Governance is how we organise and prioritise our people and resources to make decisions, create opportunity, manage risk, remain accountable and drive performance to achieve our purpose.
Customer complaints management
We are committed to responding to customer complaints in an accountable, transparent, timely and fair way that is compatible with human rights.
In accordance with our customer complaint management framework, policy and procedure, we aim to resolve customer complaints as quickly as possible at the point where the complaint is received. Complaints provide us with important insights into our service delivery and decision-making approach and offer opportunities to improve.
Further information and resources about how customer complaints are managed, including a report on customer complaints for 2024–25, are available on the
customer complaints page.
Human rights
We are committed to sustaining a culture that protects and promotes human rights. In 2024–25 we furthered the objectives of the
Human Rights Act 2019 (Qld) by:
- refreshing the department's Human Rights Framework to further strengthen human rights understanding across our divisions, regions and schools
- reviewing and delivering training to deepen staff human rights capability and understanding. This included review of mandatory staff training and delivery of
- targeted introduction to human rights sessions to regions and divisions
- all-staff training sessions facilitated by the Queensland Human Rights Commission
- targeted decision-making training for beginning and aspiring principals to support consideration of human rights as part of all decision-making.
- developing improved human rights guidance and templated resources for departmental policies and procedures to ensure information is clear and consistent to support staff to meet their responsibilities.
Human rights complaints
As a large service delivery agency, our decisions shape the future of young Queenslanders and provide opportunities to embed a strong culture that respects, protects and promotes human rights through review and continuous improvement.
During the reporting period, we received 1,880 human rights complaints with 41 assessed as upheld/substantiated (either in full, or in part) and incompatible with human rights.
Complaints assessed as incompatible with human rights remained low at 2% of total human rights complaints received by the department. All human rights complaints were managed in accordance with our complaints policies and procedures. Actions taken for substantiated complaints in 2024–25 included giving an apology, changing a practice or process, or referring the issue for further investigation or system improvement.
Charter of Victims' Rights complaints
We are committed to supporting and upholding the rights of victims of violent crime through our response to managing Charter of Victims' Rights (Victims' Charter) complaints.
The department has taken the following steps to build an understanding and staff capability to manage these complaints:
- amended complaints and grievances policies and procedures and developed a guideline to help staff identify, manage and record Victims' Charter complaints
- delivered information sessions to complaints officers across the department
- made amendments to complaint management systems to enable reporting.
No Victims' Charter complaints were received in 2024–25.
Information systems and recordkeeping
All staff are responsible for managing the safe transport, storage of and access to departmental information. Our Information asset and recordkeeping procedure (IARP) outlines the requirements and responsibilities for establishing and maintaining full and accurate records of the department's business activities. The procedure is supported by a range of resources that assist staff in their records management compliance, including:
- information privacy, information security, recordkeeping and Right to Information modules in our keys to managing information online learning course
- records management Mandatory All Staff Training modules
- a training portal, designed to provide quick and easy to use materials about our records management system
- Queensland State Archives interactive web-based training.
Our IARP is aligned to the Queensland Government's enterprise architecture policies, standards and best practice guidelines, including the records governance policy, information security policy (IS18:2018) and metadata management principles.
In 2024–25, the department ended a suspension on records disposal that had been in place since 2013. Additional resources were developed to support staff in managing records accumulated during the records disposal freeze, including guides, tools and online and in-person training.
This support empowers schools to independently manage their appraisal and disposal processes, ensuring adherence to the legislative requirements outlined in the
Public Records Act 2023 (Qld) while also streamlining administrative processes. The resources guide schools in transitioning from physical record storage to management of records in digital formats, including the digitisation of existing physical records to align with contemporary record-keeping standards.
Throughout 2024–25, training was delivered to 1,072 participants across 643 schools and 136 business units. This included presentations at the department's i-Educate 2024 conference and the School Business Managers Association of Queensland conference.
Information security attestation
During the mandatory annual information security reporting process, the Director-General attested to the appropriateness of the information security risk management within the department to the Queensland Government Chief Information Security Officer, noting that appropriate assurance activities have been undertaken to inform this opinion and the department information security risk position.
During 2024–25, the department implemented the following information security initiatives:
- launched our new cyber security plan 2024–28 to safeguard staff and minimise the risk and impact of cyber security incidents across the department
- completed an annual information security annual return audit in alignment with the updated ISO 27001:2022 standard, enabling a focused approach to implementing enhanced information security controls
- commenced a major Identity and Access Management (IAM) uplift project to strengthen IAM capabilities, including integration with the Queensland Government 'TellUsOnce' service
- continued preparations for the rollout of Multi-Factor Authentication to strengthen access security
- participated in multiple cyber incident readiness activities, including Exercise 'Sky Scriber' and Exercise 'Cyber Storm'
- improved cyber security operations capabilities, enabling earlier detection of potential cyber incidents
- established a cyber security community of practice to continue to build a security-focused mindset, encourage information sharing and promote best practice across the department.
Risk management
We are committed to balancing risk with opportunity to deliver high-quality outcomes for children, students, our workforce and Queensland communities.
The department's Enterprise Risk Management Framework (ERMF) is a comprehensive approach to identifying, assessing and treating risk based on the department's risk appetite within the context of our risk environment. The framework supports staff to better understand risk and be more confident in applying it to their daily work and decision-making.
Risk management information was reported quarterly to our Executive Leadership Team (ELT),
Audit and Risk Management Committee (ARMC) and Strategic Governance Committees to support the delivery of good governance and accountable decision-making as required under the Financial and Performance Management Standard 2019 (Qld).
Our enterprise risk management policy supports the department's approach to risk management as set out in the ERMF and is compliant with the Australian Standard on risk management—guidelines (AS/NZS ISO 31000:2018). Our Enterprise risk management procedure sets out a consistent approach for managing risk at an enterprise level across the department.
In 2024–25, we strengthened our risk management approach by completing a comprehensive review of the ERMF, policy and procedure to ensure it remains aligned to best practice and is fit-for-purpose.
Further information including the ERMF, policy and procedure, are available on the
Policy and Procedure Register website.
Further information on our ELT and strategic governance committees is available in
Appendix A.
Business continuity management
Recovering from disruptive events and restoring business as usual functions is crucial to delivering quality early childhood, a high-performing education system and supporting a vibrant arts and cultural sector for Queensland.
The continuity, disaster and emergency management framework and continuity, disaster and emergency management policy outline our approach to managing risks related to disruptive events across the prevention, preparedness, response and recovery management phases.
Our business continuity management approach is focused on minimising the impact of disruptive events on our critical objectives, and effectively supporting the continuation and return to normal operations.
The start of 2025 presented significant challenges for Queensland's teachers, staff, students and parents/carers as most of the state endured a series of severe weather events. These events disrupted communities, damaged infrastructure and placed considerable strain on schools, staff and families.
As part of our focus on continuous improvement, we conducted reviews of our response to the February 2025 flood event in North Queensland and Tropical Cyclone Alfred. The reviews found that the department managed both events effectively and identified opportunities for improvement for future events.
Audit and Risk Management Committee
The ARMC provided independent advice to the Director-General to help fulfil their responsibilities under the
Financial Accountability Act 2009 (Qld).
The ARMC met 6 times in the financial year and considered all audit recommendations by the Queensland Audit Office (QAO) in line with its terms of reference.
A full list of QAO audits relevant to the department is included within the
external oversight section.
Information on the ARMC's role, functions, membership, remuneration and achievements is included in the table below:
| Functions | The ARMC provides independent audit and risk management advice to the Director-General, as a requirement under section 35 of the Financial and Performance Management Standard 2019 (Qld). |
|---|
| Achievements | - Reviewed and endorsed the department's financial statements for 2023–24.
- Noted the Chief Finance Officer Statement of Assurance for 2023–24.
- Endorsed the Mid-Year Review of the 6+6 Month Audit Plan 2024–25 in November 2024 and March 2025.
- Reviewed and endorsed the Internal Audit Charter, and monitored Internal Audit's performance measures during the year.
- Reviewed the external gap analysis against the new Global Internal Audit Standards and monitored the implementation of the recommendations.
- Retained oversight of the implementation status of overdue audit actions from Internal Audit and QAO.
- Reviewed and maintained oversight of key risks to the department.
- Reviewed and endorsed the department's Information Security Annual Return and the supporting external assurance review, as well as monitored the department's progress towards implementing the Information Security Management System recommendations and actions.
- Attended various meetings with stakeholders during the year including meeting with new departmental executives.
- Recruited and inducted new external members to the committee.
|
|---|
Remuneration
| Helen Moore, Chair | 6 | $18,000 pa | $18,000 pa |
| Marie Kavanagh, Member | 6 | $12,000 pa | $12,000 pa |
| Shaun Conroy, Member | 6 | $12,000 pa | $12,000 pa |
| Inma Beaumont, Member | 6 | $12,000 pa | $12,000 pa |
| Mark Fenton, Member | 5 | $12,000 pa | $12,000 pa |
Notes:
- Number of scheduled meetings/sessions: 6
- Total out of pocket expenses: $0
Internal audit
Internal Audit contributed to improving service delivery by identifying opportunities to enhance and strengthen our processes and internal control environment, with independent, risk-based and objective assurance, advice and insight. Internal Audit's focus included frontline service delivery areas, information systems and programs and projects.
Internal Audit's activities were guided by its 6+6 month audit plan that was developed through consultation with various stakeholders and analysis of prior audit results, departmental priorities, strategic and operational risks. The audit plan is reviewed and endorsed by the ARMC and approved by the Director-General. The plan aligns with the Global Internal Audit Standards (GIAS) and the
Financial Accountability Act 2009 (Qld).
The operations of the Internal Audit Branch are reviewed by the ARMC throughout the year, including performance against established measures and the branch's compliance with GIAS through the quality improvement program.
During 2024–25, Internal Audit finalised:
- 258 school audits including follow-up audits
- 102 school health checks (this has changed to an annual automated data check across all schools completed in June 2025)
- 9 business, operational and performance audits
- 3 payroll verifications
- 3 information system audits.
School and region reviews
Every Queensland state school receives a review at least once every 4 years, playing an important part in how we support schools to lift educational achievement, enhance student wellbeing and engagement, and strengthen culture and inclusion.
The review approach is tailored to meet the unique needs of every state school and is informed by evidence and input from school staff, students and communities. Reviews are conducted by experienced educators trained in the use of the Australian Council for Educational Research School Improvement Tool, an internationally recognised framework for reviewing practices found in highly effective schools.
In 2024–25, the department continued to implement the revitalised review model to include differentiated review types. Review types include school reviews conducted by School and Region Reviews (SRR), school-led reviews validated by SRR, Partnership Initiative school reviews, small school reviews and offshore school reviews.
During 2024–25, SRR completed:
- 265 school reviews and 38 school-led review validations in Queensland state schools
- 5 Partnership Initiative school reviews
- 4 reviews at offshore schools.
Further information about school reviews, including professional learning programs for school, regional and corporate staff, can be accessed via the
School reviews website.
External oversight
The department was subject to several external reviews that provided independent advice, assurance and observations of our performance to our customers, stakeholders and the community. The following agencies produced reports relevant to the department.
Queensland Ombudsman
The Queensland Ombudsman (QO) conducts investigations under the
Ombudsman Act 2001 (Qld) to improve the quality of decision-making and administrative practices and procedures in agencies.
In April 2025, QO released Report 1: Department of Education: Preventing harm to children with disability in Queensland. The report includes recommendations for the department to clarify and enhance student protection practices, procedures and interagency cooperation.
The department welcomes the recommendations and is committed to ensuring its approach to student protection is of the highest standard. The department has commenced its review to enhance practices, procedures and training and will continue to build staff capability in line with QO recommendations.
Queensland Audit Office
The following
QAO reports released in 2024–25 include findings and recommendations applicable to the department:
- Department of Education Financial Statements 2023–24 audit
- Report 1: 2024–25: 2024 status of Auditor-General's recommendations
- Report 3: 2024–25: Central agencies' coordination of the state budget
- Report 6: 2024–25: Protecting students from bullying
- Report 11: 2024–25 State entities 2024
- Report 15: 2024–25 Education 2024.
Further information on the status of
Auditor-General recommendations is available.
The QAO reports included recommendations about information technology controls, development of the state budget, protecting students from bullying, third-party IT services and special payments. Recommendations from previous years that require further action were also highlighted.
The review of the department's 2023–24 financial statements made recommendations about information technology user access controls and Active Directory security. The QAO determined that these issues did not directly impact the department's financial statements.
Report 15 highlighted information security recommendations from QAO Report 13: 2023–24 Education 2023 and Report 18: 2020–21 Education 2020, encouraging all agencies to take further action.
The department acknowledges the QAO recommendations regarding information technology controls and as part of the cyber security plan 2024–2028, the department is strengthening identity and access management to improve the security and integrity of its systems. This includes ongoing initiatives to enhance user access controls and safeguard administrative privileges.
Report 3 recommended all agencies engage in early budget submission development, to facilitate a thorough review and timely feedback.
The department is committed to ensuring central agencies are engaged early in the budget submission process, based on Queensland Treasury timelines.
Report 6 included recommendations about the department's strategies to reduce student bullying and the department's supports for schools to manage student bullying.
The department has commenced implementing, and is further planning, a range of strategies and initiatives to prevent bullying and to provide support to those affected. A suite of actions will focus on raising community awareness and joint action, preventing bullying behaviour through safe and disciplined school environments, and enhancing support for families and students. This will be achieved through streamlined policies regarding behavioural expectations, targeted professional learning, expanding a dedicated crisis support hotline, and improved tools and resources for schools, parents and students.
Additional information on the department's approach to bullying can be found on the
school education page.
IT services provided by third parties were addressed in QAO report 11. The report encouraged all entities to implement processes and procedures to manage security risks.
The department has well-established processes in place to assess the suitability of third-party IT providers in managing cyber security risks when departmental data is stored or used outside the departmental network in both corporate and school environments.
Report 11 also encouraged all entities to implement robust policies and procedures that specify when a special payment is appropriate and how it should be made.
The department is committed to upholding the highest standards of public expenditure and complying with the recommendations.
Report 15 highlighted asset management recommendations from QAO Report 19: 2021–22 Education 2021, encouraging all agencies to take further action.
The department has integrated maintenance condition data into our finance system and is working with schools to use this data to develop each school's multi-year maintenance plan. The department expects this to be completed in 2025–26.
Office of the Information Commissioner
The Office of the Information Commissioner (OIC) is Queensland's independent statutory body established under the
Right to Information Act 2009 (Qld) and the
Information Privacy Act 2009 (Qld) to promote access to government-held information and to protect people's personal information held by the public sector.
In December 2024, OIC released the report Minimising Personal Information Held: Reducing the risk of privacy breaches. The report included recommendations for all departments to assess the privacy risks of information holdings and management systems, implement mitigation strategies as required, and implement appropriate information disposal procedures.
The department maintains an information asset register alongside technology and application registers to identify key information holdings and systems containing personal information. As part of our records management uplift project, the department has updated records disposal processes and developed a range of resources to support staff in effectively managing records throughout their lifecycle.
Statutory bodies and portfolio entities
The department supports several Queensland Government bodies and entities, including boards, committees and statutory authorities. These statutory bodies report directly to the Minister and prepare their own annual reports.
Further information is published in the
department's Government Bodies report.
Open data
Several reporting requirements for the department are published online on the Queensland Government's
Open Data portal in lieu of inclusion in this report, including overseas travel consultancies expenditure and Queensland Language Services Policy.
No Victims' Charter complaints were received in 2024–25.