Integrity maturity self-assessment guide and frequently asked questions

The framework provides accessible information to support entities to implement effective integrity frameworks tailored to their risk profiles, size and contexts. Entities can also use it to help put in place action plans to uplift their integrity maturity.

The maturity model is designed for broad use across all Commonwealth entities wishing to assess their integrity maturity.

Please refer to our Self-Assessment Guide for detailed information on undertaking a self-assessment. Basic principles for self-assessment include:

• Participative assessment and evidence: involve a cross-section of employees and gather evidence to support assessment against the maturity indicator elements.
• Risk assessment: identify integrity threats and vulnerabilities associated with the entity’s mandate, powers and functions, and consequent integrity risks.

Various resources are available, including Towards Integrity Maturity: Mapping the Commonwealth Integrity Landscape, the 8 Integrity Principles and Maturity Indicators and the Integrity Maturity Index.

No. Integrity maturity self-assessment is optional.

Entities are free to decide how to use the integrity maturity resources. However, entities that undertake a maturity assessment are encouraged, under Principle 8, to undertake:

Reporting and decision making on recommendations to reach desired maturity levels, and to sustain a culture of integrity where institutional systems, policies and practices are purposeful, proportionate, legitimate and trustworthy.

Entities are free to choose to whom they provide the results of maturity assessments.

Principle 4: Manage Risk and Develop a Positive Risk and Pro-integrity Culture encourages entities to communicate and consult about risk in a timely and effective manner to internal and external stakeholders; and share risks, risk treatments and capabilities with other Commonwealth entities.

No. However, entities are encouraged to consider involving other entities in integrity maturity assessments, and to share risks, risk treatments and capabilities with other Commonwealth entities. This avoids positivity bias and promotes shared learning.

No. In some circumstances entities may be satisfied with lower levels of maturity, provided that integrity risks are: well understood, effectively managed under current arrangements, consistent with the entity’s risk appetite, and consistent with mandatory obligations (e.g. under the PGPA Act).

This project has drawn together various Commonwealth statutory obligations and policies relevant to organisational integrity. Some of these elements have existing maturity models (e.g. PSPF and Commonwealth Risk Assessment Policy). The project has also drawn from the Australian Public Service Commission’s Integrity Metrics Maturity Model and Western Australian Public Sector Commission’s Integrity Framework Maturity Self-Assessment Tool.

Various maturity models were reviewed to achieve a workable balance between simplicity and completeness. Other Commonwealth agencies also use a 4-level model, including AGD (PSPF) and the Defence Signals Directorate (Essential Eight Cyber Maturity Model). The Western Australian Public Sector Commission’s Integrity Framework Maturity Self-Assessment Tool has informed the development of this project and uses a 4-level maturity model.

One of the functions of the Commission is to support corruption prevention among Commonwealth agencies. The Commonwealth Integrity Maturity Framework assists agencies to review and uplift their integrity frameworks.