Australian Government logo

Annual Report

Annual Report 2016


In this section


The CSC Board aspires to achieve best practice and to be a leader in governance policy and practice.

The Board’s governance framework includes the following policies:

  • Board Charter
  • Board Performance Evaluation
  • Board Renewal Policy
  • Fit and Proper Policy
  • Governance Statement
  • Outsourcing Policy
  • Conflicts Management Framework and Policy
  • Whistleblower Protection Policy.

All policies except for the Conflicts Management Framework and Policy are available on the CSC website at

This section details CSC’s regulatory requirements, approach to financial management and risk management, compliance program, and the fraud control and internal audit measures in place.

Regulatory requirements

CSC is established under the GAGSS Act and is responsible for the super schemes covered in this report. CSC’s objectives and functions as set out in its governing legislation are outlined in the About CSC section of this report. CSC’s governing legislation also establishes accountability arrangements for CSC, including annual reports to the Parliament and audited financial statements.

CSC is a holder of a Registrable Superannuation Entity (RSE) licence and an Australian Financial Services (AFS) licence, meaning it is regulated by the Australian Securities and Investments Commission under the Corporations Act 2001 and the Australian Prudential Regulation Authority under the Superannuation Industry (Supervision) Act 1993. CSC must uphold the conditions of both licences and comply with financial services law.

CSC is also bound by provisions of the various acts and deeds that establish and govern its schemes. The regulated schemes must be managed and invested in accordance with the CSS Act, the PSS Act, the MilitarySuper Act and the PSSap Act, together with the relevant trust deeds under these Acts.

The unregulated schemes are established by and must be administered in accordance with the 1922 Act, the DFRB Act, the DFRDB Act, the PNG Act, and the ADF Cover Act, as relevant.

Financial management

CSC’s finances are managed in accordance with the PGPA Act, CSC’s governing legislation and relevant scheme legislation. A Board approved budget is in place and the Board has delegated authority to make and implement certain financial decisions to individual staff.

Risk management

CSC has a comprehensive Risk Management Strategy which describes CSC’s strategy for managing risk and the key elements of its risk management framework. CSC’s Strategy meets APRA’s requirements under Prudential Standard SPS 220 and is supported by CSC’s Risk Appetite Statement. Both the Strategy and Statement are reviewed at least annually and updated as required.


A detailed compliance program underpins CSC’s Risk Management Strategy, satisfying the requirements of CSC’s AFS licence. Staff and service providers must submit positive certification that they are compliant with all relevant legislative requirements, contractual provisions, regulatory policy and service standards, as well as any relevant licence conditions. Any instance of non-compliance must be reported.

The Audit and Risk Management Committee oversees compliance reporting, including remediation if a breach has occurred. CSC has a Breach and Compliance Policy that describes CSC’s requirements for compliance and breach reporting, which is provided to CSC’s service providers.

Fraud control

CSC has a Fraud Control and Corruption Plan in place which was reviewed during the year and meets the Commonwealth Fraud Control Guidelines.

Internal audit

The Audit and Risk Management Committee agrees an annual internal audit plan. In drawing up the plan, the Committee takes into account previously identified risks, the results and recommendations of previous internal and external audits, legislative and regulatory changes and requirements, and anticipated business changes. Audits can be initiated at any time by the Board or the Audit and Risk Management Committee to address changes to business priorities or to CSC’s risk profile.