Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
Currently showing reports relevant to all Senate estimates committees. Filter by committee using the links to the right.
Summary and recommendations
Background
1. The NDIS Quality and Safeguards Commission (NDIS Commission, or Commission) began operating on 1 July 2018. The powers and functions of the NDIS Quality and Safeguards Commissioner (NDIS Commissioner, or Commissioner), as regulator of the National Disability Insurance Scheme (NDIS) are set out in the National Disability Insurance Scheme Act 2013 (NDIS Act). The NDIS Commission regulates registered and unregistered NDIS providers (as defined in section 9 of the NDIS Act) and workers to improve the quality and safety of NDIS services and advance the human rights of people with disability.
2. The NDIS Commissioner’s core functions (set out in section 181E of the NDIS Act) include to secure compliance with the NDIS Act through effective compliance and enforcement; to engage in, promote and coordinate information sharing to achieve the NDIS Act’s objectives; and to provide NDIS market oversight by monitoring and mitigating market-related risks. The NDIS Act also sets out the Commissioner’s functions relating to provider registration and reportable incidents (section 181F); complaints management (section 181G); behaviour support oversight (section 181H); and establishing, operating and maintaining a worker screening database (section 181Y).
Rationale for undertaking the audit
3. The NDIS Commission is the regulator for the NDIS. The NDIS provides funding to a large number of participants — as at 30 June 2025 there were 739,414 NDIS participants with approved plans.1 The NDIS also forms a significant portion of government spending, with total scheme payments of $46.3 billion in 2024–25.2 The NDIS operating environment has been subject to a number of reviews in recent years, which have made a range of recommendations including seeking improvements in information sharing, provider registration, restrictive practices, complaints handling and compliance and enforcement arrangements. This audit provides independent assurance to Parliament over whether the NDIS Commission is effectively exercising its regulatory functions.
Audit objective and criteria
4. The objective of the audit was to assess the effectiveness of the NDIS Commission in exercising its regulatory functions.
5. To form a conclusion against the objective, the following criteria were adopted:
- Does the NDIS Commission have effective intelligence gathering and information sharing arrangements in place?
- Has the NDIS Commission developed a risk-based strategy to guide regulatory decision-making?
- Has the NDIS Commission effectively implemented risk responsive and proportionate monitoring, compliance and enforcement activities?
Conclusion
6. The NDIS Commission is partly effective in exercising its regulatory functions. The Commission does not have full visibility of the market it regulates. From 2023–24 to 2024–25 the total number of active providers grew by 25 per cent, with active registered providers and active unregistered providers growing by 15 per cent and 26 per cent respectively.3 In regulating a market that is expected to see continued growth in the number of participants and providers, the Commission’s effectiveness as a regulator would be improved by taking a risk-based approach to regulating the NDIS that is underpinned by quality data, and targets available resources to areas of greatest risk.
7. The NDIS Commission has partly effective intelligence gathering and information sharing arrangements in place. The Commission has established policies relating to information management and the management of personal information. The effectiveness of the Commission’s collection, correlation and analysis of intelligence has been impacted by limitations of the Commission Operating System (COS). The Commission engages with the disability sector and has documented arrangements to support information sharing with some government entities. These arrangements are not complete and are under review. The Commission does not have processes to ensure information disclosures meet legislative requirements.
8. Regulatory decision-making is not guided by a risk-based strategy. Since commencing operations in 2018 and becoming a national operation in 2021, the Commission has not established a framework for assessing, prioritising and managing risks of provider non-compliance. In the absence of a regulatory risk framework and assessment of regulatory risks, the Commission’s overarching compliance and enforcement approach and regulatory decision-making has not been informed by risk.
9. The Commission has implemented a range of compliance activities. It has not effectively implemented risk responsive and proportionate monitoring, compliance and enforcement activities. The Commission does not have oversight of all the NDIS providers delivering services in the market as there is no requirement for all providers to be registered. In the fourth quarter of 2024–25, 94 per cent of active providers were unregistered and received 42 per cent of plan managed NDIS payments.
- The Commission’s arrangements to monitor the market and provider compliance did not include arrangements to monitor and mitigate the risks of unplanned service withdrawal — a core function of the NDIS Commissioner under the National Disability Insurance Scheme Act 2013 (NDIS Act).
- The Commission undertook 9,520 compliance actions in 2022–23; increasing 3.73 times in 2023–24 to 35,519 compliance actions. Additionally, the Commission has seen large growth in the number of complaints received from 16,305 in 2022–23 to 29,054 in 2023–24. The NDIS Commission does not have quality assurance processes for compliance activities. In the absence of a quality assurance program the Commission is not able to assess its effectiveness in detecting and addressing non-compliance.
- The NDIS Commission had arrangements for executive oversight of annual performance although these were not fully executed. The Commission has developed a Planning and Performance Framework, but this does not address government expectations for regulators. Data reported in the Commission’s quarterly performance reports could not be reconciled with the data reported in the Commission’s 2023–24 Annual Performance Statements.
Supporting findings
Information gathering and sharing arrangements
10. The NDIS Commission has policies that set out its information management and privacy obligations in accordance with the Archives Act 1983 and the Australian Privacy Principles. The Commission has systems for storing, correlating and analysing information. These had not been sufficiently documented in accordance with the Commission’s Information Management Policy. COS has capability limitations and was assessed by the Commission as being non-compliant with Australian Government record keeping and metadata requirements. The Commission has conducted a range of activities to analyse information and intelligence gathered. A strategic framework or formalised processes have not been established for its analysis activities. The Commission has developed a data quality framework. The Commission has not implemented arrangements for assurance over the quality, accuracy, and completeness of the information held by the Commission. (See paragraphs 2.3 to 2.31)
11. The NDIS Commission has arrangements to share information with Australian Government entities, including the National Disability Insurance Agency (NDIA), and state and territory government entities. Documentation supporting these arrangements is not complete. The disclosure record for information shared does not meet the requirements of the National Disability Insurance Scheme Rules 2018. The NDIS Commission shares information and seeks feedback from the disability sector through stakeholder engagement committees and undertakes a range of activities to assist voluntary compliance. The NDIS Commission undertook stakeholder sentiment surveys in 2023 and 2024 to assist in assessing whether the activities of the Commission were meeting the needs of the sector. Responses to the 2024 survey indicated 24 per cent of respondents trusted the Commission ‘a lot’ or ‘completely’ to provide support if there are issues with NDIS services. Forty per cent of respondents ‘moderately’ trusted the Commission; and 18 per cent trusted the Commission ‘a little’ to provide this support. (See paragraphs 2.32 to 2.60)
Risk-based approach to regulatory decision-making
12. The Minister for the NDIS issued a Statement of Expectations to the NDIS Commissioner on 20 December 2022 and the NDIS Commissioner responded with a Statement of Intent dated March 2023. The NDIS Commission has not sought a new Statement of Expectations consistent with government expectations of regulators. The Commission published annual compliance priorities for 2019–20 to 2021–22, 2023–24 and 2024–25. The compliance priorities are not risk-based or informed by data and the Commission has not established arrangements to address or report on specific priorities. The Commission has an overarching approach to compliance and enforcement through the Regulatory Approach, Operating Model and Compliance and Enforcement Policy. These are not informed by risk. (See paragraphs 3.2 to 3.28)
13. The NDIS Commission has not implemented a framework for assessing and managing regulatory risk. In its Corporate Plans for 2023–24 and 2024–25, the NDIS Commission reported on the management of two enterprise risks relating to provider non-compliance and participant harm. The Commission assessed these risks under the Enterprise Risk Management Framework, which was designed to assess and manage the Commission’s operational risks. In August 2024, the NDIS Commission updated the Regulatory Approach with five risk priorities that create an unacceptable risk of harm for participants if not addressed. After these priorities were endorsed the Commission continued to have no overarching strategic approach to regulatory risk. (See paragraphs 3.29 to 3.45)
Monitoring, compliance, and enforcement
14. Compliance monitoring activities were not carried out under a risk-based strategy or work program. The Commission has not established or documented an approach to monitoring and mitigating the risks of unplanned service withdrawals — a core function of the NDIS Commissioner under the NDIS Act. (See paragraphs 4.3 to 4.34)
15. The NDIS Commission has established arrangements to detect and address non-compliance but does not have overarching procedural guidance for the end-to-end management of compliance matters. The Commission does not have quality assurance processes for compliance activities, including investigations. In the absence of quality assurance processes and up-to-date policies the Commission is unable to assesses its effectiveness in detecting and addressing non-compliance. (See paragraphs 4.35 to 4.64)
16. Arrangements were in place, but were not fully executed, for NDIS Commission senior executive oversight and the Audit and Risk Committee review of annual performance. Prior to March 2024, the NDIS Commission did not have a standardised framework to support Annual Performance Statement obligations. The Planning and Performance Framework does not address government expectations for regulators. Data reported in the NDIS Commission’s quarterly reports does not reconcile with the 2023–24 Annual Performance Statements. (See paragraphs 4.65 to 4.101)
Recommendations
Recommendation no. 1
Paragraph 2.25
To support intelligence and information analysis, the NDIS Commission implement:
- an overarching risk-based plan to guide information analysis and correlation activities; and
- guidance on establishing and conducting own motion inquiries.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 2
Paragraph 2.50
The NDIS Commission develop and implement a quality assurance process to meet legislative requirements and ensure completeness of the information disclosures record.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 3
Paragraph 3.6
The NDIS Commission:
- prepare for a refreshed Ministerial Statement of Expectations with close engagement with the appropriate minister and portfolio secretary; and
- prepare and issue a responding Regulator Statement of Intent in a timeframe consistent with the Direction to the NDIS Quality and Safeguards Commissioner under section 181K of the National Disability Insurance Scheme Act 2013 – No. 1/2023.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 4
Paragraph 3.27
The NDIS Commission:
- develop a process for setting compliance priorities to ensure they are risk-based;
- implement action plans to ensure that regulatory interventions are driven by compliance priorities;
- regularly report on compliance priorities and action plans, including publicly; and
- publicly outline its regulatory processes and decision-making criteria to support public understanding of how the Commission regulates the NDIS.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 5
Paragraph 3.41
The NDIS Commission develop, document and maintain a framework to assess, prioritise and manage regulatory risks. Regulatory priorities should be underpinned by risk assessment, data and evidence. The framework should articulate how identified risks are managed in line with well-defined risk tolerances, risk-profiling, and appropriate compliance actions.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 6
Paragraph 4.16
The NDIS Commission develop and implement an entity-wide compliance monitoring strategy, consistent with its Compliance and Enforcement Policy, that includes the monitoring activities the Commission intends to undertake, frequency of planned activities, links compliance monitoring activities to identified risks, and sets out reporting arrangements and intended results.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 7
Paragraph 4.31
The NDIS Commission:
- develop and document a strategy or plan that sets out the Commission’s approach to market oversight, including monitoring and mitigating the risks of unplanned service withdrawal; and
- works with the NDIA to update the joint operational protocol on market stewardship and oversight to include the Commission’s planned approach to market oversight developed in part (a) above.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 8
Paragraph 4.51
To provide assurance that the NDIS Commission is taking effective regulatory action using powers provided under the NDIS Act and meeting the requirements of the Australian Government Investigations Standards, the NDIS Commission implement quality assurance processes for complaints, reportable incidents, compliance matters and investigations.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 9
Paragraph 4.63
The NDIS Commission support staff to apply a consistent approach to compliance actions through:
- finalising fit-for-purpose policies and procedures for compliance actions; and
- developing guidance to assist staff with selecting and using the most suitable compliance tool for specific circumstances.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 10
Paragraph 4.97
The NDIS Commission:
- implement measures to address errors in the Commission’s data holdings;
- ensure the accuracy of performance reporting in compliance with the PGPA Act and PGPA Rule, and address issues identified in relation to Annual Performance Statements for Commonwealth entities in line with expectations;
- accurately record and explain performance in line with regulator performance expectations; and
- disclose and provide written explanation for changes to and errors in publicly reported information to enhance the transparency and public confidence of performance reporting.
NDIS Quality and Safeguards Commission response: Agreed in principle.
Summary of entity response
17. The proposed audit report was provided to the NDIS Commission. The NDIS Commission’s summary response is reproduced below, and its full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
The NDIS Quality and Safeguards Commission (NDIS Commission) appreciates the work of the ANAO in assessing the Commission’s regulatory functions. The NDIS Commission is committed to improving its existing processes and becoming a formidable human rights regulator that applies an intelligence led risk-based, approach to its meet legislated outcomes.
The NDIS Commission acknowledges the findings of the report and agrees to action all recommendations and opportunities for improvement. The NDIS Commission has designed and is delivering a Data and Regulatory Transformation (DART) program that will provide access to reliable data and improve visibility of the market to support intelligence led risk-based regulation in alignment with ANAO report recommendations.
The NDIS Commission has taken steps to improve its regulatory processes through establishing a Risk-Based Regulation Prioritisation Model (the Model). The Model will provide a consistent approach to assessing risk and prioritising compliance activities. The NDIS Commission is applying a phased approach to implementation of the Risk-Based Regulation Prioritisation Model with its full roll out in October 2025.
The NDIS Commission will prioritise the establishment of a quality assurance framework to assess and continuously improve its regulatory processes. The NDIS Commission is committed to action all report recommendations to continue to protect and promote the rights, safety and wellbeing of people with disability and ensure a sustainable future for the NDIS.
Key messages from this audit for all Australian Government entities
18. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. Australian Public Service (APS) employees have an obligation to comply with the Australian Government sector ethical framework and behave with integrity. The Australian Government sector ethical framework is defined by the Australian National Audit Office (ANAO) as the application of legislation and rules including the Public Governance, Performance and Accountability Act 2013 (PGPA Act), Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), Public Service Act 1999 (PS Act) and the APS Commissioner’s Directions 2022 (Commissioner’s Directions).
2. The Department of Employment and Workplace Relations (DEWR) was established on 1 July 2022 as a result of machinery of government changes. DEWR’s 2024–25 Corporate Plan states that its purpose is to ‘support people in Australia to have safe, secure and well-paid work with the skills for a sustainable future’. DEWR is responsible for administering programs relating to training and employment, workplace relations, and work health and safety.
Rationale for undertaking the audit
3. All members of the APS are subject to ethical obligations established by legislation, specifically the PGPA Act, the PGPA Rule, the PS Act, and the Commissioner’s Directions. This audit will provide assurance to the Parliament on the effectiveness of DEWR’s approach to implementation of the Australian Government sector ethical framework.
Audit objective and criteria
4. The objective of the audit was to examine the effectiveness of the implementation of frameworks to support ethical behaviours within DEWR.
5. To form a conclusion against the objective, the ANAO applied the following high-level criteria.
- Do the ‘tone from the top’ and overarching strategies and policies within DEWR promote ethical behaviour and facilitate compliance with the Australian Government sector ethical framework?
- Are there appropriate supporting mechanisms in place to implement the ethical strategies and policies?
- Is there monitoring and reporting to provide assurance to the accountable authority that the strategies and policies are being implemented effectively?
Conclusion
6. DEWR has implemented largely effective enterprise-wide strategies and frameworks that have the potential to support its staff to comply with the Australian Government sector ethical framework. Effectiveness could be improved by ensuring its strategies and frameworks are measurable in terms of impact and establishing baselines and metrics for integrity-related reporting including across the delivery of its business.
7. DEWR’s tone from the top and overarching strategies and frameworks are largely effective in promoting ethical behaviour by DEWR staff and compliance with the Australian Government sector ethical framework. DEWR has messaging in place within its Corporate Plan 2024–25 to set the tone from top regarding expectations for DEWR leaders and staff to act with integrity. DEWR’s Integrity Framework 2024 provides guidance to all DEWR staff on integrity principles and sets out the resources available to assist staff to comply with the Australian Government sector ethical framework. DEWR’s People Strategy 2024–27 contains elements which reference the Australian Public Service (APS) Values and set expectations for DEWR’s leaders. DEWR has not developed a method for assessing the impact of the Integrity Framework and People Strategy in contributing to an ethical culture within DEWR, including when implementing its programs and measures. The DEWR executive provides regular communications to staff on matters relating to acting with integrity.
8. DEWR has largely appropriate mechanisms to implement its overarching ethical strategies and policies. These include: Accountable Authority Instructions (AAIs); the annual management assurance process; conflicts of interest processes; complaints and investigations mechanisms; fraud and corruption controls; credit card use policy; procurement and probity procedures; grants management guidance; gifts benefits and hospitality procedures; staff surveys; mandatory training; and Senior Executive Service (SES) performance management. Guidance and policy documents for these mechanisms sets out roles and responsibilities, oversight and reporting timeframes to DEWR’s governance committees. Where relevant, processes for non-compliance were identified in the process documentation. Assurance and oversight primarily occurs through reporting to DEWR’s governance forums.
9. Assurance on implementation of ethical strategies and supporting mechanisms is provided to DEWR’s Secretary through reporting to the Executive Board, the Audit and Risk Committee, the People, Culture and Engagement Committee and the Risk Committee. Instances of discussions relating to ethics, integrity, values or culture have increased across those forums since 2023. DEWR is developing a method to capture and report on key integrity-related matters in an Integrity Dashboard which it is planning to provide to the Executive Board. The dashboard focuses on information relating to financial management and performance under the requirements set out by the PGPA Act and the PS Act. DEWR has not set any baselines or metrics for relevant data sets in the dashboard, for example, rates of credit card non-compliance or mandatory training, which would enable performance over time to be monitored
Supporting findings
Ethical strategies and policies
10. DEWR’s purpose in its Corporate Plan sets its overall strategic direction and the Secretary’s messaging in the introduction to the Corporate Plan sets the tone for DEWR’s senior leaders (see paragraphs 2.3 to 2.6).
11. DEWR’s Integrity Framework was launched in June 2024 and sets out DEWR’s approach to building an integrity culture, including assigning roles and responsibilities and identifying guidance and procedures that contribute to driving integrity within the department. In October 2024 DEWR launched the People Strategy 2024–27 which incorporates an ethical leadership element aligned with the APS Values, sets out the expectations for DEWR leaders at all levels, and defines the priorities for its people and culture. DEWR has not developed an approach to ascertain the effectiveness of the implementation of the People Strategy or Integrity Framework (see paragraphs 2.7 to 2.45).
12. DEWR uses various communications to update staff on important information including: all staff emails; video messages from the Secretary and other Senior Executive Service (SES) officials; and weekly email updates. Within these communications, there are regular occurrences of staff being advised of their obligations around undertaking their roles ethically and with integrity, for example, reminders on fraud awareness training and embodying the APS Values. DEWR also communicated the launch of the Integrity Framework and training to all staff (see paragraphs 2.46 to 2.55).
Implementation mechanisms
13. DEWR has mechanisms in place to encourage ethical behaviour by its staff, facilitate compliance with Australian Government sector ethical framework, and identify and address areas of non-compliance. Processes and roles and responsibilities are set out in the supporting guidance for the mechanisms, including requirements around quality assurance and reporting to DEWR’s governance committees. Assurance and oversight are primarily provided through regular reporting to the DEWR executive and other governance forums. DEWR undertakes assurance activities within the processes for credit cards, fraud and corruption, code of conduct and SES personal declarations of interest. Non-compliance is managed for code of conduct, fraud investigations, credit card use and gifts and benefits. For these mechanisms, DEWR has procedures in place to manage non-compliance through avenues such as formal investigation, additional training, official warning or sanctions (see paragraphs 3.2 to 3.117).
Assessment, monitoring and reporting
14. DEWR has processes in place to enable monitoring and reporting on the progress and implementation of mechanisms that support DEWR’s implementation of the Australian Government sector ethical framework. DEWR is developing an Integrity Dashboard which intends to collate integrity-related data into the one report. DEWR has yet to develop metrics and baselines for the relevant data sets in the dashboard, or report on organisational integrity in delivering its programs and measures. DEWR’s Executive Board, Audit and Risk Committee, People, Culture and Engagement Committee and the Risk Committee regularly discussed matters relating to ethics, integrity, values or culture between 1 July 2022 and 31 December 2024. There has been an increase in the level of discussion of these themes in the forums since mid-2023 (see paragraphs 4.2 to 4.32).
Recommendations
Recommendation no. 1
Paragraph 2.32
The Department of Employment and Workplace Relations develops an approach to measure the effectiveness of the implementation of the Integrity Framework or People Strategy including how they support integrity in the administration of DEWR’s measures and programs.
Department of Employment and Workplace Relations response: Agreed.
Recommendation no. 2
Paragraph 4.25
The Department of Employment and Workplace Relations:
- establishes metrics and baselines for the relevant data sets in the Integrity Dashboard to enable compliance and performance to be tracked and reported over time;
- examines whether the dashboard (or other reporting) could be expanded to include broader assurance that ethical frameworks and mechanisms are being implemented in the administration of DEWR’s measures and programs.
Department of Employment and Workplace Relations response: Agreed.
Summary of entity response
15. The proposed audit report was provided to DEWR. DEWR’s summary response is provided below, and its full response is included in Appendix 1.
The Department of Employment and Workplace Relations (the department) welcomes the audit’s recommendations and the recognition that the department has largely effective:
- strategies and frameworks, that have the potential to support its staff to comply with the Australian Government sector ethical framework
- promotional mechanisms in place, including tone from the top. This has included the department’s executive issuing regular communication on ethical matters
- mechanisms to support the implementation of ethical strategies and policies, including the People Strategy and the Integrity Framework
The department has agreed to both recommendations made by the ANAO; recognising the importance of fostering a strong ethical culture and maintaining robust integrity frameworks across all levels of the organisation. The department remains committed to embedding integrity into all aspects of our culture and recognises the importance of continuous improvement, ensuring frameworks also support integrity in the administration of departmental programs and measures.
The department is committed to ethical leadership at all levels, promoting an environment of accountability, where public officials act with probity and integrity. The department will continue to operate with transparency, designing and administering programs, policies and processes with a continual focus on the people they are meant to serve.
Key messages from this audit for all Australian Government entities
16. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance
Summary and recommendations
Background
1. The Royal Australian Navy (Navy) amphibious warfare fleet includes two Canberra class amphibious assault ships, also known as landing helicopter docks (LHDs). These are HMAS Canberra, commissioned in November 2014, and HMAS Adelaide, commissioned in December 2015. The role of the LHDs is to provide capabilities in amphibious warfare, humanitarian assistance, disaster relief and sealift, and to contribute to broader naval activities. Effective sustainment of the LHDs, including maintenance and support, is essential for the effective delivery of these capabilities.
2. Defence’s Naval Shipbuilding and Sustainment Group has been responsible for the sustainment of the LHDs on behalf of the Navy (the capability manager) since October 2022.1 Since entry into service in 2014, Defence has contracted its core LHD sustainment delivery activities to industry. Defence’s contracting model has changed from time to time, with each of the arrangements established at the commencement of the following three phases: the transition from acquisition to sustainment (from 2014 to 2019); the asset class prime contractor model (from 2019 to 2024); and the Maritime Sustainment Model (as of 1 July 2024).
Rationale for undertaking the audit
3. In 2024–25, Defence’s sustainment activities for its fleet of two Canberra class amphibious assault ships, or LHDs, had a funding provision of $180 million (estimated at $1.9 billion to 2033–34). With service life-of-type until the mid-2050s, the LHDs provide Navy with amphibious capabilities which are to support the delivery of the Australian Government’s strategic intent through joint Australian Defence Force (ADF) deployments. This audit provides assurance to the Parliament on Defence’s sustainment of naval capability, building on Auditor-General Report No. 30 2018–19 ANZAC Class Frigates — Sustainment.
Audit objective and criteria
4. The audit objective was to examine the effectiveness of Defence’s sustainment arrangements for Navy’s Canberra class fleet of amphibious assault ships (or LHDs).
5. To form a conclusion against the audit objective, the following high-level criteria were adopted.
- Has Defence implemented fit-for-purpose planning and value for money procurement arrangements to support its sustainment activities?
- Has Defence effectively managed its sustainment contracts?
- Has Defence established appropriate performance monitoring and reporting arrangements?
Conclusion
6. Defence’s sustainment arrangements for Navy’s LHDs have been partly effective. Risks arising from an accumulation of defects and maintenance backlogs over several years have materialised. The substandard condition of the vessels, and personnel workforce shortages, have resulted in instances of critical failure and impacts to the Navy’s delivery of operational outcomes.
7. Defence did not implement fit-for-purpose planning and value for money procurement arrangements to support LHD sustainment. Defence’s future sustainment requirements, including access to important intellectual property for the LHDs, were not sufficiently developed during the acquisition phase. Establishment of the sustainment arrangements was delayed, occurring during the transition to sustainment process and alongside remediation activities to address issues persisting from acquisition. Defence’s remediation activities did not achieve the required outcomes, resulting in additional work being transferred to the sustainment phase or managed as part of capability improvement projects.
8. Value for money and the intended sustainment outcomes were not achieved through Defence’s procurement processes. Early cost estimates for the sustainment of the LHDs were under developed and did not anticipate the impact of the protracted acquisition deficiencies extending into sustainment and continuing into 2025. Defence has regularly reviewed and adjusted its sustainment budget.
9. Sustainment of the LHDs was not managed effectively by Defence through its prime contractor arrangements. Governance arrangements, contract management guidance, and risk management practices were not implemented in a timely manner and contract-specific probity arrangements were not developed. Defence did not take reasonable steps, as required by the Public Governance, Performance and Accountability Act 2013 (PGPA Act), to manage systemic poor procurement practices by the prime contractor or investigate claims of fraudulent activity in sub-contracting arrangements in accordance with its own policies. Defence did not use the full range of contractual levers available to manage its primary sustainment contract. This approach impacted the quality of service delivery and undermined the achievement of value for money through the contract.
10. Defence has established partly appropriate performance monitoring and reporting arrangements for the Canberra class LHDs. Sustainment outcomes have largely met Navy’s requirements for the operational use of the platforms. The long-term availability and reliability of the LHDs is at risk primarily due to the accumulation of urgent defects, maintenance backlogs and shortfalls in personnel to undertake organic level maintenance. As a result, the LHDs have experienced critical failures, impacting on Navy operations.
11. Defence’s transition to the new Maritime Sustainment Model lacked reliable and complete information on the expected performance of sustainment contractors. Value for money outcomes for the procurements under the new model were limited by poorly implemented probity arrangements and the procurements commencing later than planned, reducing the time available to resolve issues during contract negotiations.
Supporting findings
Planning and procurement
12. Defence accepted delivery of the ships from BAE in 2014 and 2015 later than planned and with defects and deficiencies in both vessels, many of which remain unresolved.
- In 2017, Defence established a Transition and Remediation Program (TARP) to manage the transition into sustainment and conduct the remediation work required to achieve the full capability expected from the LHDs. The remediation activities did not achieve all the intended outcomes, and in November 2019, Defence accepted the LHDs into full service with six ‘significant residual deficiencies’.
- In 2021, Defence established a capability assurance program to address urgent operational and safety issues for the LHDs, including issues carried over from the TARP.
- In July 2024, one quarter of the way through the planned life of the ships, Defence closed the acquisition project with significant defects and deficiencies from acquisition remaining unresolved and to be managed during the sustainment phase (see paragraphs 2.2 to 2.21).
13. The integrity of Defence’s procurement processes for the LHD sustainment prime contractors was undermined by poor controls over probity risks.
- In 2014, the Capability Support Coordinator contract was awarded following an open tender process. The effectiveness of this procurement was limited by issues in the planning and evaluation processes. There were also shortcomings in the subsequent extension of the services with the incumbent provider under the Major Service Provider Panel following an unsolicited proposal in 2022.
- In 2014, the Transition In-Service Support Contract was awarded following a ‘collaborative’ sole source procurement process involving protracted engagement by Defence to improve an under-developed tender response. The procurement outcome did not demonstrate value for money.
- In 2018, the Asset Class Prime Contractor was awarded following a two-stage selection process which involved assessments against fit-for-purpose evaluation criteria. The integrity of the process was compromised by the departure of a senior Defence official with early involvement in the procurement who was then employed by, and negotiated with Defence on behalf of, the winning tenderer (see paragraphs 2.22 to 2.77).
14. Defence’s forecast and management of sustainment costs have been impacted by deficiencies from acquisition extending into sustainment. Since final operating capability was declared in 2019, the LHD sustainment funding provision per financial year has not met in-year requirements, with some sustainment work deferred and future costs increasing. In 2024 senior Defence officials considered options to address Navy sustainment funding pressures. Following consultation with the Minister for Defence in 2024, Navy sustainment funding was increased by an additional $300 million over two years to June 2026, of which Defence allocated $36 million towards LHD sustainment funding for 2024–25 (see paragraphs 2.78 to 2.88).
Sustainment management
15. Defence established governance arrangements to support its management of LHD sustainment contracts. These arrangements were either not implemented effectively or not maintained by Defence, resulting in a number of shortcomings.
- Since 2012, updates to the Materiel Sustainment Agreement (head agreement) between Navy and the Naval Shipbuilding and Sustainment Group have not been timely, occurring several years after key changes in responsibilities or organisational restructures had taken effect.
- A contract management plan was not established for the first 17 months of the ACPC contract. Contract risks, including those identified during the procurement process, were not revisited as planned or covered in the contract management plan.
- Contract-specific probity arrangements were not established for the ACPC contract. Defence relied solely on its broader departmental arrangements instead, which require Defence personnel to proactively identify and declare any actual, potential or perceived conflicts of interest as and when they arise.
- LHD sustainment risks at the strategic level are managed separately and in isolation from risks at the operational and technical levels. There is no hierarchy or clear line of sight between the risks identified in the Materiel Sustainment Agreement and those being managed day-to-day (see paragraphs 3.2 to 3.32).
16. Defence did not manage its primary LHD sustainment contracts as intended by its performance-based design. As a result, Defence cannot assure itself or ministers that sustainment services were delivered effectively and in accordance with the contracted requirements. Key deficiencies were that Defence did not:
- ensure that all mandatory reports were submitted in a timely manner by the contractor;
- undertake full or timely assessments of the contractor’s performance;
- ensure that all key sustainment deliverables had been completed in full prior to making payments to the contractor; or
- use the full range of levers available in the contract to drive satisfactory performance.
17. Between 2021 and 2023 there were at least three separate allegations of fraudulent activities or instances of poor sub-contracting practices related to the ACPC contract. Defence did not seek further information from the contractor on the 2023 allegations and did not change its approach to managing the contract after being notified of the various issues (see paragraphs 3.33 to 3.79).
Performance monitoring and reporting
18. Defence has established a sustainment performance framework for the LHDs, with performance measures set out in a written agreement and reporting provided to senior Defence leadership. The performance measures adopted are relevant to the LHDs but are not fully reliable and do not provide a complete and clear picture of sustainment performance as some important areas of sustainment are not covered. For some performance measures, the nature of the targets selected has led to reporting that does not provide a fair presentation of performance results for the LHDs (see paragraphs 4.2 to 4.18).
19. Navy’s operational requirements have been impacted by shortcomings in the management of LHD sustainment. Sustainment outcomes have included an accumulation of urgent defects, persistent maintenance backlogs, and the degradation of the condition of the platforms. The LHDs have fallen short of meeting availability targets since 2020–21 and sustainment-related deficiencies and workforce shortfalls have given rise to risks involving critical failures in the vessels, possible damage to Navy’s reputation and concerns for the sustainability of the LHDs over the long-term. Some of these risks have materialised, including:
- total power failures in 2022 and 2023, making the LHDs temporarily unavailable while providing humanitarian assistance and disaster relief support in Tonga and Vanuatu; and
- a reduction from three ships to two available for deployment in the amphibious force during 2025 (see paragraphs 4.19 to 4.53).
20. In July 2024, Defence transitioned LHD sustainment to the ‘Maritime Sustainment Model’, which involved the procurement and contracting of new commercial arrangements. Defence started the procurements later than planned, which limited the options available to Defence to manage issues and strengthen value for money outcomes during negotiations. Arrangements to manage probity were not robust and, in respect to the LHD Capability Life Cycle Manager procurement, probity was poorly managed. Defence has not benchmarked or established expected sustainment performance levels for the Maritime Sustainment Model (see paragraphs 4.54 to 4.83).
Recommendations
Recommendation no. 1
Paragraph 2.18
The Department of Defence ensures that appropriate arrangements are in place for its transition and remediation programs to improve the rigour with which these activities are managed, and provide assurance that the relevant objectives have been achieved.
Department of Defence response: Agreed.
Recommendation no. 2
Paragraph 2.87
To support the future requirements for the LHDs, the Department of Defence develops and maintains class-specific life cycle sustainment plans for the Navy fleet, including funding requirements for the planned life of type, to ensure that the required capability is maintained across the classes’ whole of life, at a rate of agreed availability.
Department of Defence response: Agreed.
Recommendation no. 3
Paragraph 3.6
The Department of Defence promptly reviews and updates, Navy’s Materiel Sustainment Agreements with the Capability Acquisition and Sustainment Group and Naval Shipbuilding and Sustainment Group, following significant changes in organisational structures, or at least every three years.
Department of Defence response: Agreed.
Recommendation no. 4
Paragraph 3.31
The Department of Defence reviews and documents its LHD risk management arrangements, including the use of various ICT systems and oversight forums, with a view to identifying efficiencies, where possible, and ensuring that risks are appropriately identified, and actively managed with clear line of sight.
Department of Defence response: Agreed.
Recommendation no. 5
Paragraph 3.69
Where the Department of Defence is notified of incidents such as suspected fraud or unethical conduct, the Department of Defence ensures that its response is fully documented and conforms to Defence policies and the Commonwealth Fraud and Corruption Control Framework.
Department of Defence response: Agreed.
Recommendation no. 6
Paragraph 3.78
Where the Department of Defence’s contracts with industry include mechanisms to obtain assurance over the completion of activities under the contract and the performance of suppliers, the Department of Defence ensures that contractual mechanisms are implemented.
Department of Defence response: Agreed.
Recommendation no. 7
Paragraph 4.13
The Department of Defence review the performance measures for the sustainment of the LHDs to support a more reliable and complete assessment of sustainment performance.
Department of Defence response: Agreed.
Recommendation no. 8
Paragraph 4.63
The Department of Defence establishes arrangements to ensure that its internal policies for the establishment of appropriate probity processes commensurate with the size, scale and risk of its procurement activities are complied with.
Department of Defence response: Agreed.
Recommendation no. 9
Paragraph 4.82
The Department of Defence benchmarks and monitors sustainment performance under the Maritime Sustainment Model to enable an assessment of the achievement of its strategic objectives.
Department of Defence response: Agreed.
Summary of entity response
21. The proposed audit report was provided to the Department of Defence. Extracts of the proposed audit report were provided to BAE Systems Australia Pty Ltd, Babcock Pty Ltd, and Kellogg Brown and Root Pty Ltd. The Defence summary response is provided below and its full response is provided at Appendix 1. Responses from BAE Systems Australia Pty Ltd, Babcock Pty Ltd, and Kellogg Brown and Root Pty Ltd are provided at Appendix 1.
The Department of Defence acknowledges the findings contained in the Auditor General’s report on the sustainment of the Canberra Class amphibious assault ships.
Defence acknowledges that planning and procurement processes, sustainment management arrangements and performance monitoring and reporting were assessed as partly effective.
Defence supports the recommendations. Defence is committed to ensuring the through-life sustainment of the Canberra Class amphibious assault ships deliver the best possible capability outcomes for the Australian Government and the Australian Public.
Key messages from this audit for all Australian Government entities
22. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Policy and program design
Summary and recommendations
Background
1. The National Reconstruction Fund was announced by the Minister for Industry and Science on 25 October 20221, as part of the 2022–23 Federal Budget, as a $15 billion investment to ‘diversify and transform Australia’s industry and economy.’
2. The Department of Industry, Science and Resources (DISR) took the lead for the design and establishment of the National Reconstruction Fund Corporation (NRFC). The Department of Finance provided support to DISR in the design and establishment of the NRFC.
3. The NRFC is a corporate Commonwealth entity established under the National Reconstruction Fund Corporation Act 2023 (NRFC Act). It commenced on 18 September 2023 and is governed by an independent board. Under the NRFC Act, the Minister for Industry and Science and the Minister for Finance are the responsible ministers. In performing its investment functions, the NRFC Board is required to comply with the NRFC Act, the National Reconstruction Fund Corporation (Investment Mandate) Direction 2023 (NRFC Investment Mandate)2 and the National Reconstruction Fund Corporation (Priority Areas) Declaration 2023.3
4. On 19 November 2024, the NRFC announced its first two investments: a $100 million partnership with Resource Capital Funds, which includes a $40 million investment in Russell Mineral Equipment.4 As at 31 May 2025, the NRFC has announced nine investments totalling $434.5 million.5
5. In December 2024, Parliament passed the Future Made in Australia Act 2024. The Future Made in Australia measure establishes a ‘Front Door for investors with major transformational proposals within the Treasury portfolio’6, an Investor Council to support the Front Door and the involvement of Specialist Investment Vehicles in the Investor Council.7
Rationale for undertaking the audit
6. The NRFC was announced on 25 October 2022 as a $15 billion vehicle through which the Australian Government will ‘facilitate increased flows of finance into priority areas of the Australian economy, through targeted investments to diversify and transform Australian industry, create secure, well-paying jobs and boost sovereign capability.’
7. The audit provides assurance to the Parliament as to whether the design and establishment of the NRFC was effective.
Audit objective and criteria
8. The objective of this audit was to assess the effectiveness of the design and establishment of the NRFC.
9. To form a conclusion against the objective, the following high-level criteria were adopted.
- Was the design process effective?
- Are governance arrangements sound?
- Are the Fund arrangements effective?
Conclusion
10. The design of the NRFC was largely effective, the establishment of the NRFC’s governance and fund arrangements was partly effective. There are opportunities to improve NRFC’s governance by establishing a financial strategy and reviewing its performance reporting. Further, there is scope for the NRFC Board to finalise its investment strategy, stakeholder engagement framework and some investment procedures, and to establish assurance over its investment compliance.
11. The design process for the NRFC was largely effective. Due diligence checks for one member of the NRFC Board were not documented. DISR applied lessons from similar programs and considered stakeholder feedback. Stakeholder engagement was largely consistent with better practice — with opportunities to close the loop with stakeholders, and documenting lessons to improve future engagement activities. Constitutional risks to investments were assessed and approaches to manage these were outlined in advice to government and the NRFC Board. Advice on establishing a new corporate Commonwealth entity was sound. Appointments to the NRFC Board were consistent with the NRFC Act.
12. NRFC’s governance arrangements are largely sound. The NRFC Board and CEO appointments, Board meetings and remuneration arrangements have been established under the NRFC Act. Investment Policies have been published pursuant to section 75 of the NRFC Act. NRFC’s reporting arrangements for its annual report, corporate plan, budget estimates, performance measures and statements have been established, with 2024–25 performance to be reported against ‘at least three identified areas of the economy’ out of seven under the National Reconstruction Fund Corporation (Priority Areas) Declaration 2023. NRFC’s risk management, fraud and corruption control arrangements, and accountable authority instructions are underway and progressing as at March 2025. NRFC’s corporate policies are progressing as at March 2025. The NRFC Audit and Risk Committee (ARC) reviewed NRFC’s arrangements for risk management, internal controls, financial reporting except it did not review NRFC’s performance reporting arrangements for 2023–24 in line with the ARC charter and section 17 of the PGPA Rule. Recruitment is continuing, with the asset management function for investments underway as at March 2025. NRFC Board is yet to develop a financial strategy. NRFC has processes for managing procurement, recruitment, declaring gifts and benefits, and Freedom of Information (FOI). Access to NRFC’s released information under FOI is not consistent with guidelines from the Australian Information Commissioner.
13. NRFC’s fund management arrangements are partly effective. The NRFC Board has approved investments without finalising its investment strategy and stakeholder engagement framework. NRFC’s investment strategy and stakeholder engagement framework, listed as outputs within NRFC’s Corporate Plan 2023–24, were not completed. A draft investment strategy, draft stakeholder engagement framework, and the absence of a plan to evaluate them, limits the effectiveness of the NRFC Board’s fund promotion.
14. NRFC’s processes to assess investments against its legislative requirements are developing and partly effective. NRFC’s existing procedures relating to due diligence, risk management and assessing concessionality need clearly defined requirements for officials. NRFC is developing investment procedures relating to: credit risk, national security assessments, and investment impact. Investment assessment processes have gaps in: due diligence, risk management, and considerations of concessionality. NRFC’s Board has not received its Embargo Register to manage associated risks. NRFC did not obtain conflict of interest declarations and confidentiality agreements from suppliers who assisted with investment due diligence.
15. NRFC has established investment targets; and as at 31 May 2025, NRFC had announced investments totalling $434.5 million of a target of $550 million. At at 31 March 2025, NRFC’s Board has not developed a financial strategy and aligned it to its draft investment strategy and stakeholder engagement framework, to inform and support the timely deployment of its investments.
Supporting findings
Design process
16. Lessons from similar programs were considered and addressed in the design and establishment of the NRFC. DISR assessed external reviews of Specialist Investment Vehicles (SIVs), prior ANAO audits and engaged with stakeholders to identify lessons on the design and establishment of the NRFC. A key lesson relating to the need for investment-ready projects for the NRFC, and steps to address this were outlined in advice to government. (See paragraphs 2.4 to 2.11)
17. Stakeholder input on key design parameters of the NRFC was considered and included in advice to government. DISR undertook a structured approach to consulting stakeholders and analysing feedback received. Stakeholder engagement was largely consistent with the APS framework for engagement and participation — with opportunities to close the loop with all stakeholders who have contributed, and documenting lessons to improve future engagement activities being identified. (See paragraphs 2.12 to 2.18)
18. DISR established an appropriate framework for providing advice to government. Advice was based on lessons learned from other SIVs, stakeholder input, and understanding the policy context of the election commitment. Advice outlined risks and approaches to manage risks. Advice on a corporate Commonwealth entity (CCE) being the preferred vehicle to establish the NRFC was based on DISR’s assessment that a CCE provided the most effective way to achieve policy objectives, and was most closely aligned with the election commitment of the NRFC being modelled on the Clean Energy Finance Corporation. Appointments to the NRFC Board were consistent with NRFC Act, except that due diligence checks were not documented for one member appointed to the NRFC Board in October 2023. (See paragraphs 2.19 to 2.55)
Governance arrangements
19. NRFC Board and CEO appointments, Board meetings and the Board and CEO’s remuneration arrangements have been established under the NRFC Act. A Board skills matrix was developed for commencement appointments. NRFC Board members, NRFC CEOs and acting CEO made conflicts of interest declarations and maintain conflicts of interest registers. NRFC experienced leadership changes in the 16 months from its commencement to January 2025, with two CEO appointments and two acting CEO appointments. NRFC has established its risk management, fraud and corruption risk management and reporting arrangements under the PGPA Act, with some elements in progress. The NRFC ARC reviewed NRFC’s arrangements for risk management, internal controls, financial reporting except for NRFC’s performance reporting. Corporate policies continue to be in progress as at March 2025. The NRFC Board has yet to develop a financial strategy to support its financial sustainability and return on investment. Processes are in place for managing procurements, recruitment, declaring gifts and benefits, and managing Freedom of Information, with an opportunity to make available released information for downloading from its website. (See paragraphs 3.2 to 3.57)
20. NRFC has established its Investment Policies under section 75 of the NRFC Act. The NRFC Board has established the Board Investment Committee to provide oversight of investment decision processes, including investment delegations and policies for managing conflicts of interest and personal trading. Recruitment for roles supporting investments management was continuing as at March 2025, and the investments were made prior to establishing the investment asset management function. (See paragraphs 3.58 to 3.71)
21. NRFC has established and published its performance measures in its Corporate Plan 2023–24 and Corporate Plan 2024–25. NRFC reported in its 2023–24 performance statement that it had achieved its performance measure of finalising its core corporate, risk and investment policies. These ‘core’ policies were not defined and there were 39 policies and related documents outstanding at June 2024. NRFC’s performance measures in 2024–25 incorporate measures to report that investments meet at least three of the seven economic priority areas, there is an opportunity to ensure that measures in future years report against all seven economic priority areas. Controls for performance information and methodologies for performance reporting are in development as at March 2025. (See paragraphs 3.72 to 3.79)
Fund arrangements
22. NRFC’s Board and senior executives have engaged with Commonwealth entities, industry stakeholders and prospective applicants. NRFC’s Corporate Plans for 2023–24 and 2024–25 have set out objectives and performance measures for partnering and engaging with stakeholders. In October 2023, the NRFC Board decided to formalise engagement activities. NRFC’s investment strategy and stakeholder engagement framework were in draft and not finalised in 2023–24. A Stakeholder Engagement Strategy was approved by the NRFC Executive Leadership Team in May 2025. NRFC does not have a plan to periodically evaluate the effectiveness of its engagement activities. NRFC’s outputs relating to its investment strategy and stakeholder engagement framework outlined in its Corporate Plan 2023–24 were not completed. NRFC has made investment decisions and engaged with stakeholders without an endorsed investment strategy and stakeholder engagement framework. A draft investment strategy and stakeholder engagement framework limit the effectiveness of the NFRC Board’s fund promotion activities to achieve the performance measures it has set to deliver NRFC’s performance outcomes. (See paragraphs 4.2 to 4.9)
23. NRFC’s processes and controls to assess and approve applications are developing as at March 2025. NRFC’s existing investment procedures address its legislative requirements except for national security and First Nations impact, which are under development. NRFC’s approach to assessing investments has gaps in due diligence, investment risk assessment, and concessionality. These gaps impact the consistency of investment assessments, completeness of risk advice provided to the NRFC Board, and the NRFC Board’s assurance over compliance with its legislative requirements. The NRFC Board has not received updates on the Embargo Register to prevent members from inadvertently dealing in entities on whom the NRFC holds inside information. NRFC has not obtained confidentiality agreements or conflict of interest declarations from suppliers undertaking due diligence on investments. There is scope to improve the consistency of documenting how NRFC’s investments crowd-in and do not crowd-out other market participants. (See paragraphs 4.12 to 4.62)
24. NRFC’s budget estimates and performance measures establish investment targets across the current and forward years from 2024–25 to 2027–28. As at 31 May 2025, NRFC had announced investments totalling $434.5 million against a target of $550 million for 2024–25. The NRFC Board has established quarterly monitoring arrangements for its investment target through its ‘Operating Plan FY2025.’ NRFC took between six and nine months to assess and approve investments reviewed by the ANAO. As at 31 March 2025, NRFC’s Board has not developed a financial strategy that links with its investment strategy and stakeholder engagement framework to support it to deploy investments in a timely manner, and to generate returns to fund its operating expenses. (See paragraphs 4.67 to 4.71)
Recommendations
Recommendation no. 1
Paragraph 3.23
The National Reconstruction Fund Corporation Board establish a financial strategy to support its activities to maintain financial viability and return on investment.
National Reconstruction Fund Corporation response: Agreed.
Recommendation no. 2
Paragraph 3.35
The National Reconstruction Fund Corporation Board ensure that the Audit and Risk Committee review all future performance reporting arrangements in accordance with its charter and to ensure its compliance with paragraph 17(2)(b) of the PGPA Rule.
National Reconstruction Fund Corporation response: Agreed.
Recommendation no. 3
Paragraph 4.10
The National Reconstruction Fund Corporation Board finalise its investment strategy and stakeholder engagement framework and develop a plan to evaluate effectiveness.
National Reconstruction Fund Corporation response: Agreed.
Recommendation no. 4
Paragraph 4.35
The National Reconstruction Fund Corporation:
- obtain conflict of interest declarations from its suppliers who assist with investment due diligence and re-validate declarations when the due diligence report is finalised, as part of the monitoring of conflicts of interests; and
- execute confidentiality agreements with suppliers who assist it with its investments.
National Reconstruction Fund Corporation response: Agreed.
Recommendation no. 5
Paragraph 4.45
The National Reconstruction Fund Corporation Board should be informed of the risks associated with its Embargo Register.
National Reconstruction Fund Corporation response: Agreed.
Recommendation no. 6
Paragraph 4.63
The National Reconstruction Fund Corporation Board:
- ensure existing procedures outline the roles and responsibilities of relevant officials and executives and set out the minimum requirements for due diligence, risk management, assessing concessionality and record keeping; and
- finalise and endorse investment procedures that are under development to assess, approve and manage investments.
National Reconstruction Fund Corporation response: Agreed.
Recommendation no. 7
Paragraph 4.64
The National Reconstruction Fund Corporation Board establish assurance arrangements and assign responsibilities to ensure the consistent:
- application of investments in accordance with the National Reconstruction Fund Corporation Act 2023 and National Reconstruction Fund Corporation (Investment Mandate) Direction 2023; and
- storage of records for investment assessment processes, assessments and decisions.
National Reconstruction Fund Corporation response: Agreed.
Summary of entity responses
25. Relevant parts of the proposed audit report were provided to the National Reconstruction Fund Corporation, the Department of Industry, Science and Resources, and the Department of Finance. Summary responses are reproduced below and full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
National Reconstruction Fund Corporation
The NRFC welcomes the ANAO’s report and its finding that the NRFC’s governance arrangements are largely sound. As the report notes, the NRFC was established on 18 September 2023, with the performance audit commencing less than a year into its operations. This early assessment of the Corporation’s governance processes provides assurance of the direction taken and offers useful insights to inform the Corporation’s commitment to continuous improvement.
The NRFC agrees with all recommendations and is committed to their implementation in a timely manner. We note that in all areas identified by the ANAO, active steps are being taken to ensure effective governance processes, including a number of areas where the recommended actions are already complete or where significant progress has already been achieved. Further work is underway to fully implement the remaining recommendations. The NRFC’s Audit and Risk Committee will oversee this implementation.
Department of Industry, Science and Resources
The department acknowledges the opportunity to comment on the report, noting it only had access to extracts relevant to the department.
In 2022, the Australian Government committed to establishing the National Reconstruction Fund (NRF) to support, diversify and transform Australia’s industry and economy.
To inform the NRF’s design, the department conducted extensive stakeholder engagement and public consultation. This included input from government and external stakeholders. Participants included representatives from business, unions, financial institutions, First Nations communities, regional groups, government and the public. This comprehensive process informed the NRFC’s structure, legislation, and successful establishment by September 2023.
In response to the one identified opportunity for improvement, the department acknowledges the release of RMG 127 in July 2024 and has updated its processes to ensure alignment with this latest guidance.
Department of Finance
The Department of Finance (Finance) welcomes ANAO’s performance audit report on the Design and Establishment of the National Reconstruction Fund Corporation (Report). The report concludes that the implementation and governance of the NRFC was largely effective. Finance notes that the due diligence documentation did not meet the standard of Resource Management Guide 127 – Specialist Investment Vehicles (RMG 127), however this guide was not in place at the time of the appointment.
Finance agrees with the ANAO’s suggested area for improvement to document NRFC board appointment processes. Consistent with guidance in RMG 127, Finance commits to ensuring that all board appointment processes and considerations are thoroughly and accurately documented. This includes retaining all relevant records to ensure transparency and accountability. Finance has already implemented these measures to support the effective governance and oversight of the National Reconstruction Fund Corporation (NRFC).
Key messages from this audit for all Australian Government entities
26. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Transparency of reporting
Summary and recommendations
Background
1. The National Disability Insurance Scheme (NDIS) was established under the National Disability Insurance Scheme Act 2013 (NDIS Act) to fund reasonable and necessary supports for eligible people with disability to assist them in participating in economic and social life. NDIS participants have their supports costed and funded through a participant plan. The National Disability Insurance Agency (NDIA) was established under the NDIS Act to deliver the NDIS, and pays claims from participants and registered providers to fund NDIS supports in participant plans. In 2023–24, NDIS participant plan expenses totalled $41.85 billion, covering more than 661,000 participants. By 2033–34, NDIS expenses are expected to grow to $92.72 billion, covering more than 1,021,000 participants.1
2. The NDIA has defined compliance as ‘following the rules and standards of the NDIS and Australian laws’ and ‘doing the right thing and using NDIS funds in line with NDIS plans’.2 Types of claim non-compliance that have been identified through the NDIA’s fraud and non-compliance activities include: illegitimate or ‘ghost’ participants; claiming from expired plans; claiming from plans of participants who are incarcerated, in hospital or overseas for long periods (and thus ineligible for NDIS supports); claiming for services outside of plans; claiming for services that were not provided; claiming in advance of service delivery; overstating services, overcharging or duplicate charging; and double-dipping across government programs. The government has committed more than $495 million over eight years from 2021–22 to 2028–29 for the NDIA to address NDIS fraud and non-compliance.
Rationale for undertaking the audit
3. The NDIA paid out $41.85 billion for NDIS claims in 2023–24. In September 2023, the NDIA estimated that 6 to 10 per cent of these outlays could be for non-compliant, fraudulent or incorrect claims. The NDIA Board has a duty under section 16 of the Public Governance, Performance and Accountability Act 2013 to establish and maintain appropriate systems of risk oversight and management and internal control for the NDIA. It also has a duty under section 10 of the Public Governance, Performance and Accountability Rule 2014 (the Fraud and Corruption Rule) to take all reasonable measures to prevent, detect and respond to fraud and corruption relating to the NDIA (including deliberate non-compliance). There has been parliamentary interest in NDIS fraud and non-compliance and its impact on the sustainability of the NDIS. This audit was undertaken to provide assurance to the Parliament on the effectiveness of the NDIA’s arrangements for managing NDIS claim compliance.
Audit objective and criteria
4. The objective of the audit was to assess the effectiveness of the NDIA’s management of claimant compliance with NDIS claim requirements.
5. To form a conclusion against this objective, the following high-level criteria were adopted.
- Has the NDIA developed and implemented effective frameworks and processes to manage NDIS claim compliance?
- Has the NDIA implemented effective arrangements to oversee, monitor and continuously improve NDIS claim compliance?
Conclusion
6. The NDIA’s management of claimant compliance with NDIS claim requirements is partly effective. Prior to 2024, the NDIS lacked basic prevention controls for fraud and non-compliance. The NDIA is undertaking work to ‘crack down on fraud and non-compliant payments’, with tranche two of its Crack Down on Fraud program expected to be implemented by December 2025. If this work is delivered as planned, and embedded into business-as-usual activities, it has the potential to improve the financial sustainability of the NDIS.
7. The NDIA has partly effective frameworks and processes in place to manage claimant compliance with NDIS claim requirements and is implementing a large program of work to remediate identified deficiencies, with a target completion date of December 2025. The NDIA has not established a fit-for-purpose framework for managing NDIS claim compliance, although elements that could inform a more robust framework have been included in strategic planning documents for the NDIA’s Crack Down on Fraud program and the Fraud Fusion Taskforce. After identifying in 2023 that the NDIA was implemented with ‘catastrophically weak’ prevention controls, the NDIA has not yet established effective processes for preventing non-compliant claims. The NDIA has established processes to detect and respond to non-compliant claims, which are reviewing a small proportion of claims (0.4 per cent by dollar value) and detecting high levels of non-compliance (over 50 per cent by dollar value). The NDIA is working to improve the effectiveness of NDIS preventative and detective controls through the Crack Down on Fraud program, including introducing identity verification and claim validation processes and enhanced data analytics capabilities. Tranche one of the Crack Down on Fraud program was largely implemented on time and under budget. In April 2025, tranche two had an ‘amber’ status, with two June 2025 milestones identified as ‘at risk’ due to procurement delays.
8. The NDIA has implemented partly effective arrangements to oversee, monitor and continuously improve claimant compliance with NDIS claim requirements. While oversight and monitoring of NDIS claim compliance has been inconsistent, with frequent changes to reporting and oversight arrangements, a range of assurance mechanisms are in place for the Crack Down on Fraud program. The NDIA has not updated its risk assessments at the fraud and operational levels to reflect heightened claim compliance risks and identified gaps in existing controls. The NDIA has been measuring estimated payment error rates and has started reporting against compliance-related savings and benefits commitments. The transparency of its performance reporting to the government and the Disability Reform Ministerial Council could be improved. The NDIA is undertaking IT systems upgrades to improve its capacity to use data analytics to continuously improve NDIS claim compliance.
Supporting findings
Compliance frameworks and processes
9. The NDIA’s Compliance and Enforcement Framework (March 2020) and Fraud and Corruption Control Plan (July 2023) do not provide fit-for-purpose frameworks for managing claim compliance and do not delineate current accountabilities for compliance management. The NDIA Board is non-compliant with the Fraud and Corruption Rule as it has not endorsed an updated Fraud and Corruption Control Plan to meet the requirements of the new whole-of-Australian Government framework. The NDIA has developed a ‘program logic’ for the Crack Down on Fraud program and ‘strategic prevention concepts’ for the Fraud Fusion Taskforce that outline more appropriate control frameworks, as they include coverage of basic preventative controls for government payment schemes and are targeted to key non-compliance risks. The NDIA has not updated its broader compliance frameworks and related policies and procedures to reflect changes in its compliance approach. (See paragraphs 2.3 to 2.18)
10. The NDIS was designed and implemented (up until 2024) without basic prevention controls, such as clear claim requirements and robust identity verification and pre-payment validation processes. The NDIA commenced implementing activities to address these deficiencies in February 2024 through its Crack Down on Fraud program. Early program milestones were largely met, and the first tranche of the program was delivered largely on time and under budget. A large body of work to address prevention control deficiencies was still in progress as of April 2025 with a target completion date for tranche two of December 2025. In April 2025, the NDIA reported an ‘amber’ status for the program, due to procurement delays that had put the timely delivery of two milestones at risk. The NDIA has established other prevention controls, such as undertaking campaigns to improve compliance in targeted areas and providing educational information and guidance to claimants and NDIA staff. (See paragraphs 2.19 to 2.50)
11. The NDIA has established processes to detect and respond to non-compliant claims, including tip-off mechanisms, manual payment review processes and debt recovery. The NDIA has made improvements to its tip-off intake and assessment processes and is continuing to implement a tip-off redesign program. After the NDIA received advice in May 2023 that it was limited in its capacity to recover debts from non-compliant claims when supports were described generally in participant plans, the NDIA shifted its focus in 2024 from post-payment reviews to pre-payment reviews. The NDIA targets its manual pre-payment reviews based on ‘risk profiles’. These reviews cover a small proportion of NDIS outlays (0.4 per cent) and are detecting a high proportion of non-compliance (over 50 per cent of reviewed claims, by dollar value, are cancelled). The NDIA has identified deficiencies in its detection and response IT systems and is progressing work to improve its data analytics capabilities through the Crack Down on Fraud program, with a target completion date of December 2025. (See paragraphs 2.51 to 2.78)
Oversight, monitoring and evaluation
12. The NDIA’s oversight and monitoring of claim compliance has been inconsistent, with frequent changes to reporting and oversight arrangements. The NDIA consolidated integrity functions within a single group from January 2024 and established a Strategic Leadership Team sub-committee from October 2024 to March 2025 to oversee integrity functions, including claim compliance. Briefing on the status of integrity initiatives has been provided with varying frequency to the NDIA Board, other decision-makers and oversight committees. The NDIA has put in place a range of assurance mechanisms for the Crack Down on Fraud program, including regular assurance activities conducted by the program’s independent assurer. The NDIA has identified heightened claim compliance risks and significant gaps in existing controls. It has not updated its control assessments at the fraud and operational levels to reflect these identified control weaknesses. (See paragraphs 3.3 to 3.33)
13. The NDIA conducts assurance testing to estimate payment error rates and identify opportunities for continuous improvement. It does not have robust processes to monitor the implementation of identified improvement opportunities, and it has acknowledged that measured error rates underestimate fraud and non-compliance losses. In October 2023, the NDIA made commitments to the government to achieve savings and benefits from the Crack Down on Fraud program. The NDIA has not provided reporting against these commitments to the government or the Disability Reform Ministerial Council. The NDIA is implementing IT systems upgrades through the Crack Down on Fraud program, with a target completion date of December 2025, which aim to increase its capacity to use data analytics to support continuous improvement in claim compliance. (See paragraphs 3.34 to 3.60)
Recommendations
Recommendation no. 1
Paragraph 2.17
The National Disability Insurance Agency update its corporate compliance frameworks and related policies and procedures to reflect its compliance approach, delineate accountabilities for compliance management and outline how compliance activities are targeted to addressing key non-compliance risks.
National Disability Insurance Agency response: Agreed.
Recommendation no. 2
Paragraph 3.25
The National Disability Insurance Agency update its risk assessments at the fraud and operational levels to reflect known fraud and non-compliance risks and control weaknesses.
National Disability Insurance Agency response: Agreed.
Recommendation no. 3
Paragraph 3.40
The National Disability Insurance Agency:
- further expand the scope of its payment assurance testing to estimate the financial impacts of more complex fraud and non-compliance; and
- establish processes to monitor the implementation of recommendations from its root cause analysis of thematic issues identified through payment assurance testing.
National Disability Insurance Agency response: Agreed.
Recommendation no. 4
Paragraph 3.54
The National Disability Insurance Agency:
- report to the government and the Disability Reform Ministerial Council on progress against committed savings, benefits and performance measures from compliance initiatives; and
- in any reporting on savings and benefits from compliance initiatives, separately report estimated actual financial impacts and projected financial impacts and include explanatory notes on the assumptions underpinning projected figures.
National Disability Insurance Agency response: Agreed.
Summary of entity response
14. The proposed audit report was provided to the NDIA. The NDIA’s summary response is reproduced below. The full response from the NDIA is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
The NDIA appreciates the work of the ANAO in assessing the NDIA’s management of claimant compliance with NDIS claim requirements.
Over the last 2 years, the NDIA has been implementing an accelerated transformation to significantly improve the NDIA’s management of claimant compliance from a low level of maturity.
Committed to deliver integrity outcomes that detect, respond to, and prevent fraud and non-compliance against the NDIS, the NDIA secured and is implementing programs funded by the Fraud Fusion Taskforce and the Crack Down on Fraud Program. Our integrity transformation programs are focused on uplifting NDIA system capability, making it easier to get it right, and harder to get it wrong.
The scope of change has required agility and responsiveness, at scale and as the NDIA progressively implements transformation, it is building new capability through changes to law reform, technology uplifts, process uplifts and whole of government collaboration. The NDIA appreciates the ANAO’s acknowledgement of this progressive maturity journey, and the integrity outcomes that the NDIA continues to deliver.
The NDIA will continue to progressively implement transformational change to safeguard the NDIS and protect participants’ plans, safety and wellbeing. The changes aim to ensure participants have a positive NDIS experience and that the NDIS remains available to support Australians with disability when they need it.
Key messages from this audit for all Australian Government entities
15. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Policy/program design and implementation
Governance and risk management
Summary and recommendations
Background
1. An ‘interest’ is something related to an individual’s personal circumstances that may bring advantage to, or affect, that individual. Interests can include, but are not limited to: financial interests; relationships; employment, including past employment and outside employment; and memberships or affiliations.
2. A conflict of interest can occur when there is a conflict between the public duties and personal interests of a public official that could, or could be seen to, influence the decisions they make or advice they give. For example, an official may hold shares in a company that they are regulating or procuring goods and services from. Conflicts of interest can be real, apparent or potential. Real conflicts of interest occur when personal interests improperly influence officials in performing their public duties.
3. The Public Service Act 1999 sets out that the function of the Senior Executive Service (SES) is to provide APS-wide strategic leadership of the highest quality that contributes to an effective and cohesive APS.1 SES officers should, by personal example and other appropriate means, promote the Australian Public Service (APS) Values and compliance with the Code of Conduct.2 There are specific requirements for accountable authorities and SES employees in relation to the management of interests.3
Rationale for undertaking the audit
4. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties. Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosure and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.4
5. This audit was conducted to provide assurance to the Parliament whether the selected entities are effectively managing SES conflict of interest requirements.
Audit objective and criteria
6. The objective of the audit was to assess the effectiveness of selected Commonwealth entities’ management of Senior Executive Service conflict of interest requirements.
7. To form a conclusion against the objective, the ANAO adopted the following three high-level audit criteria.
- Have the entities developed appropriate arrangements to support the management of SES personal interests and conflicts of interest?
- Have the entities implemented effective controls and processes for managing SES annual declarations of interests in accordance with policies and procedures?
- Are SES officers effectively completing conflict of interest declarations for activities of heightened risk of conflict?
Conclusion
8. The Aged Care Quality and Safety Commission (ACQSC), the Australian Trade and Investment Commission (Austrade) and the Department of Home Affairs (Home Affairs) are managing conflicts of interest for SES officers in a largely effective manner. The entities’ management of conflicts of interest has generally improved since 2022. There are a number of initiatives underway to strengthen the framework for managing conflicts of interest across the Australian Public Service.
9. The audited entities have largely appropriate arrangements in place to manage the personal interests and conflicts of interest of SES officers. All entities have policies and procedures which identify interests as a matter requiring consideration. ACQSC and Austrade do not have documented procedures for managing accountable authority declarations to the relevant minister as required by the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). Home Affairs introduced a procedure in March 2025. All entities identify responsibilities for managing interests. Internal reporting on the completion of declarations and risks arising from declarations has not been undertaken. All entities include conflicts of interest in their enterprise risk registers or fraud risks. Each entity provides training on conflicts of interest within their mandatory training modules. Entities do not adequately monitor completion of this training. All entities communicate information and guidance on conflicts of interest to staff.
10. All entities have implemented partly effective controls and processes for managing SES declarations of interests. Not all SES officers are making declarations. There are limitations in the completeness of information included in declarations by officers, and demonstrated managerial review only occurred for some declarations. Records documenting management plans were not maintained by ACQSC until early 2024. All entities monitor completion of declarations and follow up non-compliant individuals. Between 2022 and 2024, the accountable authorities of ACQSC and Austrade did not make declarations to relevant ministers, as required. The ACQSC’s new incoming accountable authority made a declaration to the relevant minister in January 2025 and the Austrade accountable authority made a declaration in November 2024 and March 2025. The Home Affairs accountable authority has made declarations as required. ACQSC and Austrade included conflicts of interest in assurance activities between 2022 and 2024, and Home Affairs last did so in 2020–21.
11. Entities are partly effective with respect to SES officers completing activity-based conflict of interest declarations. Entities have generally established a requirement for officers to declare conflicts of interest for procurement, recruitment and grants administration activities. The requirement is weakened when there is no requirement for all officers to make a declaration, including for officers with nothing to declare. The ANAO found that officers from ACQSC and Austrade were generally making declarations for procurement as required. Home Affairs officers were not. Officers from all entities involved in grants administration activities are declaring as required. Results were mixed for recruitment activities. No entities had adequate arrangements in place for conflict of interest risks related to post-separation employment.
Supporting findings
Governance
12. ACQSC’s and Home Affairs’ Accountable Authority Instructions (AAIs) follow the model AAI content from the Department of Finance on the disclosure of interests. ACQSC’s AAIs give additional organisational context. Austrade’s instructions do not include the model content and make limited reference to the management of interests. All entities have supporting policies and procedures. Home Affairs’ policies and procedures provide insufficient detail on the annual SES declaration process. None of the entities had procedures supporting accountable authority declarations to the relevant minister. Home Affairs introduced such a procedure in March 2025. (See paragraphs 2.1 to 2.39)
13. All entities have clearly documented responsibilities identifying that individuals are required to make declarations. ACQSC and Home Affairs identify additional responsibilities for other roles including supervisors, managers and business areas responsible for overall management of interests. There has been no internal reporting undertaken within the entities in relation to the completion of annual interest declarations processes, except ACQSC commenced reporting in January 2025 to its internal governance forum. None of the entities analysed declarations of interests to assess and report on emerging risks. (See paragraphs 2.40 to 2.60)
14. All entities have considered conflicts of interest as part of broader integrity or legislative compliance risks. While risks associated with conflicts of interest are considered by all entities, only Home Affairs has documented the controls and control owners associated with enterprise risks. ACQSC’s register includes risk owners. Appropriate documentation of controls and control owners is absent in ACQSC and Austrade. All entities have considered conflicts of interest as a factor within their fraud and corruption control plans. Home Affairs has assessed conflicts of interest as part of its fraud and corruption risk assessments. (See paragraphs 2.61 to 2.77)
15. All entities have training on conflict of interest within their mandatory annual training. This training is not being completed by all SES officers. To help remind SES officers to complete their annual declarations, each of the entities provide officers with reminders. Information and assistance to support officers to comply with their obligations is also available within each entity. (See paragraphs 2.78 to 2.109)
Annual declarations of interests
16. Not all SES officers are completing annual declarations, with completion rates varying across entities. For ACQSC, the completion rate was 92 per cent in 2024. For Austrade, it was 99 per cent (when taking into account long-term leave and departures) and for Home Affairs it was 84 per cent. Completion rates have varied over time. Declarations generally contain sufficient information to understand the nature and extent of a declared interest, however an explanation of how the interest relates to the ‘affairs of the entity’ is not always sufficiently described. The accountable authorities of ACQSC and Austrade did not make declarations of their interests to the relevant minister as required. (See paragraphs 3.3 to 3.31)
17. None of the entities require that all annual declarations made by SES officers are subject to review. If an officer makes a ‘nil’ declaration, none of the entities have required declarations be reviewed. Home Affairs introduced a requirement in December 2024. Only declarations including an interest are subject to manager review. Management plans developed by Austrade officers document managerial review. Evidence of managerial review was lacking for plans developed by ACQSC and Home Affairs officers prior to 2024. (See paragraphs 3.32 to 3.48)
18. All entities monitor the completion of declarations of interests by SES officers. Where SES officers had not completed declarations, there was a process to follow up with relevant officers and their managers. ACQSC and Austrade undertook assurance activity through the inclusion of conflicts of interest within internal audits between 2022 and 2024. (See paragraphs 3.49 to 3.58)
Declarations of conflicts of interest for activity-based activities
19. Each entity requires that SES officers involved in procurement declare conflicts of interest. For ACQSC the SES officers involved in procurement made declarations as required. Eleven of 14 Home Affairs SES officers did not make declarations as required. From March 2025, Austrade has required that all officers involved in procurement activities make conflict of interest declarations. Before this, only officers who had a conflict to declare were required to make a declaration. As such, there were no records for the two Austrade SES officers in the ANAO sample demonstrating that they had considered conflicts of interest. (See paragraphs 4.5 to 4.8)
20. Austrade does not have a policy specifically relating to making conflict of interest declarations for grants administration. Home Affairs requires officers to disclose and manage conflicts of interest, however, there is a lack of supporting process. The three Austrade SES officers involved in grants administration activities assessed by the ANAO had made conflict of interest declarations. The 13 Home Affairs SES officers involved in grants administration had also made declarations. (See paragraphs 4.9 to 4.13)
21. Each of the entities requires that SES officers involved in recruitment declare conflicts of interest, except Home Affairs does not have a documented policy where the recruitment is for an SES officer. Within ACQSC, 38 per cent of SES officers involved in recruitment activities assessed by the ANAO did not make a declaration as required. Austrade does not require officers to make declarations if they have nothing to declare — 44 per cent of SES officers involved in the recruitment assessed by the ANAO made no declaration. Ninety-seven per cent of Home Affairs’ SES officers involved in recruitment made a declaration. Where conflicts of interest were declared, appropriate officers at the three entities were not always reviewing these and management actions were not always being put in place. (See paragraphs 4.14 to 4.39)
22. None of the entities have adequate policies and procedures to support the identification, declaration and management of conflicts of interest related to post-separation employment. Austrade has a declaration addressing conflicts of interest in its cessation checklist. The checklist was not completed by all departing officers. In addition, there was a lack of evidence to demonstrate that such conflicts of interest were considered for SES employees who had departed. (See paragraphs 4.42 to 4.50)
Recommendations
Recommendation no. 1
Paragraph 2.36
Aged Care Quality and Safety Commission and the Australian Trade and Investment Commission establish arrangements to support compliance with the requirements of the Public Governance, Performance and Accountability Rule 2014 relating to accountable authority (including acting accountable authority) declarations of interests to relevant ministers.
Aged Care Quality and Safety Commission response: Agreed.
Australian Trade and Investment Commission response: Agreed.
Recommendation no. 2
Paragraph 2.99
All entities monitor the status of mandatory training to ensure that it is completed within expected timeframes. Where completion is not timely, follow up action should be taken to ensure that requirements are met.
Aged Care Quality and Safety Commission response: Agreed.
Australian Trade and Investment Commission response: Agreed.
Department of Home Affairs response: Agreed.
Recommendation no. 3
Paragraph 3.18
Aged Care Quality and Safety Commission revise:
- guidance supporting annual declarations to ensure individuals making declarations sufficiently describe their roles and responsibilities; and
- its annual declaration form to require that annual declarations be refreshed in detail at regular intervals and specify a duration permitted for reliance on prior declarations.
Aged Care Quality and Safety Commission response: Agreed.
Recommendation no. 4
Paragraph 4.15
Aged Care Quality and Safety Commission update its form for making conflict of interest declarations in relation to recruitment to include a section to describe the nature and extent of a conflict and how it is intended to be managed, and to record acceptance by the panel chair or recruitment delegate.
Aged Care Quality and Safety Commission response: Agreed.
Recommendation no. 5
Paragraph 4.19
Australian Trade and Investment Commission revise its recruitment policy to require declarations of conflicts of interest in all instances, including where no conflict is present.
Australian Trade and Investment Commission response: Agreed.
Recommendation no. 6
Paragraph 4.23
The Department of Home Affairs document its approach to managing conflicts of interest for SES recruitment activities.
Department of Home Affairs response: Agreed.
Recommendation no. 7
Paragraph 4.46
Aged Care Quality and Safety Commission and the Department of Home Affairs update policies and procedures to include employee obligations to identify, declare and manage conflicts of interest related to post-separation employment.
Aged Care Quality and Safety Commission response: Agreed.
Department of Home Affairs response: Agreed.
Summary of entity responses
23. The proposed report was provided to ACQSC, Austrade and Home Affairs. Summary responses from the entities are reproduced below. Full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
Aged Care Quality and Safety Commission
The Aged Care and Quality Safety Commission (the Commission) welcomes the findings of the audit which align well with the uplift in our integrity policies and practices the Commission already had underway, and some of which were applied during the period of the audit.
The Commission agrees with the five recommendations relating to arrangements for the accountable authority to provide declarations to the Minister, monitoring compliance with mandatory training, ensuring declarations contain information about the person’s role and responsibilities, ensuring annual declarations are refreshed at regular intervals, updating our recruitment Conflict of Interest Form and updating policies and procedures to include post separation conflicts of interest.
The Commission had already commenced improving its conflict of interest processes as part of a wider integrity uplift prior to the audit and the learnings from this audit will continue to inform our integrity maturity uplift. Recommendations from the audit have been actioned with amendments being made to forms, policies and procedures.
Australian Trade and Investment Commission
The Australian Trade and Investment Commission welcomes the audit report and acknowledges the findings and recommendations made by the Australian National Audit Office in relation to the Management of the Senior Executive Services Conflict of interest requirements.
The Australian Trade and Investment Commission is committed to implementing the recommendations from the report. These improvements will further strengthen Austrade’s efforts to ensure all Senior Executive Service (SES) employees of the agency declare all conflicts of interest, and that all declarations are managed with integrity and consistent with legislative obligations.
Department of Home Affairs
All findings and recommendations are agreed. The Department of Home Affairs is committed to ensuring that appropriate processes are maintained for identifying and managing conflicts of interest. This is fundamental to maintaining public trust and confidence in our operations.
Mandatory training is currently in place for all staff and the department will establish follow up actions to ensure SES officers are meeting their mandatory training obligations within set timeframes. This will strengthen the current system of automatic reminders which are sent to both staff and their supervisors, and non-compliance reports that are provided to senior leaders.
The department has work underway to improve its conflict of interest process. This includes updating policies and guidance material and strengthening education. The department has already updated and strengthened procurement guidance and templates to ensure delegates are aware of their conflict of interest obligations throughout each stage of the procurement process. Formal procedures have also been implemented for the Senior Executive Service annual declaration of interest process.
Key messages from this audit for all Australian Government entities
24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. Airservices Australia (Airservices) is established under the Air Services Act 1995 to provide air traffic control and other related services to the aviation industry in Australian-administered airspace. The Department of Defence (Defence) provides air traffic management to military aviation in Australia, including at Defence airfields that operate with shared military and civil use.
2. The OneSKY program aims to build and operate a joint civil–military air traffic management system. The program includes the design and delivery of the new Civil Military Air Traffic Management System (CMATS) plus supporting infrastructure for Airservices and Defence. Airservices is the lead agency delivering the CMATS program in collaboration with Defence.
3. In February 2018 Airservices entered into separate acquisition and support contracts with Thales Australia Limited (Thales) and an on-supply agreement with Defence.
Rationale for undertaking the audit
4. Passengers in Australian airspace rely on Airservices to provide critical air traffic control infrastructure safely and efficiently. The OneSKY program is a major change for Airservices, and CMATS is a core component of the program. Airservices has contracted Thales to develop and support CMATS. The ANAO has previously undertaken three performance audits on the procurements for CMATS, the most recent in 2019.1 Procurement and contract management of large-scale IT projects involve elevated risks. The audit provides assurance to Parliament on whether Airservices is managing the contract for CMATS effectively.
Audit objective and criteria
5. The objective of the audit was to assess the effectiveness of Airservices’ contract management for the OneSKY program.
6. To form a conclusion against the audit objective, the audit team applied the following high-level criteria:
- Has Airservices developed appropriate governance arrangements to support contract management?
- Has Airservices managed the contract effectively to achieve value for money?
Conclusion
7. Airservices’ contract management of the OneSKY program is partly effective. It has governance processes in place and has developed procedures to manage the contract. Shortcomings in contract management planning, performance management and probity have limited its effectiveness in managing the contract to minimise cost increases and schedule delays.
8. Airservices has implemented partly appropriate contract management governance arrangements. A contract management plan is in place; however, arrangements did not sufficiently cover provider performance, program risk and probity issues. Risk processes did not completely capture interdependencies between contract management and program risks. An on-supply agreement formalised arrangements between Airservices and the Defence for the delivery of CMATS. It relies on effective collaboration and governance forums for issues escalation. The Defence component of CMATS was declared a Project of Concern in October 2022 outside of the formal governance forums.
9. Airservices is partly effective in managing the contract to achieve value for money. It has a process to manage variations; however, a high number of variations to date have resulted in cost increases and schedule extensions, and the rationale for its value-for-money assessment was not consistently documented when seeking approval. The incentive-based pricing model agreed in the contract between Airservices and Thales has not been fully effective in containing costs, with the target price expected to be met. Airservices’ supplier performance management is not fully developed or utilised. Airservices applies enterprise-wide probity procedures for conflicts of interest and gifts and benefits, but staff did not always follow these.
Supporting findings
Contract management governance
10. Airservices has developed a OneSKY contract management plan. The plan covers elements set out in the Airservices contract management procedure, such as roles and responsibilities, governance arrangements and the variation process. It does not cover contract management risk or probity for CMATS, and does not reference the CMATS risk management plan or probity plan. The contract management plan does not sufficiently cover contractual performance management. The OneSKY program has 12 governance forums that are intended to provide direction and oversight. The OneSKY Strategic Relationship Forum has never met and in October 2022 CMATS was declared a Project of Concern. (See paragraphs 2.3 to 2.21)
11. Airservices applies the OneSKY program risk management process to contract management risks. It has risk management plans and documentation to identify and monitor contract risks; however, controls and treatments are not fully effective and contract management risks have been realised throughout the project. The interdependency between contract management risks (including Thales’ performance) and risk to overall program delivery and objectives is not fully captured — for example, through documentation of specific contract management actions and levers to ensure program-wide deliverables are achieved. (See paragraphs 2.22 to 2.39)
12. The on-supply agreement formalised the relationship between Airservices and Defence for the delivery of CMATS and has been varied 10 times. It covers collaboration between the two entities and governance forums, but does not provide for escalation if issues cannot be resolved within these mechanisms. In August 2021 Defence escalated its concerns about the project to ministerial level and in October 2022 the Minister for Defence Industry declared CMATS a Project of Concern. The Minister for Defence Industry has since held six meetings with principal stakeholders to address project underperformance. These have resulted in the development of a remediation plan to address program-wide issues. As at February 2025 CMATS remains on the Project of Concern list, with exit criteria formulated to demonstrate delivery of Defence capability. The exit criteria are not expected to be met before 2027. (See paragraphs 2.40 to 2.62)
Achievement of value for money
13. The combined impact of 44 variations as at 31 December 2024 has seen the cost of the acquisition contract increased by $160 million (AUD equivalent) and the delivery date extended by 53 months (four-and-a-half years). Airservices has a process in place to support the development and assessment of contract variations. Briefs to the approval delegate did not completely document how the various elements (technical need, risk and cost) collectively justified the value-for-money assessment or the effect of incremental change on the overall contract value for money. (See paragraphs 3.2 to 3.28)
14. The acquisition contract operates under an incentive arrangement where Airservices and Thales share costs and savings. Under the contract agreed in February 2018, Airservices reimburses Thales for actual costs incurred for works performed up to the ceiling cost. Since December 2023 the arrangement has focused on payments based on milestones. Airservices has mechanisms in place to monitor Thales’ performance, but it does not fully utilise these. In February 2024 program-level key performance indicators were introduced as part of Project of Concern remedial action but these do not provide associated consequences for supplier underperformance where relevant. (See paragraphs 3.29 to 3.69)
15. Airservices has procedures for probity management. Airservices utilises enterprise-wide conflict of interest procedures and gifts, benefits and hospitality acceptance procedures, but these are not reflected in OneSKY probity plans. Airservices staff accepted and did not declare gifts, benefits or hospitality, indicating limited compliance with Airservices’ code of conduct requirements and procedures on perceived and actual conflicts. (See paragraphs 3.70 to 3.88)
Recommendations
Recommendation no. 1
Paragraph 2.20
Airservices Australia update the contract management plan to:
- include how contract management risks and probity are managed;
- provide sufficient guidance on the performance management approach; and
- incorporate additional oversight and periodic contract reviews to ensure contract deliverables remain on track and commercial arrangements are fit for purpose.
Airservices Australia response: Agreed.
Recommendation no. 2
Paragraph 2.35
Airservices Australia identify and document how contract management risk connects to risk at the program level and when specific contract management action could be used to mitigate and improve control of program risks.
Airservices Australia response: Agreed.
Recommendation no. 3
Paragraph 3.21
Airservices Australia, when assessing contract variations:
- record the rationale in approval documentation explaining its value-for-money assessment, including against the overall contract cost and program delivery objectives; and
- identify thresholds for when the impact of incremental change warrants a more significant value-for-money assessment or new procurement rather than varying the current contract.
Airservices Australia response: Partially agreed.
Recommendation no. 4
Paragraph 3.62
Airservices Australia identify which program key performance indicators relate to contract management and link the results of these to contract management actions to better ensure Thales’ accountability in delivering under the contract.
Airservices Australia response: Agreed.
Recommendation no. 5
Paragraph 3.89
Airservices Australia strengthen guidance, education and process around accepting gifts, benefits and hospitality during contract management to address probity risks.
Airservices Australia response: Agreed.
Summary of entity responses
16. The proposed audit report was provided to Airservices and Defence. An extract was provided to Thales. Airservices’ and Defence’s summary responses are provided below and their full responses are provided at Appendix 1.2
Airservices Australia
Airservices acknowledges the report’s findings and appreciates its thorough analysis. While some findings do not fully align with the recommendations, the latter primarily focus on documentation improvements rather than significant deficiencies in existing practices. There are substantial differences between the previously shared report preparation paper (RPP) and the S19 proposed report, specifically noting that the newly added ‘Conclusion’ section presents a more negative view than the broader findings suggest.3 It is pertinent to note Airservices has swiftly implemented corrective actions, addressing all recommendations reflecting its commitment to the OneSKY program and national airspace management harmonization.
Key responses to the recommendations include updating the OneSKY Program Contract Management Plan to enhance guidance on risk management, performance monitoring, and periodic contract reviews. Contract management risks have been integrated into the broader program risk framework, while the Evaluation Report Template has been refined to further clarify value-for-money assessments. The in-practice structured set of approved KPIs have also been linked with contract management plan for cross-reference, and a new procedure has been introduced to strengthen probity awareness regarding hospitality, gifts, and benefits.
These promptly implemented actions demonstrate Airservices’ dedication to continuous improvement in successfully delivering the complex OneSKY program.
Department of Defence
Defence welcomes the ANAO Audit Report into the Management of the OneSKY contract and acknowledges the findings. Defence notes the five recommendations contained in the audit report relate to Airservices Australia’s (Airservices) contract management processes.
Defence is committed to strengthening and standardising processes and controls for contract management. Whilst the audit recommendations are against Airservices’ processes, as part of the collaboration between Airservices and Defence on the OneSKY Program, Defence will work with Airservices and assist, where required and appropriate, to apply the audit recommendations.
Key messages from this audit for all Australian Government entities
17. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Contract management
Summary and recommendations
Background
1. Fraud against Australian Government entities and corrupt conduct by Australian Government officials are serious matters that can constitute criminal offences. Fraud and corruption undermine the integrity of and public trust in government, including by reducing funds available for government program delivery and causing financial and reputation damage to defrauded entities.1
2. The Australian Government’s Commonwealth Fraud and Corruption Control Framework defines fraud and corruption as:
- fraud: dishonestly obtaining (including attempting to obtain) a gain or benefit, or causing a loss or risk of loss, by deception or other means; and
- corruption: any conduct that does or could compromise the integrity, accountability or probity of public administration.2
3. Creative Australia, a corporate Commonwealth entity (CCE), is the Australian Government’s primary investment and advisory body for arts and culture. In 2023–24 Creative Australia supported the community by administering $237.4 million in grants and other funding opportunities.
Rationale for undertaking the audit
4. Fraud and corruption against Australian Government entities reduces available funds for public goods and services and causes financial and reputational damage to the Australian Government.3
5. The Australian Government amended section 10 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), effective 1 July 20244, to include corruption risks and introduce new requirements for fraud and corruption governance arrangements. All Australian Government entities are required to have fraud and corruption control arrangements in place to prevent, detect and respond to fraud and corruption.5
6. Creative Australia must meet the minimum standards set out in the PGPA Rule and, as a CCE, it is strongly encouraged to implement the Commonwealth Fraud and Corruption Policy.6 This audit is intended to provide assurance to the Parliament regarding the fraud and corruption control arrangements in Creative Australia.
Audit objective and criteria
7. The objective of the audit was to assess the effectiveness of Creative Australia’s fraud and corruption control arrangements.
8. To form a conclusion against this objective, the following high-level criteria were adopted.
- Have appropriate arrangements been established to oversee and manage fraud and corruption risks?
- Have appropriate mechanisms been established to prevent fraud and corruption, and promote a culture of integrity?
- Have appropriate mechanisms been established to detect and respond to fraud and corruption?
Conclusion
9. Creative Australia’s fraud and corruption control arrangements are partly effective. Creative Australia has mechanisms in place that seek to mitigate internal fraud and corruption risks. These mechanisms are partly appropriate for the purpose of preventing, detecting and investigating external fraud risks.
10. Creative Australia has established partly effective arrangements to oversee and manage fraud and corruption risks. Creative Australia has developed a Fraud and Corruption Control Framework that has external and internal fraud controls. Creative Australia does not categorise its controls. The framework has been developed in the context of Creative Australia’s risk management framework and documents fraud and corruption risk responsibilities of senior officials. Creative Australia does not differentiate between fraud risks and corruption risks in its risk register. The scope of fraud and corruption control responsibilities are not reflected in Creative Australia’s Authorisations Framework. Creative Australia’s Audit and Risk Committee (ARC) approved the fraud and corruption policy and discussed the policy with the Australia Council Board (the Board). The ARC provides advice on the fraud and corruption risk management system. The ARC is not able to provide assurance to the accountable authority on the appropriateness of controls. While risk assessment results are recorded in Creative Australia’s risk management system, the process undertaken to assess fraud and corruption risks is not documented. Creative Australia does not test the effectiveness of its fraud and corruption controls beyond making a judgement as to whether they are working. Creative Australia did not have a Fraud Control Plan in 2023–24. Its 2024–25 Fraud and Corruption Control Plan does not appropriately manage fraud and corruption risks, and was developed without consideration to risk assessments, and does not consider new functions and activities.
11. Creative Australia has established partly effective mechanisms to prevent fraud and corruption and promote a culture of integrity. Creative Australia’s processes assist officials in preventing fraud and corruption. Creative Australia has established mechanisms to ensure its officials are aware of what constitutes fraud and corruption. Two of the 15 fraud and corruption risks do not have controls in place. Fraud and corruption risks are not considered when planning and undertaking activities. Creative Australia did not have a mechanism to effectively monitor completion of mandatory induction training for all new staff and advised the ANAO in March 2025 that it has since moved to a process of recording training records in its Human Resource management system. Creative Australia’s officials with responsibilities for the management and oversight of fraud and corruption are not primarily employed to undertake fraud and corruption risk management activities. These officials have not undertaken professional development to increase capability in the management of fraud and corruption risks.
12. Creative Australia’s mechanisms to detect and respond to fraud and corruption are partly effective. Creative Australia has not detected a suspected case of fraud or corruption. While Creative Australia has detailed reporting requirements in its multi-year investment programs, it does not have a robust detection mechanism in its general grants and Australian Cultural Fund (ACF) programs. Creative Australia does not cross check non-compliance with the ACF when applicants are accessing other grant opportunities, and if potential fraud or corruption is detected, it does not have guidelines to manage an investigation appropriately. Creative Australia has appropriate mechanisms in place to detect externally originating cyber-attacks. External parties do not have a way to report suspected cases of fraud or corruption confidentially. Non-compliance with grant requirements, including not completing funding activities, are not considered as a potential fraud case by Creative Australia.
Supporting findings
Oversight and management of fraud and corruption risks
13. Creative Australia has established a Fraud and Corruption Control Framework that defines fraud and corruption. Corruption is not defined in line with the definition contained in section 8 of the National Anti-Corruption Commission Act 2022 (NACC Act). The framework does not reference the NACC Act or identify processes for overseeing or managing fraud and corruption risks. Senior officials are assigned responsibilities for fraud control activities in the framework which are not reflected in Creative Australia’s Authorisations Framework. The ARC provides the accountable authority advice over risk management. The ARC does not receive independent assurance on the effectiveness of Creative Australia’s fraud and corruption control arrangements. The ARC does review and approve the fraud and corruption control framework and notes the results of Creative Australia’s internal audit program related to fraud and corruption. Fraud and corruption risks are not reported to the accountable authority. (See paragraphs 2.2 to 2.20)
14. Creative Australia reviews its fraud and corruption risks every six months. There is no documented process for identifying risks, including for entity-specific activities, functions and programs, and fraud and corruption risk assessments are not documented. Effective November 2024, the updated 2024–25 Fraud and Corruption Control Policy does not incorporate changes reflecting the absorbed functions of Creative Australia Partnerships Limited. Creative Australia uses a risk matrix to determine a risk rating for its fraud and corruption risks. Topics covered in Creative Australia’s internal audit program are not informed by the outcomes of fraud and corruption risk reviews. (See paragraphs 2.21 to 2.40)
15. Creative Australia did not have a fraud control plan for 2023–24 and considered its control plan for 2022–23 remained fit for purpose. Creative Australia’s 2024–25 fraud and corruption control plan does not refer to risk assessments, is not linked to fraud and corruption risks, and Creative Australia does not test the effectiveness of its fraud and corruption controls, outside of testing its ICT environment. The ARC uses Creative Australia’s internal audit program every two years to provide a level of confidence to the Board on control effectiveness. (See paragraphs 2.41 to 2.53)
Fraud and corruption prevention and integrity culture
16. Creative Australia has not assessed the appropriateness and effectiveness of its fraud and corruption controls. Creative Australia does not categorise its controls as preventative, detective or corrective. The ANAO assessed controls and determined that 84 per cent of controls are preventative. Two fraud and corruption risks recorded in Creative Australia’s risk management system do not have controls in place. Controls with preventative properties largely relate to functions and activities of Creative Australia that existed prior to 1 July 2023, not incorporating new activities and functions, including the functions acquired on the deregistration of the company Creative Australia Partnerships Limited. Creative Australia does not have a process to prevent non-compliant recipients of funding through the Australian Cultural Fund (ACF) from accessing grants through its other grant programs. Creative Australia has a framework and controls to mitigate the risk of fraud associated with unauthorised access to Creative Australia systems. (See paragraphs 3.3 to 3.23)
17. Creative Australia has mechanisms to ensure its officials are aware of what constitutes fraud and corruption. Induction training includes fraud and corruption awareness. Creative Australia has no documented process to monitor attendance and completion rates of induction training for new officials. Creative Australia has policies related to conflicts of interest, confidentiality, public interest disclosures, and code of conduct available on its website. The website does not provide a mechanism for external parties to request a copy of Creative Australia’s Fraud and Corruption Control Policy. Creative Australia’s external contracts contain anti-bribery and anti-corruption clauses. Creative Australia does not monitor or evaluate its awareness initiatives. (See paragraphs 3.24 to 3.35)
18. Creative Australia has not undertaken any fraud or corruption investigations. If required, Creative Australia advised that investigations would be carried out by suitably qualified external investigators. Creative Australia has officials that have fraud and corruption risk management responsibilities. These officials are not primarily engaged to undertake fraud and corruption risk activities. (See paragraphs 3.37 to 3.46)
Fraud and corruption detection and response
19. Creative Australia has controls in place to detect external cyber-attacks. Creative Australia does not have mechanisms in place for external parties to report suspected cases of fraud or corruption anonymously where appropriate. Processes are in place to detect incidents where non-compliant grant recipients have not carried out the funded activity. Creative Australia does not treat these incidents as potential fraud and does not check non-compliance in its ACF when applicants are accessing grants in its other grant programs. Creative Australia reports individual cases of non-compliance in its grant programs, other than the ACF, when reports are more than 30 weeks overdue. All 15 fraud and corruption controls with detective properties are consistent with the Commonwealth Fraud Prevention Centre’s catalogue of fraud controls. Creative Australia has not assessed the appropriateness and effectiveness of its detective controls for fraud and corruption risks. (See paragraphs 4.2 to 4.16)
20. Creative Australia has not undertaken or responded to a fraud or corruption investigation. Creative Australia developed a Fraud and Corruption Incident Register where it intends to record cases of suspected fraud or corruption, should an incident be reported or identified. Creative Australia does not investigate non-compliance with grant requirements where activities are not completed as a suspected case of fraud and does not cross check non-compliance with reporting in the ACF when an applicant is accessing its other grant programs. In cases of non-compliance where grant recipients received a ’30-week letter’, Creative Australia did not follow up on its requests to repay grant funds when funded activities had not been completed. (See paragraphs 4.18 to 4.34)
21. Creative Australia has complied with its annual reporting obligations and completed its response to the Australian Institute of Criminology’s annual survey within the timeframes required. Creative Australia has not reported any suspected fraud or corruption incidents. Creative Australia has developed a Fraud and Corruption Incident Register. (See paragraphs 4.37 to 4.45)
Recommendations
Recommendation no. 1
Paragraph 2.38
Creative Australia identify potential fraud and corruption risks that relate to activities across all its grant programs and include in its fraud and corruption risk register.
Creative Australia response: Agreed.
Recommendation no. 2
Paragraph 2.50
Creative Australia establish and document a framework for periodically reviewing and testing its fraud and corruption controls.
Creative Australia response: Agreed.
Recommendation no. 3
Paragraph 2.54
Creative Australia update its Fraud and Corruption Control Plan by including existing fraud and corruption risks informed by risk assessments and include controls that align with assessed fraud and corruption risks.
Creative Australia response: Agreed.
Recommendation no. 4
Paragraph 3.8
Creative Australia include specific fraud and corruption controls in its annual Fraud and Corruption Control Plan based on highest fraud and corruption risk activities, and where testing of controls has determined that a risk treatment is required.
Creative Australia response: Agreed.
Recommendation no. 5
Paragraph 3.47
Creative Australia provide professional development opportunities to its officials with fraud and corruption risk management responsibilities to increase risk management capability.
Creative Australia response: Agreed.
Recommendation no. 6
Paragraph 4.10
Creative Australia implement a mechanism to provide members of the public, consultants and third-party providers the ability to confidentially, and anonymously where appropriate, report suspected fraud and corruption.
Creative Australia response: Agreed.
Recommendation no. 7
Paragraph 4.35
Creative Australia document decisions made on the handling of public resources, including decisions relating to actions to recover financial losses when funded activities have not been undertaken.
Creative Australia response: Agreed.
Summary of entity response
22. The proposed audit report was provided to Creative Australia. The summary response to the report is below and the full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Creative Australia is committed to ensuring that its fraud and corruption obligations are taken seriously and welcomed the ANAO’s review of its systems, processes and control arrangements.
As part of the National Cultural Policy: Revive (January 2023), the functions of Creative Australia have substantially expanded, with the period of change commencing on 1 July 2023 and continuing over an initial four-year horizon.
As a result, Creative Australia is rapidly developing, deploying, and maturing our strategy, policies, procedures and operations (including fraud and corruption control arrangements) in response to these changes.
Creative Australia acknowledges that with the changing landscape of fraud and corruption, including an increasingly challenging cyber security environment, all organisations are actively seeking to adapt and strengthen systems and controls to prevent and detect fraud and corruption. This of course is more challenging in a small organisation of limited resources.
The Accountable Authority of Creative Australia will ensure that the recommendations from this review are implemented, the opportunities for improvement are carefully considered, and that appropriate expert resources are devoted to improving and enhancing our control arrangements in a timely, effective, and efficient manner.
Key messages from this audit for all Australian Government entities
23. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. The National Office for Child Safety (NOCS) was established in July 2018 in response to the Royal Commission into Institutional Responses to Child Sexual Abuse (the Royal Commission). The Royal Commission had reported in December 2017. NOCS was initially located in the Department of the Prime Minister and Cabinet. It was moved in 2022 to the Attorney-General’s Department (AGD) as a result of the June 2022 Administrative Arrangements Order.
2. In October 2021, the Australian Government launched the National Strategy to Prevent and Respond to Child Sexual Abuse 2021–2030 (National Strategy).1 The first phase of the National Strategy includes two four-year action plans (from 2021 to 2024): the First National Action Plan (NAP), to be delivered by Commonwealth, state and territory governments; and the First Commonwealth Action Plan, to be delivered by Commonwealth agencies.
3. NOCS is responsible for launching three new national support services. The provision of the three national support services is to be contracted. The approach to procuring service providers for NAP Measures 7, 10 and 21 was considered in the same procurement strategy, in which the department stated, ‘the three services are in varying stages of development and would likely be ready to approach the market at different times throughout 2023’. A Request for Tender (RFT) process has been undertaken for NAP Measures 10 and 21. Procurements have also been undertaken for the advisers and consultants to assist with the NAP Measure procurement processes as well as an evaluation provider for the NAP 10 and NAP 21 services.
4. There will be a lag between contracts being signed and services being provided to non-offending family members of child sexual abuse perpetrators (NAP 10) and persons at risk of offending or re-offending (NAP 21). The contractual arrangements that were the subject of the RFTs set out that there would be four phases to service delivery. The first two phases are, on the basis of the tender responses from the two preferred tenderers, expected to take at least five to six months. Those phases involving planning, design and establishing the infrastructure to enable service delivery (including the operation of the helplines and provision of websites) to commence in the third phase. Service delivery to citizens commences in the third phase. The offer periods were extended in January 2025 from August 2024 to April 2025 and the department advised the ANAO in April 2025 that the preferred tenders had agreed to further extend their offer periods (to 31 July 2025).
Rationale for undertaking the audit
5. The establishment of the new services is part of the response to the 2017 final report of the Royal Commission into Institutional Responses to Child Sexual Abuse. The timely conduct of the related procurements is intended to establish services that will provide support and advocacy for a cohort of secondary victims of child sexual abuse perpetration and protect children by intervening before an individual offends. The audit was conducted to provide assurance to the Parliament about the establishment of the two new national services, as well as the department’s approach to procurement.
Audit objective and criteria
6. The audit objective was to assess whether the Attorney-General’s Department’s conduct of the procurements relating to two of the new child sexual abuse-related national services employed open and effective competition and achieved value for money, consistent with the Commonwealth Procurement Rules (CPRs).2
7. The new child sexual abuse-related national services identified as needed by the Royal Commission and agreed by government are not being provided, with no contracts in place for the delivery of those services as at May 2025. The audit examined the conduct of the procurements up to the point at which preferred tenderers were selected as representing the best value for money, and did not examine the conduct of contract negotiations given they had not been completed.
8. To form a conclusion against the objective, the following high-level criteria were adopted.
- Were the procurement processes open, competitive, fair and non-discriminatory?
- Was the selection of preferred tenderers consistent with achieving value for money?
Conclusion
9. The Attorney-General’s Department’s conduct of the procurements for two of the new national services (NAP 21 and NAP 10) did not involve open and effective competition and the selection of preferred tenderers was not consistent with achieving value for money. There have been significant delays with the conduct of both procurements and the preferred tenders were not capable of being accepted by the department without further clarification and negotiation. The offer validity periods expired with substantive matters continuing to be negotiated with each preferred tenderer.3 While the department selected preferred tenderers in June 2024 (for NAP 21) and September 2024 (for NAP 10) as offering the best value for money through a competitive procurement process, since then it has, in effect, conducted limited tenders with the two preferred tenderers, in circumstances that do not satisfy the conditions for a limited tender set out in the Commonwealth Procurement Rules (CPRS).4
10. The Attorney-General’s Department (AGD) conducted a single-stage, open approach to market for each of the NAP 10 and NAP 21 services. In most respects, the Request for Tender (RFT) documentation for the NAP 10 and NAP 21 procurements identified the information required by the Commonwealth Procurement Rules. The procurement processes were not conducted in accordance with the Commonwealth Procurement Rules. Of note:
- Seven of the 11 tenders received for the NAP 10 and NAP 21 procurements were not compliant with one or more of the requirements set out in the RFTs. This included six tenders that did not provide all of the pricing information that the RFT stated was required to be submitted to inform evaluation. The department’s approach did not include any marking down of the evaluation of those tenderers against the price criterion to reflect that information required by the RFT had not been provided. The two preferred tenderers were in the cohort of seven.
- The procurement processes were not consistently conducted in accordance with ethical requirements. The engagement of the probity adviser was through a process that lacked probity, and the later engagement (without any competition) of the probity adviser to also provide strategic procurement advice adversely impacted the independence and objectivity of the probity adviser.5 The declaration and management of conflicts of interest was also not to an appropriate standard. This included ineffective management of a conflict the chair of the Evaluation Committee for the NAP 21 procurement had with the tenderer that emerged as the preferred candidate.
11. In relation to advisers and consultants to support the conduct of the NAP 10 and NAP 21 service procurements, competition was not employed for five of the nine engagements and the department did not evaluate candidates against the specified criteria for each of the procurements.
12. The procurements were not timely with the result that selection of preferred tenderers occurred later than planned, no contracts are in place as of May 2025 and services are not being provided. The approach to evaluation was not designed and conducted in a way that enabled the Attorney-General’s Department (AGD) to demonstrate achievement of value for money in the selection of preferred tenderers for the National Action Plan Measure 10 (NAP 10) and National Action Plan Measure 21 (NAP 21) procurements.
- Departmental records do not document how the budgeted funding amounts for services were arrived at. Awarding the contracts to tenders that were less than the budgeted funding was an important element of procurement planning yet the price criterion was not one of the weighted evaluation criteria. The budgeted amounts played an important role in the outcome of the procurement process for the NAP 10 procurement.
- While tender evaluation plans were in place prior to the closing date for the NAP 10 and NAP 21 tenders, they did not adequately address how the department planned to evaluate the pricing information tenderers were required to include. The department also admitted into evaluation tenders that had not provided all of the required pricing information (including from the two preferred tenderers).
- The conduct of the tender evaluation for the NAP 10 and NAP 21 procurements was not timely. It was also not consistent with approach to market documents.
- The department’s evaluation records do not clearly demonstrate that the preferred tenderers for the NAP 10 and NAP 21 procurements provided the best value for money.
13. The processes to engage the consultants and advisers to support the NAP 10 and NAP 21 procurements also did not demonstrate value for money. This was due to an absence of competition and/or value for money not being assessed, or the successful candidate not being assessed as providing the best value for money.
Supporting findings
Open and competitive procurement
14. Open tender approaches to market were employed to engage the service providers for the NAP 10 and NAP 21 services. The procurement approach to engage the evaluation provider was a panel procurement, which involved approaching 12 candidates to respond to a RFQ. When procuring advisers and consultants to assist with the NAP 10 and NAP 21 procurements, the department’s processes involved some competition for less than half of the engagements and no competition for more than half of the engagements, which is inconsistent with the Commonwealth Procurement Rules. (See paragraphs 2.3 to 2.16)
15. In most respects, the RFT documentation for the NAP 10 and NAP 21 procurements issued by AGD identified the information required by the CPRs. This included the conditions for participation, minimum content and format requirements and evaluation criteria. AGD did not clearly identify the relative importance of each of the criteria to be applied in the evaluation processes. (See paragraphs 2.17 to 2.34)
16. With one exception, all tenders accepted for evaluation had been lodged by the specified closing date. ( See paragraphs 2.35 to 2.36)
17. Six of the tenders received for the NAP 10 and NAP 21 procurements were not compliant with the requirements of the RFT. The two preferred tenderers were not compliant with all of the requirements set out in the RFT, as neither had submitted all of the pricing information that the RFT had said was required. In addition, for the NAP 21 procurement, for the preferred tenderer the evaluation report identified 24 items related to service delivery, the solution/technical issues, legal/contract issues and pricing issues for which additional information was required by the department before a contract negotiation directive could be prepared. The department’s approach also did not satisfy the requirement of the CPRs that further consideration only be given to submissions that meet minimum content and format requirements. Three of the tenders for the NAP 10 and NAP 21 procurements that did not meet those requirements were progressed to evaluation before the department sought to address the situation. (See paragraphs 2.37 to 2.43)
18. Tenders for the NAP 10 and NAP 21 procurements were not fully and fairly evaluated against each of the criteria. In relation to the price criterion, tenderers were required to provide information under three scenarios (low, medium and high call volumes). The department did not evaluate tenders under each of the three scenarios because not all tenderers provided the required information. For the NAP 21 procurement, the department analysed the high volume call scenario whereas, for the NAP 10 procurement, the medium call volume scenario was used. The department’s approach reflects that it accepted for evaluation tenders that had not provided all the required price information and so it used the call volume scenario in each tender where it had a response from all tenderers. The approach to evaluation did not include any marking down of the evaluation against the price criterion for the tenderers that had not provided all of the required information.
19. In relation to the evaluation provider procurement, a second evaluation panel had to convene to re-evaluate responses after the department became aware it had not evaluated all four of those received.
20. For one of the procurements of advisers, the department’s evaluation did not address a mandatory requirement such that it had to retract its advice that the candidate assessed as offering value for money was preferred after it eventuated that the candidate did not meet the requirement. (See paragraphs 2.44 to 2.91)
21. The department did not conduct all tender clarification and collaboration activities in a fair and transparent manner as required by the Commonwealth Procurement Rules. (See paragraphs 2.92 to 2.105)
22. The department’s procurement processes did not demonstrate ethical conduct as required by the Commonwealth Procurement Rules.6 This included the approach employed to procuring the probity adviser. The department did not have an effective approach to the declaration, and management, of conflicts of interest. (See paragraphs 2.106 to 2.151)
Demonstrating achievement of value for money
23. Departmental records do not document how the budgeted funding amounts for services were arrived at. (See paragraphs 3.2 to 3.8)
24. There have been significant delays with the department’s conduct of the procurements with the result that the services aimed at protecting children from sexual abuse by intervening before an individual offends or re-offends, and at providing nationally available free support to non-offending family members of child sexual abuse perpetrators, are not yet available. The Requests for Tender (RFTs) were issued later than had been planned by the department. It also took longer than planned to evaluate the tender responses, select the preferred tenderers (who were notified in June 2024 and September 2024) and enter into contract negotiations. The offer validity periods expired with substantive matters continuing to be negotiated with each preferred tenderer. Should contract negotiations be successful, the department expects that services will not begin to be provided until mid-2025, which would be four years and eight months after the National Strategy was released. (See paragraphs 3.9 to 3.19)
25. Tender evaluation plans were in place prior to the closing date for the NAP 10 and NAP 21 tenders. The evaluation plans had not been signed off by the probity adviser. The evaluation plans did not adequately address how the department planned to evaluate the pricing information tenderers were required to submit. (See paragraphs 3.20 to 3.30)
26. The conduct of the tender evaluation for the NAP 10 and NAP 21 procurements was not timely and was not consistent with approach to market documents. (See paragraphs 3.31 to 3.44)
27. The department’s evaluation records do not clearly demonstrate that the preferred tenderers provided the best value for money.
- Each of the two preferred tenderers had not provided all of the information the RFT had identified as being required.
- For the NAP 21 procurement, after it was selected as the preferred tenderer, the department obtained significant additional information from the tenderer related to service delivery, the solution/technical issues and legal/contract issues. The need for this information was not identified in the tender evaluation report.
- For the NAP 10 procurement, the tenderer that scored highest against the weighted criteria was excluded from participating further in the tender process in favour of the second highest scoring tenderer. There were also departures from the RFT in terms of the evaluation criteria that were applied, and the approach taken to putting in place a performance guarantee with the successful tenderer. Further, the tender evaluation report did not identify that the department considered there were areas requiring clarification relating to pricing issues and solution/technical issues, including a concern that the tenderer’s pricing for the medium and high call volume scenarios exceeded the budgeted amount for each year of service delivery. (See paragraphs 3.45 to 3.60)
28. The roles and responsibilities of individuals involved in the NAP 10 and NAP 21 procurements set out in the evaluation plans provided for an appropriate separation of duties between the spending delegate and the Evaluation Committees. The probity adviser was not independent of the procurement processes as it also performed the role of strategic procurement adviser. (See paragraphs 3.61 to 3.65)
29. Appropriate procurement records were partly maintained. While available records addressed the requirement for the NAP 10 and NAP 21 procurements, evidence to support key decisions was not maintained. In addition, the tender evaluation report did not accurately reflect the evaluation process that was employed or satisfactorily demonstrate that value for money had been achieved. There are no records evidencing how the department arrived at the budgeted amounts for the two services. (See paragraphs 3.66 to 3.71)
30. Contracts for the two new services have not been signed, meaning the requirement to report on AusTender has not been triggered. The department met its obligation to report the evaluation provider contract accurately within the 42 day deadline. The department was also required to report on AusTender a number of the adviser and consultant contracts it entered into for the purpose of assisting with the main procurements. There were delays and inaccuracies in reporting of six of the eight contracts that required reporting on AusTender. (See paragraphs 3.72 to 3.74)
Recommendations
Recommendation no. 1
Paragraph 2.25
When conducting procurements, the Attorney-General’s Department clearly identify the relative importance of each of the criteria to be applied in the evaluation process. This should include appropriate weighting of the price criterion in circumstances where a budget has been established for the goods and/or services being procured.
Attorney-General’s Department response: Agreed.
Recommendation no. 2
Paragraph 2.65
When planning procurements, the Attorney-General’s Department:
- ensures that potential suppliers are required to provide all the information that is relevant for the purposes of evaluation, and not ask for any information that is not required;
- where data that is required for evaluation is not provided by a tenderer, this should be reflected in the tender either being excluded or a lower score against the relevant criterion (where the missing information relates to the evaluation criteria); and
- where data that is required for evaluation has been provided, the department should have a plan to evaluate this information and it should be evaluated in full by the department.
Attorney-General’s Department response: Agreed.
Recommendation no. 3
Paragraph 2.104
The Attorney-General’s Department improve its procurement framework to address the conduct of additional processes, including collaboration activities to ensure they are conducted in a fair and transparent manner.
Attorney-General’s Department response: Agreed.
Recommendation no. 4
Paragraph 2.151
The Attorney-General’s Department strengthen its adherence to recognised principles and processes for conducting procurements ethically, including the identification and effective management of conflicts of interest.
Attorney-General’s Department response: Agreed.
Recommendation no. 5
Paragraph 3.29
When developing evaluation plans, the Attorney-General’s Department ensure that the planned evaluation addresses all information tenderers are required to include in submissions.
Attorney-General’s Department response: Agreed.
Recommendation no. 6
Paragraph 3.70
The Attorney-General’s Department improve its procurement record keeping so that accurate and concise information exists on the process that was followed, how value for money was considered and achieved, and relevant decisions and basis of those decisions.
Attorney-General’s Department response: Agreed.
Summary of entity response
31. The proposed audit report was provided to the Attorney-General’s Department and an extract of the proposed report was provided to Astryx Pty Ltd. The Attorney-General’s Department’s summary response is reproduced below.
Attorney General’s Department
The department appreciates the opportunity afforded from the ANAO audit process to improve future procurement practices and accepts the ANAO’s key finding in the Section 19 Report. This includes all six of the ANAO’s recommendations, along with the opportunities for improvement identified throughout. The procurement processes being reviewed were complex in nature and the department made genuine efforts to ensure correct process was followed and ethical requirements were met throughout. The department has already taken steps to improve current procurements being run the by the National Office for Child Safety (NOCS) based on discussions with the ANAO, and is also committed to implementing departmental-wide improvements. The department thanks the ANAO for its audit of the conduct of procurements relating to two new child sexual abused-related national services, and is confident that procurement practices of NOCS, and across the whole of the department, will be improved as a result.
Key messages from this audit for all Australian Government entities
32. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Procurement
Probity in procurement
Summary and recommendations
Background
1. The Greenhouse and Energy Minimum Standards Act 2012 (GEMS Act) establishes the national framework for the regulation of appliance and equipment energy efficiency standards. The purpose of the program is to prevent the sale of the most energy inefficient products in the Australian market and to help inform Australian consumers about the energy efficiency of products when making decisions about which products to purchase. It aims to:
- reduce energy consumption, and associated greenhouse gas emissions and energy costs, of Australian households and businesses; and
- incentivise manufacturers to innovate and produce more energy efficient products.1
2. The GEMS Regulator, who sits within the Department of Climate Change, Energy, the Environment and Water (the department), is responsible for administering the GEMS Act.
Rationale for undertaking the audit
3. In April 2024, the Australian Government published its National Energy Performance Strategy (the strategy), which aims to ‘drive a high energy performance economy and help consumers take control of their energy use and save on bills’.2 The strategy identifies the regulation of appliance and equipment energy efficiency standards as ‘one of the most effective mechanisms for decarbonisation and ensuring consumers benefit from energy performance improvements’.3
4. This audit provides independent assurance to the Parliament regarding the effectiveness of the department’s administration of the GEMS Act and its regulation of appliance and equipment energy efficiency standards.
Audit objective and criteria
5. The objective of the audit was to assess the effectiveness of the department’s regulation of appliance and equipment energy efficiency standards.
6. To form a conclusion against the objective, the following criteria were adopted:
- Have appropriate arrangements been established to support regulatory activities?
- Has the regulatory approach been effectively implemented?
7. The audit focused on the department’s administration of the GEMS Act and its regulation of appliance and equipment energy efficiency standards. The audit did not examine the appropriateness of GEMS determinations or the accuracy of the data that was used to inform the determinations or the appropriateness of methodologies used to calculate estimated energy savings and emission reductions resulting from the scheme.
Conclusion
8. The department’s regulation of appliance and equipment energy efficiency standards is partly effective. The department has not effectively implemented a risk-based approach that is informed by data, evidence and intelligence. This limits the department’s ability to effectively encourage compliance and deter non-compliance. The department is unable to demonstrate whether the GEMS program is achieving its intended purpose.
9. The arrangements to support regulatory activities for the GEMS program are partly effective. The GEMS program’s records are incomplete, missing contextual information underpinning the records and may not be connected with related records. Staff supporting the program do not have direct access to GEMS records prior to 2020. Between 6 December 2022 and 30 June 2024, 87 per cent of registration applications were processed without appropriate delegations. The department was not managing risk for the GEMS program. Thirty-six per cent of GEMS staff in 2024, including the GEMS Regulator, did not make the required annual conflict of interest declaration. The department has established policies, procedures or guidance to outline how the GEMS Regulator’s powers and functions should operate. The GEMS registration system operated without an authority to operate and did not have effective segregation of duties controls. The GEMS program is not fully recovering its costs. Fees have not been reviewed since 2016–17.
10. The department’s implementation of its regulatory approach is partly effective. It uses the Energy Rating website to inform and engage with regulated entities. The department is undertaking compliance monitoring activities. The check testing conducted by the department is not informed by the department’s assessment of compliance risk. There is a lack of direct access to records prior to 2020 and there are issues impacting the quality of data in the registers used to document compliance monitoring activities and investigations. This limits the quality and completeness of the department’s records of its investigations of suspected non-compliance as well as its ability to effectively utilise the regulatory tools available under the GEMS Act. The GEMS Regulator has issued four infringement notices since the establishment of the program, all of which were not paid and were not enforced. The department is not measuring the program’s impact on reducing energy consumption and carbon emissions and so cannot demonstrate whether the program is achieving its intended purpose.
Supporting findings
Arrangements to support regulatory activities
11. The administration of the GEMS program is overseen by intergovernmental and departmental bodies and structures. The GEMS program’s records are ‘fractured’ and incomplete; staff supporting the program do not have direct access to GEMS records prior to 2020. Between 6 December 2022 and 30 June 2024, 87 per cent of registration applications were processed without appropriate delegations. The department was not managing risk for the GEMS program in accordance with its enterprise risk management framework. Thirty-six per cent of staff supporting the administration of the GEMS program in 2024, including the GEMS Regulator, did not make the required annual conflict of interest declaration in 2024. (See paragraphs 2.3 to 2.63)
12. The department has established policies, procedures or guidance documents to outline how the GEMS Regulator’s powers and functions should operate. The GEMS Register includes fields to record 75 per cent of the information required by the GEMS Act. The GEMS registration system operated without an authority to operate until March 2025, when the system was granted authority to operate. The department had not established segregation of duties controls for the processing of applications to register a GEMS product. Between 2019–20 and 2023–24, there were 439 instances (1.5 per cent) where an application had been assessed and approved by the same individual and six instances (46 per cent) where an application was assessed and refused by the same individual. (See paragraphs 2.64 to 2.96)
13. The department has established a GEMS Compliance Policy that outlines the department’s compliance objective. It has not established performance measures for the GEMS program’s compliance objective. The department has documented a risk-based approach for its compliance monitoring activities and responses to non-compliance. The GEMS program is not fully recovering its costs. Between 2019–20 and 2023–24, the GEMS program recovered an average of 65 per cent of its costs each financial year. GEMS fees have not been reviewed since 2016–17. (See paragraphs 2.97 to 2.122)
Implementation of regulatory approach
14. The department uses the Energy Rating website to provide information to and engage with regulated entities to encourage voluntary compliance. GEMS Inspectors may also provide educational materials regarding the GEMS labelling and registration requirements to suppliers when conducting inspections. Stakeholder satisfaction surveys indicate that stakeholders are satisfied that the department provides them with the support they need to understand and comply with their obligations. ( See paragraphs 3.1 to 3.14)
15. The department is undertaking compliance monitoring activities (market surveillance, check testing and investigating allegations of non-compliance). The department’s check testing records and reporting indicate that check testing activities have been decreasing. Forty-two per cent of GEMS Inspectors operating between 2019–20 and 2023–24 were fully compliant with the minimum requirements used for the GEMS Regulator to be satisfied that a person has suitable training or experience to properly exercise the powers of a GEMS Inspector. The receipt of allegations of suspected non-compliance are not recorded in a central database. (See paragraphs 3.15 to 3.50)
16. The department has established selection criteria for the assessment of compliance risk for its compliance monitoring activities. In 2023–24 and 2024–25, the department’s assessment of compliance risk (to inform check testing) included products registered under less than half of GEMS determinations. The department is not using the assessment of compliance risk it has produced to inform its selection of models for check testing. Sixteen per cent of models check tested in 2023–24 were assessed as within the top 10 highest risk models for their product category. The majority (62 per cent) of models check tested had not been assessed for compliance risk. The ANAO was not able to determine whether the assessment of compliance risk was used to inform the selection of market surveillance activities, as 2024–25 was the department’s first year using its current approach. (See paragraphs 3.52 to 3.85)
17. The highest level of regulatory response issued or sought by the GEMS Regulator since the establishment of the program is an infringement notice. Four infringement notices have been issued, all of which were not paid and were not enforced by the GEMS Regulator. There is a risk that the GEMS Regulator may be seen as unable or unwilling to enforce the GEMS Act, which may limit the department’s ability to effectively encourage compliance and deter non-compliance. The department is not documenting the assessment of the detriment that non-compliance may have caused. The quality and completeness of the department’s records of its investigations of suspected non-compliance are limited by the lack of direct access to records prior to 2020 and issues impacting the quality of data in the department’s register of investigations. The department has established processes for the internal review of reviewable decisions. (See paragraphs 3.90 to 3.130)
18. The GEMS Act has been independently reviewed, as required under the GEMS Act. In 2023, the GEMS program was internally audited. The department conducts annual surveys to measure stakeholder satisfaction. The department prepares annual reports on the operation of the GEMS Act. Reporting on the program’s operation and performance could not be verified against departmental records. The department is not measuring and reporting on the program’s impact on reducing energy consumption and carbon emissions. (See paragraphs 3.131 to 3.157)
Recommendations
Recommendation no. 1
Paragraph 2.23
The Department of Climate Change, Energy, the Environment and Water ensure that the records related to the GEMS program are appropriately transferred to and stored in the department’s electronic document and records management system where they can be accessed by those responsible for administering the GEMS program.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Recommendation no. 2
Paragraph 2.75
The Department of Climate Change, Energy, the Environment and Water review and update the GEMS Register to ensure that it documents all information that it is required to document under the GEMS Act.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Recommendation no. 3
Paragraph 2.91
The Department of Climate Change, Energy, the Environment and Water review all instances where registration applications had been assessed and approved or refused by the same individual to ensure that the decisions were appropriate.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Recommendation no. 4
Paragraph 2.123
The Department of Climate Change, Energy, the Environment and Water review and update the fees for the GEMS program to ensure that its costs are fully recovered in accordance with its charging arrangements.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Recommendation no. 5
Paragraph 3.32
The Department of Climate Change, Energy, the Environment and Water review and improve its arrangements for recording and reporting on compliance monitoring activities to ensure that its records are complete and its reporting is accurate and verifiable.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Recommendation no. 6
Paragraph 3.42
The Department of Climate Change, Energy, the Environment and Water ensure that GEMS Inspectors are compliant with the minimum requirements used for the GEMS Regulator to be satisfied that a person has suitable training or experience to properly exercise the powers of a GEMS Inspector.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Recommendation no. 7
Paragraph 3.86
The Department of Climate Change, Energy, the Environment and Water review its assessment of compliance risk and its selection of check testing and market surveillance activities to ensure that compliance activities are focused on the areas where there is the greatest risk of non-compliance by ensuring that:
- all regulated products (those covered by a GEMS determination) are considered as part of its assessment of compliance risk;
- calculations of compliance risk are accurate; and
- the assessment of compliance risk is used to inform the selection of compliance activities.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Recommendation no. 8
Paragraph 3.103
The Department of Climate Change, Energy, the Environment and Water review and improve its arrangements for recording investigations into suspected non-compliance with the GEMS Act to ensure its records are complete, accessible and maintained in accordance with the Australian Government Investigations Standard.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Recommendation no. 9
Paragraph 3.158
The Department of Climate Change, Energy, the Environment and Water develop performance measure(s) that provide meaningful information on the effectiveness of the program in achieving its outcomes.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Summary of entity response
19. The proposed report was provided to the department. The department’s summary response is reproduced below and the full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
The Department of Climate Change, Energy, the Environment and Water (the department) is committed to effective regulation that achieves legislated outcomes, manages risks proportionately and promotes continuous improvement.
The department welcomes the Australian National Audit Office’s audit report on the Administration of the Equipment Energy Efficiency Program (GEMS) and acknowledges the findings of the audit. The department agrees with all nine of the report’s recommendations and can confirm that changes to strengthen the regulatory oversight of the GEMS Program are well underway.
The GEMS Program is estimated to have saved Australian households and businesses $12–$18 billion in avoided energy costs. In 2021–22 alone, it is estimated to have saved Australia between $1.3 billion and $2 billion in avoided energy costs while delivering greenhouse gas emissions savings of between 4.1 and 6.3 million tonnes4. The department is committed to ongoing improvement of the operation of the GEMS Program – in partnership with states, territories and New Zealand – to ensure it continues to deliver energy and cost savings and emissions abatement as an important part of Australia’s pathway to Net Zero.
Key messages from this audit for all Australian Government entities
20. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Performance and impact measurement
Summary and recommendations
Background
1. The Child Care Subsidy (CCS) is administered by the Department of Education (Education) under the Family Assistance Law (FAL), to assist families to meet the cost of early childhood education and care.
2. At a cost of $13.6 billion in 2023–24, CCS is one of the ‘fastest-growing major payments’ of the Australian Government, with forecast average annual growth of 5.5 per cent over 2024–25 to 2034–35. As of September 2024, CCS supported 1.45 million children to attend approved care. This equates to 32.6 per cent of all 0 to 13-year-olds in Australia.
3. Education has policy responsibility for the CCS, including the CCS special appropriation. Services Australia is accountable for delivering payment and ICT services on behalf of Education, and for prioritising the service delivery within its budget appropriation.
Rationale for undertaking the audit
4. The CCS was estimated to be one of the top 20 expense programs in 2024–25. Australian Government spending on CCS was $13.6 billion in 2023–24, of which an estimated 3.6 per cent ($484.1 million) was lost to incorrect payments, including fraud and non-compliance. Fraud and non-compliance reduces available funds for public goods and services.
5. This audit was conducted to provide assurance to the Parliament over the effectiveness of the management and oversight of compliance activities within the Child Care Subsidy program. This audit was identified as a priority by the Parliament’s Joint Committee of Public Accounts and Audit in the context of the ANAO’s 2023–24 Annual Audit Work Program.
Audit objective and criteria
6. The objective of the audit was to assess the effectiveness of the management and oversight of compliance activities within the CCS program.
7. To form a conclusion against the objective, the following high-level audit criteria were adopted:
- Have effective governance arrangements been established?
- Is the approach to compliance activities effective?
Conclusion
8. The management and oversight of compliance activities within the CCS is partly effective. Governance arrangements do not provide Education with whole of program oversight, and evaluation arrangements are only partly implemented. Although the payment accuracy rate improved in 2022–23 and 2023–24, and comprehensive prevention activities are in place, gaps in monitoring and enforcement are not being effectively managed.
9. Education has established partly effective arrangements to oversee CCS compliance activities. Committees accountable to a Senior Executive Service (SES) Band 2 within Education oversee its Child Care Subsidy Financial Integrity Strategy 2023–2027 (Integrity Strategy), which sets out its approach to risk based and data driven regulation of CCS providers and services, to be implemented from 2023 to 2027. To successfully complete its implementation of the Integrity Strategy, Education will need to improve its data quality in the Child Care Intelligence System (CCIS) and implement evaluation arrangements across the full suite of its compliance interventions.
10. Bilateral arrangements between Education and Services Australia are set out in a Statement of Intent and Program Delivery Services Schedule for Child Care Subsidy Program, which detail the objectives, governance, risk and issue management, roles and responsibilities and assurance obligations for CCS services. These arrangements do not provide Education with sufficient oversight of CCS compliance activities within Services Australia. Education has established a CCS Fraud and Corruption Risk Assessment (FCRA), but this is not supported by engagement with Services Australia over shared risks. Services Australia has not established a FCRA that includes CCS.
11. Education and Services Australia have established a partly effective approach to compliance activities. While Education and Services Australia have comprehensive arrangements to prevent non-compliance among providers and families respectively, deficiencies were identified in relation to monitoring, investigations and enforcement.
12. Services Australia is responsible for monitoring family compliance. It does not monitor non-employment activities, is unable to identify CCS-related matters within its tip-off data, and its income monitoring via the CCS reconciliation process is not consistent with the FAL, due to its reliance on lodged tax return data before a notice of assessment has been issued.
13. Education is responsible for monitoring provider compliance, and investigations and enforcement. It monitors whether providers continue to meet some conditions to administer CCS. It does not have assurance that all conditions are met, does not apply quality assurance across all monitoring and investigation activities, and does not investigate possible CCS provider overpayments identified while monitoring payment accuracy via the Random Sample Parent Check (RSPC). Its ability to effectively implement the Integrity Strategy is undermined by poor data quality in CCIS and a lack of cohesive enforcement strategy, which mean it is not able to assess whether decisions to take enforcement action are fair, impartial, consistent, or proportional.
Supporting findings
Governance arrangements
14. Education oversees CCS compliance activities via a Financial Integrity Governance Board (FIGB) and Financial Integrity Operational Committee (FIOC), that are accountable to the responsible SES Band 2. Education does not have visibility of compliance activities or risk management in Services Australia. Bilateral arrangements between the Department of Education and Services Australia are set out in a Statement of Intent between the Chief Executive Officer (CEO) of Services Australia and the Secretary of the Department of Education (Education Secretary). Under the Statement of Intent, the Program Delivery Services Schedule for Child Care Subsidy Program details the objectives, governance, risk and issue management, roles and responsibilities and assurance obligations for CCS services. These do not provide sufficient oversight of CCS compliance activities. (See paragraphs 2.3 to 2.26)
15. Education’s Integrity Strategy documents its approach to risk based and data driven regulation to be implemented from 2023 to 2027. To successfully complete its implementation of the Integrity Strategy, Education will need to improve its CCIS data quality. Although Services Australia’s annual CCS risk management plans document its approach to managing risk in the program, including compliance risk, there is no documented approach (either in Education’s Integrity Strategy or via Services Australia’s own program documentation) that provides strategic direction or describes how risk and data inform decision-making regarding Services Australia’s CCS compliance activities. Education has established a CCS FCRA, although information about the purpose, implementation status, and timeframes of risk treatments is not included. Risk identification, analysis and evaluation within the FCRA is not supported by engagement with Services Australia over shared risks. Services Australia has not established a FCRA that includes CCS. (See paragraphs 2.31 to 2.52)
16. Education monitors the effectiveness of the Integrity Strategy using payment accuracy data drawn from the RSPC and reporting against budget savings measures. As of March 2025, evaluations of compliance interventions have been planned but not yet implemented across the full suite of compliance interventions. Initial intervention evaluations and resulting adjustments for each team are due to be completed in 2025. As such, is not possible to effectively measure the impact of activities undertaken under the Integrity Strategy, or understand the relative contributions of different types of activities. (See paragraphs 2.53 to 2.70)
Approach to compliance activities
17. CCS program design, including the legislative framework administered by Education, has been strengthened to support compliance. Access to the program is managed via provider and individual application processes by Education and Services Australia respectively. Both entities provide appropriate information to stakeholders via a range of sector guidance, communications and advice. Education engages regularly with sector representatives and has commenced work to improve the capability of Family Day Care (FDC) providers to comply with their obligations under the FAL. (See paragraphs 3.2 to 3.19)
18. Education and Services Australia monitor family and provider compliance with the FAL using family income, sessions of care information from providers, electronic funder transfer (EFT) provider audits, and manual checking of provider reporting. These controls focus on incorrect session reporting resulting in incorrect payment. Education does not have assurance that certain other requirements, such as fit and proper person requirements, are met after initial CCS approval has been granted. Where non-compliance is suspected, Education may choose to conduct an administrative or criminal investigation. Services Australia’s use of data for checking family income is not consistent with the FAL, and there are deficiencies in Education’s record keeping, monitoring of ongoing provider and service eligibility for CCS, and quality assurance arrangements in both EFT provider audits and investigations. Services Australia’s collection of tip-off information does not effectively support the identification of CCS matters. (See paragraphs 3.22 to 3.62)
19. Education imposes fines, debts, conditions on approval, suspension and cancellation of approval, and refers matters for criminal prosecution as part of its work to enforce compliance with the FAL. Education does not have a policy to guide decisions on whether, and in what circumstances, to take enforcement action, and enforcement strategy has not been considered by the FIGB. Without cohesive policy guidance for staff, Education is unable to assess whether decisions to take enforcement action are fair, impartial, consistent, or proportional. From 2022–23 to 2023–24, across the CCS, Education withdrew $473,010 (42.2 per cent of the total $1.1 million) of fines issued, raised and recovered 11 compliance-related debts valued at $59,648 (0.9 per cent of the total $6.4 million) and identified but did not investigate 970 potential overpayments with a total value of $106,375. (See paragraphs 3.63 to 3.80)
Recommendations
Recommendation no. 1
Paragraph 2.22
The Department of Education and Services Australia review and revise arrangements giving effect to the Statement of Intent and subordinate documents to ensure sufficient oversight of shared regulatory activities is provided.
Department of Education response: Agreed.
Services Australia response: Agreed.
Recommendation no. 2
Paragraph 2.62
The Department of Education strengthen its approach to implementing evaluation of the effectiveness of compliance interventions, to cover all interventions in the Child Care Subsidy Financial Integrity Strategy 2023–2027.
Department of Education response: Agreed.
Recommendation no. 3
Paragraph 2.68
The Department of Education, in consultation with Services Australia:
- develop a program-level CCS compliance and enforcement strategy including:
- approaches to coordination;
- governance;
- risk management;
- reporting between the entities;
- reporting of savings outcomes against targets; and
- performance and impact measurement, review and evaluation.
- ensure a version of the strategy is published on each entity’s website.
Department of Education response: Agreed.
Services Australia response: Agreed.
Recommendation no. 4
Paragraph 3.28
Services Australia work with the Department of Education to review and revise its arrangements for collecting and reporting information about Child Care Subsidy compliance-related matters, including tip-offs, risk assessments and controls, and investigations, to ensure sufficient information is provided to the Department of Education to oversee compliance activities.
Department of Education response: Agreed.
Services Australia response: Agreed.
Recommendation no. 5
Paragraph 3.61
The Department of Education review whether its electronic investigation management system (EIMS) is fit for purpose and enables staff undertaking compliance related work to meet all requirements of legislation.
Department of Education response: Agreed.
Recommendation no. 6
Paragraph 3.73
The Department of Education seek independent legal advice from the Australian Government Solicitor regarding its obligations (under the Family Assistance Law and other relevant legislation such as the Privacy Act 1988) in respect to possible Child Care Subsidy provider overpayments identified while monitoring payment accuracy using the Random Sample Parent Check.
Department of Education response: Agreed.
Recommendation no. 7
Paragraph 3.79
The Department of Education update operational policies and procedures to:
- improve compliance related record keeping;
- ensure quality assurance and review arrangements are in place across relevant teams; and
- establish program-level investigations and enforcement policies to support fair, well documented, consistent, and proportional decision-making, and conflict-of-interest management.
Department of Education response: Agreed.
Summary of entity responses
20. The proposed audit report was provided to the Department of Education and Services Australia. The summary responses are reproduced below and the full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Department of Education
The Department of Education (the department) acknowledges the Australian National Audit Office (ANAO) performance audit on the management and oversight of compliance activities within the Child Care Subsidy (CCS) program.
The management and oversight of compliance activities plays an important role in ensuring the proper use of CCS and the achievement of program outcomes. In the 2023–24 financial year, the department’s integrity activities resulted in the highest accuracy rates in provider claims for CCS on record, exceeding the program target.
These are substantial achievements, testament to the department’s commitment to strong regulation of CCS approved providers and its obligations under the Resource Management Guide-128.
The department is progressing a large work program to strengthen and further mature the delivery of its CCS compliance activities under the CCS Financial Integrity Strategy 2023–27. The department agrees with the seven recommendations and will address these as part of its ongoing commitment to strengthen the management and oversight of CCS compliance activities.
Services Australia
Services Australia (the Agency) welcomes the ANAO report on Management and Oversight of Compliance Activities within the Child Care Subsidy (CCS) Program. The Agency notes the report findings, including that management and oversight of compliance activities within the CCS Program are partly effective.
The Agency’s focus is on efficiently and effectively delivering payments and services to the Australian community, and compliance and program integrity are important aspects of this work. The Agency’s strategies, performance measures, and governance arrangements are focussed on ensuring the right payment to the right person at the right time.
The Agency is committed to continually improving its internal and external governance arrangements, performance monitoring and reporting, compliance activities, and guidance and support to staff to ensure the integrity of the CCS Program.
Key messages from this audit for all Australian Government entities
21. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Program design
Performance and impact measurement
Summary and recommendations
Background
1. Corporate organisations, including in the public sector, often have a board responsible for their governance. The Australian Institute of Company Directors (AICD) refers to governance as the systems that direct and control — or govern — an organisation1:
Governance enables authority to be exercised appropriately and for the people who exercise it to be held to account. Good governance is about the effective way decisions are made and power is exercised within an organisation.
2. In March 2025, 74 Australian Government organisations have a body corporate status — known as corporate Commonwealth entities (CCEs). The governing board of a CCE is often the entity’s accountable authority with specific responsibility for ‘leading, governing and setting the strategic direction’ for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).
3. Boards of Australian Government entities must govern in a way that complies with the requirements of any enabling legislation, the Commonwealth finance law (which includes the PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule)), and other applicable laws and requirements.
4. Organisations, including CCEs, with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.
5. The National Disability Insurance Scheme (NDIS), established in 2013 under the National Disability Insurance Scheme Act 2013 (NDIS Act), provides funding for planned supports for NDIS participants — people with permanent and significant disability. Commonwealth, state, and territory governments jointly fund the NDIS under bilateral arrangements.
6. The National Disability Insurance Agency (NDIA) is responsible for delivering the NDIS under the NDIS Act and is a CCE. The Board of the NDIA (the Board) is the accountable authority of the NDIA.
Rationale for undertaking the audit
7. The NDIS is a demand-driven program. In 2023–24, the NDIA’s participant plan expenses were $41.85 billion, 19 per cent higher than in 2022–23, making this the largest area of Australian Government expenditure managed by the board of a CCE and also the fastest growing Australian Government payment. In May 2024, Budget Paper No. 1 for the 2024–25 Budget stated, ‘NDIS Commonwealth funded participant payments growth is expected to average 9.2 per cent per year over the projections period’ (to 2034–35).23 With over 692,000 Australians registered as NDIS participants as at 31 December 2024, the NDIA is also an organisation with a direct impact on the lives of a major cohort of vulnerable Australians.
8. This audit topic provides independent assurance to Parliament on the effectiveness of the Board of the NDIA’s governance.
Audit objective and criteria
9. The objective of the audit was to assess the effectiveness of the governance of the Board of the NDIA.
10. To form a conclusion against the objective, the ANAO examined:
- Are the Board’s arrangements consistent with relevant legislative requirements for effective governance?
- Does the Board have fit-for-purpose arrangements to support sufficient oversight of the entity’s operations?
11. The ANAO analysed the Board’s governance for the period 1 July 2021 to 30 June 2024.
Conclusion
12. The Board’s governance was largely effective. The Board could strengthen its overall governance of the NDIA and the NDIS by setting clear requirements for additional strategic reporting to it on the progress of the implementation of financial sustainability initiatives. The Board’s practice of seeking further information and assurance from management where results are below targets, or other issues or risks are reported, was maturing but not consistent across the Board’s and its committees’ meetings.
13. The Board’s governance and administrative arrangements are largely consistent with relevant legislative requirements for effective governance. Board appointments are in accordance with legislative requirements and Board meetings are properly constituted. Management plans are not consistently developed for Board members’ declared real or apparent conflicts of interest.
14. The Board has a largely fit-for-purpose charter and has established committees that support it though reviewing relevant management reports and products before these are submitted to the full Board. A Sustainability Committee provides support for the oversight of actuarial reporting and NDIS financial sustainability. The Strategic Directions and Participant Outcomes Committee did not provide the Board sufficient advice against its broad charter functions, including advice on NDIA priorities.
15. Prior to March 2024, the Audit Committee structure limited its ability to provide the required range of independent advice and assurance to the Board, with risk oversight managed by a separate Risk Committee and reliance placed on the committees and Board informally sharing information. A combined Audit and Risk Committee (ARC), in place since March 2024, supports the Board by reviewing all required areas of reporting on NDIA finance, performance, risk and internal control. None of the committees provide written advice to the Board.
16. The Board has established partly fit-for-purpose arrangements to oversee NDIA operations. The Board had regard to advice and reports from the Scheme Actuary, the Independent Advisory Council and the ARC. Decision records did not always show the Board’s consideration of relevant legislative criteria. As reporting on regulatory compliance was aggregated, it lacked detail, and the Board did not always respond to indicators of non-compliance. Requirements of the National Disability Insurance Scheme—Risk Management Rules 2013 were not all met. The Board monitored and received reporting from the NDIA on NDIS sustainability and fraud risk. The Board has not directed strategic reporting on reforms to assure itself that the NDIA will fulfil the Australian Government’s commitments to moderate growth in NDIS expenses.
17. The Board has arrangements to meet PGPA Act requirements relating to governing the NDIA, systems of risk control, cooperation with others and reporting to the Minister for the NDIS. When reports on areas of poor performance or other issues are provided, the Board and its supporting committees could improve its governance by consistently seeking further information or assurance from management. Consistently seeking additional information would support the Board to mature further into a strategic role.
Supporting findings
Board governance and structure
18. Board member appointments between July 2021 and June 2024 complied with relevant NDIS Act requirements. The Department of Social Services (DSS) maintained records of appointments and advised the minister on current and upcoming vacancies. (See paragraphs 2.2 to 2.22)
19. Board meetings were properly constituted, and sufficiently frequent, with records maintained. The Board had not set guidance for the use and records of ‘in camera’ sessions. Inaccurate remuneration payments were made to Board members in 2022–23 and 2023–24. (See paragraphs 2.23 to 2.39)
20. A register of Board member interests was updated regularly. Of the seven declared interests identified by members as potential or actual conflicts, one had a documented management strategy. Conflict of interest procedures were largely followed for scheduled Board meetings; they were not consistently followed for out of session meetings or decisions without meetings. (See paragraphs 2.40 to 2.57)
21. The Board has established committees to support the governance of the NDIA. The charters for committees could be improved to set out voting requirements, the extent of delegated authority, and specify requirements for making decisions without meetings. The ARC charter could be improved by specifying who cannot be a member of the committee. The Board has not documented which NDIA policies require its approval. (See paragraphs 2.58 to 2.84)
22. The role of the committees is to provide advice to the Board on: the financial sustainability of the NDIS (Sustainability Committee); and the objectives, strategies, and policies to be followed by the NDIA, with a dedicated focus on participant outcomes (Strategic Direction and Participant Outcomes Committee). In March 2024, the Audit Committee and Risk Committee were merged into the ARC — its role is to review and advise on the appropriateness of the NDIA’s financial and performance reporting, systems of risk oversight and management, and systems of internal control. Committee membership was largely consistent with charter requirements. (See paragraphs 2.85 to 2.121)
23. Each committee receives relevant reporting according to its function and gave verbal updates and meeting minutes to the Board. The committees have not always provided written advice on critical and high-risk areas that require further Board consideration and direction, and it is unclear if the committees’ verbal updates and meeting minutes provided assurance and assisted with informing decision-making and the efficient running of the Board. (See paragraphs 2.85 to 2.121)
Oversight of compliance and performance
24. The Board has issued Accountable Authority Instructions and guidance to NDIA officials to support legislative compliance. The Board made CEO appointments and had regard to advice from the Independent Advisory Council, Scheme Actuary and ARC, consistent with NDIS Act requirements. (See paragraphs 3.3 to 3.19)
25. Reporting to the Board on regulatory compliance is aggregated which reduced the Board’s visibility of the adequacy of internal controls. The Board did not respond to senior executive advice that they could not give full assurance over their regulatory compliance obligations. The Board provided annual risk management declarations, as required by the NDIS Risk Management Rules 2013. The Board did not review its Risk Management Framework or receive sufficient reporting on NDIA risk culture, resourcing and control effectiveness, as required. (See paragraphs 3.20 to 3.47)
26. The Board has monitored NDIS financial sustainability and NDIS fraud risk. This included consideration of draft reform initiatives proposed to address increasing NDIS expenses. It is not clear if the Board provided NDIA management with direction on reform initiatives proposed before these were included in advice to government. The Board receives regular updates on the progress of reform activities. It is not clear if the Board has been active in directing reporting on reform deliverables to assure itself that the NDIA will fulfil the Australian Government’s NDIS Financial Sustainability Framework commitments. (See paragraphs 3.48 to 3.83)
27. Corporate plans largely complied with PGPA Rule requirements, and the Board approved the performance measures in corporate plans prior to their publication. Eleven of the NDIA’s 19 measures for the 2023–24 Annual Performance Statements satisfied relevant PGPA Rule requirements. The performance measures for 2023–24 did not reflect the NDIA function of managing NDIS financial sustainability, although new measures in the 2024–25 corporate plan relate to this function. (See paragraphs 3.84 to 3.114)
28. The Board received and discussed regular reporting on results against corporate plan performance measures, although it did not consistently seek further detail or assurance where internal reporting indicated poor results or potential issues with reporting mechanisms. (See paragraphs 3.84 to 3.114)
Recommendations
Recommendation no. 1
Paragraph 2.56
The Board of the National Disability Insurance Agency document how it manages conflicts of interest, including those arising from members who declared personal interests as NDIS participants, family members of participants, members of disability organisations, and/or employment with NDIS providers or consultancies providing services to the NDIA.
National Disability Insurance Agency response: Agreed.
Recommendation no. 2
Paragraph 3.37
The Board of the National Disability Insurance Agency define the frequency of review of the Risk Management Framework having regard to the size and complexity of the NDIA’s operations and implement mechanisms to ensure the reviews are conducted within these timeframes.
National Disability Insurance Agency response: Agreed.
Recommendation no. 3
Paragraph 3.113
The Board of the National Disability Insurance Agency, including through its committees, strengthen its oversight of entity performance by more consistently responding to management reporting with requests for relevant further information, reporting or assurance from management where results are below targets, assumptions are unclear, or other issues or risks are raised.
National Disability Insurance Agency response: Agreed.
Summary of entity responses
29. Copies of the proposed report were provided to the NDIA and DSS. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the audit are listed in Appendix 2.
National Disability Insurance Agency
The National Disability Insurance Agency (NDIA) welcomes the ANAO’s assessment that NDIA Board’s governance is largely effective. We note the ANAO conclusions that governance arrangements are largely consistent with its legislative requirements; that Board appointments are in accordance with legislative requirements; and Board meetings are properly constituted.
The NDIA Board acknowledges the importance of having clear and specific guidance and governance processes in relation to the Board’s responsibilities, including how these are executed. The Board has recently updated key artefacts that relate to Board practices and processes that the ANAO has identified as areas for improvement. This includes updating the Board and/or Committee charter to include clarification on the use of in camera sessions, management of conflicts of interest, and how the Audit and Risk committee provides advice to the Board.
As noted in the report, the Board approved a workplan for 2025 which identifies key artefacts required to fulfill the Board’s statutory obligations. The Board also has standing items for areas that Board has identified as either requiring monitoring or of particular interest to the Board. The Board acknowledges there is an opportunity to provide management with clarity regarding the Board’s expectations regarding strategic reporting on key programs, additional reporting where targets are not being met, and the policies and documents that the Board should approve or have oversight over.
Department of Social Services
The Department of Social Services (the Department) welcomes the Australian National Audit Office (ANAO) report on the Effectiveness of the Board of the National Disability Insurance Agency.
The Department notes the report’s three recommendations refer to the Board of the National Disability Insurance Agency.
The Department notes the key messages from this audit for all Australian Government entities, including considering whether key stakeholders and decision makers have specific accessibility requirements and producing relevant documents in accessible formats.
Key messages from this audit for all Australian Government entities
30. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. Reducing the disparity between Indigenous and non-Indigenous economic outcomes has been a longstanding goal of Australian governments. The National Agreement on Closing the Gap aims to strengthen economic participation and development of Aboriginal and Torres Strait Islander people and their communities.1 Increasing opportunities for Indigenous economic participation has also been an area of interest for the Australian Parliament.2
2. The Indigenous Procurement Policy (IPP) was established in 2015 with the objective ‘to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy’.3 One of three elements of the IPP are the mandatory minimum requirements (MMRs), which are targets for minimum Indigenous employment and/or supply use for Australian Government contracts valued from $7.5 million in certain specified industries.4 The National Indigenous Australians Agency (NIAA) is responsible for administering the IPP, including the MMRs.
Rationale for undertaking the audit
3. The stated policy objective of the MMRs is to ‘ensure that Indigenous Australians gain skills and economic benefit from some of the larger pieces of work that the Commonwealth outsources, including in Remote Areas’.5 Compliance with the MMRs is mandatory for non-corporate Commonwealth entities. The MMRs were established in July 2015 and became binding on contractors from 1 July 2016.
4. Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements was undertaken to provide assurance that the MMRs were being effectively administered and selected entities were complying with them.6 The audit concluded that while the MMRs were effectively designed, their administration had been undermined by ineffective implementation and monitoring by the policy owner and insufficient compliance by the selected entities.7 The audit made six recommendations to improve administration of and compliance with the MMRs, which were all agreed to.
5. Auditor-General reports identify risks to the successful delivery of government outcomes and provide recommendations to address them. The tabling in the Parliament of an agreed response to an Auditor-General recommendation is a formal commitment by the entity to implement the recommended action. Effective implementation of agreed Auditor-General recommendations demonstrates accountability to the Parliament and contributes to realising the full benefit of an audit.8
6. This audit examines whether the NIAA; Department of Defence (Defence); Department of Education (Education); Department of Employment and Workplace Relations (DEWR)9; Department of Home Affairs (Home Affairs); and Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts (Infrastructure) have effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20. Entities’ implementation of agreed recommendations will help provide assurance to the Parliament about whether the MMRs are meeting the objective of stimulating Indigenous entrepreneurship, business and economic development and providing Indigenous Australians with opportunities to participate in the economy.
Audit objective and criteria
7. The audit objective was to assess whether selected entities effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.
8. To form a conclusion against the objective, the following high-level criteria were adopted.
- Did the NIAA implement recommendations related to the administration of the MMRs?
- Does the NIAA manage exemptions to the MMRs effectively?
- Did selected entities implement recommendations related to their compliance with the MMRs?
Conclusion
9. Almost five years after the recommendations were agreed to, entities had partly implemented recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements. Although the NIAA had improved guidance for entities and sought to increase MMR reporting compliance, a recommendation for the NIAA as the policy owner to implement an evaluation strategy was not completed. The NIAA has not demonstrated whether the MMRs are improving Indigenous economic participation. A risk related to the inappropriate use of exemptions was not managed. Recommendations intended to address the risk that reporting on MMR contracts is incomplete and inaccurate were partly implemented by audited entities. Reforms to the Indigenous Procurement Policy were announced in February 2025 without a clear understanding of the policy’s effectiveness.
10. The NIAA largely implemented two of three recommendations relating to its administration of the MMRs: to develop guidance on the MMRs for Australian Government entities and contractors; and to implement a strategy to increase MMR reporting compliance. The NIAA did not complete a third recommendation as it developed but did not implement an MMR evaluation strategy. Additional commitments made by the NIAA in response to two recommendations were not met.
11. Contracts subject to the MMRs may be exempted by entities for valid reasons established in the Indigenous Procurement Policy. The inappropriate use of exemptions impedes achievement of the Indigenous Procurement Policy’s objectives. The NIAA’s management of exemptions has been partly effective. Systems have been set up to allow potentially invalid exemptions. There is a lack of guidance and assurance over the appropriate use of exemptions.
12. Defence, Education and Home Affairs largely implemented the agreed recommendations relating to compliance with the MMRs. The NIAA, DEWR and Infrastructure partly implemented the agreed recommendations. The MMRs are relevant to the approach to market, tender evaluation, contract management, reporting and finalisation phases of a procurement. Compliance with the MMR requirements was higher in the approach to market, tender evaluation and contract management phases than in the reporting and finalisation phases. All entities could do more to ensure contractors’ compliance with MMR targets and to gain assurance over reported MMR performance.
Supporting findings
Administration of mandatory minimum requirements
13. Auditor-General Report No. 25 2019–20 recommended that the NIAA develop tailored guidance on managing the MMRs throughout the contract lifecycle in consultation with entities and contractors. The NIAA published updated guidance on managing the MMRs in July 2020, following stakeholder consultation. The guidance included complete information for nine of 14 topics identified as requiring additional guidance in Auditor-General Report No. 25 2019–20. Guidance included incomplete information on MMR exemptions, managing MMR performance reporting, and obtaining assurance over contractors’ MMR performance reporting. As at March 2025, guidance had not been updated since July 2020 despite changes to MMR reporting requirements. A commitment to publish guidance tailored for Indigenous businesses was not met. (See paragraphs 2.5 to 2.22)
14. Contractors must report on, and Australian Government entities must assess, performance in meeting agreed MMR targets. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement a strategy to increase entity and contractor compliance with MMR reporting requirements to ensure information in the Indigenous Procurement Policy Reporting Solution (IPPRS) is complete. The NIAA planned and undertook activities aimed at increasing contractors’ compliance with MMR reporting requirements and entities’ management of reporting non-compliance. These included improvements to the IPPRS and monitoring reporting compliance in Australian Government portfolios. The NIAA closed the ANAO recommendation before planned changes to the IPPRS were implemented. As at February 2025, the IPPRS did not fully support contract managers to meet reporting requirements for all types of MMR contracts. User feedback indicated ongoing access and support issues. While reporting compliance increased between 2022 and 2024, as at June 2024, entities and contractors were not fully compliant with MMR reporting requirements and information in the IPPRS was incomplete. Reforms to the IPP announced by government in February 2025 included potentially increasing transparency of suppliers’ performance against MMR targets. (See paragraphs 2.23 to 2.32)
15. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement an evaluation strategy for the MMRs that outlines an approach to measuring the impact of the policy on Aboriginal and Torres Strait Islander employment and business outcomes. Although an evaluation strategy for the MMRs was finalised, it was not implemented. The NIAA has not met requirements to review the effectiveness of a procurement-connected policy every five years. There is no performance monitoring and limited public reporting about the MMRs. (See paragraphs 2.33 to 2.54)
Exemptions from mandatory minimum requirements
16. Between July 2016 and September 2024, 63 per cent (valued at $69.3 billion) of all contracts recorded in the Indigenous Procurement Policy Reporting Solution (IPPRS) were exempted from the MRRs by relevant entities. The proportion of contracts exempted by entities from the MMRs has increased over time. The IPPRS has been set up by the NIAA to allow entities to record reasons for exemptions. The reason categories in the IPPRS mainly align with the Indigenous Procurement Policy, however include a category called ‘other’ that does not align. Of exempted contracts, 34 per cent (valued at $30.2 billion) used the exemption category ‘other’. The NIAA advised the ANAO that some contracts exempted for ‘other’ reasons were exempted because they are in practice non-compliant with the Indigenous Procurement Policy. Entities’ use of the ‘other’ exemption category for non-compliant contracts obscures the degree of non-compliance with the MMRs and is not appropriate. The NIAA does not provide complete guidance on the use of exemptions, or assurance over the legitimacy of exemptions. The NIAA has not considered the strategic implications of exemption usage for the achievement of policy objectives. (See paragraphs 3.1 to 3.13)
Compliance with mandatory minimum requirements
17. Auditor-General Report No. 25 2019–20 recommended that all audited entities review and update their procurement protocols to ensure procuring officers undertaking major procurements that trigger the MMRs comply with required steps in the procurement process.
- As at December 2024, all entities updated their procurement protocols for MMR requirements. One component of this was the development of detailed internal guidance. As at December 2024, Defence, Education, Home Affairs and Infrastructure’s guidance identified key MMR requirements for the approach to market to contract management phases of the procurement lifecycle. DEWR’s guidance and the NIAA’s internal guidance did not identify all key MMR requirements.
- Aside from Home Affairs, all entities’ contracts were largely compliant with the MMRs at the approach to market, tender evaluation and contract management phases of the procurement lifecycle. Home Affairs’ contracts was partly compliant. Defence’s compliance was poorer for contracts resulting from panel procurements.
- All audited entities could improve tender evaluation processes by including an IPPRS search on tenderers’ past MMR compliance.
- In summary: Defence, Education, and Infrastructure largely implemented the 2019–20 recommendation, and the NIAA and DEWR partly implemented it. Home Affairs’ guidance was appropriately updated, however it has not consistently ensured that procuring officers undertaking major procurements that trigger the MMRs comply in practice with the required steps. (See paragraphs 4.3 to 4.18)
18. Auditor-General Report No. 25 2019–20 recommended that all audited entities establish processes, or update existing processes, to ensure contract managers and contractors regularly use the IPP Reporting Solution (IPPRS) for MMR reporting.
- Defence, Education and Home Affairs’ internal guidance identified key IPPRS reporting requirements, while the NIAA, DEWR and Infrastructure’s internal guidance did not identify all key requirements.
- For a sample of contracts, the NIAA’s MMR reporting was timely and based on accurate IPPRS data. For the other five entities, there were issues with both timeliness and accuracy. None of the five entities consistently followed up on late contractor reporting.
- When a contract variation is published on AusTender, IPPRS data is not consistently updated. This means a contract may be identified as on track to meet the MMR target based on incorrect values or a contract may move to the finalisation step prematurely as the end date is inaccurate.
- In summary: Defence, Education and Home Affairs largely implemented the 2019–20 recommendation, and the NIAA, DEWR and Infrastructure partly implemented it. (See paragraphs 4.19 to 4.37)
19. Auditor-General Report No. 25 2019–20 recommended that after guidance has been provided by the policy owner, all audited entities establish appropriate controls and risk-based assurance activities for active MMR contracts.
- As the policy owner, the NIAA published guidance in July 2020 that has a short overview on how MMR performance information could be verified.
- All six entities established at least some controls and arrangements to gain assurance over contractors’ MMR performance reporting. Controls and arrangements were more developed in Education and Home Affairs.
- For a sample of contracts examined, none of the entities consistently undertook assurance activities to verify contractor performance reporting. Defence undertook the most assurance activity.
- In summary: all entities partly implemented the 2019–20 recommendation. (See paragraphs 4.38 to 4.59)
Effectiveness of the mandatory minimum requirements |
Based on MMR performance information reported by Australian Government entities and contractors, the number and value of MMR contracts have grown since the introduction of the Indigenous Procurement Policy (IPP) in 2015. In 2016–17, 17 contracts with MMR targets for Indigenous employment and/or supply use were awarded, with a total value of $756.4 million. In 2023–24, 189 MMR contracts were awarded with a total value of $5.9 billion. Between 1 July 2016 and 30 September 2024, 870 MMR contracts were awarded by 52 Australian Government entities with a total value of $45.2 billion. Indigenous employment and/or supply use targets established under the MMR contracts were reported to be met for 72 per cent of completed MMR contracts.a The majority of MMR contracts were reported to be meeting established employment and supply use targets. These results, however, were based only on contracts where reporting was complete. As at June 2024, 28 per cent of MMR contracts in the reporting phase were not compliant with MMR reporting requirements. Reporting relies on contractor information, and entities largely had not undertaken activities to verify that MMR performance information was accurate. While the application of the MMRs is trending upwards, between July 2016 and September 2024, 1,475 contracts valued at $69.3 billion were ‘exempted’ by entities from the MMRs, often for reasons that are unclear. There is a lack of performance information and evaluation data that allows for the impact and outcomes of the IPP to be assessed. The NIAA’s public reporting on the IPP does not provide information on the MMRs’ effectiveness. It is unclear if the IPP’s objectives of stimulating Indigenous entrepreneurship, business and economic development, and providing Indigenous Australians with more opportunities to participate in the economy, are achieved. While the Indigenous business sector has grown since the introduction of the IPP, in November 2024 the Joint Standing Committee on Aboriginal and Torres Strait Islander Affairs highlighted limitations in available data on the economic contribution of the sector and the impact of policies to support Indigenous economic participation.b |
Note a: Based on 161 contracts where an assessment outcome was reported as at 30 September 2024.
Note b: Joint Standing Committee on Aboriginal and Torres Strait Islander Affairs, Inquiry into economic self-determination and opportunities for First Nations Australians (2024), pp. 13–19, 39–40.
Recommendations
20. This report makes eight recommendations.
Recommendation no. 1
Paragraph 2.21
To support Australian Government entities and contractors to comply with the mandatory minimum requirements (MMRs), in consultation with entities and contractors, the National Indigenous Australians Agency review and update MMR guidance material to ensure that it:
- accurately reflects the current process for managing MMR reporting in the Indigenous Procurement Policy Reporting Solution and provides guidance on appropriate reporting timeframes;
- provides sufficient information to support entities to implement risk-based assurance activities for MMR contracts; and
- provides sufficient information for entities and contractors on suitable evidence to support performance reporting.
National Indigenous Australians Agency response: Agreed.
Recommendation no. 2
Paragraph 2.45
The National Indigenous Australians Agency establish a process to ensure it meets Australian Government requirements placed on policy owners of procurement-connected policies, including reapplication for recognition as a procurement-connected policy.
National Indigenous Australians Agency response: Agreed.
Recommendation no. 3
Paragraph 2.52
The National Indigenous Australians Agency:
- complete and publish an evaluation of the effectiveness of the mandatory minimum requirements in contributing to meeting the objectives of the Indigenous Procurement Policy; and
- develop mandatory minimum requirements performance measures to enable ongoing monitoring.
National Indigenous Australians Agency response: Agreed.
Recommendation no. 4
Paragraph 3.11
To ensure exemptions are accurately recorded in the Indigenous Procurement Policy Reporting Solution, non-compliance with the Indigenous Procurement Policy can be appropriately identified, all applicable contracts are subject to the mandatory minimum requirements reporting and assessment process, and the Indigenous Procurement Policy is achieving its policy objectives, the National Indigenous Australians Agency:
- amend its protocols to ensure that it is not treating non-compliance with mandatory minimum requirements as an exemption or exclusion;
- consider what scenarios that are consistent with allowable exclusions and exceptions within the Indigenous Procurement Policy are not covered by existing categories in the Indigenous Procurement Policy Reporting Solution and therefore whether the ‘other’ category is still justified and required;
- when implementing recommendation 1, provide additional guidance to Australian Government entities on the use of exemption categories, which includes information on when it is appropriate to classify a contract as an ‘exemption’, and when it is appropriate and inappropriate to use the exemption category of ‘other’; and
- implement a risk-based assurance process to ensure that reported exemptions or exclusions are legitimate.
National Indigenous Australians Agency response: Agreed to parts a–c, Not agreed to part d.
Recommendation no. 5
Paragraph 4.7
The National Indigenous Australians Agency and Department of Employment and Workplace Relations update internal procurement guidance to better support procuring officers undertaking major procurements that trigger the mandatory minimum requirements to comply with required steps in the procurement process.
National Indigenous Australians Agency response: Agreed.
Department of Employment and Workplace Relations response: Agreed.
Recommendation no. 6
Paragraph 4.16
Department of Home Affairs strengthen controls to ensure compliance with the mandatory minimum requirements at the approach to market, tender evaluation and contract management phases of major procurements.
Department of Home Affairs response: Agreed.
Recommendation no. 7
Paragraph 4.24
The National Indigenous Australians Agency; Department of Employment and Workplace Relations; and Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts establish, strengthen or update guidance to ensure contract managers and contractors appropriately use the Indigenous Procurement Policy Reporting Solution for mandatory minimum requirements reporting.
National Indigenous Australians Agency response: Agreed.
Department of Employment and Workplace Relations response: Agreed.
Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts response: Agreed.
Recommendation no. 8
Paragraph 4.53
All audited entities meet their responsibility under the Indigenous Procurement Policy to establish or strengthen processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.
National Indigenous Australians Agency response: Agreed.
Department of Defence response: Agreed.
Department of Education response: Agreed.
Department of Employment and Workplace Relations response: Agreed.
Department of Home Affairs response: Agreed.
Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts response: Agreed.
Summary of entity responses
21. Extracts of the proposed audit report were provided to the NIAA, Defence, Education, DEWR, Home Affairs and Infrastructure. Entities’ summary responses are provided below. Entities’ full responses are provided at Appendix 1.
National Indigenous Australians Agency
The National Indigenous Australians Agency (NIAA) welcomes the findings of the audit.
The primary purpose of the Indigenous Procurement Policy (IPP) is to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy. The Mandatory Minimum Requirements (MMR) are a key component of this policy.
Prior to the implementation of the policy in 2015, Indigenous businesses secured limited business from Commonwealth procurement. The policy has significantly increased the rate of purchasing from Indigenous businesses.
The NIAA is proud to take the lead on behalf of the Commonwealth in providing advice on how to best meet the requirements of the IPP. The NIAA provides advice to Commonwealth entities through its many publications and its dedicated IPP team. Within the resources available, the NIAA has also invested in providing ICT tools and support to assist Commonwealth entities with their responsibility to ensure accurate reporting on targets and MMRs.
As with all other elements of the Commonwealth Procurement Rules, it is the responsibility of each Commonwealth entity to meet the obligations of the IPP. The NIAA welcomes the ANAO’s recommendations on how it can improve the advice it provides to entities to meet their obligations.
Department of Defence
Defence welcomes the ANAO Audit Report assessing whether selected entities effectively implemented the agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.
Defence agrees to the recommendation directed at all audited entities to establish or strengthen processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with the mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.
As the Commonwealth’s largest procurer, Defence is proud of its significant commitment towards supporting the long-term growth and sustainability of the Indigenous business sector, and will continue working with the National Indigenous Australians Agency to improve the monitoring and reporting of the MMR targets.
Department of Education
The Department of Education welcomes this report. The report recognises the significant efforts the department has made to implement changes recommended by the ANAO’s performance audit of February 2020, however the department acknowledges the need to continue its efforts to strengthen its processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.
Education is already making progress towards meeting the report’s recommendation, including working with contract managers to ensure that assurance activities are performed more consistently, and that contract managers regularly review and verify contractor reports. Education will continue to engage with departmental contract managers to ensure that MMR contracts are actioned in the IPPRS within the audit’s recommended timeframes.
Education notes the audit’s broader messages to all entities on the importance of strengthening procurement processes to ensure tenderers’ Indigenous Participation Plans are assessed and that assessments are appropriately documented. Education has added additional information to its intranet guidance on the process required when evaluating tender responses for MMR contracts, and its guides on approaching the market and evaluating and selecting suppliers. In addition, Education has updated its Evaluation Plan templates to include MMR requirements as part of the evaluation process, where applicable.
Education are regular participants in the Commonwealth Procurement and Contract Management Community of Practice and participate in networking opportunities across the Australian Public Service, including informal knowledge sharing across entities.
Department of Employment and Workplace Relations
The Department of Employment and Workplace Relations (DEWR) acknowledges the Australian National Audit Office’s (ANAO) report detailing the outcomes of the follow up audit of Targets for minimum Indigenous employment or supply use in major Australian Government procurements.
DEWR is committed to delivering compliant procurement processes that deliver the expected business outcomes. This includes ensuring compliance with the Indigenous Procurement Policy and that our high value (as defined by the Indigenous Procurement Policy) contracts are properly managed and reported on. Starting from a low maturity level, we have been on a continuous journey of improvement since the Department’s creation in July 2022 (following a Machinery of Government change). We acknowledge and accept the ANAO’s findings and commit to implementing their recommendations as part of our broader procurement maturity program of work.
Department of Home Affairs
The Department of Home Affairs is committed to the implementation of the Government’s policy objective to drive growth in Aboriginal and Torres Strait Islander businesses and employment.
The Department agrees with the two recommendations made by the Auditor-General aimed at improving the Department’s compliance with mandatory minimum requirements (MMR) of the Indigenous Procurement Policy throughout the procurement and contract management phases, and will strengthen its processes, guidance, reporting and assurance activities to achieve this.
Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts
The department supports the policy objectives of the Indigenous Procurement Policy and the achievement of the Mandatory Minimum Requirements (MMR) as a key element of the IPP. This follow up audit, which examined all five of the department’s procurements that triggered the MMR, has highlighted the need for further improvement in aspects of the department’s arrangements for meeting the MMR. The department is committed to making the necessary improvements to its processes.
Key messages from this audit for all Australian Government entities
22. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Policy implementation
Procurement
Governance and risk management
Summary and recommendations
Background
1. Regulations are sets of rules established by government authorities that aim to deliver better economic, social, and environmental outcomes for Australians and businesses.1 The Australian Government’s regulator performance framework was first established in 2014. In April 2021, to improve the extent to which regulators had a Statement of Expectations (SOE) in place and up to date, a revised approach to setting expectations for regulator performance was adopted. The key element was a renewed focus on the SOE and responding Statement of Intent (SOI), to be updated with every: change in minister, regulatory leadership or Commonwealth policy; or every two years.
2. SOE are issued by responsible ministers to a regulator to provide ‘greater clarity about government policies and objectives relevant to the regulator in line with its statutory objectives and the priorities the minister expects it to observe in conducting its operations’. Statements of Intent (SOI) respond to the expectations set out in Ministerial Statements of Expectations, outlining ‘how the regulator intends to meet those expectations including how it will demonstrate progress.’2 The importance of publication of SOE was highlighted in 2004: ‘allowing the Parliament and the community to be aware of government’s expectations and the responses by statutory authorities.’3
3. From 1 July 2022, responsibility for regulatory policy and reform (including maintenance of the Australian Government regulator stocktake) moved from the Department of the Prime Minister and Cabinet to the Department of Finance (Finance). Finance was provided with $38.19 million in the October 2022–23 Budget for regulatory policy and reform. In the 2023–24 Mid-Year Economic Fiscal Outlook, a further $27.9 million was provided across the forward estimates, with $9.4 million per annum ongoing from 2027–28. With the resources it had been provided, Finance identified that it would be able to deliver oversight through a centrally coordinated and driven approach to support entities to improve regulatory systems.
4. In December 2022 Finance issued Regulator Performance (Resource Management Guide (RMG) 128).4 It replaced the Regulator Performance Guide of July 2021. RMG 128 was updated in July 2023. Finance has also issued a guidance note for RMG 128. The guidance note sets out that Finance’s role involves ‘supporting ministers, departments and regulators to issue or refresh Ministerial Statements of Expectations for regulators, and corresponding Regulator Statements of Intent’, and that this includes assisting entities to apply the definitions to functions within their remit. It also provides SOE considerations for different governance models and information on what SOE and SOI should contain.
5. The regulator performance framework outlines that an SOE and responding SOI ‘should’ be in place and refreshed at least every two years. SOE and SOI are not mandated. In this respect, in February 2025, the Department of Finance (Finance), which has stewardship responsibility for the regulator performance framework advised the ANAO that:
Ultimately, however, ministers and accountable authorities are responsible for identifying and settling the regulatory functions within their responsibilities, and whether a Statement of Expectations is issued to a regulator is a matter for the relevant minister. As such, while Finance will continue to support these activities, it is neither appropriate nor meaningful for Finance to take a compliance role in relation to RMG 128.
6. In a March 2025 report, the Joint Committee of Public Accounts and Audit made findings and a recommendation relating to regulator SOE and SOI. The Committee also made a recommendation to Finance about its approach to stewardship of the framework (see further at paragraphs 1.6 to 1.8).
Rationale for undertaking the audit
7. Regulation is an important function of the Australian Government and high-quality regulation — whether of the private, not-for-profit or public sector — is important for the effective functioning of the economy, society and the environment. Australian government regulators and those responsible for regulatory functions are expected to have a current SOE and SOI in place. SOE and SOI are a key accountability mechanism to ensure regulators fulfil their statutory objectives in line with government expectations and policy, and provide transparency to regulated parties. This audit provides assurance to the Parliament about this element of the regulator performance framework.
Audit objective and criteria
8. The audit objective was to assess the effectiveness of the framework in place to have a regulatory Ministerial SOE and a responding SOI in place.
9. To form a conclusion against the objective, the ANAO examined:
- Which functions are subject to Ministerial Statements of Expectations and responding Regulator Statements of Intent?
- What Ministerial Statements of Expectations and responding Regulator Statements of Intent are in place?
Conclusion
10. Regulator Statements of Expectations and Statements of Intent are not in place to cover all regulatory functions. The extent to which regulatory functions are not covered by an SOE and SOI reflects that Finance’s approach to stewardship has not provided oversight through a centrally coordinated and driven approach to support entities. Where entities with regulatory responsibilities do not have an up-to-date SOE and SOI, it is more difficult for the regulator to have clarity about relevant government objectives and the priorities the minister expects the regulator to pursue. The absence of an up-to-date SOE and SOI also impairs transparency and accountability given the statements are meant to be publicly available and provide the basis for regulator performance reporting.
11. There is not a comprehensive list of Australian Government regulators and regulatory functions. Finance’s regulator stocktake does not provide a complete picture of regulatory functions and regulators as there are at least a further 21 regulatory functions in addition to those included in the stocktake. The stocktake also does not provide a complete picture of the Statements of Expectations and responding Statements of Intent that have been issued. This situation reflects that the framework in place does not mandate SOE and SOI be in place, accountable authorities are not always meeting expectations (in part due to shortcomings in the guidance promulgated by Finance) and Finance’s stewardship approach has not provided oversight through a centrally coordinated and driven approach to supporting entities.
12. As of December 2024, there were 57 SOE and 49 SOI in place across 90 regulators.5 Of the 90 regulators:
- at least6 18 regulators (20 per cent) had an SOE in place that covered all of their regulatory functions;
- at least 14 regulators (15 per cent) had an SOE in place that covered some of their regulatory functions; and
- 34 (38 per cent) did not have an SOE in place.
13. Most of the regulator SOE and SOI that are in place have content that is consistent with guidance from the Department of Finance. The main areas where the guidance is not being met include: SOE not outlining how the responsible minister will engage with the regulator and, similarly, SOI not addressing how the regulator intends to engage with policy departments and the minister at a high level; and SOE not requesting regulators incorporate them into their corporate plan and annual report.
Supporting findings
Regulators and regulatory functions
14. There is no comprehensive list of regulators and regulatory functions. The identification of regulators and regulatory functions required to have a Statement of Expectations and responding Statement of Intent is based on definitions in Regulator Performance (RMG 128). The definitions require improvement so that accountable authorities are able to identify when Statements should be in place. (See paragraphs 2.2 to 2.28)
15. As of December 2024, the Department of Finance’s regulator stocktake identified 67 regulators across 52 Commonwealth entities having one or more regulatory functions, and that there were 35 SOE in place. The stocktake is incomplete as it does not recognise all regulators or Statements that are in place. Of note, there are at least a further:
- 21 regulators with regulatory functions in addition to those included in the stocktake; and
- 21 SOE in place that are not recognised in the stocktake. This comprises a mixture of entities included in the stocktake with the stocktake not recognising the existence of the SOE and regulatory functions not included in the stocktake where there is an SOE. (See paragraphs 2.29 to 2.44)
Regulator statements
16. As of December 2024, there were at least 57 regulatory Statements of Expectations in place. There were regulatory functions identified by the ANAO that were not covered by a Statement of Expectations (either because the entity did not have a Statement of Expectations, or the Statement of Expectations did not cover all regulatory functions). (See paragraphs 3.2 to 3.23)
17. Most of the Statements of Expectations have content that identifies the government’s expectations. The content of the documents is largely consistent with guidance from the Department of Finance. The main areas where the guidance is not being met comprises: SOE not outlining how the responsible minister will engage with the regulator; SOE not requesting the regulator respond with a Statement of Intent; and SOE not requesting regulators incorporate the statements into their corporate plan and annual report. (See paragraphs 3.24 to 3.27)
18. As of December 2024, there were 49 regulatory Statements of Intent in place. Eight of these had been in place for more than two years. (see paragraphs 3.28 to 3.31)
19. The Regulator Statements of Intent that are in place identify how the government’s expectations will be delivered, consistent with guidance from the Department of Finance. (See paragraphs 3.32 to 3.38)
Recommendations
Recommendation no. 1
Paragraph 2.24
The Department of Finance:
- improve the structure and content of its guidance on the regulator performance framework, including the definition of a regulator and regulatory function, so as to better support accountable authorities to meet the expectation that there be a Statement of Expectations and a Statement of Intent in place for regulatory functions; and
- consider whether the policy intent is able to be achieved through the approach set out in Regulator Performance (Resource Management Guide (RMG) 128), including having regard to whether approaches adopted in other jurisdictions may be more effective.
Department of Finance response: Agreed.
Other entities that agreed or supported the recommendation: Australian National University, Department of Defence, Department of Industry, Science and Resources, Department of the Treasury, National Anti-Corruption Commission, Sydney Harbour Federation Trust and Wine Australia.
Other entities that noted or acknowledged the recommendation: Australian Digital Health Agency, Australian Radiation Protection and Nuclear Safety Agency, Department of Agriculture, Fisheries and Forestry, Department of Education, Department of Employment and Workplace Relations, Department of Health, Disability and Ageing, Department of Veterans’ Affairs, IP Australia, Office of the Fair Work Ombudsman and Professional Services Review.
Recommendation no. 2
Paragraph 2.42
The Department of Finance strengthen its approach to the regulator stocktake by:
- undertaking its own research and analysis in addition to seeking input from entities in order that the stocktake is a complete and accurate record of all Australian Government regulatory functions, regulators and Statements of Expectations and Statements of Intent; and
- identifying an appropriate mechanism to ensure accountable authorities inform it when a Statement of Expectations or Statement of Intent has been issued or refreshed.
Department of Finance response: Agreed in principle.
Other entities that agreed or supported the recommendation: Australian National University, Department of Defence, Department of Industry, Science and Resources, Department of the Treasury, Sydney Harbour Federation Trust and Wine Australia.
Other entities that noted or acknowledged the recommendation: Australian Digital Health Agency, Australian Radiation Protection and Nuclear Safety Agency, Department of Agriculture, Fisheries and Forestry, Department of Education, Department of Employment and Workplace Relations, Department of Health, Disability and Ageing, Department of Veterans’ Affairs, IP Australia, Office of the Fair Work Ombudsman and Professional Services Review.
Recommendation no. 3
Paragraph 3.11
The Department of Finance improve the guidance it provides to entities on the circumstances in which entities with a regulatory function are not expected to have a Statement of Expectations or Statement of Intent in order that accountable authorities can provide appropriate support to ministers.
Department of Finance response: Agreed.
Other entities that agreed or supported the recommendation: Australian National University, Department of Defence, Department of Industry, Science and Resources, Department of the Treasury, National Anti-Corruption Commission, Sydney Harbour Federation Trust and Wine Australia.
Other entities that noted or acknowledged the recommendation: Australian Digital Health Agency, Australian Radiation Protection and Nuclear Safety Agency, Department of Agriculture, Fisheries and Forestry, Department of Education, Department of Employment and Workplace Relations, Department of Health, Disability and Ageing, Department of Veterans’ Affairs, IP Australia, Office of the Fair Work Ombudsman and Professional Services Review.
Recommendation no. 4
Paragraph 3.34
The Department of Finance improve the extent to which regulatory functions are covered by Statements of Expectations and Statements of Intent by engaging with all entities that have regulatory functions by:
- where Statements are not in place, working with the entity (and the portfolio department, as appropriate) to develop and publish Statements that accord with the content requirements of Resource Management Guide 128 and cover all regulatory functions of each regulator;
- monitoring the currency of existing Statements, and engage with entities to draw attention to the need for any updates;
- identifying all regulatory functions in the regulator stocktake, including in circumstances where Statements are not in place to cover regulatory functions; and
- identifying opportunities to maximise the value that regulators gain from having Statements of Expectations and Statements of Intent.
Department of Finance response: Agreed in principle.
Other entities that agreed or supported the recommendation: Australian National University, Department of Defence, Department of the Treasury, Sydney Harbour Federation Trust and Wine Australia.
Other entities that noted or acknowledged the recommendation: Australian Digital Health Agency, Australian Radiation Protection and Nuclear Safety Agency, Department of Agriculture, Fisheries and Forestry, Department of Education, Department of Employment and Workplace Relations, Department of Health, Disability and Ageing, Department of Industry, Science and Resources, Department of Veterans’ Affairs, IP Australia, Office of the Fair Work Ombudsman and Professional Services Review.
Summary of entity responses
20. The proposed audit report was provided to the Department of Finance and other regulators. Fifty one regulators provided responses to the ANAO, including 28 regulators that provided formal letter responses set out at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
Department of Finance
The Department of Finance (Finance) welcomes the report and agrees to recommendations 1 and 3, and agrees in principle to recommendations 2 and 4.
Finance’s stewardship role supports government, entities and regulators by providing principles-based advice and guidance to ensure regulatory systems remain fit-for-purpose and easy to navigate and interact with. Finance will continue to provide oversight of regulatory performance by providing specific guidance and support to entities regarding RMG 128, and the development of SOE/SOIs. The findings of the report are instructive, and the recommendations provide an opportunity to take a broader view of how Finance can better support regulatory policy makers and regulators in achieving the policy intent of the regulator performance framework, improve transparency and accountability through the Australian Government regulator stocktake and support regulators to report against the 3 principles of best practice.
Finance is already undertaking work to revise the definition of regulator and regulatory function, improve the completeness and accuracy of the Australian Government regulator stocktake to the extent possible, and refine how we support regulatory policy makers and regulators. We also note report by the Joint Committee of Public Accounts and Audit (JCPAA) inquiry into the administration of Commonwealth regulations (JCPAA Report) on 27 March 2025 makes complementary findings and recommendations.
Australian Energy Regulator
The AER was provided with extracts from the proposed report.
The AER notes that there are no findings or recommendations relating to the AER.
The AER notes the contents of the report, including the key messages. The AER publishes Statements of Expectations and Statements of Intent on the AER website.
Attorney-General’s Department
The department and relevant portfolio entities appreciate the opportunity afforded from the ANAO audit process to improve the operation of Ministerial Statements of Expectations and Responding Statements of Intent. We note the report appropriately reflects commentary provided from the portfolio during the audit process on the available guidance and entity views on being characterised as undertaking regulatory functions under current guidance. We note the four recommendations made to the Department of Finance and the key messages for all Australian Government entities. Further guidance on the definition of regulators, regulatory functions and requirements for Statements of Expectations or Statements of Intent will ensure better understanding and compliance across the Commonwealth.
Australian National University
The Australian National University (the University) welcomes the Australian National Audit Office’s (ANAO) Proposed Audit Report on Ministerial Statements of Expectations and responding Regulator Statements of Intent.
The Australian National University Act 1991 authorises the Council of the University to make statutes for or in relation to the regulation or control of traffic, or of the parking, stopping, standing or leaving of vehicles, on land occupied by the University in the ACT. The University does so through the Australian National University (Parking and Traffic) Statute 2019.
The University agrees with the ANAO’s assessment outlined in Table 2.1 and supports the recommendations within the Audit Report.
Department of Agriculture, Fisheries and Forestry
The Department of Agriculture, Fisheries and Forestry (the department) welcomes the audit report and acknowledges findings and recommendations of the Australian National Audit Office.
The department remains committed to working closely with the Department of Finance (DOF) to strengthen regulatory stewardship. This includes the ongoing implementation of Resource Management Guide 128: Regulator Performance (RMG 128), supported by the Statement of Expectations (SOE) and Statement of Intent (SOI).
The department acknowledges the proactive support and monitoring provided by DOF in progressing the SOE and SOI, including seeking regular updates on progress and valuable advice to help DAFF meet RMG 128 requirements.
The department also appreciates the acknowledgement of its ongoing efforts to establish a current SOE and SOI despite challenges posed by changes in Minister and regulatory leadership. The most recent SOE was signed on 30 January 2025, and while a draft SOI was prepared, it was not finalised before commencement of the caretaker period. Further work will be paused pending the outcomes of the election.
While not directly responsible for the audit recommendations, the department will stay informed of initiatives aimed at addressing audit findings and will support, engage and participate where appropriate.
Department of Defence
Defence welcomes the Auditor-General’s observations and audit findings into Ministerial Statements of Expectations and Responding Statements of Intent, and supports the recommendations.
Defence shares the views expressed by other Commonwealth agencies concerning the ambiguities identified within Resource Management Guide 128. In particular, that the definition of regulatory functions needs to be clarified to ensure consistency of application across agencies.
Department of Education
The department welcomes the report. The report highlights the importance of high-quality regulation and the role of regulator Statements of Expectations and responding Statements of Intent in promoting accountability and transparency. The department will continue to work closely with the Department of Finance as we refresh these documents over the coming year.
Department of Employment and Workplace Relations
The Department of Employment and Workplace Relations (the department) notes the audit’s overall findings and recommendations for the Department of Finance to improve the regulator performance framework, the approach to the regulator stock take, and to ensure Statements of Expectations and Statements of Intent are in place. The department recognises its own responsibilities as a regulator with reporting obligations under Resource Management Guide 128.
The department acknowledges and supports the key audit messages, and welcomes the insights provided by the instances of good practice highlighted in the report. These are essential for all Australian Government entities in ensuring effective governance and risk management in the provision and maintenance of Statements of Expectation and responding Statements of Intent.
The department will respond to any support requested by the Department of Finance in implementing each of the 4 Recommendations to improve the regulator performance framework as set out in Resource Management Guide 128.
Department of Health, Disability and Ageing
The Department of Health and Aged care (the Department) acknowledges the findings in the report and notes the recommendations directed to the Department of Finance.
It was pleasing to note the Departmental SOE met the requirements of Regulator Performance (RMG-128), except for the requirement to refresh the Ministerial Statements of Expectations (SOE) upon change of the Secretary. This will be done following the election when the ministry is known. The Regulator Statements of Intent (SOI) was assessed as fully compliant with RMG128.
There are no recommendations directed to the Department. However, the Department would be indirectly involved to help implement the various recommendations by way of changes or updates to some of our departmental and portfolio regulator’s SoE and responding SOI. To address this the Department has contacted the departmental and portfolio regulators and commenced the work to update the SOEs and SOIs.
Department of Industry, Science and Resources
The Department of lndustry, Science, and Resources (the department) notes the Australian National Audit Office’s proposed audit report on Ministerial Statements of Expectations (SOE) and Responding Regulator Statements of lntent (SOI).
The department notes findings in the report and agrees with the recommendations 1 to 3 made to the Department of Finance (Finance).
The department notes recommendation 4, that Finance improve the extent to which regulatory functions are covered by Statements of Expectations (SOE) and responding Regulator Statements of lntent (SOI). The department considers that the approach taken in resource management guide 128 to minor regulatory functions, is sensible. This is equally applicable to individual regulator SOEs.
Department of the Treasury
Treasury welcomes the report and will continue to work with regulators within its portfolio to support ministers in ensuring Ministerial Statements of Expectations and responding Statements of Intent are current and accessible.
In respect of recommendation 1 (b), Treasury agrees with the ANAO assessment and is of the view that Statement of Expectations and Statement of Intent requirements should be improved and separated from RMG128 into a distinct guide. Linking it to RMG128 provides minimal benefit to performance reporting which is already covered by the better practice principles and could detract from the strength and authority of the entity’s purposes and key activities. Treasury recognises these are important transparency documents developed between the regulator and the Government, but it is unnecessary to link these to the corporate plan and annual report that are owned by the accountable authority. This is particularly significant where the regulator and the accountable authority are different roles.
National Offshore Petroleum Safety and Environmental Management Authority
I acknowledge:
- the NOPSEMA Statement of Expectations was signed by Minister King on 29 June 2022 and NOPSEMAs Statement of Intent was signed on 2 September 2022 by the previous CEO. We look forward to receiving a new Statement of Expectations in due course.
- whilst the statements were both completed prior to my tenure at NOPSEMA in February 2023, I am dedicated to fulfilling the expectations and intentions of the statements. A commitment is made by the position of CEO and therefore I undertake the duties of the CEO including any Statements of Expectations or Intentions. Indeed, when Minister King and I meet, we discuss NOPSEMA’s performance and delivery against these statements.
- the OIR received Minister Bowen’s Statement of Expectations on 19 December 2024. OIR’s Statement of Intent was finalised on 18 March 2025 and is available on the OIR website.
- the statements of expectations and intent for NOPSEMA and OIR are the foundation for NOPSEMA’s delivery strategies and key performance measures.
Office of the Special Investigator
The Office of the Special Investigator (OSI) is an independent Executive Agency under section 65 of the Public Service Act 1999 and is a non-corporate Commonwealth entity under Schedule 1 of the Public Governance, Performance and Accountability Rule 2014. The agency does not have specific enabling legislation. Its authority to act is derived from functions specified in the Executive Order.
Under the Executive Order, the OSI, jointly with the Australian Federal Police (AFP), is investigating allegations of war crimes by members of the Australian Defence Force in Afghanistan from 2005 to 2016. The roles and responsibilities of the OSI include no reference to regulation; the OSI does not administer or enforce any regulations or laws, nor can it.
It is my view as the Accountable Authority of the OSI, that it is not within the scope of the audit objectives and need not be captured by the audit report.
Parliamentary Workplace Support Service
PWSS welcomes the feedback from the Australian National Audit Office (ANAO) and will support the Department of Finance with implementing relevant recommendations.
Professional Services Review
Professional Services Review (PSR) is one small part of the regulation of the provision of Medicare, dental benefits, and Pharmaceutical Benefits Scheme (PBS) services within the Health and Aged Care portfolio. The legislation does not enable PSR to set its own agenda but must respond to the cases referred to it by the Chief Executive Medicare. Consequently, there is no capacity for it (independent of the portfolio department) to develop ‘major projects’ initiate ‘reforms’ or engage in ‘key developments’ of a nature that would be of such significance as to include in a Ministerial Statement of Expectations.
Wine Australia
Wine Australia:
- agrees with each of the recommendations in the proposed report under section 19 of the Auditor-General Act 1997 re Ministerial Statements of Expectations and Responding Statements of Intent dated 17 March 2025; and
- is ready, willing and able to assist and/or engage with the Department of Finance in response to those recommendations as needed.
Key messages from this audit for all Australian Government entities
21. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. In 2015, the Australian Government introduced the Commonwealth Home Support Programme (CHSP). CHSP services include meals, cleaning, garden maintenance, transport and aids. The CHSP meals service category aims to ensure food security and nutritional and social benefits for older Australians. The Department of Health, Disability and Ageing (Health) is responsible for administering CHSP.
2. CHSP service providers receive funding through Australian Government grants and client contribution fees. In 2023–24, CHSP grants totalled $3.1 billion, making CHSP one of the Australian Government’s largest grant programs. In 2023–24, the Australian Government funded 1,264 CHSP providers, 71 per cent of which were not-for-profit organisations. The value of grant funding awarded for the CHSP meals service category totalled $114.3 million across 540 meal providers in 2023–24.
3. Meals on Wheels is a volunteer-based meals delivery service to people at home ‘who are unable to cook or shop for themselves’ or ‘living with an illness or disability’.1 Meals on Wheels Australia Limited (MoWA) is the national peak body that represents and advocates for providers that are members of the Meals on Wheels (MoW) network. In 2023–24, 135 of 540 (25 per cent) CHSP meal providers were affiliated with the MoW brand. MoW providers received $45.4 million in CHSP grants in 2023–24.
4. The Australian Government responded to the 2021 Royal Commission into Aged Care Quality and Safety’s recommendations relating to in-home aged care through a number of measures, including the design of a new Support at Home Program.2 The Support at Home Program will bring together three in-home aged care programs, including CHSP, under a single program. CHSP is due to transition to the Support at Home Program no earlier than 1 July 2027. Under the Support at Home Program, providers will be required to invoice the Australian Government based on services provided and will receive payment after services have been delivered (a fee-for-service model).
5. The Future Fit Program aimed to improve MoWA’s organisational capability, including how it captures data on meal delivery services and accounts for aged care social outcomes associated with the MoW operating model. Health procured Miles Morgan Australia using CHSP funds to deliver the Future Fit Program.
- On 23 December 2021, Health contracted Miles Morgan Australia to deliver ‘strategic business transformation advice and services’ for $5,487,191.3 The project was to be concluded with a final report on 18 January 2023.
- On 4 October 2022, a contract variation with Miles Morgan Australia increased the 2021 contract value by $1,560,900, for a total cumulative value of $7,048,091. A key element of the variation was a customer relationship management (CRM) software system for the MoW network. The timeframe for delivery of the Future Fit Program final report was extended to 1 November 2023.
- On 19 January 2024, Health contracted Miles Morgan Australia to ‘transition’ meals operations in the Whitehorse Local Government Area (LGA) in Victoria. The value of this contract was $1.69 million, for a total cumulative value of $8.74 million across all three Future Fit Program contracts. A final report was to be delivered on 8 March 2024, and the contract stated that all work was to be completed by 10 March 2024 (with a provision for unanticipated delays to 31 May 2024).
6. This audit covers governance, procurement and contract management of the Future Fit Program between December 2021 and May 2024.
Rationale for undertaking the audit
7. In 2023–24, the Australian Government provided $3.1 billion in funding to 1,264 CHSP providers, making it one of the Australian Government’s largest grants programs. Over 800,000 Australians used CHSP services in 2023–24.4 CHSP is transitioning to the Support at Home Program no earlier than 1 July 2027. The Future Fit Program involved $8.74 million in procurement payments to Miles Morgan Australia to support Meals on Wheels Australia and the Meals on Wheels network to prepare for the transition from CHSP to the Support at Home Program.
8. This audit provides the Parliament with assurance on whether Health’s administration of the Future Fit Program was effective.5
Audit objective and criteria
9. The audit objective was to assess the effectiveness of Health’s administration of the Future Fit Program.
10. To form a conclusion against the audit objective, the following high-level criteria were adopted:
- Has Health established sound governance arrangements to support the delivery of the Future Fit Program?
- Has Health conducted procurements for the Future Fit Program effectively?
- Has Health managed the Future Fit Program contracts effectively?
Conclusion
11. Health’s administration of the Future Fit Program was ineffective. Poor project governance, procurement practices that were not aligned to the Commonwealth Procurement Rules, and weak contract management impeded the achievement of the Future Fit Program’s objectives. Health has not evaluated the Future Fit Program to determine if the project has resulted in the Meals on Wheels network being in a better position to transition to the new Support at Home Program.
12. Health did not establish sound governance arrangements to support the delivery of the Future Fit Program. Health did not maintain appropriate oversight of the project. Health did not appropriately identify and manage project risk. Health did not engage with stakeholders in accordance with its Stakeholder Engagement Framework. Health did not measure the achievement of Future Fit Program outcomes.
13. Planning and conduct of the 2021, 2022 and 2024 Future Fit Program procurements were not effective, except for meeting AusTender reporting requirements. Health did not appropriately plan for the Future Fit Program procurements and its consideration of procurement risk was limited. Approaches to market did not support a value for money outcome. Procurement effectiveness was further undermined by insufficient demonstration of value for money, failure to maintain complete records, limited achievement of procurement objectives, and weak probity management. Procurement processes fell short of ethical standards.
14. Health’s management of Future Fit Program contracts was not effective. The Future Fit Program’s objective was to prepare the MoW network for the transition from the Commonwealth Home Support Programme to the Support at Home program. Some contract deliverables were not realised, and there is no evidence-based analysis of the achievement of the intended outcomes. Health’s contract administration effectiveness was impacted by a lack of contract management planning (including risk management), inappropriate segregation of duties, a poorly justified contract variation, deficient records management, and limited probity management. Health did not establish contract performance measures. While contract management practices improved for the 2024 contract, the contract ended in a legal dispute and non-delivery of some contract requirements.
Supporting findings
Governance
15. Health did not assess the Future Fit Program against the requirements of its project management framework nor establish governance arrangements for the project that were consistent with the framework. The Future Fit Program contractor, Miles Morgan Australia, established roles and responsibilities for the Future Fit Program in 2022. Health did not have an established role in project oversight or delivery. The Future Fit Program was established in part to place MoWA in a better position to support MoW state associations and providers. In October 2022 Health agreed to a proposal from Miles Morgan Australia to remove MoWA from project governance arrangements, without consulting MoWA or advising the minister. From mid-2023, Health engaged more directly with MoWA and the MoW network on the Future Fit Program. (See paragraphs 2.1 to 2.20)
16. Health required Miles Morgan Australia to develop a project risk register at the outset of the Future Fit Program in 2022. The March 2022 project risk register identified and assessed risks and included treatments for risks outside of tolerance. Health was assigned ‘shared’ ownership of six of the 22 identified project risks, including one extreme risk that was rated ‘unacceptable.’ Health was not involved in the treatment of shared risks. Project status reports repeatedly showed the Future Fit Program as being at ‘high’ or ‘extreme’ risk of not being delivered as planned. There was no process of identifying treatments for these risks. Health did not subsequently seek updates of or refer to the 2022 register. A separate risk register was developed for the 2024 contract. Health did not contribute to the 2024 register. (See paragraphs 2.21 to 2.35)
17. Health did not have a fit-for-purpose stakeholder engagement plan for the Future Fit Program. In 2021 and 2022, communications activities were designed by a sub-contracted firm. The communications plan was not updated over time as the situation evolved. The communications plan and engagement activities did not reflect Health’s principles of effective stakeholder engagement, especially the principle of inclusivity. A decision to direct source a provider for meals provision in several Victorian locations was made without consultation with key stakeholders. Stakeholder activities were not appropriately recorded or reviewed. Health’s handling of a stakeholder management complaint in 2023 did not align with principles set out in its complaints management policy. From mid-2023, Health’s stakeholder engagement practices improved. (See paragraphs 2.36 to 2.70)
18. Health received project status reports from Miles Morgan Australia for the 2021 and 2024 contracts, although Health did not ensure that six of 21 reports were provided in a timely manner, or that reports were provided throughout the whole of the implementation period. Most of these reports identified significant issues with project delivery. Health did not acknowledge the reports. Health did not enforce contractual requirements for Miles Morgan Australia to develop an evaluation plan. As at April 2025, the Future Fit Program had not been evaluated. (See paragraphs 2.71 to 2.81)
Procurement
19. Planning and approaches to market for the 2021, 2022 and 2024 procurements were deficient and did not comply with the Commonwealth Procurement Rules.
- Health’s decision to use a procurement to fund the Future Fit Program was not underpinned by a strong policy rationale or market analysis.
- There was no planning for any of the three procurements. Procurement values were not estimated before the approach to market.
- Risk was not identified and assessed in the 2021 and 2022 procurements. For the 2024 procurement, risks were identified, however all risks were assessed as low and therefore did not require treatment despite well-known delivery issues.
- Health approached one supplier (Miles Morgan Australia) in all three procurements. The supplier was selected without analysis of alternatives. A standing arrangement (panel) to facilitate the procurement of this specific supplier was identified after a decision was made to procure the supplier.
- In 2021, Health engaged Miles Morgan Australia from the panel after having been made aware that the method was at risk of breaching the Commonwealth Procurement Rules. The 2022 procurement used the same panel and included services beyond the panel scope. There was a lack of due diligence when the contract was varied in 2022 to include a customer relationship management (CRM) system. Health used a limited tender condition for the 2024 procurement based on flawed reasoning that lacked transparency. Across the three procurements, there were instances of internal legal advice not being sought, not being followed and/or not being appropriately shared with Health’s Procurement Advisory Services.
- AusTender reporting of the procurement method was appropriate. (See paragraphs 3.1 to 3.53)
20. Demonstration of value for money and maintenance of appropriate records were deficient for the 2021, 2022 and 2024 procurements. Procurement approvals were appropriately recorded for two of three procurements. Probity was not effectively managed, and there could be improvements to Health’s gifts, benefits and hospitality policy to support probity. Conduct fell short of ethical standards. Health met AusTender timeframes for reporting contracts. (See paragraphs 3.54 to 3.82)
Contract management
21. Health did not have contract management plans in place for the Future Fit Program contracts with Miles Morgan Australia. Contract risk was not assessed in 2021 or 2022. Contract risks were assessed as low in 2024 despite known issues and some risks had already been or were quickly realised. Between 2022 and 2023, there was insufficient segregation of duties (a key control to prevent poor decision-making and fraud) in procurement and contract management, however this was improved in 2024. In October 2022, the 2021 contract was varied to include development of a Customer Relationship Management (CRM) system without an assessment of whether the variation offered value for money, whether it affected the original procurement’s value for money, or whether procured goods and services could be provided by other potential suppliers. Contract administration activities, including the verification of deliverables prior to release of payments, were poorly recorded for the 2021 and 2022 procurements. Records management and verification of deliverables improved for the 2024 contract. Probity was not managed. (See paragraphs 4.1 to 4.22)
22. Future Fit Program 2021, 2022 and 2024 contract deliverables were partially achieved. The 2024 contract was executed while 2022 contract deliverables were still outstanding, including confirmation that a CRM system, which was to be ‘transitioned’ from Miles Morgan Australia to a MoW provider under the 2024 contract, had been successfully deployed. There was a lack of success measures to determine if project outcomes had been achieved. There is no evidence that Health managed performance issues related to the 2021 and 2022 contracts. The 2024 contract was clearer about performance expectations than the 2021 and 2022 contracts, and Health managed concerns about contractor performance in 2024. (See paragraphs 4.23 to 4.32)
Recommendations
Recommendation no. 1
Paragraph 2.7
The Department of Health, Disability and Ageing implement controls to ensure that:
- all potential projects are assessed against its project tiering guidelines, to help ensure fit-for-purpose governance arrangements are established in accordance with its project management framework; and
- the rationale for not categorising a project into one of its three project tiers is recorded.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 2
Paragraph 2.33
When procuring project management services, the Department of Health, Disability and Ageing ensure that:
- the department’s accountability for project delivery is recognised in governance arrangements; and
- project risk is managed in accordance with the department’s project and risk management frameworks.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 3
Paragraph 2.64
For projects that involve complex stakeholder relationships, the Department of Health, Disability and Ageing develop processes to ensure that:
- stakeholder engagement plans are prepared that reflect the five Stakeholder Engagement Framework principles of purposeful, inclusive, timely, transparent and respectful; and
- outcomes of stakeholder interactions are appropriately recorded; including to better enable the review and measurement of stakeholder engagement as required under Health’s five-step engagement model.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 4
Paragraph 2.80
The Department of Health, Disability and Ageing evaluate the Ballarat and Whitehorse LGA pilot programs to inform future program design and to better support the transition of Commonwealth Home Support Programme providers to the new Support at Home program.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 5
Paragraph 3.23
The Department of Health, Disability and Ageing amend its procurement risk profile template to include consideration of the lawful basis for the proposed procurement expenditure.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 6
Paragraph 3.31
The Department of Health, Disability and Ageing strengthen its procurement procedures to ensure legal advice obtained in the course of arranging a procurement is shared with the Procurement Advisory Services team to mitigate procurement risk.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 7
Paragraph 3.59
The Department of Health, Disability and Ageing strengthen procurement controls to ensure that relevant information (including price, legal advice, past and ongoing disputes, and performance issues) is incorporated into the value for money assessment for procurements.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 8
Paragraph 3.68
To ensure the proper use and management of public resources, the Department of Health, Disability and Ageing reinforce to officials their records management obligations under the Archives Act 1983, including when using mobile devices for official business.
Department of Health, Disability and Ageing response: Agreed.
Summary of entity response
23. The proposed audit report was provided to the Department of Health, Disability and Ageing. Extracts of the proposed audit report were provided to Newcastle Meals on Wheels and a representative of Miles Morgan Australia. The Department of Health, Disability and Ageing’s summary response is provided below and its full response is provided at Appendix 1. Responses from Newcastle Meals on Wheels and a representative of Miles Morgan Australia are provided at Appendix 1.
The Department of Health and Aged Care (the department) notes the findings in the report and accepts the recommendations.
The department is taking the report’s findings seriously, in particular that the actions of departmental staff did not meet ethical standards. As noted in the Secretary’s opening statement at the public hearing for the Joint Committee of Public Accounts and Audit inquiry into probity and ethics in the Australian Public Sector on 1 February 2024, the department is committed to ensuring all staff are supported in managing public resources in a transparent and ethical manner by fostering a culture of integrity. The department has well established processes for responding to such behaviours.
In response to this audit, the department will commission an evaluation of the Future Fit Program. The evaluation will form part of a suite of advice to government on future program design for the Commonwealth Home Support Program (CHSP), including advice to support government decisions on the future transition of CHSP to the new Support at Home Program no earlier than 1 July 2027. The department is also undertaking activities to strengthen its administrative processes in relation to projects, procurement and records management. In particular, the department is taking steps to ensure projects are accurately identified and appropriate departmental governance and oversight arrangements are in place.
Key messages from this audit for all Australian Government entities
24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Procurement
Summary and recommendations
Background
1. The Australian Taxation Office (ATO) is the principal revenue collection agency of the Australian Government. Its purpose is ‘to contribute to the economic and social wellbeing of Australians by fostering willing participation in the tax, superannuation and registry systems.’1 Having strong organisational capability, including information and communication technology (ICT) capability, directly contributes to delivering the ATO’s purpose and activities. An action that the ATO is taking to manage strategic technology risks is investment across its technology environment, including procurement for a range of IT managed services between 2022–2024.2
2. As a non-corporate Commonwealth entity, the ATO must comply with the Commonwealth Procurement Rules (CPRs)3 and the Australian Government Digital Sourcing Contract Limits and Reviews Policy. Achieving value for money is the core rule of the CPRs. The Australian Government Digital Sourcing Contract Limits and Reviews Policy’s three main requirements for contracts signed from 1 February 2020 are: contracts must not exceed $100 million exclusive of GST (including all extensions); contracts must not exceed a three-year initial term; and contract extension options must not exceed three years and can only be used after a review of contractor performance and deliverables.
3. The IT Strategic Sourcing Program (ITSSP) was established in February 2021 to strategically plan how the ATO would procure services to replace five ICT contracts with an estimated value of $3,748.7 million, with contracts due to expire between November 2023 and December 2025. The ATO approached the market in three waves, for seven requests for tender, between March and November 2022. It entered into eight contracts for IT managed services between December 2022 and June 2024.
4. Each of the ITSSP procurement processes were supported by external advisors. The ATO engaged six external advisors. The total value of the advisor contracts is estimated to be $88.11 million. The six advisor contracts commenced between April 2021 and February 2022. The contracted services were for advice relating to strategic sourcing, technical, probity, legal, financial assurance and project management.
Rationale for undertaking the audit
5. The ATO was procuring IT managed services as a material portion of its IT contract arrangements are due to expire. It was estimated that the new contracts would be valued at $2,536 million over 10 years if contract extension options are used (see paragraph 1.15). These contracts affect all ATO staff, clients and service delivery.
6. A cross entity audit of Establishment and Use of ICT Related Procurement Panels and Arrangements that included ATO was tabled in August 2020. That audit identified issues with ATO’s IT procurement, including that ATO did not meet the conditions for limited tender (including that there was no evidence of market research and that advice regarding risks to achieving value for money was not provided to the delegate), and that there was no or insufficient documentation of value for money and risk management, including probity risk management.
7. This audit provides assurance to Parliament about the ATO’s compliance with the CPRs for the procurement of IT managed services.
Audit objective and criteria
8. The objective of the audit was to assess the effectiveness of ATO’s procurement of IT managed services.
9. To form a conclusion against the objective, the following criteria were adopted.
- Has the ATO established sound governance arrangements for the IT managed services procurements?
- Has the ATO conducted the procurements in compliance with Commonwealth Procurement Rules and other requirements?
Conclusion
10. The ATO’s procurement of IT managed services was largely effective. Procurement activities for IT managed services were largely in line with the CPRs, including market engagement and soundings, and demonstrating value for money. There were, however, some shortcomings such as the ATO failing to observe core elements of the CPRs when conducting the legal services procurement, and not appropriately managing probity risks including declaring and managing conflicts of interest of the IT Strategic Sourcing Program delegate.
11. The ATO established largely sound governance arrangements for the IT managed services procurements. It established governance and oversight arrangements, procurement policies and procedures, and undertook market research to inform the design of its procurement strategy and plans. During planning, the program governance arrangements did not sufficiently distinguish endorsement and decision-making roles when seeking approvals. There were instances where the delegate, who was also the chair of the steering committee, provided approval to procurement planning related documentation and not separate delegate approval. Contrary to finance law in some instances Chief Executive Instructions (CEIs) were not consistently issued and approved by the accountable authority.
12. The ATO largely met core requirements of the CPRs except for probity management and conflict of interest. Mainframe Services and Hardware, Enterprise Operations and Technical Enablement (EOTE) and strategic sourcing partner procurements were largely in compliance with CPRs and other requirements. The approach to market and evaluation of the legal services procurement were not consistent with the intent of the CPRs4, and all required records were not maintained. The effectiveness of ATO’s management of probity risks could have been improved by ensuring that incumbent provider probity plans were approved by the ATO, and probity register records were effectively maintained. In addition, conflict of interest processes could have been better managed, including to address risks in a timely manner. Demonstration of value for money for the six advisor procurements was deficient with the cost of advisor contracts increasing from a total estimated value when approving the initial contracts of $19.06 million to a total value of $88.11 million, as at February 2025.
Supporting findings
Procurement governance and planning
13. A governance framework was implemented for the IT Strategic Sourcing Program (ITSSP), with the Chief Information Officer (CIO) as the delegate and senior accountable officer. Program risks were identified, assessed and managed. The initial planned completion including transition for the ITSSP was June 2024, this has been revised to December 2025. All procurements were completed and contracts signed by 20 June 2024 and transition is anticipated to be completed by December 2025. The steering committee considered options and risks to manage delays and impact on budget and timeframe. In some instances, consensus decision-making arrangements that were established through a steering committee led to a lack of clarity about when the delegate was exercising their delegation to make decisions. Over a period of 41 months there were 34 versions of the Chief Finance Officer’s (CFO’s) delegation schedules. (See paragraphs 2.4 to 2.31)
14. CEIs, procedures and guidance support ATO officials to undertake procurement in accordance with the CPRs. The ATO’s policy framework establishes arrangements where officers, other than the Commissioner, can approve and issue CEIs under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the Public Service Act 1999 (PS Act). This has led to some instances where the Commissioner has not approved and issued CEIs that were required to be made under section 20A of the PGPA Act. The ATO’s CEIs, procedures and guidance align with the CPRs. The ITSSP applied the existing ATO procurement framework to the IT managed services and advisor procurements. (See paragraphs 2.32 to 2.50)
15. The ATO conducted redesign and planning activities in 2021 and 2022. Its annual procurement plan provided advance notice to the market of the planned ITSSP procurement. Market research supporting the procurement strategy included early market engagement through a request for information (RFI), a technology horizon scan, a market comparison report and like-sized agency comparison. For each of these activities there was clear advice to the steering committee and delegate about outcomes and how they inform the procurement approach. A procurement plan for the ITSSP set out the procurement strategy. Procurement plans were developed for the selected ITSSP and advisor procurements, except for the legal services procurement. (See paragraphs 2.51 to 2.71)
IT and advisor procurement processes
16. Approaches to market were fair and transparent for the selected procurements, except for the legal services procurement. Approach to market documentation apart from the legal services procurement was compliant with the CPRs with a few exceptions. For example, the request documentation was not a complete description in compliance with paragraph 10(6)(d) of the CPRs as there were instances where changes were subsequently made to the request for tender (RFT) evaluation criteria (such as the relative importance of the criteria) in the evaluation plan or report. The legal services advisor procurement did not demonstrate good practice as the ATO approached one supplier to quote for services and did not include evaluation criteria, with costs increasing from an initial quote of $665,500 to $10.9 million. (See paragraphs 3.3 to 3.18)
17. Tender evaluation plans were prepared for the selected ITSSP procurements prior to tenders closing. While a tender evaluation plan was prepared for the strategic sourcing partner procurement, it was not finalised prior to quotes closing. Instances of inconsistencies between evaluation criteria weightings presented in procurement plans, RFTs, evaluation plans and those applied during evaluation were: sub-criteria weightings were not included in the procurement plan or RFT; and priority rankings set were not included in the evaluation report. Non-compliant and unsuccessful tenderers were not notified promptly of outcomes of the evaluation phase for both of the selected ITSSP procurements. The legal services procurement did not develop an evaluation plan, involve an evaluation or meet mandatory reporting timeframes for contract notices on AusTender. (See paragraphs 3.19 to 3.48)
18. To support the management of probity risks for the ITSSP, the ATO appointed an external probity advisor, developed a probity plan and probity protocols, maintained a register of probity briefings, maintained a probity register, and maintained a register of probity cleared personnel (ATO staff and advisors). Some probity requirements, such as approval and review of incumbent provider management plans, were not fully implemented and records in registers were incomplete, impacting the ATO’s ability to manage probity, including conflicts of interest. Probity arrangements, including the management of conflict of interest, were established and largely implemented for one of the two selected advisor procurements. (See paragraphs 3.49 to 3.100)
19. The ATO has an established process for the management of conflict of interest, with additional processes introduced for the ITSSP. Not all elements of the process were followed, including for key personnel exercising delegation. Not all conflict of interest declarations were made (for example, a delegate was not asked to complete an initial conflict of interest declaration for the ITSSP) or were not made in a timely manner (for example, the ITSSP delegate did not declare a conflict for the first 12 months of the program), did not contain sufficient detail for the approver to make an informed decision (for example, three of the four officers that declared a shareholding did not report the quantum or value of the shareholding in all declarations), and did not contain a detailed management plan to support monitoring and assessment of their implementation. Record keeping was incomplete. (See paragraphs 3.75 to 3.100)
20. Advice was provided to the decision-maker at key stages throughout the selected procurements and approvals were documented, apart from the legal services procurement. The ATO documented value for money assessments for the selected ITSSP procurements and strategic sourcing partner procurement. An assessment of value for money was not documented for the legal services procurement. The ATO considered how the unit price of IT professional services changed over the period of the EOTE procurement process when assessing value for money, it did not consider other potential changes to the market such as new entrants and how this might impact value for money. The value of advisor procurements increased significantly throughout the life of the program without ongoing assessment of whether the services continued to represent value for money. (See paragraphs 3.103 to 3.123)
Recommendations
Recommendation no. 1
Paragraph 2.14
When establishing program governance arrangements which includes procurement, the Australian Taxation Office ensure that: decision-making responsibilities are clearly set out, including to separate endorsement and decision-making roles; and processes support the appropriate decision-maker to make a decision.
Australian Taxation Office response: Agreed.
Recommendation no. 2
Paragraph 2.42
Consistent with section 20A and paragraph 110(2)(aa) of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) the Commissioner for Taxation should issue and approve all accountable authority instructions. To achieve this, the Australian Taxation Office should:
- review its policy framework to ensure compliance with the PGPA Act and Public Service Act 1999;
- refer to instructions made under section 20A of the PGPA Act as accountable authority or Commissioner’s instructions; and
- where instructions are made for conflict of interest and security they be issued under section 20A of the PGPA Act.
Australian Taxation Office response: Agreed.
Recommendation no. 3
Paragraph 3.100
When declaring and managing conflicts of interest in relation to procurement, the Australian Taxation Office:
- ensure conflicts of interest are declared in a timely manner and declarations contain sufficient detail about the conflict to support an assessment of its nature and risk;
- apply treatments to declared conflicts that are commensurate with the nature and risk associated with the conflict, and provide sufficient detail about the actions to be taken and when they should be taken to support implementation and monitoring;
- have regard to previous declarations and management plans to ensure consistency and completeness; and
- ensure when new resources are added to a procurement, including senior executives, and when new suppliers tender or quote, that personnel complete the conflict of interest declaration process.
Australian Taxation Office response: Agreed.
Recommendation no. 4
Paragraph 3.119
For ancillary services, the Australian Taxation Office apply an appropriate amount of rigour when assessing value for money. Consistent with the Commonwealth Procurement Rules (CPRs) the assessment should be commensurate with the scale, scope and risk of a procurement (CPRs paragraphs 4.4 and 6.2), and must consider whole of life costs (CPRs paragraph 4.5).
Australian Taxation Office response: Agreed.
Summary of entity response
21. The proposed audit report was provided to ATO, with an extract being provided to the former CIO. The ATO’s summary is provided below, and its full response is included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Australian Taxation Office
The ATO welcomes the audit findings that the ATO conducted largely effective and compliant procurements for IT managed services with largely sound governance.
We accept all 4 recommendations and have commenced or completed improvements prior to, throughout, and subsequent to, the audit. Over the past three years, the ATO has made improvements to our procurement processes, Chief Executive Instructions, probity processes and policies to maintain the integrity of procurement outcomes. We will continue to strengthen our governance processes and ensure alignment with best practice.
The procurements examined through this audit set out to break-down and replace 5 contracts of significant scale and complexity prior to expiry. These contracts underpin the delivery of the ATO’s digital and ICT services to all Australians. We established 8 new contracts through open, transparent and competitive tenders that have delivered better outcomes.
Large IT procurements are challenging, needing robust governance, and forecasting of market trends and organisational demands while carefully balancing stability against transformation. The ATO is proud of the work the organisation has done in conjunction with the market to deliver this outcome.
Key messages from this audit for all Australian Government entities
22. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Program design
Procurement
Conflicts of interest
Summary and recommendations
Background
1. Established by the Disaster Ready Fund Act 2019, the Disaster Ready Fund (DRF) is described by the Australian Government as its flagship disaster resilience and risk reduction initiative. To be eligible for funding, projects must fall under one of two eligible streams: infrastructure project or systemic risk reduction project.1
2. The National Emergency Management Agency (NEMA) is responsible for administration of the DRF. While anyone can develop a DRF proposal (an ‘applicant’), only state and territory governments are eligible to submit projects to NEMA for potential funding through the ‘lead agency’ in that state or territory. Lead agencies were responsible for coordinating, reviewing, evaluating and submitting applications to NEMA on behalf of project proponents. Lead agencies could also develop project proposals. In addition, payments for projects awarded funding were made by NEMA to the relevant state and territory lead agency, including where the project proponent was not a state or territory entity. The choice to conduct the DRF funding rounds in this way meant that the DRF was not subject to the Commonwealth Grants Rules and Principles and required that the cost of administering the DRF be shared between NEMA and the state and territory lead agencies.
3. NEMA was responsible for conducting an initial eligibility review of applications received from the state and territory lead agencies. Eligible projects were then referred to the DRF Assessment Panel (chaired by NEMA). The panel was to assess applications individually against the published selection criteria, rank proposals and make funding recommendations to the Minister for Emergency Management (the minister) through NEMA’s Coordinator-General.
4. Up to $1 billion in DRF funding has been announced as available over five years from 1 July 2023 to 30 June 2028 to fund projects. As of January 2025, two funding rounds have been conducted and a third is underway.
Rationale for undertaking the audit
5. The $1 billion DRF is described by the Australian Government as its flagship disaster resilience and risk reduction initiative. This performance audit was conducted to provide assurance to the Parliament about whether the award of DRF funding is effective and consistent with the published guidelines.
Audit objective and criteria
6. The objective of this audit was to assess whether the award of funding under the DRF was effective and consistent with the published guidelines.
7. To form a conclusion against the objective, the following high-level criteria were applied:
- Were appropriate guidelines in place?
- Was an appropriate approach taken to assessing candidate projects?
- Were funding decisions appropriately informed and documented?
8. The audit examined the awarding of funding under the DRF across the first two rounds. For the first criterion, the ANAO planned to also examine the development of the Round 3 guidelines. As those guidelines were not finalised and published until 22 January 2025 the ANAO analysis against the first criterion (as set out in Chapter 2) relates to the first two rounds only, so as to meet tabling commitments to the Parliament.
Conclusion
9. The award of funding under the Disaster Ready Fund was largely effective. Across the first two rounds, $402.15 million in funding was awarded to 362 projects with projects in the systemic risk reduction stream receiving the most funding (ahead of those in the infrastructure stream or those that applied under both streams). The aggregate scores against the three published criteria were a key factor used to decide which applications would be recommended for funding, an approach that is consistent with awarding funding on merit. Improvements to program design and, in particular, strengthened assessment arrangements, would provide greater confidence that the approved projects are those that will make the greatest contribution to the Fund achieving its objectives.
10. Funding guidelines for the first two rounds were in place. The publication of the guidelines was not timely. The guidelines were largely appropriate. The guidelines:
- outlined the way in which funding candidates would be identified;
- set out relevant and appropriate eligibility requirements and appraisal criteria;
- set out how applications would be scored and how the scoring results would be used, albeit with some relevant information about assessment processes not being published;
- identified some, not all, assessment and decision-making responsibilities; and
- identified assessment and decision-making responsibilities in relation to applications assessed as ineligible. The guidelines lack clarity in relation to assessment and decision-making responsibilities for aspects of eligibility checking, and in relation to the co-funding requirements.
11. The approach taken to assessing candidate projects was partly appropriate. The assessment and scoring of applications against the three published selection criteria were the primary input into the ranking of applications and identification of which projects would be recommended for funding. The approach to assessment meant that:
- the processes by which members of the assessment panel are appointed were not open, and the membership was not disclosed in the published guidelines;
- conflicts of interests for those involved in the assessment processes were not consistently identified, declared and managed;
- requests for waivers to the applicant co-contribution requirement were not assessed and decided prior to those applications proceeding to merit assessment; and
- the full panel did not undertake a detailed merit assessment of all applications with adjustments to total scores made during panel meetings not identifying which criteria were affected.
12. Funding decisions were appropriately informed and documented through written briefings. In each round, a clear recommendation was provided to the minister as to which applications should, on the basis of the panel’s assessment report, be approved for funding. The minister agreed with the recommendations received.
Supporting findings
Program guidelines
13. Guidelines for the first two rounds were developed, approved and published. There were two key shortcomings in NEMA’s approach:
- in both rounds, changes were made to the guidelines after they had been provided to NEMA’s probity adviser for sign-off, and also after the guidelines had been approved by the minister, without NEMA obtaining updated probity sign-off or ministerial approval of the changes; and
- publication was not timely. For the first round, one jurisdiction had opened its application process by the time the guidelines were released. For the second round, one jurisdiction had opened and closed its application process by the time the guidelines were released. The guidelines for the third round were publicly released on 22 January 2025. (See paragraphs 2.3 to 2.18)
14. The guidelines clearly outlined that a closed competitive application process was being employed. This included identifying the key role to be played by state and territory lead agencies to coordinate proposals in each jurisdiction, and for submitting applications to NEMA on behalf of the jurisdiction. It was up to lead agencies to decide how they would seek and coordinate proposals. For the first round, some jurisdictions released guidance and opened public submission and participation processes prior to the release of the DRF guidelines. For the second round, one jurisdiction had opened and closed its application process by the time the guidelines were released. Ministers had decided that NEMA should use the Business Grants Hub in the second round. NEMA procured an off-the-shelf commercial product for that round. (See paragraphs 2.19 to 2.22)
15. Relevant and appropriate eligibility requirements and appraisal criteria were established. (See paragraphs 2.23 to 2.29)
16. The guidelines set out how applications would be scored and how the scoring results would be used. NEMA also developed internal assessment framework documents for each round. There were some differences and/or additions between the internal documents and the published guidelines. (See paragraphs 2.30 to 2.31)
17. The program guidelines did not fully identify assessment and decision-making responsibilities for each round. (See paragraphs 2.33 to 2.36)
18. An evaluation strategy was developed in March 2024, which was after the first round had been completed and after the application stage for the second round had been undertaken. No evaluations are planned until at least 2026. (See paragraphs 2.37 to 2.41)
Assessment of candidate projects
19. Of the 44 applications in the first two rounds assessed as ineligible, 18 (41 per cent) were removed from consideration. The remaining 26 applications assessed as ineligible proceeded to the panel assessment stage, with one removed after the panel identified it as ineligible. (See paragraphs 3.1 to 3.6)
20. Appointments to the DRF Assessment Panel were not open or transparent. (See paragraphs 3.7 to 3.14)
21. Probity advice in the first round was compromised by the ongoing contracting by NEMA of the same firm to also provide advice on the design and conduct of the first two DRF funding rounds. NEMA did not take steps to ensure it was fully aware of, nor did it seek to manage, the potential impact and risk of this arrangement adversely affecting the independence of the probity adviser. (See paragraphs 3.17 to 3.26)
22. Internal NEMA processes for managing conflicts of interest centred around briefing participants on their probity requirements, collating conflict of interest declarations, and reliance on participants to update NEMA if information became available that required the individual to update their declaration. There was no active monitoring and management of potential or actual conflicts of interest beyond those declared by individuals. The conflict of interest registers for the first and second rounds were incomplete and inaccurate. The conflict of interest declarations required by the probity framework were not provided by a number of people in each round including from the Coordinator-General of NEMA in both rounds, the Deputy Coordinator-General in the second round and the lead probity adviser in the first round. There was no register of completed probity briefings. (See paragraphs 3.27 to 3.44)
23. The three appraisal criteria identified in the guidelines for the first two funding rounds were applied to assess the merit of competing candidate projects. The approach to assessment was not fully set out in the published guidelines, as it was not identified that a subset of the panel (four of six panellists in the first round, and three of 12 panellists in the second round) would undertake preliminary assessments of individual applications applying the individual criteria. The resulting average score for each application was provided to the full panel to consider individual applications against the merit criteria on an exception basis. There were shortcomings in the application of the documented assessment framework which meant that not all applications identified as achieving a ‘competitive’ preliminary assessment score were provided to the panel for full consideration. There were also gaps in the minutes of the panel meetings, with no record of decisions or discussion by the panel for 113 applications. Where there were records, it was common for the records to not explain score changes with relevance to the appraisal criteria, or explain the equity or diversity reasons for adjustments. (See paragraphs 3.45 to 3.71)
24. There were inconsistencies and anomalies in the assessment and decision-making in relation to requests from applicants for a waiver of the requirement that they provide a co-contribution of at least 50 per cent of eligible project expenditure. In the first round, the Program Delegate sought advice from the assessment panel, and waiver decisions reflected the panel advice. In the second round, no recommendations from the panel were recorded for 24 of the 60 requests for waivers. Of the 89 requests for a full or partial waiver received across the two rounds 80 were assessed, with 44 of the requests granted. The projects approved for DRF funding included 20 where a full or partial wavier was granted. (See paragraphs 3.73 to 3.84)
25. Applications were placed into three lists, a recommended for funding list, a suitable (but not recommended) list, and a list of not suitable projects. Projects were ranked within those lists. This approach was consistent with the requirement in the program guidelines that projects be ranked after they had been assessed against the three published selection criteria. (See paragraphs 3.85 to 3.100)
Funding decisions
26. Timely and clear funding recommendations were provided in writing each round to a delegate of the Coordinator-General. The recommendation was to endorse (in the first round) and approve (in the second round) the recommendations of the panel as set out in its assessment report. (See paragraphs 4.2 to 4.9).
27. Timely and clear funding recommendations were provided to the minister in each of the first two rounds. The recommendations reflected the results of the assessment process, as recorded by the panel in its assessment report for each round (the guidelines required that the recommendations be based on advice from the panel). (See paragraphs 4.10 to 4.17)
28. The minister recorded agreement in full to the funding recommendations in each round. The minister recorded the basis for the funding decision in the format provided by NEMA, referencing the Disaster Ready Fund Act 2019, and confirmed satisfaction that the expenditure was a ‘proper use of money’ in each round (the test set out in the PGPA Act). (See paragraphs 4.19 to 4.24)
29. Distribution of the award of funding in each round was commensurate with scale of applications from each jurisdiction, and the intent of the guidelines to support jurisdictions to achieve baseline funding thresholds. There was no evidence of political factors influencing the distribution of funding. (See paragraphs 4.25 to 4.32)
Recommendations
Recommendation no. 1
Paragraph 2.17
The National Emergency Management Agency, when obtaining probity review of funding guidelines:
- identify in its tasking of the probity adviser the points in the process at which probity sign-off will be required and the framework(s) to be considered when providing those sign-offs;
- ensure the probity review considers all substantive changes made to the guidelines; and
- provide clear and accurate advice to the decision-maker on whether the version of the draft guidelines being considered for approval has been the subject of probity review.
National Emergency Management Agency response: Agreed
Recommendation no. 2
Paragraph 2.34
The National Emergency Management Agency improve the funding guidelines for the Disaster Ready Fund by:
- ensuring consistency with its internal assessment framework, including by addressing in the published guidelines all key assessment and decision-making processes; and
- clearly identifying responsibility for each step in the assessment and decision-making processes.
National Emergency Management Agency response: Agreed in part
Recommendation no. 3
Paragraph 3.13
The National Emergency Management Agency:
- develop a strategy for the processes to appoint members of the Disaster Ready Fund assessment panel including appropriate procurement processes for members that are to be contracted for their expertise; and
- disclose the membership of the panel in the guidelines for each funding round.
National Emergency Management Agency response: Agreed in part
Recommendation no. 4
Paragraph 3.42
The National Emergency Management Agency strengthen the identification and management of conflicts of interest for the Disaster Ready Fund.
National Emergency Management Agency response: Agreed in part
Recommendation no. 5
Paragraph 3.70
The National Emergency Management Agency:
- include in the published guidelines for rounds of the Disaster Ready Fund information about the conduct of preliminary assessments and scoring of individual applications prior to the panel meetings; and
- address in its documented assessment framework the process that will be employed to decide which applications will be assigned to individual panel members for preliminary assessment and scoring.
National Emergency Management Agency response: Agreed
Recommendation no. 6
Paragraph 3.83
The National Emergency Management Agency improve the design and administration of future funding rounds of the Disaster Ready Fund by requiring that, where permitted, requests or co-contribution waivers be considered in advance of the merit assessment stage, with only those applications approved for a waiver being provided to the panel for merit assessment.
National Emergency Management Agency response: Noted
Summary of entity response
30. The proposed audit report was provided to NEMA. Extracts of the proposed report were also provided to: Maddocks, Australian Government Actuary, Natural Hazards Research Australia, Dr Mark Crosweller and Dr Jessica Weir. The letters of response that were received for inclusion in the audit report are at Appendix 1. Summary response from NEMA is below.
National Emergency Management Agency
The National Emergency Management Agency (NEMA) welcomes the audit and is committed to strengthening its delivery of the Disaster Ready Fund (DRF) in accordance with legislative requirements, government policies and better practice.
In awarding funds for over 350 projects, valued at $400 million, the first and second rounds of the DRF have supported communities across Australia to reduce disaster risk and build resilience. NEMA welcomes the overall conclusions of the audit the award of funds was largely effective, funding guidelines were largely appropriate and funding decisions were appropriately informed and documented.
NEMA notes six recommendations have been made to improve aspects of program delivery. Of these, NEMA agrees with Recommendations one and five, agrees in part with Recommendations two, three and four and notes Recommendation six.
NEMA also notes various findings throughout the report, several of which are premised on different interpretations of requirements and weightings of principles to those applied by NEMA. While NEMA acknowledges the ANAO’s views and will consider these in designing future rounds, NEMA disagrees with some findings and maintains its approach was consistent with a pragmatic interpretation of guideline requirements and struck an appropriate balance between better practice principles.
Key messages from this audit for all Australian Government entities
31. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Program design and implementation
Procurement
Summary and recommendations
Background
1. In July 2023, the Australian Government released a national wellbeing framework called Measuring What Matters (MWM). The Department of the Treasury (Treasury), as the policy owner for MWM, described the purpose for MWM was to construct a more complete picture of societal progress and enable government to better set and communicate policy priorities. Treasury stated a national wellbeing framework was important for better measurement of the progress of all Australians beyond economic measures. Treasury identified five themes for MWM — healthy, secure, sustainable, cohesive and prosperous — supported by 12 dimensions that describe aspects of the wellbeing themes and 50 key indicators1, to monitor and track progress, which will be updated over time.2
Rationale for undertaking the audit
2. The Australian Government has stated that MWM is ‘an important foundation on which we can build — to understand, measure and improve on the things that matter to Australians’.
3. This audit provides assurance to Parliament that the MWM framework was effectively designed and developed; and that Treasury’s arrangements to support implementation are effective.
Audit objective and criteria
4. The objective of the audit was to assess the effectiveness of Treasury’s design and implementation of the Measuring What Matters framework.
5. To form a conclusion against this objective, the following high-level criteria were examined.
- Did Treasury effectively design and develop Measuring What Matters?
- Are arrangements to support the implementation of Measuring What Matters effective?
Conclusion
6. Treasury was largely effective in designing and implementing the Measuring What Matters framework. While Treasury had provided sound policy advice and considered practical implementation, it did not have arrangements in place to assess if MWM was meeting its policy objective.
7. Treasury was largely effective in its design and development of MWM. MWM was supported by sound policy advice and considered practical policy implementation. There was no evaluation plan to measure the effectiveness of the MWM framework. Treasury conducted stakeholder consultation with government and non-government bodies domestically and internationally. Treasury did not document the rationale for how themes and indicators were selected based on the consultation feedback.
8. Treasury had largely effective arrangements in place to support the implementation activities for embedding MWM. Treasury facilitates discussions on MWM across government through an interdepartmental committee. Treasury has made progress to embed MWM into policy design and consulted with the Australian Bureau of Statistics (ABS) to improve the data quality. There are no arrangements in place to monitor, report or evaluate whether MWM is achieving its intended policy objective. The second MWM statement is intended to be released in 2026. Treasury does not have arrangements in place to facilitate the publication of the next MWM statement.
Supporting findings
Design and development
9. Treasury defined the intent of the policy and how outcomes would be measured. Treasury considered ways of integrating quantitative data into the MWM framework, and analysed information to select indicators based on qualitative data and quantitative measures. The policy advice identified risk and potential mitigation strategies. Treasury did not document decisions made to show linkages between data analysis and conclusions. (See paragraphs 2.2 to 2.22)
10. Treasury researched and consulted on other wellbeing frameworks used globally, and tested indicators with other government entities to determine if indicators were practical to implement. The design process considered policy evaluation in relation to indicators. Treasury is considering how to embed the MWM framework into policy-making processes. There is no evaluation plan in place to measure the effectiveness of the MWM framework. (See paragraphs 2.23 to 2.30)
11. Before the release of MWM in July 2023, Treasury consulted with stakeholders to design the themes, dimensions and indicators. The consultation consisted of meetings with government and non-government bodies domestically and internationally; and two public submission rounds. Treasury provided public updates throughout the consultation process. Treasury received feedback from the public wanting more time for consultations. Treasury did not document the rationale for how themes and indicators were selected based on the consultation feedback. (See paragraphs 2.31 to 2.71)
Planning for implementation
12. Treasury established an interdepartmental committee to facilitate discussions and seek feedback on MWM across government. Treasury worked with the ABS to provide advice to government and received funding for the ABS to reinstate and expand the General Social Survey as a dedicated survey for MWM. Treasury has made progress to embed MWM into policy design across government. (See paragraphs 3.3 to 3.37)
13. There are no monitoring or evaluation arrangements in place to measure the embedding of MWM across government. Treasury provides reports externally through the MWM dashboard and statement. The second MWM statement is intended to be released in 2026. Treasury does not have arrangements in place to facilitate the development and publication of the next MWM statement. (See paragraphs 3.38 to 3.48)
Recommendations
Recommendation no. 1
Paragraph 3.42
To ensure Measuring What Matters is achieving its desired outcome, the Department of the Treasury establish arrangements for monitoring and evaluating how Measuring What Matters is being embedded across government to achieve its intended outcome.
Department of the Treasury’s response: Agreed.
Recommendation no. 2
Paragraph 3.48
The Department of the Treasury implement arrangements for developing and publishing the next Measuring What Matters statement.
Department of the Treasury’s response: Agreed.
Summary of entity response
14. The proposed audit report was provided to Treasury. Treasury’s summary response is reproduced below. The full response from Treasury is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Treasury welcomes the report’s conclusion that it was largely effective in providing advice to Government regarding the design and implementation of the Measuring What Matters framework. Treasury welcomes the key messages that it provided sound policy advice, considered practical implementation of the framework and consulted broadly at all stages of design and implementation.
Treasury agrees with the recommendations presented in the report. As part of the work to implement Measuring What Matters, Treasury will establish arrangements for monitoring and evaluating progress toward achieving its intended outcomes and will design a plan to develop and publish the 2026 Measuring What Matters Statement.
Implementation and closure of these recommendations will be monitored by our Audit and Risk Committee.
Key messages from this audit for all Australian Government entities
15. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Stewardship of strategies, policies and frameworks
Shared delivery and shared risk
Record keeping
Summary and recommendations
Background
1. Impact Analysis (IA) is a long-established administrative process in the Australian Public Service (APS) with the intention to support informed policy decision-making. Any policy proposals or action of government with an expectation of compliance, and assessed to have a more than minor change in behaviour or impact on people, businesses or community organisations, are required to have an IA.1 The Australian Government Guide to Policy Impact Analysis provides high-level principles for policy makers and an outline of the process for developing IAs.2
2. The Office of Impact Analysis (OIA), a branch within the Department of the Prime Minister and Cabinet (PM&C), is responsible for the administration of the IA framework.3 The OIA’s work has two elements: an assessment element, to assess the IA work of policy agencies against the requirements of the IA framework; and a coaching element, to lift the APS’s capability to conduct evidence-based policy analysis.4 As at September 2024 the OIA was comprised of 16 staff and had been allocated $2.5 million to undertake its activities in 2023–24.
Rationale for undertaking the audit
3. The Public Service Act 1999 states that the APS ‘provides the Government with advice that is frank, honest, timely and based on the best available evidence’. Providing quality advice to support government in making policy decisions is a core function of the APS. Priority four of the APS reform agenda is ‘An APS that has the capability to do its job well’. This includes improving the capability of the APS to deliver good policy advice to support informed decision-making.
4. The IA framework is intended to support evidence-based policy development and informed decision-making by the Australian Government, including by improving the APS’s capability to undertake quality evidence-based policy analysis. The Assistant Minister to the Prime Minister’s foreword to the Australian Government Guide to Policy Impact Analysis states that an IA ‘provides decision-makers with information about how people, community organisations and businesses may be affected and how the costs and benefits fall across these groups’ to ‘help government choose the best path forward’. Published IAs support transparency over Australian Government decision‐making.
5. This audit provides assurance about whether PM&C is effectively administering the IA framework to achieve the IA framework’s objective of enabling well‐informed and transparent Australian Government decision‐making.
Audit objective and criteria
6. The audit objective was to assess the effectiveness of PM&C’s administration of the IA framework to enable well-informed and transparent Australian Government decision-making.
7. To form a conclusion against the objective, the ANAO adopted the following high-level criteria.
- Are PM&C’s governance arrangements for the IA framework fit for purpose?
- Is the IA framework implemented effectively?
- Has PM&C been an effective steward of the IA framework?
8. The audit focused on the period 1 July 2022 to 30 June 2024.
Conclusion
9. PM&C’s administration of the IA framework, including its governance and day-to-day implementation, has been largely effective. As steward of an Australian Government framework designed to achieve well-informed and transparent policy decision-making, PM&C could do more to evaluate whether the IA framework is fully achieving its objectives.
10. PM&C’s governance arrangements for the Impact Analysis framework are largely fit for purpose. Structural arrangements, settings and practices of the Office of Impact Analysis (OIA) do not clearly support independence of the office from government — a key principle. PM&C has established governance arrangements relating to conflict of interest, risk management, business planning, workforce planning, and information management, which apply to the work of the OIA. The OIA has largely implemented required governance arrangements. As steward of the framework, PM&C undertakes some engagement with stakeholders in Australia and internationally, which could be improved by better strategic planning and coordination across the Australian public sector.
11. The IA framework is implemented largely effectively. PM&C provides effective assistance to policy agencies to comply with the IA framework. PM&C has not examined the merits of a risk-based approach to increasing usage of non-mandatory early assessments, which positively impact IA quality. PM&C’s scrutiny of policy agencies’ use of ‘IA equivalents’, which exempt a policy proposal from the full IA assessment process, has been strengthened. Implementation of preliminary and final assessments is largely effective. Across all stages of the IA assessment process, internal guidance supporting decision-making and documentation of decision-making could be improved.
12. PM&C has been a largely effective steward of the IA framework. It has taken steps to evaluate whether the IA framework is achieving its objectives. PM&C provides advice to government on IA framework activities and on how the IA framework could be improved. PM&C could do more to monitor its effective and efficient implementation of the IA framework, to plan its monitoring and evaluation activities, and to evaluate its secondary role in improving policy capability across the Australian Public Service. Transparency could be enhanced through better public performance reporting.
Supporting findings
Governance
13. Independence of the office is an underlying principle of the IA framework. PM&C states that the OIA ‘maintain(s) day-to-day independence from the Australian Government in our decision-making’. The office is a branch within PM&C. Practical and structural controls to protect independence could be better articulated to increase confidence in how the framework is implemented. PM&C’s governance framework includes relevant policies and tools to manage probity, risk, workforce planning and information management. Conflicts of interest are largely managed by the OIA in accordance with departmental policy. Risk management was insufficient but improved following a ‘health check’ on the office undertaken in 2023. Controls for a workforce risk have been partly implemented. The case management system is being improved. PM&C requires staff to undertake annual mandatory training on integrity, records management and security. This was not completed by all OIA staff in 2023–24, however mandatory training compliance increased in 2024–25. (See paragraphs 2.4 to 2.39)
14. While PM&C undertakes engagement activities related to its stewardship of the IA framework, including some initiated in 2024, it does not have a clearly articulated stakeholder engagement plan that identifies the desired outcomes of engagement activity, who should be part of engagement activity, the form that engagement activities should take or how PM&C will measure the effectiveness of engagement. Engagement with the Australian Public Service Commission could be increased given shared goals. (See paragraphs 2.41 to 2.52)
Implementation of the Impact Analysis framework
15. PM&C provides accessible guidance to policy agencies to assist them to meet the IA framework requirements. PM&C has developed and delivered training sessions for the Australian Public Service (APS). Feedback from training participants is sought, which is analysed and largely positive. A training strategy was finalised in March 2025. PM&C has recognised the policy agency practice of using consultants to develop IAs, and has not considered the risk that this practice may impede the development of APS policy capability. The OIA provides early assessments of IAs to policy agencies to assist with their development. Relatively few agencies participate in the voluntary early assessment stage when drafting an IA. PM&C does not have a risk-based strategy for encouraging participation in training or early assessment. (See paragraphs 3.4 to 3.22)
16. PM&C undertakes a range of assurance activities to ensure IAs have been submitted when required. It maintains guidance regarding special cases that do not require agencies to submit an IA for assessment (IA equivalent reviews, carve-outs, Prime Minister’s exemptions and sunsetting instruments). The inappropriate use of IA equivalent certifications by policy agencies to avoid IA framework requirements has been identified as a risk by government. Processes implemented in 2023 were meant to tighten PM&C’s scrutiny over the use of IA equivalent certifications by policy agencies. Record keeping of suitability decisions over IA equivalent certifications was not always complete, and there could be more internal guidance to support suitability decisions. PM&C reviewed the appropriateness of existing carve-outs in 2024 and found that 12 per cent should have been cancelled. These were cancelled after the review. There is no internal requirement regarding how promptly carve-out decisions should be published or how frequently carve-outs should be reviewed. PM&C’s treatment of Prime Minister’s exemptions and sunsetting instruments was appropriate. (See paragraphs 3.23 to 3.49)
17. The OIA undertakes preliminary assessments to determine if an IA is required for a particular policy proposal. Guidance to assist staff to consistently undertake preliminary assessments was improved in 2023–24. PM&C’s record keeping associated with preliminary assessment decisions would have been improved through better documentation of the OIA’s assessed impacts (affected cohorts, type of impacts) of the policy proposal — a key consideration in determining whether an IA is required — and the rationale for the OIA’s final decision about whether an IA was required. The preliminary assessment process had appropriate quality assurance. The outcome was appropriately communicated to agencies. PM&C provided timely advice to policy agencies on the outcomes of preliminary assessments, although a timeliness service standard was not always met. (See paragraphs 3.50 to 3.60)
18. The OIA assesses IAs for the quality of the analysis and IA development process. It uses a framework to support consistent assessments of the quality of IAs. There could be more documented guidance for assessment scoring and maintaining appropriate records of decision-making. Decision-making (including the rationale) for final assessments was not always appropriately documented. There is a lack of documented procedures for quality assurance over final assessments. Advice to policy agencies on final assessment outcomes was provided in all sampled IAs. On average, PM&C provides feedback to agencies to assist them to improve the quality of their IAs within a five working day standard, although the service standard is not always met. On average, publication of IAs is typically within four days of policy announcement. Publication included all of the required documents (including an accessible version of each document) for 58 per cent of 2022–23 and 2023–24 IAs. (See paragraphs 3.61 to 3.83)
19. Some policy proposals require a post implementation review (PIR). There is a lack of internal guidance about how to identify policy proposals that meet the ‘substantial or widespread economic impact’ criterion for a PIR. Registers of required and overdue PIRs are published by PM&C. As at October 2024, five of 17 required PIRs were overdue, including one due in 2013. (See paragraphs 3.84 to 3.92)
Stewardship
20. PM&C does not have an overarching monitoring plan to establish what needs to be measured and monitored in relation to its effective and efficient delivery of the IA framework process. PM&C has established performance measures in corporate planning documents relating to its administration of the IA framework, some of which are reported to the PM&C executive. PM&C has access to various monitoring data. This data is not always fully utilised, accurate or complete. Despite having timeliness service standards, PM&C does not monitor the timeliness and efficiency of its IA assessment work. (See paragraphs 4.4 to 4.11)
21. The objectives of the IA framework are clearly stated. The OIA’s objectives could be more prominently and consistently communicated, particularly with regard to its secondary role of lifting policy capability across the Australian Public Service. PM&C has taken some steps to evaluate whether the IA framework is meeting its objectives, including a survey of policy agencies in late 2023 that examined perceived impacts of the IA framework on policy uplift. It has not developed an overarching evaluation plan for the IA framework. (See paragraphs 4.12 to 4.24)
22. PM&C regularly reports to government on administration of the IA framework. There was no public performance reporting on PM&C’s implementation of the IA framework or on the achievement of policy objectives in 2023–24. (See paragraphs 4.27 to 4.32)
Recommendations
23. This report makes four recommendations to the Department of the Prime Minister and Cabinet.
Recommendation no. 1
Paragraph 2.13
The Department of the Prime Minister and Cabinet provide further information to the public, Parliament and policy agencies regarding the structural arrangements, settings and practices it has in place to support the independence of the Office of Impact Analysis.
Department of the Prime Minister and Cabinet response: Agreed.
Recommendation no. 2
Paragraph 2.53
The Department of the Prime Minister and Cabinet develop a stakeholder engagement plan to support its stewardship of the Impact Analysis framework that:
- clearly identifies stakeholders of the framework;
- provides for coordination between stakeholders responsible for targeted impact analyses or that support or share Impact Analysis framework objectives;
- prioritises engagement activities of both an administrative and strategic nature; and
- involves ongoing assessment of engagement activity.
Department of the Prime Minister and Cabinet response: Agreed.
Recommendation no. 3
Paragraph 3.89
The Department of the Prime Minister and Cabinet develop additional guidance for staff about how to exercise and document judgements made in Impact Analysis equivalent certification assessments, preliminary assessments, final assessments and post implementation review decisions, in line with the department’s Information Management Policy.
Department of the Prime Minister and Cabinet response: Agreed.
Recommendation no. 4
Paragraph 4.25
The Department of the Prime Minister and Cabinet:
- develop an evaluation plan to support an evaluation of whether the Impact Analysis framework is achieving its objectives; and
- as part of its evaluation plan, in consultation with the Australian Public Service Commission, give consideration to how Impact Analysis assessment data could be used to inform policy capability needs analysis and uplift.
Department of the Prime Minister and Cabinet response: Agreed.
Summary of entity response
24. The proposed audit report was provided to PM&C. PM&C’s summary response to the audit is provided below and its full response is at Appendix 1.
The Department of the Prime Minister and Cabinet (PM&C) welcomes the Auditor-General Report on the Administration of the Impact Analysis framework. PM&C is committed to supporting informed decision-making by ensuring the Prime Minister, the Cabinet and portfolio ministers are provided with advice that is informed, takes a whole-of-government and whole-of-nation perspective, and incorporates the views of a diverse range of stakeholders. Impact Analysis provides decision makers with information about how people, community organisations and businesses may be affected and how the costs and benefits fall across these groups.
PM&C accepts the recommendations made by the Auditor-General on the Administration of the Impact Analysis framework. PM&C will continue to work with other relevant agencies, including the Treasury’s Australian Centre for Evaluation and the Australian Public Service Commission, to ensure that advice to government continues to be accompanied by the best available analysis.
25. An extract of the proposed report was provided to the Department of the Treasury (Treasury). Treasury’s summary response is provided below and its full response is provided at Appendix 1.
Treasury welcomes the report and notes the ANAO’s finding of outstanding post-implementation reviews (PIRs) predating the transfer of that function from the Office of Impact Analysis to Treasury in July 2023. Treasury has contacted the agencies with non-compliant PIRs for action. Further, Treasury will consider PIR non-compliance more generally, as part of a review of the Post-Implementation Reviews Guidance Note that is scheduled for 2025-26.
Key messages from this audit for all Australian Government entities
26. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Policy/program implementation
Summary and recommendations
Background
1. Australia’s biosecurity system protects its environment, economy and way of life. Australia is one of the few countries that remain free from some of the world’s most damaging pests and diseases, for example foot-and-mouth disease (FMD).1 The Department of Agriculture, Fisheries and Forestry (the department) has forecast the value of production in the agriculture, fisheries and forestry sectors to reach $94.3 billion in 2024–25.2
2. In 2021, the department (then the Department of Agriculture, Water and the Environment (DAWE)) released Commonwealth Biosecurity 2030, a ‘strategic roadmap for protecting Australia’s environment, economy, and way of life’.3 The roadmap identified that the department needs a ‘workforce that has the capacity, skills, and flexibility to prepare for and respond to emerging biosecurity risks, challenges, and opportunities,’ and included a priority action to ‘invest in a skilled and responsive workforce supported by improved regulatory tools and information.’4
Rationale for undertaking the audit
3. Regulatory and workforce capability has been identified by the department as a strategic risk that has the potential to impact its ability to achieve its purposes and priorities.5
4. Recent reviews of the department, including by the ANAO, the Inspector-General of Biosecurity, and the Australian Public Service Commission have found weaknesses in the department’s workforce planning, governance, arrangements to respond to non-compliance with biosecurity requirements, and culture.
5. This audit provides assurance to Parliament that the department has effective workforce planning, delivery, and oversight to deliver Australia’s Appropriate Level of Protection against biosecurity import risks at the Australian border.
Audit objective and criteria
6. The objective of the audit was to assess the effectiveness of the Department of Agriculture, Fisheries and Forestry’s management of the biosecurity workforce.
7. To form a conclusion against the audit objective, the following criteria were adopted.
- Has the department undertaken appropriate workforce planning to deliver the biosecurity function?
- Does the department meet the requirements of its workforce plans for the biosecurity workforce?
- Has the department established effective arrangements to monitor and report on the activities and delivery of the biosecurity workforce?
Conclusion
8. The department’s planning and management of the biosecurity workforce is partly effective. Deficiencies in planning for and the delivery of the workforce and systemic and ongoing issues with information management compromise the department’s ability to effectively manage biosecurity risks. The department is progressing workforce planning activities at the enterprise level and within Biosecurity Operations Division (BOD) and the Post Entry Quarantine Facility (PEQ). These workforce planning activities will need to be supported by monitoring and reporting arrangements that identify and allocate the workforce resources to the areas of greatest biosecurity risk; and allow for an assessment of the effectiveness of biosecurity activities.
9. The department has been partly effective in its workforce planning for the biosecurity function. A group-level tactical workforce plan was approved in October 2024 and an enterprise-wide workforce strategy was published in December 2024. These documents, when implemented, have the potential to integrate workforce planning into the department’s enterprise planning framework and to align it with the department’s purpose. Prior to the development of these plans, BOD undertook workforce planning activities including the development of workforce reports and an operational Workforce Strategy. The operational Workforce Strategy for BOD would benefit from the inclusion of a future state workforce design. An operational workforce plan has not been developed for PEQ. The impact of changes in biosecurity risk on workforce resource requirements are not consistently measured. The department does not have a strategy for coordinating surge support at the border. Business continuity plans for BOD have not been maintained. Business continuity plans for PEQ are published and maintained.
10. The department has been partly effective in meeting the requirements of its biosecurity workforce plans. The biosecurity workforce is below budgeted levels, driven by understaffing in BOD. The department has established mechanisms to authorise biosecurity officers under the Biosecurity Act 2015 (the Act). The department does not have a policy that clarifies the circumstances for biosecurity officer authorisations, including when authorisation is no longer required. The department supports staff to make decisions regarding biosecurity risk through training and the development of decision support material, and has funded projects to update decision support material. Not all instructional material used by biosecurity officers is held in the instructional material library, and 39 per cent of biosecurity-related material in the library is out of date. Staff competencies are not stored in an appropriate record-keeping system and ongoing verification of staff competencies is not part of a risk-based framework that supports divisional and enterprise learnings and continual improvement. The department does not have assurance that staff are booked to cargo inspections in accordance with their competencies.
11. The department’s monitoring and reporting of biosecurity activities and workforce is partly effective. The department has systems in place that collect data on the biosecurity workforce and on the activities and delivery of the biosecurity function. Data quality issues relating to establishment and scheduling data limit the department’s understanding of its resource allocation. The department is currently progressing an enterprise-level human resources data-linking project, which has the potential to provide insights into its workforce. Until there are links between resource systems and biosecurity outcomes, the department is unable to gain assurance over the effectiveness of its workforce allocations against biosecurity risks. Ongoing deficiencies in the department’s record keeping impact its documentation of its business considerations and decisions, and risks the department being unable to demonstrate that staff have the competencies to undertake tasks they are assigned.
Supporting findings
Workforce planning for the biosecurity function
12. In October 2024 the department developed a group-level tactical workforce plan for the Biosecurity, Operations and Compliance Group. An enterprise-level workforce strategy and planning framework was published in December 2024. The governance framework over workforce planning that occurs at the group, division and team levels does not ensure that existing work is leveraged for department-wide impact and to prevent duplication of effort. BOD has developed operational and program level planning specific to its operating context. These set out activities intended to support workforce attraction, recruitment and retention. They do not describe a clear future state for the workforce in terms of identifying required staffing numbers, linked to skills and capabilities, location and strategies for delivering against surge and overtime requirements. The PEQ does not have finalised workforce plans. (See paragraphs 2.3 to 2.49)
13. The department has commenced work to develop interventions across the employment lifecycle intended to deliver a sustainable future workforce. BOD has drafted a recruitment strategy and commenced developing a capability framework. PEQ has a draft capability framework, which has not been implemented. The department does not have a strategy to meet government targets for First Nations representation in the biosecurity workforce. (See paragraphs 2.50 to 2.73)
14. The department has processes in place to consider the workforce impact of changes in risk at the border. These are not consistently applied. BOD has identified the need to formalise surge capacity and capability in executive forums. The division does not currently have a dedicated surge response for deployment during an unexpected biosecurity event. BOD undertook a review of its business continuity plans in 2022 and developed a framework and some plans as a result of the review. The plans are now out of date and have been removed from the department’s intranet. A further review and updating project is planned for 2025. PEQ has a business continuity plan that is available on the intranet. (See paragraphs 2.74 to 2.99)
Delivering the biosecurity workforce
15. At June 2024, BOD was 320.9 full time equivalent staff below budgeted staffing levels. This has resulted in increased wait times for industry. At June 2024, PEQ staffing was at budgeted levels. Over 2022–23 and 2023–24, BOD and PEQ recruitment process timelines exceeded departmental policy requirements. The department has developed materials to assist staff to make biosecurity related decisions and manage biosecurity risk. Not all materials are centrally located in an approved system, and 39 per cent of biosecurity-related instructional material is out of date, creating a risk that biosecurity risk is not being effectively managed. (See paragraphs 3.3 to 3.39)
16. The department has established mechanisms to authorise biosecurity officers under the Act. The department would benefit from documentation guiding when authorisation is appropriate, when it should be maintained, and when it should be revoked. The department has identified necessary staff competencies and has developed training and competency assessment processes. Records of competency assessment are not stored in an appropriate record-keeping system and the department does not have assurance the cargo and maritime inspections scheduling system schedules inspectors according to their competencies. The process of verifying staff competencies does not ensure a risk-based approach to coverage, allow for continual improvement of processes, or provide executive oversight. (See paragraphs 3.40 to 3.112)
Monitoring and reporting of the activities and delivery of the biosecurity workforce
17. The department has systems in place that collect data on the activities and delivery of the biosecurity workforce. BOD has identified deficiencies in its data governance over the collection of information into Aurion and the Scheduling and Workload Management System (SWMS). There are also deficiencies in the department’s record keeping, which result in a lack of clarity over decisions taken and assurance over key processes. The inconsistent, incorrect or incomplete collection of information impedes the ability of the department to use data to understand its workforce and activities. (See paragraphs 4.3 to 4.27)
18. The department has created dashboard reports summarising biosecurity activities and the workforce. These are used by staff at all levels and in all pathways. Reports present information on the activities undertaken by the department, and its operating context. Inconsistent data collection and the absence of leakage reporting against all pathways and locations impacts the department’s ability to understand and prioritise risks presented by each pathway and to allocate its workforce in response. (See paragraphs 4.28 to 4.49)
Recommendations
Recommendation no. 1
Paragraph 2.14
The Department of Agriculture, Fisheries and Forestry review its framework over workforce planning that occurs at the group, division and team levels to prevent duplication of effort in planning and to ensure that work that is undertaken by individual business areas is leveraged for department-wide impact.
Department of Agriculture, Fisheries and Forestry response: Agreed.
Recommendation no. 2
Paragraph 2.37
The Department of Agriculture, Fisheries and Forestry:
- define and endorse a future state for the biosecurity workforce in Biosecurity Operations Division and Post Entry Quarantine to manage biosecurity risk at the Appropriate Level of Protection; and
- develop and report against a benefits framework for the delivery of the Workforce Strategy.
Department of Agriculture, Fisheries and Forestry response: Agreed.
Recommendation no. 3
Paragraph 3.38
The Department of Agriculture, Fisheries and Forestry complete the update of decision support material, to ensure that up-to-date and authorised material is available to guide biosecurity officers in undertaking their roles in accordance with departmental policy, and apply mechanisms to provide assurance the decision support material is used.
Department of Agriculture, Fisheries and Forestry response: Agreed.
Recommendation no. 4
Paragraph 3.54
The Department of Agriculture, Fisheries and Forestry improve its oversight of biosecurity officer authorisations, including by:
- developing a clear policy statement regarding under which circumstances staff should be authorised as a biosecurity officer;
- maintaining records that provide confidence that all biosecurity officers have completed mandatory training; and
- implementing processes to identify where authorisations are no longer required and provide assurance that biosecurity officer authorisation is revoked when it is no longer required.
Department of Agriculture, Fisheries and Forestry response: Agreed.
Recommendation no. 5
Paragraph 3.108
The Department of Agriculture, Fisheries and Forestry ensure staff scheduled for inspections have the appropriate competencies, and develop processes to provide assurance that staff scheduled in the Scheduling and Workload Management System (SWMS) are scheduled in accordance with their competencies.
Department of Agriculture, Fisheries and Forestry response: Agreed.
Recommendation no. 6
Paragraph 4.26
The Department of Agriculture, Fisheries and Forestry review its record-keeping processes with a focus on generating and managing business information and evidence of decision-making in authorised record-keeping systems.
Department of Agriculture, Fisheries and Forestry response: Agreed.
Recommendation no. 7
Paragraph 4.47
The Department of Agriculture, Fisheries and Forestry generate a framework to inform both operational workforce allocations and long-term strategic planning for workforce resource requirements, based on the impact of biosecurity operations and residual risk. This framework should:
- support an understanding and assessment of the changing biosecurity risk environment;
- include consistent collection of biosecurity data, across all pathways; and
- link workforce allocation to risk.
Department of Agriculture, Fisheries and Forestry response: Agreed.
Summary of entity response
19. The proposed audit report was provided to the department. The department’s summary response is reproduced below. The full response from the department is at Appendix 1. Improvements observed by the ANAO over the course of this audit are listed at Appendix 2.
The Department of Agriculture, Fisheries and Forestry (the department) welcomes the findings of the ANAO and is committed to implementing the report’s seven recommendations appropriately and in a timely manner.
The recommendations focus on strengthening workforce planning, resource allocation, benefits management, record keeping, and reporting. As import volumes rise and the biosecurity risk environment continues to evolve, the department recognises the critical role that these business functions play in managing biosecurity risks. The department is committed to understanding the systemic issues that could limit our effective delivery of the biosecurity workforce. The ANAO findings, therefore, provide valuable insights that will support ongoing efforts to enhance effective and efficient management of the biosecurity workforce and regulatory capability uplift initiatives.
We will continue to improve processes that support the biosecurity workforce and broader management of biosecurity risks. Work is already underway across the department to address several elements of the recommendations and to leverage identified opportunities for improvement. The department remains committed to driving positive change through the Transformation Action Plan, other departmental strategic initiatives, and enhanced Biosecurity, Operations and Compliance Group operating models.
Key messages from this audit for all Australian Government entities
20. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. For the financial year 2022–23, the Department of Defence (Defence) ranked as the Australian Government’s largest procurer with 51.7 per cent of Commonwealth entity contracting, valued at $38.69 billion.1 Successive Australian governments have encouraged the involvement of domestic industries in Defence procurement to develop and maintain the industrial base, secure supply chains, and promote employment and economic growth.
2. Defence initiatives to maximise the opportunities for domestic suppliers to participate in government procurement include the Australian Industry Capability (AIC) Program, launched in February 2008.2 The AIC Program required potential contractors to demonstrate how their tenders provide opportunities for Australian businesses.
3. On 28 March 2019, the Minister for Defence Industry released the Defence Policy for Industry Participation (DPIP) to improve consistency in Defence’s approach to maximising Australian industry’s opportunity to participate in Defence procurement. The DPIP requires Defence to consider AIC plans or schedules (or Local Industry Capability plans for construction projects) during procurement decision-making and to ensure the industry commitments in those plans are captured as contracted obligations in materiel and non-materiel procurements valued at or above $4 million, and construction procurements at or above $7.5 million.
Rationale for undertaking the audit
4. Defence’s implementation and delivery of contracted Australian industry requirements has been an area of focus for successive governments and an ongoing interest for the Parliament. The government intent to maximise Australian industry involvement in Defence procurement was reflected in the AIC Program in 2008 and reaffirmed in the 2016 Defence Industry Policy Statement and the 2018 Defence Industrial Capability Plan. This audit provides the Parliament with independent assurance on the effectiveness of Defence’s arrangements to deliver Australian industry policy outcomes through its contractual arrangements with its suppliers.
Audit objective and criteria
5. The objective of the audit was to examine the effectiveness of Defence’s administration of contractual obligations to maximise Australian industry participation.
6. To form a conclusion against the audit objective, the ANAO adopted the following high-level criteria:
- Have fit-for-purpose administrative arrangements been established to maximise Australian industry participation in Defence procurement and contracting?
- Have applicable contracting requirements been implemented to maximise Australian industry participation?
- Has Defence implemented appropriate governance, assurance and reporting arrangements to support the objective of maximising Australian industry participation?
Conclusion
7. Defence has not maximised Australian industry participation through the administration of its contracts. Defence industry policy and contracting requirements were not applied to all relevant procurements, and — where supplier commitments have been contracted — Defence has not effectively monitored or ensured the delivery of those obligations.
8. Defence’s administrative arrangements for maximising Australian industry participation through its procurement and contracting activities are partly fit for purpose. Defence’s procurement framework has not been updated in a timely manner, and as at August 2024, did not fully reflect the requirements of the March 2019 DPIP. Guidance for Defence personnel in relevant tendering and contracting templates is incomplete, and in some cases outdated. Defence engages with industry through forums and other activities as well as through individual procurement processes to support the intent of government’s industry contracting policy.
9. Defence has not implemented applicable contracting requirements effectively. Of the eight contracts examined, each had one or more important shortcomings resulting from limitations in Defence’s advice to potential suppliers, weaknesses in Defence’s contracting of industry participation commitments, and ineffective monitoring of supplier compliance with those commitments.
10. Defence’s governance, assurance and reporting arrangements for industry participation are partly appropriate. Senior Defence committees have received reports on activities to support Australian industry policy objectives. Defence did not establish the Industry Policy Division working group to periodically review the policy in accordance with the DPIP. The AIC Plan assurance framework does not align with a professional standard-setting framework and activities conducted under that framework do not provide reasonable assurance over the matters examined. Defence reports on Australian industry expenditure and has undertaken to further develop its reporting as part of the 2024 Defence Industry Development Strategy.
11. As outlined in the 2024 Defence Industry Development Strategy, Defence was to update the DPIP in late 2024. This policy update follows the 2023 Defence Strategic Review and the 2024 National Defence Strategy. Effective implementation of the next iteration of Australian defence industry contracting policy will require appropriate administrative and IT support systems, including sound procurement controls and contract management activities.
Supporting findings
Administrative arrangements
12. Defence gives effect to its Australian industry contracting requirements through its internal policy framework. Defence’s framework is informed by requirements under the Public Governance, Performance and Accountability Act 2013, the Commonwealth Procurement Rules and government’s Defence industry policies, as set out by the 2016 Defence Industry Policy Statement and the 2018 Defence Industrial Capability Plan. Key elements of Defence’s established policy framework, such as the Defence Procurement Manual (DPM) and its contracting templates, were not updated in a timely manner following the release of the DPIP in March 2019. The DPM was not updated until 1 July 2020, 15 months after the DPIP’s release. Defence lacks arrangements to ensure that procurement documents and contracting templates are aligned with the DPIP requirements, and up to date. Automated system controls, which were established in 2022 and mandated in 2024 — to improve compliance with mandatory procurement policies — do not cover the requirements of the DPIP. (See paragraphs 2.2 to 2.41)
13. Guidance on the Australian Standard for Defence Contracting (ASDEFCON) and the Suite of Facilities tendering and contracting templates is incomplete, with additional guidance notes planned but not developed and released. Defence does not assess its personnel training data by role and therefore cannot provide assurance that its procurement and contracting staff have undertaken training relevant to their roles. The dedicated AIC training course announced in February 2019 is primarily focused on materiel procurements and was not implemented until September 2022. (See paragraphs 2.42 to 2.67)
14. Defence has undertaken a range of industry engagement activities to support the objective of maximising Australian industry participation in procurement. These activities have included the establishment of an Australian Industry Capability Forum and engagements with industry associations. In the absence of a communications strategy for the DPIP, Defence is unable to measure the effectiveness of the information and guidance it has provided to industry on the industry contracting policy requirements in place since 2019. (See paragraphs 2.68 to 2.80)
Implementation of requirements
15. Defence’s advice on Australian industry contracting requirements was provided to potential suppliers as part of the relevant tender processes. Each of the eight contracts examined contained one or more shortcomings with respect to this advice or in the contracting materials provided by Defence, including:
- Defence not considering industry contracting requirements during the early stage of the procurement and therefore not advising suppliers of all requirements;
- the rationale for exemptions from implementing Australian industry contracting requirements not being documented by Defence; and
- outdated or incorrect terminology and reference material being used by Defence or available to suppliers. (See paragraphs 3.6 to 3.15)
16. Of the eight contracts examined, the relevant suppliers for four had provided Defence with a project or industry plan (or schedule) in accordance with the procurement stage requirements of the DPIP. By 29 August 2024, one of these plans (or schedules) remained in draft and had not been further developed as required, and three had been finalised and approved by Defence. For the five contracts without finalised plans, Defence did not document the exemption from this requirement for three suppliers, provided one supplier with an extension to 20 June 2023, and did not finalise the draft plan for the remaining supplier.
17. For four examined contracts, additional AIC or LIC commitments were also within other contract documents. For the two examined contracts with no plans or schedules developed, AIC or LIC commitments were located in other contract artefacts such as a service management plan or statement of work. Unclear or imprecise clauses were included in the contract documentation for three contracts. Of the five that met the threshold for the publication of an AIC Plan, one was published on Defence’s website. Shortfalls in record keeping were observed in the documentation for each of the eight contracts. (See paragraph 3.16 to 3.33)
18. Defence undertakes limited monitoring to ensure the delivery of contracted Australian industry commitments. Where suppliers have reported against their DPIP-related commitments, this reporting has not been complete, with 12 of 59 relevant measures reported against. For four of the five contracts where supplier commitments have been contracted:
- the reporting to Defence indicated that these commitments were not being delivered. Defence undertook follow up action with respect to one of those contracts; and
- the DPIP-related terms in Defence’s contract with the head contractor are required to ‘flow down’ as requirements to the head contractor’s subcontractors. One of these four suppliers has reported to Defence on its engagement with subcontractors. (See paragraphs 3.34 to 3.46)
Governance, assurance and reporting
19. Senior Defence committees at the enterprise and group levels have received reports on the implementation of activities relevant to the DPIP, including the implementation of the ‘enhanced’ Australian industry capability (AIC) contractual framework announced in mid-2020. The policy oversight forum responsible for the periodic review and alignment of the policy with government’s defence industry policy objectives was not established as foreshadowed by the DPIP. In the absence of this forum, Defence has not regularly reported on the DPIP or monitored its implementation activities to ensure a unified approach at a whole-of-enterprise level, consistent with the intent of the DPIP. (See paragraphs 4.2 to 4.15)
20. Defence’s assurance framework does not prescribe the level of assurance to be obtained and does not align with an auditing standards framework. Defence’s ‘AIC Audit Program’ has provided limited insights on the extent to which Defence is implementing its DPIP obligations or whether suppliers are meeting their contracted DPIP-related commitments. Assurance activities conducted under Defence’s framework are limited to materiel contracts over $20 million in value, representing one-fifth of the procurement categories covered by the DPIP. The scope of Defence’s assurance program has included contracts that were executed prior to the March 2019 introduction of the DPIP. Of the 17 assurance activities conducted by Defence since July 2021, seven did not report the deficiencies identified in AIC plans as non-compliance, as the DPIP did not apply to those contracts.
21. Other assurance-related activities such as Defence’s self-reporting through compliance surveys under its Supplier Rating System indicate that Defence has not fully complied with its obligation to ensure supplier commitments are contracted in accordance with the DPIP. Of the 768 contract surveys conducted as at July 2024, 209 (27 per cent) reported that AIC obligations were ‘not applicable’. Other procurement and contracting compliance arrangements in Defence do not cover the DPIP’s requirements and have therefore not identified issues relating to its implementation. (See paragraphs 4.16 to 4.38)
22. Defence has established performance measures related to its engagement with Australian industry and provides quarterly reporting to the Minister for Defence. Defence’s administrative systems do not support reporting at the project level or ensure that AIC Plans are published where required. Defence has undertaken to further develop its reporting on defence industry as part of its implementation of the Defence Industry Development Strategy. (See paragraphs 4.39 to 4.57)
Recommendations
Recommendation no. 1
Paragraph 2.32
The Department of Defence establish arrangements to ensure that its contract template and guidance documents are up to date and aligned with Defence industry contracting and policy requirements.
Department of Defence response: Agreed.
Recommendation no. 2
Paragraph 2.40
The Department of Defence implement controls within relevant systems for its procurement, financial, and contract management activities to support and monitor compliance with its obligations to implement Australian industry participation and contracting requirements.
Department of Defence response: Agreed.
Recommendation no. 3
Paragraph 2.60
The Department of Defence complement the implementation of its new procurement and contract management training by:
- establishing measures to inform senior leadership of the extent to which role specific training is completed, such as by procurement and contract managers; and
- incorporating requirements for Defence policies, such as the DPIP, into mandatory training.
Department of Defence response: Agreed.
Recommendation no. 4
Paragraph 2.64
The Department of Defence extend the scope of the existing AIC Practitioners course to cover the needs of users of Defence contracting material beyond the ASDEFCON suite.
Department of Defence response: Agreed.
Recommendation no. 5
Paragraph 3.32
The Department of Defence implement measures to ensure that:
- where approval of industry commitments occurs after contract execution, this takes place within agreed timeframes and includes options for remediation and contract termination if this does not take place; and
- public AIC plans are prepared and published where required.
Department of Defence response: Agreed.
Recommendation no. 6
Paragraph 3.40
The Department of Defence improve its administrative arrangements for contracts to ensure that:
- contracts with industry participation-related requirements can be efficiently and effectively identified and managed; and
- contracted industry participation-related measures can be efficiently and effectively identified and monitored.
Department of Defence response: Agreed.
Recommendation no. 7
Paragraph 3.45
The Department of Defence:
- monitor subcontractor performance of industry participation commitments where there are contractual flow down requirements between head contractors and their subcontractors; and
- incorporate details on the potential for flow down industry participation requirements into relevant guidance for Defence personnel and industry.
Department of Defence response: Agreed.
Recommendation no. 8
Paragraph 4.14
The Department of Defence improve its oversight arrangements to monitor and drive appropriate consistency in its implementation of Australian industry policy in its procurement and contracting activities.
Department of Defence response: Agreed.
Recommendation no. 9
Paragraph 4.37
The Department of Defence review and revise its AIC assurance framework to:
- prescribe the level of assurance to be obtained through the assurance activities;
- cover the full scope of Defence industry contracting and policy requirements; and
- assess whether Defence industry contracting and policy requirements have been considered and addressed early in procurement processes as required, including the approval and documentation of exemptions.
Department of Defence response: Agreed.
Summary of entity response
23. The proposed audit report was provided to the Department of Defence. Defence’s summary response is provided below, and its full response is included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Defence acknowledges the findings of the Auditor-General’s Performance Audit report: Maximising Australian industry participation through Defence contracting. Defence is committed to ensuring that Australian industry participation in Defence contracts is considered and optimised in the delivery of Defence capabilities.
Defence accepts the key findings and recommendations aimed at enhancing governance, assurance, reporting arrangements, relevant training and guidance when implementing Australian industry participation policy requirements in Defence procurements.
In alignment with the Defence Industry Development Strategy, Defence has commenced the process to update the Defence Policy for Industry Participation and procurement reform initiatives to ensure Defence and industry are better positioned to deliver the required capabilities within reduced timeframes. These reforms will directly support the implementation of the ANAO’s recommendations relating to improvement of administrative arrangements to enable identification and monitoring of Defence’s industry policies enabled through its contract frameworks.
Key messages from this audit for all Australian Government entities
24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Policy design
Summary and recommendations
Background
1. The Office of the Fair Work Ombudsman (the OFWO) was established on 1 July 2009 as an independent statutory office created by the Fair Work Act 2009 (the Fair Work Act) to promote compliance with workplace relations through advice, education and, where necessary, enforcement.1
2. The OFWO regulates all businesses and workers covered by the Fair Work Act. This represents approximately one million employing businesses and around 13 million workers. In 2023–24 the OFWO reported that it recovered $473 million in unpaid wages and entitlements for nearly 160,000 employees, of which $333 million was recovered from the large corporates sector.2
3. The Fair Work Ombudsman is the accountable authority of the OFWO. The Minister for Employment and Workplace Relations sets government policies and objectives relevant to the OFWO in carrying out its statutory functions as a regulator.3 Since July 2022, there have been legislative amendments to the Fair Work Act, including changes to the protection and entitlements of employees and additional responsibilities and funding for the OFWO. This included the OFWO assuming responsibility for the regulation of the Fair Work Act for the commercial building and construction industry and the ability to investigate allegations related to the prohibition of workplace sexual harassment.
Rationale for undertaking the audit
4. The OFWO is the national workplace relations regulator. Its functions include promoting and monitoring compliance with workplace laws, inquiring into and investigating breaches of the Fair Work Act and taking appropriate enforcement action. Since July 2022, the OFWO has made changes to its approach and operations in response to: the expansion of the coverage of the Fair Work Act; implementation of the recommendations resulting from an external review; and revisions to its budget. This audit was conducted to provide assurance to Parliament that the OFWO is exercising its regulatory functions effectively.
Audit objective and criteria
5. The objective of the audit was to assess the effectiveness of the Office of the Fair Work Ombudsman’s exercise of its regulatory functions.
6. To form a conclusion against the objective, the following high-level criteria were adopted:
- Has the OFWO established fit-for-purpose governance arrangements to support the effective management of compliance with the Fair Work Act?
- Are the OFWO’s arrangements to encourage voluntary compliance and detect non-compliance with the Fair Work Act effective?
- Are the OFWO’s arrangements to enforce compliance with the Fair Work Act effective?
Conclusion
7. The OFWO is largely effective in the exercise of its regulatory functions. There are opportunities for it to improve its effectiveness by improving strategic oversight of its regulatory objectives and outcomes, establishing frameworks for implementing and monitoring of regulatory priority areas and activities, and measuring the efficiency and effectiveness of its regulation.
8. The OFWO has established largely fit-for-purpose governance arrangements to support the effective management of compliance with the Fair Work Act. The OFWO developed compliance strategies that reflected ministerial Statements of Expectations. The compliance strategies were partly risk-based and not fully integrated into OFWO’s business planning. The OFWO is effective in managing its stakeholder relationships except for not assessing regulatory capture risk as a discrete source of risk. The OFWO’s monitoring of its regulatory performance focused on operational decision-making rather than the achievement of its regulatory priorities and outcomes. The OFWO is redeveloping its performance measures with the intention of improving its reporting of efficiency and effectiveness.
9. The OFWO’s arrangements to encourage voluntary compliance and detect non-compliance with the Fair Work Act are largely effective. The OFWO has established arrangements for the prevention, and proactive and reactive detection, of non-compliance and has published a compliance and enforcement policy. The OFWO does not monitor timeliness, risk, or return on investment for its prevention and detection of non-compliance. The OFWO does not have insight into whether the balance of preventative and detective compliance and enforcement activities is appropriate.
10. The OFWO’s arrangements to enforce compliance with the Fair Work Act are largely effective. The OFWO has established arrangements to manage non-compliance cases and the OFWO deploys its enforcement tools in line with its regulatory posture and policies. The OFWO’s monitoring and reporting does not provide an assessment of the effectiveness of its enforcement activities and outcomes in promoting compliance with the Fair Work Act. The OFWO compliance and enforcement actions were undertaken in accordance with internal policies. These actions were not adequately documented in OFWO’s records management systems. The OFWO documented that it would deviate from implementing the mandatory requirements of the Australian Government Investigations Standard, October 2022 (AGIS 2022). Deviations include not implementing a quality assurance framework.
Supporting findings
Governance arrangements
11. The OFWO’s approach to developing and implementing regulatory priorities and compliance strategies takes into consideration the requirements of the ministerial Statements of Expectations. The OFWO’s regulatory priorities and compliance strategies are not fully integrated into business planning and do not reflect a comprehensive assessment of risk exposures and mitigations. (See paragraphs 2.4 to 2.30)
12. The OFWO has established stakeholder engagement and management arrangements to support its regulatory functions. The OFWO has also established stakeholder feedback processes. The OFWO has not documented regulatory capture as a discrete source of risk or assessed the adequacy of its controls to mitigate regulatory capture risk. (See paragraphs 2.31 to 2.49)
13. The OFWO’s governance arrangements have a focus on operational decision-making. The enforcement board did not fully meet its terms of reference to provide strategic monitoring of regulatory activities. The OFWO’s performance reporting arrangements prior to 2024–25 included measures of output rather than efficiency and effectiveness. The OFWO is re-developing its performance measures and will need to provide greater insight into the ongoing effectiveness of its regulatory outcomes and impacts. (See paragraphs 2.50 to 2.84)
Prevention and detection of non-compliance
14. The OFWO has provided assistance, advice and education to employees, employers, outworkers, outworker entities and organisations to achieve regulatory objectives. The OFWO has developed and published a compliance and enforcement policy. The policy does not provide clear guidance to users about: how services will be prioritised and provided; and does not fully address the different needs of internal and external users. (See paragraphs 3.4 to 3.33)
15. The OFWO has established arrangements for proactive and reactive detection of non-compliance, including intelligence and analysis, proactive investigations, responding to requests for assistance, self-reporting of non-compliance and ad hoc investigations. These arrangements do not consider operational requirements and constraints, such as budgets, timeliness, risk and return on investment. This information would allow the OFWO to monitor the efficiency and effectiveness of its regulatory activities and assess whether the balance of preventative and detective activities is appropriate for the OFWO’s regulatory objectives. (See paragraphs 3.34 to 3.66)
Enforcement
16. The OFWO deploys its compliance and enforcement tools in line with its regulatory posture and compliance and enforcement policy. The use of compliance and enforcement tools requires long term management. Fifty per cent of investigations take more than 136 days to finalise with two per cent taking more than two years. The OFWO’s monitoring and reporting does not provide an assessment of the effectiveness of its enforcement activities and outcomes in promoting compliance with the Fair Work Act. (See paragraphs 4.2 to 4.17)
17. In July 2024, the OFWO assessed and agreed deviations from AGIS 2022. One ‘notable deviation’ from AGIS 2022 was the decision not to implement a quality assurance framework. Prior to July 2024, the OFWO did not use the relevant AGIS to inform the development of its policies, procedures, staff roles and staff qualifications. At November 2024, 50 per cent of OFWO staff conducting or oversighting investigations did not hold the relevant certification as required by AGIS 2022. The OFWO’s decision records did not evidence that compliance and enforcement activities were performed adequately. For example, case monitoring meeting and approvals were not consistently recorded in OFWO’s records management systems. (See paragraphs 4.18 to 4.55)
Recommendations
Recommendation no. 1
Paragraph 2.29
The Office of the Fair Work Ombudsman delivers a framework for the implementation and monitoring of regulatory priority areas and activities that is integrated with business planning and is risk-based.
Office of the Fair Work Ombudsman response: Agreed.
Recommendation no. 2
Paragraph 2.63
The Office of the Fair Work Ombudsman ensures that governance bodies perform strategic oversight and monitoring of regulatory objectives and outcomes and consider the efficiency and effectiveness of regulatory activities.
Office of the Fair Work Ombudsman response: Agreed.
Recommendation no. 3
Paragraph 4.54
The Office of the Fair Work Ombudsman ensures that there is:
- documentation of the completion of mandatory steps set out in policies and procedures for investigations; and
- appropriate review and quality assurance of investigations to improve levels of compliance and to take corrective action where necessary.
Office of the Fair Work Ombudsman response: Agreed.
Summary of entity response
18. The proposed audit report was provided to the OFWO. The OFWO’s summary response is reproduced below and its full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
The OFWO welcomes the ANAO’s report and agrees with the recommendations.
The OFWO has experienced considerable transformation over the past year. Central to the new strategic enforcement approach is tripartism, recognising that each element within the workplace relations system plays an important role in fostering a culture of compliance. As part of this, the OFWO has established a range of collaborative mechanisms with stakeholders and is updating critical strategic documents that define the Agency’s approach and operating environment.
A new organisational structure took effect on 1 July 2024 so that the OFWO is best positioned to deliver its identified objectives and strategic goals.
As detailed in our Statement of Intent, we use intelligence and data to inform our work, including the selection of our priority areas. We are committed to maintaining strong governance, supporting transparent and consistent decision-making.
As detailed in our Statement of Intent, we strive for continuous improvement in our policies, processes and practices. We are committed to focussing on developing the leadership and operational capability of staff at all levels, through our capability uplift program, to ensure we effectively discharge our statutory functions.
Key messages from this audit for all Australian Government entities
19. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Performance and impact measurement
Policy/program implementation
Summary and recommendations
Background
1. The Australian Government’s campaign advertising framework (the framework) applies to non-corporate Commonwealth entities under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).1 The overarching aim of the framework, introduced in 2008, is to provide the Parliament and the community with confidence that public funds are used to meet the genuine information needs of the community.2
2. The government periodically issues guidance for entities undertaking information and advertising campaigns. The most recent version of the Australian Government Guidelines on Information and Advertising Campaigns by non-corporate Commonwealth entities (the Guidelines) was released in December 2022 (2022 Guidelines)3, replacing the October 2020 Guidelines (2020 Guidelines). The Guidelines are administered by the Department of Finance (Finance) and state that they:
operate on the underpinning premise that:
- members of the public have equal rights to access comprehensive information about government policies, programs and services which affect their entitlements, rights and obligations; and
- governments may legitimately use public funds to explain government policies, programs or services, to inform members of the public of their obligations, rights and entitlements, to encourage informed consideration of issues or to change behaviour.4
3. The Guidelines apply to all information and advertising campaigns5 undertaken in Australia by non-corporate Commonwealth entities.6 Entities subject to them:
must be able to demonstrate compliance with the five overarching principles when planning, developing and implementing publicly-funded information and advertising campaigns. The principles require that campaigns are:
- relevant to government responsibilities
- presented in an objective, fair and accessible manner
- objective and not directed at promoting party political interests
- justified and undertaken in an efficient, effective and relevant manner, and
- compliant with legal requirements and procurement policies and procedures7
Rationale for undertaking the audit
4. This audit is part of an ongoing program of performance audits on Australian Government advertising. The rationale for undertaking this audit is to provide the Parliament with information on key developments in the framework since the period covered by the 2022 ANAO audit8, when the ANAO last reported on its operation.
5. The audit provides independent assurance on whole-of-government administration of the framework by the Department of Finance and selected entities’ compliance with the Guidelines and the wider framework requirements.
Audit objective and criteria
6. The objective of the audit was to assess the effectiveness of the Department of Finance’s and selected entities’ implementation of the Australian Government’s campaign advertising framework.
7. To form a conclusion against this objective, the following high-level criteria were adopted:
- Does the Department of Finance effectively administer the Australian Government’s campaign advertising framework?
- Were selected campaigns compliant with the Australian Government’s campaign advertising framework?
8. The audit examined developments in the administration of the framework from November 2021 to November 2024. Three campaigns were selected for review:
- One Talk at a Time campaign, conducted from October 2023 to April 2025, administered by the Attorney-General’s Department (AGD)9;
- Your Answer Matters campaign, conducted from August to October 2023, administered by Australian Electoral Commission (AEC)10; and
- Youth Vaping Education (phase one) campaign, conducted from February to June 2024, administered by the Department of Health and Aged Care (Health).11
Conclusion
9. Finance has been effective at administering the framework. AGD and Health were largely compliant with the framework. The AEC largely complied with its internal requirements and the intent of the framework.
10. Finance has supported entities undertaking campaigns and has arrangements in place to manage brand safety risks relating to advertising on social media platforms. There are emerging gaps relating to the identification and management of risks, including to brand safety, associated with the use of artificial intelligence (AI) and emerging technologies in government advertising campaigns, and the changing nature of campaign activities, such as the use of media partnerships and influencers to reach target audiences in government campaigns. Finance extended the whole-of-government Master Media Agency contract after all extension options had been exercised. Finance has met its reporting requirements for expenditure on advertising campaigns.
11. AGD’s One Talk at a Time campaign largely complied with the review, certification and publication requirements of the framework. AGD complied with the requirements of Principles 1 to 3 and largely complied with Principles 4 and 5 of the 2020 Guidelines. Campaign effectiveness was reduced by the delayed implementation of pre-launch public relations activities. Not all campaign materials contained appropriate attribution of Australian Government involvement and two procurements were not accurately reported on AusTender. The advertising component of the campaign was evaluated, with the evaluation report finding that the campaign ‘achieved’ one objective and ‘partially achieved’ two objectives. At November 2024, an evaluation addressing other aspects of the campaign had not been undertaken as public relations activities were still underway.
12. Since 2009, the AEC has had an exemption from most aspects of the framework and has committed to complying with the intent of the 2022 Guidelines. Documentation capturing the AEC’s requirements for campaign development and certification, known as ‘AEC communication campaigns: Guidelines and mandatory checklist’ (AEC Guidelines), was in draft and there was no documented approval. The AEC’s Your Answer Matters campaign largely complied with the review and publication requirements. Publication requirements were met, although AEC did not publish campaign research reports, did not document consideration of whether doing so was appropriate and there were inaccuracies in the reporting of campaign expenditure figures in the AEC annual report and subsequent reporting to the Department of Finance. The AEC complied with Principles 1 to 4 of the 2022 Guidelines and largely complied with Principle 5. Legal advice addressing all legal requirements of Principle 5 was finalised after the campaign had commenced. The AEC’s requirements for attribution of AEC contribution to media partnerships and public relations materials was not documented. The AEC evaluated the campaign with the evaluation report finding that of the total 23 objectives, 16 were ‘met’, six were ‘partly met’ and one was ‘not met’.
13. Health largely complied with the review, certification and publication requirements of the framework. Health complied with the requirements of Principles 1, 3 and 4 of the 2022 Guidelines and largely complied with Principles 2 and 5 of the 2022 Guidelines. Health did not document how campaign imagery reflected a diverse range of Australians. Not all campaign materials contained attribution of Australian Government involvement. Health evaluated the Youth Vaping Education (phase one) campaign to determine its effectiveness. The evaluation report consolidated the campaign’s original seven objectives into four objectives. The evaluation found that two objectives were achieved and two objectives were partially achieved.
Supporting findings
Administration of the Australian Government campaign advertising framework — Finance
14. Finance maintains a suite of guidance documents on a clearly signposted section of its website and manages a campaign community through its GovTEAMS site to support entities undertaking campaigns throughout the campaign advertising development process. Finance facilitates the Independent Communications Committee’s review process and provides advice to government regarding requests for exemption from the Guidelines. Finance has established arrangements to receive feedback from suppliers and entities through evaluations undertaken at the end of campaigns, with annual reviews providing a whole-of-government view across all campaigns. (See paragraphs 2.3 to 2.21)
15. Finance has arrangements to manage risks relating to brand safety on social media platforms. Given the changing nature of campaign activities there are emerging gaps in relation to the use of media partnerships, public relations and influencers. Gaps relate to the appropriateness of the level of information relating to these activities provided for final government review and the attribution of campaign materials. There is an absence of guidance around emerging risks, including to brand safety, relating to the potential use of AI and emerging technologies in advertising and information campaigns. Finance extended the whole-of-government Master Media Agency contract after all extension options had been exercised. ( See paragraphs 2.22 to 2.80)
16. Finance has reported to the Parliament on annual media placement and associated campaign development expenditure by non-corporate Commonwealth entities, for campaigns with expenditure greater than $250,000 (exclusive of GST), in its annual report on Campaign Advertising by Australian Government Departments and Entities. Details of expenditure relating to Finance’s contracts with the Master Media Agency and Independent Communications Committee (ICC) members have not been included in these reports. Finance guidance does not address the publication of advertising campaign research reports which, under the 2022 Guidelines, must be published on entity websites ‘where it is appropriate to do so’ for campaigns with an expenditure of $250,000 (exclusive of GST) or more. (See paragraphs 2.81 to 2.93)
One Talk at a Time campaign
17. AGD’s One Talk at a Time campaign received government approvals in accordance with the framework requirements applying at the time it was considered.
18. The Secretary of the Attorney-General’s Department (Secretary of AGD), as the accountable authority, certified that the campaign complied with all five principles of the 2020 Guidelines and the certification was published on AGD’s website, as required. The Secretary’s certification was informed by a third-party certification from the ICC, as required by the 2020 Guidelines, and AGD advice on compliance. AGD provided the Attorney-General with the signed Secretary’s certification.
19. AGD complied with publication requirements, except for those relating to the statement in its 2023–24 annual report. AGD published its developmental research report on the One Talk at a Time campaign website. (See paragraphs 3.14 to 3.24)
20. AGD complied with Principles 1 to 3 of the 2020 Guidelines and largely complied with Principles 4 and 5.
21. For Principle 4, campaign effectiveness was reduced by the delayed execution of pre-launch public relations activities. For Principle 5, 17 of the 21 media partnership materials had appropriate attribution statements noting Australian Government involvement and two of the campaign procurements were not accurately reported on AusTender. (See paragraphs 3.25 to 3.62)
22. Advertising components of the One Talk at a Time campaign were evaluated to determine their effectiveness. This evaluation identified that the advertising component of the campaign ‘achieved’ one objective and ‘partially achieved’ two objectives. At November 2024, the planned integrated evaluation of all campaign components, including media partnerships and public relations, had not been completed.
23. The performance of the campaign was monitored against media metrics, including key performance indicators (KPIs). AGD received in-flight monitoring of the campaign’s performance, including a mid-campaign report and a final media performance report. (See paragraphs 3.63 to 3.71)
Your Answer Matters campaign
24. Due to its exemption, the AEC was not subject to review by the ICC or government review and approval processes. The AEC had documented requirements for campaign development and certification in the form of the AEC Guidelines. The version of the AEC Guidelines used for the Your Answer Matters campaign was in draft and there was no documented approval.
25. Under the AEC Guidelines, the AEC has committed to complying with the intent of the 2022 Guidelines. The AEC Guidelines did not establish a requirement for legal advice confirming compliance with Principle 5 of the 2022 Guidelines to be provided to the Electoral Commissioner prior to campaign certification.
26. The AEC followed an internal review process that involved the Electoral Commissioner providing approval for key campaign development milestones. The Electoral Commissioner signed two certifications for the campaign, which were both published on the AEC’s website in accordance with the AEC Guidelines. The AEC did not publish campaign research reports on its website and did not document consideration of whether publication of the research reports was appropriate and there were inaccuracies in the reporting of campaign expenditure figures in the AEC annual report and subsequent reporting to the Department of Finance. (See paragraphs 4.18 to 4.40)
27. The AEC complied with the intent of Principles 1 to 4 of the 2022 Guidelines and largely complied with Principle 5. Legal advice addressing all legal requirements of Principle 5 was finalised after the campaign had commenced. The AEC had not documented attribution requirements for media partnerships or public relations materials. Details of one procurement were not accurately reported on AusTender. (See paragraphs 4.41 to 4.78)
28. The Your Answer Matters campaign was evaluated to determine its effectiveness. Of the 23 objectives across the five phases of the campaign, 16 were assessed as ‘met’, six were assessed as ‘partly met’ and one was assessed as ‘not met’.
29. The performance of the campaign was monitored against media metrics, including KPIs. The AEC received weekly reporting on the performance of media channels. (See paragraphs 4.79 to 4.85)
Youth Vaping Education (phase one) campaign
30. Health’s Youth Vaping Education (phase one) campaign received government approvals in accordance with the framework requirements applying at the time it was considered.
31. The accountable authority, the Secretary of the Department of Health and Aged Care (Secretary of Health and Aged Care), certified that the campaign complied with the five ‘overarching principles’ of the 2022 Guidelines and the certification was published on Health’s website, as required. The Secretary’s certification was informed by a third-party review from the ICC, as required by the 2022 Guidelines, and Health advice on compliance. Health provided the Secretary’s certification to the Minister for Health and Aged Care on 3 May 2024, approximately three months after the campaign commenced, which was not compliant with the 2022 Guidelines.
32. Health complied with publication requirements. Health published the campaign developmental research report on its website. (See paragraphs 5.12 to 5.23)
33. Health complied with Principles 1, 3 and 4 and largely complied with Principles 2 and 5 of the 2022 Guidelines.
34. For Principle 2, Health did not document how campaign imagery reflected a diverse range of Australians. Legal advice provided in support of compliance with Principle 5 addressed the media partnerships component of the campaign but not the influencer component. Seventeen of the 28 media partnership materials did not contain attribution of Australian Government contribution to the materials. Health’s audit trail of procurement decision-making was mostly complete. (See paragraphs 5.24 to 5.74)
35. Health evaluated the Youth Vaping Education (phase one) campaign to determine its effectiveness. The evaluation report consolidated the campaign’s original seven objectives into four objectives. The evaluation found that two objectives were achieved and two objectives were partially achieved.
36. Campaign performance was monitored against media metrics, including KPIs. Health received in-flight monitoring of the campaign’s performance, including a report on the performance of influencers, a mid-campaign report and a final media performance report. (See paragraphs 5.75 to 5.82)
Recommendations
Recommendation no. 1
Paragraph 2.55
The Department of Finance develop supporting policy and guidance to identify and manage emerging risks, including to brand safety, relating to the use of artificial intelligence and emerging technologies in government advertising campaigns.
Department of Finance response: Agreed.
Recommendation no. 2
Paragraph 2.72
When planning future procurements for Master Media Agency services for Australian Government advertising, the Department of Finance provide sufficient time to enable the procurement process to be completed prior to exhausting all extension options available under the existing contract.
Department of Finance response: Agreed.
Recommendation no. 3
Paragraph 4.21
The Australian Electoral Commission update the ‘AEC communications campaigns: Guidelines and mandatory checklist’ (AEC Guidelines) to include:
- a requirement for legal advice confirming compliance with Principle 5 of the Australian Government Guidelines on Information and Advertising campaigns to be provided to the Electoral Commissioner prior to campaign certification; and
- details of version control and approval of the AEC Guidelines.
Australian Electoral Commission response: Agreed.
Summary of entity responses
37. The proposed audit report was provided to Finance, AGD, AEC and Health, with an extract being provided to the Independent Communications Committee. The entities’ summary responses are provided below, and their full responses are included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Department of Finance
The Department of Finance welcomes the conclusion that the Department has been effective in the whole-of-government administration of the Government’s campaign advertising framework, including Finance’s role in supporting entities, providing secretariat support to the Independent Communications Committee, meeting its requirements for reporting on campaign advertising expenditure by non-corporate Commonwealth entities, and having arrangements in place to manage brand safety risks relating to advertising on social media platforms.
Finance agrees the two recommendations directed to the Department and will take appropriate action to address the matters raised.
Attorney-General’s Department
The Attorney-General’s Department (the department) welcomes the Australian National Audit Office’s (ANAO) report on Australian Government Advertising: November 2021 to November 2024, in particular the findings for the department’s “One Talk at a Time” campaign.
The department agrees with the recommendations and acknowledges the opportunity for administrative improvements in relation to record keeping, attribution of Australian Government involvement in campaign activity and reporting on AusTender.
The department acknowledges the ANAO’s finding that the campaign successfully achieved one objective and “partially achieved” two others. However, the full evaluation of the campaign’s effectiveness is yet to be completed and is expected to conclude in 2025, following the completion of below-the-line activities.
The department is committed to continuous improvement and will use the ANAO’s findings and recommendations to further refine our campaign processes and guidance.
Australian Electoral Commission
The Australian Electoral Commission (AEC) welcomes the ANAO report.
The AEC notes it is exempt from the Australian Government Guidelines on Information and Advertising Campaigns by non-corporate Commonwealth entities, including exemption from review and approval of AEC campaigns by government. This is due to the need for campaigns on electoral events to be independent of government. Instead, the AEC has its own Guidelines and certification process.
The AEC agrees with the one recommendation relating to improvement of our own Guidelines; and acknowledges the areas for improvement. We have reviewed and are addressing the highlighted administrative processes, noting they do not compromise compliance with our Guidelines.
The AEC remains committed to continuous improvement, and to our ongoing conformance with the intent of the Australian Government Guidelines.
Department of Health and Aged Care
The Department of Health and Aged Care (the department) acknowledges the findings in this report. The department is committed to responding to the opportunities for improvement identified by the Australian National Audit Office.
It is pleasing to note the finding the department was largely compliant with the Australian Government’s campaign advertising framework, including the review, certification and publication requirements.
The department also welcomes the finding the department complied with the requirements of Principles 1, 3 and 4 of the 2022 Australian Government Guidelines on Information and Advertising Campaigns and largely complied with Principles 2 and 5 of the Guidelines. The department also appreciates the report’s recognition the department established arrangements and processes to meet the objectivity requirements of Principle 2 of the Guidelines and mitigate the risks associated with engaging with influencers.
The audit identified two opportunities to improve the documentation of how a diverse range of Australians are reflected in campaign imagery and ensuring campaign materials contain appropriate attribution of the department’s involvement. To address these findings, the department will continue to strengthen its administrative processes when implementing government advertising campaigns.
Key messages from this audit for all Australian Government entities
38. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Stewardship by framework policy owners
Governance and risk management
Summary and recommendations
Background
1. The Australian Taxation Office (ATO) is the principal revenue collection agency of the Australian Government. Its roles and responsibilities include administering legislation governing tax, superannuation and the Australian Business Register. The ATO’s corporate plan 2024–251 outlines a strategic objective to ensure its client experience and interactions are ‘well designed, tailored, fair, transparent.’ This objective includes a core priority to ‘enable trust and confidence through policy, sound law design and interpretation, as well as resolving disputes’.
2. The ATO Charter (the Charter) outlines the ATO’s commitments to its clients and what can be expected in interactions with the ATO.2 Under the Charter, the ATO is obligated to be fair and reasonable, provide professional service, provide support and assistance, keep clients’ data and privacy secure, and keep the community informed. This includes working with clients to address concerns and informing them how to make a complaint. The Charter provides ‘we treat all complaints seriously and aim to resolve them quickly and fairly.’
Rationale for undertaking the audit
3. The Commonwealth Ombudsman’s Better Practice Complaint Handling Guide states that ‘Australian Public Service agencies and contractors must deliver high quality programs and services to the Australian community in a way that is fair, transparent, timely, respectful and effective’3, and that ‘[g]ood complaint handling will also help meet general principles of good administration, including fairness, transparency, accountability, accessibility and efficiency’.4 Between 2020–21 and 2023–24 the number of complaints received by the ATO, including those referred by the Inspector-General of Taxation and Taxation Ombudsman (IGTO), increased from 24,740 to 49,414.
4. This audit will provide assurance to Parliament of the Australian Taxation Office’s effectiveness in managing complaints, including engaging with complainants, resolving complaints, and the implementation of relevant IGTO recommendations.
Audit objective and criteria
5. The audit objective was to assess the Australian Taxation Office’s effectiveness in managing complaints.
6. To form a conclusion against the objective, the following criteria were adopted.
- Does the ATO have fit-for-purpose arrangements to support the effective handling of complaints?
- Does the ATO report on complaints, effectively review its complaints management framework, and seek to improve processes and service delivery?
- Were agreed recommendations from the Inspector-General of Taxation regarding ATO complaint handling effectively implemented?
Conclusion
7. The ATO’s management of complaints is largely effective. Effectiveness would be improved if the ATO’s analysis of its complaints data also sought to identify the underlying causes of complaints and used this information to improve business processes and complaint handling.
8. The ATO’s complaints management framework is largely aligned with the Commonwealth Ombudsman’s Better Practice Complaints Handling Guide. The complaints process is accessible through multiple channels, and complaints are triaged to allocate complaints to resolvers with appropriate experience. The ATO seeks to resolve complaints at first contact. The proportion of complaints resolved at first contact has declined over the last four financial years. The ATO uses timeliness of complaint handling as its indicator for efficiency. The process is reliant on complainant feedback to improve accessibility. The ATO largely applies its framework to handle complaints, though it does not consistently document discussions with complainants to extend complaint due dates which has an impact on the accuracy of performance reporting. The ATO has also not consistently communicated taxpayer review rights to the complainant.
9. The ATO is largely effective at reporting on complaints, collecting complaint data to monitor incoming complaint volumes, categories of complaints, performance against service commitments and performance of key complaint topics. The data is used to generate internal reports based on the needs of individual business areas and bodies that meet to discuss complaint trends. Public reporting through the ATO Annual Report consists of the total number of complaints received and performance against the ATO service commitment targets. The ATO is able to determine which issue categories lead to increases in complaints but does not identify the root causes of these increases. Analysis of cross-product issues indicates that ‘timeliness’ is the largest complaint issue across many business lines, accounting for 56.5 per cent of all complaints from 2020–21 to 2023–24.
10. The ATO is largely effective in using a variety of sources including complaint data to identify business improvements to enhance both the complaint handling system and broader ATO processes and service delivery. It manages these through the Business Intelligence and Improvement register to iteratively improve its processes and service delivery. The ATO could strengthen its Business Intelligence and Improvements framework.
11. The ATO was largely effective in implementing the six IGTO recommendations made between 1 July 2020 and 30 July 2024 concerning the ATO’s management of complaints. The ATO has guidance to assist business lines developing implementation plans for recommendations. Implementation plans for the selected recommendations were largely consistent with this guidance, with the exception that the ATO’s template does not address measures of success or outcomes to be realised as required in ATO guidance. Recommendations are monitored through quarterly reporting to the ATO External Scrutineers Unit (ESU), the Audit and Risk Committee (ARC) and the IGTO. Reporting of selected recommendations was completed for all relevant quarters, though there were inconsistencies in reporting regarding revisions to the target implementation date of one recommendation. Three of the selected recommendations were assessed by the ANAO as implemented in full, two were largely implemented, and one was assessed as partly implemented. The ATO completed closure statements with attached evidence of implementation for all selected recommendations, though these were all endorsed after the reported closure dates and the ATO did not establish if the desired outcome of the recommendation had been achieved before closure of the recommendations. Evidence gathering and finalisation of the closure statements continued after the closure date for five of the six recommendations, with two also identifying ongoing work at the time of closure.
Supporting findings
Arrangements to support the effective handling of complaints
12. The ATO’s complaints management framework is largely aligned with the Commonwealth Ombudsman’s Better Practice Complaint Handling Guide. Complaints are received, are categorised, and are sent to the relevant Business Service Line if they cannot be resolved at first point of contact. Resolution is through prioritisation of calls to the complaints hotline, the use of First Contact Resolution, and via complaint categorisation at the point of receipt. The ATO approach to determining efficiency focuses on timeliness and does not consider inputs and outputs. (See paragraphs 2.3 to 2.48)
13. The process to make a complaint to the ATO is clearly articulated on its website, and guidance documents provided to staff to explain the complaints process are clear. The complaints process is accessed primarily through online web form and telephone, and is largely compliant with the BPG. The ATO does not specifically survey complainants on the ATO’s complaint management process, however complainants who have had an identity-verified interaction with the ATO were eligible to be randomly sampled for the ATO’s broader monthly Client Experience Survey. The information on complaints obtained through this survey does not support meaningful analysis. The ATO relies on complainant feedback to identify and address accessibility issues, and does not proactively monitor and assess potential accessibility barriers. The ATO implements changes when issues are brought to its attention through this channel. (See paragraphs 2.49 to 2.61)
14. The ATO uses notes, attachments and templates in the Siebel work management system to record actions taken while resolving a complaint. The complaint capture template was consistently completed by ATO staff. The issues template was largely completed in line with ATO guidelines and use of this template increased from 2020–21 to 2023–24. Notes and attachments recorded in Siebel and analysed by the ANAO indicate the ATO actions complaints in accordance with its guidance. Regular ongoing contact was not consistently maintained with complainants in 2022–23 and 2023–24, and some complainants were not advised of their review rights when a complaint was closed. The ATO did not have a discussion with complainants before extending due dates in the majority of complaint cases. The extended due dates exceed the ATO’s service commitment to resolve complaints within 15 business days. (See paragraphs 2.62 to 2.86)
Reporting, process improvement, and review
15. The ATO generates internal reports based on the needs of individual business areas and bodies that meet to discuss complaints. Public reporting through the ATO Annual Report consists of the total number of complaints received and performance against the ATO service commitment targets. The ATO is able to determine which issue categories have led to increases in complaints, but does not identify the root causes of these increases. Analysis of cross-product issues indicates that ‘timeliness’ is the largest complaint issue across many business lines, accounting for 56.5 per cent of complaints from 2020–21 to 2023–24. (See paragraphs 3.2 to paragraph 3.42)
16. The ATO uses a variety of sources including complaint data to identify opportunities to improve its complaints management framework. The ATO manages changes to its complaints management framework manually through the Business Intelligence and Improvement register. The ATO does not undertake regular evaluation of its complaint handing processes. (See paragraphs 3.43 to 3.46)
17. The complaint data collected by the ATO is used to monitor incoming complaint volumes and categories, performance against service commitments and performance of key complaint topics. The ATO also improves non-complaint handling processes and service delivery through the Business Intelligence and Improvement register. There is an opportunity for the ATO to strengthen the Business Intelligence and Improvements framework. (See paragraphs 3.47 to 3.63)
Implementation of Inspector-General of Taxation recommendations regarding complaint handling
18. The ATO has guidance for business lines developing implementation plans to address recommendations from the Inspector-General of Taxation and Taxation Ombudsman (IGTO). The ATO External Scrutineers Unit coordinates this process. Implementation plans were developed for all selected recommendations and largely reflect ATO requirements. Implementation plans are not provided to the IGTO for feedback as required and the implementation plan template does not address measures of success or outcomes to be realised as required in ATO guidance. (See paragraphs 4.3 to 4.21)
19. The implementation of recommendations from the IGTO is primarily monitored through quarterly reporting. The ATO’s External Scrutineers Unit sources updates from Business Service Lines on the implementation of recommendations to produce quarterly reporting. These updates were often returned to ESU after their due date and lacked evidence of action taken. The progress of selected recommendations was reported to the IGTO and ATO Audit and Risk Committee (ARC) in all relevant quarters. The ATO classified four of the six closed recommendations as implemented by their original target date. There are inconsistencies in the reporting of revisions to the target implementation date of one recommendation to the ARC. These revisions were made after the previous target date had passed. (See paragraphs 4.22 to 4.49)
20. Three of the six closed recommendations were assessed by the ANAO as implemented in full, two were largely implemented, and one was assessed as partly implemented. The ATO completed all required closure statements, although endorsement was provided after the closure date for all recommendations, and evidence attached was not sufficient to provide assurance of implementation status without seeking documentation from additional sources. Evidence gathering and finalisation of the closure statements continued after the closure date for five recommendations, with two also identifying ongoing work. The ATO did not establish if the desired outcome of the recommendation had been achieved before closure of the recommendations. (See paragraphs 4.50 to 4.80)
Recommendations
Recommendation no. 1
Paragraph 2.86
The Australian Taxation Office:
- conducts and documents any discussion with complainants before extending complaint due dates; and
- communicates and documents that review rights have been discussed with the complainant in accordance with its own guidance.
Australian Taxation Office response: Agreed.
Recommendation no. 2
Paragraph 3.40
The Australian Taxation Office:
- analyses the root causes of complaints, particularly where there has been a significant increase in volumes; and
- enhances its public reporting on complaint trends, causes, and outcomes in its Annual Report to better align with the Commonwealth Ombudsman’s Better Practice Complaint Handling Guide to improve transparency to the Parliament.
Australian Taxation Office response: Agreed.
Recommendation no. 3
Paragraph 4.21
The Australian Taxation Office shares implementation plans for agreed recommendations with the Inspector-General of Taxation.
Australian Taxation Office response: Agreed.
Recommendation no. 4
Paragraph 4.78
The Australian Taxation Office gains sufficient assurance of implementation by closing recommendations only after providing:
- the required senior executive endorsement; and
- appropriate closure statement evidence, in accordance with its guidance.
Australian Taxation Office response: Agreed.
Summary of entity response
21. The proposed audit report was provided to the ATO. The ATO’s summary response is reproduced below and its full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
The Australian Taxation Office (the ATO) welcomes the ANAO’s report and finding that the ATO is largely effective in managing complaints.
Whilst complaints represent a very small portion of our interactions with taxpayers, we understand the importance of complaints in helping us to continue to improve their experience.
We are proud of the work we do to deliver for the Australian community in a manner that meets Government and community expectations. We are pleased to see the ANAO has found the ATO has developed largely effective arrangements to handle complaints and that we monitor, report and process improvements effectively. We remain committed to understanding the systemic issues that may be driving trends through complaints as it enables us to continually improve how we operate.
The ATO agrees with the four recommendations in the report. Implementation of the recommendations and opportunities for improvement identified by the ANAO will help us further strengthen our complaints processes, and ensure we continue to effectively meet our commitments to taxpayers and the Australian Government.
Key messages from this audit for all Australian Government entities
22. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Performance and impact measurement
Summary and recommendations
Background
1. On 5 August 2017, the Minister for Health and Aged Care announced a review of Australia’s sport integrity arrangements. The Report of the Review of Australia’s Sport Integrity Arrangements (the Wood Review) was presented to the government in March 2018 and made 52 recommendations, including the establishment of a national sports integrity commission.1 In its February 2019 response to the Wood Review2, the Australian Government agreed, agreed in part, agreed in principle or noted all recommendations. Sport Integrity Australia (SIA) was established on 1 July 2020 by the Sport Integrity Australia Act 2020 (SIA Act).
2. The object of the SIA Act is to establish SIA to prevent and address threats to sports integrity and to coordinate a national approach to matters relating to sports integrity in Australia. A National Anti-Doping Scheme is required under section 3 of the SIA Act and is set out in Schedule 1 of the Sport Integrity Australia Regulations 2020 (SIA Regulations). The SIA Regulations outline the powers and functions of the SIA Chief Executive Officer, which include having the role and responsibility of a ‘national anti-doping organisation’ for Australia under the United Nations Educational, Scientific and Cultural Organization’s (UNESCO) Anti-Doping Convention and the World Anti-Doping Code.
Rationale for undertaking the audit
3. In its response to the Wood Review, the Australian Government committed to ‘comprehensively protecting the integrity of Australian sport for the benefit of the entire Australian community’ and to establishing a national sports integrity commission (SIA). The government also noted the importance of effective anti-doping measures to protect the integrity of Australian sport.
4. The audit provides assurance to the Parliament as to whether SIA has established effective governance arrangements for anti-doping and is effectively managing the National Anti-Doping Scheme.
Audit objective and criteria
5. The purpose of the audit was to assess the effectiveness of Sport Integrity Australia’s management of the National Anti-doping Scheme.
6. To form a conclusion against the objective, the following high-level criteria were adopted:
- Has Sport Integrity Australia established fit-for-purpose governance arrangements?
- Has Sport Integrity Australia established effective arrangements to prevent and detect anti-doping rule violations?
- Has Sport Integrity Australia established effective arrangements to investigate and respond to possible anti-doping rule violations?
7. The period covered by the audit is 1 July 2021 to 30 June 2024. Anti-doping matters prior to the establishment of Sport Integrity Australia on 1 July 2020 are not within the scope of this audit.
Conclusion
8. Sport Integrity Australia’s management of the National Anti-Doping Scheme is partly effective. SIA has adopted a different approach to anti-doping regulation, depending on how anti-doping samples and testing are paid for. Regulatory responsibilities are more effectively carried out for sports that receive government funded anti-doping testing. For sports where testing costs are partially recovered from the sport, regulation is not demonstrably risk-based and data driven — a key principle of good regulation. There are deficiencies in anti-doping investigation practices.
9. SIA’s governance arrangements for the National Anti-Doping Scheme are partly fit for purpose. There are largely fit-for-purpose oversight and assurance arrangements. Risk management, including for regulatory capture risks, is not fit for purpose.
10. SIA’s arrangements for preventing and detecting doping are largely effective for sports that have mainly government funded anti-doping sample collection arrangements, and partly effective for the major professional sports that have mainly ‘user pays’ anti-doping sample collection arrangements, due to the way SIA has chosen to administer ‘user pays’ arrangements.
- There is a fit-for-purpose national anti-doping framework, which is supported by a national anti-doping policy that is adopted by 87 national sporting organisations. Another three national sporting organisations have an SIA-approved anti-doping policy.
- SIA has effective arrangements to prevent anti-doping rule violations through anti-doping education plans that are implemented and evaluated.
- For sports that have mainly government funded testing arrangements, test distribution planning is generally risk-based. Transparency could be enhanced through more comprehensive documentation of planning methodology and record keeping.
- For the six major sports that have mainly user pays testing arrangements, test distribution planning is not demonstrably risk-based. The number and distribution of tests are negotiated with national sporting organisations under a service agreement. This is not consistent with World Anti-Doping Code principles or SIA’s responsibilities as a regulator of these sports.
11. SIA’s arrangements to investigate and respond to anti-doping rule violations are partly effective. The procedural framework for investigations is partly fit for purpose, including processes related to quality assurance. There were irregularities in the triage and conduct of 38 investigations commenced in the three years to 30 June 2024, when compared to existing procedures. Investigations did not consistently meet timeliness targets. SIA’s actions in response to proven anti-doping violations were appropriate.
Supporting findings
Governance arrangements
12. SIA has responded to the Minister for Sport’s statement of expectations with an appropriate statement of intent. There are management arrangements and governance bodies that give consideration to anti-doping matters. These include advisory bodies that have been established in accordance with the Sport Integrity Australia Act 2020. Governance bodies operate in accordance with legislative requirements or terms of reference, except for the declaration of interests on two key advisory bodies. SIA’s public performance reporting includes measures related to anti-doping. There is no performance reporting specifically related to anti-doping testing and investigations — a key regulatory function. There is no measure that goes to the effectiveness or efficiency of SIA’s anti-doping activities. Performance reporting on anti-doping in 2023–24 was not fully accurate. SIA reports integrity and anti-doping matters of significance to the Minister for Sport. (see paragraphs 2.2 to 2.20)
13. Sport Integrity Australia established a risk management policy in 2021, which was updated in 2023. Risk appetite statements provided in different documents are inconsistent. There is an enterprise risk register, which was last updated in November 2021. Operational risk registers for specific business areas or activities, including for anti-doping, are not maintained. SIA undertook a review of its risk management framework in 2024, which concluded that the risk management framework required ‘significant’ work to comply with the Commonwealth Risk Management Policy. SIA commenced a body of work to improve SIA’s risk management framework. There is a largely fit-for-purpose policy framework for regulatory capture risks, including risks arising from conflicts of interest; external employment; gifts, benefits and hospitality; and sports betting. The policies are poorly implemented. (see paragraphs 2.21 to 2.43)
Anti-doping prevention and detection
14. The Sport Integrity Australia Regulations 2020 establish the SIA CEO’s functions and powers in relation to anti-doping, which include sample collection and results management for ‘sporting administration bodies’, defined as ‘national sporting organisations for Australia’. SIA has established an Australian National Anti-Doping Policy (NAD Policy) that aligns with the World Anti-Doping Code and which, as of September 2024 had been adopted by 98 sporting organisations in Australia, including 87 national sporting organisations for Australia. Anti-doping policies for the remaining three national sporting organisations that have adopted alternative policies were not approved by SIA in a timely way using documented criteria.
15. SIA’s annual anti-doping activities are supported by approximately 300 full-time equivalent (FTE) and casual employees. Budgeted average staffing levels increased by six per cent for FTE staff and 17 per cent for casual staff between 2022–23 and 2024–25. The total number of anti-doping samples collected by SIA declined by 34 per cent between 2010–11 and 2022–23.
16. SIA provides anti-doping sample collection and analysis under two general funding models: government-funded and user pays. User pays arrangements involve partial cost recovery, an approach which was approved by government in March 2024. Six professional sports (Australian football, cricket, football (soccer), rugby league, rugby union and basketball) have mainly user pays arrangements. There are no documented criteria for when to apply which funding model, however SIA has advised that it depends in part on the sporting organisation’s ability to pay for its own anti-doping testing.
17. The average cost of testing increased in the five years to 2022–23 and decreased in 2023–24. SIA has assessed the value-for-money of its laboratory testing arrangements. (see paragraphs 3.7 to 3.24)
18. SIA has developed national anti-doping education plans in each year between 2021–22 and 2023–24, as required by the World Anti-Doping (WAD) Code and SIA Regulations. SIA’s 2023–24 national education plan is consistent with requirements of the WAD Code. Sport specific education plans were developed for all sampled sports except one in 2023–24, following failure to develop sport-specific education plans for one sampled government funded sport and most sampled user pays sports in 2021–22 and 2022–23. SIA has fit for purpose arrangements to evaluate the effectiveness of the national education plan. Evaluations have found that most deliverables and outcomes relating to the national education plan were met. SIA has evaluated sport-specific education plans. (see paragraphs 3.25 to 3.42)
19. SIA undertakes an annual anti-doping test distribution planning process that is consistent with the World Anti-Doping (WAD) Code for sports with mainly government funded testing arrangements. Evaluation of previous years’ plans (one component of the WAD Code requirements) to inform improvements to current year planning is not supported by a clear methodology and could be better documented. SIA alters (moderates) the results of the risk-based test planning process using an undocumented methodology.
20. SIA’s test distribution planning for sports with mainly user pays testing arrangements is deficient in terms of systematic risk analysis informing the total number and distribution of planned tests. The total number and distribution of tests are negotiated with national sporting organisations representing user pays sports under a service agreement. Testing arrangements for user pays sports do not fully cover the off-season and pre-season.
21. In a sample of 25 government funded and user pays sports/disciplines, SIA’s testing activities for 2023–24 were mostly consistent with its planned test distribution planning. The minimum levels of analysis required under the WAD Code were achieved for all but one government funded and one user pays sport. (see paragraphs 3.43 to 3.85)
Anti-doping investigations and response
22. SIA established an investigations manual in 2020, which as of September 2024 had not been updated to align with the Australian Government Investigations Standard 2022. Elements of AGIS requirements related to information and evidence management, investigative personnel and investigative practices could be better reflected in SIA’s framework for conducting investigations. Quality assurance processes for investigations have largely not been established.
23. Between 1 July 2021 and 30 June 2024, 144 anti-doping rule violation cases were recorded in SIA’s case management system, and 38 proceeded to an investigation or ‘administrative’ treatment. There is a lack of documented procedures for a type of case (non-analytical findings) and treatment of these cases was inconsistent.
24. Six of 38 investigations commenced between 1 July 2021 and 30 June 2024 lacked investigation plans, with no documented reason for five. SIA does not have a procedure for the preparation and service of disclosure notices to athletes, and disclosure notice practices were inconsistent. SIA did not follow up using established mechanisms on athlete non-compliance with disclosure notices. A brief of evidence adjudication was appropriately prepared for 19 of 26 investigations involving a brief of evidence. Of the 38 investigations commenced since 1 July 2021, 21 were finalised by 30 June 2024 (15 resulting in a sanction). SIA states that it prepares closure reports only for matters where the decision is ‘no further action’. Three of five investigations resulting in ‘no further action’ had a closure report. Closed investigations did not meet timeliness benchmarks. (see paragraphs 4.2 to 4.54)
25. Anti-doping rule violation sanctions imposed by SIA between 1 July 2021 and 30 June 2024 were largely consistent with WADA requirements. (see paragraphs 4.55 to 4.62)
Recommendations
Recommendation no. 1
Paragraph 2.17
Sport Integrity Australia develop effectiveness and efficiency measures and targets for anti-doping testing and investigations activities, consistent with requirements established in the Commonwealth Performance Framework.
Sport Integrity Australia response: Agreed.
Recommendation no. 2
Paragraph 2.44
Sport Integrity Australia improve its controls for identifying and managing potential conflicts of interest, including those arising from gifts and benefits.
Sport Integrity Australia response: Agreed.
Recommendation no. 3
Paragraph 3.45
Sport Integrity Australia establish a procedure for the test distribution planning process for user pays sports.
Sport Integrity Australia response: Agreed.
Recommendation no. 4
Paragraph 3.50
Sport Integrity Australia establish a documented methodology for evaluating test distribution planning for government and user pay sports, and document outcomes from evaluations.
Sport Integrity Australia response: Agreed.
Recommendation no. 5
Paragraph 3.61
Sport Integrity Australia undertake annual risk assessment to inform test distribution planning for all sports subject to regulation, including user pays sports.
Sport Integrity Australia response: Agreed.
Recommendation no. 6
Paragraph 4.9
Sport Integrity Australia establish controls to ensure its documented investigative practices and procedures are implemented, or update procedures to reflect current endorsed practice.
Sport Integrity Australia response: Agreed.
Recommendation no. 7
Paragraph 4.16
Sport Integrity Australia implement a quality assurance process for investigations that captures all types of investigations.
Sport Integrity Australia response: Agreed.
Summary of entity response
26. The proposed audit report was provided to SIA. SIA’s summary response is reproduced below. The full response from SIA is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
Sport Integrity Australia welcomes the findings in the ANAO audit report on Sport Integrity Australia’s Management of the National Anti-Doping Scheme and agrees with the recommendations.
These recommendations will further contribute to our continuous improvement along with our obligations to implement and enforce rules and policies relating to anti-doping in Australian sport.
The National Anti-Doping Scheme provides Australia with the legislative basis to implement obligations under the UNESCO International Convention against Doping in Sport, and in turn, the World Anti-Doping Code (the Code). The Code, and its associated mandatory International Standards, create an important, but complex set of global expectations for all National Anti-Doping Organisations.
The World Anti-Doping Agency through its most recent Code Compliance process (2022–2023) found Sport Integrity Australia to be fully compliant with all aspects of the Code. Indeed, this process highlighted the capabilities of Sport Integrity Australia far exceed many other national anti-doping agencies.
The ANAO recommendations (noting the recommendations are limited to a small section of just one of the five relevant International Standards), are valuable as we look to continually improve our program. To this end, we have already begun taking steps to implement all recommendations.
Key messages from this audit for all Australian Government entities
27. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Performance and impact measurement
Auditor-General’s foreword
Emerging technologies including artificial intelligence (AI) are increasingly a part of public services, with 56 public sector entities advising in the Australian National Audit Office (ANAO)’s 2023–24 financial statements audits that they have adopted AI in their operations. AI can offer the promise of better services, enhanced productivity and efficiency — and also has the potential for increased risk and unintended consequences.
AI is an area of public interest for the Australian Parliament, with two inquiries underway during the time of undertaking this audit. The Select Committee on Adopting AI reported in November 2024.1 At the time of presenting this audit report to the Parliament, the Joint Committee of Public Accounts and Audit is conducting an inquiry into the use and governance of AI systems by public sector entities.2 The Australian Government has policies and frameworks for agencies on the adoption and use of AI that are referred to in this audit.
The growing use of AI also brings new challenges and opportunities in auditing. As a first step in addressing these, the ANAO has identified providing assurance on the governance of the use of new technology as a way of bringing transparency and accountability to the Parliament in this area of emerging public administration. The Australian Taxation Office (ATO), as an agency that uses technology extensively in its administration of the tax and superannuation systems, was chosen as the first agency in this new line of audit work. I acknowledge the ATO’s work on governance to support rapidly emerging technologies and cooperation in the undertaking of this audit. I also acknowledge the assistance of the Digital Transformation Agency through consultation on this audit.
The ANAO will continue to focus on governance of AI while it develops the capability to undertake more technical auditing of the AI tools and processes used in the public sector. Building this capability will require investment in knowledge, methodology and skills to enable the ANAO to test more deeply how AI tools operate in practice.
Like audit offices around the world, the ANAO will seek to examine how AI can improve the audit process itself, in a profession where human judgement and scepticism are foundations in auditing standards. This work will progress through our relationships within the international public sector audit community over coming years.
Dr Caralee McLiesh PSM
Auditor-General
Executive summary
1. Performance information is important for public sector accountability and transparency as it shows how taxpayers’ money has been spent and what this spending has achieved. The development and use of performance information is integral to an entity’s strategic planning, budgeting, monitoring and evaluation processes.
2. Annual performance statements are expected to present a clear, balanced and meaningful account of how well an entity has performed against the expectations it set out in its corporate plan. They are an important way of showing the Parliament and the public how effectively Commonwealth entities have used public resources to achieve desired outcomes.
The needs of the Parliament
3. Section 5 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out the objects of the Act, which include requiring Commonwealth entities to provide meaningful performance information to the Parliament and the public. The Replacement Explanatory Memorandum to the PGPA Bill 2013 stated that ‘The Parliament needs performance information that shows it how Commonwealth entities are performing.’1 The PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) outline requirements for the quality of performance information, and for performance monitoring, evaluation and reporting.
4. The Parliament’s Joint Committee of Public Accounts and Audit (JCPAA) has a particular focus on improving the reporting of performance by entities. In September 2023, the JCPAA tabled its Report 499, Inquiry into the Annual Performance Statements 2021–22, stating:
As the old saying goes, ‘what is measured matters’, and how agencies assess and report on their performance impacts quite directly on what they value and do for the public. Performance reporting is also a key requirement of government entities to provide transparency and accountability to Parliament and the public.2
5. Without effective performance reporting, there is a risk that trust and confidence in government could be lost (see paragraphs 1.3 to 1.6).
Entities need meaningful performance information
6. Having access to performance information enables entities to understand what is working and what needs improvement, to make evidence-based decisions and promote better use of public resources. Meaningful performance information and reporting is essential to good management and the effective stewardship of public resources.
7. It is in the public interest for an entity to provide appropriate and meaningful information on the actual results it achieved and the impact of the programs and services it has delivered. Ultimately, performance information helps a Commonwealth entity to demonstrate accountability and transparency for its performance and achievements against its purposes and intended results (see paragraphs 1.7 to 1.13).
The 2023–24 performance statements audit program
8. In 2023–24, the ANAO conducted audits of annual performance statements of 14 Commonwealth entities. This is an increase from 10 entities audited in 2022–23.
9. Commonwealth entities continue to improve their strategic planning and performance reporting. There was general improvement across each of the five categories the ANAO considers when assessing the performance reporting maturity of entities: leadership and culture; governance; reporting and records; data and systems; and capability.
10. The ANAO’s performance statements audit program demonstrates that mandatory annual performance statements audits encourage entities to invest in the processes, systems and capability needed to develop, monitor and report high quality performance information (see paragraphs 1.18 to 1.27).
Audit conclusions and additional matters
11. Overall, the results from the 2023–24 performance statements audits are mixed. Nine of the 14 auditees received an auditor’s report with an unmodified conclusion.3 Five received a modified audit conclusion identifying material areas where users could not rely on the performance statements, but the effect was not pervasive to the performance statements as a whole.
12. The two broad reasons behind the modified audit conclusions were:
- completeness of performance information — the performance statements were not complete and did not present a full, balanced and accurate picture of the entity’s performance as important information had been omitted; and
- insufficient evidence — the ANAO was unable to obtain enough appropriate evidence to form a reasonable basis for the audit conclusion on the entity’s performance statements.
13. Where appropriate, an auditor’s report may separately include an Emphasis of Matter paragraph. An Emphasis of Matter paragraph draws a reader’s attention to a matter in the performance statements that, in the auditor’s judgement, is important for readers to consider when interpreting the performance statements. Eight of the 14 auditees received an auditor’s report containing an Emphasis of Matter paragraph. An Emphasis of Matter paragraph does not modify the auditor’s conclusion (see Appendix 1).
Audit findings
14. A total of 66 findings were reported to entities at the end of the final phase of the 2023–24 performance statements audits. These comprised 23 significant, 23 moderate and 20 minor findings.
15. The significant and moderate findings fall under five themes:
- Accuracy and reliability — entities could not provide appropriate evidence that the reported information is reliable, accurate and free from bias.
- Usefulness — performance measures were not relevant, clear, reliable or aligned to the entity’s purposes or key activities. Consequently, they may not present meaningful insights into the entity’s performance or form a basis to support entity decision making.
- Preparation — entity preparation processes and practices for performance statements were not effective, including timeliness, record keeping and availability of supporting documentation.
- Completeness — performance statements did not present a full, balanced and accurate picture of the entity’s performance, including all relevant data and contextual information.
- Data — inadequate assurance over the completeness, integrity and accuracy of data, reflecting a lack of controls over how data is managed across the data lifecycle, from data collection through to reporting.
16. These themes are generated from the ANAO’s analysis of the 2023–24 audit findings, and no theme is necessarily more significant than another (see paragraphs 2.12 to 2.17).
Measuring and assessing performance
17. The PGPA Rule requires entities to specify targets for each performance measure where it is reasonably practicable to set a target.4 Clear, measurable targets make it easier to track progress towards expected results and provide a benchmark for measuring and assessing performance.
18. Overall, the 14 entities audited in 2023–24 reported against 385 performance targets in their annual performance statements. Entities reported that 237 targets were achieved/met5, 24 were substantially achieved/met, 24 were partially achieved/met and 82 were not achieved/met.6 Eighteen performance targets had no definitive result.7
19. Assessing entity performance involves more than simply reporting how many performance targets were achieved. An entity’s performance analysis and narrative is important to properly inform stakeholder conclusions about the entity’s performance (see paragraphs 2.37 to 2.44).
Connection to broader government policy initiatives
20. Performance statements audits touch many government policies and frameworks designed to enhance government efficiency, effectiveness and impact, and strengthen accountability and transparency. This is consistent with the drive to improve coherence across the Commonwealth Government’s legislative and policy frameworks that led to the PGPA Act being established.8 The relationship between performance statements audits and existing government policies and frameworks is illustrated in Figure S.1.
Figure S.1. Relationship of performance statements audits to government policies and frameworks

Source: ANAO analysis.
The future direction of annual performance statements audits
21. Public expectations and attitudes about public services are changing.9 Citizens not only want to be informed, but also to have a say between elections about choices affecting their community10 and be involved in the decision-making process, characterised by, among other things, citizen-centric and place-based approaches that involve citizens and communities in policy design and implementation.11 There is increasing pressure on Commonwealth entities from the Parliament and citizens demanding more responsible and accountable spending of public revenues and improved transparency in the reporting of results and outcomes.
22. A specific challenge for the ANAO is to ensure that performance statements audits influence entities to embrace performance reporting and shift away from a compliance approach with a focus on complying with minimum reporting requirements or meeting the minimum standard they think will satisfy the auditor.12 A compliance approach misses the opportunity to use performance information to learn from experience and improve the delivery of government policies, programs and services.
23. Performance statements audits reflect that for many entities there is not a clear link between internal business plans and the entity’s corporate plan. There can be a misalignment between the information used for day-to-day management and governance of an entity and performance information presented in annual performance statements. Periodic monitoring of performance measures is also not an embedded practice in all Commonwealth entities. These observations indicate that some entities are reporting measures in their performance statements that may not represent the highest value metrics for running the business or for measuring and assessing the entity’s performance (see paragraphs 4.32 to 4.35).
Developments in the ANAO’s audit approach
24. Working with audited entities, the ANAO has progressively sought to strengthen sector understanding of the Commonwealth Performance Framework. This includes a focus on helping entities to apply general principles and guidance to their own circumstances and how entities can make incremental improvements to their performance reporting over time. For example:
- in 2021–22, the ANAO gave prominence to ensuring entities understood and complied with the technical requirements of the PGPA Act and the PGPA Rule;
- in 2022–23, there was an increased focus on supporting entities to establish materiality policies that help determine which performance information is significant enough to be reported in performance statements and to develop entity-wide performance frameworks; and
- in 2023–24, there was an increased focus on assessing the completeness of entity purposes, key activities and performance measures and whether the performance statements present fairly the performance of the entity (see paragraphs 4.36 to 4.38).
Appropriate and meaningful
25. For annual performance statements to achieve the objects of the PGPA Act, they must present performance information that is appropriate (accountable, reliable and aligned with an entity’s purposes and key activities) and meaningful (providing useful insights and analysis of results). They also need to be accessible (readily available and understandable).
26. For the 2024–25 audit program and beyond, the ANAO will continue to encourage Commonwealth entities to not only focus on technical matters (like selecting measures of output, efficiency and effectiveness and presenting numbers and data), but on how to best tell their performance story. This could include analysis and narrative in annual performance statements that explains the ‘why’ and ‘how’ behind the reported results and providing future plans and initiatives aligned to meeting expectations set out in the corporate plan.13
27. It is difficult to demonstrate effective stewardship of public resources without good performance information and reporting. Appropriate and meaningful performance information can show that the entity is thinking beyond the short-term. It can show that the entity is committed to long-term responsible use and management of public resources and effectively achieving results to create long lasting impacts for citizens (see paragraphs 4.39 to 4.45).
Linking financial and performance information
28. The ‘Independent Review into the operation of the PGPA Act’14 noted that there would be merit in better linking performance and financial results, so that there is a clear line of sight between an entity’s strategies and performance and its financial results.15
29. Improving links between financial and non-financial performance information is necessary for measuring and assessing public sector productivity. As a minimum, entities need to understand both the efficiency and effectiveness of how taxpayers’ funds are used if they are to deliver sustainable, value-for-money programs and services. There is currently limited reporting by entities of efficiency (inputs over outputs) and even less reporting of both efficiency and effectiveness for individual key activities.
30. Where entities can demonstrate that more is produced to the same or better quality using fewer resources, this reflects improved productivity.
31. The ANAO will seek to work with the Department of Finance and entities to identify opportunities for annual performance statements to better link information on entity strategies and performance to their financial results (see paragraphs 4.46 to 4.51).
Cross entity measures and reporting
32. ANAO audits are yet to see the systemic development of cross-sector performance measures as indicators where it has been recognised that organisational performance is partly reliant on the actions of other agencies. Although there are some emerging better practices16, the ANAO’s findings reveal that integrated reporting on cross-cutting initiatives and linked programs could provide Parliament, government and the public with a clearer, more unified view of performance on key government priorities such as:
- Closing the Gap;
- women’s safety;
- housing;
- whole-of-government national security initiatives; and
- cybersecurity.
33. Noting the interdependence, common objectives and shared responsibility across multiple government programs, there is an opportunity for Commonwealth entities to make appropriate reference to the remit and reporting of outcomes by other entities in annual performance statements. This may enable the Parliament, the government and the public to understand how the work of the reporting entity complements the work done by other parts of government.17
34. As the performance statements audit program continues to broaden in coverage, there will be opportunities for the ANAO to consider the merit of a common approach to measuring performance across entities with broadly similar functions, such as providing policy advice, processing claims or undertaking compliance and regulatory functions. A common basis for assessing these functions may enable the Parliament, the government and the public to compare entities’ results and consider which approaches are working more effectively and why (see paragraphs 4.52 to 4.56).
Summary and recommendations
Background
1. The Australian Human Rights Commission (AHRC or the Commission) was established in December 1986 by the Australian Human Rights Commission Act 1986 (AHRC Act). The AHRC is a corporate Commonwealth entity under the Public Governance, Performance and Accountability Act 2013.
2. The Commission’s key goal related to complaint handling set out in its Corporate Plan is ‘improving enjoyment of human rights by all, supporting access to justice and remedies for people and communities whose rights are breached.’1
3. AHRC’s Investigation and Conciliation service (ICS) is responsible for delivery of complaint investigation and conciliation. ICS also operates two information services (the National Information Service and Respect@Work National Information Service) to provide information about AHRC’s complaint handling function and respond to enquiries from the general public.
Rationale for undertaking the audit
4. AHRC is Australia’s national human rights institution. The handling of complaints is central to its purpose, which is to ensure that Australians have access to effective, independent complaints handling and public inquiry processes on human rights and discrimination matters, and benefit from human rights education, advocacy, monitoring and compliance activities. The AHRC has reported that, in 2023–24, it received 2,708 complaints. This performance audit was conducted to provide independent assurance to the Parliament that AHRC’s handling of complaints is efficient and effective.
Audit objective and criteria
5. The objective of this audit was to assess the efficiency and effectiveness of AHRC’s handling of complaints.
6. To form a conclusion against the audit objective, the following high-level criteria were adopted:
- Are AHRC’s complaint handling arrangements designed in a way to support the effective management of complaints?
- Is AHRC’s handling of complaints efficient?
- Is AHRC’s handling of complaints effective?
Conclusion
7. The AHRC’s handling of complaints is partly efficient and partly effective.
8. The AHRC has designed its complaint handling arrangements to support effective management of complaints with two exceptions. The two key shortcomings relate to it not having conducted a recent procurement for, or having a contract in place for, an information technology system to assist with the management of complaints, and not having developed a formal approach to obtaining assurance over the handling of individual complaints.
9. The timeliness of complaints handling has been declining, with the Commission not meeting its performance indicator (consistent with its enabling legislation) to finalise 85 per cent of complaints within 12 months in 2023–24. A significant backlog has developed and, although the backlog has stabilised, it remains high. Resource efficiency improved over the four years up to and including 2021–22, a trend that did not continue in 2022–23 and 2023–24.
10. A lower proportion of complaints are being conciliated by the Commission, with the Commission not meeting its related performance indicator for the last three years. A greater proportion of complaints are being terminated or discontinued. Data on complainant and respondent satisfaction with the AHRC’s complaint handling is not reliable.
Supporting findings
Complaint handling arrangements
11. Complaints mechanisms and processes are clear and accessible. (See paragraphs 2.2 to 2.13)
12. Suitable systems and processes are, in most respects, in place for complaints handling. From a random sample of 137 complaints examined by the ANAO, no systemic deviations from legislation or existing procedural guidance were identified. The main shortcomings relate to the AHRC not having appropriate contractual arrangements in place for its electronic complaints management system and the absence of a formalised quality assurance process. Since 2021, multiple reviews initiated at the request of the Australian Government to achieve savings have recommended changes to the complaints management system to improve operational efficiency. The recommended changes have not been made. (See paragraphs 2.14 to 2.52)
Complaint handling efficiency
13. AHRC has implemented systems and processes to capture input and output data which can be used to calculate basic measures of efficiency. There are issues with the reliability of complaints data that adversely affects the Commission’s management of complaints handling and its performance reporting. (See paragraphs 3.2 to 3.15)
14. Complaints handling by AHRC is not timely.
- A significant backlog in complaints developed between the first quarter of 2019–20 and quarter 3 2021–22. With fewer complaints received in 2023–24 and some additional resources, the backlog has stabilised. It remains around double what it was prior to 2019–20.
- The proportion of complaints being finalised within 12 months (one of AHRC’s performance measures, consistent with the Commission’s enabling legislation) has been declining, with AHRC not achieving its target for 2023–24. Further, this performance measure is not focused on measuring performance from the perspective of parties to the complaint.
- Complaints identified as a priority by the AHRC are typically finalised more quickly than those not prioritised. Notwithstanding this, the duration of both standard and priority complaints has increased.
- Complaint handling delays are primarily a result of delays in an accepted complaint being allocated to a case officer (rather than delays in the first stage, between complaint receipt and acceptance, or in the final stage, progressing the complaint to finalisation). The increasing time taken to allocate matters to case officers has coincided with a decrease in the number of complaints conciliated and increase in the number of discontinued complaints. (See paragraphs 3.16 to 3.41)
15. AHRC has not established a target and does not measure the resource efficiency of its Investigation and Conciliation service. The efficiency of the Investigation and Conciliation service, measured both in terms of the direct cost per finalised complaint and ratio of complaints finalised per staff member, improved over the four years up to and including 2021–22. That trend did not continue in 2022–23 and 2023–24 as a result of fewer complaints being finalised and, for 2023–24, some additional resources being provided to stabilise the backlog in complaints.
16. AHRC has not prioritised resourcing ICS in line with demand for its complaints handling services. AHRC has not developed an activity-based costing model to demonstrate the effect of the demand driven complaints workload or inform its internal allocation of resources despite an earlier recommendation from consultants in August 2021. (See paragraphs 3.42 to 3.60)
Complaint handling effectiveness
17. It has become less likely for complaints to be conciliated and more likely for complaints to be discontinued, terminated or declined by the AHRC.
- An increasing number of complaints have been assessed as suitable for conciliation and an increasing number of conciliations have been held over the last seven financial years (reflecting the higher complaint numbers overall). The proportion of complaints recorded as resolved through conciliation has decreased from 46 per cent of complaints in 2017-18 to 33 per cent in 2023-24. The Commission did not meet its target of conciliating 40 per cent of complaints in 2021-22, 2022-23 or 2023-24, notwithstanding the additional resources provided through the October 2022 Budget.
- The proportion of complaints terminated, declined or discontinued has grown, increasing from 40 per cent of complaints finalised in 2017–18 to 58 per cent of complaints finalised in 2023–24. (See paragraphs 4.4 to 4.34)
18. The AHRC is not obtaining reliable data on the extent to which complainants and respondents are satisfied with its complaint handling process.
- Parties’ measured level of satisfaction with Commission’s complaint handling processes has been decreasing over time. Overall satisfaction decreased from 91 per cent in 2017–18 to 85 per cent in 2023–24.
- Respondents and their representatives report higher levels of overall satisfaction than complainants do with AHRC complaint handling processes. Respondents also report higher levels of agreement that Commission processes are timely and fair.
- The results of the surveys reported by the Commission are not demonstrably reliable and unbiased. Of note is that 61 per cent of participants were not sent the satisfaction survey over the seven years examined. Satisfaction surveys were most often sent to participants with conciliated (53 per cent of complainants and 51 per cent of respondents) and terminated or declined outcomes (53 per cent of complainants and 52 per cent of respondents). Complainants who withdraw their complaints or complainants whose complaints are discontinued by the AHRC were less likely to be surveyed. (See paragraphs 4.35 to 4.51)
Recommendations
Recommendation no. 1
Paragraph 2.50
The Australian Human Rights Commission strengthen its handling of complaints by:
- testing the market for an electronic complaints management system;
- establishing fit-for-purpose contractual arrangements for an electronic complaints management system; and
- establishing a formal process for quality assurance over the handling of individual complaints.
Australian Human Rights Commission response: Agreed.
Recommendation no. 2
Paragraph 3.10
The Australian Human Rights Commission improve the reliability and verifiability of its reported performance information by:
- documenting its methodology and data sources it uses to produce performance information;
- updating its guidance and practices to address data integrity, with a particular focus on updating guidance on deferrals and secondary matters; and
- establish processes to ensure quality assurance on reported performance information is undertaken and documented.
Australian Human Rights Commission response: Agreed.
Recommendation no. 3
Paragraph 3.26
The Australian Human Rights Commission improve its performance measures to include an explicit focus on the time it takes from the lodgement of the complaint until its finalisation.
Australian Human Rights Commission response: Agreed.
Recommendation no. 4
Paragraph 3.59
The Australian Human Rights Commission improve its management of complaint handling efficiency by developing an internal budget strategy that supports the delivery of its targets outlined in its Portfolio Budget Statement and Corporate Plan.
Australian Human Rights Commission response: Agreed in principle.
Recommendation no. 5
Paragraph 4.41
The Australian Human Rights Commission improve its approach to measuring complainant and respondent satisfaction with its complaint handling effectiveness by developing a methodology that obtains sufficient levels of reliable, representative feedback.
Australian Human Rights Commission response: Agreed.
Summary of entity response
19. The proposed audit report was provided to AHRC. The AHRC’s summary response is reproduced below. The full response from the AHRC is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
Providing people and organisations across Australia with a free, accessible and effective dispute resolution process for discrimination and human rights complaints is one of the Australian Human Rights Commission’s key statutory functions. It is also a core component of the Commission’s vision of an Australian society in which people’s human rights are respected, promoted and protected.
The Commission welcomes the ANAO’s report and agrees or agrees in principle with its five recommendations to improve our complaint handling function.
The Commission acknowledges that currently our complaint handling function is not timely. The COVID-19 pandemic generated an unprecedented rise in complaints. Complaint numbers have remained around 30% higher than pre-pandemic levels. This continues to adversely impact timeframes. Reducing these timeframes by ensuring the Commission’s complaint function is appropriately resourced is a key priority.
Implementing the recommendations will also strengthen the Commission’s collection and analysis of complaint performance information and public reporting.
The Commission acknowledges the professionalism, integrity and empathy of our staff who deliver our information and complaint handling services. They have supported thousands of Australians over the 7-year audit period to access justice on discrimination and the human rights issues affecting them.
Key messages from this audit for all Australian Government entities
20. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Policy/program design
Procurement
Performance and impact measurement
Summary and recommendations
Background
1. The Murray–Darling Basin (the Basin) is a system of interconnected rivers and lakes in the south-east of Australia with significant environmental, cultural and economic value.
2. The Murray–Darling Basin Plan (the Basin Plan) was developed in 2012 in response to a significant period of drought in the Basin in the early 2000s (the Millennium Drought), which resulted in a recognition across the governments that a plan was needed to manage the Basin’s water resources carefully and protect the Basin for future generations. The Basin Plan sets limits on the amount of water that can be taken from the Basin for consumptive purposes by communities, farmers and businesses, while maintaining environmental sustainability, known as the Sustainable Diversion Limits (SDLs).
3. The establishment of the SDLs was accompanied by a water recovery target to ‘bridge the gap’ between the SDLs and how much water was taken from the Basin before the introduction of the Basin Plan. At the time the Basin Plan was agreed in 2012, the ‘Bridging the Gap’ target was set at 2,750 gigalitres. This was amended in 2018 to 2,075 gigalitres. As at 31 December 2022, the Murray–Darling Basin Authority (MDBA) estimated that a gap of 49.2 gigalitres of water remained in seven catchments to reach the ‘Bridging the Gap’ target.
4. The Department of Climate Change, Energy, the Environment and Water (the department) is the Australian Government entity responsible for recovering water to bridge the gap through: monitoring water recovery programs; funding, implementing and managing water infrastructure projects and efficiency measures; and undertaking purchases of water entitlements.
5. In March 2023, the department commenced an open tender process to purchase water entitlements to recover 44.3 gigalitres of water against the remaining gap of 49.2 gigalitres. The 4.9 gigalitres of surface water located in the ACT that also needed to be recovered to achieve the Bridging the Gap target was not included in the procurement process as water rights in the ACT are held and owned by a government entity. Separate arrangements were established with the ACT Government to bridge the gap in the territory.
6. The procurement process was finalised in January 2024. As at 17 January 2025, approximately 21.62 gigalitres of water has been recovered, fully bridging the gap in two of the six target catchments, with a gap of approximately 23.07 gigalitres remaining in the other four catchments.
Rationale for undertaking the audit
7. This audit examined the effectiveness of the department’s strategic procurement of water entitlements to meet the Bridging the Gap target under the Basin Plan. It followed on from Auditor-General Report No. 2 2020–21 Procurement of Strategic Water Entitlements to provide assurance to Parliament over the arrangements in place to support the procurement process, and the conduct of the procurement process to achieve value for money.
8. Water recovery is a topic of parliamentary and public interest. The Joint Committee of Public Accounts and Audit (JCPAA) identified the audit as a priority of the Parliament for 2023–24.
Audit objective and criteria
9. The audit objective was to assess the effectiveness of the department’s strategic procurement of water entitlements to meet the Bridging the Gap target under the Basin Plan.
10. To form a conclusion against the objective, the following high-level criteria were adopted.
- Did the department establish appropriate arrangements to support strategic water procurement?
- Did the department conduct an effective procurement process to achieve value for money?
11. The audit focused on the 2023 Bridging the Gap procurement process, including arrangements to support the procurement and whether value for money was achieved. It also examined whether the recommendations from Auditor-General Report No. 2 2020–21 and the JCPAA Report 492 were implemented.
12. The audit did not examine: water recovery initiatives for targets other than the 2,075 GL/y Bridging the Gap target; compliance with water trading rules in the Basin Plan; activities of related bodies such as the MDBA or state water regulatory authorities; or the socioeconomic impacts of water recovery on local communities, except to the extent considered by the department as part of the procurement process.
Conclusion
13. The department’s strategic procurement of water entitlements to meet the Bridging the Gap target under the Murray–Darling Basin Plan was largely effective. While the department conducted an effective procurement process and demonstrated how it assessed value for money in accordance with its value for money framework, it was not able to meet the intended policy objective of fully bridging the gap through the procurement process. The current evaluation framework requires revision to enable an accurate measurement of the program’s impact on intended policy objectives, including in the context of broader evaluation activities planned for the Basin Plan. Further improvements are being made for subsequent tender processes to incorporate lessons learned, increase efficiency, and ensure better management of probity risks.
14. The department has established largely appropriate arrangements to support strategic water procurement. There are appropriate procurement frameworks in place, including a Strategic Water Purchasing Framework developed specifically for the water purchasing program outlining the scope of the program and the investment principles that would underpin water purchasing. The department has established appropriate oversight mechanisms to oversee the program and is managing program and procurement risks. An evaluation framework to monitor, report on and evaluate the strategic water purchasing program has been established. The evaluation framework does not enable an accurate measurement of the program’s impact on intended policy objectives, and requires revision to ensure that outcomes are appropriately defined, including in the context of other evaluation activities planned for the Basin Plan.
15. The department established a value for money framework for the procurement, specifying the key factors that would inform its purchasing decisions. The department documented and demonstrated how it assessed value for money in each of the six SDL resource units in accordance with its value for money framework. The procurement was compliant with the Commonwealth Procurement Rules (CPRs), except in relation to minor errors in reporting contracts on AusTender. Negotiations were undertaken to maximise value for money outcomes, and revised value for money assessments were undertaken where negotiated prices differed from the delegate’s original approved figure. Relevant information and clear recommendations were provided to the delegate to enable them to make an informed procurement decision. The department provided sound advice to the minister on options to bridge the gap in the ACT and in SDL resource units with remaining gaps to bridge.
Supporting findings
Arrangements to support procurement
16. The department has established a procurement framework that aligns with the PGPA Act and the CPRs. This framework includes Accountable Authority Instructions providing guidance on the duties of officials when conducting a procurement, and departmental policies and guidance on key aspects of procurement. The department developed a Strategic Water Purchasing Framework specific to the water purchasing program, outlining the scope of the program and the investment principles that would underpin water purchasing. (See paragraphs 2.3 to 2.14)
17. The department has established appropriate oversight mechanisms for the water purchasing program, with clearly documented roles and responsibilities. The department is managing risks to the program and there is an appropriate level of oversight over program and procurement risks. (See paragraphs 2.15 to 2.52)
18. The department has established an evaluation framework to monitor, report on and evaluate the strategic water purchasing program. The evaluation framework is focussed on short- and medium-term program outputs and does not enable an accurate measurement of the program’s impact on intended policy objectives or link the program to evaluation activities planned for the Basin Plan. Monitoring and reporting arrangements have been established, and process improvements are being made following a lessons learned review of the 2023 Bridging the Gap procurement process. (See paragraphs 2.53 to 2.85)
Procurement process and value for money
19. The procurement process was compliant with the Commonwealth Procurement Rules (CPRs), except in relation to minor errors in reporting contracts on AusTender. The department complied with the requirements relating to procurement planning and approach to market, and the tender evaluation process was conducted in accordance with the tender evaluation plan. Management of conflicts of interest was impacted by deficiencies in the declaration process. Manual tender screening and assessment processes resulted in some process inefficiencies and errors that were later discovered and corrected. (See paragraphs 3.3 to 3.46)
20. The department established a value for money framework for the strategic water purchasing program, specifying the relevant financial and non-financial factors it would consider in assessing value for money. The Tender Evaluation Panel’s value for money assessments were conducted in accordance with the approved value for money framework, and its discussions and recommendations were clearly documented in the tender evaluation reports and briefs to the delegate. Of 57 tenders approved for negotiation, the department negotiated reduced prices for 33 tenders. Revised value for money assessments were undertaken where negotiated prices differed from the delegate’s original approved figure. All tenders that were accepted or counteroffered were those recommended to the delegate as representing value for money. (See paragraphs 3.47 to 3.82)
21. The advice provided to the delegate contained relevant information to enable them to make an informed procurement decision. The department provided sound advice to the minister on options to bridge the gap in the ACT, including on whether the ACT’s proposal would contribute to bridging the gap and achieve value for money, and on strategies to bridge the remaining gap following the conclusion of 2023 Bridging the Gap procurement process. (See paragraphs 3.83 to 3.107)
Recommendations
Recommendation no. 1
Paragraph 2.71
The Department of Climate Change, Energy, the Environment and Water:
- review and update the evaluation framework for the strategic water purchasing program to ensure the chosen evaluation approach remains appropriate for the program; and
- if relevant, revise the outcomes in the evaluation framework to enable an accurate measurement of the impact of the strategic water purchasing program on intended policy objectives.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Recommendation no. 2
Paragraph 3.28
The Department of Climate Change, Energy, the Environment and Water update its procurement-related policies and guidance to provide clarity on establishing appropriate probity requirements, including on:
- determining who is required to complete probity forms and declarations;
- maintaining a complete and accurate record of individuals who have completed the relevant forms; and
- clearly documenting any conflicts that were declared and how they are being managed, to ensure the delegate has clear oversight of probity risks.
Department of Climate Change, Energy, the Environment and Water response: Agreed.
Summary of entity response
22. The proposed audit report was provided to the department. The department’s summary response to the audit is provided below and its full response is at Appendix 1.
The Department of Climate Change, Energy, the Environment and Water (the department) welcomes the ANAO’s audit report on the Strategic Water Purchasing – Bridging the Gap 2023 procurement. The department appreciates ANAO’s recognition that administration of the Strategic Water Purchasing program for the 2023 procurement process was largely effective, with appropriate procurement frameworks and oversight mechanisms in place to support an effective procurement process, undertaken in accordance with the value for money framework.
The department agrees with the ANAO’s two recommendations identified in the audit report. Implementation of the recommendations has already commenced. The department is committed to providing meaningful evaluation of the program outcomes and has commenced a review of the evaluation framework. The department has also implemented strengthened arrangements to improve the oversight of conflict-of-interest requirements for its water purchasing programs.
Key messages from this audit for all Australian Government entities
23. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Procurement
Performance and impact measurement
Executive summary
The Australian National Audit Office (ANAO) publishes an annual audit work program (AAWP) which reflects the audit strategy and deliverables for the forward year. The purpose of the AAWP is to inform the Parliament, the public, and government sector entities of the planned audit coverage for the Australian Government sector by way of financial statements audits, performance audits, performance statements audits and other assurance activities. As set out in the AAWP, the ANAO prepares two reports annually that, drawing on information collected during financial statements audits, provide insights at a point in time of financial statements risks, governance arrangements and internal control frameworks of Commonwealth entities. These reports provide Parliament with an independent examination of the financial accounting and reporting of public sector entities.
These reports explain how entities’ internal control frameworks are critical to executing an efficient and effective audit and underpin an entity’s capacity to transparently discharge its duties and obligations under the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Deficiencies identified during audits that pose either a significant or moderate risk to an entity’s ability to prepare financial statements free from material misstatement are reported.
This report presents the final results of the 2023–24 audits of the Australian Government’s Consolidated Financial Statements (CFS) and 245 Australian Government entities. The Auditor-General Report No. 42 2023–24 Interim Report on Key Financial Controls of Major Entities, focused on the interim results of the audits of 27 of these entities.
Consolidated financial statements
Audit results
1. The CFS presents the whole of government and the General Government Sector financial statements. The 2023–24 CFS were signed by the Minister for Finance on 28 November 2024 and an unmodified auditor’s report was issued on 2 December 2024.
2. There were no significant or moderate audit issues identified in the audit of the CFS in 2023–24 or 2022–23.
Australian Government financial position
3. The Australian Government reported a net operating balance of a surplus of $10.0 billion ($24.9 billion surplus in 2022–23). The Australian Government’s net worth deficiency decreased from $570.3 billion in 2022–23 to $567.5 billion in 2023–24 (see paragraphs 1.8 to 1.26).
Financial audit results and other matters
Quality and timeliness of financial statements preparation
4. The ANAO issued 240 unmodified auditor’s reports as at 9 December 2024. The financial statements were finalised and auditor’s reports issued for 79 per cent (2022–23: 91 per cent) of entities within three months of financial year-end. The decrease in timeliness of auditor’s reports reflects an increase in the number of audit findings and legislative breaches identified by the ANAO, as well as limitations on the available resources within the ANAO in order to undertake additional audit procedures in response to these findings
5. A quality financial statements preparation process will reduce the risk of inaccurate or unreliable reporting. Seventy-one per cent of entities delivered financial statements in line with an agreed timetable (2022–23: 72 per cent). The total number of adjusted and unadjusted audit differences decreased during 2023–24, although 38 per cent of audit differences remained unadjusted. The quantity and value of adjusted and unadjusted audit differences indicate there remains an opportunity for entities to improve quality assurance over financial statements preparation processes (see paragraphs 2.138 to 2.154).
Timeliness of financial reporting
6. Annual reports that are not tabled in a timely manner before budget supplementary estimates hearings decrease the opportunity for the Senate to scrutinise an entity’s performance. Timeliness of tabling of entity annual reports improved. Ninety-three per cent (2022–23: 66 per cent) of entities that are required to table an annual report in Parliament tabled prior to the date that the portfolio’s supplementary budget estimates hearing commenced. Supplementary estimates hearings were held one week later in 2023–24 than in 2022–23. Fifty-seven per cent of entities tabled annual reports one week or more before the hearing (2022–23: 12 per cent). Of the entities required to table an annual report, 4 per cent (2022–23: 6 per cent) had not tabled an annual report as at 9 December 2024 (see paragraphs 2.155 to 2.166).
Official hospitality
7. Eighty-one per cent of entities permit the provision of hospitality and the majority have policies, procedures or guidance in place. Expenditure on the provision of hospitality for the period 2020–21 to 2023–24 was $70.0 million. Official hospitality involves the provision of public resources to persons other than officials of an entity to achieve the entity’s objectives. Entities that provide official hospitality should have policies, and guidance in place which clearly set expectations for officials. There are no mandatory requirements for entities in managing the provision of hospitality, however, the Department of Finance (Finance) does provide some guidance to entities in model accountable authority instructions. Of those entities that permit hospitality 83 per cent have established formal policies, guidelines or processes.
8. Entities with higher levels of exposure to the provision of official hospitality could give further consideration to implementing or enhancing compliance and reporting arrangements. Seventy-four per cent of entities included compliance requirements in their policies, procedures or guidance which support entity’s obtaining assurance over the conduct of official hospitality. Compliance processes included acquittals, formal reporting, attestations from officials and/or periodic internal audits. Thirty-one per cent of entities had established formal reporting on provision of official hospitality within their entities (see paragraphs 2.36 to 2.56).
Artificial intelligence
9. Fifty-six entities used artificial intelligence (AI) in their operations during 2023–24 (2022–23: 27 entities). Most of these entities had adopted AI for research and development activities, IT systems administration and data and reporting.
10. During 2023–24, 64 per cent of entities that used AI had also established internal policies governing the use of AI (2022–23: 44 per cent). Twenty-seven per cent of entities had established internal policies regarding assurance over AI use. An absence of governance frameworks for managing the use of emerging technologies could increase the risk of unintended consequences. In September 2024, the Digital Transformation Agency (DTA) released the Policy for the responsible use of AI in government, which establishes requirements for accountability and transparency on the use of AI within entities (see paragraphs 2.67 to 2.71).
Cloud computing
11. Assurance over effectiveness of cloud computing arrangements (CCA) could be improved. During 2023–24, 89 per cent of entities used CCAs as part of the delivery model for the IT environment, primarily software-as-a-service (SaaS) arrangements. A Service Organisation Controls (SOC) certificate provides assurance over the implementation, design and operating effectiveness of controls included in contracts, including security, privacy, process integrity and availability. Eighty-two per cent of entities did not have in place a formal policy or procedure which would require the formal review and consideration of a SOC certificate.
12. In the absence of a formal process for obtaining and reviewing SOC certificates, there is a risk that deficiencies in controls at a service provider are not identified, mitigated or addressed in a timely manner (see paragraphs 2.57 to 2.66).
Audit committee member rotation
13. Audit committee member rotation considerations could be enhanced. The rotation of audit committee membership is not mandated, though guidance to the sector indicates that rotation of members allows for a flow of new skills and talent through committees, supporting objectivity. Forty-six per cent of entities did not have a policy requirement for audit committee member rotation.
14. Entities could enhance the effectiveness of their audit committees by adopting a formal process for rotation of audit committee membership, which balances the need for continuity and objectivity of membership (see paragraphs 2.16 to 2.21).
Fraud framework requirements
15. The Commonwealth Fraud Control Framework 2017 encourages entities to conduct fraud risk assessments at least every two years and entities responsible for activities with a high fraud risk may assess risk more frequently. All entities had in place a fraud control plan. Ninety-seven per cent of entities had conducted a fraud risk assessment within the last two years. Changes to the framework which occurred on 1 July 2024 requires entities to expand plans to take account of preventing, detecting and dealing with corruption, as well as periodically examining the effectiveness of internal controls (see paragraphs 2.16 to 2.21).
Summary of audit findings
16. Internal controls largely supported the preparation of financial statements free from material misstatement. However, the number of audit findings identified by the ANAO has increased from 2023–24. A total of 214 audit findings and legislative breaches were reported to entities as a result of the 2023–24 financial statements audits. These comprised six significant, 46 moderate, 147 minor audit findings and 15 legislative breaches. The highest number of findings are in the categories of:
- IT control environment, including security, change management and user access;
- compliance and quality assurance frameworks, including legal conformance; and
- accounting and control of non-financial assets.
17. IT controls remain a key issue. Forty-three per cent of all audit findings identified by the ANAO related to the IT control environment, particularly IT security. Weaknesses in controls in this area can expose entities to an increased risk of unauthorised access to systems and data, or data leakage. The number of IT findings identified by the ANAO indicate that there remains room for improvement across the sector to enhance governance processes supporting the design, implementation and operating effectiveness of controls.
18. These audits findings included four significant legislative breaches, one of which was first identified since 2012–13. The majority (53 per cent) of other legislative breaches relate to incorrect payments of remuneration to key management personnel and/or non-compliance with determinations made by the Remuneration Tribunal. Entities could take further steps to enhance governance supporting remuneration to prevent non-compliance or incorrect payments from occurring (see paragraphs 2.72 to 2.137).
Financial sustainability
19. An assessment of an entity’s financial sustainability can provide an indication of financial management issues or signal a risk that the entity will require additional or refocused funding. The ANAO’s analysis concluded that the financial sustainability of the majority of entities was not at risk (see paragraphs 2.167 to 2.196).
Reporting and auditing frameworks
Changes to the Australian public sector reporting framework
20. The development of a climate-related reporting framework and assurance regime in Australia continues to progress. ANAO consultation with Finance to establish an assurance and verification regime for the Commonwealth Climate Disclosure (CCD) reform is ongoing (see paragraphs 3.20 to 3.24).
21. Emerging technologies (including AI) present opportunities for innovation and efficiency in operations by entities. However, rapid developments and associated risks highlight the need for Accountable Authorities to implement effective governance arrangements when adopting these technologies. The ANAO is incorporating consideration of risks relating to the use of emerging technologies, including AI, into audit planning processes to provide Parliament with assurance regarding the use of AI by the Australian Government (see paragraphs 3.25 to 3.33).
22. The ANAO Audit Quality Report 2023–24 was published on 1 November 2024. The report demonstrates the evaluation of the design, implementation and operating effectiveness of the ANAO’s Quality Management Framework and achievement of ANAO quality objectives (see paragraphs 3.34 to 3.39).
23. The ANAO Integrity Report 2023–24 and the ANAO Integrity Framework 2024–25 were also published on 1 November 2024 to provide transparency of the measures undertaken to maintain a high integrity culture within the ANAO (see paragraphs 3.44 to 3.46).
Cost of this report
24. The cost to the ANAO of producing this report is approximately $445,000.
Summary and recommendations
Background
1. The Bureau of Meteorology (the Bureau) is responsible for providing weather, water, climate, and ocean services for Australia. The Bureau’s weather forecasts, warnings, and analyses support decision-making by governments, industry, and the community. Australian sectors that are supported by timely and accurate weather services include emergency management, agriculture, aviation, land and marine transport, energy and resources operations, climate policy, water management, defence and foreign affairs.1
2. The Bureau is established by the Meteorology Act 1955 (Meteorology Act). Since 2002, it is an Executive Agency under the Public Service Act 1999. The Director of Meteorology has the powers and responsibilities of an accountable authority under the Public Governance, Performance and Accountability Act 2013. The Bureau’s accountable authority reports to the minister or ministers responsible for administering the Meteorology Act and the Water Act 2007 (Water Act). Since June 2022, the Director of Meteorology has reported to the Minister for the Environment and Water.
3. The Meteorology Act and the Water Act define the Bureau’s functions and the powers of the Director of Meteorology. Broadly, these are to:
- take and record meteorological observations and supply information such as forecasts, warnings, and advice on meteorological matters2; and
- collect, hold, manage, interpret, and disseminate Australia’s water information.3
Rationale for undertaking the audit
4. The Bureau manages more than $1.3 billion in non-financial assets. The Bureau estimates that observing network assets including observing network instruments and other items and systems that support the instruments’ proper functioning make up approximately 28 per cent of the Bureau’s total asset base.
5. Effective management of assets in the observing network is fundamental to the Bureau’s ability to provide services to the community. Meteorological instruments are highly specialised, geographically dispersed, and can require significant levels of investment to purchase, maintain, and repair to effectively support weather and climate forecasting, warnings, and research.
6. The audit was conducted to provide assurance to the Parliament over the Bureau’s management of assets in its observing network.
Audit objective and criteria
7. The objective of the audit was to assess whether the Bureau of Meteorology is effectively managing assets in its observing network.
8. To form a conclusion against the objective, the following high-level criteria were applied.
- Does the Bureau of Meteorology have effective frameworks and systems governing assets in its observing network?
- Does the Bureau of Meteorology have appropriate arrangements to manage the lifecycle of assets in its observing network?
- Does the Bureau of Meteorology effectively monitor, measure, and report on its management of assets in its observing network?
9. This audit focused on the Bureau’s assets in its observing network including operational maintenance practices and records, and relevant plans, policies, and frameworks for managing assets that take observations. The ANAO reviewed the Bureau’s activities from 2018 to October 2024.
10. This audit did not assess:
- the accuracy or security of the measurements taken by the Bureau’s observing network meteorological instruments;
- the quality or accuracy of the Bureau’s forecasting in the delivery of general and extreme weather services, including the ‘downstream’ processing of data and the models used to develop and inform forecasting;
- the quality or accuracy of the Bureau’s maintenance of the climate record;
- supporting infrastructure systems and items, such as air-conditioners, fencing, and small buildings;
- the procurement of observing network assets where the procurement represented expenditure other than operational maintenance; or
- the Bureau’s provision of services to the Department of Defence and related stakeholders for civil defence exercises and operations.
Conclusion
11. The Bureau is partly effective in managing assets in its observing network. The Bureau has been implementing an asset management framework and supporting elements since 2020 however the asset management framework is not fully implemented. While the Bureau has continued to deliver weather services, key areas for further improvement include reviewing asset management planning documents, establishing medium to long term financial planning arrangements to support long term strategic planning, and establishing and embedding more extensive monitoring and reporting arrangements.
12. The frameworks and systems governing the Bureau’s management of assets in its observing network are partly effective. Not all policies and plans have been completed, reviewed, and embedded as planned. The Bureau has not reviewed or updated the Strategic Asset Management Plan to reflect its current practices and does not have a financial forecast for asset intensive areas to enable long term strategic planning. Roles and responsibilities are clearly identified. The Bureau’s Enterprise Asset Management System is in place and largely being used as planned. Development of asset management processes and training pathways is not complete.
13. The Bureau’s arrangements to manage the lifecycle of assets in its observing network are partly appropriate. The Bureau’s asset management plans include lifecycle management activities and related cost estimates. The Bureau’s budget planning process for 2024–25 did not incorporate the predicted costs presented in the asset management plans. All types of maintenance are recorded in the Bureau’s Enterprise Asset Management System and triaged based on priority. The Bureau’s asset management plans include outcomes to report against, however target and actual performance levels are not complete. The Bureau’s guidance surrounding disposals is not complete. The Bureau’s Fixed Asset Register and Enterprise Asset Management System each record assets and disposals differently and the Bureau does not have guidance to ensure records are aligned.
14. The Bureau’s monitoring, measuring, and reporting on assets in its observing network is partly effective. Information on observing network asset data availability is being recorded in Bureau systems and reported to established governance bodies. The Bureau is not reporting against the achievement of sustainability funding commitments. Three of the Bureau’s newly developed observing network performance measures report whether risks have eventuated and two report whether risk controls are being implemented. Since November 2020, the Bureau has been reporting against out-of-tolerance risks relating to ‘unviable’ asset capabilities. Monitoring and reporting is not being undertaken to regularly review asset management maturity, as proposed in the Strategic Asset Management Plan.
Supporting findings
Governance and planning
15. The Bureau has developed an Enterprise Asset Management Policy and a Strategic Asset Management Plan. The Bureau has not reviewed or updated the Strategic Asset Management Plan in the required timeframes. The Enterprise Asset Financial Overview has not been implemented, and the Bureau does not have a financial forecast for ongoing and capital funding requirements for asset intensive areas to enable long term strategic planning. (See paragraphs 2.3 to 2.30)
16. The Bureau has established governance bodies that support asset management. The Bureau has established asset management roles identified as needed in the Strategic Asset Management Plan. Responsibility and accountability for asset lifecycle management is defined. Maintenance and operations responsibilities of each observing network sub-network are documented in asset management plans. (See paragraphs 2.31 to 2.45)
17. The Bureau’s procedures and systems to support the management of assets are incomplete. The Bureau’s Enterprise Asset Management System is in place and largely being used as originally planned. The Bureau does not have a plan to develop all asset management processes identified as necessary in 2022. Development is not complete for training and competency frameworks for three sub-networks and two asset classes. (See paragraphs 2.46 to 2.84)
Asset lifecycle
18. The Bureau’s asset management plans include a section on lifecycle strategies, which describes the types of activities to be undertaken within each sub-network across the lifecycle, and a five- or ten-year investment profile that includes cost estimates and key activities. The Bureau’s budget planning process for 2024–25 did not incorporate the predicted costs presented in the asset management plans. Planning for renewal and disposal is not complete for all asset management plans. (See paragraphs 3.3 to 3.37)
19. All types of maintenance are structured through work orders in the Bureau’s Enterprise Asset Management System. Maintenance tasks are assigned priorities and triaged in accordance with these. For each sub-network, between 52 per cent and 79 per cent of target preventative maintenance work orders were achieved in 2023–24. The outcomes to measure performance throughout the 11 sub-networks are not complete. (See paragraphs 3.38 to 3.69)
20. The Bureau has established policies and procedural guidance that acknowledge the necessity of disposal. This guidance is not complete as there is no guidance to support operational decision-making about when disposal is appropriate. The Bureau’s Fixed Asset Register and Enterprise Asset Management System each record assets and disposals differently. The Bureau does not have a process or guidance to ensure records are aligned between the two systems. (See paragraphs 3.70 to 3.83)
Monitoring and reporting
21. The Bureau’s performance measurement strategy measures the output of the observing network through information on observing network asset data availability. This supports reporting on the achievement of corporate outcomes identified in the Bureau Strategy 2022–2027 and Data and Digital Group Plan. The Bureau is not reporting against the achievement of sustainability funding commitments. Without a strategy for investment in asset maintenance and monitoring and reporting of the impacts of investment, the Bureau cannot know whether investment is effective. (See paragraphs 4.2 to 4.23)
22. The key performance indicator for observing network assets is data availability which is based on the risk of weather information not being available to stakeholders. Three of the Bureau’s newly developed observing network performance measures report whether risks have eventuated and two provide insight into whether risk controls are available and being implemented. Since November 2020, the Bureau has been reporting against out-of-tolerance risks relating to ‘unviable’ asset capabilities. The addition and completion of treatment plans and controls has not reduced the reported risk level. (See paragraphs 4.24 to 4.58)
23. The Bureau has identified corrective actions to take against assets or the asset management approach when observing network asset performance monitoring targets are not met. Monitoring and reporting is not being undertaken to regularly review asset management maturity, as proposed in the Strategic Asset Management Plan. The Bureau has not addressed the risks identified within internal audit recommendations. (See paragraphs 4.59 to 4.76)
Recommendations
Recommendation no. 1
Paragraph 2.19
The Bureau of Meteorology:
- review and update the Enterprise Asset Management Plan and the Strategic Asset Management Plan (SAMP) to reflect the Bureau’s asset management practices and approach; and
- measure and report on the progress of the implementation of asset management uplift initiatives outlined in the SAMP and its roadmap.
Bureau of Meteorology response: Agreed.
Recommendation no. 2
Paragraph 2.56
The Bureau of Meteorology develop procedures for asset management lifecycle activities and complete its review of processes.
Bureau of Meteorology response: Agreed.
Recommendation no. 3
Paragraph 2.83
The Bureau of Meteorology finalise training requirements and methods for all maintenance and repair activities across the observing network.
Bureau of Meteorology response: Agreed.
Recommendation no. 4
Paragraph 3.68
The Bureau of Meteorology include management outcomes in asset management planning documentation by:
- agreeing on and including all selected targets in relevant documentation;
- collecting data on performance;
- calculating actual performance levels over time; and
- documenting the impact of asset management approaches on desired outcomes.
Bureau of Meteorology response: Agreed.
Summary of entity response
24. The proposed audit report was provided to the Bureau. The Bureau’s summary response is reproduced below. The full response from the Bureau is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Thank you for providing the Australian National Audit Office’s report on the Bureau of Meteorology’s Management of Assets in its Observing Network.
The observing network, consisting of almost 15,000 individual assets, distributed across Australia and its territories, is one of the nation’s largest and most complex data gathering endeavours. The meteorological information gathered by the observing assets, 24 hours a day every day of the year, consists of observations of the atmosphere, space weather, terrestrial waterways and oceans.
Together, they form the information base which is vital for the provision of public weather services, the specialist needs of industry and national security, the integrity of the national climate record, and Australia’s contribution to international meteorological data and science.
I recognise the Bureau’s significant reforms and investment in the observing capabilities over the last decade, including improvements to logistics and maintenance practices through automation of manual observations and new observations maintenance hubs, the introduction of consistent asset management and technology competency and training frameworks, and the recent implementation of a new enterprise asset management system.
The Bureau agrees with the ANAO’s recommendations as further contributions to the maturity of its observing network asset management and operations, and commits to relevant actions.
Key messages from this audit for all Australian Government entities
25. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Policy/program design
Performance and impact measurement
Due to the complexity of material and the multiple sources of information for the 2023–24 Major Projects Report, we are unable to represent the entire document in HTML. You can download the full report in PDF or view selected sections in HTML below. PDF files for individual Project Data Summary Sheets (PDSS) are also available for download.
Summary and recommendations
Background
1. The Pharmaceutical Benefits Scheme (PBS) is an Australian Government scheme that subsidises the cost of a wide range of medicines for Australian residents and eligible overseas visitors. The PBS is enabled by the National Health Act 1953 (NHA) which regulates the listing, prescribing, pricing, charging and payment of subsidies for the supply of medicines and medicinal preparations as pharmaceutical benefits. The PBS Schedule, made under the National Health (Listing of Pharmaceutical Benefits) Instrument 2024, lists medicines subsidised under the PBS and outlines requirements for the provision of these medicines.
2. The objective of the PBS is to provide Australians with timely, reliable and affordable access to necessary and cost-effective medicines. The Department of Health and Aged Care (Health) is responsible for PBS policy and has a bilateral agreement with Services Australia to deliver PBS-related services and payments.
Rationale for undertaking the audit
3. The PBS is intended to ensure that Australians have timely, reliable and affordable access to medicines. The budgeted expenditure for the PBS for the 2024–25 financial year is $19.5 billion. This performance audit was conducted to provide assurance to Parliament that the PBS is being administered effectively.
Audit objective and criteria
4. The objective of the audit was to assess the effectiveness of the administration of the PBS.
5. To form a conclusion against the audit objective, the following high-level criteria were adopted:
- Has Health established appropriate governance and oversight arrangements for the PBS?
- Has Health established appropriate arrangements to manage the cost of the PBS?
- Have Health and Services Australia established effective arrangements to manage the delivery of PBS services and payments?
Conclusion
6. Health’s and Services Australia’s administration of the PBS is partly effective. While arrangements for managing the cost of the PBS are largely effective, there were deficiencies in arrangements for whole-of-program management and administering the delivery of PBS services and payments.
7. Health’s governance and oversight arrangements for the PBS are partly appropriate. Instruments for delegating statutory powers for administering the PBS have irregularities and anomalies. Health’s PBS Program Management Plan could be improved by including more detail on Health’s management arrangements for the PBS. Health has a largely appropriate bilateral arrangement with Services Australia to oversee its delivery of PBS services and payments. Health’s performance measurement framework for the PBS does not adequately measure and report on program outcomes. Health’s risk management focuses on shared administration risks with Services Australia and has not considered broader strategic risks to the PBS. While mechanisms are in place for stakeholder engagement on the PBS, Health has not conducted an analysis of stakeholder engagement needs or developed an overarching stakeholder engagement plan.
8. Health’s arrangements to manage the cost of the PBS are largely appropriate. Arrangements were in place to assess the cost-effectiveness of individual PBS medicines and manage the cost of listed medicines. Arrangements have been established to manage pharmacy remuneration through successive Community Pharmacy Agreements (CPAs), negotiated with the pharmacy industry, which Health supported through impact analysis for the eighth CPA signed in June 2024. Health has established processes for managing patient out-of-pocket costs and monitoring and forecasting the overall cost of the PBS. Health has not established arrangements to automate patient access to the Safety Net or engaged in horizon scanning analysis to anticipate potential future costs of new and novel medicines.
9. Health and Services Australia’s arrangements to manage the delivery of PBS services and payments are partly effective. Processes and systems for PBS claims processing are not fully effective at ensuring that legislative requirements for PBS claims are met, as Services Australia is not ensuring that PBS suppliers certify claims in accordance with legislative timeframes. While payment integrity is reviewed, it is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly met. The results are not included in Services Australia’s Annual Performance Statement. The provision of authority approvals is based on an automated system. There were differences in approval rates between authority applications made online and by phone, and Services Australia’s performance target for reporting on answering authority calls in its Annual Performance Statements does not align with the performance target agreed with Health in bilateral agreements. PBS Safety Net card claims and patient refunds are reliant on manual processes and timeliness performance measures have not been consistently met.
Supporting findings
Governance and oversight
10. Instruments that delegate powers and functions for administering the PBS have irregularities and anomalies. While Health has developed a Program Management Plan for the PBS, it does not adequately cover arrangements for managing PBS costs, stakeholder engagement and whole-of-program performance measurement. Health’s support to independent statutory bodies with responsibilities for the PBS could be improved by developing governance documentation for the Pharmaceutical Benefits Advisory Committee. (See paragraphs 2.3 to 2.24)
11. Health and Services Australia have established a Bilateral Management Arrangement, which includes bilateral agreements and bilateral governance arrangements that relate to the delivery of PBS services and payments.
- PBS-related program agreements were fit for purpose, with clear objectives and defined roles and responsibilities. All protocols supporting the bilateral arrangement were reviewed and updated between November 2023 and September 2024.
- While bilateral governance meetings have not occurred at the most senior levels, there has been regular engagement between the two entities at lower levels. Governance committees relevant to the PBS began considering risk, performance reporting, and updates to bilateral agreements in late 2023. (See paragraphs 2.25 to 2.35)
12. Health has one external performance measure for the PBS, which is not outcome focused and does not provide meaningful performance information to the Parliament or the public. Health receives monthly reporting from Services Australia on bilateral performance measures. It has not used this data to oversee Services Australia’s service delivery. Health does not provide any regular performance reporting on the PBS to the minister or its executive committee. (See paragraphs 2.36 to 2.54)
13. Health has not undertaken appropriate risk assessments or developed appropriate risk management plans for the PBS at the divisional or program level. Its risk assessments and plans do not adequately cover key program activities for which Health is responsible. Health’s shared risk management plan with Services Australia covers risks relating to the services and payments Services Australia delivers for the PBS. From late 2023, bilateral governance bodies began discussing operational risks relevant to the PBS. (See paragraphs 2.55 to 2.69)
14. Health’s arrangements for stakeholder engagement for the PBS include the provision of information through websites, invitation of written submissions from stakeholders on specific PBS issues, agreement-making with industry bodies, and hosting regular stakeholder engagement forums. These arrangements have not been informed by a systematic analysis of stakeholder engagement needs or an overarching stakeholder engagement plan or strategy. (See paragraphs 2.70 to 2.83)
Managing the cost of the PBS
15. Arrangements for assessing medicine cost-effectiveness outlined in the Guidelines for preparing submissions to the Pharmaceutical Benefits Advisory Committee have been followed. Health has complied with administrative procedures for listing medicines on the Schedule and agreeing medicine prices with sponsors. Health has negotiated deeds of agreement with medicine sponsors (covering special pricing arrangements and risk-sharing agreements) to minimise the cost of PBS medicines to government. Statutory price reductions are in place to decrease the cost of listed medicines. Medicines are delisted from the Schedule by medicine sponsors with no regular delisting process performed by Health. (See paragraphs 3.3 to 3.53)
16. The Australian Government has negotiated Community Pharmacy Agreements (CPAs) with the pharmacy sector to determine pharmacy remuneration for dispensing PBS medicines since 1990. CPAs offer flexibility to include terms such as the remuneration adjustment mechanism to mitigate unexpected expenditure for the Australian Government. The choice to negotiate a CPA rather than allowing remuneration to be set by an independent tribunal was not supported by adequate impact analysis for the seventh CPA. Health prepared an Impact Analysis for the eighth CPA, signed in June 2024, which supported continuation of pharmacy remuneration setting through a CPA. (See paragraphs 3.54 to 3.74)
17. Health has used monitoring data to model the impact of proposed changes to patient co-payment amounts and Safety Net thresholds on patient out-of-pocket costs. Based on this modelling, Health has provided advice to government on proposals to help patients achieve greater cost-savings through these mechanisms. Health has not established arrangements to automatically determine eligibility for the Safety Net. Health has estimated that 640,000 patients become eligible for the Safety Net each year but do not apply, foregoing $100 million in medicine subsidies. (See paragraphs 3.75 to 3.95)
18. Health has established arrangements for modelling the overall cost of the PBS and the impact of new medicine listings, and it provides advice to the government and Parliament through the annual Budget processes.
- Health has established a system to model PBS expenditure based on the current legislative requirements, which it uses to model the impact of new and amended medicine listings.
- Reporting on PBS expenditure is available through an annual report and reporting on Services Australia’s website.
- Health has not performed horizon scanning analysis to forecast PBS expenditure and identify potential policy changes. (See paragraphs 3.96 to 3.113)
Delivery of services and payments
19. Almost all claims (99.9 per cent) made by PBS suppliers are submitted through Services Australia’s Online Claiming for PBS system, which automatically assesses claims against legislative rules before processing advance payments. Due to an absence of controls to ensure advance payments to PBS suppliers are certified within statutory timeframes, over one-third of approved PBS suppliers have uncertified claims totalling $1.514 billion (as at 30 June 2024). Payment integrity is reviewed but is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly reported as met, but it is not included in public reporting. (See paragraphs 4.3 to 4.30)
20. A system to manage authority-required approvals has been established that is consistent with Health and Services Australia’s respective responsibilities under the PBS bilateral agreement. There are differences in approval rates depending on the method used by an applicant to apply for an authority. Reported results for the timeliness of authority approvals against performance measures set out in bilateral arrangements have largely not met targets. Services Australia reports in its Annual Performance Statement on the achievement of a performance measure target of answering authority calls within 15 minutes. This does not align with the target of answering authority calls, on average, in less than 30 seconds. (See paragraphs 4.31 to 4.52)
21. Services Australia has established processes and systems to manage PBS Safety Net and patient refunds. Both systems are reliant on paper-based application forms which are submitted by post and manually processed by Services Australia. The reliance on manual processing means that performance is sensitive to staffing numbers, which has meant timeliness performance measures have not been consistently met. Services Australia’s quality checking process for Safety Net claims does not provide accurate data on the reasons for rejecting Safety Net card applications to inform education or compliance activities. (See paragraphs 4.55 to 4.78)
Recommendations
Recommendation no. 1
Paragraph 2.8
The Department of Health and Aged Care and Services Australia work to review and update relevant delegation instruments to address irregularities and anomalies.
Department of Health and Aged Care response: Agreed.
Services Australia response: Agreed.
Recommendation no. 2
Paragraph 2.46
The Department of Health and Aged Care establish and report against a performance management framework for the Pharmaceutical Benefits Scheme that:
- includes an appropriate mix of output, efficiency and effectiveness performance measures for key program activities, including those of third-party delivery partners; and
- enables the department’s performance in administering the Pharmaceutical Benefits Scheme purposes to be measured and assessed.
Department of Health and Aged Care response: Agreed.
Recommendation no. 3
Paragraph 2.64
The Department of Health and Aged Care undertake a risk assessment for the Pharmaceutical Benefits Scheme program that covers activities for which the department is responsible.
Department of Health and Aged Care response: Agreed.
Recommendation no. 4
Paragraph 2.82
The Department of Health and Aged Care:
- develop a stakeholder plan for the Pharmaceutical Benefits Scheme that identifies all stakeholder groups, consultation objectives and methods of engagement; and
- publish a stakeholder strategy that informs stakeholders of Health’s planned approach to engaging with stakeholders on the Pharmaceutical Benefits Scheme, including where written agreements or partnerships may be used.
Department of Health and Aged Care response: Agreed.
Recommendation no. 5
Paragraph 4.19
The Department of Health and Aged Care and Services Australia document and implement a strategy for addressing the backlog of uncertified Pharmaceutical Benefits Scheme claims.
Department of Health and Aged Care response: Agreed.
Services Australia response: Agreed.
Recommendation no. 6
Paragraph 4.29
Services Australia report to the Department of Health and Aged Care on payment accuracy for the Pharmaceutical Benefits Scheme (PBS) in accordance with the PBS Program Agreement, and separately report on the integrity and timeliness of PBS payments in its Annual Performance Statements.
Services Australia response: Agreed.
Recommendation no. 7
Paragraph 4.51
Services Australia align its reporting on the timeliness of issuing authority approvals in its Annual Performance Statement with performance measures and targets agreed in bilateral arrangements.
Services Australia response: Not agreed.
Summary of entity responses
22. The proposed audit report was provided to Health and Services Australia. The entities’ summary responses are provided below, and their full responses are included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Department of Health and Aged Care
The Department of Health and Aged Care (the Department) welcomes the findings in the report. The Department notes the overall finding by the ANAO that the Department’s and Services Australia’s administration of the Pharmaceutical Benefits Scheme (PBS) is partly effective. The Department is committed to working towards implementing the recommendations in the report as a priority and is already taking steps to address key findings identified in the audit. The Department has also commenced engagement with its partner agency, Services Australia, to address key recommendations in relation to the delivery of the PBS payment arrangement.
The ANAO found that the department has largely appropriate arrangements to manage the cost of the PBS. The Department welcomes the finding that appropriate arrangements have been established for managing patient out-of-pocket costs for Australians and monitoring the overall cost of the PBS. The Department acknowledges the findings that arrangements have been implemented to assess and manage the cost of listed medicines and to manage pharmacy remuneration through successive Community Pharmacy Agreements, and that the bilateral arrangements with Services Australia to oversee delivery of Pharmaceutical Benefits Scheme services and payments are also largely appropriate.
Services Australia
Services Australia (the Agency) notes the findings of the report that the Agency’s arrangements to manage the delivery of the PBS services and payments are partly effective, having regard to certification of claims, reporting differences at the bilateral level compared to Annual Performance Statements, delegation instruments and PBS Safety Net.
The Agency welcomes the findings of the report and is committed to delivering the payments and services related to the PBS, which subsidises the cost of medicines for Australian residents and eligible overseas visitors. The Agency administers the PBS in accordance with the policy and legislation for which the Department of Health and Aged Care (Health) has responsibility. The Agency continues to work with Health to address the issue of uncertified claims and changes to delegation instruments in addition to expanding the work types to include PBS in its Annual Performance Statements for 2024-25.
The Agency agrees with the finding that the performance targets for answering authority calls is different for bilateral agreement and Annual Performance Statement purposes. Due to the expansive nature of the services it provides, reporting is done on a tiered basis for different purposes. The Agency continues to focus on reducing reliance on the PBS Authorities telephone line and increasing digital PBS authorities.
Key messages from this audit for all Australian Government entities
23. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Administration of long-term programs
Delegations of authority
Summary and recommendations
Background
1. Tourism Australia (TA) was established in 2004 under the Tourism Australia Act 2004 (TA Act). Its corporate plan states that its purpose is to ‘grow demand to enable a competitive and sustainable Australian tourism industry’.1 The accountable authority for TA is the Board of Directors. TA reports having around 220 staff.
2. TA is a corporate Commonwealth entity within the Foreign Affairs and Trade portfolio. It is subject to the Commonwealth Procurement Rules (CPRs) issued by the Minister for Finance under section 105B of the Public Governance, Performance and Accountability Act 2013.
3. According to its audited financial statements, payments to suppliers represented 74 per cent of TA’s total expenses in 2023–24. Of its total budgeted expenses for 2024–25, 73 per cent were attributable to supplier expenses. As at 30 June 2024, TA had reported 55 contracts on AusTender with a start date falling within the last three financial years, valued at $265.6 million (including contract amendments).
Rationale for undertaking the audit
4. Noting that nearly three-quarters of organisational expenses relate to contracting suppliers, this audit provides assurance to the Parliament over the effectiveness of TA’s procurement and contract management activities.
Audit objective and criteria
5. The audit objective was to assess whether TA’s procurement and contract management activities are complying with the CPRs and demonstrating the achievement of value for money.
6. To form a conclusion against the objective, the following high-level criteria were applied:
- Do the procurement processes demonstrate the achievement of value for money?
- Are the contracts being managed appropriately to achieve the objectives of the procurement?
Conclusion
7. TA’s procurement and contract management activities are not effective in complying with the CPRs and demonstrating the achievement of value for money.
8. TA’s procurement processes have not demonstrated the achievement of value for money. TA makes insufficient use of open and competitive procurement processes, with 70 per cent of the 33 procurements examined in detail by the ANAO not involving open competition. An appropriate procurement policy framework is not in place and TA’s conduct of procurement activities regularly fails to adhere to requirements under the CPRs such as:
- including evaluation criteria in request documentation and using those criteria to select the candidate that represents the best value for money;
- acting ethically including fair treatment of suppliers and through the declaration and management of any conflicts of interest2; and
- maintaining appropriate records commensurate with the scale, scope and risk of the procurement.
9. TA has not effectively managed contracts to achieve the objectives of the procurement. In relation to the 33 contracts examined in detail by the ANAO:
- none had a contract management plan, including some high-risk and high-value arrangements;
- for more than half (55 per cent), TA had not included clear performance requirements in the contract. There were also shortcomings in TA’s monitoring of contractor performance across the sample examined by the ANAO;
- contract variations are common, with 33 per cent of contracts examined by the ANAO being varied. None of the variations had records created and retained by TA that demonstrated that the variation represented value for money; and
- invoicing and payments for 64 per cent did not adhere to the contracts and/or requirements under TA’s policies.
10. TA has also not been meeting its AusTender reporting requirements.
Supporting findings
Procurement processes
11. An appropriate procurement policy framework is not in place. The two versions of the Procurement Policy in place for the period covered by this ANAO performance audit do not fully reflect, or address, the principles, prescriptive requirements and mandatory rules set out in the CPRs. (See paragraphs 2.2 to 2.19)
12. Based on TA’s AusTender reporting, the majority (62 per cent) of procurements valued at or above the $400,000 threshold set by the CPRs did not involve open approaches to the market. (See paragraphs 2.23 to 2.39)
13. A competitive procurement approach was evident in the establishment of 55 per cent of the contracts examined by the ANAO. For 36 per cent of the contracts, a non-competitive approach was taken and in nine per cent there were insufficient records maintained to evidence the procurement approach taken by TA. For 10 of the procurements (30 per cent) examined by the ANAO, it was evident from the evaluation records that TA had favoured existing or previous suppliers when evaluating competing offers through panel procurement or when deciding which potential provider(s) should be invited to participate in a limited tender. Favouring existing or previous suppliers in the conduct of procurement processes is inconsistent with the CPRs. (See paragraphs 2.40 to 2.63)
14. Relevant evaluation criteria were included in request documentation for 52 per cent of the contracts examined in detail by the ANAO. For the remaining 48 per cent, either the request documentation did not include any evaluation criteria (12 per cent) or there were no records of the request documentation on file (36 per cent). This situation is not consistent with the CPRs which require evaluation criteria to be included in the request documentation. (See paragraphs 2.67 to 2.69)
15. Just over half of the contracts examined by the ANAO were awarded to the candidate where records demonstrated that it had been assessed by TA to offer the best value for money. For the remaining 48 per cent of contracts where value for money outcomes had not been demonstrated, this was primarily the result of insufficient analysis being presented commensurate with the scale of the procurement, or insufficient documentation being maintained. (See paragraphs 2.72 to 2.83)
16. TA had not conducted procurements to a consistent ethical standard as required under the CPRs. Of note was that:
- conflict of interest declarations were not completed by all evaluation team members in four per cent of the contracts examined where there was sufficient documentation on file;
- for eight per cent of the contracts where advisers were appointed to assist with the procurement process, TA’s records did not include a complete list of the individuals involved; and
- the procurements of external probity advisers were deficient in relation to how those advisers were engaged as well as the limited scope of probity services obtained by TA. (See paragraphs 2.86 to 2.110)
17. TA did not maintain appropriate records commensurate with the scale, scope and risk of the procurement (which is what the CPRs require). Forty-eight per cent of contracts examined by the ANAO were missing one or more important documents. In addition, for those contracts where adequate records were available, more than half of the contracts involved work commencing before a contract was in place. (See paragraphs 2.113 to 2.132)
Contract management
18. TA’s reporting of contracts on AusTender was not compliant with the CPRs. TA accurately reported 19 per cent of the relevant contracts examined in detail by the ANAO within the required timeframe. Key information on contract values and contract start and end dates have been reported inaccurately with contract amendments usually not reported at all. (See paragraphs 3.2 to 3.17)
19. An appropriate contract management framework is not in place. None of the 33 contracts examined by the ANAO had a contract management plan and none had a risk management plan. This included a five-year $311.3 million contract that relates to a key element of TA’s marketing efforts. (See paragraphs 3.18 to 3.32)
20. Less than half (45 per cent) of the contracts examined by the ANAO included clear performance requirements. Methods for monitoring performance were included for 79 per cent of contracts examined, including a number of contracts where performance requirements had not been specified (that is the monitoring arrangements, such as reporting and/or progress meetings, were not against a clear performance requirement). Further, TA has not consistently adhered to the performance framework set out in the contracts and it was common for there to be gaps in the records to evidence the contract management activities undertaken that TA was paying for. (See paragraphs 3.33 to 3.40)
21. For the procurements examined by the ANAO, TA has not consistently managed contracts effectively to deliver against the objectives of the procurements and to achieve value for money.
- Of the 33 contracts examined by the ANAO, 11 (33 per cent) had records of at least one variation being executed. None of the variations had supporting evidence of records to the delegate documenting the decision-making process and demonstrating that the variation represented value for money. Some variations have significantly increased the value of the contract (by up to 105 per cent) and retrospectively added additional services already delivered and/or paid for. There have also been instances of contracts continuing to operate past their stated completion date without being varied.
- Invoicing and payments under 21 of the 33 contracts examined by the ANAO did not adhere to the contracts and/or requirements under TA’s policies. This has included instances of full payments being made before final deliverables under the contract are received and payments exceeding the contracted amount. (See paragraphs 3.41 to 3.51)
Recommendations
Recommendation no. 1
Paragraph 2.20
Tourism Australia document a comprehensive procurement policy framework that gives full effect to the principles, prescriptive requirements and mandatory rules set out in the Commonwealth Procurement Rules.
Tourism Australia response: Agreed.
Recommendation no. 2
Paragraph 2.64
Tourism Australia increase the extent to which it employs open, fair, non-discriminatory and competitive procurement processes.
Tourism Australia response: Agreed.
Recommendation no. 3
Paragraph 2.70
Tourism Australia strengthen its procurement controls to ensure that procurement request documentation includes:
- the evaluation criteria that will be applied, together with any weightings; and
- the way that prices will be considered in assessing the value for money offered by each candidate.
Tourism Australia response: Agreed.
Recommendation no. 4
Paragraph 2.84
Tourism Australia strengthen its procurement practices so that it can demonstrate that contracts are awarded to the candidate that satisfies the conditions for participation, is fully capable of undertaking the contract and will provide the best value for money as assessed against the essential requirements and evaluation criteria specified in the approach to market and request documentation.
Tourism Australia response: Agreed.
Recommendation no. 5
Paragraph 2.111
Tourism Australia engage probity advisers through transparent procurement processes and, where a probity adviser has been appointed, Tourism Australia actively engage and manage the adviser to ensure probity has been maintained during the procurement process.
Tourism Australia response: Agreed.
Recommendation no. 6
Paragraph 2.128
Tourism Australia improve its record keeping processes to ensure that business information and records are accurate, fit for purpose and are appropriately stored within entity systems.
Tourism Australia response: Agreed.
Recommendation no. 7
Paragraph 2.133
Tourism Australia strengthen its procurement controls to better address the risk of work commencing before a contract is in place.
Tourism Australia response: Agreed.
Recommendation no. 8
Paragraph 3.14
Tourism Australia:
- place greater emphasis on timely and accurate reporting of its procurement activities; and
- implement a monitoring and assurance framework over its compliance with the Commonwealth Procurement Rules including for AusTender reporting.
Tourism Australia response: Agreed.
Recommendation no. 9
Paragraph 3.52
Tourism Australia strengthen its contract management including by:
- establishing and maintaining a contract register that contains details of all entity contracts, and implementing a quality assurance process to ensure that the information recorded is complete and accurate, and updated in a timely manner;
- documenting risk management and contract management plans for high-risk, high-value contracts;
- including clear performance requirements in contracts and applying contracted performance monitoring approaches in the management of contracts; and
- introducing effective controls over invoicing and payments under contracts.
Tourism Australia response: Agreed.
Summary of entity response
22. The proposed audit report was provided to TA. The letter of response that was received for inclusion in the audit report is at Appendix 1. TA’s summary response is provided below.
Tourism Australia acknowledges the ANAO’s report and is fully committed to implementing its nine recommendations to improve the agency’s procurement and contract management practices.
Tourism Australia had already begun to make improvements to its procurement and contract management systems ahead of the audit, and the agency is in the process of implementing remedial actions relating to the recommendations. This includes enhancing the agency’s records management framework and processes, implementing a new procurement and contract management system and adding resources to its corporate services teams. Additional training will also be provided to all staff to improve capability to ensure that decisions are compliant, defensible, and clearly demonstrate value for money.
Some of the report’s findings relate to work undertaken during the unprecedented events of the Covid-19 pandemic, when Tourism Australia’s primary focus was on the emergency response to support an industry in crisis. Nevertheless, Tourism Australia accepts the recommendations for improvement to ensure that it can better demonstrate that the agency’s procurement and contract management activities comply with Commonwealth Procurement Rules and achieve value for money.
Key messages from this audit for all Australian Government entities
23. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Competitive processes
Procurement
Contract management
Summary and recommendations
Background
1. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:
Conflicts of interest are also a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar of integrity architectures.1
2. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires an official of a corporate Commonwealth entity (CCE) to:
- not improperly use their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth or others2; and
- disclose the details of any material personal interests that relate to the affairs of the entity.3
3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further guidance for CCE officials, including that material personal interests must be disclosed as soon as practicable after becoming aware of them or when there are changes in the interests. The disclosure must include details of the nature and extent of the interest and how the interest relates to the affairs of the entity.4
4. The Corporations Act 2001 (Corporations Act) sets out comparable requirements for Commonwealth companies, including a ‘Director’s duty to notify other directors of [a] material personal interest when [a] conflict arises’, including outlining details of the nature and extent of the interest and how it relates to the affairs of the company. The notice must be given at a directors’ meeting as soon as practicable after the director becomes aware of their interest in the matter and details must be recorded in the minutes of the meeting.5
Rationale for undertaking the audit
5. Public confidence in Commonwealth entities and Commonwealth companies can be damaged when conflicts of interest are not appropriately identified and managed. The public is entitled to have confidence in the integrity of public officials, and to know that officials’ personal interests do not conflict with their public duties.
6. Specialist skills and expertise may be required to provide a suitable composition for Commonwealth boards. The board members that are appointed to boards in respect of their specialist skills or expertise can have inherent interests that exist as a consequence of their specialist experience. For example, they may be involved in industry associations or have duties to other organisations. These interests can conflict with their duties as a board member.
7. The NACC and the Australian Public Service Commission (APSC) have highlighted functions commonly undertaken by Australian Government entities that have a heightened risk of conflicts of interest, including procurement, recruitment and grant activities.6
8. This audit was conducted to provide assurance to the Parliament that the selected entities are ensuring the integrity of their functions by appropriately managing conflicts of interest.
9. The selected entities represent a cross section of Indigenous portfolio agencies in the Prime Minister and Cabinet portfolio, each with a board as its accountable authority under the PGPA Act:
- Aboriginal Hostels Limited (AHL) is a Commonwealth company which employs staff under the Public Service Act 1999;
- Aboriginal Investment NT (known prior to August 2024 as the Northern Territory Aboriginal Investment Corporation) is a CCE; and
- Outback Stores Pty Ltd (Outback Stores) is a Commonwealth company.
Audit objective and criteria
10. The objective of the audit was to assess the effectiveness of the management of conflicts of interest by AHL, Aboriginal Investment NT and Outback Stores.
11. To form a conclusion against the objective, the ANAO adopted the following two high-level audit criteria:
- Have the entities developed appropriate arrangements to manage conflicts of interest?
- Are the entities effectively managing conflicts of interest consistent with their own policies?
12. The audit examined the entities’ management of conflicts of interest over the period 1 July 2021 to 30 June 2024, including in the areas of board governance, recruitment, procurement, annual Senior Executive Service declarations (AHL) and grant management (Aboriginal Investment NT).
Conclusion
13. AHL, Aboriginal Investment NT and Outback Stores were partly effective in the management of conflicts of interest. While there were frameworks in place to manage conflicts of interest, there were shortcomings with the implementation of those frameworks. There were deficiencies with the documentation of board consideration of conflicts and documentation of conflicts of interest declarations and management actions for procurement, recruitment and grant activity.
14. AHL, Aboriginal Investment NT and Outback Stores have developed largely appropriate arrangements to manage conflict of interest consistent with legislative requirements of corporate Commonwealth entities (Aboriginal Investment NT) and Commonwealth companies (AHL and Outback Stores). Each entity has assessed conflict of interest risks, developed a conflict of interest policy and implemented arrangements to support the declaration of interests by board members. AHL and Aboriginal Investment NT require activity specific conflict of interest declarations for staff involved in procurement and recruitment. Aboriginal Investment NT and Outback Stores implemented conflict of interest training for their boards and employees in 2024. AHL requires employees to undertake integrity training but has not implemented training for board members. All entities have implemented some form of assurance arrangement. AHL did not address alleged conflict of interest matters that were identified in three complaints, and Outback Stores did not have a complaints system or undertake controls assessment.
15. The entities were partly effective in implementing arrangements for managing conflicts of interest. Board assessments of declarations of interest were not sufficient to record whether the board had determined declarations to be material personal interests. Aboriginal Investment NT’s board did not include declarations of interests in three out of session meetings and a workshop and did not always record the nature and extent of declared conflicts. There were instances of Aboriginal Investment NT Grants Committee members with declared conflicts of interest recommending grant applications for board approval. AHL did not adequately document conflict of interest management for recruitment as required by its policy. Aboriginal Investment NT did not adequately document conflict of interest management for procurement as required by its policy. The Outback Stores board recorded board members’ interests as conflicts of interest without documenting its assessment of the interests. AHL did not monitor training completion rates.
Supporting findings
Arrangements to manage conflicts of interest
16. All entities assessed conflict of interest risks within their enterprise risk management frameworks. Aboriginal Investment NT’s and Outback Stores’ conflict of interest risk assessments occurred between April and June 2024.
- AHL had a conflict of interest related risk factor and control for recruitment in its enterprise risk register until March 2023. AHL assessed conflict of interest risks relating to ‘leakage’ of hostel accommodation revenue, procurement, and acceptance of gifts and benefits in its fraud risk register. Not all existing controls for conflict of interest were identified in these assessments.
- From April to June 2024 Aboriginal Investment NT assessed conflict of interest risks relating to procurement, recruitment and grant assessment. These assessments were undertaken after conflict of interest risks had been realised with its first grant round, which ran from May 2023 to February 2024.
- Outback Stores included an entity-wide conflict of interest risk in its risk register in May 2024 with mitigation strategies including development of a conflict of interest policy, declaration processes, and training and education arrangements. (see paragraphs 2.3 to 2.17)
17. All entities have developed arrangements for declaring, managing and overseeing conflicts of interest, including establishing gifts, benefits and hospitality policies and registers. All entities refreshed conflict of interest-related policies and procedures during 2024.
- AHL had a conflict of interest policy and specific arrangements for managing conflict of interest for recruitment. AHL’s procurement policy was updated in April 2024 to include a requirement for activity specific conflict of interest declarations.
- In May 2024 Aboriginal Investment NT implemented a conflict of interest policy and introduced declaration requirements for recruitment. After conflict of interest issues were identified with its first grant round, which ran from May 2023 to February 2024, it updated its policies, guidelines and forms to strengthen declaration and management requirements.
- Outback Stores implemented a conflict of interest policy in June 2024. Its Board Charter does not fully align with provisions of the Corporations Act relating to declaration of interests. (see paragraphs 2.18 to 2.81)
18. All entities have developed training and education arrangements to promote compliance with conflict of interest requirements. Board members for all entities are provided with induction packs that outline conflict of interest requirements. Aboriginal Investment NT and Outback Stores developed online conflict of interest training for employees and board members in 2024. New and existing AHL employees undertake mandatory APS integrity training. The National Indigenous Australians Agency provides support to Indigenous portfolio agencies in the Prime Minister and Cabinet portfolio. (see paragraphs 2.82 to 2.104)
19. All entities implemented some form of arrangement to obtain assurance over the management of conflicts of interest.
- AHL undertook internal audits which detected deficiencies in its conflicts of interest arrangements for recruitment and complaints management. AHL has a complaints system, but it did not consider conflict of interest-related aspects of three complaints in accordance with its Conflict of Interest Policy.
- Aboriginal Investment NT has implemented a complaints system and undertook an internal audit in 2024 which detected deficiencies in its conflicts of interest arrangements for grants assessment.
- Outback Stores undertook an internal audit in 2024 that assessed compliance with its June 2024 Conflict of Interest Policy. It did not have a complaints system or undertake controls assessment. (see paragraphs 2.105 to 2.127)
Effectiveness of conflict of interest arrangements
20. Each entities’ board had processes for members to declare interests and conflicts of interests. All of the boards were deficient in recording their assessment of board members’ declared interests and whether they were considered to be material personal interests. Deficiencies were also identified with activity-specific processes for declaring and managing conflicts of interest relating to recruitment (all entities), procurement (all entities), SES declarations (AHL), and grant assessment (Aboriginal Investment NT).
- AHL did not record its assessment of whether a board member’s declared interest as a conflict and no management plan was put in place. AHL complied with the requirement for annual declaration of SES interests, but record keeping was deficient. While conflicts of interest for AHL’s recruitment activities were generally declared consistent with its policy, management of conflicts were not always documented. AHL’s procurement processes were largely consistent with policy requirements.
- Aboriginal Investment NT had three out of session board meetings and one board workshop where the standard declaration of interests agenda item did not occur. Aboriginal Investment NT did not always document the nature and extent of conflicts of interest declared by board members and grants committee members, and in some instances grants committee members with declared conflicts voted to recommend board approval of grant applications. Aboriginal Investment NT did not follow its procurement policy requirements for activity-specific conflict of interest declarations.
- Outback Stores recorded board member’s declared interests as ‘conflicts of interest’ without documenting how it related to the affairs of the entity or management plans. It did not have any declared conflicts of interest for procurement and recruitment activity. (see paragraphs 3.3 to 3.50)
21. Aboriginal Investment NT and Outback Stores established monitoring arrangements for their conflict of interest training, which was implemented in 2024, and achieved employee completion rates of over 90 per cent. AHL does not monitor employee completion rates for mandatory integrity training or conflicts of interest components of induction training. (see paragraphs 3.51 to 3.59)
Recommendations
Recommendation no. 1
Paragraph 2.11
Aboriginal Hostels Limited undertake an assessment of drivers behind employee responses to the corrupt behaviour question in the Australian Public Service Employee Census and use this assessment to reassess the entity’s conflict of interest risks.
Aboriginal Hostels Limited response: Agreed.
Recommendation no. 2
Paragraph 2.112
Aboriginal Hostels Limited establish processes to ensure that conflict of interest matters are addressed and documented in complaint management.
Aboriginal Hostels Limited response: Agreed.
Recommendation no. 3
Paragraph 3.17
Aboriginal Hostels Limited establish processes to ensure that employees comply with its recruitment policy requirements to declare, manage and document conflicts of interest.
Aboriginal Hostels Limited response: Agreed.
Recommendation no. 4
Paragraph 3.30
Aboriginal Investment NT establish processes to ensure employees comply with its procurement policy requirements to declare, manage and document conflicts of interest.
Aboriginal Investment NT response: Agreed.
Recommendation no. 5
Paragraph 3.41
Aboriginal Hostels Limited, Aboriginal Investment NT and Outback Stores implement arrangements to record their boards’ assessment of whether a declaration made by a board member is determined to be a material personal interest. Where the interest is determined to be a material personal interest, boards should record the disclosure and consequence in accordance with legislative requirements.
Aboriginal Hostels Limited response: Agreed.
Aboriginal Investment NT response: Agreed.
Outback Stores response: Agreed.
Summary of entity responses
22. The proposed audit report was provided to AHL, Aboriginal Investment NT and Outback Stores. An extract was provided to the National Indigenous Australians Agency (NIAA). The summary responses are reproduced below. The full responses from each entity are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Aboriginal Hostels Limited
AHL acknowledges the findings in the report, gratefully accepts its recommendations and will take appropriate action to strengthen areas relating to the implementation of our established frameworks for managing conflicts of interest.
I would like to thank the ANAO audit team for their professional and collaborative approach throughout this process.
Aboriginal Investment NT
We welcome the report and accept its recommendations. As a newly established corporate Commonwealth entity, ensuring trust and confidence in our arrangements through the highest integrity standards is vital. We are committed to ensuring that appropriate control and procedural arrangements are implemented as our organisation continues to grow and mature. We have already undertaken steps to implement the recommendations and have planned for an internal audit to follow up on their implementation. This internal audit has been scheduled in our 2024–25 Strategic Internal Audit Program.
Outback Stores Pty Ltd
Thank you for your correspondence of 28 October 2024 regarding the proposed report under s.19 of the Auditor–General Act 1997 on the management of conflicts of interest.
Outback Stores acknowledges the importance of the audit in providing assurance to the Parliament over the effectiveness of the management of conflicts of interest. Further, the broader public are entitled to have confidence in officials of all Indigenous portfolio bodies in the integrity of these agencies.
Outback Stores accept the key findings, recommendations and opportunities for improvement outlined in the report, with alignment to the sole recommendation complete.
Key messages from this audit for all Australian Government entities
23. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Grants and procurement
Summary and recommendations
Background
1. In September 2022 the Australian Energy Regulator reported that over the course of 2022, the war in Ukraine resulted in price volatility and price hikes for energy on international markets.1 Due to the links between domestic and export markets this affected domestic customers and the wider economy. Simultaneously, domestic factors contributed to wholesale energy price increases.
2. The Department of the Treasury (Treasury) and the Department of Climate Change, Energy, the Environment and Water (DCCEEW) were lead entities in the development of policy options to seek to address energy price increases. On 9 December 2022, the Prime Minister, the Treasurer, and the Minister for Climate Change and Energy announced the Energy Price Relief Plan (the plan) — a package of measures designed to ‘shield Australian families and businesses from the worst impacts of predicted energy price spikes.’
Rationale for undertaking the audit
3. The budget for the package of measures under the Energy Price Relief Plan was estimated between $3 billion and $3.5 billion over five years. The government sought urgent advice on options to seek to address energy price increases.
4. The audit provides assurance to Parliament on whether the Energy Price Relief Plan was effectively designed and the effectiveness of planned frameworks for implementation and evaluation.
Audit objective and criteria
5. The objective of this audit was to assess the effectiveness of the design process for the Energy Price Relief Plan.
6. To form a conclusion against the objective, the following criteria were adopted.
- Was the development of the plan informed by sound policy advice?
- Was implementation effectively planned?
- Are the arrangements to assess the achievement of outcomes of the plan effective?
7. The audit did not assess:
- the design or implementation of the Capacity Investment Scheme which was also included in the 9 December 2022 announcement;
- the design of the Australian Domestic Gas Security Mechanism reforms agreed to by government in September 2022; or
- the implementation of the extension of the energy bill rebates announced in May 2024.
Conclusion
8. The design process for the Energy Price Relief Plan was largely effective. The design process could have been improved with earlier engagement with delivery agencies. The Energy Price Relief Plan would benefit from a plan to assess the achievement of outcomes.
9. The development of the Energy Price Relief Plan was informed by sound policy advice. Roles and responsibilities, relevant guidance and risk management processes were in place to support the development of the Energy Price Relief Plan. Benefits of policy options were assessed and were supported by evidence. During the design process industry stakeholders were consulted on the gas market interventions. Stakeholders within the APS were consulted in the development of policy options, except for: Services Australia; the Department of Infrastructure, Transport, Regional Development, Communications and the Arts (DITRDCA); and the Department of Veterans’ Affairs (DVA). Earlier engagement with APS delivery agencies would have improved the consideration of implementation within the policy advice provided to government. Treasury and DCCEEW did not document risks associated with rapid policy development and risk mitigation strategies. Activities that can assist in reducing risks were undertaken, including seeking expert advice, engaging industry stakeholders, and establishing fit-for-purpose governance and coordination arrangements.
10. Arrangements established to support implementation of the Energy Price Relief Plan were largely effective. Policy advice to government identified risks for all measures. Risks related to the Australian Domestic Gas Security Mechanism reforms were considered when the reforms were initially developed in 2022, however risks specific to bringing forward the commencement of the reforms were not incorporated with other risks included in policy advice. Treasury and DCCEEW monitored risks for three of the five measures — targeted electricity bill rebate, mandatory gas code of conduct, and coal price cap. The department responsible for the implementation of the targeted electricity bill rebate was not identified in policy advice provided to government in December 2022 and was not confirmed by government until August 2023. Treasury had not established a risk assessment and an implementation plan for the targeted electricity bill rebate and the gas price cap. Treasury’s progress reports to government on the targeted electricity bill relief included elements of implementation planning.
11. Arrangements to assess the achievement of outcomes for the Energy Price Relief Plan were largely effective. While activities to assess the achievement of outcomes for individual measures have been planned or undertaken, plans to assess the collective impacts of the five measures under the Energy Price Relief Plan were not established. Monitoring arrangements have been established for four of five measures and implemented — the Australian Domestic Gas Security Mechanism has not been activated. Treasury and DCCEEW have produced reporting on the collective impacts of select measures. DCCEEW has conducted a review of the coal price cap. Planning has commenced for reviews of the targeted electricity bill rebate, mandatory gas code of conduct and Australian Domestic Gas Security Mechanism.
Supporting findings
Development of the plan
12. Roles and responsibilities were defined for the development of policy options. Treasury and DCCEEW have largely relevant guidance on developing policy advice available for staff. The departments did not document risks, and associated mitigation strategies, related to policy development. Activities that may reduce risks were undertaken: Treasury and DCCEEW sought expert advice; the Australian Competition and Consumer Commission (ACCC) engaged with select industry stakeholders; and the Department of the Prime Minister and Cabinet (PM&C) established fit-for-purpose governance and coordination arrangements. (See paragraphs 2.3 to 2.19)
13. During the development of policy advice, APS stakeholders — except for Services Australia, DITRDCA and DVA — were engaged in the design of all measures. Select industry stakeholders were engaged on the gas market interventions prior to policy advice being provided to government. (See paragraphs 2.20 to 2.81)
14. Market modelling and data and advice from relevant government entities was used to support advice to government on policy options. Potential impacts of the proposed policy options included in policy advice were supported by evidence. Treasury and DCCEEW’s impact analysis included an assessment of regulatory burden costs and benefits for three measures — gas price cap, mandatory gas code of conduct and bringing forward the commencement of the Australian Domestic Gas Security Mechanism reforms. While DCCEEW had undertaken a preliminary assessment, an impact analysis was not undertaken for the remaining two measures — targeted electricity bill rebate and coal price cap. (See paragraphs 2.82 to 2.94)
Planning for implementation
15. Advice to government identified risks for four of the five measures. Risks related to the Australian Domestic Gas Security Mechanism reforms were considered as part of an earlier impact assessment process and specific risks related to bringing forward the commencement of the reforms were not highlighted in policy advice. Advice did not document the risk that payments may be made to ineligible recipients under the targeted electricity bill rebate measure. DCCEEW undertook risk assessments for two of the five measures — the mandatory gas code of conduct and the coal price cap. Risks were monitored for three of the four measures led by Treasury and DCCEEW — the targeted electricity bill rebate, mandatory gas code of conduct, and coal price cap. Risk reporting was undertaken by Treasury for the targeted electricity bill rebate and by DCCEEW for the mandatory gas code of conduct. Risks related to the gas price cap and coal price cap measures were not reported. (See paragraphs 3.3 to 3.16)
16. Advice to government included information on implementation of all five measures under the plan. Policy advice on the targeted electricity bill rebate and the coal price cap measures did not identify which department would be responsible for implementation. Implementation plans were established for three measures — mandatory gas code of conduct, coal price cap and bringing forward the commencement of the Australian Domestic Gas Security Mechanism reforms. Implementation planning activities were undertaken for the remaining two measures. For the targeted electricity bill rebate, Treasury had not established an implementation plan. Elements of implementation planning were included within progress reports provided to government. Implementation planning was discussed in governance meetings co-chaired by Treasury and Services Australia. (See paragraphs 3.17 to 3.38)
Monitoring and assessing the achievement of outcomes
17. Subsequent to the announcement of the Energy Price Relief Plan in December 2022, oversight and monitoring frameworks have been established and implemented for four of five measures — the Australian Domestic Gas Security Mechanism has not been activated and therefore monitoring arrangements have not been implemented. Monitoring activities are being undertaken in accordance with the frameworks which have been established. (See paragraphs 4.3 to 4.29)
18. Treasury and DCCEEW outlined the objectives and estimated impacts of the Energy Price Relief Plan. Plans to assess the collective impacts of the five measures under the plan were not established. Entities have developed plans to assess the achievement of outcomes for the individual measures, except for the gas price cap. Treasury and DCCEEW have reported collective impacts of the Energy Price Relief Plan and DCCEEW has conducted a review of the New South Wales coal price cap. Statutory reviews of the mandatory gas code of conduct and the Australian Domestic Gas Security Mechanism reforms are due to be undertaken during 2025. (See paragraphs 4.30 to 4.70)
Recommendations
Recommendation no. 1
Paragraph 3.16
The Department of the Treasury develop risk management guidance for staff where Treasury is the lead agency for a policy, including for managing risks identified in policy advice.
Department of the Treasury response: Agreed.
Summary of entity responses
19. The proposed report was provided to the Department of the Treasury and the Department of Climate Change, Energy, the Environment and Water. Extracts of the proposed report were provided to the ACCC, AER, DVA, Services Australia, DITRDCA, DISR, and PM&C.
20. Treasury, DCCEEW, the AER and DISR provided summary responses and these are below. Full responses from these entities are included at Appendix 1.
Department of the Treasury
Treasury welcomes the report, in particular the reflection that the policy was based on sound advice and that both policy and implementation development were largely effective to achieve the desired policy outcomes. Treasury also welcomes the report’s key messages, especially regarding the need to adapt risk appetite to short timeframes and urgent delivery. This aligns with Treasury’s risk management policy, noting our higher appetite for risk in these circumstances while still balancing potential consequences.
Treasury agrees with the recommendation presented in the report. Treasury accepts the ANAO’s evidence regarding the risk assessments and implementation planning during the development of the Energy Price Relief Plan. Treasury considers the recommendation recognises the ANAO’s findings and Treasury acknowledges it could develop guidance on how the risk management framework should be applied in situations where timeframes are short and delivery is urgent.
Treasury has engaged an external review of the implementation of the first round of the Energy Bill Relief Fund and will leverage findings from this review in drafting further risk management guidance.
Department of Climate Change, Energy, the Environment and Water
The Department of Climate Change, Energy, the Environment and Water (the department) welcomes the ANAO report and the conclusion that the design process for the Energy Price Relief Plan was largely effective, with no recommendations made for the department.
The Government’s Energy Price Relief Plan was a package of measures developed to shield Australian families and businesses from the worst impacts of predicted energy price spikes. This rapid policy development occurred within complex electricity and gas markets and required engagement across multiple agencies and other parties during its development and implementation.
The ANAO’s observations including areas of improvement applicable in the unique setting of rapid policy development are valuable insights that will inform and influence the department’s continual improvement practices in stakeholder engagement and program governance.
Australian Energy Regulator
The AER was provided with extracts from the proposed report.
The AER notes that there are no findings or recommendations relating to the AER.
The AER notes the contents of the report, including the key messages. The key messages reflect the experience and approach of the AER.
Department of Industry, Science and Resources
The Department of Industry, Science, and Resources (the department) acknowledges the Australian National Audit Office’s proposed audit report on the Design of the Energy Price Relief Plan.
The department acknowledges the report’s key findings on policy design, governance and risk management. The department strives to achieve meaningful stakeholder engagement to ensure feedback is accounted for in policy design. In the design and implementation of the Australian Domestic Gas Security Mechanism (ADGSM) reforms, two public consultation processes were conducted – on the design of policy and on the draft guidelines – to inform the development of effective policy that contributes to the delivery of positive outcomes for our stakeholders.
The department is committed to establishing and improving robust governance and risk management practices, and notes these principles are particularly important when designing and implementing policy initiatives in constrained timeframes.
Key messages from this audit for all Australian Government entities
21. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Policy design
Governance and risk management
Summary and recommendations
Background
1. The Public Service Act 1999 (PS Act) requires that Australian Public Service (APS) employees, agency heads and statutory office holders abide by the APS Code of Conduct.1 The APS Code of Conduct, consistent with duties under the Public Governance, Performance and Accountability Act 2013 (PGPA Act), require officials to declare the receipt of gifts, benefits and hospitality. Collectively, these requirements establish obligations for officials and Commonwealth entities in relation to how they manage the provision and receipt of gifts, benefits and hospitality.
2. Section 27 of the PGPA Act states that an official must not improperly use their position to gain, or seek to gain, a benefit for themselves or another person, or to cause, or seek to cause, detriment to the entity, the Commonwealth, or any other person.2 The National Anti-Corruption Commission Act 2022 also contains provisions against conduct that adversely affects (or could adversely affect) the honest and impartial exercise of any public official’s powers, functions or duties.3
3. The Australian Public Service Commission (APSC) publishes Guidance for Agency Heads – Gifts and Benefits. The principles underpinning this guidance are that:
- agency heads are meeting public expectations of integrity, accountability, independence, transparency and professionalism in relation to gifts and benefits; and
- there is consistency in relation to agency heads’ management of gifts and benefits across APS agencies and Commonwealth entities and companies.4
4. The Murray–Darling Basin Authority (MDBA) is a corporate Commonwealth entity established under the Water Act 2007 (the Water Act) and comprises:
- an eight-member Authority (the Authority) with functions and responsibilities defined under the Water Act and conditions set by the Remuneration Tribunal5; and
- a statutory agency of staff engaged under the Public Service Act, with an average staffing level of 367 for 2024–25.6
5. The MDBA is responsible for coordinating how water resources are managed in the Murray–Darling Basin.7
Rationale for undertaking the audit
6. Section 27 of the PGPA Act states that an official must not improperly use their position to gain, or seek to gain, a benefit for themselves or another person, or to cause, or seek to cause, detriment to the entity, the Commonwealth, or any other person. Public service entities must meet public expectations of integrity, accountability, independence, transparency, and professionalism. Acceptance of a gift or benefit that relates to an official’s employment can create a real or apparent conflict of interest that should be avoided.8
7. Public confidence in Commonwealth entities and the APS can be damaged when gifts and benefits that create a conflict of interest are accepted or not properly declared. The APSC states in its publication, APS Values and Code of Conduct in practice, that the risk of the appearance of a conflict can damaging to public confidence:
The appearance of a conflict can be just as damaging to public confidence in public administration as a conflict which gives rise to a concern based on objective facts.9
8. This audit was conducted to provide assurance to the Parliament that the MDBA has complied with gifts, benefits and hospitality requirements.
Audit objective and criteria
9. The objective of the audit was to assess whether the MDBA had complied with gifts, benefits and hospitality requirements.
10. To form a conclusion against the objective, the ANAO adopted the following two high-level audit criteria.
- Did the MDBA have effective arrangements in place to manage gifts, benefits and hospitality?
- Were the MDBA’s controls and processes for gifts, benefits and hospitality operating effectively in accordance with its policies and procedures?
11. The audit examined the management of gifts, benefits and hospitality within the MDBA over the period 1 July 2021 to 31 March 2024.
Conclusion
12. The MDBA has been partly effective in complying with gifts, benefits and hospitality requirements. While the MDBA has policies and procedures for managing gifts, benefits and hospitality, the implementation of its controls and processes for ensuring compliance with gift, benefit and hospitality requirements have not been effectively operationalised.
13. The MDBA has established largely effective arrangements for managing gifts, benefits and hospitality. The MDBA has not considered conflict of interest risks associated with gifts, benefits and hospitality within its risk management framework. While the MDBA has developed policies and procedures for the acceptance and provision of gifts, benefits and hospitality, there are opportunities to improve the consistency between policies and procedures. Whole of government training on integrity and fraud and corruption is mandatory for MDBA staff. Limited guidance is provided to Authority members. The MDBA maintains an internal register of gifts and benefits accepted by MDBA officials, and has published a register of gifts and benefits received by the Chief Executive.
14. The MDBA’s controls and processes are partly effective in supporting its compliance with gift, benefit and hospitality requirements. Deficiencies were identified with preventative controls relating to reporting on mandatory training completion and the compliance with policy and procedural requirements for the acceptance and provision of gifts, benefits and hospitality. While the MDBA does not have specific detective controls relating to acceptance of gifts, benefits and hospitality, since 2022–23 it has included a question on provision of hospitality in its biannual financial compliance survey. The MDBA has not established processes for managing non-compliance or assurance activities for gifts, benefits and hospitality.
Supporting findings
Arrangements for managing gifts, benefits and hospitality
15. The MDBA has articulated risks and controls related to bribery and corruption in a 2024 fraud and corruption risk assessment. Existing controls related to acceptance or provision of gifts, benefits and hospitality were not referenced in the 2024 assessment. Two integrity-related risks were identified in the MDBA’s November 2021 Enterprise Risk Management Plan. The MDBA developed a revised suite of enterprise risks in August 2023, which no longer includes integrity-related risks. (See paragraphs 2.6 to 2.21)
16. The MDBA has developed policies and procedures for the acceptance of gifts, benefits and hospitality through its Accountable Authority Instructions, Instrument of Delegation, Official Hospitality, Gifts and Benefits Guidelines and Declaration of Interests Policy. There were inconsistencies between these documents in relation to instructions for accepting ‘token gifts, benefits or hospitality’ (valued at $50 or below). In addition, the guidelines do not specify timeframes for obtaining delegate approval and reporting on acceptance of gifts, benefits or hospitality or sanctions associated with failure to comply with the requirements. (See paragraphs 2.22 to 2.37)
17. The MDBA has developed policies and procedures for the provision of gifts, benefits and hospitality through its Accountable Authority Instructions, Instrument of Delegation, Official Hospitality, Gifts and Benefits Guidelines and other policy documents. There were inconsistencies between these documents in relation to the distinction between official hospitality and business catering. (See paragraphs 2.38 to 2.56)
18. The MDBA has a mandatory training package which includes responsibilities and expectations for officials relating to gifts, benefits and hospitality. The relevant modules are whole of government modules on integrity and fraud and corruption. Members of the Authority have not been provided specific guidance on policy and procedural requirements for gifts, benefits and hospitality. ( See paragraphs 2.57 to 2.67)
19. The MDBA has published a register of gifts and benefits received by the Chief Executive. It updated the register in October 2024 to comply with the requirement to annually report gifted airline lounge memberships. In August 2024 the MDBA decided to commence publishing gifts and benefits received by MDBA officials, including Authority members. The MDBA maintains an internal register of gifts, benefits and hospitality accepted by officials from external parties. It expanded the register in August 2024 to cover provision of official hospitality. There were no internal reporting mechanisms in place for the Chief Executive or management committees to have oversight of gifts, benefits and hospitality accepted or provided by MDBA officials. As a result of the inconsistencies in the treatment of official hospitality and business catering events by the MDBA, and the absence of a register, the MDBA has not been well placed to accurately report to Parliament on instances of official hospitality. (See paragraphs 2.68 to 2.80)
Controls and processes for managing gifts, benefits and hospitality
20. The MDBA has implemented preventative controls for the receipt or provision of gifts, benefits and hospitality through its policies and procedures, mandatory staff training, delegations and approval requirements. The MDBA does not provide reporting on the completion of mandatory training to the Chief Executive or relevant governance committees. Requirements set out in policies and procedures prohibiting the acceptance of gifts, benefits and hospitality from contractors were not adhered to. There was inconsistent treatment of business catering and official hospitality events, and instances of non-compliance with controls for official hospitality. (See paragraphs 3.6 to 3.50)
21. The MDBA has not implemented detective controls specifically for the purpose of identifying non-compliance with requirements for the receipt and provision of gifts, benefits and hospitality. The MDBA’s biannual financial compliance survey is a detective control than can support the identification of non-compliance with requirements. Officials responding to the survey identified one instance of non-compliance with business catering or official hospitality guidelines in 2023–24, which was included in summary reporting provided to the Chief Executive. (See paragraphs 3.51 to 3.57)
22. The MDBA has not documented or implemented processes for managing identified instances of non-compliance relating to management of gifts, benefits and hospitality. The ANAO identified instances of non-compliance that had not been identified or reported by the MDBA. (See paragraphs 3.58 to 3.62)
23. The MDBA has not developed an evidence-based assurance framework that considers management of gifts, benefits and hospitality. (See paragraphs 3.63 to 3.68)
Recommendations
Recommendation no. 1
Paragraph 2.19
The Murray–Darling Basin Authority assess the risks associated with provision and acceptance of gifts, benefits and hospitality and identify appropriate controls.
Murray–Darling Basin Authority response: Agreed.
Recommendation no. 2
Paragraph 2.51
The Murray–Darling Basin Authority review and update its policy framework for the acceptance and provision of gifts, benefits and hospitality to ensure:
- instructions for accepting and keeping ‘token gifts, benefits and hospitality’ are consistent and appropriate;
- instructions for provision of hospitality include clear definitions and distinctions between official hospitality and business catering, and define relevant concepts such as ‘entertainment’ and ‘modest’;
- timeframes are specified for obtaining delegate approval and reporting on acceptance and provision of gifts, benefits and hospitality;
- consideration of any potential, perceived or actual conflicts created by the acceptance of gifts, benefits or hospitality is documented on declaration forms; and
- the framework defines sanctions associated with failure to comply with gifts, benefits and hospitality requirements.
Murray–Darling Basin Authority response: Agreed.
Recommendation no. 3
Paragraph 3.66
The Murray–Darling Basin Authority implement:
- regular reporting to the Chief Executive and relevant governance committees on mandatory training completion and acceptance and provision of gifts, benefits and hospitality; and
- arrangements to obtain assurance over controls for managing gifts, benefits and hospitality to inform continuous improvement and ensure ongoing effectiveness.
Murray–Darling Basin Authority response: Agreed.
Summary of entity responses
24. The proposed report was provided to the MDBA. Extracts of the proposed report were also provided to Callida Indigenous Consulting, Chartertech, eWater, Hudson, Paxus, Scyne Advisory and Xaana.ai. Summary responses to the report, where provided, are below and the MDBA’s full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Murray–Darling Basin Authority
The MDBA welcomes the ANAO’s findings and agrees with the three recommendations in the Report. We are pleased that no non-compliance with our legislative obligations (including PGPA Act) were identified.
We are committed to upholding the highest standards of integrity. Currently, we are working to improve consistency in policy requirements and control operating effectiveness over the management of gifts, benefits, and official hospitality.
Our actions in response to the ANAO audit include frequent reporting and increased oversight on our internal gifts, benefits, and hospitality register to identify potential conflicts of interest. We are also embedding processes to ensure compliance with mandatory staff training and internal procedures, and reviewing internal policies for consistent treatment of gifts and benefits.
The MDBA also has progressed significant work in relation to improving its risk management practices over the past 18 months and is currently focused on integrity related risks and appropriate controls, including in relation to gifts, benefits and hospitality.
The MDBA appreciates the ANAO’s approach in conducting the audit, including regular engagement, progress updates, and efforts to understand our agency’s policy and practices.
Chartertech
Chartertech’s Conflict of Interest Policy and Declaration outlines the policy for receiving gifts and benefits. This policy requires declaration of any gifts, benefits or hospitality received valued at over $100, this threshold is applied to the Chartertech Gifting Register, which was referenced in the ANAO response. Chartertech can confirm that there are no records of gifts, benefits or hospitality provided for any MDBA personnel in accordance with this policy.
Key messages from this audit for all Australian Government entities
25. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Performance and impact measurement
Summary
Background
1. Indigenous Business Australia (IBA) is a corporate Commonwealth entity established under the Aboriginal and Torres Strait Islander Act 2005. IBA’s purpose includes to enhance Aboriginal and Torres Strait Islander self-management and economic self-sufficiency.1 The National Indigenous Australians Agency (NIAA) is a non-corporate Commonwealth entity established as an executive agency in 2019. It is the lead Australian Government agency for Aboriginal and Torres Strait Islander policies and programs. NIAA’s purpose includes advancing a whole-of-government approach to improving the lives of Aboriginal and Torres Strait Islander people.2
2. Parliamentary committee and Auditor-General reports identify risks to the successful delivery of government outcomes and provide recommendations to address them. Where a parliamentary committee has made policy recommendations, the responsible minister is required to prepare and table a government response in the Parliament. The Auditor-General provides independent assurance as to whether the Executive government is operating and accounting for its performance in accordance with the Parliament’s intent. Auditor-General reports, which include audited entities’ responses to recommendations, are tabled in the Parliament. The tabling in the Parliament of an agreed response to parliamentary committee or Auditor-General recommendations is a formal commitment by the government or an entity to implement the recommended actions.
3. Successful implementation of agreed3 recommendations by Australian government entities requires effective governance arrangements to respond to, monitor and implement recommendations, with fit-for-purpose and proportionate implementation planning that sets clear responsibilities and timeframes for delivering the agreed actions.
4. The ANAO undertakes audits of implementation of recommendations made by parliamentary committees and the Auditor-General.4
Rationale for undertaking the audit
5. Parliamentary committee and Auditor-General reports have identified risks to and shortcomings in the successful delivery of outcomes in the Indigenous affairs portfolio. Recommendations have specified actions aimed at addressing those risks and identified opportunities for improving public administration. Implementation of agreed recommendations delivers on a formal commitment to the Parliament and is an important part of realising the full benefit of a parliamentary inquiry or audit. Appropriate and timely implementation of agreed recommendations demonstrates accountability to the Parliament and a commitment to improving public administration.
6. This audit provides assurance to the Parliament about whether recommendations directed to IBA and NIAA are being implemented as agreed.
Audit objective and criteria
7. The audit objective was to examine whether the selected entities have implemented a selection of agreed parliamentary committee and Auditor-General recommendations.
8. To form a conclusion against the objective, the following high-level criteria were adopted.
- Do IBA and NIAA have fit-for-purpose arrangements to respond to, monitor and implement agreed recommendations?
- Did IBA and NIAA respond to and implement agreed recommendations effectively?
9. To allow sufficient time for implementation, the ANAO examined implementation of agreed recommendations made between January 2020 and December 2022. The 25 recommendations examined comprised 10 recommendations from three parliamentary committee reports, and 15 recommendations from four Auditor-General reports.
Conclusion
10. As at August 2024, IBA had largely implemented the agreed recommendations examined in this audit, and NIAA had partly implemented the agreed recommendations. Implementation was not supported by robust governance arrangements in either entity, although arrangements matured during the course of the audit.
11. IBA’s arrangements to respond to, implement and monitor agreed parliamentary committee and Auditor-General recommendations are largely fit for purpose. IBA documented practices for managing recommendations in 2024. As at August 2024, these practices were not fully implemented as IBA was not subject to any parliamentary committee recommendations. NIAA’s arrangements to respond to parliamentary committee and Auditor-General recommendations are partly fit for purpose. NIAA documented practices for managing recommendations in 2024. These included new practices for managing parliamentary committee recommendations. As at August 2024, these practices were not fully implemented. The practices have the potential to be fit for purpose.
12. NIAA’s advice to government on how to respond to parliamentary committee recommendations was partly effective. IBA fully implemented three of the four agreed Auditor-General recommendations and largely implemented the remaining one. NIAA fully implemented six of 21 agreed parliamentary committee and Auditor-General recommendations and largely implemented one. Implementation of the remaining 14 NIAA recommendations was either partial (seven) or ongoing as at August 2024 (seven).
Supporting findings
Arrangements for managing agreed recommendations
13. IBA documented practices to respond to, implement, monitor and close agreed parliamentary committee recommendations in April 2024. These practices include implementation planning that covers roles and responsibilities, timeframes and risk. As at August 2024, these practices had not been implemented as IBA had no active parliamentary recommendations. NIAA documented practices to identify and respond to parliamentary committee recommendations in September 2023. NIAA does not monitor compliance with required timeframes for responding to parliamentary committee recommendations, and practices could be improved to promote better timeliness. NIAA documented practices to implement, monitor and close agreed parliamentary committee recommendations in August 2024. This followed commitments made to the Executive Board, Audit and Risk Committee and the Parliament to clarify and improve practices. As at August 2024, NIAA’s practices documented in August 2024 have not been implemented. (See paragraphs 2.4 to 2.39)
14. IBA and NIAA have established practices to respond to, implement, monitor and close agreed Auditor-General recommendations, including reporting to audit and risk committees and providing implementation updates to accountable authorities. IBA’s management practices for Auditor-General recommendations were documented and strengthened to include implementation planning in April 2024. IBA’s practices could be improved to clarify the role of the IBA Board in approving responses to recommendations. NIAA’s practices were documented in August 2024. This included formalising practices for implementation planning established in October 2023, requiring reporting to the Executive Board on implementation and closure, and improving closure practices to support the Audit and Risk Committee to fulfil its assurance function. (See paragraphs 2.40 to 2.63)
Implementation of agreed recommendations
15. IBA was not the subject of parliamentary committee recommendations in the timeframe examined in this audit. NIAA was responsible for coordinating the government response to two parliamentary committee reports examined in this audit. NIAA did not provide draft responses and associated advice in sufficient time to enable government to table responses in the timeframes set by the Parliament. Draft responses prepared by NIAA were consistent with relevant Australian Government guidelines, except that responses to disagreed recommendations did not always clearly state why the recommendation was not accepted. Advice to the Minister for Indigenous Australians (the minister) for recommendations that were accepted did not always include implementation details; risks or sensitivities; or a timeframe. In October 2022, the minister requested more information on outstanding responses to parliamentary committee reports, which was not provided. In April 2024, NIAA recommended to the minister that a ‘standard response’ be made to 39 recommendations in 10 outstanding parliamentary reports dating back to 2010. The response ‘noted’ the recommendations and stated that, given the passage of time, a substantive response was no longer appropriate. This was in line with correspondence from the government, except that NIAA did not advise the minister on whether or why a different response might be warranted. (See paragraphs 3.5 to 3.21)
16. Implementation planning for the examined recommendations was limited in both entities.
- IBA assigned responsibility and identified implementation actions for all four recommendations. It did not establish timeframes or assign risk ratings.
- NIAA’s implementation planning for 10 parliamentary committee recommendations was partial or not undertaken. NIAA assigned responsibility for all 11 Auditor-General recommendations examined. Other elements of implementation planning were not consistently undertaken. (See paragraphs 3.22 to 3.26)
17. IBA’s monitoring, assurance and closure of the four recommendations improved over the time period examined by the audit. IBA monitored implementation progress for all Auditor-General recommendations. Reporting on some recommendations to the Audit, Risk and Performance Committee was not timely nor complete until the committee requested evidence of implementation in September 2022. After September 2022, IBA prepared closure reports and effectively closed all recommendations.
18. NIAA did not consistently monitor implementation progress for the parliamentary committee recommendations examined in this audit, or report on progress to an oversight or assurance body. NIAA did not formally close the three (of 10) recommendations it considered implemented. NIAA monitored implementation progress for all 11 Auditor-General recommendations examined in this audit, and reported progress to the Audit and Risk Committee. Reporting on some recommendations was not timely. While closure reports were prepared for all 11 recommendations (which NIAA considered implemented), one closure report had no supporting evidence, senior official approval was inconsistently recorded and evidenced, and 10 closure reports were not shared with the Audit and Risk Committee. The committee noted closure of all 11 recommendations. (See paragraphs 3.27 to 3.42)
19. IBA and NIAA’s implementation of the 25 agreed recommendations examined in this audit, as at August 2024, was as follows.
- Of four Auditor-General recommendations to IBA, IBA considered all four to have been implemented. The ANAO assessed that three recommendations were fully implemented and one was largely implemented.
- Of 10 parliamentary committee recommendations relevant to NIAA, NIAA considered two were fully implemented and one was partly implemented. The ANAO assessment agreed with NIAA’s.
- Of 11 Auditor-General recommendations to NIAA, NIAA considered all 11 to be fully implemented. The ANAO assessed that four recommendations were fully implemented, one was largely implemented, and six were partly implemented.
- Of the 21 recommendations relevant to NIAA, responses to 11 included commitments that were additional to the recommendation. The ANAO assessed that additional commitments were fully implemented for three; partly implemented for five; and that implementation was still ongoing for three. (See paragraphs 3.43 to 3.54)
Recommendations
20. The Auditor-General did not make any recommendations. Eight opportunities for improvement were identified, relating to:
- IBA’s practices for responding to parliamentary committee and Auditor-General recommendations;
- NIAA’s practices for monitoring parliamentary activity, assisting government to responding to parliamentary committee recommendations, and closing Auditor-General recommendations; and
- the Department of the Prime Minister and Cabinet’s guidance to Australian Government entities on responding to parliamentary committee recommendations.
Summary of entity responses
21. The proposed audit report was provided to IBA and NIAA. An extract of the proposed audit report was provided to the Department of the Prime Minister and Cabinet. Entities’ summary responses are provided below. Entities’ full responses are provided at Appendix 1.
Indigenous Business Australia
Indigenous Business Australia (IBA) wishes to thank the ANAO for their professional and collaborative engagement with IBA throughout this audit.
The performance audit process has been useful for IBA in driving further improvements in internal processes relating to the implementation and management of ANAO and parliamentary committee recommendations and IBA will consider the further opportunities for improvement as part of its continual improvement processes.
National Indigenous Australians Agency
The National Indigenous Australians Agency (NIAA) welcomes the findings of the audit, including that it has established practices to respond to, implement, monitor and close parliamentary committee and Auditor-General recommendations. The NIAA acknowledges the opportunities for improvement identified in the report and has already made significant progress to strengthen processes for managing and implementing parliamentary committee and Auditor-General recommendations.
Department of the Prime Minister and Cabinet
The Department of the Prime Minister and Cabinet (the department) regularly reviews processes to ensure the robust provision of support to parliamentary committees and guidance to entities. This includes providing advice to entities on parliamentary committee reports with substantive recommendations that require responses from the Government. As part of this process, the department ensures entities are aware of the timeframes under Senate resolution 44 for responding to committee reports.
The department’s Tabling Guidelines provide advice on the preparation of government responses, including that all recommendations must be addressed and reasons provided for not accepting a recommendation, and timeframes for responses as set by Parliament.
Key messages from this audit for all Australian Government entities
22. The ANAO undertakes audits of implementation of recommendations made by parliamentary committees and the Auditor-General. In June 2021, the ANAO published Audit Insights: Implementation of Audit Recommendations, which includes observations from these audits for the benefit of all Australian Government entities.
23. Below are further key messages identified in this audit and which may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. The Growing Regions Program was announced in May 2023 as an open, competitive grants program that provides grants to local government entities and eligible incorporated not-for-profit organisations for capital works projects that aim to deliver community and economic benefits across regional and rural Australia.1 The Australian Government committed $600 million to the program over two rounds with $300 million available in each round.
2. Grants between $500,000 and $15 million were available to eligible applicants to deliver priority community and economic infrastructure projects. The objectives of Round 1 of the program are:
- constructing or upgrading community infrastructure that fills an identified gap or need for community infrastructure.
- contributing to achieving a wide range of community socio-economic outcomes; and
- is strategically aligned with regional priorities.
3. The Department of Infrastructure, Transport, Regional Development, Communications and the Arts (Infrastructure) is responsible for the Growing Regions Program. Infrastructure engaged the Department of Industry, Science and Resources, through the Business Grants Hub, to administer the program.
4. The program used a two-stage application process. Applicants were required to submit an Expression of Interest (EOI) application which would first be assessed by the Business Grants Hub to ensure projects met eligibility, project readiness and program suitability requirements before a multi-party parliamentary panel (the panel) assessed how closely all eligible projects aligned with regional priorities. The panel then recommended to Infrastructure which projects should be invited to submit a full application. EOI applications that were assessed as meeting requirements and approved to proceed were invited to submit a full application in stage two. Infrastructure made the final decision on which applicants would be invited to progress to stage two and submit a full application.
5. Round 1 of the Growing Regions Program opened on 5 July 2023 and received 650 EOI applications seeking a total of $2.7 billion in grant funding, of which 443 applications ($1.81 billion) were found suitable by the panel to progress to stage two.
6. Full applications opened on 27 November 2023 and closed on 15 January 2024. The Business Grants Hub assessed 311 projects for funding worth $1.5 billion. Of these projects, Infrastructure recommended 54 projects for funding up to the value of $300 million. On 16 May 2024 the Minister for Infrastructure, Transport, Regional Development and Local Government announced funding for 40 successful projects to the value of $207 million.2
7. This audit is the second of two reports on the effectiveness of the Growing Regions Program. The first audit, Auditor-General Report No. 31 2023–24 Design of the Growing Regions Program, was presented to the Parliament on 29 May 2024 and examined the effectiveness of Infrastructure’s design and planning for the Round 1 of the Growing Regions Program.
Rationale for undertaking the audit
8. The Growing Regions Program was a new grants program and one of the largest programs administered by Infrastructure. The program also contained a new design feature — a two-stage assessment process with an EOI stage assessed by a multi-party parliamentary panel.
9. Previous ANAO performance audits have identified deficiencies in Infrastructure’s implementation of regional grants programs including program design, providing information to the delegate, and transparency of decision-making.3
10. This audit provides assurance to the Parliament on the implementation and award of funding for Round 1 of the Growing Regions Program and whether Infrastructure implemented lessons learned from previous grants programs.
Audit objective and criteria
11. The objective of the audit was to assess the effectiveness of the implementation and award of funding for Round 1 of the Growing Regions Program.
12. To form a conclusion against the objective, the following high-level audit criteria were applied.
- Were applications assessed in accordance with the grant opportunity guidelines?
- Were funding recommendations and decisions made in accordance with the Commonwealth Grants Rules and Guidelines?
Conclusion
13. The implementation and award of funding for Round 1 of the Growing Regions Program was largely effective. Effectiveness was diminished by Infrastructure undertaking an additional assessment process which was not specified in the grant opportunity guidelines.
14. Assessment of applications for the Growing Regions Program was partly in accordance with the grant opportunity guidelines. The Business Grants Hub assessed EOI applications against the grant opportunity guidelines despite eligibility requirements for projects not being clearly defined in the guidelines. After the Business Grants Hub had completed its eligibility assessment, the minister through their office, advised Infrastructure of their preference for all 163 applicants found ineligible to be given the opportunity to correct any administrative errors or omissions with their applications. While the panel scored and ranked applications as required under the grant opportunity guidelines, panel members noted difficulty with the definition of what constituted ‘regional priorities’. Infrastructure did not consider in its development of the panel assessment process, the implications on a project’s average score by having a different number of panel members scoring applications.
15. Full applications were assessed partly in line with the grant opportunity guidelines. In its assessment of full applications, the Business Grants Hub correctly applied the three merit criteria from the grant opportunity guidelines. Infrastructure then completed a further geographical assessment of projects which was not set out in the grant opportunity guidelines. This resulted in Infrastructure removing three projects from the merit list and adding seven. By altering the results of the Business Grants Hub’s merit assessment, Infrastructure recommended projects to the minister which were not assessed as the most meritorious under the grant opportunity guidelines.
16. Infrastructure’s advice to the minister outlined the assessment process and risks relating to the approval of applications for the Growing Regions Program. The advice did not state how value for money was determined following Infrastructure’s additional analysis of the results of the Business Grants Hub’s merit assessment. Based on an initial, high-level assessment from the Australian Government Solicitor, Infrastructure advised that there was no lawful authority for the proposed expenditure under the program and proposed that to address that, funding could be awarded under a Federation Funding Agreement rather than as grants. Funding decisions were appropriately documented by the minister and the minister did not approve any projects that were not recommended by Infrastructure. The announcement of successful projects occurred two months after the original timeframes provided to applicants. As at 16 October 2024, the Growing Regions Program Federation Funding Agreement Schedule had been executed with the Western Australian, South Australian, Queensland, Tasmanian, New South Wales and Victorian governments.
Supporting findings
Assessment of applications
17. The Business Grants Hub assessed EOI applications against the grant opportunity guidelines despite eligibility requirements for projects not being clearly defined in the guidelines. After the Business Grants Hub had completed its eligibility assessment, the minister, through their office, advised Infrastructure of their preference for all 163 ineligible applicants to be given an opportunity to correct any administrative errors or omissions. The Business Grants Hub then completed another eligibility assessment on the 58 applications that had been resubmitted. Conflict of interest declarations were completed by all assessors undertaking the EOI assessment. Panel members received training from the Business Grants Hub and attended probity briefings delivered by an external probity advisor engaged by Infrastructure. (See paragraphs 2.3 to 2.33)
18. The panel scored and ranked applications as required under the grant opportunity guidelines, noting difficulty with the definition of what constituted ‘regional priorities’. Recommendations were made based on average scores and followed the requirements set out in the guidelines. Decisions were documented and probity requirements were followed. All panel members were originally required to score each application except where projects were in their electorate or jurisdiction. To assist in managing the panel’s workload, part-way through the assessment process there was a change in the scoring approach from having panel members score all applications, to a minimum of three scorers per application. Infrastructure did not consider in its design of the assessment process how different numbers of panel members scoring each application would impact on a project’s average score. (See paragraphs 2.34 to 2.66)
19. The Business Grants Hub assessed full applications against the three merit criteria as outlined in the grant opportunity guidelines and awarded each project a final score. The design of the eligibility requirements in the grant opportunity guidelines resulted in projects that potentially did not meet the program’s policy intent progressing through the assessment process. The minister did not fund 14 recommended projects which they identified as not suitable for funding as they would be better suited for funding under a different program. (See paragraphs 2.67 to 2.83)
20. Applications were ranked by the Business Grants Hub based on its assessment against the three criteria set out in the grant opportunity guidelines. The Business Grants Hub reported all highly suitable and suitable projects for funding. Following the Business Grants Hub’s merit assessment, Infrastructure completed further analysis and assessment of projects for geographical spread and socio-economic outcomes. This further assessment was not approved when the program was designed or set out in the grant opportunity guidelines. This resulted in Infrastructure removing three projects from the Business Grants Hub’s full assessment merit list and adding a further seven. (See paragraphs 2.84 to 2.101)
Award of funding
21. An initial high-level assessment by the Australian Government Solicitor obtained by Infrastructure prior to briefing the minister stated that lawful authority for proposed expenditure for the program was not in place. Infrastructure proposed an approach that sought to mitigate this risk. Infrastructure recommended that the minister approve 54 applications up to the limit of the available funding. The recommendation did not state how value for money was determined following an additional analysis of project applications and adjustment of results by Infrastructure. Funding recommendations for Round 1 of the Growing Regions Program did not meet the original timeframes as planned by Infrastructure primarily due to the need to seek legal advice on the lawful authority matter. (See paragraphs 3.1 to 3.22)
22. Reasons for all funding decisions were appropriately documented and informed by written recommendations from Infrastructure. The minister did not award funding to any projects that were not recommended by Infrastructure. All 40 applicants that the minister approved for funding were found to be highly suitable or suitable through the merit assessment process. The minister did not award funding to 14 projects that were recommended by Infrastructure. (See paragraphs 3.23 to 3.33)
Recommendations
Recommendation no. 1
Paragraph 2.82
The Department of Infrastructure, Transport, Regional Development, Communications and the Arts identifies in the program guidelines how to assess ineligible types of projects and expenditure for the Growing Regions Program to ensure that successful projects reflect the program’s policy intent and objectives.
Department of Infrastructure, Transport, Regional Development, Communications and the Arts response: Agreed.
Recommendation no. 2
Paragraph 2.100
The Department of Infrastructure, Transport, Regional Development, Communications and the Arts correctly applies the processes set out in the Growing Regions Program guidelines or updates the guidelines where significant changes to processes are required while the funding opportunity is open for applications.
Department of Infrastructure, Transport, Regional Development, Communications and the Arts response: Agreed.
Summary of entity response
23. The proposed report was provided to the Department of Infrastructure, Transport, Regional Development, Communications and the Arts, and the Department of Industry, Science and Resources. Extracts of the proposed report were provided to the Attorney-General’s Department. The summary responses are provided below and the full responses are at Appendix 1.
Department of Infrastructure, Transport, Regional Development, Communications and the Arts
The department welcomes the overall conclusion that the implementation and award of funding for Round 1 of the Growing Regions Program was largely effective. The department notes there have been some additional challenges in implementing the Growing Regions Program, including as a result of external factors.
While the department has asked the ANAO to consider the factual basis and emphasis given to some of the findings and commentary in the report, the department acknowledges that aspects of the program could have been improved.
The department agrees to both recommendations in the report and notes they are being implemented in the administration of Round 2 of the program.
Department of Industry, Science and Resources
The Department of Industry, Science and Resources acknowledges the Australian National Audit Office’s report on the implementation and award of funding for the Growing Regions Program.
The department notes this audit is the second of two reports on the effectiveness of the Growing Regions Program.
As a provider for Australian Government grants through the Business Grants Hub we will consider the key messages from the audit that are applicable for all Australian Government entities in the co-design and administration of future granting programs.
Attorney-General’s Department
The Attorney-General’s Department (“the department”) notes the extracts of Chapter 1 and Chapter 3 of the proposed ANAO report on the Implementation and award of funding for the Growing Regions Program.
The department has no comments on the audit findings in the extract it has viewed. Responsibility for administering the Growing Regions Program rests with the Department of Infrastructure, Transport, Regional Development, Communications and the Arts.
Key messages from this audit for all Australian Government entities
24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Program design
Summary and recommendations
Background
1. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:
Conflicts of interest are also a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar of integrity architectures.1
2. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out general duties of accountable authorities and officials of Australian Government entities.2 The general duties related to conflicts of interest for an official include:
- not improperly using their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth or others3; and
- disclosing the details of any material personal interests that relate to the affairs of the entity.4
3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further detail on requirements for managing conflicts of interest.5 Under the PGPA Act, accountable authorities have a duty to establish and maintain appropriate systems of risk oversight and management and internal control.6 In addition, the PGPA Rule establishes a requirement for the accountable authority to take all reasonable measures to prevent, detect and deal with fraud and corruption relating to the entity.7
4. Boards of corporate Commonwealth entities (CCEs) are the accountable authority unless otherwise prescribed by an Act or the rules. Membership of boards can consist of both executive directors and non-executive directors. CCE boards are responsible for the operations of their entities.
5. The Department of Finance states:
Corporate Commonwealth entities generally have enabling legislation that establishes the scope of their activities and a multi-member accountable authority (such as a board of directors).
6. Specialist skills and expertise may be required to provide a suitable composition for a CCE board. The board members that are appointed to CCE boards in respect of their specialist skills or expertise can have inherent interests that exist as a consequence of their specialist experience. For example, they may be involved in industry associations or have duties to other organisations. These interests can conflict with their duties as a board member of a CCE.
7. The operations of boards for four CCEs were selected for examination as a part of this audit:
- the Australian Sports Commission (ASC);
- Food Standards Australia New Zealand (FSANZ);
- Infrastructure Australia (IA); and
- the National Portrait Gallery of Australia (NPGA).
Rationale for undertaking the audit
8. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties.8 Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosures and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.
9. Section 29 of the PGPA Act provides a duty to disclose material interests. CCE board members may have material personal interests that relate to their role as a member of an accountable authority. Board requirements for specific qualifications, skills and experience pose the risk that domain knowledge and industry familiarity may lead to conflicts of interest.
10. This audit was conducted to provide assurance to the Parliament that the boards of the four CCEs are effectively managing conflicts of interest.
Audit objective and criteria
11. The objective of the audit was to assess the effectiveness of the operations of the boards of four CCEs in managing conflicts of interest.
12. To form a conclusion against the objective, the ANAO examined:
- Have the boards developed appropriate arrangements to manage board conflicts of interest?
- Have the boards effectively managed board conflicts of interest consistent with their own policies?
13. The audit examined the operations of the boards of four CCEs in managing conflicts of interest over the period 1 July 2021 to 31 December 2023. The appointment process for board members was not examined as part of this audit.
Conclusion
14. The operations of the boards in managing conflicts of interest were largely effective. Arrangements for managing conflicts of interest were implemented by the boards in accordance with legislative requirements and documented by some of the boards in policies and procedural guidance. The effectiveness in implementing these arrangements were inconsistent across the boards which resulted in deficiencies in declaring and managing conflicts of interest by the boards. This reduced the overall effectiveness of the boards in their management of conflict of interest risks.
15. The boards have developed largely appropriate arrangements for managing conflicts of interest. All boards have implemented arrangements to support the declaration of interests by board members, including following their appointment and during the term of their appointment. The arrangements implemented by the boards were aligned to requirements in the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). The board of the NPGA did not have a conflict of interest policy that included managing conflicts of interest related to its board. The boards of the ASC and FSANZ had not developed conflict of interest management plans for board members holding other roles within the Australian Government. The boards have largely relied on board induction processes to provide training and education in relation to managing conflicts of interest. The boards had implemented varying arrangements to obtain assurance over the management of conflicts of interest relating to board members.
16. The boards were partly effective in implementing arrangements for managing board conflicts of interest consistent with their own policies. There were shortcomings in the operating effectiveness of processes for declaring and managing conflicts of interest across all boards. This included instances where: declarations of interest were not obtained from newly appointed board members in a timely manner; declarations of interests were not implemented as a standing agenda item at board meetings; and boards’ assessments of declarations of interest were not sufficiently documented to record whether the board had determined declarations to be material personal interests.
Supporting findings
Arrangements to manage conflicts of interest
17. The boards had identified and assessed fraud and corruption risks within their risk management frameworks. The board of IA had identified conflict of interest controls for its then board within its operational and fraud risk registers. (See paragraphs 2.3 to 2.14)
18. All boards had arrangements for board members to declare interests following appointment and at board meetings. The arrangements implemented by the boards were aligned to requirements in the PGPA Act and PGPA Rule. The ASC, FSANZ and IA boards had policies and procedural guidance to manage board conflicts of interest. The NPGA board did not have a conflict of interest policy that provided coverage of the board, with the exception of a policy for declaring, managing and overseeing board conflicts of interest related to the acquisition of works. The boards for ASC and FSANZ had not developed management plans for potential conflicts of interest relating to ex-officio board members that held other roles within the Australian Government. (See paragraphs 2.15 to 2.60)
19. The boards largely relied on board induction processes and related resources from the Department of Finance for promoting compliance with conflict of interest requirements. The boards for the ASC and FSANZ had developed guidance specific to managing board conflicts of interest. The FSANZ board provided board members with access to its learning management system, which included training related to conflicts of interest. The IA board had delivered training for board members that included a module on conflicts of interest. None of the boards had documented training plans for board members or arrangements for monitoring training undertaken by board members. The Department of Finance’s resources on managing conflicts of interest are not specific to boards of corporate Commonwealth entities. (See paragraphs 2.61 to 2.84)
20. None of the boards had implemented an assurance strategy or framework that was specific to, or provided coverage of, board conflicts of interest. All boards had developed some form of arrangement to obtain assurance over board conflicts of interest.
- The ASC board obtained attestations from its board members on compliance with section 29 of the PGPA Act and provided reporting to its audit committee.
- The FSANZ board maintains a centralised register of interests declared by board members that is published on its website.
- The IA board undertook an internal audit in 2018–19 that covered board conflicts of interest and conducted Australian Securities and Investments Commission register searches of board members’ interests in 2021 to confirm declarations.
- The NPGA board had undertaken a specific review of board declarations to update its register of interests for board members. (See paragraphs 2.85 to 2.105)
Effectiveness of conflict of interest arrangements
21. There were instances across all boards where processes for declaring interests were not operating effectively.
- The ASC, FSANZ and NPGA boards had instances where they held board meetings where declarations of interests were not included in agendas or obtained during board meetings.
- The ASC and NPGA boards had instances where they did not obtain declarations of interests from newly appointed board members in a timely manner.
- All boards did not sufficiently document their assessment of declared interests and whether they were considered to be material personal interests. (See paragraphs 3.3 to 3.24)
22. All boards had implemented induction processes for their board members that covered conflict of interest. The ASC’s board induction processes were updated to provide coverage of conflicts of interest for board members commencing from March 2022, but not all current members had received the guidance. The FSANZ, IA and NPGA boards had implemented additional training and education arrangements on conflict of interest obligations for board members. (See paragraphs 3.25 to 3.35)
Recommendations
Recommendation no. 1
Paragraph 2.52
The National Portrait Gallery of Australia update its conflict of interest policy to document requirements and arrangements for declaring, managing and overseeing conflicts of interest relating to the board.
National Portrait Gallery of Australia response: Agreed.
Recommendation no. 2
Paragraph 2.58
The Australian Sports Commission and Food Standards Australia New Zealand assess conflict of interest risks for board members holding other roles within the Australian Government, and develop mitigations that are documented in a management plan.
Australian Sports Commission response: Agreed.
Food Standards Australian New Zealand response: Agreed.
Recommendation no. 3
Paragraph 2.82
The Department of Finance improve training and education arrangements for corporate Commonwealth entities to raise awareness for entities and their board members in understanding how to implement arrangements to meet conflict of interest obligations. This should be undertaken in consultation with portfolio departments.
Department of Finance response: Agreed.
Recommendation no. 4
Paragraph 3.21
The Australian Sports Commission, Food Standards Australia New Zealand, Infrastructure Australia and National Portrait Gallery of Australia implement arrangements to record the board’s assessment of whether a declaration made by a board member is determined to be a material personal interest. Where the interest is determined to be a material personal interest, boards should record the disclosure and consequence in accordance with the Public Governance, Performance and Accountability Rule 2014.
Australian Sports Commission response: Agreed.
Food Standards Australian New Zealand response: Agreed.
Infrastructure Australia response: Agreed.9
National Portrait Gallery of Australia response: Agreed.
Summary of entity responses
23. Extracts of the proposed report were provided to the ASC, the Department of Finance, FSANZ, IA and the NPGA. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the course of the audit are listed in Appendix 2.
Australian Sports Commission
Thank you for providing the Australian Sports Commission (ASC) with the opportunity to comment on the Australian National Audit Office (ANAO) proposed audit report on Management of Conflicts of Interest by Corporate Commonwealth Entity Boards.
The ASC acknowledges and accepts the key findings, recommendations and the opportunities for improvement presented in the Section 19 Report.
Department of Finance
The Department of Finance agrees the recommendation and findings provided in the report extract.
Food Standards Australia New Zealand
FSANZ acknowledges the importance of this audit to provide assurance to Parliament that the operations of Boards effectively manage conflicts of interest. In this context it is noted FSANZ is one of four entities (out of 74 CCE’s) assessed over the period July 2021 to December 2023.
The Board notes the audit’s findings that our arrangements for managing conflicts of interest align with the relevant legislation and are largely effective. As the independent agency responsible for the development of draft food standards for Australia and New Zealand, trust and confidence of decision-makers and stakeholders is important. The FSANZ Board takes a very conservative approach to managing conflicts of interest and, for transparency, we maintain and manage a register of all interests of Board members, regardless of whether they are classified as a material personal interest or not.
Infrastructure Australia
As the Australian Government’s independent adviser on nationally significant infrastructure investment planning and project prioritisation Infrastructure Australia values accountability, acting with integrity and upholding the highest ethical standards.
We appreciate the work of the ANAO which found that the boards of the four CCEs were largely effective in their management of conflicts of interest.
Infrastructure Australia accepts the recommendation that we strengthen our recording of the assessment and consequences of declared conflicts of interest. We have also commenced work to reflect the ANAO feedback on opportunities for improvement in administrative and management practices to strengthen our governance framework in relation to conflicts of interest.
National Portrait Gallery of Australia
The National Portrait Gallery (NPGA) welcomes the Australian National Audit Office’s (ANAO) report and accepts the recommendations made for the agency.
The report finds that the NPGA has developed largely effective arrangements for managing conflicts of interest for its the Board in accordance with legislative requirements.
The report identifies areas for improvement and makes two recommendations where the NPGA can take steps to strengthen its processes and assurance activities through update of its existing Conflict of Interest policy and processes. The NPGA agrees with, and is already taking steps to implement, these recommendations.
The NPGA also recognises the other areas of improvement identified in the Report, notably the expansion of assurance activities and the implementation of a Board training workplan. This will ensure that the NPGA is operating in alignment with government best practice in conflicts of interest management.
The NPGA thanks the ANAO audit team for their professionalism during the audit process.
Key messages from this audit for all Australian Government entities
24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.