms of taxation except Pay-as-you-go Withholding (PAYG-W) Fringe Benefits Tax (FBT), the Goods and Services Tax (GST) and certain excise and customs duties.

Reporting of administered activities

Administered revenues, expenses, assets, liabilities and cash flows are disclosed in the administered schedules and related notes.

Except where otherwise stated, administered items are accounted for on the same basis and using the same policies as for departmental items, including the application of Australian Accounting Standards.

Events after the reporting period

There are no post balance date events with a material effect on the Departmental or Administered financial statements.


1. Financial performance

This section analyses the financial performance of ASD for the year ended 30 June 2019.

1.1: Expenses

 

2019
$'000
1.1A: Employee benefits  
Wages and salaries 174,797
Superannuation:  
    Defined contribution plans 18,774
    Defined benefit plans 11,684
Leave and other entitlements 34,720
Separation and redundancies 444
Total employee benefits 240,419

Accounting Policy

Employee benefits are based on the relevant employment agreements and legislation. Liabilities for services rendered by employees are recognised at the reporting date to the extent that they have not been settled. Liabilities for wages and salaries (including non-monetary benefits), annual leave and other entitlements expected to be wholly settled within 12 months of the reporting date are measured at their nominal amounts. All other employee benefit liabilities (including long service leave) are measured at the present value of the estimated future cash outflows to be made in respect of services provided by employees up to the reporting date.

(a) Leave
The liability for employee benefits includes provisions for annual leave and long service leave. No provision has been made for sick leave as all sick leave is non-vesting and the average sick leave taken in future years by employees of ASD is estimated to be less than the annual entitlement for sick leave. The leave liabilities are calculated on the basis of employees’ remuneration, including ASD’s employer superannuation contribution, at the estimated rates that will be applied at the time that leave is taken, to the extent that leave is likely to be taken during service rather than paid out on termination.

The liability for long service leave has been determined by reference to the work of the Australian Government Actuary in the current year.  The estimate of the present value of the liability takes into account attrition rates and pay increases through promotion and inflation.

(b) Separation and Redundancy
Provision is made for separation and redundancy benefit payments. ASD recognises a provision for termination when it has a detailed formal plan for the terminations and has informed those employees affected that the terminations will be carried out.

(c) Superannuation
Permanently appointed Commonwealth Officers of ASD are members of the Commonwealth Superannuation Scheme (CSS), the Public Sector Superannuation Scheme (PSS), the PSS Accumulation Plan (PSSap) and other superannuation schemes held outside the Commonwealth. The CSS and PSS are defined benefit schemes for the Australian Government.  
The PSSap is a defined contribution scheme.

The liability for defined benefits is recognised in the financial statements of the Australian Government and is settled by the Australian Government in due course.  This liability is reported by the Department of Finance as an administered item. ASD makes employer contributions to the employee superannuation schemes at rates determined by an actuary to be sufficient to meet the current cost to the Government of the superannuation entitlements of ASD’s employees.  ASD accounts for these contributions as if they were contributions to defined contribution plans in accordance with AASB 119. The liability for superannuation recognised in the departmental statements as at 30 June represents outstanding contributions yet to be paid.

(d) Paid Parental Leave
ASD provides payments to employees under the Government Paid Parental Scheme.  The receipts received are offset by the payments made to the employees and any balance outstanding at the end of the year is recognised as a liability.

Accounting judgements and estimates

As required by AASB 119 Employee Benefits, liabilities for short-term employee benefits expected to be paid within 12 months of the end of reporting period are measured at the one year Commonwealth government bond rate of 1.04 per cent.  Liabilities for long term employee benefits are discounted using the 10 year Commonwealth government bond rate of 1.32 per cent.

  2019
$'000
1.1B: Suppliers expenses  
 Goods supplied 30,949
 Services rendered 442,298
 Workers compensation premiums 2,624
Total supplier expenses 475,871

Financial statement audit services were provided free of charge to ASD by the Australian National Audit Office (ANAO) and are recorded at the fair value of resources received. No other services were provided by the auditors of the financial statements.

 
Commitments for minimum lease payments in relation to non-cancellable operating leases are payable as follows:   
Within 1 year 208
Between 1 to 5 years 31
More than 5 years -
Total operating lease commitments 239

Accounting Policy

A distinction is made between finance and operating leases.  Finance leases effectively transfer from the lessor to the lessee substantially all the risks and benefits incidental to ownership of leased assets.  In operating leases, the lessor  effectively retains substantially all such risks and benefits.

Operating lease payments are expensed on a straight line basis over the term of the lease which is representative of the pattern of benefits derived from the leased assets. Lease incentives taking the form of ‘free’ leasehold improvements and rent holidays are recognised as an integral part of the total consideration agreed for the use of the leased asset.

  2019
$'000
1.1C: Write-down and impairment of assets  
Write-down and impairment of property, plant and equipment 2,058
Write-down and impairment of intangible assets 939
Total write-down and impairment of assets 2,997
   
1.1D: Foreign exchange  
Foreign exchange gains  
Non-speculative 74
Foreign exchange losses  
Non-speculative (235)
Total net gain/(loss) foreign exchange (161)

Accounting Policy

Transactions denominated in a foreign currency are converted at the exchange rate on the date of transaction.  Foreign currency receivables and payables are translated at the exchange rate at the balance date.

Non-financial items that are measured at cost in a foreign currency are translated using the spot exchange rate at the date of the initial transaction. Non-financial items that are measured at fair value in a foreign currency are translated using the spot exchange rates at the date when the fair value was determined.

All exchange gains and losses are reported in the Statement of Comprehensive Income.

1.2: Own-source revenue and gains

Own-source revenue

  2019
$'000
1.2A: Provision of goods and rendering of services
Provision of goods  
Rendering of services  
Non Government 1,571
Government 2,776
Resources received free of charge - Audit Services 168
Total provision of goods and rendering of services  4,515

Accounting Policy

Revenue from the provision of goods is recognised when:

  • the risks and rewards of ownership have been transferred to the buyer
  • ASD retains no managerial involvement nor effective control over the goods
  • the revenue and transaction costs can be reliably measured
  • it is probable that the economic benefits associated with the transaction will flow to ASD.

revenue from rendering of services is recognised by reference to the stage of completion of contracts at the reporting date. The revenue is recognised when the:

  • amount of revenue, stage of completion and transaction costs incurred can be reliably measured
  • probable economic benefits associated with the transaction will flow to ASD.
  2019
$'000
1.2B: Revenue from Government  
Appropriations:  
    Departmental appropriations 743,530
Total revenue from Government 743,530

Accounting Policy

Amounts appropriated for departmental appropriations for the year (adjusted for any formal additions and reductions) are recognised as revenue when ASD gains control of the appropriation, except for certain amounts that relate to activities that are reciprocal in nature, in which case revenue is recognised only when it has been earned.

ASD draws down appropriations on a just-in-time basis. The undrawn appropriations as at 30 June 2019 are reflected as a receivable and are available to be drawn down to meet future obligations. Appropriations receivable are recognised at their nominal amounts.


2. Financial position

This section analyses ASD's assets used to conduct its operations and the operating liabilities incurred as a result.

2.1 Financial assets

  2019
$'000
2.1A: Trade and other receivables  
Goods and services  
Goods and services 1,542
Total goods and services receivables 1,542
   
Appropriations receivable  
For existing programs 8,178
Total appropriations receivable 8,178
   
Other receivables  
GST receivable from the Australian Taxation Office 3,127
Other 3,209
Total other receivables  6,336
Total trade and other receivables (gross) 16,056
   
Less impairment allowance  
Goods and services -
Total impairment allowance -
Total trade and other receivables (net) 16,056

Accounting Policy

Trade receivables and other receivables are recognised initially at fair value and subsequently measured at amortised cost, less any loss allowance.

The receivables for goods and services are generally receivable within 30 days.

Trade and other receivable assets at amortised cost are assessed for impairment at the end of each reporting period. The simplified approach has been adopted in measuring the impairment loss allowance at an amount equal to lifetime 'expected credit loss' (ECL).

AASB 9 replaces the 'incurred loss' model previously used under AASB 139 with an ECL model. This new impairment model applies to financial assets measured at amortised cost, contract assets and debt instruments measured at fair value through other comprehensive income.

2.2: Non-financial assets
 

2.2A: Reconciliation of the opening and closing balances of property, plant and equipment, and intangibles



Item
Buildings and Infrastructure
$'000
Plant and Equipment
$'000
Intangibles
$'000
Heritage Assets
$'000
Total
$'000
Net book value 1 July 2018 - - - - -
Additions:          
By purchase 25,723 101,337 8,890 - 135,950
Internally developed - - 595 - 595
Acquisitions of entities or operations (including restructuring) 11,743 201,301 30,423 244 243,711
Revaluations/impairments recognised in other comprehensive income 1 141 11,161 - - 11,302
Reclassification 4,767 (6,642) 1,875 - -
Depreciation/amortisation expense (300) (42,998) (16,729) - (60,027)
Revaluations/write-downs and impairment recognised in net cost of services (41) (2,017) (939) - (2,997)
Other movements          
Reversal of previous asset write-downs - 115 - - 115
Net book value 30 June 2019 42,033 262,257 24,115 244 328,649
           
Net book value as at 30 June 2019
represented by:
Gross book value 42,124 292,876 41,783 244 377,027
Accumulated depreciation/amortisation and impairment  (91) (30,619) (17,668) - (48,378)
Closing net book value at 30 June 2019 42,033 262,257 24,115 244 328,649

All revaluations were conducted in accordance with revaluation policy stated at Note 2.2A(d).

  2019
$'000
Commitments payable to property, plant and equipment and intangibles
Infrastructure, plant and equipment 1 3,671
Intangibles 2 2,667
Total capital commitments 6,338
  1. Infrastructure, plant and equipment capital commitments include outstanding contractual payments.

  2. Intangible commitments include contractual payments for software license agreements. 

Accounting Policy

(a) Individual Asset Recognition Threshold
Purchases of property, plant and equipment including buildings and infrastructure are recognised initially at cost where they meet the individual asset recognition threshold.  Individual items are capitalised where the individual value is equal to or exceeds $5,000 for buildings, infrastructure and other assets; and $2,000 for other plant and equipment. Assets costing below these thresholds are expensed in the year of acquisition.

(b) Reversal of Previous Asset Write-Downs 
These are amounts relating to assets which have been previously written down or expensed in prior periods.  In the current year, these items have been either reversed as a write down or capitalised for the first time due to either exceeding the capitalisation threshold or through identification during stock takes.  

(c) Assets under construction
Assets under construction (AUC) include expenditure to date on major military capability and facilities projects. AUC projects are reviewed annually for indicators of impairment.  Prior to rollout into service, the accumulated AUC balance is reviewed to ensure accurate capitalisation.

(d) Subsequent valuations 
All property, plant and equipment is measured and disclosed at fair value, less any accumulated depreciation and accumulated impairment losses.  Valuations are conducted with sufficient frequency to ensure that the carrying amounts of assets did not differ materially from the assets’ fair values as at the reporting date.  The regularity of independent valuations depended upon the volatility of movements in market values for the relevant assets.

The basis for determining fair value is by reference to the highest and best use that is physically possible, legally permissible and financially feasible. Where an active and liquid market exists, fair value is determined by reference to market values, noting the highest and best use criteria and any specific factors that have been noted by the valuer.

Valuation for buildings, infrastructure and other plant and equipment assets are performed by independent external valuers using inputs such as sales prices of comparable assets, replacement cost, expected useful life and adjustments for obsolescence.

Following initial recognition at cost, valuations for buildings, and infrastructure are conducted every year; and other plant and equipment are revalued annually on a sample basis.

Revaluation adjustments are made on a class basis.  Any revaluation increment is recognised as Other Comprehensive Income under the heading of Changes in Asset Revaluation Reserves except to the extent that it reverses a previous revaluation decrement of the same class that was previously recognised in the surplus/deficit.  Revaluation decrements for a class of assets are recognised directly in the surplus/deficit except to the extent that they reverse a previous revaluation increment for that class.

Any accumulated depreciation as at the revaluation date is eliminated against the gross carrying amount of the asset and the asset is restated to the revalued amount.

(e) Depreciation
Property, plant and equipment items having limited useful lives are systematically depreciated over their estimated useful lives on a straight-line basis.  Depreciation rates (useful lives) are determined upon acquisition and are reviewed at each subsequent reporting date, and necessary adjustments are made in the current, or current and future reporting periods, as appropriate.  Residual values are re-estimated only when assets are revalued.

The following are minimum and maximum useful lives for the different asset classes. These are not necessarily indicative of typical useful lives for these asset classes.

  2018-19
Building and Infrastructure 9 to 40 years
Plant and Equipment 2 to 40 years
Heritage Assets Indefinite

(f) Intangible Assets
ASD’s intangibles comprise externally acquired and internally developed computer software for internal use and other externally acquired and internally developed intangibles. Intangibles with gross values greater than $150,000 are capitalised when they meet the recognition criteria in AASB 138.

All intangibles are amortised on a straight–line basis over their anticipated useful lives. The useful lives of ASD software are 2 to 22 years and the useful lives of ASD's other intangibles are 1 to 6 years.  All intangible assets are assessed annually for indications of impairment. 

ASD recognises its intangible assets initially at cost and measures those which have an active market at fair value subsequent to initial recognition.  If an intangible asset is acquired at no cost or for nominal consideration, other than those acquired through restructuring, it is recognised initially at fair value as at the date of acquisition.

All ASD intangible assets are currently stated at cost less any subsequent accumulated amortisation and accumulated impairment losses.

Acquired intellectual property may form part of the acquisition of particular tangible assets.  Where the acquired intellectual property is inseparable from the underlying tangible asset it is reflected in the value of the tangible asset in the statement of financial position.

ASD reviews the useful life of intangible assets annually based on the service potential of the assets. All ASD intangible assets have finite useful lives and are amortised over their anticipated useful lives. Where there is an indication that the service potential of an intangible asset is impaired, the recoverable amount of that asset is determined based on the remaining service potential. Where the recoverable amount is lower than the carrying amount, the asset is written down to its recoverable amount.

(g) Acquisition of Assets
Assets are initially recorded at cost on acquisition which includes the fair value of assets exchanged and liabilities undertaken. Financial assets are initially measured at their fair value plus transaction costs where appropriate.

Assets acquired at no cost, or for nominal consideration are initially recognised as assets and revenues at their fair value at the date of acquisition, unless acquired as a consequence of restructuring of administrative arrangements. In the latter case, assets are initially recognised at the amounts at which they were recognised in the transferor agency’s accounts immediately prior to the restructuring.

(h) Impairment of Assets
All relevant assets were assessed for impairment during the year.  Where indications of impairment exist, the asset’s recoverable amount is estimated and an impairment adjustment made if the asset’s recoverable amount is less than its carrying amount.

The recoverable amount of an asset is the higher of its fair value less costs to sell and its value in use. Value in use is the present value of the future cash flows expected to be derived from the asset. Where the future economic benefit of an asset is not primarily dependent on the asset’s ability to generate future cash flows, and the asset would be replaced if ASD was deprived of the asset, its value in use is taken to be its depreciated replacement cost.

(i) Derecognition of Assets 
Assets are derecognised upon disposal or when no further economic benefits or capability are expected from their use or disposal.

(j) Heritage and Cultural Assets
Heritage and cultural items include artefacts and memorabilia that are or may be of national historical or cultural significance. 

Significant accounting judgements and estimates

ASD assesses non-financial assets for impairment by monitoring impairment indicators specific to an asset’s use in the ASD context. Where these indicators signify that an asset is impaired, management has made an estimate of the recoverable amount of those assets to determine any impairment loss.

Property, plant and equipment is measured at fair value using revaluation techniques that require significant judgements and estimates to be made.

   2019
$'000
2.2B Prepayments  
Capital prepayments 1,384
Non-capital prepayments 106,464
Total prepayments 107,848

83% of Prepayments relate to the shared services arrangement with the Department of Defence. 

Accounting Policy

Prepayments, excluding those paid to employees as retention benefit payments, are recognised if the value of the payment is $50,000 or greater.

2.3: Payables

  2019
$'000
2.3A: Bank overdrawn  
Cash at bank 2,245
Total bank overdrawn 2,245

The total bank overdrawn amount is contained within the Commonwealth accounts with the Reserve Bank of Australia and does not represent a borrowing. The overdrawn amount was repaid on 2 July 2019 (the next business day) and was covered by undrawn appropriations available at that time.

Accounting policy

Cash and cash equivalents includes notes and coins held, any deposits in bank accounts held at call with a bank, and cash held in special accounts. Cash is measured at its nominal amount. Cash and cash equivalents denominated in a foreign currency is converted at the exchange rate at the balance date.

  2019
$'000
2.3B: Employee payables  
Employee payables  
Salaries and wages 4,169
Superannuation 237
Total employee payables 4,406
   
2.3C: Other payables  
Statutory payable 3,677
Other 2,306
Total other payables 5,983


3. Funding

This section identifies ASD's funding structure.

3.1: Appropriations

3.1A: Annual appropriations ('Recoverable GST exclusive')

Annual appropriations for 2018-2019

 

Annual Appropriation
$'000

Adjustments to appropriation 1
$'000

Total Appropriation
$'000

Appropriation applied to 2019 (Current and prior years)
$'000

Variance 2
$'000

DEPARTMENTAL          
Ordinary annual services 740,726 14,269 754,995 (747,064) 7,931
Capital budget - - - - -
Other services          
Equity injection 124,200 2,531 126,731 (124,200) 2,531
Total departmental 864,926 16,800 881,726 (871,264) 10,462

Notes

  1. Adjustment to appropriations include Advance to the Finance Minister (AFM), PGPA Section 74 receipts and PGPA Act section 75 transfers.

  2. Reasons for material variance:

  Ordinary Annual Service
$'000
  Equity
$'000
Undrawn departmental annual appropriations 2018-19 57   -
Net GST payments made not yet recovered 2,284   -
Undrawn departmental annual appropriations 2017-18 5,590   2,531
Total 7,931   2,531


3. Reconciliation to appropriation receivable

$'000
2018-19 Appropriation Act 3 57
2017-18 Appropriation Act 1 5,590
2017-18 Appropriation Act 4 2,531
Total 8,178

3.1B: Unspent annual appropriations ("Recoverable GST exclusive")


Authority
2019
$'000
DEPARTMENTAL  
Operating  
Act 1 2017-18 5,590
Act 3 2018-19 2,341
Total operating 7,931
   
Equity  
Act 4 2017-18 2,531
Total equity 2,531
Total 10,462
   
Cash and cash equivalents (2,245)
Total unspent annual appropriations 1 8,217

Notes

  1. The unspent annual appropriations of $8.217m is allocated as follows:
    a) $5.933m of unspent annual appropriations (including cash and cash equivalents) available to ASD
    b) Net GST payments made in 2018-19 that will be recovered in later financial periods of $2.284m.


4. People and relationships

This section describes our relationship with key people.

4.1: Key management personnel remuneration

Key management personnel are those persons having authority and responsibility for planning, directing and controlling the activities of ASD, directly or indirectly. The key management personnel of ASD are considered to be the:

  1. Minister for Defence
  2. Director-General Australian Signals Directorate
  3. Principal Deputy Director-General
  4. Deputy Director-General Signals Intelligence & Network Operations
  5. Head of Australian Cyber Security Centre
  6. Deputy Director-General Corporate & Capability.

Key management personnel remuneration is reported in the table below.

  2019
$
Short-term employee benefits 2,174,679
Post-employment benefits 407,484
Long-term benefits 35,283
Total key management personnel remuneration expenses 1 2,617,445

The total number of key management personnel that are included in the above table are 5.

Notes

  1. The above key management personnel remuneration excludes the remuneration and other benefits of the Minister Defence. The remuneration and other benefits of the Minister for Defence is set by the Remuneration Tribunal and is not paid by ASD.

4.2: Related party disclosures

ASD is an Australian Government controlled entity. Related parties to this entity are:

  1. Key management personnel (as detailed in Note 4.1)
  2. Spouse or domestic partners of (i)
  3. Children or dependents of (i)
  4. Entities, individually or jointly, controlled by the above individuals; and
  5. Other Australian Government entities.

Given the breadth of Government activities, related parties may transact with the government sector in the same capacity as ordinary citizens. These transactions have not been separately disclosed in this note.

Significant transactions with related parties can include:

  1. the payments of grants or loans
  2. purchases of goods and services
  3. asset purchases, sales transfers or leases
  4. debts forgiven
  5. guarantees.

Giving consideration to relationships with related entities, and transactions entered into during the reporting period by the entity, it has been determined that there are no significant related party transactions to be separately disclosed.


5. Managing uncertainies

This section analyses how ASD manages financial risk within its operating environment.

5.1: Contingent liabilities and assets

Quantifiable contingencies

Contingent liabilities and contingent assets are not recognised in the Statement of Financial Position but are reported in the relevant schedules and notes. They may arise when there is uncertainty as to the existence of a liability or asset or when the value of the liability or asset cannot be reliably measured. Contingent liabilities are disclosed when settlement is greater than  remote.  Contingent assets are disclosed when settlement is probable but not virtually certain.

As at 30 June 2019 there were no contingent assets or liabilities.

Unquantifiable contingencies

As at 30 June 2019 there were no unquantifiable contingent assets or liabilities.

5.2: Financial instruments

  2019
$'000
5.2A: Categories of financial instruments Notes  
Financial assets at amortised cost     
Loans and receivables:     
    Trade and other receivables   4,751
Total financial assets at amortised cost   4,751
Carrying amount of financial assets   4,751
     
Financial liabilities     
Financial liabilities at amortised cost     
Bank Overdraft 2.3A 2,245
Suppliers 2.3B 4,406
Other payables   6,667
Total financial liabilities at amortised cost   13,318
Carrying amount of financial liabilities   13,318

Accounting Policy

Financial Assets
With the implementation of AASB 9 Financial Instruments for the first time in 2019, ASD classifies its financial assets in the following categories:
a) financial assetts at fair value through profit or loss
b) financial assets at fair value through other comprehensive income
c) financial assets measured at amortised cost.

The classification depends on both ASD's business model for managing the financial assets and contractual cash flow characteristics at the time of initial recognition. Financial assets are recognised when ASD becomes a party to the contract and, as a consequence, has a legal right to receive or a legal obligation to pay cash and derecognised when the contractual rights to the cash flows from the financial asset expire or are transferred upon trade date.

(a) Financial Assets at Amortised Cost
Financial assets included in this category need to meet two criteria:
1. the financial asset is held in order to collect the contractual cash flows
2. the cash flows are solely payments of principal and interest on the principal outstanding amount.

Amortised cost is determined using the effective interest method.

(b) Effective Interest Method
The effective interest method is a method of calculating the amortised cost of a financial asset and of allocating interest income over the relevant period. The effective interest rate is the rate that exactly discounts estimated future cash receipts through the expected life of the financial asset, or, where appropriate, a shorter period.
Income is recognised on an effective interest rate basis for financial assets that are recognised at amortised cost.

(c) Impairment of Financial Assets
Financial assets are assessed for impairment at the end of each reporting period.

Financial assets held at amortised cost 
The amount of loss is measured using the simplified approach of the expected credit loss model at an amount equal to lifetime expected credit losses.  The carrying amount is reduced by way of an allowance account. The loss is recognised in the Statement of Comprehensive Income.

Financial liabilities
Financial liabilities are classified as either financial liabilities 'at fair value through profit or loss' or other financial liabilities. Financial liabilities are derecognised upon trade date.

(a) Other Financial lLiabilities at Amortised Cost
Other financial liabilities, including borrowings, are initially measured at fair value, net of transaction costs. These liabilities are subsequently measured at amortised cost using the effective interest method, with interest expense recognised on the financial liability.

ASD's supplier and other payables are generally payable within the short term and are recognised at the amount of cash or cash equivalents required to settle the liability. Liabilities are recognised to the extent that the goods or services have been received (and irrespective of having been invoiced).

Financial assets are derecognised when the contractual rights to the cash flows from the financial assets expire or the assets with the associated risks and rewards are transferred to another entity.  Financial liabilities are derecognised when the obligation under the contract is discharged, cancelled or has expired.

  2019
$'000
5.2B: Net gains or losses on financial assets  
Financial assets at amortised cost  
Exchange gains/(loss) 1
Net (loss)/gain on financial assets at amortised cost 1
Net (loss)/gain on financial assets 1


There is no interest income from financial assets not a fair value through the net cost of services.

   
5.2C: Net gains or losses on financial liabilities  
Financial liabilities measured at amortised cost  
Exchange gains/(loss) (162)
Net (loss)/gain financial liabilities measured at amortised cost (162)
Net gain/(loss) on financial liabilities (162)


There is no interest expense from financial liabilities not a fair value through the net cost of services.

5.3: Fair value measurements

ASD's assets are held for operational purposes, not for the purposes of deriving a profit.  As allowed for by AASB 13 Fair Value Measurement, quantitative information on significant unobservable inputs used in determining fair value is not disclosed.

The different levels of the fair value are detailed below:

  • Level 1: Quote prices (unadjusted) in the active market for identical assets or liabilities that the entity can access at measurement date.
  • Level 2: Inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly or indirectly.
  • Level 3: Unobservable inputs for an asset or liability.

Accounting Policy

In estimating the fair value of an asset or a liability, ASD uses market-observable data to the extent it is available. For level 2 and 3 inputs, ASD engages third party qualified valuers and internal experts to establish the appropriate valuation techniques and inputs to the models to ensure the valuations are in line with AASB 13.

ASD reviews all reports received from third party valuers and internal experts to ensure unobservable inputs used align with ASD's own assumptions and understanding of the market. This review includes investigation of significant fluctuations in the fair value of the assets and liabilities and that the report includes sufficient information to ensure compliance with AASB 13.

ASD deems transfers between levels of fair value hierarchy to have occurred when there has been a change to the inputs to the fair value measurement (for instance from observable to unobservable and vice versa) and the significance that the changed input has in determining the fair value measurement.


6. Other information

6.1: Restructuring

In 2017, the Australian Government commissioned an Independent Intelligence Review. Part of this review identified the requirement for an independent signals and intelligence agency. As such, the ASD was legislated to become an independent statutory agency from 1 July 2018. 

As part of this legislation, responsibilities for certain functions were also assumed by ASD from the following entities:

  • The Department of Defence
  • The Attorney-General's Department
  • The Department of Prime Minister and Cabinet
  • The Digital Transformation Agency

 

6.1A: Restructuring in accordance with Section 75 of the PGPA Act

FUNCTIONS ASSUMED
Defence
$'000
 ADG
$'000
PMC
$'000
DTA
$'000
Total
$'000
Assets recognised          
Cash and cash equivalents - - - 213 213
Trade and other receivables 296 10,086 72 - 10,454
Buildings and Infrastructure  1,647 10,096 - - 11,743
Plant and Equipment 199,886 1,389 - 26 201,301
Other assets 244 - - - 244
Intangibles 30,352 71 - - 30,423
Prepayments 30,586 1,485 - - 32,071
Total assets recognised 263,011 23,127 72 239 286,449
           
Liabilities recognised          
Suppliers payables - 494 - - 494
Employee payables - - - 10 10
Other payables - 1,677 - - 1,677
Employee provisions 60,803 2,068 72 213 63,156
Total liabilities recognised 60,803 4,239 72 223 65,337
Net assets recognised 202,208 18,888 - 16 221,112

Notes

  1. In respect of functions assumed, the net book value of assets were transferred to ASD for no consideration.

6.2: Aggregate assets and liabilities

  2019
$'000
6.2A: Aggregate assets and liabilities
Assets expected to be removed in  
No more than 12 months 123,085
More than 12 months 329,468
Total assets 452,553
   
Liabilities expected to be settled in  
No more than 12 months 73,718
More than 12 months 53,536
Total liabilities 127,254

7. Net cash appropriation arrangements

The Government funds ASD on a net cash appropriation basis, where appropriation revenue is not provided for depreciation and amortisation expenses. Depreciation and amortisation is included in the ASD's cost recovered operations to the extent that it relates to those activities.

ASD's accountability for its operating result is at its result net of unfunded depreciation and amortisation. 

  2019
$'000
Total comprehensive (loss)/gain (20,013)
Unfunded depreciation and amortisation  
Total Depreciation 60,027
Net unfunded depreciation  60,027
Comprehensive surplus/(loss) net of unfunded depreciation and amortisation 40,014

8. Major budget variances

General commentary

AASB 1055 Budgetary Reporting requires explanations of major variances between the original budget as presented in the 2018-19 Portfolio Budget Statements (PBS) and the final 2019 outcome. As a first year entity, initial PBS was prepared prior to details of machinery of government changes being finalised, there are significant variances across all categories.

Net cost of services

A significant portion of the variance is due to depreciation which was not budgeted for in PBS.

Financial assets

There was no allowance for receivables in the PBS.

Non-financial assets

The budgeted position presented at PBS did not consider assets that might be transferred to ASD from other agencies under section 75 of the PGPA Act. When recognised the assets transferred totalled $286.5m which represents the major variance in non-financial assets.

Departmental cash flows

In both cash received and cash used, GST is the largest variance item. GST was not budgeted in PBS. Total investing activity shows a minor variance in total with the major variance relating to category of investment. Contributed equity variance relates to new measures announced after the PBS was published.

Appendix A | Agency resource statement

Statement by the Director-General and Chief Financial Officer

In our opinion, the attached financial statements for the year ended 30 June 2019 comply with subsection 42(2) of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and are based on properly maintained financial records as per subsection 41(2) of the PGPA Act.

In our option, at the date of statement, there are reasonable grounds to believe that the Australian Signals Directorate will be able to pay its debts as and when they fall due.

 

LTGEN John Frewen DSC AM
A/ Director-General
Australian Signals Directorate
23 September 2019
Mr Robert O'Meara
Chief Financial Officer
Australian Signals Directorate
23 September 2019

 

Appendix B | Expenses by outcome

Outcome 1: Defend Australia from global threats and advance our national interests through the provision of foreign signals intelligence, cyber security and offensive cyber operations, as directed by Government.

  Budget*
2018-19
$'000
Actual expenses 2018-19 $'000 Variation 2018-19 $'000
Program 1.1: Foreign Signals Intelligence, Cyber Security and Offensive Cyber Operations
Departmental expenses      
Appropriation1 742,020 711,775 30,245
Expenses not requiring appropriation in the budget year 3,444 67,700 (64,256)
Total for Program 1.1 745,464 779,475 (34,011)
Total expenses for Outcome 1 745,464 779,475 (34,011)

Notes

* As per Portfolio Budget Statements including adjustments made at Additional Estimates and reductions under PGPA Act section 51 and reductions under PGPA Act section 51.

  1. Ordinary annual services (Appropriation Act No. 1 and 3) including reductions under section 51 of the PGPA Act and Retained Revenue Receipts under section 74 of the PGPA Act 2013.

AASB 1055 Budgetary Reporting requires explanations of major variances between original budget as presented in the 2018-19 Portfolio Budget Statements (PBS) and the final 2019 outcome. As a first year entity, initial PBS was prepared prior to details of machinery of government changes being finalised, there are significant variances across all categories.

Appendix C | Workforce statistics

Workforce statistics

Table 3: Full-Time Equivalent (FTE) and Average Staffing Levels (ASL)

Year FTE (end of financial year) ASL Allocation
2018–19 1775.0 1729.8 1888
2017–18 1587.5 1490.9 1547

Notes:

  1. In 2017–18, achievement against allocation was measured by the end of financial year (EOFY) FTE position in relation to the allocation - this was changed to ASL for FY 2018–19.

Table 4: Employment status by gender and headcount for 2018–19 and 2017–18

Employment status & gender Ongoing Non-ongoing (specified term) Intermittent (casual) Total
2018-19 1877 23 15 1915
Male 1252 11 13 1276
Female 625 12 2 639
2017-18 1694 6 12 1712
Male 1138 3 9 1150
Female 556 3 3 562

Notes:

  1. 2017–18 data includes Director-General ASD. The 2018–19 data excludes Director-General ASD as a Statutory Officer.

  2. Non-ongoing employees do not include locally-engaged staff and secondees.

Table 5: Employment status (headcount) by classification (ASD and APS)

Employment status & classification Ongoing Non-ongoing (specified term) Intermittent (casual)
2018-19 ASD Classifications 1877 23 15
Trainee/Graduate 66 0 0
ASD 2 - EL2 1776 22 15
ASD SES 1 - ASD SES 3 35 1 0
2017-18 APS Classifications 1694 6 12
Trainee 12 0 0
APS 2 - EL2 1659 5 12
SES 1 - SES 3 23 1 0

Notes:

  1. 2017–18 data includes Director-General ASD. The 2018–19 data excludes Director-General ASD as a Statutory Officer.

  2. Non-ongoing employees do not include locally-engaged staff and secondees.

Table 6: Employment status by classification and location

Employment status & classification Ongoing Non-ongoing (specified term) Intermittent (casual) Total
2018-19 1877 23 15 1915
Canberra 1748 18 0 1781
Other locations 129 22 5 134
2017-18 1694 6 12 1712
Canberra 1590 4 12 1606
Other locations 104 2 0 106

Notes:

  1. 2017–18 data includes the Director-General. The 2018–19 data excludes the Director-General as a Statutory Officer.

  2. Non-ongoing employees do not include locally engaged staff and secondees.

Table 7: Classification by gender (percentage)

Gender 2018-19 2017-18
Classification Female Male Female Male
Trainee/Graduate 1.3% 2.1% 0.1% 0.6%
ASD 2 – EL2 31.2% 63.5% 32.1% 65.8%
SES 1 – SES 3 0.9% 1.0% 0.6% 0.8%
Total 33.4% 66.6% 32.8% 67.2%

Notes:

  1. 2017–18 data includes the Director-General. The 2018–19 data excludes the Director-General as a Statutory Officer.

  2. Non-ongoing employees do not include locally-engaged staff and secondees.

Table 8: Diversity of ASD employees showing headcount and percentage

  2018-19 2017-18
Available data 1915 1712
Identify as Aboriginal and/or Torres Strait Islander 13 0.7% 14 0.8%
Culturally and linguistically diverse (CALD) 494 25.8% 437 25.5%
People with a disability 25 1.3% 27 1.6%
Total 532 27.8% 478 27.9%

Notes:

  1. Percentage of available data calculated using the total head count.

  2. Percentages of employees identifying as Aboriginal and or Torres Strait Islander, from a culturally and linguistically diverse background, and with a disability calculated using headcount of available data.

  3. The 2017–18 data includes Director-General ASD. The 2018–19 data excludes Director-General ASD as a Statutory Officer and excludes secondees, locally-engaged staff and contractors.

  4. Provision of Equal Employment Opportunity data is voluntary. Data is considered 'available' if a staff member has provided information on at least one diversity category.

Table 9: Key management personnel remuneration 2018–19

Name Position Short-term benefits Post-employment benefits Other long-term benefits Termination benefits Total remuneration
Base salary Bonuses Other benefits and allowances Superannuation contributions Long service leave Other long-term benefits
Mr Michael Burgess Director-General 592,063 0 1,161 87,400 4,662 0 0 685,286
Lieutenant-General John Frewen Principal Deputy Director-General 394,233 0 18,840 132,619 9,574 0 0 555,266
Mr Simeon Gilding Deputy Director-General Signals Intelligence & Network Operations 393,205 0 1,868 59,795 8,320 0 0 463,187
Mr Alastair MacGibbon Head of Australian Cyber Security Group 365,291 0 1,053 54,246 2,994 0 0 423,584
Ms Hazel Bennett Deputy Director-General Corporate & Capability 406,211 0 754 73,424 9,733 0 0 490,122
Total   2,151,003 0 23,676 407,484 35,283 0 0 2,617,446

Notes:

  1. Remuneration has been captured for only time spent by the named individual as a KMP.

  2. Base salary includes accrued leave that is equal to leave accrued less leave taken. Certain personnel have access to executive vehicle allowances, this is included as base salary.

  3. Long service leave is equal to leave accrued less leave taken.

  4. Total remuneration will differ from the remuneration tribunal due to a number of definitional differences.

Table 10: Performance pay by classification level

  Number of employees receiving performance pay Aggregated (sum total) value of all payments made ($) Average value of all payments made ($) Minimum payment made ($) Maximum payment made
Total 917 1,305,779 1,457 124 2,766

Notes:

  1. Employees engaged under the ASD Conditions of Employment (non-SES) Determination 2018 who are at or above the top of their salary range and are eligible for performance progression are entitled to a lump sum performance progression payment of 1 per cent or $725, whichever is greater.

  2. Minimum and maximum payments in this table may reflect amounts below these thresholds due to either part-time service or a partial lump-sum payment where the employee reaches the top of the range in the performance year.

  3. Employees on Individual Flexibility Arrangements (IFA) may also receive additional performance-related bonuses, subject to meeting eligibility requirements.

  4. The performance cycle runs from 1 September to 31 August each year.

  5. Lump-sum performance progression payments and IFA-related performance bonuses were paid to 917 employees at classification levels ASD3 to EL2.

  6. There were no performance payments made to Senior Executive Service employees.

Appendix D | ASD's salary classification structure

Table 11: ASD salary classification structure

Approved classification Rates applied as at 30 June 2019 ($)
  Base Top
Trainee ASD (Technical) 49,616 55,791
Trainee ASD (Administrative) 25,972 36,088
ASD Level 1 45,952 51,583
ASD Level 2 52,004 58,463
ASD Level 3 59,237 65,270
ASD Level 4 67,100 73,256
ASD Level 5 73,636 78,873
ASD Level 6 80,669 92,150
ASD Executive Level 1 101,955 115,005
ASD Executive Level 2 118,376 142,087
ASD Executive Level 2.1 142,088 169,094
ASD Executive Level 2.2 169,095 190,230

Table 12: Minimum SES salary levels

Classification Minimum salary rate applied as at 30 June 2019 ($)
SES Band 1 160,932
SES Band 2 195,282
SES Band 3 242,829

Note:

  1. The salary figures exclude allowance payments provided in recognition of high value skills.

Senior leadership

During the reporting period ended 30 June 2019, ASD had five executives who meet the definition of key management personnel (KMP). Their names and the length of term as KMP are summarised below.

Name Position Term as KMP
Mr Michael Burgess Director-General Full year
LTGEN John Frewen Principal Deputy Director-General Full year
Mr Simeon Gilding Deputy Director-General SIGINT & Network Operations Full year
Mr Alastair MacGibbon Deputy Secretary Australian Cyber Security Group Part-year - Ceased 28/05/2019
Ms Hazel Bennett Deputy Director-General Corporate & Capability Part-year - Appointed 02/07/2018
Key management personnel remuneration for the reporting period 2019 $
Short-term benefits  
     Base salary1 2,151,003
     Bonus  
     Other benefits and allowances 23,676
Total short-term benefits 2,174,679
   
Post-employment benefits  
     Superannuation 407,484
Total post-employment benefits 407,484
   
Other long-term benefits  
     Long service leave 35,283
Total other long-term benefits 35,283
   
Termination benefits 0
   
Total key management personnel remuneration 2,617,446
  1. The above key management personnel remuneration excludes the remuneration and other benefits of the Minister for Defence, Minister for Defence Industry, Minister for Veterans and Defence Personnel and Assistant Defence Minister. The remuneration and other benefits for these Ministers are not paid by ASD.

Table 13: Senior Executive Commonwealth Officers (ASD) Remuneration

Remuneration band Number of Senior Executives2 Short-term benefits Post-employment benefits Other long-term benefits Termination benefits Total Remuneration
Average base salary ($) Average bonuses ($) Average other benefits and allowances3 ($) Average superannuation contributions ($) Average long service leave ($) Average other long-term benefits ($) Average termination benefits ($) Average total remuneration ($)
$0 - $220,000 19 79,322 555 198 12,562 - - - 93,940
$220,001 - $245,000 7 192,893 408 579 30,573 - - - 228,206
$245,001 - $270,000 6 212,510 - 1,037 33,408 - - - 250,794
$270,001 - $295,000 3 236,497 - 429 38,375 - - - 279,913
$295,001 - $320,000 - - - - - - - - -
$320,001 - $345,000 1 155,856 - - 27,197 2,896 - 156,866 342,814
$345,001 - $370,000 - - - - - - - - -
$370,001 - $395,000 1 167,405 - 1,455 28,035 3,299 - 194,272 394,466
$420,001 - $445,000 1 196,487 - 1,404 35,131 4,356 - 194,272 431,650
  1. The number of senior executives listed above is the number of individual SES not the number of SES positions. Staff who are permanently appointed to or acted in an SES level position for a period longer than 6 months are included.

  2. Other Benefits and Allowances includes the value of items such as housing (including overseas), motor vehicle allowances, retention bonuses, cost of living allowances (to support members and their families in remote or overseas locations), and any associated Fringe Benefits Tax payable by ASD. This column includes non-cash benefits.

Table 14: Other Highly Paid Staff - Commonwealth Officers Remuneration

Remuneration band Number of highly paid Commonwealth Officers Short-term benefits Post-employment benefits Other long-term benefits Termination benefits Total Remuneration
Average base salary ($) Average bonuses ($) Average other benefits and allowances4 ($) Average superannuation contributions ($) Average long service leave ($) Average other long-term benefits ($) Average termination benefits ($) Average total remuneration ($)
$220,001 - $245,000 7 143,015 6,681 60,869 22,137 2,589 - - 235,291
$245,001 - $270,000 6 145,352 4,757 80,471 26,523 3,068 - - 260,170
$270,001 - $295,000 7 107,026 7,878 126,190 17,551 2,452 - 20,758 281,855
$295,001 - $320,000 7 109,955 1,520 168,855 19,829 2,276 - - 302,435
$320,001 - $345,000 - - - - - - - - -
$345,001 - $370,000 3 126,936 380 207,412 20,197 2,054 - - 356,979
$370,001 - $395,000 12 160,979 1,273 197,510 23,548 2,372 - - 385,681
$395,001 - $420,000 1 140,600 495 253,172 21,649 3,232 - - 401,148
  1. Other Benefits and Allowances includes the value of items such as housing (including overseas), motor vehicle allowances, retention bonuses, cost of living allowances (to support members and their families in remote or overseas locations), and any associated Fringe Benefits Tax payable by ASD. This column includes non-cash benefits.

List of Requirements

Table 15: List of requirements

PGPA rule reference Part of report Description Requirement
17AD(g) Letter of transmittal
17AI Letter of transmittal A copy of the letter of transmittal signed and dated by accountable authority on date final text approved, with statement that the report has been prepared in accordance with section 46 of the Act and any enabling legislation that specifies additional requirements in relation to the annual report. Mandatory
17AD(h) Aids to access

17AJ(a)

Contents

Table of contents.

Mandatory

17AJ(b)

Index

Alphabetical index.

Mandatory

17AJ(c)

Glossary of abbreviations

Glossary of abbreviations and acronyms.

Mandatory

17AJ(d)

This table

List of requirements.

Mandatory

17AJ(e)

Contact Details

Details of contact officer.

Mandatory

17AJ(f)

Contact details

Entity's website address.

Mandatory

17AJ(g)

Contact details

Electronic address of report.

Mandatory

17AD(a) Review by accountable authority

17AD(a)

Chapter 1 | Director-General ASD's overview

A review by the accountable authority of the entity.

Mandatory

17AD(b) Review of the entity

17AE(1)(a)(i)

Chapter 2 | Overview of ASD

A description of the role and functions of the entity.

Mandatory

17AE(1)(a)(ii)

Chapter 2 | Overview of ASD

A description of the organisational structure of the entity.

Mandatory

17AE(1)(a)(iii)

Chapter 2 | Overview of ASD

A description of the outcomes and programmes administered by the entity.

Mandatory

17AE(1)(a)(iv)

Chapter 2 | Overview of ASD

A description of the purposes of the entity as included in corporate plan.

Mandatory

17AE(1)(b)

NA

An outline of the structure of the portfolio of the entity.

Portfolio departments mandatory

17AE(2)

NA

Where the outcomes and programmes administered by the entity differ from any Portfolio Budget Statement, Portfolio Additional Estimates Statement or other portfolio estimates statement that was prepared for the entity for the period, include details of variation and reasons for change.

If applicable, Mandatory

  Annual performance statements

17AD(c)(i)
16F

Chapter 3 | Report on performance

Annual performance statement in accordance with paragraph 39(1)(b) of the Act and section 16F of the Rule.

Mandatory

17AD(c)(ii) Report on Financial performance

17AF(1)(a)

Chapter 3 | Report on performance

A discussion and analysis of the entity's financial performance.

Mandatory

17AF(1)(b)

Appendix A | Agency resource statement
Appendix B | Expenses by outcome

A table summarising the total resources and total payments of the entity.

Mandatory

17AF(2)

NA

If there may be significant changes in the financial results during or after the previous or current reporting period, information on those changes, including: the cause of any operating loss of the entity; how the entity has responded to the loss and the actions that have been taken in relation to the loss; and any matter or circumstances that it can reasonably be anticipated will have a significant impact on the entity's future operation or financial results.

If applicable, Mandatory.

17AD(d) Management and accountability
  Corporate governance

17AG(2)(a)

Chapter 4 | Management and accountability
Fraud control and prevention

Information on compliance with section 10 (fraud systems)

Mandatory

17AG(2)(b)(i)

Letter of transmittal

A certification by accountable authority that fraud risk assessments and fraud control plans have been prepared.

Mandatory

17AG(2)(b)(ii)

Letter of transmittal

A certification by accountable authority that appropriate mechanisms for preventing, detecting incidents of, investigating or otherwise dealing with, and recording or reporting fraud that meet the specific needs of the entity are in place.

Mandatory

17AG(2)(b)(iii)

Letter of transmittal

A certification by accountable authority that all reasonable measures have been taken to deal appropriately with fraud relating to the entity.

Mandatory

17AG(2)(c)

Chapter 4 | Management and accountability
Principles, objectives, structures and processes

An outline of structures and processes in place for the entity to implement principles and objectives of corporate governance.

Mandatory

17AG(2)(d) – (e)

NA

A statement of significant issues reported to Minister under paragraph 19(1)(e) of the Act that relates to noncompliance with Finance law and action taken to remedy noncompliance.

If applicable, Mandatory

  External scrutiny

17AG(3)

Chapter 4 | Management and accountability
External scrutiny

Information on the most significant developments in external scrutiny and the entity's response to the scrutiny.

Mandatory

17AG(3)(a)

NA

Information on judicial decisions and decisions of administrative tribunals and by the Australian Information Commissioner that may have a significant effect on the operations of the entity.

If applicable, Mandatory

17AG(3)(b)

NA

Information on any reports on operations of the entity by the Auditor-General (other than report under section 43 of the Act), a Parliamentary Committee, or the Commonwealth Ombudsman.

If applicable, Mandatory

17AG(3)(c)

NA

Information on any capability reviews on the entity that were released during the period.

If applicable, Mandatory

  Management of human resources

17AG(4)(a)

Chapter 4 | Management and accountability
Human resource management

An assessment of the entity's effectiveness in managing and developing employees to achieve entity objectives.

Mandatory

17AG(4)(b)

Appendix C | Workforce statistics

Statistics on the entity's APS employees on an ongoing and nonongoing basis; including the following:

  • Statistics on staffing classification level
  • Statistics on fulltime employees
  • Statistics on parttime employees
  • Statistics on gender
  • Statistics on staff location
  • Statistics on employees who identify as Indigenous.

Mandatory

17AG(4)(c)

Appendix D | ASD's salary classification structure

Information on any enterprise agreements, individual flexibility arrangements, Australian workplace agreements, common law contracts and determinations under subsection 24(1) of the Public Service Act 1999.

Mandatory

17AG(4)(c)(i)

Appendix D | ASD's salary classification structure

Information on the number of SES and non-SES employees covered by agreements etc identified in paragraph 17AG(4)(c).

Mandatory

17AG(4)(c)(ii)

Appendix D | ASD's salary classification structure

The salary ranges available for APS employees by classification level.

Mandatory

17AG(4)(c)(iii)

Appendix D | ASD's salary classification structure

A description of nonsalary benefits provided to employees.

Mandatory

17AG(4)(d)(i)

Appendix D | ASD's salary classification structure

Information on the number of employees at each classification level who received performance pay.

If applicable, Mandatory

17AG(4)(d)(ii)

Appendix D | ASD's salary classification structure

Information on aggregate amounts of performance pay at each classification level.

If applicable, Mandatory

17AG(4)(d)(iii)

Appendix D | ASD's salary classification structure

Information on the average amount of performance payment, and range of such payments, at each classification level.

If applicable, Mandatory

17AG(4)(d)(iv)

Appendix D | ASD's salary classification structure

Information on aggregate amount of performance payments.

If applicable, Mandatory

 

Asset management

17AG(5)

Asset management

An assessment of effectiveness of assets management where asset management is a significant part of the entity's activities.

If applicable, mandatory

 

Purchasing

17AG(6)

Chapter 4 | Management and accountability
Property and procurement

An assessment of entity performance against the Commonwealth Procurement Rules.

Mandatory

 

Consultants

17AG(7)(a)

Chapter 4 | Management and accountability
Property and procurement
Consultants

A summary statement detailing the number of new contracts engaging consultants entered into during the period; the total actual expenditure on all new consultancy contracts entered into during the period (inclusive of GST); the number of ongoing consultancy contracts that were entered into during a previous reporting period; and the total actual expenditure in the reporting year on the ongoing consultancy contracts (inclusive of GST).

Mandatory

17AG(7)(b)

Chapter 4 | Management and accountability
Property and procurement
Consultants

A statement that “During [reporting period], [specified number] new consultancy contracts were entered into involving total actual expenditure of $[specified million]. In addition, [specified number] ongoing consultancy contracts were active during the period, involving total actual expenditure of $[specified million]”.

Mandatory

17AG(7)(c)

Chapter 4 | Management and accountability
Property and procurement
Consultants

A summary of the policies and procedures for selecting and engaging consultants and the main categories of purposes for which consultants were selected and engaged.

Mandatory

17AG(7)(d)

Chapter 4 | Management and accountability
Property and procurement
Consultants

A statement that “Annual reports contain information about actual expenditure on contracts for consultancies. Information on the value of contracts and consultancies is available on the AusTender website.

Mandatory

 

National Audit Office Access Clauses

17AG(8)

NA

If an entity entered into a contract with a value of more than $100 000 (inclusive of GST) and the contract did not provide the AuditorGeneral with access to the contractor's premises, the report must include the name of the contractor, purpose and value of the contract, and the reason why a clause allowing access was not included in the contract.

If applicable, Mandatory

 

Exempt contracts

17AG(9)

Chapter 4 | Management and accountability
Property and procurement
Exempt contracts

If an entity entered into a contract or there is a standing offer with a value greater than $10 000 (inclusive of GST) which has been exempted from being published in AusTender because it would disclose exempt matters under the FOI Act, the annual report must include a statement that the contract or standing offer has been exempted, and the value of the contract or standing offer, to the extent that doing so does not disclose the exempt matters.

If applicable, Mandatory

 

Small business

17AG(10)(a)

Chapter 4 | Management and accountability
Property and procurement
Small business

A statement that “[Name of entity] supports small business participation in the Commonwealth Government procurement market. Small and Medium Enterprises (SME) and Small Enterprise participation statistics are available on the Department of Finance's website.”

Mandatory

17AG(10)(b)

Chapter 4 | Management and accountability

Property and procurement

Small business

An outline of the ways in which the procurement practices of the entity support small and medium enterprises.

Mandatory

17AG(10)(c)

Chapter 4 | Management and accountability
Property and procurement
Small business

If the entity is considered by the Department administered by the Finance Minister as material in nature—a statement that “[Name of entity] recognises the importance of ensuring that small businesses are paid on time. The results of the Survey of Australian Government Payments to Small Business are available on the Treasury's website.”

If applicable, Mandatory

 

Financial Statements

17AD(e)

Chapter 5 | Financial statements

Inclusion of the annual financial statements in accordance with subsection 43(4) of the Act.

Mandatory

17AD(f)

Other mandatory information

17AH(1)(a)(i)

Chapter 4 | Management and accountability
Property and procurement
Advertising

If the entity conducted advertising campaigns, a statement that “During [reporting period], the [name of entity] conducted the following advertising campaigns: [name of advertising campaigns undertaken]. Further information on those advertising campaigns is available at [address of entity's website] and in the reports on Australian Government advertising prepared by the Department of Finance. Those reports are available on the Department of Finance's website.”

If applicable, Mandatory

17AH(1)(a)(ii)

Chapter 4 | Management and accountability
Property and procurement
Advertising

If the entity did not conduct advertising campaigns, a statement to that effect.

If applicable, Mandatory

17AH(1)(b)

Chapter 4 | Management and accountability
Property and procurement
Grants

A statement that “Information on grants awarded by [name of entity] during [reporting period] is available at [address of entity's website].”

If applicable, Mandatory

17AH(1)(c)

Chapter 4 | Management and accountability
Property and procurement
Disability reporting

Outline of mechanisms of disability reporting, including reference to website for further information.

Mandatory

17AH(1)(d)

Chapter 4 | Management and accountability
Property and procurement
​​Information Publication Scheme

Website reference to where the entity's Information Publication Scheme statement pursuant to Part II of FOI Act can be found.

Mandatory

17AH(1)(e)

NA

Correction of material errors in previous annual report

If applicable, mandatory

17AH(2)

NA

Information required by other legislation

Mandatory

 

Glossary of Abbreviations

Table 1: Glossary of abbreviations used in the 2018-19 ASD Annual Report

Term Meaning
ACSC Australian Cyber Security Centre
ADF Australian Defence Force
AEC Australian Electoral Commission
APCERT Asia-Pacific Computer Emergency Response Team
APS Australian Public Service
ASD Australian Signals Directorate
ASDARC Australian Signals Directorate Audit and Risk Committee
ASL Average Staffing Levels
ATSI Aboriginal and Torres Strait Islander
ATSI@ASD Aboriginal and Torres Strait Islander Network at ASD
ASD+ LGBTIQ+ Network at ASD
CALD Culturally and Linguistically Diverse
CPR Commonwealth Procurement Rules
C1 First National Cyber Crisis
DDGCC Deputy Director-General Corporate Capability
DG Director-General
DGASD Director-General Australian Signals Directorate
DTIC Data, Technology and Infrastructure Committee
EL Executive Level
EOFY End of Financial Year
EPC Enterprise Performance Committee
FoI Act Freedom of Information Act 1982
FTE Full-time Employee(s)
GST Goods and Services Tax
HR Human Resources
ICT Information and Communications Technology
IGIS Inspector-General of Intelligence and Security
ISA Intelligence Services Act 2001
IWD International Women's Day
JCSC Joint Cyber Security Centre
KMP Key Management Personnel
LGBTIQ Lesbian, Gay, Bisexual, Transgender, Intersex and Queer
MoG Machinery of Government
MRC Management Review Committee
NAIDOC National Aborigines and Islanders Day Observance Committee
NIC National Intelligence Community
PaCSON Pacific Cyber Security Operational Network
PDDG Principal Deputy Director-General
PFADS Performance Feedback Assessment and Development Scheme
PGPA Act Public Governance Accountability and Performance Act 2013
PID Act Public Interest Disclosure Act 2013
PJCIS Parliamentary Joint Committee on Intelligence and Security
PSPF Protective Security Policy Framework
RAP Reconciliation Action Plan
SES Senior Executive Service
SIGINT Signals Intelligence
SME Small and Medium Enterprises
STEM Science, Technology, Engineering, and Mathematics
WHS Act Work Health and Safety Act 2011
5G 5th Generation