11 June 2019
Murray Jack to investigate how Budget-sensitive material was accessed
State Services Commissioner Peter Hughes has today announced the appointment of Mr Murray Jack to head the inquiry into
how Budget-sensitive material was accessed at the Treasury.
The objective of the inquiry is to address concerns about the security of the Treasury’s Budget process, focusing on
what happened, why it happened, the lessons learned, and the actions the Treasury needs to take to ensure that a similar
incident will not happen again.
The Commissioner said he is very pleased to appoint Mr Jack who has led or been involved in a number of independent
reviews for Ministers and government agencies.
“Mr Jack has a strong professional background in business and technology strategy and implementing technology related
change programmes with more than 25 years consulting experience, mostly in the public sector,” said Mr Hughes.
Mr Jack is a professional director, Chair of Chartered Accountants Australia and New Zealand and a former member of the
board of the Financial Markets Authority. He was previously Chairman (2011-14) and Chief Executive (2005-11) of Deloitte
The inquiry will be conducted using the Commissioner’s powers under the State Sector Act 1988.
It will investigate, make findings on, and report to the State Services Commissioner regarding:
• The circumstances surrounding this incident, including the security measures taken in response.
• The causes of the incident, including whether the Treasury adhered to its own internal policies relevant to the
security of Budget sensitive information and to applicable government-wide policies and good practice guidance.
• The appropriateness and effectiveness of the information security systems that the Treasury had in place in
relation to the final six-week production phase of the Budget Process. This will include an assessment of the relevant
policies, processes, governance, capability, and security culture and practice of the Treasury.
• Any linkages or implications for the Treasury’s wider information security systems.
• Any other relevant matters necessary to provide a complete report on the above.
The Government Chief Digital Officer (GCDO) and Government Chief Information Security Officer (GCISO) will contribute to
any system wide improvements that may arise from the inquiry, as part of their work programmes.
The Commissioner said the inquiry is important because it goes to trust and confidence in the Public Service and in the
security of government information.
“Unauthorised access to budget-sensitive material is a very serious matter,” said Mr Hughes.
The inquiry may refer to, but will not make any findings in relation to, the actions that were taken by the Secretary of
the Treasury in responding to this incident and explaining its causes: the advice given to the Minister of Finance at
the time; the Secretary’s decision to refer the matter to the Police; and the public statements about the causes of the
incident. These matters are the subject of a separate investigation.