Issue number:
Date Issued:
23 Sep 2017
Issued to:
Health portfolio entities, Responsible Bodies (The Board), Accountable Officers (Chief Executive Officers and Chief Finance Officers).
To inform health portfolio entities of these obligations and to support them in performing and complying with these functions: particularly in the areas of financial management, performance and governance arrangements, to meet mandatory reporting requirements and to certify compliance.


Health portfolio entities, Responsible Bodies (The Board), Accountable Officers (Chief Executive Officers and Chief Finance Officers).

This guidance is not exhaustive, and aims to highlight the broader mandatory reporting requirements of portfolio entities, and to support them by providing useful information on managing and adopting best practice principles to prevent and minimise instances of fraud and corruption in the public health sector.


Public hospitals are required to comply with directions and standards issued under the Financial Management Act 1994, the Public Administration Act 2004 and any directions that may be issued from time to time by either the Minister for Finance, or the Secretary of the Department of Health and Human Services. The purpose of this guidance is to inform health portfolio entities of these obligations and to support them in performing and complying with these functions: particularly in the areas of financial management, performance and governance arrangements, to meet mandatory reporting requirements and to certify compliance. 

Portfolio entities are required to table and minute this paper at both the Board, and Audit and Risk Committee meetings of the health service. The department may require the health service to confirm this action.  


Each public entity (responsible body) is accountable to its Responsible Minister for its own financial management and for reporting on the resources it uses. The Responsible Body is required to establish appropriate and effective financial governance and oversight arrangements and regularly review the effectiveness of those arrangements.

The Department of Treasury and Finance (‘DTF’) is responsible for supporting the Treasurer and the Minister for Finance in discharging their accountability to Parliament for the overall financial management performance of the State and the Government’s obligations under the Financial Management Act. The Financial Management Act sets the financial management accountability, reporting and financial administration obligations of the Government and the Victorian public sector.

The Public Administration Act 2004 and the Financial Management Act 1994 provide a legislative framework to guide the governance and financial management of Victoria’s public sector bodies. Many other Acts, such as the Corporations Act, will also apply and their specific application is dependent on the legal form of the public sector body.

The Financial Management Act 1994 affects public entities in a number of ways, with regard to their administrative arrangements, accountability requirements and specific directions from the Minster for Finance in respect of financial management matters. The accountability and reporting requirements within the Act apply to departments and ‘public bodies’. The Financial Management Act 1994 applies to all public sector health services. The Chief Executive Officer is the accountable person under the Financial Management Act 1994 and he or she is required to appoint a chief finance and accounting officer (ss. 42 and 43). The Financial Management Act 1994 also requires health services, among other things, to:

  • maintain a register of assets (s. 44B)
  • keep proper accounts and records of financial transactions (s. 44)
  • provide the Minister of Finance with any information requested (s. 44A)
  • prepare an annual report of operations and financial statements (s. 45).

Standing Directions are issued by the Minister for Finance under section 8 of the Financial Management Act 1994. They specify public sector agency responsibilities for establishing standards for financial management accountability, governance, performance, sustainability, reporting and practice for Agencies. Accountability for specific requirements in these Directions is generally linked to one of the three key financial management governance positions within an agency, namely the Responsible Body (for example, the board), Accountable Officer (for example, the Chief Executive Officer) or Chief Finance Officer. 

Standing Direction 2 (roles and responsibilities) provides an overview of the roles of the Responsible Body, the Accountable Officer and the Chief Finance Officer. Under these arrangements:

  • The Responsible Body is ultimately responsible for the Agency's financial management, performance and sustainability, and is responsible to the Responsible Minister;
  • The Accountable Officer is responsible to the Responsible Body, and in some respects to the Responsible Minister;
  • The Chief Finance Officer is responsible to the Accountable Officer, and in some respects to the Responsible Minister; and
  • Responsible Bodies, Accountable Officers and Chief Finance Officers have various responsibilities to their Agency, to their Portfolio Department or Portfolio Agency, and to DTF.

The Standing Directions further regulate in detail the responsibilities and functions of each level of the responsible body (2.2) and responsible officers (2.3 and 2.4). These positions are likely to delegate implementation of certain requirements to Agency officers under Direction 3.3. However, ultimate accountability for the requirements still remains with the position specified in the Direction.

Section 3 of the Standing Directions particularly relate to governance arrangements. 

DTF has issued instructions to agencies in supporting the Standing Directions. The Instructions provide further advice on Internal control system (3.4); Fraud, Corruption and Other Losses (3.5); Purchasing and prepaid debit card use and administration (3.6); Managing specific risks - Business continuity planning, indemnities and Immunities (3.7); Treasury and investment risk management policies (; Borrowings, investments and financial arrangements (; Acquisition of assets, goods and services (4.2.1); Financial management compliance (5.1). 

The Standing Directions also address the role and responsibilities of the Audit Committee. Among other things, the role of the Audit Committee (Standing Direction 3.2.1) is to independently review and assess the effectiveness of the Agency’s systems and controls for financial management, performance and sustainability, including risk management.

The internal audit function is an important source of information and assurance for the audit committee on an agency’s performance and risk management activities. Under the Standing Directions, the audit committee has a key role in directing and reviewing the work of the agency’s internal audit function.

An Agency’s responsible body  must establish and maintain authorisations covering the creation of financial liabilities and obligations (Standing Direction 3.3 and subsections). The guidelines also provide assistance for health services to monitor, audit, identify and implement processes to both prevent and reduce the potential for fraudulent or corrupt practices.

Key areas of focus

1. Separation of financial functions

All responsible bodies generally have separation of delegations and responsibilities. This is to ensure that best practice principles are adopted and to minimise the exposure to financial mismanagement either by intent or through oversight. Separating the record keeping functions from the cash handling side ensures that the risk is minimised as fraud will require collusion between the two parties. This separation does not remove the risk but minimises the exposure to fraudulent activity.

To avoid doubt, the Chief Executive Officer must NOT approve financial transactions where the CEO has a conflict of interest or where it may be seen to be a potential conflict of interest, or where the approval might confer a personal benefit. Examples of such expenditure or personal benefit  includes all expense reimbursement claims, conference fees, educational expenses, travel expenses, advances, membership fees, items that could be used personally, and items that are intended to be located within an individual’s home.

It is recommended for best practice that in certain situations, projects (such as major infrastructure and capital investment projects) should have board oversight and governance arrangements  outside of the usual procurement processes.  

A recent VAGO report  found that poorly defined governance structures with unclear roles and responsibilities have hampered project management and oversight. 

To avoid subversion of the established procurement policies and processes,  project governance and management structures should have board oversight  throughout the life of a project.  

2. Compliance and reporting

Standing Direction 5 addresses the Responsible Body’s financial management and compliance attestation requirements.  The Direction requires that the Responsible Body must in the Agencies’ Annual Report, attest to compliance with applicable requirements in the Financial Management Act, the Standing Directions and the Instructions, and disclose all Material Compliance Deficiencies. 

The Audit Committee must review the attestation and compliance for the entire period of the relevant financial year. 

3. Preventing corruption

IBAC  has suggested the adoption and introduction of control measures to address deficiencies in systems and controls to minimise the threat of organised crime groups cultivating contacts within the public sector to access information, influence decisions and manipulate systems. Suggested measures include introducing a declarable associations policy, pre-employment checks and revalidating employees, increasing training to staff that addresses corruption risks and ethical dilemmas, and the conduct of routine audits.

Entities should vet candidates appropriately during recruitment with the depth of pre-employment screening to be commensurate with the levels of access and sensitivity of each position, employees security clearances should be re-validated at regular and or random intervals and ensure that employees moving from one position to a position entailing increased levels of access and sensitivity  are subject to further vetting and suitability processes commensurate with the new position.

4. Procurement

Outer budget agencies and local government are not mandated to comply with the Victorian Government Purchasing Board (VGPB) policy. However, they are encouraged to apply best practice procurement policies and processes.

Health Purchasing Victoria (HPV) is an independent statutory authority under Section 129 of the Health Services Act 1988, to improve the collective purchasing power of Victorian public health services and hospitals in the procurement of health-related goods, services and equipment. A public hospital must comply with an HPV direction that applies to it.

Mandated health services are required to complete an annual attestation to the HPV Health Purchasing Policies in their health services’ annual report of operations and must be completed by the health service CEO.

5. Asset Management Accountability Framework

Like Sustaining Our Assets, the Asset Management Accountability Framework (AMAF) is premised on a non-prescriptive, devolved accountability model of asset management. This allows public sector bodies to manage their assets in a manner that is consistent with government requirements, their own specific operational circumstances and the nature of their asset base. Mandatory requirements include developing asset management strategies, governance frameworks, performance standards and processes to regularly monitor and improve asset management.

Secretaries and public sector boards, must attest to their agency’s compliance with the mandatory requirements of the AMAF in their annual report from 2017-18 and, every three years, self-assess their organisation's asset management maturity.

The Victorian Department of Treasury and Finance has issued guidance material on asset management which also includes acquisition, maintenance and disposal of assets. The resource material is found at What is asset management?  

6. Register of assets

Under the Public Administration Act 2004 (s. 81(1)(b)), a board of a public entity governed by Division 2 of Part 5 of the Act must inform the responsible minister and the relevant departmental secretary of:

  • known major risks to the effective operation of the public entity
  • the risk management systems that it has in place to address those risks.

A board is required to maintain a register of assets held or managed by it and to develop and keep under review a risk management strategy (s. 44B of the Financial Management Act 1994 and s. 23 of the Victorian Managed Insurance Authority Act 1996).

The Victorian Managed Insurance Authority (the VMIA) receives a copy of these documents at intervals determined by the VMIA, together with a report on implementation of the public entity’s risk management strategy. The VMIA reports to the minister and the public entity on the adequacy of the register, the risk management strategy and the risk report.

7. Portable and attractive items

Some items may be categorised as ‘Portable and Attractive Items’. These items are identified as such due to their nature. That is, these items are likely to be non site specific and easily transportable, hence subject to loss and  misappropriation. While their value may be small, they are required to be monitored and recorded for tracking and control purposes. 

  • Portability increases the risk that an item may be lost or misplaced;
  • attractiveness increases the risk that an item may be misappropriated.

An item of equipment is deemed as portable and attractive if it:

  • is not required to be recorded as a fixed asset for financial management purposes;
  • has an operational life of more than 12 months; and
  • is considered to be at risk of loss or theft.

The purpose of recording and tracking portable and attractive items during their lifecycle is to provide additional control over their custody and disposal. 

The need for additional control arises from the qualitative characteristics of the items:

Portable and attractive items must be labelled with barcode labels and must be included in the annual fixed asset stocktake. Additionally, items forming part of a pool of items available for loan to staff within a business unit are subject to local audit by the asset controller.

When portable and attractive items are loaned, the asset status and details of the loaned item must be recorded and include:

  • the name of the person borrowing the item;
  • the date the item was loaned;
  • the date the item is to be returned.

8. Disposal of assets

The disposal of assets is a key consideration in the forward planning of any procurement activity. Assets of (or belonging to, or in the care, custody, or control of) an organisation are to be disposed of in a way that takes into account probity, security, sustainability and transparency, as well as environmental and social factors. An organisation must develop and apply an asset disposal process that details:

  • parties/business unit responsible for managing the process;
  • disposal options appropriate to the nature of the asset and broader government objectives;
  • management of issues of risk, liability, safety and security;
  • the process for keeping the organisation's assets register up to date; and
  • issues of risk, liability, safety and security associated with the use of the asset by other parties when transferring an asset to another location or entity.

If the evaluation of disposal options does not warrant modification to extend the life of the asset or transferring it to another party or recycling, the asset must ordinarily be disposed of by way of public auction or public tender. An alternative approach must be sought where cost of disposal process exceeds residual value of the asset.

9. Conflict of interest and declarable associations

The Victorian Public Sector Commission (VPSC) has released material designed to assist organisations in the management of conflict of interest. Conflict of interest is regularly identified as an issue that undermines confidence in an entity’s operations and adversely impacts an entity’s reputation. The VPSC’s website provides a model conflict of interest policy, declaration of private interest form and conflict of interest form for adoption by entities.

IBAC also suggests the introduction of policies around the identification and reporting of declarable associations/relationships that may be incompatible with an employee’s professional responsibilities. Entities should consider making it compulsory for employees to identify, declare and manage associations they may have when they are recruited, periodically through their employment and introduce clear consequences for staff failing to declare an association. Entities may consider introducing mandatory declarable associations as an addition to their existing conflict of interest policy or as an amendment to the VPSC’s model conflict of interest policy and associated templates. Declaring associations helps maintain the credibility of an employee and of the public body as a whole and reduces risks to a public body’s operational integrity.

IBAC have identified that the longer an employee has been in service of an organisation, the more scrutiny that should be given to the employee’s associations. This should include an annual self- reporting declaration of known or perceived associations that could expose the employee to risk or a declared conflict of interest.

Public bodies should provide clear policies around conflict of interest and declarable associations with a structured and centralised system of recording and managing such declarations.

10. Mandatory notifications to IBAC

In December 2016, IBAC introduced mandatory notifications pursuant to section 57 of the Independent Broad-based Anti-corruption Commission Act 2011 (Vic). This requires the head of departments, public bodies and councils to make a mandatory notification to IBAC when there are reasonable grounds to suspect corruption is occurring or has occurred in the workplace. IBAC’s website provides further information on this legislative obligation and how it should be implemented in practice. Entities should assess whether they are required to make reports to IBAC in accordance with mandatory notification obligations.

Guidance material

Victorian Public Service Commission 

The Public Administration Act establishes the Victorian Public Sector Commission (VPSC). A key role of the VPSC is to help maintain public sector integrity. The VPSC has developed a good practice guide for Victorian public sector entities. The guide provides advice on good governance, accountability and performance to assist public entities to perform and carry out their functions efficiently and effectively. 

The VPSC has also developed binding Codes of Conduct applicable to the Victorian Public Sector Employees, Public Sector Employees of Special Bodies, and for the Boards of Victorian Public Entities.

Victorian Health Services Governance handbook

The department has developed  the Victorian Health Services Governance handbook (a resource for Victorian health services and their boards) to assist health services and their boards in performing their roles. The handbook includes statutory obligations under relevant Acts such as the Health Services Act 1988, the Financial Management Act 1994, the Audit Act 1994, and other policy and administrative directions.

Guidelines for CEO and Executive Business Expense Policy

The department is developing guidelines for CEO and Executive Business Expense Policy to assist health services implement best practice policies for the approval and reimbursement of business expenses by executive staff. The guidelines will reference existing materials, including Victorian Public Service Commission policies and the Victorian Health Services Governance handbook, and provide guidance to ensure the consistent application of these polices across health services. These will be circulated once finalised and approved.

IBAC's website

IBAC’s website provides information about mandatory notifications, protected disclosures, preventing corruption and information about IBAC’s role.

The Protected Disclosure Act

The purpose of the Protected Disclosure Act is to:

  • encourage and facilitate disclosures of improper conduct and detrimental action made in reprisal by public officers and public bodies
  • provide protection for people who make disclosures or who may suffer detrimental action in reprisal for those disclosures
  • provide confidentiality of the content of disclosures and the identity of people who make them.

Who can make a disclosure?

Any individual or group of individuals may make a disclosure.

What can I make a disclosure about?

You may make a disclosure about the improper conduct and/or detrimental action taken by public bodies or public officers performing public functions. This includes the department, its offices and agencies as well as statutory authorities in the portfolio of the department.

Improper conduct is defined as 'Corrupt conduct or Specified conduct that is not corrupt conduct but that, if proved, would constitute a criminal offence or provide reasonable grounds for dismissing or dispensing with, or otherwise terminating, the services of the officer engaged in the conduct'.

How do I make a disclosure?

Independent Broad-based Anti-corruption Commission (IBAC)

Use the IBAC online complaint form

Call 1300 735 135

In person: level 1, North Tower, 459 Collins Street, Melbourne

If your disclosure is about a ministerial officer or a statutory entity or office within the department's portfolio, you should contact IBAC.


Greg Stenton
Chief Finance Officer
Corporate Services