ASD Annual Report 2018–19 | Australian Signals Directorate

Download ASD Annual Report 2018–19 (pdf, 4.69 MB)

Letter of transmittal

Senator Linda Reynolds

Minister for Defence

Parliament House

CANBERRA ACT 2600

Dear Minister

Australian Signals Directorate Annual Report 2018–19

In accordance with section 46 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), I am pleased to present to you the Australian Signals Directorate's (ASD) annual report for 2018–19. This report contains information required by the PGPA Rule 2014, except where some content has been aggregated or not included in accordance with ASD's s105D Determination.

As required by section 42A of the Intelligence Services Act 2001, I will provide you with a separate classified report of the activities of ASD during 2018–19.

As required by subsection 17AG(2) of the PGPA Rule, I certify that fraud and risk assessments and control plans have been prepared for ASD, that we have appropriate mechanisms in place for preventing, investigating, detecting and reporting incidents of fraud, and that all reasonable measures have been taken to deal appropriately with fraud.

Yours sincerely

Lieutenant-General John Frewen DSC, AM

Acting Director-General

Australian Signals Directorate

10 October 2019

Chapter 1 | Director-General ASD's overview

I am pleased to present the 2018–19 Australian Signals Directorate (ASD) Annual Report.

ASD defends Australia from global threats, and advances the national interest through the provision of foreign signals intelligence, cyber security and offensive cyber operations, as directed by Government.

ASD's foreign signals intelligence operations support a range of activities that protect the lives of Australians. These include providing support to Australian Defence Force operations across the globe, tracking the foreign communications of extremists who pose a threat to Australians and Australia's interests, and supporting the safe release of Australians who have been taken hostage overseas.

Against the backdrop of growth in use cases for technology in the daily lives of Australians, our cyber security functions have never been more important. Throughout 2018–19, Australia was targeted by a range of actors who conducted persistent cyber operations that posed significant threats to Australia's national security and economic prosperity. The most concerning activity was the deliberate targeting of private and public sector organisations for valuable intellectual property, the personal information of Australians, and Australian Government and Defence information.

Cybercrime continued to be a pervasive and endemic threat to Australia's economic and social prosperity throughout 2018–19. Cyber criminals follow the money — and Australia was an attractive target due to its wealth and widespread internet connectivity.

Throughout 2018–19, cyber criminals operated at scale, applying the principle of 'quantity over quality'. They targeted individuals and organisations by exploiting poor cyber-hygiene practices, including the use of default, simplistic or generic passwords. There were significant phishing campaigns, business email compromises, cryptocurrency mining, credential harvesting and the use of ransomware.

Throughout 2018–19, ASD's Australian Cyber Security Centre (ACSC) has remained focused on emerging cyber threats, including those to critical infrastructure, the Internet of Things, supply chain security, and cloud computing and online storage.

2018–19 has been a year of significant change for ASD, and a year of 'firsts'.

On 1 July 2018, ASD became a statutory agency within the Defence portfolio, as recommended by the 2017 Independent Intelligence Review. This marked the biggest change to ASD since its creation in the aftermath of the Second World War. Additionally, from 1 July 2018, the ACSC began operating as part of ASD, making ASD both an intelligence and a security agency, with its knowledge and expertise in each of these broad functions informing the other in the protection of Australia's national interests.

During 2018–19, ASD has taken deliberate steps to be more transparent about its role. The Director-General delivered a series of public speeches designed to bring ASD out of the shadows and provide Australians with a better sense of what we do and why we do it – and assure the public that we act legally and ethically in support of the Government's priorities.

As a new statutory agency, ASD has taken steps to establish appropriate governance and enterprise management frameworks. These frameworks will continue to mature and improve over coming years, and as they improve, so too will our ability to find the right balance between informing the Parliament and the Australian public of our performance, while necessarily keeping the details of our operations and capabilities classified. In the interim, the performance information in this 2018–19 Annual Report is weighted heavily in favour of our cyber security functions.

In 2018–19, ASD mirrored the majority of the Department of Defence's financial policies and processes through a shared services arrangement, which allowed ASD to establish an effective financial management framework across its first year of operation as an independent statutory entity. In the independent auditor's report, which can be found on page 2, the Australian National Audit Office has provided its opinion that ASD's 2018–19 financial statements fairly present the agency's financial position and financial performance, and are free from material misstatement. Further analysis of ASD's financial position is provided in the performance section of this report, and in the financial statements in Chapter 5 of this report.

As we look to the next reporting period, it is clear that ASD's operating environment will remain complex and challenging. We are mindful of major shifts in the strategic landscape, including security and stability across the Indo-Pacific. We face a rising threat to our national security, economic prosperity and social wellbeing from foreign interference, espionage and cybercrime. We are also mindful of the rapid change in the technology environment, which is critical for us to master in order to identify and disrupt threats, and protect Australian interests. ASD's workforce will remain the key to addressing these challenges – a group of talented, dedicated people with an extensive diversity of skills willing to meet these challenges in support of Australia's interests. I thank the men and women of ASD for their extraordinary efforts across a challenging year.

I also thank the inaugural Director-General of ASD, Mr Mike Burgess, who left ASD in September 2019 to commence as the Director-General of Security. His leadership, guidance and vision for ASD have been instrumental in setting the course for ASD's growth as a statutory agency over the course of the 2018–19 reporting period.

Lieutenant-General John Frewen DSC, AM

Acting Director-General

Australian Signals Directorate

Chapter 2 | Overview of ASD

Purpose

ASD's purpose is to defend Australia against global threats and advance our national interests through the provision of foreign signals intelligence, cyber security and offensive cyber operations, as directed by Government.

In order to do this, ASD masters technology and its application to inform (signals intelligence), protect (cyber security) and disrupt (offensive cyber operations).

ASD's strategic objectives are to:

Deliver strategic advantage for Australia by providing intelligence that protects and advances Australia's national interests.
Lead in cyber security, making Australia the safest place to connect online, and foster national cyber security resilience.
Support military operations, enabling the war fighter, and protecting Defence personnel and assets.
Counter cyber-enabled threats, protecting Australia and Australians by countering cyber-enabled crime and disrupting terrorists' use of the internet.
Provide trusted advice and expertise, delivering timely, quality advice to government, law enforcement, businesses and the community.

ASD is committed to fulfilling its purpose in accordance with the law. This is reflected in our values: to be meticulous in execution, always acting legally and ethically, and being accountable to the public, through Government, for everything we do. ASD recognises that its foreign signals intelligence capabilities are uniquely intrusive, and its offensive cyber operations even more so. This is why maintaining the trust of the Australian Government and the Australian public, by demonstrating that ASD operates legally and with propriety, is of the utmost importance to ASD.

ASD operates under the Intelligence Services Act 2001 (ISA), which specifies that ASD's functions are to:

collect foreign signals intelligence
communicate foreign signals intelligence
prevent and disrupt offshore cyber-enabled crime
provide cyber security advice and assistance to Australian governments, businesses and individuals
support military operations
protect the specialised tools ASD uses to fulfil its functions, and
cooperate with and assist the national security community's performance of its functions.

Organisational structure 2018–19

Figure 1: ASD organisational structure at 30 June 2019

Notes:

As at 30 June 2019
Mr Alastair MacGibbon left the role of Head Australian Cyber Security Centre in May 2019. LTGEN Frewen assumed responsibility for the centre in addition to his responsibilities as the Principal Deputy Director-General until the commencement of Ms Rachel Noble in July 2019.

Mike Burgess was ASD's Accountable Authority for the 2018–19 reporting period.

Chapter 3 | Report on performance

Annual performance statements

Introductory statement

Following ASD's establishment as a statutory agency in July 2018, ASD has committed to strengthening and, where required, building new enterprise-level governance and performance frameworks. This is an ongoing body of work, with ASD already implementing a new planning framework and establishing internal reporting mechanisms to oversee our performance against our objectives. ASD's ability to report on its performance will be limited by the classified nature of its work; however, the agency is committed in 2019–20 to improving its performance methodologies, with the aim of ensuring we have robust measures for determining our performance and providing as much detail as possible in the 2019–20 ASD Annual Report.

As Acting Director-General of the Australian Signals Directorate and the accountable authority of ASD, I present the 2018–19 annual performance statements for ASD, as required by paragraph 39(1) of the Public Governance, Performance and Accountablility Act 2013 (PGPA Act). In my opinion, the annual performance statement is based on properly maintained records, accurately reflects the performance of ASD in achieving its purpose and complies with section 39(2) of the PGPA Act.

Lieutenant-General John Frewen DSC, AM

Acting Director-General

Australian Signals Directorate

10 October 2019

ASD's performance

ASD's 2018–19 Corporate Plan focused on three core activities – foreign signals intelligence, cyber security and offensive cyber operations. Figure 2 sets out these activities, and the associated measure and benefit.

Figure 2: ASD's performance activities.

Performance

	1 FOREIGN SIGNALS INTELLIGENCE	2 CYBER SECURITY	3 OFFENSIVE CYBER OPERATIONS
ACTIVITY	Provide foreign signals intelligence.	Provide cyber security services.	Conduct offensive cyber operations.
MEASURE	Our intelligence informs strategic, operations and tactical decision making.	Our cyber security services prevent, deter and remediate cyber threats to Australia.	Our offensive cyber operations deliver real world impact, including providing advantage to military operations.
BENEFIT	Enhance Australia's prosperity and security by delivering strategic and tactical advantage.	Improve cyber security and resilience across Australia.	Distribute threats to Australia's national interests.

Target for activities

Our stakeholders value our unique and timely insights that enable their missions.

Source – ASD Corporate Plan 2018–19, addresses ASD Portfolio Budget Statements 2018–19.

Foreign signals intelligence – performance analysis

During 2018–19, ASD obtained and provided foreign signals intelligence to Government that met the Government's priorities and requirements. This intelligence helped to inform strategic, operational and tactical decision-making. In accordance with section 42A of the Intelligence Services Act 2001 (ISA), the Director-General of ASD has provided the Minister for Defence with a report of ASD's activities during the year.

During 2019–20, ASD will introduce new performance measures that will provide a performance baseline. In following years, ASD will enhance and evolve its performance measures and methodologies, developing a robust performance assessment process that effectively demonstrates the value of ASD's activities to the Australian Government. Due to the nature of ASD's work, some performance measures will continue to be reported through existing performance frameworks in classified channels.

Cyber security services – performance analysis

As of 1 July 2018, ASD's ACSC commenced delivering its new whole-of-economy functions, in line with an expanded remit to provide cyber security advice and assistance to Australian governments, business and critical infrastructure, as well as communities and individuals.

During 2018–19, ASD established a 24/7 cyber incident monitoring and response capability, delivering situational awareness, incident response, crisis management as well as providing cyber advice and assistance.

The ACSC's incident response capabilities span the full range of cyber incidents from national crises to incidents affecting individual members of the public. In order to manage the broad range of cyber incidents, the ACSC uses a Cyber Incident Categorisation Matrix (see Figure 3) to triage and prioritise the immediate defensive response to mitigate each cyber incident. This allows the ACSC to focus its resources more effectively, ensuring consistent messaging and an appropriate level of response measures are activated.

Figure 3: Cyber Incident Categorisation Matrix

Includes number of incidents between 1 July 2018 and 30 June 2019.

During 2018–19, the ACSC responded to 2164 incidents of varying significance, including Australia's first national cyber crisis (C1). The C1 incident saw the ACSC operate at a heightened state of activity to provide advice and assistance to Australia's major political parties and government agencies after they were targeted by a sophisticated state-sponsored actor; see Case study 1: Malicious intrusion into the Australian Parliament House computer network.

Of the other incidents reported to the ACSC, 40 per cent were for low-level malicious attacks, including targeted reconnaissance, phishing emails and non-sensitive data loss. Members of the public reported the highest number of incidents, making up approximately one quarter of all reports received.

Case study 1: Malicious intrusion into the Australian Parliament House computer network

In the first half of 2019, the ACSC investigated an incident on government networks that included the major political parties and the Australian Parliament House network. While the intrusion was widespread, it was caught early. The Department of Parliamentary Services had implemented security practices that helped to identify and restrict the extent of the compromise, minimising the potential impact.

Following the Prime Minister's announcement of this incident in February 2019, the ACSC collaborated with state and territory counterparts to activate the Cyber Incident Management Arrangements, the national coordination framework between Australian, state and territory governments to rapidly share threat intelligence, as well as techniques, tactics and procedures used by the actor.

The ACSC released an advisory that explained the malicious activity, together with a custom-built software tool that enabled customers – such as Australian, state and territory government agencies and critical infrastructure providers – to scan their networks to identify any potential similar indicators of compromise.

Our collaboration on this matter extended to our Five-Eyes intelligence partners. It is our long-standing practice to share intelligence as it relates to national security, and the assistance provided by our partners was integral to our understanding of this incident.

The ACSC worked actively with public and private sector organisations to strengthen cyber security arrangements and build resilience. Key activities included:

amplifying the ACSC's National Exercise Program, which supported 25 cyber security exercises across government and the energy, banking and finance, telecommunications, transport, water, health and resource sectors
commencing an Energy Sector Cyber Security Readiness and Resilience Program, which supported the vision outlined in the Independent Review into the Future Security of the National Electricity Market: Blueprint for the Future (Commonwealth of Australia, 2017), for a National Electricity Market that has a strong cyber security posture
expanding the Joint Cyber Security Centre (JCSC) Program by opening new centres in Perth and Adelaide. The centres provide a tangible interface between industry and government on cyber security issues. The JCSCs are also the ACSC's primary mechanism for regular engagement with state and territory governments and, increasingly, local governments
initiating a Whole of Government Cyber Uplift for Federal Government Systems for government agencies (see Case study 2: Whole of Government Cyber Uplift for Federal Government Systems)
providing cyber security support to the Australian Electoral Commission (see Case study 3: Support to the Australian Electoral Commission).

Case study 2: Whole of Government Cyber Uplift for Federal Government systems

The cyber campaign against departments, agencies and political parties, reported in late 2018 (see Case study 1: Malicious intrusion into the Australian Parliament House computer network), demonstrated hostile actors' capacity and intent to identify and exploit vulnerabilities in the Australian Government's internet-facing networks.

In response, the ACSC initiated a program to provide strategic technical assistance to Australian government agencies to support an increase – or 'uplift' – to their cyber security posture and implementation.

As part of this service, the ACSC launched the Essential Eight+Sprint Program in April 2019 to help 25 government organisations improve their Essential Eight maturity and overall cyber security posture.

ASD's Essential Eight Strategies to Mitigate Cyber Security Incidents is a list of proven mitigation strategies designed to assist organisations in prioritising those measures which will provide the strongest and most effective baseline to protect their systems against current cyber threats.

During 2018-19, the ACSC updated ASD's Essential Eight Strategies to Mitigate Cyber Security Incidents Maturity Model to reflect improved knowledge obtained through the sprint engagement with Australian government agencies, and hosted the inaugural Chief Information Officer and Chief Information Security Officer forum. This forum has now established a community of like-minded cyber specialists across the Australian government, who remain focused and energised on improving cyber security.

In addition to the Whole of Government Cyber Uplift for Federal Government Systems, the ACSC continued to provide strategic technical assistance to improve the cyber hygiene of agencies within local, state and Commonwealth agencies, as well as academic institutions. Across these sectors, the ACSC provided recommendations for improvements to cyber security, through tailored advice and targeted interventions, to effect change with speed, scale and impact.

Case study 3: Support to the Australian Electoral Commission (AEC)

In support of Australia's whole-of-government approach to securing the 2019 Federal Election from interference, the ACSC, along with the AEC, Department of Finance, Department of Home Affairs, Department of the Prime Minister and Cabinet, Department of Communication and the Arts, the Attorney-General's Department, Australian Federal Police and the National Intelligence Community worked together as the Electoral Integrity Assurance Taskforce (the Taskforce). The ACSC provided physical resourcing by facilitating collocation of Taskforce members.

The Taskforce provided a valuable platform for sharing information on issues such as possible foreign interference, undisclosed foreign influence activities and cyber threats. The ACSC was focused on providing cyber security advice and assistance to the AEC, and supporting the AEC's efforts to increase their resilience to cyber security threats. The ACSC also provided 24-hour monitoring of the AEC network for malicious activity until June 2019, with ongoing monitoring support until the return of writs. The ACSC did not identify any cyber incidents that undermined the integrity of the election.

The ACSC also launched a Critical Infrastructure Lab to raise awareness of the security issues in critical infrastructure and research best practice in system configuration. The Lab currently comprises tabletop exercise and learning components, as well as a small-scale functioning system emulating that used by Australian Critical Infrastructure providers (see Figure 4). Extensions to this lab are planned to increase research efforts on security issues around smart cities and emerging technologies.

Figure 4: Defending a mini-village run by Industrial Control Systems

During 2018–19, the ACSC used a variety of means to provide accurate and timely cyber security advice to Australians.

The ACSC produced:

sixty PROTECT publications on cyber.gov.au for public consumption, including appropriate updates to several existing publications
the inaugural unclassified Sector Snapshot, which focused on the energy sector and was designed to inform decisions about investment and allocation of internal resources by executives and cyber security professionals
a Practitioners Guide and an Executive Companion used to inform organisations about key cyber security issues related to cyber supply chain management
updates to the Essential Eight Maturity Model
six Australian Communications Security Instructions to Australian government agencies and associated contractors tasked with the control, handling and maintenance of cryptographic products used to protect classified government information
a new version of the Information Security Manual which provides significant updates to its risk management framework
seven Information Security product certifications under the Australasian Information Security Evaluation Program.

In August 2018, the first phase of the ACSC's new digital platform — cyber.gov.au — was launched. This represented the first step in consolidating a number of Government cyber security websites and services, to simplify how Australians access government cyber security advice and assistance, and report issues such as security and cybercrime incidents. In April 2019, an improved version of cyber.gov.au was released, presenting content in a much more user-friendly manner. On final release, cyber.gov.au will provide all Australians, from individuals to businesses, a single place to report cybercrime and find advice on cyber security practices.

From 8–14 October 2018, the ACSC ran its annual Stay Smart Online national awareness-raising week to promote safe cyber practices. The aim of the campaign was to create a nationally-recognised movement that disrupts complacency on cyber security and motivates Australians to apply simple 'cyber sense' to everyday engagements online. The 2018 Stay Smart Online Week generated major media coverage and content was shared by Stay Smart Online partners to reach over 2.6 million Australians, achieve 15 million news media impressions and drive a 50 per cent increase in visitors to the Stay Smart Online website.

The ACSC collaborated with industry and government stakeholders on cyber security matters, including:

working with the Australian Energy Market Operator to develop the Australian Energy Sector Cyber Security Framework
providing cyber security advice in support of the foreign investment applications and licence condition reviews, primarily associated with systems of national significance
contributing expertise to the Department of Home Affairs' critical infrastructure protection policies.

Throughout 2018–19, the ACSC helped inform policy makers of the key trends and continuously evolving and sophisticated nature of the threat environment, including by:

establishing a Commonwealth Chief Information Security Officer Forum, where senior government officials with responsibility for cyber security are able to leverage the collective knowledge and experience of members to improve cyber resilience
supporting major government policy initiatives to publicly attribute malicious cyber activity
producing upwards of 50 classified intelligence assessments, covering the actions of state and non-state actors, global cyber policy developments of relevance to Australia, and the challenges posed by new cyber technologies. The ACSC also provided input on the cyber threat to other intelligence products across government agencies, including supporting the Office of National Intelligence and Defence Intelligence Organisation.

Case study 4: 5G policy

5^th Generation (5G) is an evolution of wireless telecommunications. It requires network architecture with significantly different characteristics to previous mobile generations. The unique nature of 5G has fundamental implications for the security of critical infrastructure over the decades ahead because it is a much more powerful and pervasive technology. This change means that traditional cyber security controls will not be as effective.

In consultation with operators and vendors, ASD worked to see if there were ways to protect Australia's 5G networks if high-risk vendor equipment was present anywhere in these networks. The review concluded that persistent and legitimate access to 5G networks by high-risk vendors – who are likely to be subject to extrajudicial directions from a foreign government that conflict with Australian law – no matter how tightly controlled, will provide hostile intelligence services with an enduring presence in the network. This could be leveraged to undermine the confidentiality, integrity and availability of our networks.

Partnerships and engagements

Cyber security threats and incidents often traverse international borders and there is a growing mutual reliance on maintaining strong international relationships to address these threats. The ACSC has strong international relationships with cyber security counterparts around the world in order to share information, mitigate incidents and enhance Australia's cyber security resilience. In addition, the ACSC leads numerous international engagement and capacity-building activities in our region, to build our collective regional resilience to cyber security threats and, ultimately, further Australia's national cyber security objectives. During 2018–19 these included the following:

The Asia-Pacific Computer Emergency Response Team (APCERT) is a community of Computer Emergency Response Teams and Computer Security Incident Response Teams dedicated to encouraging and supporting cyber security cooperation in the Asia-Pacific region. APCERT has an operational focus with objectives to help create a safe and reliable cyberspace in the Asia-Pacific through global collaboration. The APCERT community continues to collectively detect, prevent and mitigate malicious cyber activity through the sharing of threat information, working-group activities, training and drills. In 2018, the ACSC was re-elected Chair of the APCERT Steering Committee for a fourth and final term. With fellow Steering Committee Members, the ACSC is leading changes to encourage closer cyber security cooperation across the region to reduce cyber threats and strengthen Australia's cyber security resilience.
The Pacific Cyber Security Operational Network (PaCSON) is designed to facilitate cooperation and collaboration across the Pacific to strengthen the region's cyber security posture. PaCSON provides a working-level network of cyber security incident response professionals in the Pacific — its members are the people responsible for their respective governments' responses to cyber security incidents. In 2019, the ACSC facilitated the second annual face-to-face meeting of PaCSON members – in Nuku'alofa, Tonga, from 29 April to 3 May 2019 – which included a cyber security information exchange, an annual general meeting and a series of technical and strategic workshops.

Offensive cyber operations – performance analysis

ASD's offensive cyber capability protects Australians and Australia's national interests through a broad range of offshore activities designed to disrupt, degrade or deny our adversaries. Specifically we:

deter and respond to malicious cyber intrusions and attacks
support the Australian Defence Force (ADF) and coalition partners to conduct military campaigns in the Middle East and degrade Daesh propaganda networks
disrupt, degrade, deny and deter organised offshore cyber criminals.

On 27 March 2019, Director-General ASD gave a public speech that, for the first time, disclosed operational details of ASD's offensive cyber capability. This disclosure was a significant event that highlights ASD's commitment to increasing transparency around our activities, legal authorities and ethical responsibility. The Director-General's remarks also served to increase public awareness of ASD, including to assist with ASD's recruitment efforts to build a specialist workforce.

The Director-General shared various case studies highlighting ASD's real-world impact, using ASD's computer network attack and covert online operation capabilities. The first example highlighted how an ASD offensive cyber operation, conducted in support of the ADF, planned and executed under direction of the ADF's Chief of Joint Operations, helped degrade Daesh communications on the battlefield in order to disrupt their ability to launch attacks. The second example highlighted how an ASD covert online operator developed a false online identity to build rapport with an extremist. Through effective analyst tradecraft techniques, ASD successfully persuaded him not to become a foreign fighter in an overseas terrorist organisation, preventing harm to himself and others.

Report on financial performance

In 2018–19, ASD mirrored the majority of the Department of Defence's policies and processes through a shared services arrangement, which allowed ASD to immediately establish an effective financial management framework during its first year as an independent statutory agency.

Restructuring arrangements provided ASD with assets or liabilities from the following entities:

the Department of Defence
the Attorney-General's Department
the Department of the Prime Minister and Cabinet
the Digital Transformation Agency.

ASD received $286.5 million in assets through this restructuring, and accepted $65.3 million in liabilities.

In 2018–19, the Government provided ASD with $743.5 million in appropriation funding for ordinary annual services and a further $125.0 million for capital investment. Included in its appropriation was $95.2 million in new funding, provided to enhance ASD's capabilities in areas of high priority to the Government. In addition, ASD received $11.5 million to compensate for unfavourable movements in foreign exchange and $4.5 million in cost recovery revenue from other government entities, primarily for the provision of TOP SECRET ICT services.

ASD's financial statements show a deficit attributable to the Australian Government of $31.3 million. When adjusted for depreciation, which is an unfunded Government-approved expense, ASD's result from operations in 2018–19 is a surplus of $28.7 million (3.7 per cent of revenue).

Throughout 2018–19, ASD's management has worked in partnership with the Department of Defence and the Department of Finance to resolve a range of issues created by ASD's change in status to an independent statutory agency. While many issues have been resolved, some budget and financial management practices continue to be agreed, including through the shared service arrangements between ASD and the Department of Defence.

ASD's financial statements are provided in Chapter 5 of this report, and a table summarising ASD's total resources and total payments is provided at Appendix B.

The nature of ASD's activities require it to continuously invest in talented people and new technology to ensure its capabilities remain contemporary and relevant to its purpose. Breakthrough technologies, and rapid advancements in existing technologies, are likely to place pressure on ASD's financial position across the forward estimates. ASD will continue to identify and implement efficiencies, and rigorously prioritise activities, to ensure it delivers optimal outcomes while operating within future budget allocations.

Chapter 4 | Management and accountability

Corporate governance

Principles, objectives, structures and processes

As a statutory agency in the Defence portfolio, ASD reports directly to the Minister for Defence. It operates under the Intelligence Services Act 2001 (ISA) )and Public Governance, Performance and Accountability Act 2013 (PGPA Act). All of ASD's activities are subject to oversight from the Inspector-General of Intelligence and Security (IGIS). The Parliamentary Joint Committee on Intelligence and Security (PJCIS) provides further oversight of ASD's administration, expenditure, enabling legislation, and any matters referred by the Australian Senate, House of Representatives, or a Minister of the Australian Government. ASD also appears before the Senate Standing Committee on Foreign Affairs, Defence and Trade during estimates.

Corporate Plan

In August 2018, ASD published its first Corporate Plan, covering 2018–19 to 2021–22 and reflecting a strong focus on the key deliverables of the ASD transition to a statutory agency. It also highlighted significant challenges in the ASD operating environment, in particular the importance of recruiting and retaining specialist staff and ensuring that we can meet, and exceed, our stakeholders' expectations. ASD's second Corporate Plan was published on 28 August 2019 and outlines the ongoing work of the organisation to strengthen its reporting and performance framework, optimise its governance mechanisms, and define new performance measures to provide a baseline for ASD's performance against its purpose.

ASD Governance Framework

Under the Public Governance, Performance and Accountability Act 2013, the Director-General ASD is the Accountable Authority for ASD. The ASD Executive Committee is the primary support to the Director-General ASD in the governance and management of ASD. In line with the Commonwealth Risk Management Policy 2014, the initial ASD Governance Framework has six committees overseeing the management of risk across five domains (see Figure 5). These committees assist the Director-General ASD in ensuring ASD is meeting the highest standards of governance, performance and accountability.

Figure 5: ASD Governance Framework

* According to Public Governance, Performance and Accountability Act 2013 requirements, the Audit and Risk Committee will report to the Director-General as ASD's accountable authority.

Executive Committee

ASD's Executive Committee is the primary decision-making committee within ASD and is chaired by the Director-General ASD. The Executive Committee meets fortnightly and its objectives include, but are not limited to: providing advice to the Director-General ASD; setting the strategic direction for ASD, and providing oversight of all ASD activities. The Executive Committee assists the Director-General ASD in ensuring ASD meets the highest standards of governance, performance, and accountability, with the Director-General ASD having ultimate decision-making authority on all issues.

Management Review Committee

ASD's Management Review Committee (MRC) is the key body for managing staff wellbeing and personnel security risks for the agency. Where required, the MRC considers potential issues of concern related to employee organisational suitability in a manner which balances intelligence-related equities and appropriate personnel management. The MRC does not consider issues related to the security clearance process, broader employment conditions, Code of Conduct, other administrative investigations or performance management activities.

Audit and Risk Committee

The ASD Audit and Risk Committee (ASDARC) was established in accordance with section 45 of the Public Governance, Performance and Accountability Act 2013. The ASDARC is an integral part of improving ASD's enterprise-level risk management and provides independent advice on risk management directly to the Director-General ASD. ASDARC's responsibilities are to monitor, review, and, where appropriate, make recommendations to the Director-General ASD with respect to: financial reporting; performance reporting; the system of risk oversight, including fraud risk and prevention; system of internal control; and internal and external audit. The ASDARC comprises three external members and two internal members to advise ASD on risk and governance issues. This committee has met four times over the last financial year.

Enterprise Performance Committee

ASD's Enterprise Performance Committee (EPC) is responsible for providing advice to the Executive Committee on any significant matter related to enterprise performance and plays a key role fulfilling ASD's responsibilities in accordance with the Performance and Accountability Act 2013. The EPC's objectives include, but are not limited to: reviewing enterprise performance and risks, discussing performance gaps, and overseeing relationships with key customers. The EPC is chaired by the Principal Deputy Director-General ASD and meets three times per year.

Data, Technology and Infrastructure Committee

ASD's Data, Technology and Infrastructure Committee (DTIC) provides advice to the Executive Committee on significant matters related to data, technology and infrastructure, and plays a key role in ensuring that any such investment is effectively administered to achieve ASD's strategic objectives. The committee's objectives include, but are not limited to: reviewing and endorsing prioritisation of gaps, monitoring outcomes in relation to relevant strategies, and monitoring resource allocation across the data, technology and infrastructure spheres. The DTIC is chaired by the Deputy Director-General Corporate and Capability and meets at least quarterly.

People Committee

ASD's People Committee provides oversight for matters relating to the technical and operational people capability required to ensure ASD achieves its strategic objectives and commitment to Government, and advises the Executive Committee on any significant matter related to enterprise-level human resources. The committee's objectives include, but are not limited to: employment conditions, conduct, values and behaviours frameworks, and diversity and inclusion. The People Committee is chaired by the Deputy Director-General Corporate and Capability and meets on a quarterly basis.

Finance Committee

ASD's Finance Committee considers, monitors and advises the Executive Committee on any significant matter related to ASD's budget and estate, plays a key role in optimising the financial effectiveness and efficiency of ASD, and establishes and maintains best-practice financial management and compliance. The committee's objectives include, but are not limited to: ASD's financial statements, shared service liaison, and compliance with relevant legislation. The committee is chaired by the Deputy Director-General Corporate and Capability and meets on a quarterly basis.

Ethical framework

ASD's ethical framework is aligned to the legislation that governs ASD business and activities, and is embedded in our organisational values.

ASD staff are committed to upholding our organisational values (see Figure 6), which are an integral aspect of ASD's culture and are reflected in our Code of Conduct.

Figure 6: ASD Values

ASD is also subject to the Public Interest Disclosure Act 2013 (PID Act), which facilitates disclosure and investigation of wrongdoing and maladministration in the Commonwealth public sector. ASD-authorised officers are appointed by Director-General ASD to fulfil the purposes and direction of the Act.

Fraud control and prevention

ASD does not tolerate fraudulent behaviour and treats both suspected and actual fraud seriously. ASD takes a risk-based approach to fraud and uses the philosophy of 'educate, trust and verify' to balance effective oversight with the need to deliver across the full spectrum of is operations. This means that ASD takes all reasonable measures to inform ASD staff members of the rules and their responsibilities to prevent fraud, trusts them to get on with the job and uphold those requirements, and also implements verification mechanisms to ensure any unauthorised behaviour is detected and investigated swiftly.

Fraud risks are present across all functions and processes. Identifying, analysing and mitigating fraud risk is considered an integral part of managing ASD's overall business. ASD takes all reasonable measures to prevent, detect and deal with fraud. In 2019, ASD undertook a fraud risk assessment and developed a control plan to ensure that fraud risks are adequately mitigated, monitored, reported and controlled. The endorsed fraud control plan will be promoted throughout ASD in late 2019.

ASD employees must complete annual mandatory training on fraud awareness. Fraud awareness and risks are routinely identified through workshops with key stakeholders and educational awareness messaging. ASD staff members can also make disclosures of suspected wrongdoing through the Public Interest Disclosure Scheme or to the Inspector-General of Intelligence and Security.

Risk management

ASD is embedding risk-management principles to support timely decision-making and reporting, prioritisation of resources, increased compliance and efficiency, and continual improvement in operations.

ASD has established systems of internal control and risk oversight to ensure it is efficiently and effectively managing its resources. The ASDARC is an important aspect of improving ASD's enterprise-level risk management.

ASD is shaping a culture that encourages risk reporting, risk-based decision-making, accountability and oversight. The ASD Executive have identified nine key enterprise risks which will inform a refresh of the existing Enterprise Risk Management Plan. This work is expected to be completed in early 2020.

External scrutiny

Parliamentary Joint Committee on Intelligence and Security

Section 28 of the Intelligence Services Act 2001 establishes the Parliamentary Joint Committee on Intelligence and Security, and section 29 gives the committee the function to review ASD's administration and expenditure.

ASD appeared before the committee on 16 August 2018 in relation to the committee's 2016–17 review into ASD's administration and expenditure. In April 2019, ASD responded to Questions on Notice from the committee in relation to its 2017–18 report into ASD's administration and expenditure. A hearing was not conducted for this review during 2018–19.

ASD appeared before the committee, on 19 October 2018 and 26 November 2018, as part of the committee's inquiry into the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018.

Senate Standing Committee on Foreign Affairs, Defence and Trade

ASD appears before the Senate Standing Committee on Foreign Affairs, Defence and Trade as a statutory agency within the Defence portfolio. ASD testified before the committee on 25 October 2018, 20 February 2019, 5 April 2019 and 10 April 2019. Records of ASD's evidence to the committee can be found in the Estimates' Hansards.

Inspector-General of Intelligence and Security

The Inspector-General of Intelligence and Security (IGIS) is an independent Statutory Officer who reviews the activities of the National Intelligence Community, including the activities of ASD. IGIS undertakes independent checks across ASD's operational activities, investigates complaints received by her office, and reports ASD's compliance performance in her annual report.

During 2018–2019, IGIS undertook a regular inspection program of activities across ASD's operational functions, which included visits to ASD facilities, meetings with ASD staff and audit of ASD documentation.

ASD works closely with IGIS to provide information about ASD's activities, particularly where questions of legal compliance or propriety might arise. During 2018–19, this included providing technical briefings and operational updates, support for two IGIS-initiated projects, and details about legal advice provided to ASD.

During 2018–19, ASD reported three confirmed breaches of legislation and two potential breaches of legislation to IGIS.

During 2017–18, IGIS initiated two formal inquiries into ASD activities that continued throughout 2018–19. Both were concluded in the first half of 2019. ASD is implementing the recommendations made in those inquiries.

Briefings to the Leader of the Opposition

Section 27D of the Intelligence Services Act 2001 requires the Director-General ASD to consult regularly with the Leader of the Opposition in the House of Representatives for the purposes of keeping him or her informed on matters relating to ASD. During 2018–19, the Director-General ASD met with the Leader of the Opposition for this purpose.

People capability

Human resource management

As a statutory agency, ASD operates under the Intelligence Services Act 2001 in relation to employment of staff. ASD has the flexibility to set the overall size and composition of the agency, while operating within its budget, which provides flexibility to recognise the skills of its specialised workforce.

ASD operates in close proximity to many public service agencies. The Intelligence Services Act 2001 states that ASD must adopt the principles of the Public Service Act 1999 in relation to employees of ASD to the extent to which the Director-General ASD considers they are consistent with the effective performance of the functions of the agency. Mobility across the public sector is recognised as an important tool to bring critical talent into ASD and, therefore, prior service in the public service will continue to be recognised by ASD.

On 1 July 2018, some staff from the Attorney-General's Department, the Digital Transformation Agency and the Department of the Prime Minister and Cabinet moved into ASD as part of the Machinery of Government (MoG) change.

During 2018–19, ASD continued to utilise a shared service arrangement with the Department of Defence to supplement the provision of human resource (HR) functions alongside its small internal People, Learning and Development Branch.

In January 2019, ASD initiated a review of its HR, learning and development operating model and strategies, to identify the key activities, resources and capabilities that ASD requires to deliver a sufficient and sustainable function, linked to Defence shared services and capable of meeting the priorities of ASD in the next one, two and five-year periods.

Year one has focused on establishing ASD's people vision, shaping key strategies and addressing any key barriers. In year two, we will strengthen the role of HR and its contribution to organisational objectives. During years three to five, HR will mature to deliver strategic value to the business. ASD will continue to grow its HR function to deliver these outcomes.

Recruitment

At the end of the 2018–19 financial year, ASD employed 1775 full-time equivalent staff. Our separation rate was 8.3 per cent in 2018–19.

The attraction of high-quality and specialised candidates to meet ASD's mission requirements is one of ASD's highest priorities. At the same time, it presents one of the greatest challenges due to the highly competitive external market for specialised skills (particularly within the technical sphere) and the need for candidates to meet stringent security clearance requirements.

ASD's aim for the future is to implement strategies and policy which will provide agility to recruit successfully at scale, and ensure candidate care is actively managed during the security clearance process.

ASD has continued to shape and refine our selection approach for assessing candidates to ensure the capability requirements of the Directorate are met. This includes utilising bulk recruitment processes, online assessments – including information technology technical tests and cognitive assessments – and streamlined processes.

Entry-level programs

ASD engaged in the whole-of-government Emerging Talent Programs through the Digital Apprentice and Digital Cadet Programs. The Digital Apprentice program offers school leavers, or candidates wanting a career change, full-time employment while studying in a digital field. The Digital Cadet program offers current undergraduates or postgraduates part-time work while they complete their studies. During 2018–19, 14 Emerging Talent candidates joined ASD: 11 Cadets (technology) and 3 Apprentices (technology).

ASD participates in the Defence Graduate Program (Defence Policy and Intelligence Pathway). The Defence Graduate Program allows graduates across all degree disciplines, including languages, technical, cyber security, ICT, science technology engineering and mathematics (STEM), political science, and international relations to apply for permanent employment within ASD. During 2018–19, 52 graduates joined ASD across three streams: 10 Technology, 4 Corporate and 38 Analysts.

Learning and development

ASD designs and delivers bespoke training to support ASD's mission, and facilitates access to external development opportunities for ASD staff.

During 2018–19, our tailored training reached over 2800 staff and focused on intelligence skillsets and skill applications unique to the classified environment. Training and learning requirements are reviewed and evaluated regularly to ensure ASD's workforce is suitably skilled to meet current and future operational challenges. ASD's People, Learning and Development Branch has also worked closely with the National Intelligence Community on the development of community training.

Diversity and inclusion

ASD is committed to a respectful and inclusive workplace where it is safe for our people to bring their whole selves to work. Our strength, resilience, and creativity derive from our different ages, backgrounds, caring responsibilities, cultures, neurodiversity, physical abilities, religions and sexualities.

ASD has developed a Diversity and Inclusion Strategy that provides enterprise-level guidance to drive cultural change, achieve workforce capability requirements and align diversity and inclusion activities with strategic and corporate plans. ASD has an overarching senior leader (SES) champion for diversity and inclusion, as well as SES champions for each of its employee networks. These SES champions meet regularly through the Diversity and Inclusion Working Group to discuss matters of diversity and inclusion of importance to staff.

The staff-initiated and led diversity networks – which form an essential part of creating a diverse and inclusive culture where all staff feel valued, respected, included and safe – include:

Women's Leadership Council (Gender Equity)
ATSI@ASD (Aboriginal and Torres Strait Islander Network)
Disability for future development
ASD+ (LGBTIQ+ network)
CALD (culturally and linguistically diverse) for future development
Neurodiversity for future development.

ASD is a member of the Diversity Council of Australia and Pride in Diversity. ASD employees use the tools and services provided by these networks to help guide best practice initiatives and actions in workplace diversity and inclusion. ASD also participated in the Australian Workplace Equality Index submission for the first time in 2019 – which benchmarks LGBTIQ workplace inclusion – and achieved a 'Participating' level, which demonstrated ASD's commitment to LGBTIQ inclusion and activity in this area.

In 2018–19 ASD undertook a range of diversity and inclusion initiatives, including:

Diversity and Inclusion focused employee networks regularly held events supporting days of commemoration and celebration. ASD raised money and awareness for LGBTIQ causes while celebrating Wear it Purple and the International Day Against Homophobia, Biphobia and Transphobia.
ASD celebrated International Women's Day (IWD) 2019, via both involvement in the National Intelligence Community-wide IWD forum, and by hosting an ASD event focusing on women in STEM.
A White Ribbon Day event was also held to acknowledge family and domestic violence faced within the community.

Reconciliation – Indigenous talent attraction and development

ATSI@ASD is a community of support for Indigenous Australians; key activities through the year included:

establishing a Reconciliation Action Plan (RAP) Working Group
facilitating the ongoing development of ASD's Reflect RAP
facilitating access to culturally informed learning and development for network members and wider ASD staff, including Australian War Memorial tours, for ASD staff members, focusing on the contribution of Aboriginal and Torres Strait Islander peoples
sustaining support for Aboriginal and Torres Strait Islander candidates recruited through the 2017 and 2019 recruitment rounds
celebrating NAIDOC Week and Reconciliation Week, including organising Amy Thunig to speak with ASD staff.

Domestic and family violence

ASD remains committed to supporting employees affected by family and domestic violence, through embracing the Defence Family and Domestic Violence Strategy 2017–22 and the Commanders and Managers Guide to Responding to Family and Domestic Violence, which provide managers with basic information about how to support someone experiencing domestic violence.

In marking the 2019 International Day for the Elimination of Violence against Women, ASD hosted Nathan Costigan, Chair of the Tara Costigan Foundation, who spoke to staff about family and domestic violence.

Flexible working arrangements

ASD is committed to providing flexible working arrangements that support employees in balancing their professional and personal commitments and maximise participation in the workforce. ASD has adopted the assumption that all roles can be conducted flexibly, through the practice of If not, why not?

The If not, why not? approach to flexible work practices encourages employees across the organisation to think about how their roles, and roles within teams, could be delivered in a flexible manner. This approach emphasises an employee's right to request a flexible working arrangement and to discuss this with their manager. The onus is on managers to demonstrate why a role cannot be filled flexibly, rather than an employee demonstrating why it can.

ASD favourably considers requests for flexible working arrangements from mature-aged employees who wish to phase into retirement, and employees with school-age or young children, children with disabilities, and elder-care responsibilities.

The types of flexible work arrangements currently available in ASD include flexible working hours, working arrangements for Executive Level employees, make-up time, time off in lieu, local working arrangements, telework, part-time work, and shiftwork.

ASD has adopted the Government's Paid Parental Leave scheme so staff are able to access up to ten 'Keeping in Touch' days. These days allow staff to return to work for short periods so as to stay connected with the workplace and help the transition back into work, while retaining access to the payments provided under the Government's Paid Parental Leave scheme.

ASD supports the Parenting Outreach Program, which was established to help new parents keep up professional and personal networks while on longer-term leave. It is also designed to provide a support network to assist mothers and fathers to manage the balancing act upon their return to work, including through the use of flexible work arrangements.

Work health and safety

ASD is committed to providing a safe working environment and ensuring the health, safety and welfare of our staff. In 2018–19, a review of work health and safety in ASD was conducted to ensure ASD is able to meet its obligations under the Work Health and Safety Act 2011. ASD continues to implement the recommendations, and enhanced governance and performance monitoring structures are being implemented to ensure we strengthen our work health and safety culture, and we continue to integrate health and safety considerations across the spectrum of our day-to-day work activities.

Pivotal to health and safety in ASD is a focus on mental health and wellbeing. ASD hosts a Mental Health Speaker Series designed to support the physical health and safety of our staff.

Further work is ongoing to ensure our workforce is supported through the Health and Safety Representative network and has representation through the ASD and Defence Work Health and Safety Committees. The network continues to engage with work teams and inform them about the importance of maintaining a safe workplace – and this includes ASD's first aid officers who provide a critical first-response function when safety incidents occur.

ASD has maintained our active early intervention and preventative approach to compensation and rehabilitation. As ASD builds its internal work health and safety capability, and implements the ASD WHS Management System, we continue to be supported by the Department of Defence. ASD is also establishing its own relationship with Comcare in relation to both work health and safety, and rehabilitation.

ASD staff and their immediate families have access to the Defence Intelligence Agencies' Employee Assistance Services panel, which provides counselling and therapy interventions for a range of issues. The panel consists of registered psychologists, who have wide experience, including specialists in areas such as drug and alcohol addictions, relationship counselling, trauma treatment, and children and adolescents. Staff also have access to the in-house psychological services team who can provide a higher level of support. A representative from the psychology team presents at all staff inductions so that new employees are aware of these services.

ASD psychologists provide a range of training and presentations to staff on mental health topics. These are delivered in group format and reflect wellbeing concerns that have been identified as relevant across the National Intelligence Community psychology forums.

In line with legislated notification obligations, ASD reported two incidents to Comcare in 2018–19. Comcare initiated an investigation into the events, with one incident deemed to be natural causes and not a notifiable incident; the second remains under investigation. There were no notices issued to ASD under the Work Health and Safety Act 2011.

Performance management

All ASD employees and their ASD and Australian Defence Force supervisors are required to participate in the Performance Feedback Assessment and Development Scheme (PFADS).

PFADS supports a strong performance culture, as it provides a framework for employees and their supervisors to discuss and establish expectations regarding performance and behaviour, to recognise, reward and reinforce strong performance, and to identify and encourage improvement where improvements need to be made.

The foundation of the performance framework is frequent quality performance conversations, between an employee and their supervisor, throughout the performance cycle. By regularly discussing performance, sharing ongoing feedback and acknowledging achievements and performance, supervisors and employees create a sustainable strong performance culture.

ASD's annual performance cycle runs from 1 September until 31 August. Key events in the performance cycle include:

frequent Clarity, Check-In and Closing conversations, that occur continually throughout the performance cycle, to discuss particular work activities
three defined checkpoint conversations to Set Expectations, Review Performance and Assess Performance, that occur at distinct points within the performance cycle, to discuss the standard of work performance and expectations of the employee.

ASD's performance management process is underpinned by policies to assist supervisors to lead and encourage employees to high performance and improve poor performance.

ASD Determination

ASD operates under its first ASD Determination, Terms and Conditions (ASD Employment Conditions [non-SES]) Determination, which was made by the Director-General ASD under subsection 38A(3) of the Intelligence Services Act 2001.

The determination was made on 21 June 2018, and came into effect on 1 July 2018, to align with ASD's transition to an independent statutory agency. The current determination will nominally expire on 15 August 2020. Consultation for ASD's second employment conditions determination will be undertaken in the 2019–20 reporting period.

ASD's SES workforce are employed under the ASD Determination, Terms and Conditions (ASD SES Employment Conditions) Determination 2018.

These two determinations provide for a range of non-salary benefits, including leave entitlements, access to flexible working arrangements, and part-time work. ASD invests heavily in training and development of staff, and has a number of formal and informal schemes to recognise exemplary performance and achievements.

Table 2 shows the types of employment arrangements covering SES and non-SES arrangements in ASD as at 30 June 2018.

Table 2: SES and non-SES employees by employment arrangement, as at 30 June 2019

Employment arrangement (headcount)	Non-SES	SES
ASD Determination, Terms and Conditions (non-SES)	1879	0
ASD Determination, Terms and Conditions (SES)	0	36

Grievances process

ASD has established a grievance process that provides a fair process of review of ASD actions. It retains the principles of a respectful, collegiate and professional process that applied when ASD was integrated in the Department of Defence, and has introduced some new features, including the additional benefit of providing employees with the ability to request a second internal review of relevant matters. The Inspector-General of Intelligence and Security (IGIS) has now also been given powers to investigate complaints regarding employment-related grievances from ASD employees.

The provisions of the Fair Work Act 2009 continue to apply to ASD employees and provide them with an avenue for redress for their employment-related grievances. Additionally, the right of employees to be members of industrial associations continues.

Security

ASD undertakes signals intelligence, cyber security and effects missions in accordance with sound, risk-based security practices that protect the organisation's most important equities, and are attuned to the sensitivity of the functions and activities being performed. ASD is also a shared-service provider of security assurance to the Defence Intelligence Agencies.

Through 2018–19, ASD has met its mandatory security obligations under the Protective Security Policy Framework (PSPF).

To conduct these tasks in a coordinated, consistent, and prioritised manner, ASD's protective information, personnel and physical security areas have been consolidated into a single Security Branch. In August 2018, the Director-General ASD designated the Assistant Director-General Security to be ASD's inaugural Chief Security Officer and also the delegated authority for all ASD security risk decisions.

ASD's security framework is a critical factor in shaping the behaviour of ASD's staff. This framework enables ASD to undertake its mission in accordance with sound, risk-based practices and supports obligations under the PGPA Act and the PSPF. Security training provides a strong foundation for reinforcing the importance of a sound security posture and culture through a suite of mandatory training and iterative security education programs tailored to the workforce, with one such initiative being the Trusted Insider Roadshow.

Consolidation of ASD's security offerings, including incident response, has set the scene for substantive improvements to ASD's protective security services during the 2018–19 reporting period. These improvements include supporting ASD in the successful integration of multi-security personnel and facilities following Machinery of Government changes enacted on 1 July 2018, and the management of an increased footprint of staff and sites across Australian state capital cities.

During 2018–19, ASD has implemented the PSPF security classification changes in ASD's corporate Top Secret environment and record management system. ASD is on track for completing the changes on all systems before the Attorney-General's Department mandated deadline of October 2020.

Portfolio management

A key part of ASD's planning and performance framework is the portfolio management function. In the early stages of becoming a statutory agency, it has been important to define and establish a portfolio management function that can ensure sound decisions around the identification, selection, prioritisation and oversight of investment in major capability programs. This function was reviewed in 2019 to assess its current state and to ensure that mechanisms are in place to align the agency's programs to its strategic objectives.

ICT shared services delivery

ASD provides shared services at the TOP SECRET level of classification to a number of Commonwealth entities.

Property and procurement

Property

ASD operates under the shared service agreement with the Department of Defence for the provision of property services, including estate planning and overall management of buildings and related infrastructure, internal fit-out, waste management and cleaning services, and cafeteria services.

During the year, ASD commenced an extensive upgrade of the foyer at its site in Russell, ACT, and ASD's newest facility, the ACSC site located in Brindabella Park, ACT, was opened to provide an essential collaboration hub for working with government and industry stakeholders in support of ASD's cyber defence operations.

Asset management

ASD manages $452.563 million of total assets. This includes:

$42.033 million of buildings and infrastructure
$262.257 million of plant and equipment
$24.125 million of intangibles
$0.244 million of heritage assets, and
$123.904 million of other items, including cash, receivables and prepayments.

ASD is accountable for the underlying business transactions and records that substantiate the reported financial balances of assets under its control. ASD undertakes accounting processes to enable the accurate and timely reporting of asset balances and ensures that they are consistent with the requirements for financial statement reporting defined in the Australian Accounting Standards. ASD conducted a fair value assessment of all assets.

Procurement

During the 2018–19 reporting period, ASD adhered to the Commonwealth Procurement Rules (CPRs) and associated policy and guidelines.

ASD used its two professional services panels to meet the majority of its contractor capability delivery and support requirements. In accordance with the CPRs, ASD made use of whole-of-government and coordinated procurement arrangements, with a particular focus on the purchase of equipment and systems, through the Digital Transformation Agency.

ASD leverages Department of Defence procurement mechanisms where these offer economy of scale benefits to both parties.

ASD's procurement compliance is reviewed by management and reported to the ASD Audit and Risk Committee. No significant issues have been identified and compliance was acceptable during the reporting period.

Consultants

In 2018–19, ASD applied the CPRs and Department of Finance and Department of Defence guidance relating to the categorisation, selection and engagement of consultants. ASD entered into ten new consultancy contracts involving total actual expenditure of $2.42 million. No additional consultancy contracts were active during the period.

In support of its establishment as a statutory agency, ASD engaged consultants to provide independent and expert advice on a range of functional areas that are key to ASD's successful operation, including security processes and practices, a people capability framework (inclusive of recruitment and skilling), a portfolio management framework, a capability delivery and technical roadmap, and a review of ASD's financial capabilities, budgeting and financial reporting obligations.

In accordance with the CPRs, details all of these contracts have been reported on AusTender.

Exempt contracts

ASD publishes information on the value of contracts and consultancies on the AusTender website. ASD is not required to publish this information on AusTender, as it has been exempted by the Director-General ASD on the basis that publication would disclose exempt matters under the Freedom of Information Act 1982. During 2018–19, ASD exempted 99 contracts with a total value of $219 million.

Small business

ASD supports small business participation in the Australian Government procurement market. Small and medium-sized enterprise participation statistics are available on the Department of Finance's website at www.finance.gov.au/government/procurement/statistics-australian-government-procurement-contracts.

ASD's procurement practices to support small and medium enterprises include:

adoption of standing offers such as the Digital Marketplace, which provides access to a large number of small and medium enterprises
the selection of small and medium enterprises, under ASD's standing-offer panel arrangement, for the provision of contractor personnel providing ICT capability and support roles
the use of the Commonwealth Contracting Suite for relevant procurements valued at less than $200 000
the use of electronic systems to facilitate the Department of Finance's Procurement On-Time Payment Policy for Small Business, including payment cards.

Advertising

ASD has no material advertising expenditure to report for the 2018–19 reporting period.

Grants

ASD did not provide any grants in the 2018–19 reporting period.

Disability reporting

Since 1994, non-corporate Commonwealth entities have reported on their performance as policy adviser, purchaser, employer, regulator and provider under the Commonwealth Disability Strategy. In 2007–08, reporting on the employer role was transferred to the Australian Public Service (APS) Commission's State of the Service reports and the APS Statistical Bulletin. These reports are available at www.apsc.gov.au. Since 2010–11, entities have no longer been required to report on these functions.

The Commonwealth Disability Strategy has been replaced by the National Disability Strategy 2010–20, which sets out a ten-year national policy framework to improve the lives of people with a disability, promote participation and create a more inclusive society. A high-level, two-yearly report will track progress against each of the six outcome areas of the strategy and show how people with a disability are faring. The first of these progress reports was published in 2014, and can be found at www.dss.gov.au.

The percentage of ASD employees who have self-identified as having a disability is 1.3 per cent, as at 30 June 2019.

ASD's reporting of the number of employees with disability or chronic illness relies on individuals self-identifying. One of the ongoing challenges is the reluctance to report for fear of stigma and negative stereotypes associated with disability in the workplace. The 2015 Defence Census indicated that 20.3 per cent of Defence APS employees had at least one form of disability or chronic medical condition. This increased level of reporting reflects the anonymity of the census as well as the broader definition of disability to include chronic illness or injury.

Appendix C provides information on the diversity of ASD's workforce, including statistics on people with a disability.

Information Publication Scheme

ASD is exempt from the operation of the Freedom of Information Act 1982 and does not have an Information Publication Scheme.

Non-compliance with finance law

No significant instances of non-compliance, requiring a report to the responsible Minister in accordance with the PGPA Act, have been recorded in ASD for 2018–2019.

Electoral expenses

ASD does not fall within the definition of agencies covered by the reporting requirements of section 311A of the Commonwealth Electoral Act 1918.

Ecologically sustainable development and environmental performance

ASD's shared service agreement includes the provision of a range of property and estate services. The Department of Defence has a Defence environmental policy which applies to these services ensuring the:

delivery of a sustainable estate
understanding and management of environmental impacts
minimisation of pollution and contamination
increasing efficiency of resource consumption
recognition and management of Defence estate heritage values.

Defence runs an ecologically sustainable development program, which includes projects such as solar systems, lighting upgrades, and water efficiency fittings. In 2018–19, this contributed to more than $15 million in savings.

Chapter 5 | Financial statements

Financial statements for the period ended 30 June 2019

STATEMENT OF COMPREHENSIVE INCOME		2019 $'000	Original Budget $'000
	Notes
EXPENSES
Employee benefits	1.1A	240,419	247,283
Suppliers expenses	1.1B	475,871	477,164
Depreciation and amortisation	2.2A	60,027	-
Write-down and impairment of assets	1.1C	2,997	-
Foreign exchange losses	1.1D	161	-
*Total Expenses*		779,475	724,447

OWN-SOURCE INCOME
Provision of goods and rendering of services	1.2A	4,515	2,715
*Total own-source revenue*		4,515	2,715

Gains
Reversals of previous asset write-downs and impairment	2.2A	115	-
*Total Gains*		115	-
*Total own-source income*		4,630	2,715

*Net cost of services*		(774,845)	(721,732)

Revenue from Government	1.2B	743,530	721,732
*Deficit attributable to the Australian Government*		(31,315)	-

OTHER COMPREHENSIVE INCOME
Items not subject to subsequent reclassification to net cost of services
Changes in asset revaluation reserves	2.2A	11,302	-
*Total other comprehensive income*		11,302	-

*Total comprehensive loss attributable to the Australian Government*		(20,013)	-

The above statement should be read in conjunction with the accompanying notes.

The original budgeted financial statement that was first presented to Parliament in respect of the reporting period (i.e. from the 2018-19 Portfolio Budget Statements). The budget is not audited. Budget variance analysis is included in note 8.

STATEMENT OF FINANCIAL POSITION		2019 $'000	Original Budget $'000
	Notes
ASSETS
Financial Assets
Trade and other receivables	2.1A	16,056	5
Total financial assets		16,056	5

Non-financial assets
Buildings and Infrastructure	2.2A	42,033	-
Plant and Equipment	2.2A	262,275	101,567
Intangibles	2.2A	24,115	1,311
Heritage assets	2.2A	244	-
Prepayments	2.2B	107,848	-
*Total non-financial assets*		436,497	102,878

Total Assets		452,553	102,883

LIABILITIES
Payables
Bank overdraft	2.3A	2,245
Suppliers payables		38,146
Employee payables	2.3B	4,406
Other payables	2.3C	5,983
*Total payables*		50,780	-

Provisions
Employee provisions		76,474	-
Total provisions		76,474	-

*Total Liabilities*		127,254	-

NET ASSETS		325,299	102,883

EQUITY
Contributed equity		345,312	102,883
Asset Revaluation Reserve		11,302	-
Accumulated Deficit		(31,315)	-
TOTAL EQUITY		325,299	102,883

The above statement should be read in conjunction with the accompanying notes.

The original budgeted financial statement that was first presented to Parliament in respect of the reporting period (i.e. from the 2018-19 Portfolio Budget Statements). The budget is not audited. Budget variance analysis is included in note 8.

STATEMENT OF CHANGES IN EQUITY		2019 $'000	Original Budget $'000
	Notes
CONTRIBUTED EQUITY
Opening balance		-	-
Contribution by owners
Equity injection - Appropriations	3.1A	124,200	102,883
Restructuring	6.1	221,112	-
Closing balance as at 30 June		345,312	102,883

ACCUMULATED DEFICIT
Opening balance		-	-
Comprehensive income
Deficit for the period		(31,315)	-
		(47,380)	-

ASSET REVALUATION RESERVE
Opening balance		-	-
Comprehensive income
Other comprehensive income	2.2A	11,302	-
*Closing balance as at 30 June*		11,302	-

TOTAL EQUITY
Opening Balance
Balance carried forward from previous period		-	-
Comprehensive (loss)/gain for the period		(20,013)	-
Transactions with owners		345,312	102,883
Closing balance as at 30 June		325,299	102,883

The above statement should be read in conjunction with the accompanying notes.

Accounting Policy

(a) Equity Injections

Amounts appropriated which are designated as ‘equity injections’ (less any formal reductions) are recognised directly in contributed equity in that year.

(b) Restructuring of Administrative Arrangements

Net assets/liabilities received from or relinquished to another Australian Government agency or authority under a restructuring of administrative arrangements are recognised as contributions or distributions of equity respectively, at their net book value.

CASH FLOW STATEMENT		2019 $'000	Original Budget $'000
	Notes
OPERATING ACTIVITIES
Cash received
Appropriations		737,884	721,732
Goods and services (including cost recovery)		3,023	2,710
Interest received		1	-
GST received		12,287	-
Other		1,170	-
Total cash received		754,365	724,442

Cash used
Employees		(222,730)	(247,283)
Suppliers		(509,596)	(442,801)
GST paid		(14,571)	-
Section 74 receipts transferred to OPA		(1)	-
Other		(14)	-
Total cash used		(746,912)	(690,084)
Net cash from/(used by) operating activities		7,452	34,538

INVESTING ACTIVITIES
Cash used
Purchase of buildings and infrastructure		(25,723)	-
Purchase of plant and equipment		(105,722)	(135,930)
Purchase of intangibles		(8,890)	(1,311)
*Total cash used*		(140,335)	(137,241)

Net cash used by investing activities		(140,335)	(137,241)

FINANCING ACTIVITIES
Cash received
Contributed equity		130,636	102,883
Net cash from financing activities		130,636	102,883

Net increase/(decrease) in cash held		(2,245)

Cash and cash equivalents at the beginning of the reporting period		-	-
Effect of exchange rate movements on cash and cash equivalents at the beginning of the reporting period		1	-
Cash and cash equivalents at the end of the reporting period	2.3A	(2,245)	-

The above statement should be read in conjunction with the accompanying notes.

ADMINISTERED SCHEDULE OF COMPREHENSIVE INCOME	2019 $'000	Original Budget $'000
NET COST OF SERVICES
Net cost of services	-	-
Deficit attribute to the Australian Government	-	-

Total comprehensive income/(loss)	-	-

ADMINISTERED SCHEDULE OF ASSETS AND LIABILITIES	2019 $'000	Original Budget $'000
ASSETS
Cash and cash equivalents	19,568	-
TOTAL ASSETS ADMINISTERED ON BEHALF OF GOVERNMENT	19,568	-

LIABILITIES
Other payables	19,568	-
Total payables	19,568	-

TOTAL LIABILITIES ADMINISTERED ON BEHALF OF GOVERNMENT	19,568
NET LIABILITIES	-	-

ADMINISTERED RECONCILIATION SCHEDULE	2019 $'000
Opening assets less liabilities as at 1 July	-
Closing assets less liabilities as at 30 June	-

Accounting Policy

Cash Transfers to and from the Official Public Account

Revenue collected by ASD for use by the Government rather than ASD is administered revenue. Collections are transferred to the Official Public Account (OPA) maintained by the Department of Finance. Conversely, cash is drawn from the OPA to make payments under Parliamentary appropriations on behalf of Government. These transfers to and from the OPA are adjustments to the administered cash held by ASD on behalf of the Government and reported as such in the schedule of administered cash flows and in the administered reconciliation schedule.

ADMINISTERED CASH FLOW STATEMENT	2019 $'000
OPERATING ACTIVITIES
Cash from the Official Public Account for:
Special Accounts	25,978
Total cash from the Official Public Account	25,978

Cash to the Official Public Account for:
Special Accounts	(6,410)
Total cash to the Official Public Account	(6,410)

Cash and cash equivalents at the end of the reporting period	19,568

Overview - Notes to the financial statements

The basis of preparation

The financial statements including notes are required by section 42 and section 105D of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and are general purpose financial statements.

The financial statements have been prepared in accordance with:

Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (FRR)
Australian Accounting Standards and Interpretations - Reduced Disclosure Requirements issued by the Australian Accounting Standards Board (AASB) that apply for the reporting period as amended by section 105D of the PGPA Act 2013.

The financial statements have been prepared on an accrual basis and are in accordance with the historical cost convention,except for certain assets at fair value. Except where stated, no allowance is made for the effect of changing prices on the results or the financial position. The financial statements are presented in Australian dollars and values are rounded to the nearest thousand dollars unless otherwise specified.

Future accounting standard requirement

The following new, revised and amending standards and interpretations were issued by the AASB prior to the signing of the statement by the Director-General and Chief Financial Officer:

New Standard	Expected Impact
AASB 15 Revenue from Contracts with Customers	No material change to revenue recognised during a reporting period.
AASB 1058 Income of Not-for-Profit Entities	No material impact anticipated
AASB 16 Leases	An overall increase in expenses related to lease agreements in reporting periods following adoption with progressive decrease in expenses toward the end of the lease agreements. Leases identified are limited to leases for property and motor vehicles.

All other new, revised, and amending standards or interpretations that have been issued by the AASB prior to sign-off date that are applicable to the future reporting period(s) are not expected to have a future material financial impact on the ASD's financial statements.

Significant accounting judgements and estimates

Except where specifically identified and disclosed, ASD has determined that no accounting assumptions and estimates have a significant risk of causing a material adjustment to carrying amounts of assets and liabilities within the next accounting period.

Taxation

ASD is exempt from all forms of taxation except Pay-as-you-go Withholding (PAYG-W) Fringe Benefits Tax (FBT), the Goods and Services Tax (GST) and certain excise and customs duties.

Reporting of administered activities

Administered revenues, expenses, assets, liabilities and cash flows are disclosed in the administered schedules and related notes.

Except where otherwise stated, administered items are accounted for on the same basis and using the same policies as for departmental items, including the application of Australian Accounting Standards.

Events after the reporting period

There are no post balance date events with a material effect on the Departmental or Administered financial statements.

1. Financial performance

This section analyses the financial performance of ASD for the year ended 30 June 2019.

1.1: Expenses

	2019 $'000
1.1A: Employee benefits
Wages and salaries	174,797
Superannuation:
Defined contribution plans	18,774
Defined benefit plans	11,684
Leave and other entitlements	34,720
Separation and redundancies	444
*Total employee benefits*	240,419

Accounting Policy

Employee benefits are based on the relevant employment agreements and legislation. Liabilities for services rendered by employees are recognised at the reporting date to the extent that they have not been settled. Liabilities for wages and salaries (including non-monetary benefits), annual leave and other entitlements expected to be wholly settled within 12 months of the reporting date are measured at their nominal amounts. All other employee benefit liabilities (including long service leave) are measured at the present value of the estimated future cash outflows to be made in respect of services provided by employees up to the reporting date.

(a) Leave

The liability for employee benefits includes provisions for annual leave and long service leave. No provision has been made for sick leave as all sick leave is non-vesting and the average sick leave taken in future years by employees of ASD is estimated to be less than the annual entitlement for sick leave. The leave liabilities are calculated on the basis of employees’ remuneration, including ASD’s employer superannuation contribution, at the estimated rates that will be applied at the time that leave is taken, to the extent that leave is likely to be taken during service rather than paid out on termination.

The liability for long service leave has been determined by reference to the work of the Australian Government Actuary in the current year. The estimate of the present value of the liability takes into account attrition rates and pay increases through promotion and inflation.

(b) Separation and Redundancy

Provision is made for separation and redundancy benefit payments. ASD recognises a provision for termination when it has a detailed formal plan for the terminations and has informed those employees affected that the terminations will be carried out.

(c) Superannuation

Permanently appointed Commonwealth Officers of ASD are members of the Commonwealth Superannuation Scheme (CSS), the Public Sector Superannuation Scheme (PSS), the PSS Accumulation Plan (PSSap) and other superannuation schemes held outside the Commonwealth. The CSS and PSS are defined benefit schemes for the Australian Government.

The PSSap is a defined contribution scheme.

The liability for defined benefits is recognised in the financial statements of the Australian Government and is settled by the Australian Government in due course. This liability is reported by the Department of Finance as an administered item. ASD makes employer contributions to the employee superannuation schemes at rates determined by an actuary to be sufficient to meet the current cost to the Government of the superannuation entitlements of ASD’s employees. ASD accounts for these contributions as if they were contributions to defined contribution plans in accordance with AASB 119. The liability for superannuation recognised in the departmental statements as at 30 June represents outstanding contributions yet to be paid.

(d) Paid Parental Leave

ASD provides payments to employees under the Government Paid Parental Scheme. The receipts received are offset by the payments made to the employees and any balance outstanding at the end of the year is recognised as a liability.

Accounting judgements and estimates

As required by AASB 119 Employee Benefits, liabilities for short-term employee benefits expected to be paid within 12 months of the end of reporting period are measured at the one year Commonwealth government bond rate of 1.04 per cent. Liabilities for long term employee benefits are discounted using the 10 year Commonwealth government bond rate of 1.32 per cent.

	2019 $'000
1.1B: Suppliers expenses
Goods supplied	30,949
Services rendered	442,298
Workers compensation premiums	2,624
*Total supplier expenses*	475,871
Financial statement audit services were provided free of charge to ASD by the Australian National Audit Office (ANAO) and are recorded at the fair value of resources received. No other services were provided by the auditors of the financial statements.
Commitments for minimum lease payments in relation to non-cancellable operating leases are payable as follows:
Within 1 year	208
Between 1 to 5 years	31
More than 5 years	-
Total operating lease commitments	239

Accounting Policy

A distinction is made between finance and operating leases. Finance leases effectively transfer from the lessor to the lessee substantially all the risks and benefits incidental to ownership of leased assets. In operating leases, the lessor effectively retains substantially all such risks and benefits.

Operating lease payments are expensed on a straight line basis over the term of the lease which is representative of the pattern of benefits derived from the leased assets. Lease incentives taking the form of ‘free’ leasehold improvements and rent holidays are recognised as an integral part of the total consideration agreed for the use of the leased asset.

	2019 $'000
1.1C: Write-down and impairment of assets
Write-down and impairment of property, plant and equipment	2,058
Write-down and impairment of intangible assets	939
*Total write-down and impairment of assets*	2,997

1.1D: Foreign exchange
Foreign exchange gains
Non-speculative	74
Foreign exchange losses
Non-speculative	(235)
Total net gain/(loss) foreign exchange	(161)

Accounting Policy

Transactions denominated in a foreign currency are converted at the exchange rate on the date of transaction. Foreign currency receivables and payables are translated at the exchange rate at the balance date.

Non-financial items that are measured at cost in a foreign currency are translated using the spot exchange rate at the date of the initial transaction. Non-financial items that are measured at fair value in a foreign currency are translated using the spot exchange rates at the date when the fair value was determined.

All exchange gains and losses are reported in the Statement of Comprehensive Income.

1.2: Own-source revenue and gains

Own-source revenue

	2019 $'000
1.2A: Provision of goods and rendering of services
Provision of goods
Rendering of services
Non Government	1,571
Government	2,776
Resources received free of charge - Audit Services	168
*Total provision of goods and rendering of services*	4,515

Accounting Policy

Revenue from the provision of goods is recognised when:

the risks and rewards of ownership have been transferred to the buyer
ASD retains no managerial involvement nor effective control over the goods
the revenue and transaction costs can be reliably measured
it is probable that the economic benefits associated with the transaction will flow to ASD.

revenue from rendering of services is recognised by reference to the stage of completion of contracts at the reporting date. The revenue is recognised when the:

amount of revenue, stage of completion and transaction costs incurred can be reliably measured
probable economic benefits associated with the transaction will flow to ASD.

	2019 $'000
1.2B: Revenue from Government
Appropriations:
Departmental appropriations	743,530
*Total revenue from Government*	743,530

Accounting Policy

Amounts appropriated for departmental appropriations for the year (adjusted for any formal additions and reductions) are recognised as revenue when ASD gains control of the appropriation, except for certain amounts that relate to activities that are reciprocal in nature, in which case revenue is recognised only when it has been earned.

ASD draws down appropriations on a just-in-time basis. The undrawn appropriations as at 30 June 2019 are reflected as a receivable and are available to be drawn down to meet future obligations. Appropriations receivable are recognised at their nominal amounts.

2. Financial position

This section analyses ASD's assets used to conduct its operations and the operating liabilities incurred as a result.

2.1 Financial assets

	2019 $'000
2.1A: Trade and other receivables
Goods and services
Goods and services	1,542
Total goods and services receivables	1,542

Appropriations receivable
For existing programs	8,178
Total appropriations receivable	8,178

Other receivables
GST receivable from the Australian Taxation Office	3,127
Other	3,209
Total other receivables	6,336
*Total trade and other receivables (gross)*	16,056

Less impairment allowance
Goods and services	-
Total impairment allowance	-
Total trade and *other receivables (net)*	16,056

Accounting Policy

Trade receivables and other receivables are recognised initially at fair value and subsequently measured at amortised cost, less any loss allowance.

The receivables for goods and services are generally receivable within 30 days.

Trade and other receivable assets at amortised cost are assessed for impairment at the end of each reporting period. The simplified approach has been adopted in measuring the impairment loss allowance at an amount equal to lifetime 'expected credit loss' (ECL).

AASB 9 replaces the 'incurred loss' model previously used under AASB 139 with an ECL model. This new impairment model applies to financial assets measured at amortised cost, contract assets and debt instruments measured at fair value through other comprehensive income.

2.2: Non-financial assets

2.2A: Reconciliation of the opening and closing balances of property, plant and equipment, and intangibles

Item	Buildings and Infrastructure $'000	Plant and Equipment $'000	Intangibles $'000	Heritage Assets $'000	Total $'000
Net book value 1 July 2018	-	-	-	-	-
*Additions:*
By purchase	25,723	101,337	8,890	-	135,950
Internally developed	-	-	595	-	595
Acquisitions of entities or operations (including restructuring)	11,743	201,301	30,423	244	243,711
Revaluations/impairments recognised in other comprehensive income 1	141	11,161	-	-	11,302
Reclassification	4,767	(6,642)	1,875	-	-
Depreciation/amortisation expense	(300)	(42,998)	(16,729)	-	(60,027)
Revaluations/write-downs and impairment recognised in net cost of services	(41)	(2,017)	(939)	-	(2,997)
*Other movements*
Reversal of previous asset write-downs	-	115	-	-	115
*Net book value 30 June 2019*	42,033	262,257	24,115	244	328,649

Net book value as at 30 June 2019 represented by:
Gross book value	42,124	292,876	41,783	244	377,027
Accumulated depreciation/amortisation and impairment	(91)	(30,619)	(17,668)	-	(48,378)
Closing net book value at 30 June 2019	42,033	262,257	24,115	244	328,649

All revaluations were conducted in accordance with revaluation policy stated at Note 2.2A(d).

	2019 $'000
Commitments payable to property, plant and equipment and intangibles
Infrastructure, plant and equipment ¹	3,671
Intangibles ²	2,667
Total capital commitments	6,338

Infrastructure, plant and equipment capital commitments include outstanding contractual payments.
Intangible commitments include contractual payments for software license agreements.

Accounting Policy

(a) Individual Asset Recognition Threshold

Purchases of property, plant and equipment including buildings and infrastructure are recognised initially at cost where they meet the individual asset recognition threshold. Individual items are capitalised where the individual value is equal to or exceeds $5,000 for buildings, infrastructure and other assets; and $2,000 for other plant and equipment. Assets costing below these thresholds are expensed in the year of acquisition.

(b) Reversal of Previous Asset Write-Downs

These are amounts relating to assets which have been previously written down or expensed in prior periods. In the current year, these items have been either reversed as a write down or capitalised for the first time due to either exceeding the capitalisation threshold or through identification during stock takes.

(c) Assets under construction

Assets under construction (AUC) include expenditure to date on major military capability and facilities projects. AUC projects are reviewed annually for indicators of impairment. Prior to rollout into service, the accumulated AUC balance is reviewed to ensure accurate capitalisation.

(d) Subsequent valuations

All property, plant and equipment is measured and disclosed at fair value, less any accumulated depreciation and accumulated impairment losses. Valuations are conducted with sufficient frequency to ensure that the carrying amounts of assets did not differ materially from the assets’ fair values as at the reporting date. The regularity of independent valuations depended upon the volatility of movements in market values for the relevant assets.

The basis for determining fair value is by reference to the highest and best use that is physically possible, legally permissible and financially feasible. Where an active and liquid market exists, fair value is determined by reference to market values, noting the highest and best use criteria and any specific factors that have been noted by the valuer.

Valuation for buildings, infrastructure and other plant and equipment assets are performed by independent external valuers using inputs such as sales prices of comparable assets, replacement cost, expected useful life and adjustments for obsolescence.

Following initial recognition at cost, valuations for buildings, and infrastructure are conducted every year; and other plant and equipment are revalued annually on a sample basis.

Revaluation adjustments are made on a class basis. Any revaluation increment is recognised as Other Comprehensive Income under the heading of Changes in Asset Revaluation Reserves except to the extent that it reverses a previous revaluation decrement of the same class that was previously recognised in the surplus/deficit. Revaluation decrements for a class of assets are recognised directly in the surplus/deficit except to the extent that they reverse a previous revaluation increment for that class.

Any accumulated depreciation as at the revaluation date is eliminated against the gross carrying amount of the asset and the asset is restated to the revalued amount.

(e) Depreciation

Property, plant and equipment items having limited useful lives are systematically depreciated over their estimated useful lives on a straight-line basis. Depreciation rates (useful lives) are determined upon acquisition and are reviewed at each subsequent reporting date, and necessary adjustments are made in the current, or current and future reporting periods, as appropriate. Residual values are re-estimated only when assets are revalued.

The following are minimum and maximum useful lives for the different asset classes. These are not necessarily indicative of typical useful lives for these asset classes.

	2018-19
Building and Infrastructure	9 to 40 years
Plant and Equipment	2 to 40 years
Heritage Assets	Indefinite

(f) Intangible Assets

ASD’s intangibles comprise externally acquired and internally developed computer software for internal use and other externally acquired and internally developed intangibles. Intangibles with gross values greater than $150,000 are capitalised when they meet the recognition criteria in AASB 138.

All intangibles are amortised on a straight–line basis over their anticipated useful lives. The useful lives of ASD software are 2 to 22 years and the useful lives of ASD's other intangibles are 1 to 6 years. All intangible assets are assessed annually for indications of impairment.

ASD recognises its intangible assets initially at cost and measures those which have an active market at fair value subsequent to initial recognition. If an intangible asset is acquired at no cost or for nominal consideration, other than those acquired through restructuring, it is recognised initially at fair value as at the date of acquisition.

All ASD intangible assets are currently stated at cost less any subsequent accumulated amortisation and accumulated impairment losses.

Acquired intellectual property may form part of the acquisition of particular tangible assets. Where the acquired intellectual property is inseparable from the underlying tangible asset it is reflected in the value of the tangible asset in the statement of financial position.

ASD reviews the useful life of intangible assets annually based on the service potential of the assets. All ASD intangible assets have finite useful lives and are amortised over their anticipated useful lives. Where there is an indication that the service potential of an intangible asset is impaired, the recoverable amount of that asset is determined based on the remaining service potential. Where the recoverable amount is lower than the carrying amount, the asset is written down to its recoverable amount.

(g) Acquisition of Assets

Assets are initially recorded at cost on acquisition which includes the fair value of assets exchanged and liabilities undertaken. Financial assets are initially measured at their fair value plus transaction costs where appropriate.

Assets acquired at no cost, or for nominal consideration are initially recognised as assets and revenues at their fair value at the date of acquisition, unless acquired as a consequence of restructuring of administrative arrangements. In the latter case, assets are initially recognised at the amounts at which they were recognised in the transferor agency’s accounts immediately prior to the restructuring.

(h) Impairment of Assets

All relevant assets were assessed for impairment during the year. Where indications of impairment exist, the asset’s recoverable amount is estimated and an impairment adjustment made if the asset’s recoverable amount is less than its carrying amount.

The recoverable amount of an asset is the higher of its fair value less costs to sell and its value in use. Value in use is the present value of the future cash flows expected to be derived from the asset. Where the future economic benefit of an asset is not primarily dependent on the asset’s ability to generate future cash flows, and the asset would be replaced if ASD was deprived of the asset, its value in use is taken to be its depreciated replacement cost.

(i) Derecognition of Assets

Assets are derecognised upon disposal or when no further economic benefits or capability are expected from their use or disposal.

(j) Heritage and Cultural Assets

Heritage and cultural items include artefacts and memorabilia that are or may be of national historical or cultural significance.

Significant accounting judgements and estimates

ASD assesses non-financial assets for impairment by monitoring impairment indicators specific to an asset’s use in the ASD context. Where these indicators signify that an asset is impaired, management has made an estimate of the recoverable amount of those assets to determine any impairment loss.

Property, plant and equipment is measured at fair value using revaluation techniques that require significant judgements and estimates to be made.

	2019 $'000
2.2B Prepayments
Capital prepayments	1,384
Non-capital prepayments	106,464
Total prepayments	107,848

83% of Prepayments relate to the shared services arrangement with the Department of Defence.

Accounting Policy

Prepayments, excluding those paid to employees as retention benefit payments, are recognised if the value of the payment is $50,000 or greater.

2.3: Payables

	2019 $'000
2.3A: Bank overdrawn
Cash at bank	2,245
Total bank overdrawn	2,245

The total bank overdrawn amount is contained within the Commonwealth accounts with the Reserve Bank of Australia and does not represent a borrowing. The overdrawn amount was repaid on 2 July 2019 (the next business day) and was covered by undrawn appropriations available at that time.

Accounting policy

Cash and cash equivalents includes notes and coins held, any deposits in bank accounts held at call with a bank, and cash held in special accounts. Cash is measured at its nominal amount. Cash and cash equivalents denominated in a foreign currency is converted at the exchange rate at the balance date.

	2019 $'000
2.3B: Employee payables
Employee payables
Salaries and wages	4,169
Superannuation	237
Total employee payables	4,406

2.3C: Other payables
Statutory payable	3,677
Other	2,306
Total other payables	5,983

3. Funding

This section identifies ASD's funding structure.

3.1: Appropriations

3.1A: Annual appropriations ('Recoverable GST exclusive')

Annual appropriations for 2018-2019

	Annual Appropriation $'000	Adjustments to appropriation ¹ $'000	Total Appropriation $'000	Appropriation applied to 2019 (Current and prior years) $'000	Variance ² $'000
DEPARTMENTAL
Ordinary annual services	740,726	14,269	754,995	(747,064)	7,931
Capital budget	-	-	-	-	-
Other services
Equity injection	124,200	2,531	126,731	(124,200)	2,531
*Total departmental*	864,926	16,800	881,726	(871,264)	10,462

Notes

Adjustment to appropriations include Advance to the Finance Minister (AFM), PGPA Section 74 receipts and PGPA Act section 75 transfers.
Reasons for material variance:

	Ordinary Annual Service $'000	Equity $'000
Undrawn departmental annual appropriations 2018-19	57	-
Net GST payments made not yet recovered	2,284	-
Undrawn departmental annual appropriations 2017-18	5,590	2,531
*Total*	7,931	2,531

3. Reconciliation to appropriation receivable	$'000
2018-19 Appropriation Act 3	57
2017-18 Appropriation Act 1	5,590
2017-18 Appropriation Act 4	2,531
Total	8,178

3.1B: Unspent annual appropriations ("Recoverable GST exclusive")

Authority	2019 $'000
DEPARTMENTAL
Operating
Act 1 2017-18	5,590
Act 3 2018-19	2,341
*Total operating*	7,931

Equity
Act 4 2017-18	2,531
Total equity	2,531
Total	10,462

Cash and cash equivalents	(2,245)
Total unspent annual appropriations ¹	8,217

Notes

The unspent annual appropriations of $8.217m is allocated as follows:

a) $5.933m of unspent annual appropriations (including cash and cash equivalents) available to ASD

b) Net GST payments made in 2018-19 that will be recovered in later financial periods of $2.284m.

4. People and relationships

This section describes our relationship with key people.

4.1: Key management personnel remuneration

Key management personnel are those persons having authority and responsibility for planning, directing and controlling the activities of ASD, directly or indirectly. The key management personnel of ASD are considered to be the:

Minister for Defence
Director-General Australian Signals Directorate
Principal Deputy Director-General
Deputy Director-General Signals Intelligence & Network Operations
Head of Australian Cyber Security Centre
Deputy Director-General Corporate & Capability.

Key management personnel remuneration is reported in the table below.

	2019 $
Short-term employee benefits	2,174,679
Post-employment benefits	407,484
Long-term benefits	35,283
*Total key management personnel remuneration expenses ¹*	2,617,445

The total number of key management personnel that are included in the above table are 5.

Notes

The above key management personnel remuneration excludes the remuneration and other benefits of the Minister Defence. The remuneration and other benefits of the Minister for Defence is set by the Remuneration Tribunal and is not paid by ASD.

4.2: Related party disclosures

ASD is an Australian Government controlled entity. Related parties to this entity are:

Key management personnel (as detailed in Note 4.1)
Spouse or domestic partners of (i)
Children or dependents of (i)
Entities, individually or jointly, controlled by the above individuals; and
Other Australian Government entities.

Given the breadth of Government activities, related parties may transact with the government sector in the same capacity as ordinary citizens. These transactions have not been separately disclosed in this note.

Significant transactions with related parties can include:

the payments of grants or loans
purchases of goods and services
asset purchases, sales transfers or leases
debts forgiven
guarantees.

Giving consideration to relationships with related entities, and transactions entered into during the reporting period by the entity, it has been determined that there are no significant related party transactions to be separately disclosed.

5. Managing uncertainies

This section analyses how ASD manages financial risk within its operating environment.

5.1: Contingent liabilities and assets

Quantifiable contingencies

Contingent liabilities and contingent assets are not recognised in the Statement of Financial Position but are reported in the relevant schedules and notes. They may arise when there is uncertainty as to the existence of a liability or asset or when the value of the liability or asset cannot be reliably measured. Contingent liabilities are disclosed when settlement is greater than remote. Contingent assets are disclosed when settlement is probable but not virtually certain.

As at 30 June 2019 there were no contingent assets or liabilities.

Unquantifiable contingencies

As at 30 June 2019 there were no unquantifiable contingent assets or liabilities.

5.2: Financial instruments

		2019 $'000
5.2A: Categories of financial instruments	Notes
Financial assets at amortised cost
Loans and receivables:
Trade and other receivables		4,751
*Total financial assets at amortised cost*		4,751
Carrying amount of financial assets		4,751

Financial liabilities
Financial liabilities at amortised cost
Bank Overdraft	2.3A	2,245
Suppliers	2.3B	4,406
Other payables		6,667
Total financial liabilities at amortised cost		13,318
Carrying amount of financial liabilities		13,318

Accounting Policy

Financial Assets

With the implementation of AASB 9 Financial Instruments for the first time in 2019, ASD classifies its financial assets in the following categories:

a) financial assetts at fair value through profit or loss

b) financial assets at fair value through other comprehensive income

c) financial assets measured at amortised cost.

The classification depends on both ASD's business model for managing the financial assets and contractual cash flow characteristics at the time of initial recognition. Financial assets are recognised when ASD becomes a party to the contract and, as a consequence, has a legal right to receive or a legal obligation to pay cash and derecognised when the contractual rights to the cash flows from the financial asset expire or are transferred upon trade date.

(a) Financial Assets at Amortised Cost

Financial assets included in this category need to meet two criteria:

1. the financial asset is held in order to collect the contractual cash flows

2. the cash flows are solely payments of principal and interest on the principal outstanding amount.

Amortised cost is determined using the effective interest method.

(b) Effective Interest Method

The effective interest method is a method of calculating the amortised cost of a financial asset and of allocating interest income over the relevant period. The effective interest rate is the rate that exactly discounts estimated future cash receipts through the expected life of the financial asset, or, where appropriate, a shorter period.

Income is recognised on an effective interest rate basis for financial assets that are recognised at amortised cost.

(c) Impairment of Financial Assets

Financial assets are assessed for impairment at the end of each reporting period.

Financial assets held at amortised cost

The amount of loss is measured using the simplified approach of the expected credit loss model at an amount equal to lifetime expected credit losses. The carrying amount is reduced by way of an allowance account. The loss is recognised in the Statement of Comprehensive Income.

Financial liabilities

Financial liabilities are classified as either financial liabilities 'at fair value through profit or loss' or other financial liabilities. Financial liabilities are derecognised upon trade date.

(a) Other Financial lLiabilities at Amortised Cost

Other financial liabilities, including borrowings, are initially measured at fair value, net of transaction costs. These liabilities are subsequently measured at amortised cost using the effective interest method, with interest expense recognised on the financial liability.

ASD's supplier and other payables are generally payable within the short term and are recognised at the amount of cash or cash equivalents required to settle the liability. Liabilities are recognised to the extent that the goods or services have been received (and irrespective of having been invoiced).

Financial assets are derecognised when the contractual rights to the cash flows from the financial assets expire or the assets with the associated risks and rewards are transferred to another entity. Financial liabilities are derecognised when the obligation under the contract is discharged, cancelled or has expired.

	2019 $'000
5.2B: Net gains or losses on financial assets
Financial assets at amortised cost
Exchange gains/(loss)	1
Net (loss)/gain on financial assets at amortised cost	1
Net (loss)/gain on financial assets	1
There is no interest income from financial assets not a fair value through the net cost of services.

5.2C: Net gains or losses on financial liabilities
Financial liabilities measured at amortised cost
Exchange gains/(loss)	(162)
Net (loss)/gain financial liabilities measured at amortised cost	(162)
Net gain/(loss) on financial liabilities	(162)
There is no interest expense from financial liabilities not a fair value through the net cost of services.

5.3: Fair value measurements

ASD's assets are held for operational purposes, not for the purposes of deriving a profit. As allowed for by AASB 13 Fair Value Measurement, quantitative information on significant unobservable inputs used in determining fair value is not disclosed.

The different levels of the fair value are detailed below:

Level 1: Quote prices (unadjusted) in the active market for identical assets or liabilities that the entity can access at measurement date.
Level 2: Inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly or indirectly.
Level 3: Unobservable inputs for an asset or liability.

Accounting Policy

In estimating the fair value of an asset or a liability, ASD uses market-observable data to the extent it is available. For level 2 and 3 inputs, ASD engages third party qualified valuers and internal experts to establish the appropriate valuation techniques and inputs to the models to ensure the valuations are in line with AASB 13.

ASD reviews all reports received from third party valuers and internal experts to ensure unobservable inputs used align with ASD's own assumptions and understanding of the market. This review includes investigation of significant fluctuations in the fair value of the assets and liabilities and that the report includes sufficient information to ensure compliance with AASB 13.

ASD deems transfers between levels of fair value hierarchy to have occurred when there has been a change to the inputs to the fair value measurement (for instance from observable to unobservable and vice versa) and the significance that the changed input has in determining the fair value measurement.

6. Other information

6.1: Restructuring

In 2017, the Australian Government commissioned an Independent Intelligence Review. Part of this review identified the requirement for an independent signals and intelligence agency. As such, the ASD was legislated to become an independent statutory agency from 1 July 2018.

As part of this legislation, responsibilities for certain functions were also assumed by ASD from the following entities:

The Department of Defence
The Attorney-General's Department
The Department of Prime Minister and Cabinet
The Digital Transformation Agency

6.1A: Restructuring in accordance with Section 75 of the PGPA Act
FUNCTIONS ASSUMED	Defence $'000	ADG $'000	PMC $'000	DTA $'000	Total $'000
Assets recognised
Cash and cash equivalents	-	-	-	213	213
Trade and other receivables	296	10,086	72	-	10,454
Buildings and Infrastructure	1,647	10,096	-	-	11,743
Plant and Equipment	199,886	1,389	-	26	201,301
Other assets	244	-	-	-	244
Intangibles	30,352	71	-	-	30,423
Prepayments	30,586	1,485	-	-	32,071
*Total assets recognised*	263,011	23,127	72	239	286,449

Liabilities recognised
Suppliers payables	-	494	-	-	494
Employee payables	-	-	-	10	10
Other payables	-	1,677	-	-	1,677
Employee provisions	60,803	2,068	72	213	63,156
*Total liabilities recognised*	60,803	4,239	72	223	65,337
Net assets recognised	202,208	18,888	-	16	221,112

Notes

In respect of functions assumed, the net book value of assets were transferred to ASD for no consideration.

6.2: Aggregate assets and liabilities

	2019 $'000
6.2A: Aggregate assets and liabilities
Assets expected to be removed in
No more than 12 months	123,085
More than 12 months	329,468
*Total assets*	452,553

Liabilities expected to be settled in
No more than 12 months	73,718
More than 12 months	53,536
Total liabilities	127,254

7. Net cash appropriation arrangements

The Government funds ASD on a net cash appropriation basis, where appropriation revenue is not provided for depreciation and amortisation expenses. Depreciation and amortisation is included in the ASD's cost recovered operations to the extent that it relates to those activities.

ASD's accountability for its operating result is at its result net of unfunded depreciation and amortisation.

	2019 $'000
Total comprehensive (loss)/gain	(20,013)
Unfunded depreciation and amortisation
Total Depreciation	60,027
*Net unfunded depreciation*	60,027
Comprehensive surplus/(loss) net of unfunded depreciation and amortisation	40,014

8. Major budget variances

General commentary

AASB 1055 Budgetary Reporting requires explanations of major variances between the original budget as presented in the 2018-19 Portfolio Budget Statements (PBS) and the final 2019 outcome. As a first year entity, initial PBS was prepared prior to details of machinery of government changes being finalised, there are significant variances across all categories.

Net cost of services

A significant portion of the variance is due to depreciation which was not budgeted for in PBS.

Financial assets

There was no allowance for receivables in the PBS.

Non-financial assets

The budgeted position presented at PBS did not consider assets that might be transferred to ASD from other agencies under section 75 of the PGPA Act. When recognised the assets transferred totalled $286.5m which represents the major variance in non-financial assets.

Departmental cash flows

In both cash received and cash used, GST is the largest variance item. GST was not budgeted in PBS. Total investing activity shows a minor variance in total with the major variance relating to category of investment. Contributed equity variance relates to new measures announced after the PBS was published.

Appendix A | Agency resource statement

Statement by the Director-General and Chief Financial Officer

In our opinion, the attached financial statements for the year ended 30 June 2019 comply with subsection 42(2) of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and are based on properly maintained financial records as per subsection 41(2) of the PGPA Act.

In our option, at the date of statement, there are reasonable grounds to believe that the Australian Signals Directorate will be able to pay its debts as and when they fall due.

LTGEN John Frewen DSC AM

A/ Director-General

Australian Signals Directorate

23 September 2019

Mr Robert O'Meara

Chief Financial Officer

Australian Signals Directorate

23 September 2019

Appendix B | Expenses by outcome

Outcome 1: Defend Australia from global threats and advance our national interests through the provision of foreign signals intelligence, cyber security and offensive cyber operations, as directed by Government.

	Budget* 2018-19 $'000	Actual expenses 2018-19 $'000	Variation 2018-19 $'000
Program 1.1: Foreign Signals Intelligence, Cyber Security and Offensive Cyber Operations
Departmental expenses
Appropriation¹	742,020	711,775	30,245
Expenses not requiring appropriation in the budget year	3,444	67,700	(64,256)
Total for Program 1.1	745,464	779,475	(34,011)
Total expenses for Outcome 1	745,464	779,475	(34,011)

Notes

* As per Portfolio Budget Statements including adjustments made at Additional Estimates and reductions under PGPA Act section 51 and reductions under PGPA Act section 51.

Ordinary annual services (Appropriation Act No. 1 and 3) including reductions under section 51 of the PGPA Act and Retained Revenue Receipts under section 74 of the PGPA Act 2013.

AASB 1055 Budgetary Reporting requires explanations of major variances between original budget as presented in the 2018-19 Portfolio Budget Statements (PBS) and the final 2019 outcome. As a first year entity, initial PBS was prepared prior to details of machinery of government changes being finalised, there are significant variances across all categories.

Appendix C | Workforce statistics

Workforce statistics

Table 3: Full-Time Equivalent (FTE) and Average Staffing Levels (ASL)

Year	FTE (end of financial year)	ASL	Allocation
2018–19	1775.0	1729.8	1888
2017–18	1587.5	1490.9	1547

Notes:

In 2017–18, achievement against allocation was measured by the end of financial year (EOFY) FTE position in relation to the allocation - this was changed to ASL for FY 2018–19.

Table 4: Employment status by gender and headcount for 2018–19 and 2017–18

Employment status & gender	Ongoing	Non-ongoing (specified term)	Intermittent (casual)	Total
2018-19	1877	23	15	1915
Male	1252	11	13	1276
Female	625	12	2	639
2017-18	1694	6	12	1712
Male	1138	3	9	1150
Female	556	3	3	562

Notes:

2017–18 data includes Director-General ASD. The 2018–19 data excludes Director-General ASD as a Statutory Officer.
Non-ongoing employees do not include locally-engaged staff and secondees.

Table 5: Employment status (headcount) by classification (ASD and APS)

Employment status & classification	Ongoing	Non-ongoing (specified term)	Intermittent (casual)
2018-19 ASD Classifications	1877	23	15
Trainee/Graduate	66	0	0
ASD 2 - EL2	1776	22	15
ASD SES 1 - ASD SES 3	35	1	0
2017-18 APS Classifications	1694	6	12
Trainee	12	0	0
APS 2 - EL2	1659	5	12
SES 1 - SES 3	23	1	0

Notes:

2017–18 data includes Director-General ASD. The 2018–19 data excludes Director-General ASD as a Statutory Officer.
Non-ongoing employees do not include locally-engaged staff and secondees.

Table 6: Employment status by classification and location

Employment status & classification	Ongoing	Non-ongoing (specified term)	Intermittent (casual)	Total
2018-19	1877	23	15	1915
Canberra	1748	18	0	1781
Other locations	129	22	5	134
2017-18	1694	6	12	1712
Canberra	1590	4	12	1606
Other locations	104	2	0	106

Notes:

2017–18 data includes the Director-General. The 2018–19 data excludes the Director-General as a Statutory Officer.
Non-ongoing employees do not include locally engaged staff and secondees.

Table 7: Classification by gender (percentage)

Gender	2018-19		2017-18
Classification	Female	Male	Female	Male
Trainee/Graduate	1.3%	2.1%	0.1%	0.6%
ASD 2 – EL2	31.2%	63.5%	32.1%	65.8%
SES 1 – SES 3	0.9%	1.0%	0.6%	0.8%
Total	33.4%	66.6%	32.8%	67.2%

Notes:

2017–18 data includes the Director-General. The 2018–19 data excludes the Director-General as a Statutory Officer.
Non-ongoing employees do not include locally-engaged staff and secondees.

Table 8: Diversity of ASD employees showing headcount and percentage

	2018-19		2017-18
Available data	1915		1712
Identify as Aboriginal and/or Torres Strait Islander	13	0.7%	14	0.8%
Culturally and linguistically diverse (CALD)	494	25.8%	437	25.5%
People with a disability	25	1.3%	27	1.6%
Total	532	27.8%	478	27.9%

Notes:

Percentage of available data calculated using the total head count.
Percentages of employees identifying as Aboriginal and or Torres Strait Islander, from a culturally and linguistically diverse background, and with a disability calculated using headcount of available data.
The 2017–18 data includes Director-General ASD. The 2018–19 data excludes Director-General ASD as a Statutory Officer and excludes secondees, locally-engaged staff and contractors.
Provision of Equal Employment Opportunity data is voluntary. Data is considered 'available' if a staff member has provided information on at least one diversity category.

Table 9: Key management personnel remuneration 2018–19

Name	Position	Short-term benefits			Post-employment benefits	Other long-term benefits		Termination benefits	Total remuneration
Name	Position	Base salary	Bonuses	Other benefits and allowances	Superannuation contributions	Long service leave	Other long-term benefits	Termination benefits	Total remuneration
Mr Michael Burgess	Director-General	592,063	0	1,161	87,400	4,662	0	0	685,286
Lieutenant-General John Frewen	Principal Deputy Director-General	394,233	0	18,840	132,619	9,574	0	0	555,266
Mr Simeon Gilding	Deputy Director-General Signals Intelligence & Network Operations	393,205	0	1,868	59,795	8,320	0	0	463,187
Mr Alastair MacGibbon	Head of Australian Cyber Security Group	365,291	0	1,053	54,246	2,994	0	0	423,584
Ms Hazel Bennett	Deputy Director-General Corporate & Capability	406,211	0	754	73,424	9,733	0	0	490,122
Total		2,151,003	0	23,676	407,484	35,283	0	0	2,617,446

Notes:

Remuneration has been captured for only time spent by the named individual as a KMP.
Base salary includes accrued leave that is equal to leave accrued less leave taken. Certain personnel have access to executive vehicle allowances, this is included as base salary.
Long service leave is equal to leave accrued less leave taken.
Total remuneration will differ from the remuneration tribunal due to a number of definitional differences.

Table 10: Performance pay by classification level

	Number of employees receiving performance pay	Aggregated (sum total) value of all payments made ($)	Average value of all payments made ($)	Minimum payment made ($)	Maximum payment made
Total	917	1,305,779	1,457	124	2,766

Notes:

Employees engaged under the ASD Conditions of Employment (non-SES) Determination 2018 who are at or above the top of their salary range and are eligible for performance progression are entitled to a lump sum performance progression payment of 1 per cent or $725, whichever is greater.
Minimum and maximum payments in this table may reflect amounts below these thresholds due to either part-time service or a partial lump-sum payment where the employee reaches the top of the range in the performance year.
Employees on Individual Flexibility Arrangements (IFA) may also receive additional performance-related bonuses, subject to meeting eligibility requirements.
The performance cycle runs from 1 September to 31 August each year.
Lump-sum performance progression payments and IFA-related performance bonuses were paid to 917 employees at classification levels ASD3 to EL2.
There were no performance payments made to Senior Executive Service employees.

Appendix D | ASD's salary classification structure

Table 11: ASD salary classification structure

Approved classification	Rates applied as at 30 June 2019 ($)
	Base	Top
Trainee ASD (Technical)	49,616	55,791
Trainee ASD (Administrative)	25,972	36,088
ASD Level 1	45,952	51,583
ASD Level 2	52,004	58,463
ASD Level 3	59,237	65,270
ASD Level 4	67,100	73,256
ASD Level 5	73,636	78,873
ASD Level 6	80,669	92,150
ASD Executive Level 1	101,955	115,005
ASD Executive Level 2	118,376	142,087
ASD Executive Level 2.1	142,088	169,094
ASD Executive Level 2.2	169,095	190,230

Table 12: Minimum SES salary levels

Classification	Minimum salary rate applied as at 30 June 2019 ($)
SES Band 1	160,932
SES Band 2	195,282
SES Band 3	242,829

Note:

The salary figures exclude allowance payments provided in recognition of high value skills.

Senior leadership

During the reporting period ended 30 June 2019, ASD had five executives who meet the definition of key management personnel (KMP). Their names and the length of term as KMP are summarised below.

Name	Position	Term as KMP
Mr Michael Burgess	Director-General	Full year
LTGEN John Frewen	Principal Deputy Director-General	Full year
Mr Simeon Gilding	Deputy Director-General SIGINT & Network Operations	Full year
Mr Alastair MacGibbon	Deputy Secretary Australian Cyber Security Group	Part-year - Ceased 28/05/2019
Ms Hazel Bennett	Deputy Director-General Corporate & Capability	Part-year - Appointed 02/07/2018

Key management personnel remuneration for the reporting period	2019 $
Short-term benefits
Base salary¹	2,151,003
Bonus
Other benefits and allowances	23,676
Total short-term benefits	2,174,679

Post-employment benefits
Superannuation	407,484
Total post-employment benefits	407,484

Other long-term benefits
Long service leave	35,283
Total other long-term benefits	35,283

Termination benefits	0

*Total key management personnel remuneration*	2,617,446

The above key management personnel remuneration excludes the remuneration and other benefits of the Minister for Defence, Minister for Defence Industry, Minister for Veterans and Defence Personnel and Assistant Defence Minister. The remuneration and other benefits for these Ministers are not paid by ASD.

Table 13: Senior Executive Commonwealth Officers (ASD) Remuneration

Remuneration band	Number of Senior Executives²	Short-term benefits			Post-employment benefits	Other long-term benefits		Termination benefits	Total Remuneration
Remuneration band	Number of Senior Executives²	Average base salary ($)	Average bonuses ($)	Average other benefits and allowances³ ($)	Average superannuation contributions ($)	Average long service leave ($)	Average other long-term benefits ($)	Average termination benefits ($)	Average total remuneration ($)
$0 - $220,000	19	79,322	555	198	12,562	-	-	-	93,940
$220,001 - $245,000	7	192,893	408	579	30,573	-	-	-	228,206
$245,001 - $270,000	6	212,510	-	1,037	33,408	-	-	-	250,794
$270,001 - $295,000	3	236,497	-	429	38,375	-	-	-	279,913
$295,001 - $320,000	-	-	-	-	-	-	-	-	-
$320,001 - $345,000	1	155,856	-	-	27,197	2,896	-	156,866	342,814
$345,001 - $370,000	-	-	-	-	-	-	-	-	-
$370,001 - $395,000	1	167,405	-	1,455	28,035	3,299	-	194,272	394,466
$420,001 - $445,000	1	196,487	-	1,404	35,131	4,356	-	194,272	431,650

The number of senior executives listed above is the number of individual SES not the number of SES positions. Staff who are permanently appointed to or acted in an SES level position for a period longer than 6 months are included.
Other Benefits and Allowances includes the value of items such as housing (including overseas), motor vehicle allowances, retention bonuses, cost of living allowances (to support members and their families in remote or overseas locations), and any associated Fringe Benefits Tax payable by ASD. This column includes non-cash benefits.

Table 14: Other Highly Paid Staff - Commonwealth Officers Remuneration

Remuneration band	Number of highly paid Commonwealth Officers	Short-term benefits			Post-employment benefits	Other long-term benefits		Termination benefits	Total Remuneration
Remuneration band	Number of highly paid Commonwealth Officers	Average base salary ($)	Average bonuses ($)	Average other benefits and allowances⁴ ($)	Average superannuation contributions ($)	Average long service leave ($)	Average other long-term benefits ($)	Average termination benefits ($)	Average total remuneration ($)
$220,001 - $245,000	7	143,015	6,681	60,869	22,137	2,589	-	-	235,291
$245,001 - $270,000	6	145,352	4,757	80,471	26,523	3,068	-	-	260,170
$270,001 - $295,000	7	107,026	7,878	126,190	17,551	2,452	-	20,758	281,855
$295,001 - $320,000	7	109,955	1,520	168,855	19,829	2,276	-	-	302,435
$320,001 - $345,000	-	-	-	-	-	-	-	-	-
$345,001 - $370,000	3	126,936	380	207,412	20,197	2,054	-	-	356,979
$370,001 - $395,000	12	160,979	1,273	197,510	23,548	2,372	-	-	385,681
$395,001 - $420,000	1	140,600	495	253,172	21,649	3,232	-	-	401,148

Other Benefits and Allowances includes the value of items such as housing (including overseas), motor vehicle allowances, retention bonuses, cost of living allowances (to support members and their families in remote or overseas locations), and any associated Fringe Benefits Tax payable by ASD. This column includes non-cash benefits.

List of Requirements

Table 15: List of requirements

PGPA rule reference	Part of report	Description	Requirement
17AD(g)	Letter of transmittal
17AI	Letter of transmittal	A copy of the letter of transmittal signed and dated by accountable authority on date final text approved, with statement that the report has been prepared in accordance with section 46 of the Act and any enabling legislation that specifies additional requirements in relation to the annual report.	Mandatory
17AD(h)	Aids to access
17AJ(a)	Contents	Table of contents.	Mandatory
17AJ(b)	Index	Alphabetical index.	Mandatory
17AJ(c)	Glossary of abbreviations	Glossary of abbreviations and acronyms.	Mandatory
17AJ(d)	This table	List of requirements.	Mandatory
17AJ(e)	Contact Details	Details of contact officer.	Mandatory
17AJ(f)	Contact details	Entity's website address.	Mandatory
17AJ(g)	Contact details	Electronic address of report.	Mandatory
17AD(a)	Review by accountable authority
17AD(a)	Chapter 1 \| Director-General ASD's overview	A review by the accountable authority of the entity.	Mandatory
17AD(b)	Review of the entity
17AE(1)(a)(i)	Chapter 2 \| Overview of ASD	A description of the role and functions of the entity.	Mandatory
17AE(1)(a)(ii)	Chapter 2 \| Overview of ASD	A description of the organisational structure of the entity.	Mandatory
17AE(1)(a)(iii)	Chapter 2 \| Overview of ASD	A description of the outcomes and programmes administered by the entity.	Mandatory
17AE(1)(a)(iv)	Chapter 2 \| Overview of ASD	A description of the purposes of the entity as included in corporate plan.	Mandatory
17AE(1)(b)	NA	An outline of the structure of the portfolio of the entity.	Portfolio departments mandatory
17AE(2)	NA	Where the outcomes and programmes administered by the entity differ from any Portfolio Budget Statement, Portfolio Additional Estimates Statement or other portfolio estimates statement that was prepared for the entity for the period, include details of variation and reasons for change.	If applicable, Mandatory
	*Annual performance statements*
17AD(c)(i) 16F	Chapter 3 \| Report on performance	Annual performance statement in accordance with paragraph 39(1)(b) of the Act and section 16F of the Rule.	Mandatory
17AD(c)(ii)	Report on Financial performance
17AF(1)(a)	Chapter 3 \| Report on performance	A discussion and analysis of the entity's financial performance.	Mandatory
17AF(1)(b)	Appendix A \| Agency resource statement Appendix B \| Expenses by outcome	A table summarising the total resources and total payments of the entity.	Mandatory
17AF(2)	NA	If there may be significant changes in the financial results during or after the previous or current reporting period, information on those changes, including: the cause of any operating loss of the entity; how the entity has responded to the loss and the actions that have been taken in relation to the loss; and any matter or circumstances that it can reasonably be anticipated will have a significant impact on the entity's future operation or financial results.	If applicable, Mandatory.
17AD(d)	Management and accountability
	*Corporate governance*
17AG(2)(a)	Chapter 4 \| Management and accountability Fraud control and prevention	Information on compliance with section 10 (fraud systems)	Mandatory
17AG(2)(b)(i)	Letter of transmittal	A certification by accountable authority that fraud risk assessments and fraud control plans have been prepared.	Mandatory
17AG(2)(b)(ii)	Letter of transmittal	A certification by accountable authority that appropriate mechanisms for preventing, detecting incidents of, investigating or otherwise dealing with, and recording or reporting fraud that meet the specific needs of the entity are in place.	Mandatory
17AG(2)(b)(iii)	Letter of transmittal	A certification by accountable authority that all reasonable measures have been taken to deal appropriately with fraud relating to the entity.	Mandatory
17AG(2)(c)	Chapter 4 \| Management and accountability Principles, objectives, structures and processes	An outline of structures and processes in place for the entity to implement principles and objectives of corporate governance.	Mandatory
17AG(2)(d) – (e)	NA	A statement of significant issues reported to Minister under paragraph 19(1)(e) of the Act that relates to noncompliance with Finance law and action taken to remedy noncompliance.	If applicable, Mandatory
	*External scrutiny*
17AG(3)	Chapter 4 \| Management and accountability External scrutiny	Information on the most significant developments in external scrutiny and the entity's response to the scrutiny.	Mandatory
17AG(3)(a)	NA	Information on judicial decisions and decisions of administrative tribunals and by the Australian Information Commissioner that may have a significant effect on the operations of the entity.	If applicable, Mandatory
17AG(3)(b)	NA	Information on any reports on operations of the entity by the Auditor-General (other than report under section 43 of the Act), a Parliamentary Committee, or the Commonwealth Ombudsman.	If applicable, Mandatory
17AG(3)(c)	NA	Information on any capability reviews on the entity that were released during the period.	If applicable, Mandatory
	*Management of human resources*
17AG(4)(a)	Chapter 4 \| Management and accountability Human resource management	An assessment of the entity's effectiveness in managing and developing employees to achieve entity objectives.	Mandatory
17AG(4)(b)	Appendix C \| Workforce statistics	Statistics on the entity's APS employees on an ongoing and nonongoing basis; including the following: Statistics on staffing classification level Statistics on fulltime employees Statistics on parttime employees Statistics on gender Statistics on staff location Statistics on employees who identify as Indigenous.	Mandatory
17AG(4)(c)	Appendix D \| ASD's salary classification structure	Information on any enterprise agreements, individual flexibility arrangements, Australian workplace agreements, common law contracts and determinations under subsection 24(1) of the Public Service Act 1999.	Mandatory
17AG(4)(c)(i)	Appendix D \| ASD's salary classification structure	Information on the number of SES and non-SES employees covered by agreements etc identified in paragraph 17AG(4)(c).	Mandatory
17AG(4)(c)(ii)	Appendix D \| ASD's salary classification structure	The salary ranges available for APS employees by classification level.	Mandatory
17AG(4)(c)(iii)	Appendix D \| ASD's salary classification structure	A description of nonsalary benefits provided to employees.	Mandatory
17AG(4)(d)(i)	Appendix D \| ASD's salary classification structure	Information on the number of employees at each classification level who received performance pay.	If applicable, Mandatory
17AG(4)(d)(ii)	Appendix D \| ASD's salary classification structure	Information on aggregate amounts of performance pay at each classification level.	If applicable, Mandatory
17AG(4)(d)(iii)	Appendix D \| ASD's salary classification structure	Information on the average amount of performance payment, and range of such payments, at each classification level.	If applicable, Mandatory
17AG(4)(d)(iv)	Appendix D \| ASD's salary classification structure	Information on aggregate amount of performance payments.	If applicable, Mandatory
	Asset management
17AG(5)	Asset management	An assessment of effectiveness of assets management where asset management is a significant part of the entity's activities.	If applicable, mandatory
	Purchasing
17AG(6)	Chapter 4 \| Management and accountability Property and procurement	An assessment of entity performance against the Commonwealth Procurement Rules.	Mandatory
	*Consultants*
17AG(7)(a)	Chapter 4 \| Management and accountability Property and procurement Consultants	A summary statement detailing the number of new contracts engaging consultants entered into during the period; the total actual expenditure on all new consultancy contracts entered into during the period (inclusive of GST); the number of ongoing consultancy contracts that were entered into during a previous reporting period; and the total actual expenditure in the reporting year on the ongoing consultancy contracts (inclusive of GST).	Mandatory
17AG(7)(b)	Chapter 4 \| Management and accountability Property and procurement Consultants	A statement that “During [reporting period], [specified number] new consultancy contracts were entered into involving total actual expenditure of $[specified million]. In addition, [specified number] ongoing consultancy contracts were active during the period, involving total actual expenditure of $[specified million]”.	Mandatory
17AG(7)(c)	Chapter 4 \| Management and accountability Property and procurement Consultants	A summary of the policies and procedures for selecting and engaging consultants and the main categories of purposes for which consultants were selected and engaged.	Mandatory
17AG(7)(d)	Chapter 4 \| Management and accountability Property and procurement Consultants	A statement that “Annual reports contain information about actual expenditure on contracts for consultancies. Information on the value of contracts and consultancies is available on the AusTender website.”	Mandatory
	*National Audit Office Access Clauses*
17AG(8)	NA	If an entity entered into a contract with a value of more than $100 000 (inclusive of GST) and the contract did not provide the AuditorGeneral with access to the contractor's premises, the report must include the name of the contractor, purpose and value of the contract, and the reason why a clause allowing access was not included in the contract.	If applicable, Mandatory
	*Exempt contracts*
17AG(9)	Chapter 4 \| Management and accountability Property and procurement Exempt contracts	If an entity entered into a contract or there is a standing offer with a value greater than $10 000 (inclusive of GST) which has been exempted from being published in AusTender because it would disclose exempt matters under the FOI Act, the annual report must include a statement that the contract or standing offer has been exempted, and the value of the contract or standing offer, to the extent that doing so does not disclose the exempt matters.	If applicable, Mandatory
	*Small business*
17AG(10)(a)	Chapter 4 \| Management and accountability Property and procurement Small business	A statement that “[Name of entity] supports small business participation in the Commonwealth Government procurement market. Small and Medium Enterprises (SME) and Small Enterprise participation statistics are available on the Department of Finance's website.”	Mandatory
17AG(10)(b)	Chapter 4 \| Management and accountability Property and procurement Small business	An outline of the ways in which the procurement practices of the entity support small and medium enterprises.	Mandatory
17AG(10)(c)	Chapter 4 \| Management and accountability Property and procurement Small business	If the entity is considered by the Department administered by the Finance Minister as material in nature—a statement that “[Name of entity] recognises the importance of ensuring that small businesses are paid on time. The results of the Survey of Australian Government Payments to Small Business are available on the Treasury's website.”	If applicable, Mandatory
	*Financial Statements*
17AD(e)	Chapter 5 \| Financial statements	Inclusion of the annual financial statements in accordance with subsection 43(4) of the Act.	Mandatory
17AD(f)	Other mandatory information
17AH(1)(a)(i)	Chapter 4 \| Management and accountability Property and procurement Advertising	If the entity conducted advertising campaigns, a statement that “During [reporting period], the [name of entity] conducted the following advertising campaigns: [name of advertising campaigns undertaken]. Further information on those advertising campaigns is available at [address of entity's website] and in the reports on Australian Government advertising prepared by the Department of Finance. Those reports are available on the Department of Finance's website.”	If applicable, Mandatory
17AH(1)(a)(ii)	Chapter 4 \| Management and accountability Property and procurement Advertising	If the entity did not conduct advertising campaigns, a statement to that effect.	If applicable, Mandatory
17AH(1)(b)	Chapter 4 \| Management and accountability Property and procurement Grants	A statement that “Information on grants awarded by [name of entity] during [reporting period] is available at [address of entity's website].”	If applicable, Mandatory
17AH(1)(c)	Chapter 4 \| Management and accountability Property and procurement Disability reporting	Outline of mechanisms of disability reporting, including reference to website for further information.	Mandatory
17AH(1)(d)	Chapter 4 \| Management and accountability Property and procurement Information Publication Scheme	Website reference to where the entity's Information Publication Scheme statement pursuant to Part II of FOI Act can be found.	Mandatory
17AH(1)(e)	NA	Correction of material errors in previous annual report	If applicable, mandatory
17AH(2)	NA	Information required by other legislation	Mandatory

Glossary of Abbreviations

Table 1: Glossary of abbreviations used in the 2018-19 ASD Annual Report

Term	Meaning
ACSC	Australian Cyber Security Centre
ADF	Australian Defence Force
AEC	Australian Electoral Commission
APCERT	Asia-Pacific Computer Emergency Response Team
APS	Australian Public Service
ASD	Australian Signals Directorate
ASDARC	Australian Signals Directorate Audit and Risk Committee
ASL	Average Staffing Levels
ATSI	Aboriginal and Torres Strait Islander
ATSI@ASD	Aboriginal and Torres Strait Islander Network at ASD
ASD+	LGBTIQ+ Network at ASD
CALD	Culturally and Linguistically Diverse
CPR	Commonwealth Procurement Rules
C1	First National Cyber Crisis
DDGCC	Deputy Director-General Corporate Capability
DG	Director-General
DGASD	Director-General Australian Signals Directorate
DTIC	Data, Technology and Infrastructure Committee
EL	Executive Level
EOFY	End of Financial Year
EPC	Enterprise Performance Committee
FoI Act	Freedom of Information Act 1982
FTE	Full-time Employee(s)
GST	Goods and Services Tax
HR	Human Resources
ICT	Information and Communications Technology
IGIS	Inspector-General of Intelligence and Security
ISA	Intelligence Services Act 2001
IWD	International Women's Day
JCSC	Joint Cyber Security Centre
KMP	Key Management Personnel
LGBTIQ	Lesbian, Gay, Bisexual, Transgender, Intersex and Queer
MoG	Machinery of Government
MRC	Management Review Committee
NAIDOC	National Aborigines and Islanders Day Observance Committee
NIC	National Intelligence Community
PaCSON	Pacific Cyber Security Operational Network
PDDG	Principal Deputy Director-General
PFADS	Performance Feedback Assessment and Development Scheme
PGPA Act	Public Governance Accountability and Performance Act 2013
PID Act	Public Interest Disclosure Act 2013
PJCIS	Parliamentary Joint Committee on Intelligence and Security
PSPF	Protective Security Policy Framework
RAP	Reconciliation Action Plan
SES	Senior Executive Service
SIGINT	Signals Intelligence
SME	Small and Medium Enterprises
STEM	Science, Technology, Engineering, and Mathematics
WHS Act	Work Health and Safety Act 2011
5G	5^th Generation

Letter of transmittal

Chapter 1 | Director-General ASD's overview

Chapter 2 | Overview of ASD

Purpose

Organisational structure 2018–19

Chapter 3 | Report on performance

Annual performance statements

Introductory statement

ASD's performance

Foreign signals intelligence – performance analysis

Cyber security services – performance analysis

Case study 1: Malicious intrusion into the Australian Parliament House computer network

Case study 2: Whole of Government Cyber Uplift for Federal Government systems

Case study 3: Support to the Australian Electoral Commission (AEC)

Case study 4: 5G policy

Partnerships and engagements

Offensive cyber operations – performance analysis

Report on financial performance

Chapter 4 | Management and accountability

Corporate governance

Principles, objectives, structures and processes

Corporate Plan

ASD Governance Framework

Executive Committee

Management Review Committee

Audit and Risk Committee

Enterprise Performance Committee

Data, Technology and Infrastructure Committee

People Committee

Finance Committee

Ethical framework

Fraud control and prevention

Risk management

External scrutiny

Parliamentary Joint Committee on Intelligence and Security

Senate Standing Committee on Foreign Affairs, Defence and Trade

Inspector-General of Intelligence and Security

Briefings to the Leader of the Opposition

People capability

Human resource management

Recruitment

Entry-level programs

Learning and development

Diversity and inclusion

Reconciliation – Indigenous talent attraction and development

Domestic and family violence

Flexible working arrangements

Work health and safety

Performance management

ASD Determination

Grievances process

Security

Portfolio management

ICT shared services delivery

Property and procurement

Property

Asset management

Procurement

Consultants

Exempt contracts

Small business

Advertising

Grants

Disability reporting

Information Publication Scheme

Non-compliance with finance law

Electoral expenses

Ecologically sustainable development and environmental performance

Chapter 5 | Financial statements

STATEMENT OF COMPREHENSIVE INCOME

STATEMENT OF FINANCIAL POSITION

STATEMENT OF CHANGES IN EQUITY

Accounting Policy

CASH FLOW STATEMENT

ADMINISTERED SCHEDULE OF COMPREHENSIVE INCOME

ADMINISTERED SCHEDULE OF ASSETS AND LIABILITIES

ADMINISTERED RECONCILIATION SCHEDULE

Accounting Policy

ADMINISTERED CASH FLOW STATEMENT

Overview - Notes to the financial statements