Background

1. The NDIS Quality and Safeguards Commission (NDIS Commission, or Commission) began operating on 1 July 2018. The powers and functions of the NDIS Quality and Safeguards Commissioner (NDIS Commissioner, or Commissioner), as regulator of the National Disability Insurance Scheme (NDIS) are set out in the National Disability Insurance Scheme Act 2013 (NDIS Act). The NDIS Commission regulates registered and unregistered NDIS providers (as defined in section 9 of the NDIS Act) and workers to improve the quality and safety of NDIS services and advance the human rights of people with disability.

2. The NDIS Commissioner’s core functions (set out in section 181E of the NDIS Act) include to secure compliance with the NDIS Act through effective compliance and enforcement; to engage in, promote and coordinate information sharing to achieve the NDIS Act’s objectives; and to provide NDIS market oversight by monitoring and mitigating market-related risks. The NDIS Act also sets out the Commissioner’s functions relating to provider registration and reportable incidents (section 181F); complaints management (section 181G); behaviour support oversight (section 181H); and establishing, operating and maintaining a worker screening database (section 181Y).

Rationale for undertaking the audit

3. The NDIS Commission is the regulator for the NDIS. The NDIS provides funding to a large number of participants — as at 30 June 2025 there were 739,414 NDIS participants with approved plans.¹ The NDIS also forms a significant portion of government spending, with total scheme payments of $46.3 billion in 2024–25.² The NDIS operating environment has been subject to a number of reviews in recent years, which have made a range of recommendations including seeking improvements in information sharing, provider registration, restrictive practices, complaints handling and compliance and enforcement arrangements. This audit provides independent assurance to Parliament over whether the NDIS Commission is effectively exercising its regulatory functions.

Audit objective and criteria

4. The objective of the audit was to assess the effectiveness of the NDIS Commission in exercising its regulatory functions.

5. To form a conclusion against the objective, the following criteria were adopted:

• Does the NDIS Commission have effective intelligence gathering and information sharing arrangements in place?
• Has the NDIS Commission developed a risk-based strategy to guide regulatory decision-making?
• Has the NDIS Commission effectively implemented risk responsive and proportionate monitoring, compliance and enforcement activities?

Conclusion

6. The NDIS Commission is partly effective in exercising its regulatory functions. The Commission does not have full visibility of the market it regulates. From 2023–24 to 2024–25 the total number of active providers grew by 25 per cent, with active registered providers and active unregistered providers growing by 15 per cent and 26 per cent respectively.³ In regulating a market that is expected to see continued growth in the number of participants and providers, the Commission’s effectiveness as a regulator would be improved by taking a risk-based approach to regulating the NDIS that is underpinned by quality data, and targets available resources to areas of greatest risk.

7. The NDIS Commission has partly effective intelligence gathering and information sharing arrangements in place. The Commission has established policies relating to information management and the management of personal information. The effectiveness of the Commission’s collection, correlation and analysis of intelligence has been impacted by limitations of the Commission Operating System (COS). The Commission engages with the disability sector and has documented arrangements to support information sharing with some government entities. These arrangements are not complete and are under review. The Commission does not have processes to ensure information disclosures meet legislative requirements.

8. Regulatory decision-making is not guided by a risk-based strategy. Since commencing operations in 2018 and becoming a national operation in 2021, the Commission has not established a framework for assessing, prioritising and managing risks of provider non-compliance. In the absence of a regulatory risk framework and assessment of regulatory risks, the Commission’s overarching compliance and enforcement approach and regulatory decision-making has not been informed by risk.

9. The Commission has implemented a range of compliance activities. It has not effectively implemented risk responsive and proportionate monitoring, compliance and enforcement activities. The Commission does not have oversight of all the NDIS providers delivering services in the market as there is no requirement for all providers to be registered. In the fourth quarter of 2024–25, 94 per cent of active providers were unregistered and received 42 per cent of plan managed NDIS payments.

• The Commission’s arrangements to monitor the market and provider compliance did not include arrangements to monitor and mitigate the risks of unplanned service withdrawal — a core function of the NDIS Commissioner under the National Disability Insurance Scheme Act 2013 (NDIS Act).
• The Commission undertook 9,520 compliance actions in 2022–23; increasing 3.73 times in 2023–24 to 35,519 compliance actions. Additionally, the Commission has seen large growth in the number of complaints received from 16,305 in 2022–23 to 29,054 in 2023–24. The NDIS Commission does not have quality assurance processes for compliance activities. In the absence of a quality assurance program the Commission is not able to assess its effectiveness in detecting and addressing non-compliance.
• The NDIS Commission had arrangements for executive oversight of annual performance although these were not fully executed. The Commission has developed a Planning and Performance Framework, but this does not address government expectations for regulators. Data reported in the Commission’s quarterly performance reports could not be reconciled with the data reported in the Commission’s 2023–24 Annual Performance Statements.

Supporting findings

Information gathering and sharing arrangements

10. The NDIS Commission has policies that set out its information management and privacy obligations in accordance with the Archives Act 1983 and the Australian Privacy Principles. The Commission has systems for storing, correlating and analysing information. These had not been sufficiently documented in accordance with the Commission’s Information Management Policy. COS has capability limitations and was assessed by the Commission as being non-compliant with Australian Government record keeping and metadata requirements. The Commission has conducted a range of activities to analyse information and intelligence gathered. A strategic framework or formalised processes have not been established for its analysis activities. The Commission has developed a data quality framework. The Commission has not implemented arrangements for assurance over the quality, accuracy, and completeness of the information held by the Commission. (See paragraphs 2.3 to 2.31)

11. The NDIS Commission has arrangements to share information with Australian Government entities, including the National Disability Insurance Agency (NDIA), and state and territory government entities. Documentation supporting these arrangements is not complete. The disclosure record for information shared does not meet the requirements of the National Disability Insurance Scheme Rules 2018. The NDIS Commission shares information and seeks feedback from the disability sector through stakeholder engagement committees and undertakes a range of activities to assist voluntary compliance. The NDIS Commission undertook stakeholder sentiment surveys in 2023 and 2024 to assist in assessing whether the activities of the Commission were meeting the needs of the sector. Responses to the 2024 survey indicated 24 per cent of respondents trusted the Commission ‘a lot’ or ‘completely’ to provide support if there are issues with NDIS services. Forty per cent of respondents ‘moderately’ trusted the Commission; and 18 per cent trusted the Commission ‘a little’ to provide this support. (See paragraphs 2.32 to 2.60)

Risk-based approach to regulatory decision-making

12. The Minister for the NDIS issued a Statement of Expectations to the NDIS Commissioner on 20 December 2022 and the NDIS Commissioner responded with a Statement of Intent dated March 2023. The NDIS Commission has not sought a new Statement of Expectations consistent with government expectations of regulators. The Commission published annual compliance priorities for 2019–20 to 2021–22, 2023–24 and 2024–25. The compliance priorities are not risk-based or informed by data and the Commission has not established arrangements to address or report on specific priorities. The Commission has an overarching approach to compliance and enforcement through the Regulatory Approach, Operating Model and Compliance and Enforcement Policy. These are not informed by risk. (See paragraphs 3.2 to 3.28)

13. The NDIS Commission has not implemented a framework for assessing and managing regulatory risk. In its Corporate Plans for 2023–24 and 2024–25, the NDIS Commission reported on the management of two enterprise risks relating to provider non-compliance and participant harm. The Commission assessed these risks under the Enterprise Risk Management Framework, which was designed to assess and manage the Commission’s operational risks. In August 2024, the NDIS Commission updated the Regulatory Approach with five risk priorities that create an unacceptable risk of harm for participants if not addressed. After these priorities were endorsed the Commission continued to have no overarching strategic approach to regulatory risk. (See paragraphs 3.29 to 3.45)

Monitoring, compliance, and enforcement

14. Compliance monitoring activities were not carried out under a risk-based strategy or work program. The Commission has not established or documented an approach to monitoring and mitigating the risks of unplanned service withdrawals — a core function of the NDIS Commissioner under the NDIS Act. (See paragraphs 4.3 to 4.34)

15. The NDIS Commission has established arrangements to detect and address non-compliance but does not have overarching procedural guidance for the end-to-end management of compliance matters. The Commission does not have quality assurance processes for compliance activities, including investigations. In the absence of quality assurance processes and up-to-date policies the Commission is unable to assesses its effectiveness in detecting and addressing non-compliance. (See paragraphs 4.35 to 4.64)

16. Arrangements were in place, but were not fully executed, for NDIS Commission senior executive oversight and the Audit and Risk Committee review of annual performance. Prior to March 2024, the NDIS Commission did not have a standardised framework to support Annual Performance Statement obligations. The Planning and Performance Framework does not address government expectations for regulators. Data reported in the NDIS Commission’s quarterly reports does not reconcile with the 2023–24 Annual Performance Statements. (See paragraphs 4.65 to 4.101)

Recommendations

Summary of entity response

17. The proposed audit report was provided to the NDIS Commission. The NDIS Commission’s summary response is reproduced below, and its full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

The NDIS Quality and Safeguards Commission (NDIS Commission) appreciates the work of the ANAO in assessing the Commission’s regulatory functions. The NDIS Commission is committed to improving its existing processes and becoming a formidable human rights regulator that applies an intelligence led risk-based, approach to its meet legislated outcomes.

The NDIS Commission acknowledges the findings of the report and agrees to action all recommendations and opportunities for improvement. The NDIS Commission has designed and is delivering a Data and Regulatory Transformation (DART) program that will provide access to reliable data and improve visibility of the market to support intelligence led risk-based regulation in alignment with ANAO report recommendations.

The NDIS Commission has taken steps to improve its regulatory processes through establishing a Risk-Based Regulation Prioritisation Model (the Model). The Model will provide a consistent approach to assessing risk and prioritising compliance activities. The NDIS Commission is applying a phased approach to implementation of the Risk-Based Regulation Prioritisation Model with its full roll out in October 2025.

The NDIS Commission will prioritise the establishment of a quality assurance framework to assess and continuously improve its regulatory processes. The NDIS Commission is committed to action all report recommendations to continue to protect and promote the rights, safety and wellbeing of people with disability and ensure a sustainable future for the NDIS.

Background

1. Australian Public Service (APS) employees have an obligation to comply with the Australian Government sector ethical framework and behave with integrity. The Australian Government sector ethical framework is defined by the Australian National Audit Office (ANAO) as the application of legislation and rules including the Public Governance, Performance and Accountability Act 2013 (PGPA Act), Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), Public Service Act 1999 (PS Act) and the APS Commissioner’s Directions 2022 (Commissioner’s Directions).

2. The Department of Employment and Workplace Relations (DEWR) was established on 1 July 2022 as a result of machinery of government changes. DEWR’s 2024–25 Corporate Plan states that its purpose is to ‘support people in Australia to have safe, secure and well-paid work with the skills for a sustainable future’. DEWR is responsible for administering programs relating to training and employment, workplace relations, and work health and safety.

Rationale for undertaking the audit

3. All members of the APS are subject to ethical obligations established by legislation, specifically the PGPA Act, the PGPA Rule, the PS Act, and the Commissioner’s Directions. This audit will provide assurance to the Parliament on the effectiveness of DEWR’s approach to implementation of the Australian Government sector ethical framework.

Audit objective and criteria

4. The objective of the audit was to examine the effectiveness of the implementation of frameworks to support ethical behaviours within DEWR.

5. To form a conclusion against the objective, the ANAO applied the following high-level criteria.

• Do the ‘tone from the top’ and overarching strategies and policies within DEWR promote ethical behaviour and facilitate compliance with the Australian Government sector ethical framework?
• Are there appropriate supporting mechanisms in place to implement the ethical strategies and policies?
• Is there monitoring and reporting to provide assurance to the accountable authority that the strategies and policies are being implemented effectively?

Conclusion

6. DEWR has implemented largely effective enterprise-wide strategies and frameworks that have the potential to support its staff to comply with the Australian Government sector ethical framework. Effectiveness could be improved by ensuring its strategies and frameworks are measurable in terms of impact and establishing baselines and metrics for integrity-related reporting including across the delivery of its business.

7. DEWR’s tone from the top and overarching strategies and frameworks are largely effective in promoting ethical behaviour by DEWR staff and compliance with the Australian Government sector ethical framework. DEWR has messaging in place within its Corporate Plan 2024–25 to set the tone from top regarding expectations for DEWR leaders and staff to act with integrity. DEWR’s Integrity Framework 2024 provides guidance to all DEWR staff on integrity principles and sets out the resources available to assist staff to comply with the Australian Government sector ethical framework. DEWR’s People Strategy 2024–27 contains elements which reference the Australian Public Service (APS) Values and set expectations for DEWR’s leaders. DEWR has not developed a method for assessing the impact of the Integrity Framework and People Strategy in contributing to an ethical culture within DEWR, including when implementing its programs and measures. The DEWR executive provides regular communications to staff on matters relating to acting with integrity.

8. DEWR has largely appropriate mechanisms to implement its overarching ethical strategies and policies. These include: Accountable Authority Instructions (AAIs); the annual management assurance process; conflicts of interest processes; complaints and investigations mechanisms; fraud and corruption controls; credit card use policy; procurement and probity procedures; grants management guidance; gifts benefits and hospitality procedures; staff surveys; mandatory training; and Senior Executive Service (SES) performance management. Guidance and policy documents for these mechanisms sets out roles and responsibilities, oversight and reporting timeframes to DEWR’s governance committees. Where relevant, processes for non-compliance were identified in the process documentation. Assurance and oversight primarily occurs through reporting to DEWR’s governance forums.

9. Assurance on implementation of ethical strategies and supporting mechanisms is provided to DEWR’s Secretary through reporting to the Executive Board, the Audit and Risk Committee, the People, Culture and Engagement Committee and the Risk Committee. Instances of discussions relating to ethics, integrity, values or culture have increased across those forums since 2023. DEWR is developing a method to capture and report on key integrity-related matters in an Integrity Dashboard which it is planning to provide to the Executive Board. The dashboard focuses on information relating to financial management and performance under the requirements set out by the PGPA Act and the PS Act. DEWR has not set any baselines or metrics for relevant data sets in the dashboard, for example, rates of credit card non-compliance or mandatory training, which would enable performance over time to be monitored

Supporting findings

Ethical strategies and policies

10. DEWR’s purpose in its Corporate Plan sets its overall strategic direction and the Secretary’s messaging in the introduction to the Corporate Plan sets the tone for DEWR’s senior leaders (see paragraphs 2.3 to 2.6).

11. DEWR’s Integrity Framework was launched in June 2024 and sets out DEWR’s approach to building an integrity culture, including assigning roles and responsibilities and identifying guidance and procedures that contribute to driving integrity within the department. In October 2024 DEWR launched the People Strategy 2024–27 which incorporates an ethical leadership element aligned with the APS Values, sets out the expectations for DEWR leaders at all levels, and defines the priorities for its people and culture. DEWR has not developed an approach to ascertain the effectiveness of the implementation of the People Strategy or Integrity Framework (see paragraphs 2.7 to 2.45).

12. DEWR uses various communications to update staff on important information including: all staff emails; video messages from the Secretary and other Senior Executive Service (SES) officials; and weekly email updates. Within these communications, there are regular occurrences of staff being advised of their obligations around undertaking their roles ethically and with integrity, for example, reminders on fraud awareness training and embodying the APS Values. DEWR also communicated the launch of the Integrity Framework and training to all staff (see paragraphs 2.46 to 2.55).

Implementation mechanisms

13. DEWR has mechanisms in place to encourage ethical behaviour by its staff, facilitate compliance with Australian Government sector ethical framework, and identify and address areas of non-compliance. Processes and roles and responsibilities are set out in the supporting guidance for the mechanisms, including requirements around quality assurance and reporting to DEWR’s governance committees. Assurance and oversight are primarily provided through regular reporting to the DEWR executive and other governance forums. DEWR undertakes assurance activities within the processes for credit cards, fraud and corruption, code of conduct and SES personal declarations of interest. Non-compliance is managed for code of conduct, fraud investigations, credit card use and gifts and benefits. For these mechanisms, DEWR has procedures in place to manage non-compliance through avenues such as formal investigation, additional training, official warning or sanctions (see paragraphs 3.2 to 3.117).

Assessment, monitoring and reporting

14. DEWR has processes in place to enable monitoring and reporting on the progress and implementation of mechanisms that support DEWR’s implementation of the Australian Government sector ethical framework. DEWR is developing an Integrity Dashboard which intends to collate integrity-related data into the one report. DEWR has yet to develop metrics and baselines for the relevant data sets in the dashboard, or report on organisational integrity in delivering its programs and measures. DEWR’s Executive Board, Audit and Risk Committee, People, Culture and Engagement Committee and the Risk Committee regularly discussed matters relating to ethics, integrity, values or culture between 1 July 2022 and 31 December 2024. There has been an increase in the level of discussion of these themes in the forums since mid-2023 (see paragraphs 4.2 to 4.32).

Recommendations

Summary of entity response

15. The proposed audit report was provided to DEWR. DEWR’s summary response is provided below, and its full response is included in Appendix 1.

The Department of Employment and Workplace Relations (the department) welcomes the audit’s recommendations and the recognition that the department has largely effective:

1. strategies and frameworks, that have the potential to support its staff to comply with the Australian Government sector ethical framework
2. promotional mechanisms in place, including tone from the top. This has included the department’s executive issuing regular communication on ethical matters
3. mechanisms to support the implementation of ethical strategies and policies, including the People Strategy and the Integrity Framework

The department has agreed to both recommendations made by the ANAO; recognising the importance of fostering a strong ethical culture and maintaining robust integrity frameworks across all levels of the organisation. The department remains committed to embedding integrity into all aspects of our culture and recognises the importance of continuous improvement, ensuring frameworks also support integrity in the administration of departmental programs and measures.

The department is committed to ethical leadership at all levels, promoting an environment of accountability, where public officials act with probity and integrity. The department will continue to operate with transparency, designing and administering programs, policies and processes with a continual focus on the people they are meant to serve.

Background

1. The Royal Australian Navy (Navy) amphibious warfare fleet includes two Canberra class amphibious assault ships, also known as landing helicopter docks (LHDs). These are HMAS Canberra, commissioned in November 2014, and HMAS Adelaide, commissioned in December 2015. The role of the LHDs is to provide capabilities in amphibious warfare, humanitarian assistance, disaster relief and sealift, and to contribute to broader naval activities. Effective sustainment of the LHDs, including maintenance and support, is essential for the effective delivery of these capabilities.

2. Defence’s Naval Shipbuilding and Sustainment Group has been responsible for the sustainment of the LHDs on behalf of the Navy (the capability manager) since October 2022.¹ Since entry into service in 2014, Defence has contracted its core LHD sustainment delivery activities to industry. Defence’s contracting model has changed from time to time, with each of the arrangements established at the commencement of the following three phases: the transition from acquisition to sustainment (from 2014 to 2019); the asset class prime contractor model (from 2019 to 2024); and the Maritime Sustainment Model (as of 1 July 2024).

Rationale for undertaking the audit

3. In 2024–25, Defence’s sustainment activities for its fleet of two Canberra class amphibious assault ships, or LHDs, had a funding provision of $180 million (estimated at $1.9 billion to 2033–34). With service life-of-type until the mid-2050s, the LHDs provide Navy with amphibious capabilities which are to support the delivery of the Australian Government’s strategic intent through joint Australian Defence Force (ADF) deployments. This audit provides assurance to the Parliament on Defence’s sustainment of naval capability, building on Auditor-General Report No. 30 2018–19 ANZAC Class Frigates — Sustainment.

Audit objective and criteria

4. The audit objective was to examine the effectiveness of Defence’s sustainment arrangements for Navy’s Canberra class fleet of amphibious assault ships (or LHDs).

5. To form a conclusion against the audit objective, the following high-level criteria were adopted.

• Has Defence implemented fit-for-purpose planning and value for money procurement arrangements to support its sustainment activities?
• Has Defence effectively managed its sustainment contracts?
• Has Defence established appropriate performance monitoring and reporting arrangements?

Conclusion

6. Defence’s sustainment arrangements for Navy’s LHDs have been partly effective. Risks arising from an accumulation of defects and maintenance backlogs over several years have materialised. The substandard condition of the vessels, and personnel workforce shortages, have resulted in instances of critical failure and impacts to the Navy’s delivery of operational outcomes.

7. Defence did not implement fit-for-purpose planning and value for money procurement arrangements to support LHD sustainment. Defence’s future sustainment requirements, including access to important intellectual property for the LHDs, were not sufficiently developed during the acquisition phase. Establishment of the sustainment arrangements was delayed, occurring during the transition to sustainment process and alongside remediation activities to address issues persisting from acquisition. Defence’s remediation activities did not achieve the required outcomes, resulting in additional work being transferred to the sustainment phase or managed as part of capability improvement projects.

8. Value for money and the intended sustainment outcomes were not achieved through Defence’s procurement processes. Early cost estimates for the sustainment of the LHDs were under developed and did not anticipate the impact of the protracted acquisition deficiencies extending into sustainment and continuing into 2025. Defence has regularly reviewed and adjusted its sustainment budget.

9. Sustainment of the LHDs was not managed effectively by Defence through its prime contractor arrangements. Governance arrangements, contract management guidance, and risk management practices were not implemented in a timely manner and contract-specific probity arrangements were not developed. Defence did not take reasonable steps, as required by the Public Governance, Performance and Accountability Act 2013 (PGPA Act), to manage systemic poor procurement practices by the prime contractor or investigate claims of fraudulent activity in sub-contracting arrangements in accordance with its own policies. Defence did not use the full range of contractual levers available to manage its primary sustainment contract. This approach impacted the quality of service delivery and undermined the achievement of value for money through the contract.

10. Defence has established partly appropriate performance monitoring and reporting arrangements for the Canberra class LHDs. Sustainment outcomes have largely met Navy’s requirements for the operational use of the platforms. The long-term availability and reliability of the LHDs is at risk primarily due to the accumulation of urgent defects, maintenance backlogs and shortfalls in personnel to undertake organic level maintenance. As a result, the LHDs have experienced critical failures, impacting on Navy operations.

11. Defence’s transition to the new Maritime Sustainment Model lacked reliable and complete information on the expected performance of sustainment contractors. Value for money outcomes for the procurements under the new model were limited by poorly implemented probity arrangements and the procurements commencing later than planned, reducing the time available to resolve issues during contract negotiations.

Supporting findings

Planning and procurement

12. Defence accepted delivery of the ships from BAE in 2014 and 2015 later than planned and with defects and deficiencies in both vessels, many of which remain unresolved.

• In 2017, Defence established a Transition and Remediation Program (TARP) to manage the transition into sustainment and conduct the remediation work required to achieve the full capability expected from the LHDs. The remediation activities did not achieve all the intended outcomes, and in November 2019, Defence accepted the LHDs into full service with six ‘significant residual deficiencies’.
• In 2021, Defence established a capability assurance program to address urgent operational and safety issues for the LHDs, including issues carried over from the TARP.
• In July 2024, one quarter of the way through the planned life of the ships, Defence closed the acquisition project with significant defects and deficiencies from acquisition remaining unresolved and to be managed during the sustainment phase (see paragraphs 2.2 to 2.21).

13. The integrity of Defence’s procurement processes for the LHD sustainment prime contractors was undermined by poor controls over probity risks.

• In 2014, the Capability Support Coordinator contract was awarded following an open tender process. The effectiveness of this procurement was limited by issues in the planning and evaluation processes. There were also shortcomings in the subsequent extension of the services with the incumbent provider under the Major Service Provider Panel following an unsolicited proposal in 2022.
• In 2014, the Transition In-Service Support Contract was awarded following a ‘collaborative’ sole source procurement process involving protracted engagement by Defence to improve an under-developed tender response. The procurement outcome did not demonstrate value for money.
• In 2018, the Asset Class Prime Contractor was awarded following a two-stage selection process which involved assessments against fit-for-purpose evaluation criteria. The integrity of the process was compromised by the departure of a senior Defence official with early involvement in the procurement who was then employed by, and negotiated with Defence on behalf of, the winning tenderer (see paragraphs 2.22 to 2.77).

14. Defence’s forecast and management of sustainment costs have been impacted by deficiencies from acquisition extending into sustainment. Since final operating capability was declared in 2019, the LHD sustainment funding provision per financial year has not met in-year requirements, with some sustainment work deferred and future costs increasing. In 2024 senior Defence officials considered options to address Navy sustainment funding pressures. Following consultation with the Minister for Defence in 2024, Navy sustainment funding was increased by an additional $300 million over two years to June 2026, of which Defence allocated $36 million towards LHD sustainment funding for 2024–25 (see paragraphs 2.78 to 2.88).

Sustainment management

15. Defence established governance arrangements to support its management of LHD sustainment contracts. These arrangements were either not implemented effectively or not maintained by Defence, resulting in a number of shortcomings.

• Since 2012, updates to the Materiel Sustainment Agreement (head agreement) between Navy and the Naval Shipbuilding and Sustainment Group have not been timely, occurring several years after key changes in responsibilities or organisational restructures had taken effect.
• A contract management plan was not established for the first 17 months of the ACPC contract. Contract risks, including those identified during the procurement process, were not revisited as planned or covered in the contract management plan.
• Contract-specific probity arrangements were not established for the ACPC contract. Defence relied solely on its broader departmental arrangements instead, which require Defence personnel to proactively identify and declare any actual, potential or perceived conflicts of interest as and when they arise.
• LHD sustainment risks at the strategic level are managed separately and in isolation from risks at the operational and technical levels. There is no hierarchy or clear line of sight between the risks identified in the Materiel Sustainment Agreement and those being managed day-to-day (see paragraphs 3.2 to 3.32).

16. Defence did not manage its primary LHD sustainment contracts as intended by its performance-based design. As a result, Defence cannot assure itself or ministers that sustainment services were delivered effectively and in accordance with the contracted requirements. Key deficiencies were that Defence did not:

• ensure that all mandatory reports were submitted in a timely manner by the contractor;
• undertake full or timely assessments of the contractor’s performance;
• ensure that all key sustainment deliverables had been completed in full prior to making payments to the contractor; or
• use the full range of levers available in the contract to drive satisfactory performance.

17. Between 2021 and 2023 there were at least three separate allegations of fraudulent activities or instances of poor sub-contracting practices related to the ACPC contract. Defence did not seek further information from the contractor on the 2023 allegations and did not change its approach to managing the contract after being notified of the various issues (see paragraphs 3.33 to 3.79).

Performance monitoring and reporting

18. Defence has established a sustainment performance framework for the LHDs, with performance measures set out in a written agreement and reporting provided to senior Defence leadership. The performance measures adopted are relevant to the LHDs but are not fully reliable and do not provide a complete and clear picture of sustainment performance as some important areas of sustainment are not covered. For some performance measures, the nature of the targets selected has led to reporting that does not provide a fair presentation of performance results for the LHDs (see paragraphs 4.2 to 4.18).

19. Navy’s operational requirements have been impacted by shortcomings in the management of LHD sustainment. Sustainment outcomes have included an accumulation of urgent defects, persistent maintenance backlogs, and the degradation of the condition of the platforms. The LHDs have fallen short of meeting availability targets since 2020–21 and sustainment-related deficiencies and workforce shortfalls have given rise to risks involving critical failures in the vessels, possible damage to Navy’s reputation and concerns for the sustainability of the LHDs over the long-term. Some of these risks have materialised, including:

• total power failures in 2022 and 2023, making the LHDs temporarily unavailable while providing humanitarian assistance and disaster relief support in Tonga and Vanuatu; and
• a reduction from three ships to two available for deployment in the amphibious force during 2025 (see paragraphs 4.19 to 4.53).

20. In July 2024, Defence transitioned LHD sustainment to the ‘Maritime Sustainment Model’, which involved the procurement and contracting of new commercial arrangements. Defence started the procurements later than planned, which limited the options available to Defence to manage issues and strengthen value for money outcomes during negotiations. Arrangements to manage probity were not robust and, in respect to the LHD Capability Life Cycle Manager procurement, probity was poorly managed. Defence has not benchmarked or established expected sustainment performance levels for the Maritime Sustainment Model (see paragraphs 4.54 to 4.83).

Recommendations

Summary of entity response

21. The proposed audit report was provided to the Department of Defence. Extracts of the proposed audit report were provided to BAE Systems Australia Pty Ltd, Babcock Pty Ltd, and Kellogg Brown and Root Pty Ltd. The Defence summary response is provided below and its full response is provided at Appendix 1. Responses from BAE Systems Australia Pty Ltd, Babcock Pty Ltd, and Kellogg Brown and Root Pty Ltd are provided at Appendix 1.

The Department of Defence acknowledges the findings contained in the Auditor General’s report on the sustainment of the Canberra Class amphibious assault ships.

Defence acknowledges that planning and procurement processes, sustainment management arrangements and performance monitoring and reporting were assessed as partly effective.

Defence supports the recommendations. Defence is committed to ensuring the through-life sustainment of the Canberra Class amphibious assault ships deliver the best possible capability outcomes for the Australian Government and the Australian Public.

Background

1. The National Reconstruction Fund was announced by the Minister for Industry and Science on 25 October 2022¹, as part of the 2022–23 Federal Budget, as a $15 billion investment to ‘diversify and transform Australia’s industry and economy.’

2. The Department of Industry, Science and Resources (DISR) took the lead for the design and establishment of the National Reconstruction Fund Corporation (NRFC). The Department of Finance provided support to DISR in the design and establishment of the NRFC.

3. The NRFC is a corporate Commonwealth entity established under the National Reconstruction Fund Corporation Act 2023 (NRFC Act). It commenced on 18 September 2023 and is governed by an independent board. Under the NRFC Act, the Minister for Industry and Science and the Minister for Finance are the responsible ministers. In performing its investment functions, the NRFC Board is required to comply with the NRFC Act, the National Reconstruction Fund Corporation (Investment Mandate) Direction 2023 (NRFC Investment Mandate)² and the National Reconstruction Fund Corporation (Priority Areas) Declaration 2023.³

4. On 19 November 2024, the NRFC announced its first two investments: a $100 million partnership with Resource Capital Funds, which includes a $40 million investment in Russell Mineral Equipment.⁴ As at 31 May 2025, the NRFC has announced nine investments totalling $434.5 million.⁵

5. In December 2024, Parliament passed the Future Made in Australia Act 2024. The Future Made in Australia measure establishes a ‘Front Door for investors with major transformational proposals within the Treasury portfolio’⁶, an Investor Council to support the Front Door and the involvement of Specialist Investment Vehicles in the Investor Council.⁷

Rationale for undertaking the audit

6. The NRFC was announced on 25 October 2022 as a $15 billion vehicle through which the Australian Government will ‘facilitate increased flows of finance into priority areas of the Australian economy, through targeted investments to diversify and transform Australian industry, create secure, well-paying jobs and boost sovereign capability.’

7. The audit provides assurance to the Parliament as to whether the design and establishment of the NRFC was effective.

Audit objective and criteria

8. The objective of this audit was to assess the effectiveness of the design and establishment of the NRFC.

9. To form a conclusion against the objective, the following high-level criteria were adopted.

• Was the design process effective?
• Are governance arrangements sound?
• Are the Fund arrangements effective?

Conclusion

10. The design of the NRFC was largely effective, the establishment of the NRFC’s governance and fund arrangements was partly effective. There are opportunities to improve NRFC’s governance by establishing a financial strategy and reviewing its performance reporting. Further, there is scope for the NRFC Board to finalise its investment strategy, stakeholder engagement framework and some investment procedures, and to establish assurance over its investment compliance.

11. The design process for the NRFC was largely effective. Due diligence checks for one member of the NRFC Board were not documented. DISR applied lessons from similar programs and considered stakeholder feedback. Stakeholder engagement was largely consistent with better practice — with opportunities to close the loop with stakeholders, and documenting lessons to improve future engagement activities. Constitutional risks to investments were assessed and approaches to manage these were outlined in advice to government and the NRFC Board. Advice on establishing a new corporate Commonwealth entity was sound. Appointments to the NRFC Board were consistent with the NRFC Act.

12. NRFC’s governance arrangements are largely sound. The NRFC Board and CEO appointments, Board meetings and remuneration arrangements have been established under the NRFC Act. Investment Policies have been published pursuant to section 75 of the NRFC Act. NRFC’s reporting arrangements for its annual report, corporate plan, budget estimates, performance measures and statements have been established, with 2024–25 performance to be reported against ‘at least three identified areas of the economy’ out of seven under the National Reconstruction Fund Corporation (Priority Areas) Declaration 2023. NRFC’s risk management, fraud and corruption control arrangements, and accountable authority instructions are underway and progressing as at March 2025. NRFC’s corporate policies are progressing as at March 2025. The NRFC Audit and Risk Committee (ARC) reviewed NRFC’s arrangements for risk management, internal controls, financial reporting except it did not review NRFC’s performance reporting arrangements for 2023–24 in line with the ARC charter and section 17 of the PGPA Rule. Recruitment is continuing, with the asset management function for investments underway as at March 2025. NRFC Board is yet to develop a financial strategy. NRFC has processes for managing procurement, recruitment, declaring gifts and benefits, and Freedom of Information (FOI). Access to NRFC’s released information under FOI is not consistent with guidelines from the Australian Information Commissioner.

13. NRFC’s fund management arrangements are partly effective. The NRFC Board has approved investments without finalising its investment strategy and stakeholder engagement framework. NRFC’s investment strategy and stakeholder engagement framework, listed as outputs within NRFC’s Corporate Plan 2023–24, were not completed. A draft investment strategy, draft stakeholder engagement framework, and the absence of a plan to evaluate them, limits the effectiveness of the NRFC Board’s fund promotion.

14. NRFC’s processes to assess investments against its legislative requirements are developing and partly effective. NRFC’s existing procedures relating to due diligence, risk management and assessing concessionality need clearly defined requirements for officials. NRFC is developing investment procedures relating to: credit risk, national security assessments, and investment impact. Investment assessment processes have gaps in: due diligence, risk management, and considerations of concessionality. NRFC’s Board has not received its Embargo Register to manage associated risks. NRFC did not obtain conflict of interest declarations and confidentiality agreements from suppliers who assisted with investment due diligence.

15. NRFC has established investment targets; and as at 31 May 2025, NRFC had announced investments totalling $434.5 million of a target of $550 million. At at 31 March 2025, NRFC’s Board has not developed a financial strategy and aligned it to its draft investment strategy and stakeholder engagement framework, to inform and support the timely deployment of its investments.

Supporting findings

Design process

16. Lessons from similar programs were considered and addressed in the design and establishment of the NRFC. DISR assessed external reviews of Specialist Investment Vehicles (SIVs), prior ANAO audits and engaged with stakeholders to identify lessons on the design and establishment of the NRFC. A key lesson relating to the need for investment-ready projects for the NRFC, and steps to address this were outlined in advice to government. (See paragraphs 2.4 to 2.11)

17. Stakeholder input on key design parameters of the NRFC was considered and included in advice to government. DISR undertook a structured approach to consulting stakeholders and analysing feedback received. Stakeholder engagement was largely consistent with the APS framework for engagement and participation — with opportunities to close the loop with all stakeholders who have contributed, and documenting lessons to improve future engagement activities being identified. (See paragraphs 2.12 to 2.18)

18. DISR established an appropriate framework for providing advice to government. Advice was based on lessons learned from other SIVs, stakeholder input, and understanding the policy context of the election commitment. Advice outlined risks and approaches to manage risks. Advice on a corporate Commonwealth entity (CCE) being the preferred vehicle to establish the NRFC was based on DISR’s assessment that a CCE provided the most effective way to achieve policy objectives, and was most closely aligned with the election commitment of the NRFC being modelled on the Clean Energy Finance Corporation. Appointments to the NRFC Board were consistent with NRFC Act, except that due diligence checks were not documented for one member appointed to the NRFC Board in October 2023. (See paragraphs 2.19 to 2.55)

Governance arrangements

19. NRFC Board and CEO appointments, Board meetings and the Board and CEO’s remuneration arrangements have been established under the NRFC Act. A Board skills matrix was developed for commencement appointments. NRFC Board members, NRFC CEOs and acting CEO made conflicts of interest declarations and maintain conflicts of interest registers. NRFC experienced leadership changes in the 16 months from its commencement to January 2025, with two CEO appointments and two acting CEO appointments. NRFC has established its risk management, fraud and corruption risk management and reporting arrangements under the PGPA Act, with some elements in progress. The NRFC ARC reviewed NRFC’s arrangements for risk management, internal controls, financial reporting except for NRFC’s performance reporting. Corporate policies continue to be in progress as at March 2025. The NRFC Board has yet to develop a financial strategy to support its financial sustainability and return on investment. Processes are in place for managing procurements, recruitment, declaring gifts and benefits, and managing Freedom of Information, with an opportunity to make available released information for downloading from its website. (See paragraphs 3.2 to 3.57)

20. NRFC has established its Investment Policies under section 75 of the NRFC Act. The NRFC Board has established the Board Investment Committee to provide oversight of investment decision processes, including investment delegations and policies for managing conflicts of interest and personal trading. Recruitment for roles supporting investments management was continuing as at March 2025, and the investments were made prior to establishing the investment asset management function. (See paragraphs 3.58 to 3.71)

21. NRFC has established and published its performance measures in its Corporate Plan 2023–24 and Corporate Plan 2024–25. NRFC reported in its 2023–24 performance statement that it had achieved its performance measure of finalising its core corporate, risk and investment policies. These ‘core’ policies were not defined and there were 39 policies and related documents outstanding at June 2024. NRFC’s performance measures in 2024–25 incorporate measures to report that investments meet at least three of the seven economic priority areas, there is an opportunity to ensure that measures in future years report against all seven economic priority areas. Controls for performance information and methodologies for performance reporting are in development as at March 2025. (See paragraphs 3.72 to 3.79)

Fund arrangements

22. NRFC’s Board and senior executives have engaged with Commonwealth entities, industry stakeholders and prospective applicants. NRFC’s Corporate Plans for 2023–24 and 2024–25 have set out objectives and performance measures for partnering and engaging with stakeholders. In October 2023, the NRFC Board decided to formalise engagement activities. NRFC’s investment strategy and stakeholder engagement framework were in draft and not finalised in 2023–24. A Stakeholder Engagement Strategy was approved by the NRFC Executive Leadership Team in May 2025. NRFC does not have a plan to periodically evaluate the effectiveness of its engagement activities. NRFC’s outputs relating to its investment strategy and stakeholder engagement framework outlined in its Corporate Plan 2023–24 were not completed. NRFC has made investment decisions and engaged with stakeholders without an endorsed investment strategy and stakeholder engagement framework. A draft investment strategy and stakeholder engagement framework limit the effectiveness of the NFRC Board’s fund promotion activities to achieve the performance measures it has set to deliver NRFC’s performance outcomes. (See paragraphs 4.2 to 4.9)

23. NRFC’s processes and controls to assess and approve applications are developing as at March 2025. NRFC’s existing investment procedures address its legislative requirements except for national security and First Nations impact, which are under development. NRFC’s approach to assessing investments has gaps in due diligence, investment risk assessment, and concessionality. These gaps impact the consistency of investment assessments, completeness of risk advice provided to the NRFC Board, and the NRFC Board’s assurance over compliance with its legislative requirements. The NRFC Board has not received updates on the Embargo Register to prevent members from inadvertently dealing in entities on whom the NRFC holds inside information. NRFC has not obtained confidentiality agreements or conflict of interest declarations from suppliers undertaking due diligence on investments. There is scope to improve the consistency of documenting how NRFC’s investments crowd-in and do not crowd-out other market participants. (See paragraphs 4.12 to 4.62)

24. NRFC’s budget estimates and performance measures establish investment targets across the current and forward years from 2024–25 to 2027–28. As at 31 May 2025, NRFC had announced investments totalling $434.5 million against a target of $550 million for 2024–25. The NRFC Board has established quarterly monitoring arrangements for its investment target through its ‘Operating Plan FY2025.’ NRFC took between six and nine months to assess and approve investments reviewed by the ANAO. As at 31 March 2025, NRFC’s Board has not developed a financial strategy that links with its investment strategy and stakeholder engagement framework to support it to deploy investments in a timely manner, and to generate returns to fund its operating expenses. (See paragraphs 4.67 to 4.71)

Recommendations

Summary of entity responses

25. Relevant parts of the proposed audit report were provided to the National Reconstruction Fund Corporation, the Department of Industry, Science and Resources, and the Department of Finance. Summary responses are reproduced below and full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

National Reconstruction Fund Corporation

The NRFC welcomes the ANAO’s report and its finding that the NRFC’s governance arrangements are largely sound. As the report notes, the NRFC was established on 18 September 2023, with the performance audit commencing less than a year into its operations. This early assessment of the Corporation’s governance processes provides assurance of the direction taken and offers useful insights to inform the Corporation’s commitment to continuous improvement.

The NRFC agrees with all recommendations and is committed to their implementation in a timely manner. We note that in all areas identified by the ANAO, active steps are being taken to ensure effective governance processes, including a number of areas where the recommended actions are already complete or where significant progress has already been achieved. Further work is underway to fully implement the remaining recommendations. The NRFC’s Audit and Risk Committee will oversee this implementation.

Department of Industry, Science and Resources

The department acknowledges the opportunity to comment on the report, noting it only had access to extracts relevant to the department.

In 2022, the Australian Government committed to establishing the National Reconstruction Fund (NRF) to support, diversify and transform Australia’s industry and economy.

To inform the NRF’s design, the department conducted extensive stakeholder engagement and public consultation. This included input from government and external stakeholders. Participants included representatives from business, unions, financial institutions, First Nations communities, regional groups, government and the public. This comprehensive process informed the NRFC’s structure, legislation, and successful establishment by September 2023.

In response to the one identified opportunity for improvement, the department acknowledges the release of RMG 127 in July 2024 and has updated its processes to ensure alignment with this latest guidance.

Department of Finance

The Department of Finance (Finance) welcomes ANAO’s performance audit report on the Design and Establishment of the National Reconstruction Fund Corporation (Report). The report concludes that the implementation and governance of the NRFC was largely effective. Finance notes that the due diligence documentation did not meet the standard of Resource Management Guide 127 – Specialist Investment Vehicles (RMG 127), however this guide was not in place at the time of the appointment.

Finance agrees with the ANAO’s suggested area for improvement to document NRFC board appointment processes. Consistent with guidance in RMG 127, Finance commits to ensuring that all board appointment processes and considerations are thoroughly and accurately documented. This includes retaining all relevant records to ensure transparency and accountability. Finance has already implemented these measures to support the effective governance and oversight of the National Reconstruction Fund Corporation (NRFC).

Background

1. The National Disability Insurance Scheme (NDIS) was established under the National Disability Insurance Scheme Act 2013 (NDIS Act) to fund reasonable and necessary supports for eligible people with disability to assist them in participating in economic and social life. NDIS participants have their supports costed and funded through a participant plan. The National Disability Insurance Agency (NDIA) was established under the NDIS Act to deliver the NDIS, and pays claims from participants and registered providers to fund NDIS supports in participant plans. In 2023–24, NDIS participant plan expenses totalled $41.85 billion, covering more than 661,000 participants. By 2033–34, NDIS expenses are expected to grow to $92.72 billion, covering more than 1,021,000 participants.¹

2. The NDIA has defined compliance as ‘following the rules and standards of the NDIS and Australian laws’ and ‘doing the right thing and using NDIS funds in line with NDIS plans’.² Types of claim non-compliance that have been identified through the NDIA’s fraud and non-compliance activities include: illegitimate or ‘ghost’ participants; claiming from expired plans; claiming from plans of participants who are incarcerated, in hospital or overseas for long periods (and thus ineligible for NDIS supports); claiming for services outside of plans; claiming for services that were not provided; claiming in advance of service delivery; overstating services, overcharging or duplicate charging; and double-dipping across government programs. The government has committed more than $495 million over eight years from 2021–22 to 2028–29 for the NDIA to address NDIS fraud and non-compliance.

Rationale for undertaking the audit

3. The NDIA paid out $41.85 billion for NDIS claims in 2023–24. In September 2023, the NDIA estimated that 6 to 10 per cent of these outlays could be for non-compliant, fraudulent or incorrect claims. The NDIA Board has a duty under section 16 of the Public Governance, Performance and Accountability Act 2013 to establish and maintain appropriate systems of risk oversight and management and internal control for the NDIA. It also has a duty under section 10 of the Public Governance, Performance and Accountability Rule 2014 (the Fraud and Corruption Rule) to take all reasonable measures to prevent, detect and respond to fraud and corruption relating to the NDIA (including deliberate non-compliance). There has been parliamentary interest in NDIS fraud and non-compliance and its impact on the sustainability of the NDIS. This audit was undertaken to provide assurance to the Parliament on the effectiveness of the NDIA’s arrangements for managing NDIS claim compliance.

Audit objective and criteria

4. The objective of the audit was to assess the effectiveness of the NDIA’s management of claimant compliance with NDIS claim requirements.

5. To form a conclusion against this objective, the following high-level criteria were adopted.

• Has the NDIA developed and implemented effective frameworks and processes to manage NDIS claim compliance?
• Has the NDIA implemented effective arrangements to oversee, monitor and continuously improve NDIS claim compliance?

Conclusion

6. The NDIA’s management of claimant compliance with NDIS claim requirements is partly effective. Prior to 2024, the NDIS lacked basic prevention controls for fraud and non-compliance. The NDIA is undertaking work to ‘crack down on fraud and non-compliant payments’, with tranche two of its Crack Down on Fraud program expected to be implemented by December 2025. If this work is delivered as planned, and embedded into business-as-usual activities, it has the potential to improve the financial sustainability of the NDIS.

7. The NDIA has partly effective frameworks and processes in place to manage claimant compliance with NDIS claim requirements and is implementing a large program of work to remediate identified deficiencies, with a target completion date of December 2025. The NDIA has not established a fit-for-purpose framework for managing NDIS claim compliance, although elements that could inform a more robust framework have been included in strategic planning documents for the NDIA’s Crack Down on Fraud program and the Fraud Fusion Taskforce. After identifying in 2023 that the NDIA was implemented with ‘catastrophically weak’ prevention controls, the NDIA has not yet established effective processes for preventing non-compliant claims. The NDIA has established processes to detect and respond to non-compliant claims, which are reviewing a small proportion of claims (0.4 per cent by dollar value) and detecting high levels of non-compliance (over 50 per cent by dollar value). The NDIA is working to improve the effectiveness of NDIS preventative and detective controls through the Crack Down on Fraud program, including introducing identity verification and claim validation processes and enhanced data analytics capabilities. Tranche one of the Crack Down on Fraud program was largely implemented on time and under budget. In April 2025, tranche two had an ‘amber’ status, with two June 2025 milestones identified as ‘at risk’ due to procurement delays.

8. The NDIA has implemented partly effective arrangements to oversee, monitor and continuously improve claimant compliance with NDIS claim requirements. While oversight and monitoring of NDIS claim compliance has been inconsistent, with frequent changes to reporting and oversight arrangements, a range of assurance mechanisms are in place for the Crack Down on Fraud program. The NDIA has not updated its risk assessments at the fraud and operational levels to reflect heightened claim compliance risks and identified gaps in existing controls. The NDIA has been measuring estimated payment error rates and has started reporting against compliance-related savings and benefits commitments. The transparency of its performance reporting to the government and the Disability Reform Ministerial Council could be improved. The NDIA is undertaking IT systems upgrades to improve its capacity to use data analytics to continuously improve NDIS claim compliance.

Supporting findings

Compliance frameworks and processes

9. The NDIA’s Compliance and Enforcement Framework (March 2020) and Fraud and Corruption Control Plan (July 2023) do not provide fit-for-purpose frameworks for managing claim compliance and do not delineate current accountabilities for compliance management. The NDIA Board is non-compliant with the Fraud and Corruption Rule as it has not endorsed an updated Fraud and Corruption Control Plan to meet the requirements of the new whole-of-Australian Government framework. The NDIA has developed a ‘program logic’ for the Crack Down on Fraud program and ‘strategic prevention concepts’ for the Fraud Fusion Taskforce that outline more appropriate control frameworks, as they include coverage of basic preventative controls for government payment schemes and are targeted to key non-compliance risks. The NDIA has not updated its broader compliance frameworks and related policies and procedures to reflect changes in its compliance approach. (See paragraphs 2.3 to 2.18)

10. The NDIS was designed and implemented (up until 2024) without basic prevention controls, such as clear claim requirements and robust identity verification and pre-payment validation processes. The NDIA commenced implementing activities to address these deficiencies in February 2024 through its Crack Down on Fraud program. Early program milestones were largely met, and the first tranche of the program was delivered largely on time and under budget. A large body of work to address prevention control deficiencies was still in progress as of April 2025 with a target completion date for tranche two of December 2025. In April 2025, the NDIA reported an ‘amber’ status for the program, due to procurement delays that had put the timely delivery of two milestones at risk. The NDIA has established other prevention controls, such as undertaking campaigns to improve compliance in targeted areas and providing educational information and guidance to claimants and NDIA staff. (See paragraphs 2.19 to 2.50)

11. The NDIA has established processes to detect and respond to non-compliant claims, including tip-off mechanisms, manual payment review processes and debt recovery. The NDIA has made improvements to its tip-off intake and assessment processes and is continuing to implement a tip-off redesign program. After the NDIA received advice in May 2023 that it was limited in its capacity to recover debts from non-compliant claims when supports were described generally in participant plans, the NDIA shifted its focus in 2024 from post-payment reviews to pre-payment reviews. The NDIA targets its manual pre-payment reviews based on ‘risk profiles’. These reviews cover a small proportion of NDIS outlays (0.4 per cent) and are detecting a high proportion of non-compliance (over 50 per cent of reviewed claims, by dollar value, are cancelled). The NDIA has identified deficiencies in its detection and response IT systems and is progressing work to improve its data analytics capabilities through the Crack Down on Fraud program, with a target completion date of December 2025. (See paragraphs 2.51 to 2.78)

Oversight, monitoring and evaluation

12. The NDIA’s oversight and monitoring of claim compliance has been inconsistent, with frequent changes to reporting and oversight arrangements. The NDIA consolidated integrity functions within a single group from January 2024 and established a Strategic Leadership Team sub-committee from October 2024 to March 2025 to oversee integrity functions, including claim compliance. Briefing on the status of integrity initiatives has been provided with varying frequency to the NDIA Board, other decision-makers and oversight committees. The NDIA has put in place a range of assurance mechanisms for the Crack Down on Fraud program, including regular assurance activities conducted by the program’s independent assurer. The NDIA has identified heightened claim compliance risks and significant gaps in existing controls. It has not updated its control assessments at the fraud and operational levels to reflect these identified control weaknesses. (See paragraphs 3.3 to 3.33)

13. The NDIA conducts assurance testing to estimate payment error rates and identify opportunities for continuous improvement. It does not have robust processes to monitor the implementation of identified improvement opportunities, and it has acknowledged that measured error rates underestimate fraud and non-compliance losses. In October 2023, the NDIA made commitments to the government to achieve savings and benefits from the Crack Down on Fraud program. The NDIA has not provided reporting against these commitments to the government or the Disability Reform Ministerial Council. The NDIA is implementing IT systems upgrades through the Crack Down on Fraud program, with a target completion date of December 2025, which aim to increase its capacity to use data analytics to support continuous improvement in claim compliance. (See paragraphs 3.34 to 3.60)

Recommendations

Summary of entity response

14. The proposed audit report was provided to the NDIA. The NDIA’s summary response is reproduced below. The full response from the NDIA is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

The NDIA appreciates the work of the ANAO in assessing the NDIA’s management of claimant compliance with NDIS claim requirements.

Over the last 2 years, the NDIA has been implementing an accelerated transformation to significantly improve the NDIA’s management of claimant compliance from a low level of maturity.

Committed to deliver integrity outcomes that detect, respond to, and prevent fraud and non-compliance against the NDIS, the NDIA secured and is implementing programs funded by the Fraud Fusion Taskforce and the Crack Down on Fraud Program. Our integrity transformation programs are focused on uplifting NDIA system capability, making it easier to get it right, and harder to get it wrong.

The scope of change has required agility and responsiveness, at scale and as the NDIA progressively implements transformation, it is building new capability through changes to law reform, technology uplifts, process uplifts and whole of government collaboration. The NDIA appreciates the ANAO’s acknowledgement of this progressive maturity journey, and the integrity outcomes that the NDIA continues to deliver.

The NDIA will continue to progressively implement transformational change to safeguard the NDIS and protect participants’ plans, safety and wellbeing. The changes aim to ensure participants have a positive NDIS experience and that the NDIS remains available to support Australians with disability when they need it.

Background

1. An ‘interest’ is something related to an individual’s personal circumstances that may bring advantage to, or affect, that individual. Interests can include, but are not limited to: financial interests; relationships; employment, including past employment and outside employment; and memberships or affiliations.

2. A conflict of interest can occur when there is a conflict between the public duties and personal interests of a public official that could, or could be seen to, influence the decisions they make or advice they give. For example, an official may hold shares in a company that they are regulating or procuring goods and services from. Conflicts of interest can be real, apparent or potential. Real conflicts of interest occur when personal interests improperly influence officials in performing their public duties.

3. The Public Service Act 1999 sets out that the function of the Senior Executive Service (SES) is to provide APS-wide strategic leadership of the highest quality that contributes to an effective and cohesive APS.¹ SES officers should, by personal example and other appropriate means, promote the Australian Public Service (APS) Values and compliance with the Code of Conduct.² There are specific requirements for accountable authorities and SES employees in relation to the management of interests.³

Rationale for undertaking the audit

4. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties. Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosure and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.⁴

5. This audit was conducted to provide assurance to the Parliament whether the selected entities are effectively managing SES conflict of interest requirements.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of selected Commonwealth entities’ management of Senior Executive Service conflict of interest requirements.

7. To form a conclusion against the objective, the ANAO adopted the following three high-level audit criteria.

• Have the entities developed appropriate arrangements to support the management of SES personal interests and conflicts of interest?
• Have the entities implemented effective controls and processes for managing SES annual declarations of interests in accordance with policies and procedures?
• Are SES officers effectively completing conflict of interest declarations for activities of heightened risk of conflict?

Conclusion

8. The Aged Care Quality and Safety Commission (ACQSC), the Australian Trade and Investment Commission (Austrade) and the Department of Home Affairs (Home Affairs) are managing conflicts of interest for SES officers in a largely effective manner. The entities’ management of conflicts of interest has generally improved since 2022. There are a number of initiatives underway to strengthen the framework for managing conflicts of interest across the Australian Public Service.

9. The audited entities have largely appropriate arrangements in place to manage the personal interests and conflicts of interest of SES officers. All entities have policies and procedures which identify interests as a matter requiring consideration. ACQSC and Austrade do not have documented procedures for managing accountable authority declarations to the relevant minister as required by the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). Home Affairs introduced a procedure in March 2025. All entities identify responsibilities for managing interests. Internal reporting on the completion of declarations and risks arising from declarations has not been undertaken. All entities include conflicts of interest in their enterprise risk registers or fraud risks. Each entity provides training on conflicts of interest within their mandatory training modules. Entities do not adequately monitor completion of this training. All entities communicate information and guidance on conflicts of interest to staff.

10. All entities have implemented partly effective controls and processes for managing SES declarations of interests. Not all SES officers are making declarations. There are limitations in the completeness of information included in declarations by officers, and demonstrated managerial review only occurred for some declarations. Records documenting management plans were not maintained by ACQSC until early 2024. All entities monitor completion of declarations and follow up non-compliant individuals. Between 2022 and 2024, the accountable authorities of ACQSC and Austrade did not make declarations to relevant ministers, as required. The ACQSC’s new incoming accountable authority made a declaration to the relevant minister in January 2025 and the Austrade accountable authority made a declaration in November 2024 and March 2025. The Home Affairs accountable authority has made declarations as required. ACQSC and Austrade included conflicts of interest in assurance activities between 2022 and 2024, and Home Affairs last did so in 2020–21.

11. Entities are partly effective with respect to SES officers completing activity-based conflict of interest declarations. Entities have generally established a requirement for officers to declare conflicts of interest for procurement, recruitment and grants administration activities. The requirement is weakened when there is no requirement for all officers to make a declaration, including for officers with nothing to declare. The ANAO found that officers from ACQSC and Austrade were generally making declarations for procurement as required. Home Affairs officers were not. Officers from all entities involved in grants administration activities are declaring as required. Results were mixed for recruitment activities. No entities had adequate arrangements in place for conflict of interest risks related to post-separation employment.

Supporting findings

Governance

12. ACQSC’s and Home Affairs’ Accountable Authority Instructions (AAIs) follow the model AAI content from the Department of Finance on the disclosure of interests. ACQSC’s AAIs give additional organisational context. Austrade’s instructions do not include the model content and make limited reference to the management of interests. All entities have supporting policies and procedures. Home Affairs’ policies and procedures provide insufficient detail on the annual SES declaration process. None of the entities had procedures supporting accountable authority declarations to the relevant minister. Home Affairs introduced such a procedure in March 2025. (See paragraphs 2.1 to 2.39)

13. All entities have clearly documented responsibilities identifying that individuals are required to make declarations. ACQSC and Home Affairs identify additional responsibilities for other roles including supervisors, managers and business areas responsible for overall management of interests. There has been no internal reporting undertaken within the entities in relation to the completion of annual interest declarations processes, except ACQSC commenced reporting in January 2025 to its internal governance forum. None of the entities analysed declarations of interests to assess and report on emerging risks. (See paragraphs 2.40 to 2.60)

14. All entities have considered conflicts of interest as part of broader integrity or legislative compliance risks. While risks associated with conflicts of interest are considered by all entities, only Home Affairs has documented the controls and control owners associated with enterprise risks. ACQSC’s register includes risk owners. Appropriate documentation of controls and control owners is absent in ACQSC and Austrade. All entities have considered conflicts of interest as a factor within their fraud and corruption control plans. Home Affairs has assessed conflicts of interest as part of its fraud and corruption risk assessments. (See paragraphs 2.61 to 2.77)

15. All entities have training on conflict of interest within their mandatory annual training. This training is not being completed by all SES officers. To help remind SES officers to complete their annual declarations, each of the entities provide officers with reminders. Information and assistance to support officers to comply with their obligations is also available within each entity. (See paragraphs 2.78 to 2.109)

Annual declarations of interests

16. Not all SES officers are completing annual declarations, with completion rates varying across entities. For ACQSC, the completion rate was 92 per cent in 2024. For Austrade, it was 99 per cent (when taking into account long-term leave and departures) and for Home Affairs it was 84 per cent. Completion rates have varied over time. Declarations generally contain sufficient information to understand the nature and extent of a declared interest, however an explanation of how the interest relates to the ‘affairs of the entity’ is not always sufficiently described. The accountable authorities of ACQSC and Austrade did not make declarations of their interests to the relevant minister as required. (See paragraphs 3.3 to 3.31)

17. None of the entities require that all annual declarations made by SES officers are subject to review. If an officer makes a ‘nil’ declaration, none of the entities have required declarations be reviewed. Home Affairs introduced a requirement in December 2024. Only declarations including an interest are subject to manager review. Management plans developed by Austrade officers document managerial review. Evidence of managerial review was lacking for plans developed by ACQSC and Home Affairs officers prior to 2024. (See paragraphs 3.32 to 3.48)

18. All entities monitor the completion of declarations of interests by SES officers. Where SES officers had not completed declarations, there was a process to follow up with relevant officers and their managers. ACQSC and Austrade undertook assurance activity through the inclusion of conflicts of interest within internal audits between 2022 and 2024. (See paragraphs 3.49 to 3.58)

Declarations of conflicts of interest for activity-based activities

19. Each entity requires that SES officers involved in procurement declare conflicts of interest. For ACQSC the SES officers involved in procurement made declarations as required. Eleven of 14 Home Affairs SES officers did not make declarations as required. From March 2025, Austrade has required that all officers involved in procurement activities make conflict of interest declarations. Before this, only officers who had a conflict to declare were required to make a declaration. As such, there were no records for the two Austrade SES officers in the ANAO sample demonstrating that they had considered conflicts of interest. (See paragraphs 4.5 to 4.8)

20. Austrade does not have a policy specifically relating to making conflict of interest declarations for grants administration. Home Affairs requires officers to disclose and manage conflicts of interest, however, there is a lack of supporting process. The three Austrade SES officers involved in grants administration activities assessed by the ANAO had made conflict of interest declarations. The 13 Home Affairs SES officers involved in grants administration had also made declarations. (See paragraphs 4.9 to 4.13)

21. Each of the entities requires that SES officers involved in recruitment declare conflicts of interest, except Home Affairs does not have a documented policy where the recruitment is for an SES officer. Within ACQSC, 38 per cent of SES officers involved in recruitment activities assessed by the ANAO did not make a declaration as required. Austrade does not require officers to make declarations if they have nothing to declare — 44 per cent of SES officers involved in the recruitment assessed by the ANAO made no declaration. Ninety-seven per cent of Home Affairs’ SES officers involved in recruitment made a declaration. Where conflicts of interest were declared, appropriate officers at the three entities were not always reviewing these and management actions were not always being put in place. (See paragraphs 4.14 to 4.39)

22. None of the entities have adequate policies and procedures to support the identification, declaration and management of conflicts of interest related to post-separation employment. Austrade has a declaration addressing conflicts of interest in its cessation checklist. The checklist was not completed by all departing officers. In addition, there was a lack of evidence to demonstrate that such conflicts of interest were considered for SES employees who had departed. (See paragraphs 4.42 to 4.50)

Recommendations

Summary of entity responses

23. The proposed report was provided to ACQSC, Austrade and Home Affairs. Summary responses from the entities are reproduced below. Full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

Aged Care Quality and Safety Commission

The Aged Care and Quality Safety Commission (the Commission) welcomes the findings of the audit which align well with the uplift in our integrity policies and practices the Commission already had underway, and some of which were applied during the period of the audit.

The Commission agrees with the five recommendations relating to arrangements for the accountable authority to provide declarations to the Minister, monitoring compliance with mandatory training, ensuring declarations contain information about the person’s role and responsibilities, ensuring annual declarations are refreshed at regular intervals, updating our recruitment Conflict of Interest Form and updating policies and procedures to include post separation conflicts of interest.

The Commission had already commenced improving its conflict of interest processes as part of a wider integrity uplift prior to the audit and the learnings from this audit will continue to inform our integrity maturity uplift. Recommendations from the audit have been actioned with amendments being made to forms, policies and procedures.

Australian Trade and Investment Commission

The Australian Trade and Investment Commission welcomes the audit report and acknowledges the findings and recommendations made by the Australian National Audit Office in relation to the Management of the Senior Executive Services Conflict of interest requirements.

The Australian Trade and Investment Commission is committed to implementing the recommendations from the report. These improvements will further strengthen Austrade’s efforts to ensure all Senior Executive Service (SES) employees of the agency declare all conflicts of interest, and that all declarations are managed with integrity and consistent with legislative obligations.

Department of Home Affairs

All findings and recommendations are agreed. The Department of Home Affairs is committed to ensuring that appropriate processes are maintained for identifying and managing conflicts of interest. This is fundamental to maintaining public trust and confidence in our operations.

Mandatory training is currently in place for all staff and the department will establish follow up actions to ensure SES officers are meeting their mandatory training obligations within set timeframes. This will strengthen the current system of automatic reminders which are sent to both staff and their supervisors, and non-compliance reports that are provided to senior leaders.

The department has work underway to improve its conflict of interest process. This includes updating policies and guidance material and strengthening education. The department has already updated and strengthened procurement guidance and templates to ensure delegates are aware of their conflict of interest obligations throughout each stage of the procurement process. Formal procedures have also been implemented for the Senior Executive Service annual declaration of interest process.

Background

1. Airservices Australia (Airservices) is established under the Air Services Act 1995 to provide air traffic control and other related services to the aviation industry in Australian-administered airspace. The Department of Defence (Defence) provides air traffic management to military aviation in Australia, including at Defence airfields that operate with shared military and civil use.

2. The OneSKY program aims to build and operate a joint civil–military air traffic management system. The program includes the design and delivery of the new Civil Military Air Traffic Management System (CMATS) plus supporting infrastructure for Airservices and Defence. Airservices is the lead agency delivering the CMATS program in collaboration with Defence.

3. In February 2018 Airservices entered into separate acquisition and support contracts with Thales Australia Limited (Thales) and an on-supply agreement with Defence.

Rationale for undertaking the audit

4. Passengers in Australian airspace rely on Airservices to provide critical air traffic control infrastructure safely and efficiently. The OneSKY program is a major change for Airservices, and CMATS is a core component of the program. Airservices has contracted Thales to develop and support CMATS. The ANAO has previously undertaken three performance audits on the procurements for CMATS, the most recent in 2019.¹ Procurement and contract management of large-scale IT projects involve elevated risks. The audit provides assurance to Parliament on whether Airservices is managing the contract for CMATS effectively.

Audit objective and criteria

5. The objective of the audit was to assess the effectiveness of Airservices’ contract management for the OneSKY program.

6. To form a conclusion against the audit objective, the audit team applied the following high-level criteria:

• Has Airservices developed appropriate governance arrangements to support contract management?
• Has Airservices managed the contract effectively to achieve value for money?

Conclusion

7. Airservices’ contract management of the OneSKY program is partly effective. It has governance processes in place and has developed procedures to manage the contract. Shortcomings in contract management planning, performance management and probity have limited its effectiveness in managing the contract to minimise cost increases and schedule delays.

8. Airservices has implemented partly appropriate contract management governance arrangements. A contract management plan is in place; however, arrangements did not sufficiently cover provider performance, program risk and probity issues. Risk processes did not completely capture interdependencies between contract management and program risks. An on-supply agreement formalised arrangements between Airservices and the Defence for the delivery of CMATS. It relies on effective collaboration and governance forums for issues escalation. The Defence component of CMATS was declared a Project of Concern in October 2022 outside of the formal governance forums.

9. Airservices is partly effective in managing the contract to achieve value for money. It has a process to manage variations; however, a high number of variations to date have resulted in cost increases and schedule extensions, and the rationale for its value-for-money assessment was not consistently documented when seeking approval. The incentive-based pricing model agreed in the contract between Airservices and Thales has not been fully effective in containing costs, with the target price expected to be met. Airservices’ supplier performance management is not fully developed or utilised. Airservices applies enterprise-wide probity procedures for conflicts of interest and gifts and benefits, but staff did not always follow these.

Supporting findings

Contract management governance

10. Airservices has developed a OneSKY contract management plan. The plan covers elements set out in the Airservices contract management procedure, such as roles and responsibilities, governance arrangements and the variation process. It does not cover contract management risk or probity for CMATS, and does not reference the CMATS risk management plan or probity plan. The contract management plan does not sufficiently cover contractual performance management. The OneSKY program has 12 governance forums that are intended to provide direction and oversight. The OneSKY Strategic Relationship Forum has never met and in October 2022 CMATS was declared a Project of Concern. (See paragraphs 2.3 to 2.21)

11. Airservices applies the OneSKY program risk management process to contract management risks. It has risk management plans and documentation to identify and monitor contract risks; however, controls and treatments are not fully effective and contract management risks have been realised throughout the project. The interdependency between contract management risks (including Thales’ performance) and risk to overall program delivery and objectives is not fully captured — for example, through documentation of specific contract management actions and levers to ensure program-wide deliverables are achieved. (See paragraphs 2.22 to 2.39)

12. The on-supply agreement formalised the relationship between Airservices and Defence for the delivery of CMATS and has been varied 10 times. It covers collaboration between the two entities and governance forums, but does not provide for escalation if issues cannot be resolved within these mechanisms. In August 2021 Defence escalated its concerns about the project to ministerial level and in October 2022 the Minister for Defence Industry declared CMATS a Project of Concern. The Minister for Defence Industry has since held six meetings with principal stakeholders to address project underperformance. These have resulted in the development of a remediation plan to address program-wide issues. As at February 2025 CMATS remains on the Project of Concern list, with exit criteria formulated to demonstrate delivery of Defence capability. The exit criteria are not expected to be met before 2027. (See paragraphs 2.40 to 2.62)

Achievement of value for money

13. The combined impact of 44 variations as at 31 December 2024 has seen the cost of the acquisition contract increased by $160 million (AUD equivalent) and the delivery date extended by 53 months (four-and-a-half years). Airservices has a process in place to support the development and assessment of contract variations. Briefs to the approval delegate did not completely document how the various elements (technical need, risk and cost) collectively justified the value-for-money assessment or the effect of incremental change on the overall contract value for money. (See paragraphs 3.2 to 3.28)

14. The acquisition contract operates under an incentive arrangement where Airservices and Thales share costs and savings. Under the contract agreed in February 2018, Airservices reimburses Thales for actual costs incurred for works performed up to the ceiling cost. Since December 2023 the arrangement has focused on payments based on milestones. Airservices has mechanisms in place to monitor Thales’ performance, but it does not fully utilise these. In February 2024 program-level key performance indicators were introduced as part of Project of Concern remedial action but these do not provide associated consequences for supplier underperformance where relevant. (See paragraphs 3.29 to 3.69)

15. Airservices has procedures for probity management. Airservices utilises enterprise-wide conflict of interest procedures and gifts, benefits and hospitality acceptance procedures, but these are not reflected in OneSKY probity plans. Airservices staff accepted and did not declare gifts, benefits or hospitality, indicating limited compliance with Airservices’ code of conduct requirements and procedures on perceived and actual conflicts. (See paragraphs 3.70 to 3.88)

Recommendations

Summary of entity responses

16. The proposed audit report was provided to Airservices and Defence. An extract was provided to Thales. Airservices’ and Defence’s summary responses are provided below and their full responses are provided at Appendix 1.²

Airservices Australia

Airservices acknowledges the report’s findings and appreciates its thorough analysis. While some findings do not fully align with the recommendations, the latter primarily focus on documentation improvements rather than significant deficiencies in existing practices. There are substantial differences between the previously shared report preparation paper (RPP) and the S19 proposed report, specifically noting that the newly added ‘Conclusion’ section presents a more negative view than the broader findings suggest.³ It is pertinent to note Airservices has swiftly implemented corrective actions, addressing all recommendations reflecting its commitment to the OneSKY program and national airspace management harmonization.

Key responses to the recommendations include updating the OneSKY Program Contract Management Plan to enhance guidance on risk management, performance monitoring, and periodic contract reviews. Contract management risks have been integrated into the broader program risk framework, while the Evaluation Report Template has been refined to further clarify value-for-money assessments. The in-practice structured set of approved KPIs have also been linked with contract management plan for cross-reference, and a new procedure has been introduced to strengthen probity awareness regarding hospitality, gifts, and benefits.

These promptly implemented actions demonstrate Airservices’ dedication to continuous improvement in successfully delivering the complex OneSKY program.

Department of Defence

Defence welcomes the ANAO Audit Report into the Management of the OneSKY contract and acknowledges the findings. Defence notes the five recommendations contained in the audit report relate to Airservices Australia’s (Airservices) contract management processes.

Defence is committed to strengthening and standardising processes and controls for contract management. Whilst the audit recommendations are against Airservices’ processes, as part of the collaboration between Airservices and Defence on the OneSKY Program, Defence will work with Airservices and assist, where required and appropriate, to apply the audit recommendations.

Background

1. Fraud against Australian Government entities and corrupt conduct by Australian Government officials are serious matters that can constitute criminal offences. Fraud and corruption undermine the integrity of and public trust in government, including by reducing funds available for government program delivery and causing financial and reputation damage to defrauded entities.¹

2. The Australian Government’s Commonwealth Fraud and Corruption Control Framework defines fraud and corruption as:

• fraud: dishonestly obtaining (including attempting to obtain) a gain or benefit, or causing a loss or risk of loss, by deception or other means; and
• corruption: any conduct that does or could compromise the integrity, accountability or probity of public administration.²

3. Creative Australia, a corporate Commonwealth entity (CCE), is the Australian Government’s primary investment and advisory body for arts and culture. In 2023–24 Creative Australia supported the community by administering $237.4 million in grants and other funding opportunities.

Rationale for undertaking the audit

4. Fraud and corruption against Australian Government entities reduces available funds for public goods and services and causes financial and reputational damage to the Australian Government.³

5. The Australian Government amended section 10 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), effective 1 July 2024⁴, to include corruption risks and introduce new requirements for fraud and corruption governance arrangements. All Australian Government entities are required to have fraud and corruption control arrangements in place to prevent, detect and respond to fraud and corruption.⁵

6. Creative Australia must meet the minimum standards set out in the PGPA Rule and, as a CCE, it is strongly encouraged to implement the Commonwealth Fraud and Corruption Policy.⁶ This audit is intended to provide assurance to the Parliament regarding the fraud and corruption control arrangements in Creative Australia.

Audit objective and criteria

7. The objective of the audit was to assess the effectiveness of Creative Australia’s fraud and corruption control arrangements.

8. To form a conclusion against this objective, the following high-level criteria were adopted.

• Have appropriate arrangements been established to oversee and manage fraud and corruption risks?
• Have appropriate mechanisms been established to prevent fraud and corruption, and promote a culture of integrity?
• Have appropriate mechanisms been established to detect and respond to fraud and corruption?

Conclusion

9. Creative Australia’s fraud and corruption control arrangements are partly effective. Creative Australia has mechanisms in place that seek to mitigate internal fraud and corruption risks. These mechanisms are partly appropriate for the purpose of preventing, detecting and investigating external fraud risks.

10. Creative Australia has established partly effective arrangements to oversee and manage fraud and corruption risks. Creative Australia has developed a Fraud and Corruption Control Framework that has external and internal fraud controls. Creative Australia does not categorise its controls. The framework has been developed in the context of Creative Australia’s risk management framework and documents fraud and corruption risk responsibilities of senior officials. Creative Australia does not differentiate between fraud risks and corruption risks in its risk register. The scope of fraud and corruption control responsibilities are not reflected in Creative Australia’s Authorisations Framework. Creative Australia’s Audit and Risk Committee (ARC) approved the fraud and corruption policy and discussed the policy with the Australia Council Board (the Board). The ARC provides advice on the fraud and corruption risk management system. The ARC is not able to provide assurance to the accountable authority on the appropriateness of controls. While risk assessment results are recorded in Creative Australia’s risk management system, the process undertaken to assess fraud and corruption risks is not documented. Creative Australia does not test the effectiveness of its fraud and corruption controls beyond making a judgement as to whether they are working. Creative Australia did not have a Fraud Control Plan in 2023–24. Its 2024–25 Fraud and Corruption Control Plan does not appropriately manage fraud and corruption risks, and was developed without consideration to risk assessments, and does not consider new functions and activities.

11. Creative Australia has established partly effective mechanisms to prevent fraud and corruption and promote a culture of integrity. Creative Australia’s processes assist officials in preventing fraud and corruption. Creative Australia has established mechanisms to ensure its officials are aware of what constitutes fraud and corruption. Two of the 15 fraud and corruption risks do not have controls in place. Fraud and corruption risks are not considered when planning and undertaking activities. Creative Australia did not have a mechanism to effectively monitor completion of mandatory induction training for all new staff and advised the ANAO in March 2025 that it has since moved to a process of recording training records in its Human Resource management system. Creative Australia’s officials with responsibilities for the management and oversight of fraud and corruption are not primarily employed to undertake fraud and corruption risk management activities. These officials have not undertaken professional development to increase capability in the management of fraud and corruption risks.

12. Creative Australia’s mechanisms to detect and respond to fraud and corruption are partly effective. Creative Australia has not detected a suspected case of fraud or corruption. While Creative Australia has detailed reporting requirements in its multi-year investment programs, it does not have a robust detection mechanism in its general grants and Australian Cultural Fund (ACF) programs. Creative Australia does not cross check non-compliance with the ACF when applicants are accessing other grant opportunities, and if potential fraud or corruption is detected, it does not have guidelines to manage an investigation appropriately. Creative Australia has appropriate mechanisms in place to detect externally originating cyber-attacks. External parties do not have a way to report suspected cases of fraud or corruption confidentially. Non-compliance with grant requirements, including not completing funding activities, are not considered as a potential fraud case by Creative Australia.

Supporting findings

Oversight and management of fraud and corruption risks

13. Creative Australia has established a Fraud and Corruption Control Framework that defines fraud and corruption. Corruption is not defined in line with the definition contained in section 8 of the National Anti-Corruption Commission Act 2022 (NACC Act). The framework does not reference the NACC Act or identify processes for overseeing or managing fraud and corruption risks. Senior officials are assigned responsibilities for fraud control activities in the framework which are not reflected in Creative Australia’s Authorisations Framework. The ARC provides the accountable authority advice over risk management. The ARC does not receive independent assurance on the effectiveness of Creative Australia’s fraud and corruption control arrangements. The ARC does review and approve the fraud and corruption control framework and notes the results of Creative Australia’s internal audit program related to fraud and corruption. Fraud and corruption risks are not reported to the accountable authority. (See paragraphs 2.2 to 2.20)

14. Creative Australia reviews its fraud and corruption risks every six months. There is no documented process for identifying risks, including for entity-specific activities, functions and programs, and fraud and corruption risk assessments are not documented. Effective November 2024, the updated 2024–25 Fraud and Corruption Control Policy does not incorporate changes reflecting the absorbed functions of Creative Australia Partnerships Limited. Creative Australia uses a risk matrix to determine a risk rating for its fraud and corruption risks. Topics covered in Creative Australia’s internal audit program are not informed by the outcomes of fraud and corruption risk reviews. (See paragraphs 2.21 to 2.40)

15. Creative Australia did not have a fraud control plan for 2023–24 and considered its control plan for 2022–23 remained fit for purpose. Creative Australia’s 2024–25 fraud and corruption control plan does not refer to risk assessments, is not linked to fraud and corruption risks, and Creative Australia does not test the effectiveness of its fraud and corruption controls, outside of testing its ICT environment. The ARC uses Creative Australia’s internal audit program every two years to provide a level of confidence to the Board on control effectiveness. (See paragraphs 2.41 to 2.53)

Fraud and corruption prevention and integrity culture

16. Creative Australia has not assessed the appropriateness and effectiveness of its fraud and corruption controls. Creative Australia does not categorise its controls as preventative, detective or corrective. The ANAO assessed controls and determined that 84 per cent of controls are preventative. Two fraud and corruption risks recorded in Creative Australia’s risk management system do not have controls in place. Controls with preventative properties largely relate to functions and activities of Creative Australia that existed prior to 1 July 2023, not incorporating new activities and functions, including the functions acquired on the deregistration of the company Creative Australia Partnerships Limited. Creative Australia does not have a process to prevent non-compliant recipients of funding through the Australian Cultural Fund (ACF) from accessing grants through its other grant programs. Creative Australia has a framework and controls to mitigate the risk of fraud associated with unauthorised access to Creative Australia systems. (See paragraphs 3.3 to 3.23)

17. Creative Australia has mechanisms to ensure its officials are aware of what constitutes fraud and corruption. Induction training includes fraud and corruption awareness. Creative Australia has no documented process to monitor attendance and completion rates of induction training for new officials. Creative Australia has policies related to conflicts of interest, confidentiality, public interest disclosures, and code of conduct available on its website. The website does not provide a mechanism for external parties to request a copy of Creative Australia’s Fraud and Corruption Control Policy. Creative Australia’s external contracts contain anti-bribery and anti-corruption clauses. Creative Australia does not monitor or evaluate its awareness initiatives. (See paragraphs 3.24 to 3.35)

18. Creative Australia has not undertaken any fraud or corruption investigations. If required, Creative Australia advised that investigations would be carried out by suitably qualified external investigators. Creative Australia has officials that have fraud and corruption risk management responsibilities. These officials are not primarily engaged to undertake fraud and corruption risk activities. (See paragraphs 3.37 to 3.46)

Fraud and corruption detection and response

19. Creative Australia has controls in place to detect external cyber-attacks. Creative Australia does not have mechanisms in place for external parties to report suspected cases of fraud or corruption anonymously where appropriate. Processes are in place to detect incidents where non-compliant grant recipients have not carried out the funded activity. Creative Australia does not treat these incidents as potential fraud and does not check non-compliance in its ACF when applicants are accessing grants in its other grant programs. Creative Australia reports individual cases of non-compliance in its grant programs, other than the ACF, when reports are more than 30 weeks overdue. All 15 fraud and corruption controls with detective properties are consistent with the Commonwealth Fraud Prevention Centre’s catalogue of fraud controls. Creative Australia has not assessed the appropriateness and effectiveness of its detective controls for fraud and corruption risks. (See paragraphs 4.2 to 4.16)

20. Creative Australia has not undertaken or responded to a fraud or corruption investigation. Creative Australia developed a Fraud and Corruption Incident Register where it intends to record cases of suspected fraud or corruption, should an incident be reported or identified. Creative Australia does not investigate non-compliance with grant requirements where activities are not completed as a suspected case of fraud and does not cross check non-compliance with reporting in the ACF when an applicant is accessing its other grant programs. In cases of non-compliance where grant recipients received a ’30-week letter’, Creative Australia did not follow up on its requests to repay grant funds when funded activities had not been completed. (See paragraphs 4.18 to 4.34)

21. Creative Australia has complied with its annual reporting obligations and completed its response to the Australian Institute of Criminology’s annual survey within the timeframes required. Creative Australia has not reported any suspected fraud or corruption incidents. Creative Australia has developed a Fraud and Corruption Incident Register. (See paragraphs 4.37 to 4.45)

Recommendations

Summary of entity response

22. The proposed audit report was provided to Creative Australia. The summary response to the report is below and the full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Creative Australia is committed to ensuring that its fraud and corruption obligations are taken seriously and welcomed the ANAO’s review of its systems, processes and control arrangements.

As part of the National Cultural Policy: Revive (January 2023), the functions of Creative Australia have substantially expanded, with the period of change commencing on 1 July 2023 and continuing over an initial four-year horizon.

As a result, Creative Australia is rapidly developing, deploying, and maturing our strategy, policies, procedures and operations (including fraud and corruption control arrangements) in response to these changes.

Creative Australia acknowledges that with the changing landscape of fraud and corruption, including an increasingly challenging cyber security environment, all organisations are actively seeking to adapt and strengthen systems and controls to prevent and detect fraud and corruption. This of course is more challenging in a small organisation of limited resources.

The Accountable Authority of Creative Australia will ensure that the recommendations from this review are implemented, the opportunities for improvement are carefully considered, and that appropriate expert resources are devoted to improving and enhancing our control arrangements in a timely, effective, and efficient manner.

Background

1. The National Office for Child Safety (NOCS) was established in July 2018 in response to the Royal Commission into Institutional Responses to Child Sexual Abuse (the Royal Commission). The Royal Commission had reported in December 2017. NOCS was initially located in the Department of the Prime Minister and Cabinet. It was moved in 2022 to the Attorney-General’s Department (AGD) as a result of the June 2022 Administrative Arrangements Order.

2. In October 2021, the Australian Government launched the National Strategy to Prevent and Respond to Child Sexual Abuse 2021–2030 (National Strategy).¹ The first phase of the National Strategy includes two four-year action plans (from 2021 to 2024): the First National Action Plan (NAP), to be delivered by Commonwealth, state and territory governments; and the First Commonwealth Action Plan, to be delivered by Commonwealth agencies.

3. NOCS is responsible for launching three new national support services. The provision of the three national support services is to be contracted. The approach to procuring service providers for NAP Measures 7, 10 and 21 was considered in the same procurement strategy, in which the department stated, ‘the three services are in varying stages of development and would likely be ready to approach the market at different times throughout 2023’. A Request for Tender (RFT) process has been undertaken for NAP Measures 10 and 21. Procurements have also been undertaken for the advisers and consultants to assist with the NAP Measure procurement processes as well as an evaluation provider for the NAP 10 and NAP 21 services.

4. There will be a lag between contracts being signed and services being provided to non-offending family members of child sexual abuse perpetrators (NAP 10) and persons at risk of offending or re-offending (NAP 21). The contractual arrangements that were the subject of the RFTs set out that there would be four phases to service delivery. The first two phases are, on the basis of the tender responses from the two preferred tenderers, expected to take at least five to six months. Those phases involving planning, design and establishing the infrastructure to enable service delivery (including the operation of the helplines and provision of websites) to commence in the third phase. Service delivery to citizens commences in the third phase. The offer periods were extended in January 2025 from August 2024 to April 2025 and the department advised the ANAO in April 2025 that the preferred tenders had agreed to further extend their offer periods (to 31 July 2025).

Rationale for undertaking the audit

5. The establishment of the new services is part of the response to the 2017 final report of the Royal Commission into Institutional Responses to Child Sexual Abuse. The timely conduct of the related procurements is intended to establish services that will provide support and advocacy for a cohort of secondary victims of child sexual abuse perpetration and protect children by intervening before an individual offends. The audit was conducted to provide assurance to the Parliament about the establishment of the two new national services, as well as the department’s approach to procurement.

Audit objective and criteria

6. The audit objective was to assess whether the Attorney-General’s Department’s conduct of the procurements relating to two of the new child sexual abuse-related national services employed open and effective competition and achieved value for money, consistent with the Commonwealth Procurement Rules (CPRs).²

7. The new child sexual abuse-related national services identified as needed by the Royal Commission and agreed by government are not being provided, with no contracts in place for the delivery of those services as at May 2025. The audit examined the conduct of the procurements up to the point at which preferred tenderers were selected as representing the best value for money, and did not examine the conduct of contract negotiations given they had not been completed.

8. To form a conclusion against the objective, the following high-level criteria were adopted.

• Were the procurement processes open, competitive, fair and non-discriminatory?
• Was the selection of preferred tenderers consistent with achieving value for money?

Conclusion

9. The Attorney-General’s Department’s conduct of the procurements for two of the new national services (NAP 21 and NAP 10) did not involve open and effective competition and the selection of preferred tenderers was not consistent with achieving value for money. There have been significant delays with the conduct of both procurements and the preferred tenders were not capable of being accepted by the department without further clarification and negotiation. The offer validity periods expired with substantive matters continuing to be negotiated with each preferred tenderer.³ While the department selected preferred tenderers in June 2024 (for NAP 21) and September 2024 (for NAP 10) as offering the best value for money through a competitive procurement process, since then it has, in effect, conducted limited tenders with the two preferred tenderers, in circumstances that do not satisfy the conditions for a limited tender set out in the Commonwealth Procurement Rules (CPRS).⁴

10. The Attorney-General’s Department (AGD) conducted a single-stage, open approach to market for each of the NAP 10 and NAP 21 services. In most respects, the Request for Tender (RFT) documentation for the NAP 10 and NAP 21 procurements identified the information required by the Commonwealth Procurement Rules. The procurement processes were not conducted in accordance with the Commonwealth Procurement Rules. Of note:

• Seven of the 11 tenders received for the NAP 10 and NAP 21 procurements were not compliant with one or more of the requirements set out in the RFTs. This included six tenders that did not provide all of the pricing information that the RFT stated was required to be submitted to inform evaluation. The department’s approach did not include any marking down of the evaluation of those tenderers against the price criterion to reflect that information required by the RFT had not been provided. The two preferred tenderers were in the cohort of seven.
• The procurement processes were not consistently conducted in accordance with ethical requirements. The engagement of the probity adviser was through a process that lacked probity, and the later engagement (without any competition) of the probity adviser to also provide strategic procurement advice adversely impacted the independence and objectivity of the probity adviser.⁵ The declaration and management of conflicts of interest was also not to an appropriate standard. This included ineffective management of a conflict the chair of the Evaluation Committee for the NAP 21 procurement had with the tenderer that emerged as the preferred candidate.

11. In relation to advisers and consultants to support the conduct of the NAP 10 and NAP 21 service procurements, competition was not employed for five of the nine engagements and the department did not evaluate candidates against the specified criteria for each of the procurements.

12. The procurements were not timely with the result that selection of preferred tenderers occurred later than planned, no contracts are in place as of May 2025 and services are not being provided. The approach to evaluation was not designed and conducted in a way that enabled the Attorney-General’s Department (AGD) to demonstrate achievement of value for money in the selection of preferred tenderers for the National Action Plan Measure 10 (NAP 10) and National Action Plan Measure 21 (NAP 21) procurements.

• Departmental records do not document how the budgeted funding amounts for services were arrived at. Awarding the contracts to tenders that were less than the budgeted funding was an important element of procurement planning yet the price criterion was not one of the weighted evaluation criteria. The budgeted amounts played an important role in the outcome of the procurement process for the NAP 10 procurement.
• While tender evaluation plans were in place prior to the closing date for the NAP 10 and NAP 21 tenders, they did not adequately address how the department planned to evaluate the pricing information tenderers were required to include. The department also admitted into evaluation tenders that had not provided all of the required pricing information (including from the two preferred tenderers).
• The conduct of the tender evaluation for the NAP 10 and NAP 21 procurements was not timely. It was also not consistent with approach to market documents.
• The department’s evaluation records do not clearly demonstrate that the preferred tenderers for the NAP 10 and NAP 21 procurements provided the best value for money.

13. The processes to engage the consultants and advisers to support the NAP 10 and NAP 21 procurements also did not demonstrate value for money. This was due to an absence of competition and/or value for money not being assessed, or the successful candidate not being assessed as providing the best value for money.

Supporting findings

Open and competitive procurement

14. Open tender approaches to market were employed to engage the service providers for the NAP 10 and NAP 21 services. The procurement approach to engage the evaluation provider was a panel procurement, which involved approaching 12 candidates to respond to a RFQ. When procuring advisers and consultants to assist with the NAP 10 and NAP 21 procurements, the department’s processes involved some competition for less than half of the engagements and no competition for more than half of the engagements, which is inconsistent with the Commonwealth Procurement Rules. (See paragraphs 2.3 to 2.16)

15. In most respects, the RFT documentation for the NAP 10 and NAP 21 procurements issued by AGD identified the information required by the CPRs. This included the conditions for participation, minimum content and format requirements and evaluation criteria. AGD did not clearly identify the relative importance of each of the criteria to be applied in the evaluation processes. (See paragraphs 2.17 to 2.34)

16. With one exception, all tenders accepted for evaluation had been lodged by the specified closing date. ( See paragraphs 2.35 to 2.36)

17. Six of the tenders received for the NAP 10 and NAP 21 procurements were not compliant with the requirements of the RFT. The two preferred tenderers were not compliant with all of the requirements set out in the RFT, as neither had submitted all of the pricing information that the RFT had said was required. In addition, for the NAP 21 procurement, for the preferred tenderer the evaluation report identified 24 items related to service delivery, the solution/technical issues, legal/contract issues and pricing issues for which additional information was required by the department before a contract negotiation directive could be prepared. The department’s approach also did not satisfy the requirement of the CPRs that further consideration only be given to submissions that meet minimum content and format requirements. Three of the tenders for the NAP 10 and NAP 21 procurements that did not meet those requirements were progressed to evaluation before the department sought to address the situation. (See paragraphs 2.37 to 2.43)

18. Tenders for the NAP 10 and NAP 21 procurements were not fully and fairly evaluated against each of the criteria. In relation to the price criterion, tenderers were required to provide information under three scenarios (low, medium and high call volumes). The department did not evaluate tenders under each of the three scenarios because not all tenderers provided the required information. For the NAP 21 procurement, the department analysed the high volume call scenario whereas, for the NAP 10 procurement, the medium call volume scenario was used. The department’s approach reflects that it accepted for evaluation tenders that had not provided all the required price information and so it used the call volume scenario in each tender where it had a response from all tenderers. The approach to evaluation did not include any marking down of the evaluation against the price criterion for the tenderers that had not provided all of the required information.

19. In relation to the evaluation provider procurement, a second evaluation panel had to convene to re-evaluate responses after the department became aware it had not evaluated all four of those received.

20. For one of the procurements of advisers, the department’s evaluation did not address a mandatory requirement such that it had to retract its advice that the candidate assessed as offering value for money was preferred after it eventuated that the candidate did not meet the requirement. (See paragraphs 2.44 to 2.91)

21. The department did not conduct all tender clarification and collaboration activities in a fair and transparent manner as required by the Commonwealth Procurement Rules. (See paragraphs 2.92 to 2.105)

22. The department’s procurement processes did not demonstrate ethical conduct as required by the Commonwealth Procurement Rules.⁶ This included the approach employed to procuring the probity adviser. The department did not have an effective approach to the declaration, and management, of conflicts of interest. (See paragraphs 2.106 to 2.151)

Demonstrating achievement of value for money

23. Departmental records do not document how the budgeted funding amounts for services were arrived at. (See paragraphs 3.2 to 3.8)

24. There have been significant delays with the department’s conduct of the procurements with the result that the services aimed at protecting children from sexual abuse by intervening before an individual offends or re-offends, and at providing nationally available free support to non-offending family members of child sexual abuse perpetrators, are not yet available. The Requests for Tender (RFTs) were issued later than had been planned by the department. It also took longer than planned to evaluate the tender responses, select the preferred tenderers (who were notified in June 2024 and September 2024) and enter into contract negotiations. The offer validity periods expired with substantive matters continuing to be negotiated with each preferred tenderer. Should contract negotiations be successful, the department expects that services will not begin to be provided until mid-2025, which would be four years and eight months after the National Strategy was released. (See paragraphs 3.9 to 3.19)

25. Tender evaluation plans were in place prior to the closing date for the NAP 10 and NAP 21 tenders. The evaluation plans had not been signed off by the probity adviser. The evaluation plans did not adequately address how the department planned to evaluate the pricing information tenderers were required to submit. (See paragraphs 3.20 to 3.30)

26. The conduct of the tender evaluation for the NAP 10 and NAP 21 procurements was not timely and was not consistent with approach to market documents. (See paragraphs 3.31 to 3.44)

27. The department’s evaluation records do not clearly demonstrate that the preferred tenderers provided the best value for money.

• Each of the two preferred tenderers had not provided all of the information the RFT had identified as being required.
• For the NAP 21 procurement, after it was selected as the preferred tenderer, the department obtained significant additional information from the tenderer related to service delivery, the solution/technical issues and legal/contract issues. The need for this information was not identified in the tender evaluation report.
• For the NAP 10 procurement, the tenderer that scored highest against the weighted criteria was excluded from participating further in the tender process in favour of the second highest scoring tenderer. There were also departures from the RFT in terms of the evaluation criteria that were applied, and the approach taken to putting in place a performance guarantee with the successful tenderer. Further, the tender evaluation report did not identify that the department considered there were areas requiring clarification relating to pricing issues and solution/technical issues, including a concern that the tenderer’s pricing for the medium and high call volume scenarios exceeded the budgeted amount for each year of service delivery. (See paragraphs 3.45 to 3.60)

28. The roles and responsibilities of individuals involved in the NAP 10 and NAP 21 procurements set out in the evaluation plans provided for an appropriate separation of duties between the spending delegate and the Evaluation Committees. The probity adviser was not independent of the procurement processes as it also performed the role of strategic procurement adviser. (See paragraphs 3.61 to 3.65)

29. Appropriate procurement records were partly maintained. While available records addressed the requirement for the NAP 10 and NAP 21 procurements, evidence to support key decisions was not maintained. In addition, the tender evaluation report did not accurately reflect the evaluation process that was employed or satisfactorily demonstrate that value for money had been achieved. There are no records evidencing how the department arrived at the budgeted amounts for the two services. (See paragraphs 3.66 to 3.71)

30. Contracts for the two new services have not been signed, meaning the requirement to report on AusTender has not been triggered. The department met its obligation to report the evaluation provider contract accurately within the 42 day deadline. The department was also required to report on AusTender a number of the adviser and consultant contracts it entered into for the purpose of assisting with the main procurements. There were delays and inaccuracies in reporting of six of the eight contracts that required reporting on AusTender. (See paragraphs 3.72 to 3.74)

Recommendations

Summary of entity response

31. The proposed audit report was provided to the Attorney-General’s Department and an extract of the proposed report was provided to Astryx Pty Ltd. The Attorney-General’s Department’s summary response is reproduced below.

Attorney General’s Department

The department appreciates the opportunity afforded from the ANAO audit process to improve future procurement practices and accepts the ANAO’s key finding in the Section 19 Report. This includes all six of the ANAO’s recommendations, along with the opportunities for improvement identified throughout. The procurement processes being reviewed were complex in nature and the department made genuine efforts to ensure correct process was followed and ethical requirements were met throughout. The department has already taken steps to improve current procurements being run the by the National Office for Child Safety (NOCS) based on discussions with the ANAO, and is also committed to implementing departmental-wide improvements. The department thanks the ANAO for its audit of the conduct of procurements relating to two new child sexual abused-related national services, and is confident that procurement practices of NOCS, and across the whole of the department, will be improved as a result.

Background

1. The Greenhouse and Energy Minimum Standards Act 2012 (GEMS Act) establishes the national framework for the regulation of appliance and equipment energy efficiency standards. The purpose of the program is to prevent the sale of the most energy inefficient products in the Australian market and to help inform Australian consumers about the energy efficiency of products when making decisions about which products to purchase. It aims to:

• reduce energy consumption, and associated greenhouse gas emissions and energy costs, of Australian households and businesses; and
• incentivise manufacturers to innovate and produce more energy efficient products.¹

2. The GEMS Regulator, who sits within the Department of Climate Change, Energy, the Environment and Water (the department), is responsible for administering the GEMS Act.

Rationale for undertaking the audit

3. In April 2024, the Australian Government published its National Energy Performance Strategy (the strategy), which aims to ‘drive a high energy performance economy and help consumers take control of their energy use and save on bills’.² The strategy identifies the regulation of appliance and equipment energy efficiency standards as ‘one of the most effective mechanisms for decarbonisation and ensuring consumers benefit from energy performance improvements’.³

4. This audit provides independent assurance to the Parliament regarding the effectiveness of the department’s administration of the GEMS Act and its regulation of appliance and equipment energy efficiency standards.

Audit objective and criteria

5. The objective of the audit was to assess the effectiveness of the department’s regulation of appliance and equipment energy efficiency standards.

6. To form a conclusion against the objective, the following criteria were adopted:

• Have appropriate arrangements been established to support regulatory activities?
• Has the regulatory approach been effectively implemented?

7. The audit focused on the department’s administration of the GEMS Act and its regulation of appliance and equipment energy efficiency standards. The audit did not examine the appropriateness of GEMS determinations or the accuracy of the data that was used to inform the determinations or the appropriateness of methodologies used to calculate estimated energy savings and emission reductions resulting from the scheme.

Conclusion

8. The department’s regulation of appliance and equipment energy efficiency standards is partly effective. The department has not effectively implemented a risk-based approach that is informed by data, evidence and intelligence. This limits the department’s ability to effectively encourage compliance and deter non-compliance. The department is unable to demonstrate whether the GEMS program is achieving its intended purpose.

9. The arrangements to support regulatory activities for the GEMS program are partly effective. The GEMS program’s records are incomplete, missing contextual information underpinning the records and may not be connected with related records. Staff supporting the program do not have direct access to GEMS records prior to 2020. Between 6 December 2022 and 30 June 2024, 87 per cent of registration applications were processed without appropriate delegations. The department was not managing risk for the GEMS program. Thirty-six per cent of GEMS staff in 2024, including the GEMS Regulator, did not make the required annual conflict of interest declaration. The department has established policies, procedures or guidance to outline how the GEMS Regulator’s powers and functions should operate. The GEMS registration system operated without an authority to operate and did not have effective segregation of duties controls. The GEMS program is not fully recovering its costs. Fees have not been reviewed since 2016–17.

10. The department’s implementation of its regulatory approach is partly effective. It uses the Energy Rating website to inform and engage with regulated entities. The department is undertaking compliance monitoring activities. The check testing conducted by the department is not informed by the department’s assessment of compliance risk. There is a lack of direct access to records prior to 2020 and there are issues impacting the quality of data in the registers used to document compliance monitoring activities and investigations. This limits the quality and completeness of the department’s records of its investigations of suspected non-compliance as well as its ability to effectively utilise the regulatory tools available under the GEMS Act. The GEMS Regulator has issued four infringement notices since the establishment of the program, all of which were not paid and were not enforced. The department is not measuring the program’s impact on reducing energy consumption and carbon emissions and so cannot demonstrate whether the program is achieving its intended purpose.

Supporting findings

Arrangements to support regulatory activities

11. The administration of the GEMS program is overseen by intergovernmental and departmental bodies and structures. The GEMS program’s records are ‘fractured’ and incomplete; staff supporting the program do not have direct access to GEMS records prior to 2020. Between 6 December 2022 and 30 June 2024, 87 per cent of registration applications were processed without appropriate delegations. The department was not managing risk for the GEMS program in accordance with its enterprise risk management framework. Thirty-six per cent of staff supporting the administration of the GEMS program in 2024, including the GEMS Regulator, did not make the required annual conflict of interest declaration in 2024. (See paragraphs 2.3 to 2.63)

12. The department has established policies, procedures or guidance documents to outline how the GEMS Regulator’s powers and functions should operate. The GEMS Register includes fields to record 75 per cent of the information required by the GEMS Act. The GEMS registration system operated without an authority to operate until March 2025, when the system was granted authority to operate. The department had not established segregation of duties controls for the processing of applications to register a GEMS product. Between 2019–20 and 2023–24, there were 439 instances (1.5 per cent) where an application had been assessed and approved by the same individual and six instances (46 per cent) where an application was assessed and refused by the same individual. (See paragraphs 2.64 to 2.96)

13. The department has established a GEMS Compliance Policy that outlines the department’s compliance objective. It has not established performance measures for the GEMS program’s compliance objective. The department has documented a risk-based approach for its compliance monitoring activities and responses to non-compliance. The GEMS program is not fully recovering its costs. Between 2019–20 and 2023–24, the GEMS program recovered an average of 65 per cent of its costs each financial year. GEMS fees have not been reviewed since 2016–17. (See paragraphs 2.97 to 2.122)

Implementation of regulatory approach

14. The department uses the Energy Rating website to provide information to and engage with regulated entities to encourage voluntary compliance. GEMS Inspectors may also provide educational materials regarding the GEMS labelling and registration requirements to suppliers when conducting inspections. Stakeholder satisfaction surveys indicate that stakeholders are satisfied that the department provides them with the support they need to understand and comply with their obligations. ( See paragraphs 3.1 to 3.14)

15. The department is undertaking compliance monitoring activities (market surveillance, check testing and investigating allegations of non-compliance). The department’s check testing records and reporting indicate that check testing activities have been decreasing. Forty-two per cent of GEMS Inspectors operating between 2019–20 and 2023–24 were fully compliant with the minimum requirements used for the GEMS Regulator to be satisfied that a person has suitable training or experience to properly exercise the powers of a GEMS Inspector. The receipt of allegations of suspected non-compliance are not recorded in a central database. (See paragraphs 3.15 to 3.50)

16. The department has established selection criteria for the assessment of compliance risk for its compliance monitoring activities. In 2023–24 and 2024–25, the department’s assessment of compliance risk (to inform check testing) included products registered under less than half of GEMS determinations. The department is not using the assessment of compliance risk it has produced to inform its selection of models for check testing. Sixteen per cent of models check tested in 2023–24 were assessed as within the top 10 highest risk models for their product category. The majority (62 per cent) of models check tested had not been assessed for compliance risk. The ANAO was not able to determine whether the assessment of compliance risk was used to inform the selection of market surveillance activities, as 2024–25 was the department’s first year using its current approach. (See paragraphs 3.52 to 3.85)

17. The highest level of regulatory response issued or sought by the GEMS Regulator since the establishment of the program is an infringement notice. Four infringement notices have been issued, all of which were not paid and were not enforced by the GEMS Regulator. There is a risk that the GEMS Regulator may be seen as unable or unwilling to enforce the GEMS Act, which may limit the department’s ability to effectively encourage compliance and deter non-compliance. The department is not documenting the assessment of the detriment that non-compliance may have caused. The quality and completeness of the department’s records of its investigations of suspected non-compliance are limited by the lack of direct access to records prior to 2020 and issues impacting the quality of data in the department’s register of investigations. The department has established processes for the internal review of reviewable decisions. (See paragraphs 3.90 to 3.130)

18. The GEMS Act has been independently reviewed, as required under the GEMS Act. In 2023, the GEMS program was internally audited. The department conducts annual surveys to measure stakeholder satisfaction. The department prepares annual reports on the operation of the GEMS Act. Reporting on the program’s operation and performance could not be verified against departmental records. The department is not measuring and reporting on the program’s impact on reducing energy consumption and carbon emissions. (See paragraphs 3.131 to 3.157)

Recommendations

Summary of entity response

19. The proposed report was provided to the department. The department’s summary response is reproduced below and the full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

The Department of Climate Change, Energy, the Environment and Water (the department) is committed to effective regulation that achieves legislated outcomes, manages risks proportionately and promotes continuous improvement.

The department welcomes the Australian National Audit Office’s audit report on the Administration of the Equipment Energy Efficiency Program (GEMS) and acknowledges the findings of the audit. The department agrees with all nine of the report’s recommendations and can confirm that changes to strengthen the regulatory oversight of the GEMS Program are well underway.

The GEMS Program is estimated to have saved Australian households and businesses $12–$18 billion in avoided energy costs. In 2021–22 alone, it is estimated to have saved Australia between $1.3 billion and $2 billion in avoided energy costs while delivering greenhouse gas emissions savings of between 4.1 and 6.3 million tonnes⁴. The department is committed to ongoing improvement of the operation of the GEMS Program – in partnership with states, territories and New Zealand – to ensure it continues to deliver energy and cost savings and emissions abatement as an important part of Australia’s pathway to Net Zero.

Background

1. The Child Care Subsidy (CCS) is administered by the Department of Education (Education) under the Family Assistance Law (FAL), to assist families to meet the cost of early childhood education and care.

2. At a cost of $13.6 billion in 2023–24, CCS is one of the ‘fastest-growing major payments’ of the Australian Government, with forecast average annual growth of 5.5 per cent over 2024–25 to 2034–35. As of September 2024, CCS supported 1.45 million children to attend approved care. This equates to 32.6 per cent of all 0 to 13-year-olds in Australia.

3. Education has policy responsibility for the CCS, including the CCS special appropriation. Services Australia is accountable for delivering payment and ICT services on behalf of Education, and for prioritising the service delivery within its budget appropriation.

Rationale for undertaking the audit

4. The CCS was estimated to be one of the top 20 expense programs in 2024–25. Australian Government spending on CCS was $13.6 billion in 2023–24, of which an estimated 3.6 per cent ($484.1 million) was lost to incorrect payments, including fraud and non-compliance. Fraud and non-compliance reduces available funds for public goods and services.

5. This audit was conducted to provide assurance to the Parliament over the effectiveness of the management and oversight of compliance activities within the Child Care Subsidy program. This audit was identified as a priority by the Parliament’s Joint Committee of Public Accounts and Audit in the context of the ANAO’s 2023–24 Annual Audit Work Program.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of the management and oversight of compliance activities within the CCS program.

7. To form a conclusion against the objective, the following high-level audit criteria were adopted:

• Have effective governance arrangements been established?
• Is the approach to compliance activities effective?

Conclusion

8. The management and oversight of compliance activities within the CCS is partly effective. Governance arrangements do not provide Education with whole of program oversight, and evaluation arrangements are only partly implemented. Although the payment accuracy rate improved in 2022–23 and 2023–24, and comprehensive prevention activities are in place, gaps in monitoring and enforcement are not being effectively managed.

9. Education has established partly effective arrangements to oversee CCS compliance activities. Committees accountable to a Senior Executive Service (SES) Band 2 within Education oversee its Child Care Subsidy Financial Integrity Strategy 2023–2027 (Integrity Strategy), which sets out its approach to risk based and data driven regulation of CCS providers and services, to be implemented from 2023 to 2027. To successfully complete its implementation of the Integrity Strategy, Education will need to improve its data quality in the Child Care Intelligence System (CCIS) and implement evaluation arrangements across the full suite of its compliance interventions.

10. Bilateral arrangements between Education and Services Australia are set out in a Statement of Intent and Program Delivery Services Schedule for Child Care Subsidy Program, which detail the objectives, governance, risk and issue management, roles and responsibilities and assurance obligations for CCS services. These arrangements do not provide Education with sufficient oversight of CCS compliance activities within Services Australia. Education has established a CCS Fraud and Corruption Risk Assessment (FCRA), but this is not supported by engagement with Services Australia over shared risks. Services Australia has not established a FCRA that includes CCS.

11. Education and Services Australia have established a partly effective approach to compliance activities. While Education and Services Australia have comprehensive arrangements to prevent non-compliance among providers and families respectively, deficiencies were identified in relation to monitoring, investigations and enforcement.

12. Services Australia is responsible for monitoring family compliance. It does not monitor non-employment activities, is unable to identify CCS-related matters within its tip-off data, and its income monitoring via the CCS reconciliation process is not consistent with the FAL, due to its reliance on lodged tax return data before a notice of assessment has been issued.

13. Education is responsible for monitoring provider compliance, and investigations and enforcement. It monitors whether providers continue to meet some conditions to administer CCS. It does not have assurance that all conditions are met, does not apply quality assurance across all monitoring and investigation activities, and does not investigate possible CCS provider overpayments identified while monitoring payment accuracy via the Random Sample Parent Check (RSPC). Its ability to effectively implement the Integrity Strategy is undermined by poor data quality in CCIS and a lack of cohesive enforcement strategy, which mean it is not able to assess whether decisions to take enforcement action are fair, impartial, consistent, or proportional.

Supporting findings

Governance arrangements

14. Education oversees CCS compliance activities via a Financial Integrity Governance Board (FIGB) and Financial Integrity Operational Committee (FIOC), that are accountable to the responsible SES Band 2. Education does not have visibility of compliance activities or risk management in Services Australia. Bilateral arrangements between the Department of Education and Services Australia are set out in a Statement of Intent between the Chief Executive Officer (CEO) of Services Australia and the Secretary of the Department of Education (Education Secretary). Under the Statement of Intent, the Program Delivery Services Schedule for Child Care Subsidy Program details the objectives, governance, risk and issue management, roles and responsibilities and assurance obligations for CCS services. These do not provide sufficient oversight of CCS compliance activities. (See paragraphs 2.3 to 2.26)

15. Education’s Integrity Strategy documents its approach to risk based and data driven regulation to be implemented from 2023 to 2027. To successfully complete its implementation of the Integrity Strategy, Education will need to improve its CCIS data quality. Although Services Australia’s annual CCS risk management plans document its approach to managing risk in the program, including compliance risk, there is no documented approach (either in Education’s Integrity Strategy or via Services Australia’s own program documentation) that provides strategic direction or describes how risk and data inform decision-making regarding Services Australia’s CCS compliance activities. Education has established a CCS FCRA, although information about the purpose, implementation status, and timeframes of risk treatments is not included. Risk identification, analysis and evaluation within the FCRA is not supported by engagement with Services Australia over shared risks. Services Australia has not established a FCRA that includes CCS. (See paragraphs 2.31 to 2.52)

16. Education monitors the effectiveness of the Integrity Strategy using payment accuracy data drawn from the RSPC and reporting against budget savings measures. As of March 2025, evaluations of compliance interventions have been planned but not yet implemented across the full suite of compliance interventions. Initial intervention evaluations and resulting adjustments for each team are due to be completed in 2025. As such, is not possible to effectively measure the impact of activities undertaken under the Integrity Strategy, or understand the relative contributions of different types of activities. (See paragraphs 2.53 to 2.70)

Approach to compliance activities

17. CCS program design, including the legislative framework administered by Education, has been strengthened to support compliance. Access to the program is managed via provider and individual application processes by Education and Services Australia respectively. Both entities provide appropriate information to stakeholders via a range of sector guidance, communications and advice. Education engages regularly with sector representatives and has commenced work to improve the capability of Family Day Care (FDC) providers to comply with their obligations under the FAL. (See paragraphs 3.2 to 3.19)

18. Education and Services Australia monitor family and provider compliance with the FAL using family income, sessions of care information from providers, electronic funder transfer (EFT) provider audits, and manual checking of provider reporting. These controls focus on incorrect session reporting resulting in incorrect payment. Education does not have assurance that certain other requirements, such as fit and proper person requirements, are met after initial CCS approval has been granted. Where non-compliance is suspected, Education may choose to conduct an administrative or criminal investigation. Services Australia’s use of data for checking family income is not consistent with the FAL, and there are deficiencies in Education’s record keeping, monitoring of ongoing provider and service eligibility for CCS, and quality assurance arrangements in both EFT provider audits and investigations. Services Australia’s collection of tip-off information does not effectively support the identification of CCS matters. (See paragraphs 3.22 to 3.62)

19. Education imposes fines, debts, conditions on approval, suspension and cancellation of approval, and refers matters for criminal prosecution as part of its work to enforce compliance with the FAL. Education does not have a policy to guide decisions on whether, and in what circumstances, to take enforcement action, and enforcement strategy has not been considered by the FIGB. Without cohesive policy guidance for staff, Education is unable to assess whether decisions to take enforcement action are fair, impartial, consistent, or proportional. From 2022–23 to 2023–24, across the CCS, Education withdrew $473,010 (42.2 per cent of the total $1.1 million) of fines issued, raised and recovered 11 compliance-related debts valued at $59,648 (0.9 per cent of the total $6.4 million) and identified but did not investigate 970 potential overpayments with a total value of $106,375. (See paragraphs 3.63 to 3.80)

Recommendations

Summary of entity responses

20. The proposed audit report was provided to the Department of Education and Services Australia. The summary responses are reproduced below and the full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Department of Education

The Department of Education (the department) acknowledges the Australian National Audit Office (ANAO) performance audit on the management and oversight of compliance activities within the Child Care Subsidy (CCS) program.

The management and oversight of compliance activities plays an important role in ensuring the proper use of CCS and the achievement of program outcomes. In the 2023–24 financial year, the department’s integrity activities resulted in the highest accuracy rates in provider claims for CCS on record, exceeding the program target.

These are substantial achievements, testament to the department’s commitment to strong regulation of CCS approved providers and its obligations under the Resource Management Guide-128.

The department is progressing a large work program to strengthen and further mature the delivery of its CCS compliance activities under the CCS Financial Integrity Strategy 2023–27. The department agrees with the seven recommendations and will address these as part of its ongoing commitment to strengthen the management and oversight of CCS compliance activities.

Services Australia

Services Australia (the Agency) welcomes the ANAO report on Management and Oversight of Compliance Activities within the Child Care Subsidy (CCS) Program. The Agency notes the report findings, including that management and oversight of compliance activities within the CCS Program are partly effective.

The Agency’s focus is on efficiently and effectively delivering payments and services to the Australian community, and compliance and program integrity are important aspects of this work. The Agency’s strategies, performance measures, and governance arrangements are focussed on ensuring the right payment to the right person at the right time.

The Agency is committed to continually improving its internal and external governance arrangements, performance monitoring and reporting, compliance activities, and guidance and support to staff to ensure the integrity of the CCS Program.

Background

1. Corporate organisations, including in the public sector, often have a board responsible for their governance. The Australian Institute of Company Directors (AICD) refers to governance as the systems that direct and control — or govern — an organisation¹:

Governance enables authority to be exercised appropriately and for the people who exercise it to be held to account. Good governance is about the effective way decisions are made and power is exercised within an organisation.

2. In March 2025, 74 Australian Government organisations have a body corporate status — known as corporate Commonwealth entities (CCEs). The governing board of a CCE is often the entity’s accountable authority with specific responsibility for ‘leading, governing and setting the strategic direction’ for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

3. Boards of Australian Government entities must govern in a way that complies with the requirements of any enabling legislation, the Commonwealth finance law (which includes the PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule)), and other applicable laws and requirements.

4. Organisations, including CCEs, with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

5. The National Disability Insurance Scheme (NDIS), established in 2013 under the National Disability Insurance Scheme Act 2013 (NDIS Act), provides funding for planned supports for NDIS participants — people with permanent and significant disability. Commonwealth, state, and territory governments jointly fund the NDIS under bilateral arrangements.

6. The National Disability Insurance Agency (NDIA) is responsible for delivering the NDIS under the NDIS Act and is a CCE. The Board of the NDIA (the Board) is the accountable authority of the NDIA.

Rationale for undertaking the audit

7. The NDIS is a demand-driven program. In 2023–24, the NDIA’s participant plan expenses were $41.85 billion, 19 per cent higher than in 2022–23, making this the largest area of Australian Government expenditure managed by the board of a CCE and also the fastest growing Australian Government payment. In May 2024, Budget Paper No. 1 for the 2024–25 Budget stated, ‘NDIS Commonwealth funded participant payments growth is expected to average 9.2 per cent per year over the projections period’ (to 2034–35).²³ With over 692,000 Australians registered as NDIS participants as at 31 December 2024, the NDIA is also an organisation with a direct impact on the lives of a major cohort of vulnerable Australians.

8. This audit topic provides independent assurance to Parliament on the effectiveness of the Board of the NDIA’s governance.

Audit objective and criteria

9. The objective of the audit was to assess the effectiveness of the governance of the Board of the NDIA.

10. To form a conclusion against the objective, the ANAO examined:

• Are the Board’s arrangements consistent with relevant legislative requirements for effective governance?
• Does the Board have fit-for-purpose arrangements to support sufficient oversight of the entity’s operations?

11. The ANAO analysed the Board’s governance for the period 1 July 2021 to 30 June 2024.

Conclusion

12. The Board’s governance was largely effective. The Board could strengthen its overall governance of the NDIA and the NDIS by setting clear requirements for additional strategic reporting to it on the progress of the implementation of financial sustainability initiatives. The Board’s practice of seeking further information and assurance from management where results are below targets, or other issues or risks are reported, was maturing but not consistent across the Board’s and its committees’ meetings.

13. The Board’s governance and administrative arrangements are largely consistent with relevant legislative requirements for effective governance. Board appointments are in accordance with legislative requirements and Board meetings are properly constituted. Management plans are not consistently developed for Board members’ declared real or apparent conflicts of interest.

14. The Board has a largely fit-for-purpose charter and has established committees that support it though reviewing relevant management reports and products before these are submitted to the full Board. A Sustainability Committee provides support for the oversight of actuarial reporting and NDIS financial sustainability. The Strategic Directions and Participant Outcomes Committee did not provide the Board sufficient advice against its broad charter functions, including advice on NDIA priorities.

15. Prior to March 2024, the Audit Committee structure limited its ability to provide the required range of independent advice and assurance to the Board, with risk oversight managed by a separate Risk Committee and reliance placed on the committees and Board informally sharing information. A combined Audit and Risk Committee (ARC), in place since March 2024, supports the Board by reviewing all required areas of reporting on NDIA finance, performance, risk and internal control. None of the committees provide written advice to the Board.

16. The Board has established partly fit-for-purpose arrangements to oversee NDIA operations. The Board had regard to advice and reports from the Scheme Actuary, the Independent Advisory Council and the ARC. Decision records did not always show the Board’s consideration of relevant legislative criteria. As reporting on regulatory compliance was aggregated, it lacked detail, and the Board did not always respond to indicators of non-compliance. Requirements of the National Disability Insurance Scheme—Risk Management Rules 2013 were not all met. The Board monitored and received reporting from the NDIA on NDIS sustainability and fraud risk. The Board has not directed strategic reporting on reforms to assure itself that the NDIA will fulfil the Australian Government’s commitments to moderate growth in NDIS expenses.

17. The Board has arrangements to meet PGPA Act requirements relating to governing the NDIA, systems of risk control, cooperation with others and reporting to the Minister for the NDIS. When reports on areas of poor performance or other issues are provided, the Board and its supporting committees could improve its governance by consistently seeking further information or assurance from management. Consistently seeking additional information would support the Board to mature further into a strategic role.

Supporting findings

Board governance and structure

18. Board member appointments between July 2021 and June 2024 complied with relevant NDIS Act requirements. The Department of Social Services (DSS) maintained records of appointments and advised the minister on current and upcoming vacancies. (See paragraphs 2.2 to 2.22)

19. Board meetings were properly constituted, and sufficiently frequent, with records maintained. The Board had not set guidance for the use and records of ‘in camera’ sessions. Inaccurate remuneration payments were made to Board members in 2022–23 and 2023–24. (See paragraphs 2.23 to 2.39)

20. A register of Board member interests was updated regularly. Of the seven declared interests identified by members as potential or actual conflicts, one had a documented management strategy. Conflict of interest procedures were largely followed for scheduled Board meetings; they were not consistently followed for out of session meetings or decisions without meetings. (See paragraphs 2.40 to 2.57)

21. The Board has established committees to support the governance of the NDIA. The charters for committees could be improved to set out voting requirements, the extent of delegated authority, and specify requirements for making decisions without meetings. The ARC charter could be improved by specifying who cannot be a member of the committee. The Board has not documented which NDIA policies require its approval. (See paragraphs 2.58 to 2.84)

22. The role of the committees is to provide advice to the Board on: the financial sustainability of the NDIS (Sustainability Committee); and the objectives, strategies, and policies to be followed by the NDIA, with a dedicated focus on participant outcomes (Strategic Direction and Participant Outcomes Committee). In March 2024, the Audit Committee and Risk Committee were merged into the ARC — its role is to review and advise on the appropriateness of the NDIA’s financial and performance reporting, systems of risk oversight and management, and systems of internal control. Committee membership was largely consistent with charter requirements. (See paragraphs 2.85 to 2.121)

23. Each committee receives relevant reporting according to its function and gave verbal updates and meeting minutes to the Board. The committees have not always provided written advice on critical and high-risk areas that require further Board consideration and direction, and it is unclear if the committees’ verbal updates and meeting minutes provided assurance and assisted with informing decision-making and the efficient running of the Board. (See paragraphs 2.85 to 2.121)

Oversight of compliance and performance

24. The Board has issued Accountable Authority Instructions and guidance to NDIA officials to support legislative compliance. The Board made CEO appointments and had regard to advice from the Independent Advisory Council, Scheme Actuary and ARC, consistent with NDIS Act requirements. (See paragraphs 3.3 to 3.19)

25. Reporting to the Board on regulatory compliance is aggregated which reduced the Board’s visibility of the adequacy of internal controls. The Board did not respond to senior executive advice that they could not give full assurance over their regulatory compliance obligations. The Board provided annual risk management declarations, as required by the NDIS Risk Management Rules 2013. The Board did not review its Risk Management Framework or receive sufficient reporting on NDIA risk culture, resourcing and control effectiveness, as required. (See paragraphs 3.20 to 3.47)

26. The Board has monitored NDIS financial sustainability and NDIS fraud risk. This included consideration of draft reform initiatives proposed to address increasing NDIS expenses. It is not clear if the Board provided NDIA management with direction on reform initiatives proposed before these were included in advice to government. The Board receives regular updates on the progress of reform activities. It is not clear if the Board has been active in directing reporting on reform deliverables to assure itself that the NDIA will fulfil the Australian Government’s NDIS Financial Sustainability Framework commitments. (See paragraphs 3.48 to 3.83)

27. Corporate plans largely complied with PGPA Rule requirements, and the Board approved the performance measures in corporate plans prior to their publication. Eleven of the NDIA’s 19 measures for the 2023–24 Annual Performance Statements satisfied relevant PGPA Rule requirements. The performance measures for 2023–24 did not reflect the NDIA function of managing NDIS financial sustainability, although new measures in the 2024–25 corporate plan relate to this function. (See paragraphs 3.84 to 3.114)

28. The Board received and discussed regular reporting on results against corporate plan performance measures, although it did not consistently seek further detail or assurance where internal reporting indicated poor results or potential issues with reporting mechanisms. (See paragraphs 3.84 to 3.114)

Recommendations

Summary of entity responses

29. Copies of the proposed report were provided to the NDIA and DSS. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the audit are listed in Appendix 2.

National Disability Insurance Agency

The National Disability Insurance Agency (NDIA) welcomes the ANAO’s assessment that NDIA Board’s governance is largely effective. We note the ANAO conclusions that governance arrangements are largely consistent with its legislative requirements; that Board appointments are in accordance with legislative requirements; and Board meetings are properly constituted.

The NDIA Board acknowledges the importance of having clear and specific guidance and governance processes in relation to the Board’s responsibilities, including how these are executed. The Board has recently updated key artefacts that relate to Board practices and processes that the ANAO has identified as areas for improvement. This includes updating the Board and/or Committee charter to include clarification on the use of in camera sessions, management of conflicts of interest, and how the Audit and Risk committee provides advice to the Board.

As noted in the report, the Board approved a workplan for 2025 which identifies key artefacts required to fulfill the Board’s statutory obligations. The Board also has standing items for areas that Board has identified as either requiring monitoring or of particular interest to the Board. The Board acknowledges there is an opportunity to provide management with clarity regarding the Board’s expectations regarding strategic reporting on key programs, additional reporting where targets are not being met, and the policies and documents that the Board should approve or have oversight over.

Department of Social Services

The Department of Social Services (the Department) welcomes the Australian National Audit Office (ANAO) report on the Effectiveness of the Board of the National Disability Insurance Agency.

The Department notes the report’s three recommendations refer to the Board of the National Disability Insurance Agency.

The Department notes the key messages from this audit for all Australian Government entities, including considering whether key stakeholders and decision makers have specific accessibility requirements and producing relevant documents in accessible formats.

Background

1. Reducing the disparity between Indigenous and non-Indigenous economic outcomes has been a longstanding goal of Australian governments. The National Agreement on Closing the Gap aims to strengthen economic participation and development of Aboriginal and Torres Strait Islander people and their communities.¹ Increasing opportunities for Indigenous economic participation has also been an area of interest for the Australian Parliament.²

2. The Indigenous Procurement Policy (IPP) was established in 2015 with the objective ‘to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy’.³ One of three elements of the IPP are the mandatory minimum requirements (MMRs), which are targets for minimum Indigenous employment and/or supply use for Australian Government contracts valued from $7.5 million in certain specified industries.⁴ The National Indigenous Australians Agency (NIAA) is responsible for administering the IPP, including the MMRs.

Rationale for undertaking the audit

3. The stated policy objective of the MMRs is to ‘ensure that Indigenous Australians gain skills and economic benefit from some of the larger pieces of work that the Commonwealth outsources, including in Remote Areas’.⁵ Compliance with the MMRs is mandatory for non-corporate Commonwealth entities. The MMRs were established in July 2015 and became binding on contractors from 1 July 2016.

4. Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements was undertaken to provide assurance that the MMRs were being effectively administered and selected entities were complying with them.⁶ The audit concluded that while the MMRs were effectively designed, their administration had been undermined by ineffective implementation and monitoring by the policy owner and insufficient compliance by the selected entities.⁷ The audit made six recommendations to improve administration of and compliance with the MMRs, which were all agreed to.

5. Auditor-General reports identify risks to the successful delivery of government outcomes and provide recommendations to address them. The tabling in the Parliament of an agreed response to an Auditor-General recommendation is a formal commitment by the entity to implement the recommended action. Effective implementation of agreed Auditor-General recommendations demonstrates accountability to the Parliament and contributes to realising the full benefit of an audit.⁸

6. This audit examines whether the NIAA; Department of Defence (Defence); Department of Education (Education); Department of Employment and Workplace Relations (DEWR)⁹; Department of Home Affairs (Home Affairs); and Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts (Infrastructure) have effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20. Entities’ implementation of agreed recommendations will help provide assurance to the Parliament about whether the MMRs are meeting the objective of stimulating Indigenous entrepreneurship, business and economic development and providing Indigenous Australians with opportunities to participate in the economy.

Audit objective and criteria

7. The audit objective was to assess whether selected entities effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.

8. To form a conclusion against the objective, the following high-level criteria were adopted.

• Did the NIAA implement recommendations related to the administration of the MMRs?
• Does the NIAA manage exemptions to the MMRs effectively?
• Did selected entities implement recommendations related to their compliance with the MMRs?

Conclusion

9. Almost five years after the recommendations were agreed to, entities had partly implemented recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements. Although the NIAA had improved guidance for entities and sought to increase MMR reporting compliance, a recommendation for the NIAA as the policy owner to implement an evaluation strategy was not completed. The NIAA has not demonstrated whether the MMRs are improving Indigenous economic participation. A risk related to the inappropriate use of exemptions was not managed. Recommendations intended to address the risk that reporting on MMR contracts is incomplete and inaccurate were partly implemented by audited entities. Reforms to the Indigenous Procurement Policy were announced in February 2025 without a clear understanding of the policy’s effectiveness.

10. The NIAA largely implemented two of three recommendations relating to its administration of the MMRs: to develop guidance on the MMRs for Australian Government entities and contractors; and to implement a strategy to increase MMR reporting compliance. The NIAA did not complete a third recommendation as it developed but did not implement an MMR evaluation strategy. Additional commitments made by the NIAA in response to two recommendations were not met.

11. Contracts subject to the MMRs may be exempted by entities for valid reasons established in the Indigenous Procurement Policy. The inappropriate use of exemptions impedes achievement of the Indigenous Procurement Policy’s objectives. The NIAA’s management of exemptions has been partly effective. Systems have been set up to allow potentially invalid exemptions. There is a lack of guidance and assurance over the appropriate use of exemptions.

12. Defence, Education and Home Affairs largely implemented the agreed recommendations relating to compliance with the MMRs. The NIAA, DEWR and Infrastructure partly implemented the agreed recommendations. The MMRs are relevant to the approach to market, tender evaluation, contract management, reporting and finalisation phases of a procurement. Compliance with the MMR requirements was higher in the approach to market, tender evaluation and contract management phases than in the reporting and finalisation phases. All entities could do more to ensure contractors’ compliance with MMR targets and to gain assurance over reported MMR performance.

Supporting findings

Administration of mandatory minimum requirements

13. Auditor-General Report No. 25 2019–20 recommended that the NIAA develop tailored guidance on managing the MMRs throughout the contract lifecycle in consultation with entities and contractors. The NIAA published updated guidance on managing the MMRs in July 2020, following stakeholder consultation. The guidance included complete information for nine of 14 topics identified as requiring additional guidance in Auditor-General Report No. 25 2019–20. Guidance included incomplete information on MMR exemptions, managing MMR performance reporting, and obtaining assurance over contractors’ MMR performance reporting. As at March 2025, guidance had not been updated since July 2020 despite changes to MMR reporting requirements. A commitment to publish guidance tailored for Indigenous businesses was not met. (See paragraphs 2.5 to 2.22)

14. Contractors must report on, and Australian Government entities must assess, performance in meeting agreed MMR targets. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement a strategy to increase entity and contractor compliance with MMR reporting requirements to ensure information in the Indigenous Procurement Policy Reporting Solution (IPPRS) is complete. The NIAA planned and undertook activities aimed at increasing contractors’ compliance with MMR reporting requirements and entities’ management of reporting non-compliance. These included improvements to the IPPRS and monitoring reporting compliance in Australian Government portfolios. The NIAA closed the ANAO recommendation before planned changes to the IPPRS were implemented. As at February 2025, the IPPRS did not fully support contract managers to meet reporting requirements for all types of MMR contracts. User feedback indicated ongoing access and support issues. While reporting compliance increased between 2022 and 2024, as at June 2024, entities and contractors were not fully compliant with MMR reporting requirements and information in the IPPRS was incomplete. Reforms to the IPP announced by government in February 2025 included potentially increasing transparency of suppliers’ performance against MMR targets. (See paragraphs 2.23 to 2.32)

15. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement an evaluation strategy for the MMRs that outlines an approach to measuring the impact of the policy on Aboriginal and Torres Strait Islander employment and business outcomes. Although an evaluation strategy for the MMRs was finalised, it was not implemented. The NIAA has not met requirements to review the effectiveness of a procurement-connected policy every five years. There is no performance monitoring and limited public reporting about the MMRs. (See paragraphs 2.33 to 2.54)

Exemptions from mandatory minimum requirements

16. Between July 2016 and September 2024, 63 per cent (valued at $69.3 billion) of all contracts recorded in the Indigenous Procurement Policy Reporting Solution (IPPRS) were exempted from the MRRs by relevant entities. The proportion of contracts exempted by entities from the MMRs has increased over time. The IPPRS has been set up by the NIAA to allow entities to record reasons for exemptions. The reason categories in the IPPRS mainly align with the Indigenous Procurement Policy, however include a category called ‘other’ that does not align. Of exempted contracts, 34 per cent (valued at $30.2 billion) used the exemption category ‘other’. The NIAA advised the ANAO that some contracts exempted for ‘other’ reasons were exempted because they are in practice non-compliant with the Indigenous Procurement Policy. Entities’ use of the ‘other’ exemption category for non-compliant contracts obscures the degree of non-compliance with the MMRs and is not appropriate. The NIAA does not provide complete guidance on the use of exemptions, or assurance over the legitimacy of exemptions. The NIAA has not considered the strategic implications of exemption usage for the achievement of policy objectives. (See paragraphs 3.1 to 3.13)

Compliance with mandatory minimum requirements

17. Auditor-General Report No. 25 2019–20 recommended that all audited entities review and update their procurement protocols to ensure procuring officers undertaking major procurements that trigger the MMRs comply with required steps in the procurement process.

• As at December 2024, all entities updated their procurement protocols for MMR requirements. One component of this was the development of detailed internal guidance. As at December 2024, Defence, Education, Home Affairs and Infrastructure’s guidance identified key MMR requirements for the approach to market to contract management phases of the procurement lifecycle. DEWR’s guidance and the NIAA’s internal guidance did not identify all key MMR requirements.
• Aside from Home Affairs, all entities’ contracts were largely compliant with the MMRs at the approach to market, tender evaluation and contract management phases of the procurement lifecycle. Home Affairs’ contracts was partly compliant. Defence’s compliance was poorer for contracts resulting from panel procurements.
• All audited entities could improve tender evaluation processes by including an IPPRS search on tenderers’ past MMR compliance.
• In summary: Defence, Education, and Infrastructure largely implemented the 2019–20 recommendation, and the NIAA and DEWR partly implemented it. Home Affairs’ guidance was appropriately updated, however it has not consistently ensured that procuring officers undertaking major procurements that trigger the MMRs comply in practice with the required steps. (See paragraphs 4.3 to 4.18)

18. Auditor-General Report No. 25 2019–20 recommended that all audited entities establish processes, or update existing processes, to ensure contract managers and contractors regularly use the IPP Reporting Solution (IPPRS) for MMR reporting.

• Defence, Education and Home Affairs’ internal guidance identified key IPPRS reporting requirements, while the NIAA, DEWR and Infrastructure’s internal guidance did not identify all key requirements.
• For a sample of contracts, the NIAA’s MMR reporting was timely and based on accurate IPPRS data. For the other five entities, there were issues with both timeliness and accuracy. None of the five entities consistently followed up on late contractor reporting.
• When a contract variation is published on AusTender, IPPRS data is not consistently updated. This means a contract may be identified as on track to meet the MMR target based on incorrect values or a contract may move to the finalisation step prematurely as the end date is inaccurate.
• In summary: Defence, Education and Home Affairs largely implemented the 2019–20 recommendation, and the NIAA, DEWR and Infrastructure partly implemented it. (See paragraphs 4.19 to 4.37)

19. Auditor-General Report No. 25 2019–20 recommended that after guidance has been provided by the policy owner, all audited entities establish appropriate controls and risk-based assurance activities for active MMR contracts.

• As the policy owner, the NIAA published guidance in July 2020 that has a short overview on how MMR performance information could be verified.
• All six entities established at least some controls and arrangements to gain assurance over contractors’ MMR performance reporting. Controls and arrangements were more developed in Education and Home Affairs.
• For a sample of contracts examined, none of the entities consistently undertook assurance activities to verify contractor performance reporting. Defence undertook the most assurance activity.
• In summary: all entities partly implemented the 2019–20 recommendation. (See paragraphs 4.38 to 4.59)

Note a: Based on 161 contracts where an assessment outcome was reported as at 30 September 2024.

Note b: Joint Standing Committee on Aboriginal and Torres Strait Islander Affairs, Inquiry into economic self-determination and opportunities for First Nations Australians (2024), pp. 13–19, 39–40.

Recommendations

20. This report makes eight recommendations.

Summary of entity responses

21. Extracts of the proposed audit report were provided to the NIAA, Defence, Education, DEWR, Home Affairs and Infrastructure. Entities’ summary responses are provided below. Entities’ full responses are provided at Appendix 1.

National Indigenous Australians Agency

The National Indigenous Australians Agency (NIAA) welcomes the findings of the audit.

The primary purpose of the Indigenous Procurement Policy (IPP) is to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy. The Mandatory Minimum Requirements (MMR) are a key component of this policy.

Prior to the implementation of the policy in 2015, Indigenous businesses secured limited business from Commonwealth procurement. The policy has significantly increased the rate of purchasing from Indigenous businesses.

The NIAA is proud to take the lead on behalf of the Commonwealth in providing advice on how to best meet the requirements of the IPP. The NIAA provides advice to Commonwealth entities through its many publications and its dedicated IPP team. Within the resources available, the NIAA has also invested in providing ICT tools and support to assist Commonwealth entities with their responsibility to ensure accurate reporting on targets and MMRs.

As with all other elements of the Commonwealth Procurement Rules, it is the responsibility of each Commonwealth entity to meet the obligations of the IPP. The NIAA welcomes the ANAO’s recommendations on how it can improve the advice it provides to entities to meet their obligations.

Department of Defence

Defence welcomes the ANAO Audit Report assessing whether selected entities effectively implemented the agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.

Defence agrees to the recommendation directed at all audited entities to establish or strengthen processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with the mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

As the Commonwealth’s largest procurer, Defence is proud of its significant commitment towards supporting the long-term growth and sustainability of the Indigenous business sector, and will continue working with the National Indigenous Australians Agency to improve the monitoring and reporting of the MMR targets.

Department of Education

The Department of Education welcomes this report. The report recognises the significant efforts the department has made to implement changes recommended by the ANAO’s performance audit of February 2020, however the department acknowledges the need to continue its efforts to strengthen its processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

Education is already making progress towards meeting the report’s recommendation, including working with contract managers to ensure that assurance activities are performed more consistently, and that contract managers regularly review and verify contractor reports. Education will continue to engage with departmental contract managers to ensure that MMR contracts are actioned in the IPPRS within the audit’s recommended timeframes.

Education notes the audit’s broader messages to all entities on the importance of strengthening procurement processes to ensure tenderers’ Indigenous Participation Plans are assessed and that assessments are appropriately documented. Education has added additional information to its intranet guidance on the process required when evaluating tender responses for MMR contracts, and its guides on approaching the market and evaluating and selecting suppliers. In addition, Education has updated its Evaluation Plan templates to include MMR requirements as part of the evaluation process, where applicable.

Education are regular participants in the Commonwealth Procurement and Contract Management Community of Practice and participate in networking opportunities across the Australian Public Service, including informal knowledge sharing across entities.

Department of Employment and Workplace Relations

The Department of Employment and Workplace Relations (DEWR) acknowledges the Australian National Audit Office’s (ANAO) report detailing the outcomes of the follow up audit of Targets for minimum Indigenous employment or supply use in major Australian Government procurements.

DEWR is committed to delivering compliant procurement processes that deliver the expected business outcomes. This includes ensuring compliance with the Indigenous Procurement Policy and that our high value (as defined by the Indigenous Procurement Policy) contracts are properly managed and reported on. Starting from a low maturity level, we have been on a continuous journey of improvement since the Department’s creation in July 2022 (following a Machinery of Government change). We acknowledge and accept the ANAO’s findings and commit to implementing their recommendations as part of our broader procurement maturity program of work.

Department of Home Affairs

The Department of Home Affairs is committed to the implementation of the Government’s policy objective to drive growth in Aboriginal and Torres Strait Islander businesses and employment.

The Department agrees with the two recommendations made by the Auditor-General aimed at improving the Department’s compliance with mandatory minimum requirements (MMR) of the Indigenous Procurement Policy throughout the procurement and contract management phases, and will strengthen its processes, guidance, reporting and assurance activities to achieve this.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts

The department supports the policy objectives of the Indigenous Procurement Policy and the achievement of the Mandatory Minimum Requirements (MMR) as a key element of the IPP. This follow up audit, which examined all five of the department’s procurements that triggered the MMR, has highlighted the need for further improvement in aspects of the department’s arrangements for meeting the MMR. The department is committed to making the necessary improvements to its processes.

Background

1. Regulations are sets of rules established by government authorities that aim to deliver better economic, social, and environmental outcomes for Australians and businesses.¹ The Australian Government’s regulator performance framework was first established in 2014. In April 2021, to improve the extent to which regulators had a Statement of Expectations (SOE) in place and up to date, a revised approach to setting expectations for regulator performance was adopted. The key element was a renewed focus on the SOE and responding Statement of Intent (SOI), to be updated with every: change in minister, regulatory leadership or Commonwealth policy; or every two years.

2. SOE are issued by responsible ministers to a regulator to provide ‘greater clarity about government policies and objectives relevant to the regulator in line with its statutory objectives and the priorities the minister expects it to observe in conducting its operations’. Statements of Intent (SOI) respond to the expectations set out in Ministerial Statements of Expectations, outlining ‘how the regulator intends to meet those expectations including how it will demonstrate progress.’² The importance of publication of SOE was highlighted in 2004: ‘allowing the Parliament and the community to be aware of government’s expectations and the responses by statutory authorities.’³

3. From 1 July 2022, responsibility for regulatory policy and reform (including maintenance of the Australian Government regulator stocktake) moved from the Department of the Prime Minister and Cabinet to the Department of Finance (Finance). Finance was provided with $38.19 million in the October 2022–23 Budget for regulatory policy and reform. In the 2023–24 Mid-Year Economic Fiscal Outlook, a further $27.9 million was provided across the forward estimates, with $9.4 million per annum ongoing from 2027–28. With the resources it had been provided, Finance identified that it would be able to deliver oversight through a centrally coordinated and driven approach to support entities to improve regulatory systems.

4. In December 2022 Finance issued Regulator Performance (Resource Management Guide (RMG) 128).⁴ It replaced the Regulator Performance Guide of July 2021. RMG 128 was updated in July 2023. Finance has also issued a guidance note for RMG 128. The guidance note sets out that Finance’s role involves ‘supporting ministers, departments and regulators to issue or refresh Ministerial Statements of Expectations for regulators, and corresponding Regulator Statements of Intent’, and that this includes assisting entities to apply the definitions to functions within their remit. It also provides SOE considerations for different governance models and information on what SOE and SOI should contain.

5. The regulator performance framework outlines that an SOE and responding SOI ‘should’ be in place and refreshed at least every two years. SOE and SOI are not mandated. In this respect, in February 2025, the Department of Finance (Finance), which has stewardship responsibility for the regulator performance framework advised the ANAO that:

Ultimately, however, ministers and accountable authorities are responsible for identifying and settling the regulatory functions within their responsibilities, and whether a Statement of Expectations is issued to a regulator is a matter for the relevant minister. As such, while Finance will continue to support these activities, it is neither appropriate nor meaningful for Finance to take a compliance role in relation to RMG 128.

6. In a March 2025 report, the Joint Committee of Public Accounts and Audit made findings and a recommendation relating to regulator SOE and SOI. The Committee also made a recommendation to Finance about its approach to stewardship of the framework (see further at paragraphs 1.6 to 1.8).

Rationale for undertaking the audit

7. Regulation is an important function of the Australian Government and high-quality regulation — whether of the private, not-for-profit or public sector — is important for the effective functioning of the economy, society and the environment. Australian government regulators and those responsible for regulatory functions are expected to have a current SOE and SOI in place. SOE and SOI are a key accountability mechanism to ensure regulators fulfil their statutory objectives in line with government expectations and policy, and provide transparency to regulated parties. This audit provides assurance to the Parliament about this element of the regulator performance framework.

Audit objective and criteria

8. The audit objective was to assess the effectiveness of the framework in place to have a regulatory Ministerial SOE and a responding SOI in place.

9. To form a conclusion against the objective, the ANAO examined:

• Which functions are subject to Ministerial Statements of Expectations and responding Regulator Statements of Intent?
• What Ministerial Statements of Expectations and responding Regulator Statements of Intent are in place?

Conclusion

10. Regulator Statements of Expectations and Statements of Intent are not in place to cover all regulatory functions. The extent to which regulatory functions are not covered by an SOE and SOI reflects that Finance’s approach to stewardship has not provided oversight through a centrally coordinated and driven approach to support entities. Where entities with regulatory responsibilities do not have an up-to-date SOE and SOI, it is more difficult for the regulator to have clarity about relevant government objectives and the priorities the minister expects the regulator to pursue. The absence of an up-to-date SOE and SOI also impairs transparency and accountability given the statements are meant to be publicly available and provide the basis for regulator performance reporting.

11. There is not a comprehensive list of Australian Government regulators and regulatory functions. Finance’s regulator stocktake does not provide a complete picture of regulatory functions and regulators as there are at least a further 21 regulatory functions in addition to those included in the stocktake. The stocktake also does not provide a complete picture of the Statements of Expectations and responding Statements of Intent that have been issued. This situation reflects that the framework in place does not mandate SOE and SOI be in place, accountable authorities are not always meeting expectations (in part due to shortcomings in the guidance promulgated by Finance) and Finance’s stewardship approach has not provided oversight through a centrally coordinated and driven approach to supporting entities.

12. As of December 2024, there were 57 SOE and 49 SOI in place across 90 regulators.⁵ Of the 90 regulators:

• at least⁶ 18 regulators (20 per cent) had an SOE in place that covered all of their regulatory functions;
• at least 14 regulators (15 per cent) had an SOE in place that covered some of their regulatory functions; and
• 34 (38 per cent) did not have an SOE in place.

13. Most of the regulator SOE and SOI that are in place have content that is consistent with guidance from the Department of Finance. The main areas where the guidance is not being met include: SOE not outlining how the responsible minister will engage with the regulator and, similarly, SOI not addressing how the regulator intends to engage with policy departments and the minister at a high level; and SOE not requesting regulators incorporate them into their corporate plan and annual report.

Supporting findings

Regulators and regulatory functions

14. There is no comprehensive list of regulators and regulatory functions. The identification of regulators and regulatory functions required to have a Statement of Expectations and responding Statement of Intent is based on definitions in Regulator Performance (RMG 128). The definitions require improvement so that accountable authorities are able to identify when Statements should be in place. (See paragraphs 2.2 to 2.28)

15. As of December 2024, the Department of Finance’s regulator stocktake identified 67 regulators across 52 Commonwealth entities having one or more regulatory functions, and that there were 35 SOE in place. The stocktake is incomplete as it does not recognise all regulators or Statements that are in place. Of note, there are at least a further:

• 21 regulators with regulatory functions in addition to those included in the stocktake; and
• 21 SOE in place that are not recognised in the stocktake. This comprises a mixture of entities included in the stocktake with the stocktake not recognising the existence of the SOE and regulatory functions not included in the stocktake where there is an SOE. (See paragraphs 2.29 to 2.44)

Regulator statements

16. As of December 2024, there were at least 57 regulatory Statements of Expectations in place. There were regulatory functions identified by the ANAO that were not covered by a Statement of Expectations (either because the entity did not have a Statement of Expectations, or the Statement of Expectations did not cover all regulatory functions). (See paragraphs 3.2 to 3.23)

17. Most of the Statements of Expectations have content that identifies the government’s expectations. The content of the documents is largely consistent with guidance from the Department of Finance. The main areas where the guidance is not being met comprises: SOE not outlining how the responsible minister will engage with the regulator; SOE not requesting the regulator respond with a Statement of Intent; and SOE not requesting regulators incorporate the statements into their corporate plan and annual report. (See paragraphs 3.24 to 3.27)

18. As of December 2024, there were 49 regulatory Statements of Intent in place. Eight of these had been in place for more than two years. (see paragraphs 3.28 to 3.31)

19. The Regulator Statements of Intent that are in place identify how the government’s expectations will be delivered, consistent with guidance from the Department of Finance. (See paragraphs 3.32 to 3.38)

Recommendations

Summary of entity responses

20. The proposed audit report was provided to the Department of Finance and other regulators. Fifty one regulators provided responses to the ANAO, including 28 regulators that provided formal letter responses set out at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

Department of Finance

The Department of Finance (Finance) welcomes the report and agrees to recommendations 1 and 3, and agrees in principle to recommendations 2 and 4.

Finance’s stewardship role supports government, entities and regulators by providing principles-based advice and guidance to ensure regulatory systems remain fit-for-purpose and easy to navigate and interact with. Finance will continue to provide oversight of regulatory performance by providing specific guidance and support to entities regarding RMG 128, and the development of SOE/SOIs. The findings of the report are instructive, and the recommendations provide an opportunity to take a broader view of how Finance can better support regulatory policy makers and regulators in achieving the policy intent of the regulator performance framework, improve transparency and accountability through the Australian Government regulator stocktake and support regulators to report against the 3 principles of best practice.

Finance is already undertaking work to revise the definition of regulator and regulatory function, improve the completeness and accuracy of the Australian Government regulator stocktake to the extent possible, and refine how we support regulatory policy makers and regulators. We also note report by the Joint Committee of Public Accounts and Audit (JCPAA) inquiry into the administration of Commonwealth regulations (JCPAA Report) on 27 March 2025 makes complementary findings and recommendations.

Australian Energy Regulator

The AER was provided with extracts from the proposed report.

The AER notes that there are no findings or recommendations relating to the AER.

The AER notes the contents of the report, including the key messages. The AER publishes Statements of Expectations and Statements of Intent on the AER website.

Attorney-General’s Department

The department and relevant portfolio entities appreciate the opportunity afforded from the ANAO audit process to improve the operation of Ministerial Statements of Expectations and Responding Statements of Intent. We note the report appropriately reflects commentary provided from the portfolio during the audit process on the available guidance and entity views on being characterised as undertaking regulatory functions under current guidance. We note the four recommendations made to the Department of Finance and the key messages for all Australian Government entities. Further guidance on the definition of regulators, regulatory functions and requirements for Statements of Expectations or Statements of Intent will ensure better understanding and compliance across the Commonwealth.

Australian National University

The Australian National University (the University) welcomes the Australian National Audit Office’s (ANAO) Proposed Audit Report on Ministerial Statements of Expectations and responding Regulator Statements of Intent.

The Australian National University Act 1991 authorises the Council of the University to make statutes for or in relation to the regulation or control of traffic, or of the parking, stopping, standing or leaving of vehicles, on land occupied by the University in the ACT. The University does so through the Australian National University (Parking and Traffic) Statute 2019.

The University agrees with the ANAO’s assessment outlined in Table 2.1 and supports the recommendations within the Audit Report.

Department of Agriculture, Fisheries and Forestry

The Department of Agriculture, Fisheries and Forestry (the department) welcomes the audit report and acknowledges findings and recommendations of the Australian National Audit Office.

The department remains committed to working closely with the Department of Finance (DOF) to strengthen regulatory stewardship. This includes the ongoing implementation of Resource Management Guide 128: Regulator Performance (RMG 128), supported by the Statement of Expectations (SOE) and Statement of Intent (SOI).

The department acknowledges the proactive support and monitoring provided by DOF in progressing the SOE and SOI, including seeking regular updates on progress and valuable advice to help DAFF meet RMG 128 requirements.

The department also appreciates the acknowledgement of its ongoing efforts to establish a current SOE and SOI despite challenges posed by changes in Minister and regulatory leadership. The most recent SOE was signed on 30 January 2025, and while a draft SOI was prepared, it was not finalised before commencement of the caretaker period. Further work will be paused pending the outcomes of the election.

While not directly responsible for the audit recommendations, the department will stay informed of initiatives aimed at addressing audit findings and will support, engage and participate where appropriate.

Department of Defence

Defence welcomes the Auditor-General’s observations and audit findings into Ministerial Statements of Expectations and Responding Statements of Intent, and supports the recommendations.

Defence shares the views expressed by other Commonwealth agencies concerning the ambiguities identified within Resource Management Guide 128. In particular, that the definition of regulatory functions needs to be clarified to ensure consistency of application across agencies.

Department of Education

The department welcomes the report. The report highlights the importance of high-quality regulation and the role of regulator Statements of Expectations and responding Statements of Intent in promoting accountability and transparency. The department will continue to work closely with the Department of Finance as we refresh these documents over the coming year.

Department of Employment and Workplace Relations

The Department of Employment and Workplace Relations (the department) notes the audit’s overall findings and recommendations for the Department of Finance to improve the regulator performance framework, the approach to the regulator stock take, and to ensure Statements of Expectations and Statements of Intent are in place. The department recognises its own responsibilities as a regulator with reporting obligations under Resource Management Guide 128.

The department acknowledges and supports the key audit messages, and welcomes the insights provided by the instances of good practice highlighted in the report. These are essential for all Australian Government entities in ensuring effective governance and risk management in the provision and maintenance of Statements of Expectation and responding Statements of Intent.

The department will respond to any support requested by the Department of Finance in implementing each of the 4 Recommendations to improve the regulator performance framework as set out in Resource Management Guide 128.

Department of Health, Disability and Ageing

The Department of Health and Aged care (the Department) acknowledges the findings in the report and notes the recommendations directed to the Department of Finance.

It was pleasing to note the Departmental SOE met the requirements of Regulator Performance (RMG-128), except for the requirement to refresh the Ministerial Statements of Expectations (SOE) upon change of the Secretary. This will be done following the election when the ministry is known. The Regulator Statements of Intent (SOI) was assessed as fully compliant with RMG128.

There are no recommendations directed to the Department. However, the Department would be indirectly involved to help implement the various recommendations by way of changes or updates to some of our departmental and portfolio regulator’s SoE and responding SOI. To address this the Department has contacted the departmental and portfolio regulators and commenced the work to update the SOEs and SOIs.

Department of Industry, Science and Resources

The Department of lndustry, Science, and Resources (the department) notes the Australian National Audit Office’s proposed audit report on Ministerial Statements of Expectations (SOE) and Responding Regulator Statements of lntent (SOI).

The department notes findings in the report and agrees with the recommendations 1 to 3 made to the Department of Finance (Finance).

The department notes recommendation 4, that Finance improve the extent to which regulatory functions are covered by Statements of Expectations (SOE) and responding Regulator Statements of lntent (SOI). The department considers that the approach taken in resource management guide 128 to minor regulatory functions, is sensible. This is equally applicable to individual regulator SOEs.

Department of the Treasury

Treasury welcomes the report and will continue to work with regulators within its portfolio to support ministers in ensuring Ministerial Statements of Expectations and responding Statements of Intent are current and accessible.

In respect of recommendation 1 (b), Treasury agrees with the ANAO assessment and is of the view that Statement of Expectations and Statement of Intent requirements should be improved and separated from RMG128 into a distinct guide. Linking it to RMG128 provides minimal benefit to performance reporting which is already covered by the better practice principles and could detract from the strength and authority of the entity’s purposes and key activities. Treasury recognises these are important transparency documents developed between the regulator and the Government, but it is unnecessary to link these to the corporate plan and annual report that are owned by the accountable authority. This is particularly significant where the regulator and the accountable authority are different roles.

National Offshore Petroleum Safety and Environmental Management Authority

I acknowledge:

• the NOPSEMA Statement of Expectations was signed by Minister King on 29 June 2022 and NOPSEMAs Statement of Intent was signed on 2 September 2022 by the previous CEO. We look forward to receiving a new Statement of Expectations in due course.
• whilst the statements were both completed prior to my tenure at NOPSEMA in February 2023, I am dedicated to fulfilling the expectations and intentions of the statements. A commitment is made by the position of CEO and therefore I undertake the duties of the CEO including any Statements of Expectations or Intentions. Indeed, when Minister King and I meet, we discuss NOPSEMA’s performance and delivery against these statements.
• the OIR received Minister Bowen’s Statement of Expectations on 19 December 2024. OIR’s Statement of Intent was finalised on 18 March 2025 and is available on the OIR website.
• the statements of expectations and intent for NOPSEMA and OIR are the foundation for NOPSEMA’s delivery strategies and key performance measures.

Office of the Special Investigator

The Office of the Special Investigator (OSI) is an independent Executive Agency under section 65 of the Public Service Act 1999 and is a non-corporate Commonwealth entity under Schedule 1 of the Public Governance, Performance and Accountability Rule 2014. The agency does not have specific enabling legislation. Its authority to act is derived from functions specified in the Executive Order.

Under the Executive Order, the OSI, jointly with the Australian Federal Police (AFP), is investigating allegations of war crimes by members of the Australian Defence Force in Afghanistan from 2005 to 2016. The roles and responsibilities of the OSI include no reference to regulation; the OSI does not administer or enforce any regulations or laws, nor can it.

It is my view as the Accountable Authority of the OSI, that it is not within the scope of the audit objectives and need not be captured by the audit report.

Parliamentary Workplace Support Service

PWSS welcomes the feedback from the Australian National Audit Office (ANAO) and will support the Department of Finance with implementing relevant recommendations.

Professional Services Review

Professional Services Review (PSR) is one small part of the regulation of the provision of Medicare, dental benefits, and Pharmaceutical Benefits Scheme (PBS) services within the Health and Aged Care portfolio. The legislation does not enable PSR to set its own agenda but must respond to the cases referred to it by the Chief Executive Medicare. Consequently, there is no capacity for it (independent of the portfolio department) to develop ‘major projects’ initiate ‘reforms’ or engage in ‘key developments’ of a nature that would be of such significance as to include in a Ministerial Statement of Expectations.

Wine Australia

Wine Australia:

• agrees with each of the recommendations in the proposed report under section 19 of the Auditor-General Act 1997 re Ministerial Statements of Expectations and Responding Statements of Intent dated 17 March 2025; and
• is ready, willing and able to assist and/or engage with the Department of Finance in response to those recommendations as needed.

Background

1. In 2015, the Australian Government introduced the Commonwealth Home Support Programme (CHSP). CHSP services include meals, cleaning, garden maintenance, transport and aids. The CHSP meals service category aims to ensure food security and nutritional and social benefits for older Australians. The Department of Health, Disability and Ageing (Health) is responsible for administering CHSP.

2. CHSP service providers receive funding through Australian Government grants and client contribution fees. In 2023–24, CHSP grants totalled $3.1 billion, making CHSP one of the Australian Government’s largest grant programs. In 2023–24, the Australian Government funded 1,264 CHSP providers, 71 per cent of which were not-for-profit organisations. The value of grant funding awarded for the CHSP meals service category totalled $114.3 million across 540 meal providers in 2023–24.

3. Meals on Wheels is a volunteer-based meals delivery service to people at home ‘who are unable to cook or shop for themselves’ or ‘living with an illness or disability’.¹ Meals on Wheels Australia Limited (MoWA) is the national peak body that represents and advocates for providers that are members of the Meals on Wheels (MoW) network. In 2023–24, 135 of 540 (25 per cent) CHSP meal providers were affiliated with the MoW brand. MoW providers received $45.4 million in CHSP grants in 2023–24.

4. The Australian Government responded to the 2021 Royal Commission into Aged Care Quality and Safety’s recommendations relating to in-home aged care through a number of measures, including the design of a new Support at Home Program.² The Support at Home Program will bring together three in-home aged care programs, including CHSP, under a single program. CHSP is due to transition to the Support at Home Program no earlier than 1 July 2027. Under the Support at Home Program, providers will be required to invoice the Australian Government based on services provided and will receive payment after services have been delivered (a fee-for-service model).

5. The Future Fit Program aimed to improve MoWA’s organisational capability, including how it captures data on meal delivery services and accounts for aged care social outcomes associated with the MoW operating model. Health procured Miles Morgan Australia using CHSP funds to deliver the Future Fit Program.

• On 23 December 2021, Health contracted Miles Morgan Australia to deliver ‘strategic business transformation advice and services’ for $5,487,191.³ The project was to be concluded with a final report on 18 January 2023.
• On 4 October 2022, a contract variation with Miles Morgan Australia increased the 2021 contract value by $1,560,900, for a total cumulative value of $7,048,091. A key element of the variation was a customer relationship management (CRM) software system for the MoW network. The timeframe for delivery of the Future Fit Program final report was extended to 1 November 2023.
• On 19 January 2024, Health contracted Miles Morgan Australia to ‘transition’ meals operations in the Whitehorse Local Government Area (LGA) in Victoria. The value of this contract was $1.69 million, for a total cumulative value of $8.74 million across all three Future Fit Program contracts. A final report was to be delivered on 8 March 2024, and the contract stated that all work was to be completed by 10 March 2024 (with a provision for unanticipated delays to 31 May 2024).

6. This audit covers governance, procurement and contract management of the Future Fit Program between December 2021 and May 2024.

Rationale for undertaking the audit

7. In 2023–24, the Australian Government provided $3.1 billion in funding to 1,264 CHSP providers, making it one of the Australian Government’s largest grants programs. Over 800,000 Australians used CHSP services in 2023–24.⁴ CHSP is transitioning to the Support at Home Program no earlier than 1 July 2027. The Future Fit Program involved $8.74 million in procurement payments to Miles Morgan Australia to support Meals on Wheels Australia and the Meals on Wheels network to prepare for the transition from CHSP to the Support at Home Program.

8. This audit provides the Parliament with assurance on whether Health’s administration of the Future Fit Program was effective.⁵

Audit objective and criteria

9. The audit objective was to assess the effectiveness of Health’s administration of the Future Fit Program.

10. To form a conclusion against the audit objective, the following high-level criteria were adopted:

• Has Health established sound governance arrangements to support the delivery of the Future Fit Program?
• Has Health conducted procurements for the Future Fit Program effectively?
• Has Health managed the Future Fit Program contracts effectively?

Conclusion

11. Health’s administration of the Future Fit Program was ineffective. Poor project governance, procurement practices that were not aligned to the Commonwealth Procurement Rules, and weak contract management impeded the achievement of the Future Fit Program’s objectives. Health has not evaluated the Future Fit Program to determine if the project has resulted in the Meals on Wheels network being in a better position to transition to the new Support at Home Program.

12. Health did not establish sound governance arrangements to support the delivery of the Future Fit Program. Health did not maintain appropriate oversight of the project. Health did not appropriately identify and manage project risk. Health did not engage with stakeholders in accordance with its Stakeholder Engagement Framework. Health did not measure the achievement of Future Fit Program outcomes.

13. Planning and conduct of the 2021, 2022 and 2024 Future Fit Program procurements were not effective, except for meeting AusTender reporting requirements. Health did not appropriately plan for the Future Fit Program procurements and its consideration of procurement risk was limited. Approaches to market did not support a value for money outcome. Procurement effectiveness was further undermined by insufficient demonstration of value for money, failure to maintain complete records, limited achievement of procurement objectives, and weak probity management. Procurement processes fell short of ethical standards.

14. Health’s management of Future Fit Program contracts was not effective. The Future Fit Program’s objective was to prepare the MoW network for the transition from the Commonwealth Home Support Programme to the Support at Home program. Some contract deliverables were not realised, and there is no evidence-based analysis of the achievement of the intended outcomes. Health’s contract administration effectiveness was impacted by a lack of contract management planning (including risk management), inappropriate segregation of duties, a poorly justified contract variation, deficient records management, and limited probity management. Health did not establish contract performance measures. While contract management practices improved for the 2024 contract, the contract ended in a legal dispute and non-delivery of some contract requirements.

Supporting findings

Governance

15. Health did not assess the Future Fit Program against the requirements of its project management framework nor establish governance arrangements for the project that were consistent with the framework. The Future Fit Program contractor, Miles Morgan Australia, established roles and responsibilities for the Future Fit Program in 2022. Health did not have an established role in project oversight or delivery. The Future Fit Program was established in part to place MoWA in a better position to support MoW state associations and providers. In October 2022 Health agreed to a proposal from Miles Morgan Australia to remove MoWA from project governance arrangements, without consulting MoWA or advising the minister. From mid-2023, Health engaged more directly with MoWA and the MoW network on the Future Fit Program. (See paragraphs 2.1 to 2.20)

16. Health required Miles Morgan Australia to develop a project risk register at the outset of the Future Fit Program in 2022. The March 2022 project risk register identified and assessed risks and included treatments for risks outside of tolerance. Health was assigned ‘shared’ ownership of six of the 22 identified project risks, including one extreme risk that was rated ‘unacceptable.’ Health was not involved in the treatment of shared risks. Project status reports repeatedly showed the Future Fit Program as being at ‘high’ or ‘extreme’ risk of not being delivered as planned. There was no process of identifying treatments for these risks. Health did not subsequently seek updates of or refer to the 2022 register. A separate risk register was developed for the 2024 contract. Health did not contribute to the 2024 register. (See paragraphs 2.21 to 2.35)

17. Health did not have a fit-for-purpose stakeholder engagement plan for the Future Fit Program. In 2021 and 2022, communications activities were designed by a sub-contracted firm. The communications plan was not updated over time as the situation evolved. The communications plan and engagement activities did not reflect Health’s principles of effective stakeholder engagement, especially the principle of inclusivity. A decision to direct source a provider for meals provision in several Victorian locations was made without consultation with key stakeholders. Stakeholder activities were not appropriately recorded or reviewed. Health’s handling of a stakeholder management complaint in 2023 did not align with principles set out in its complaints management policy. From mid-2023, Health’s stakeholder engagement practices improved. (See paragraphs 2.36 to 2.70)

18. Health received project status reports from Miles Morgan Australia for the 2021 and 2024 contracts, although Health did not ensure that six of 21 reports were provided in a timely manner, or that reports were provided throughout the whole of the implementation period. Most of these reports identified significant issues with project delivery. Health did not acknowledge the reports. Health did not enforce contractual requirements for Miles Morgan Australia to develop an evaluation plan. As at April 2025, the Future Fit Program had not been evaluated. (See paragraphs 2.71 to 2.81)

Procurement

19. Planning and approaches to market for the 2021, 2022 and 2024 procurements were deficient and did not comply with the Commonwealth Procurement Rules.

• Health’s decision to use a procurement to fund the Future Fit Program was not underpinned by a strong policy rationale or market analysis.
• There was no planning for any of the three procurements. Procurement values were not estimated before the approach to market.
• Risk was not identified and assessed in the 2021 and 2022 procurements. For the 2024 procurement, risks were identified, however all risks were assessed as low and therefore did not require treatment despite well-known delivery issues.
• Health approached one supplier (Miles Morgan Australia) in all three procurements. The supplier was selected without analysis of alternatives. A standing arrangement (panel) to facilitate the procurement of this specific supplier was identified after a decision was made to procure the supplier.
• In 2021, Health engaged Miles Morgan Australia from the panel after having been made aware that the method was at risk of breaching the Commonwealth Procurement Rules. The 2022 procurement used the same panel and included services beyond the panel scope. There was a lack of due diligence when the contract was varied in 2022 to include a customer relationship management (CRM) system. Health used a limited tender condition for the 2024 procurement based on flawed reasoning that lacked transparency. Across the three procurements, there were instances of internal legal advice not being sought, not being followed and/or not being appropriately shared with Health’s Procurement Advisory Services.
• AusTender reporting of the procurement method was appropriate. (See paragraphs 3.1 to 3.53)

20. Demonstration of value for money and maintenance of appropriate records were deficient for the 2021, 2022 and 2024 procurements. Procurement approvals were appropriately recorded for two of three procurements. Probity was not effectively managed, and there could be improvements to Health’s gifts, benefits and hospitality policy to support probity. Conduct fell short of ethical standards. Health met AusTender timeframes for reporting contracts. (See paragraphs 3.54 to 3.82)

Contract management

21. Health did not have contract management plans in place for the Future Fit Program contracts with Miles Morgan Australia. Contract risk was not assessed in 2021 or 2022. Contract risks were assessed as low in 2024 despite known issues and some risks had already been or were quickly realised. Between 2022 and 2023, there was insufficient segregation of duties (a key control to prevent poor decision-making and fraud) in procurement and contract management, however this was improved in 2024. In October 2022, the 2021 contract was varied to include development of a Customer Relationship Management (CRM) system without an assessment of whether the variation offered value for money, whether it affected the original procurement’s value for money, or whether procured goods and services could be provided by other potential suppliers. Contract administration activities, including the verification of deliverables prior to release of payments, were poorly recorded for the 2021 and 2022 procurements. Records management and verification of deliverables improved for the 2024 contract. Probity was not managed. (See paragraphs 4.1 to 4.22)

22. Future Fit Program 2021, 2022 and 2024 contract deliverables were partially achieved. The 2024 contract was executed while 2022 contract deliverables were still outstanding, including confirmation that a CRM system, which was to be ‘transitioned’ from Miles Morgan Australia to a MoW provider under the 2024 contract, had been successfully deployed. There was a lack of success measures to determine if project outcomes had been achieved. There is no evidence that Health managed performance issues related to the 2021 and 2022 contracts. The 2024 contract was clearer about performance expectations than the 2021 and 2022 contracts, and Health managed concerns about contractor performance in 2024. (See paragraphs 4.23 to 4.32)

Recommendations

Summary of entity response

23. The proposed audit report was provided to the Department of Health, Disability and Ageing. Extracts of the proposed audit report were provided to Newcastle Meals on Wheels and a representative of Miles Morgan Australia. The Department of Health, Disability and Ageing’s summary response is provided below and its full response is provided at Appendix 1. Responses from Newcastle Meals on Wheels and a representative of Miles Morgan Australia are provided at Appendix 1.

The Department of Health and Aged Care (the department) notes the findings in the report and accepts the recommendations.

The department is taking the report’s findings seriously, in particular that the actions of departmental staff did not meet ethical standards. As noted in the Secretary’s opening statement at the public hearing for the Joint Committee of Public Accounts and Audit inquiry into probity and ethics in the Australian Public Sector on 1 February 2024, the department is committed to ensuring all staff are supported in managing public resources in a transparent and ethical manner by fostering a culture of integrity. The department has well established processes for responding to such behaviours.

In response to this audit, the department will commission an evaluation of the Future Fit Program. The evaluation will form part of a suite of advice to government on future program design for the Commonwealth Home Support Program (CHSP), including advice to support government decisions on the future transition of CHSP to the new Support at Home Program no earlier than 1 July 2027. The department is also undertaking activities to strengthen its administrative processes in relation to projects, procurement and records management. In particular, the department is taking steps to ensure projects are accurately identified and appropriate departmental governance and oversight arrangements are in place.

Background

1. The Australian Taxation Office (ATO) is the principal revenue collection agency of the Australian Government. Its purpose is ‘to contribute to the economic and social wellbeing of Australians by fostering willing participation in the tax, superannuation and registry systems.’¹ Having strong organisational capability, including information and communication technology (ICT) capability, directly contributes to delivering the ATO’s purpose and activities. An action that the ATO is taking to manage strategic technology risks is investment across its technology environment, including procurement for a range of IT managed services between 2022–2024.²

2. As a non-corporate Commonwealth entity, the ATO must comply with the Commonwealth Procurement Rules (CPRs)³ and the Australian Government Digital Sourcing Contract Limits and Reviews Policy. Achieving value for money is the core rule of the CPRs. The Australian Government Digital Sourcing Contract Limits and Reviews Policy’s three main requirements for contracts signed from 1 February 2020 are: contracts must not exceed $100 million exclusive of GST (including all extensions); contracts must not exceed a three-year initial term; and contract extension options must not exceed three years and can only be used after a review of contractor performance and deliverables.

3. The IT Strategic Sourcing Program (ITSSP) was established in February 2021 to strategically plan how the ATO would procure services to replace five ICT contracts with an estimated value of $3,748.7 million, with contracts due to expire between November 2023 and December 2025. The ATO approached the market in three waves, for seven requests for tender, between March and November 2022. It entered into eight contracts for IT managed services between December 2022 and June 2024.

4. Each of the ITSSP procurement processes were supported by external advisors. The ATO engaged six external advisors. The total value of the advisor contracts is estimated to be $88.11 million. The six advisor contracts commenced between April 2021 and February 2022. The contracted services were for advice relating to strategic sourcing, technical, probity, legal, financial assurance and project management.

Rationale for undertaking the audit

5. The ATO was procuring IT managed services as a material portion of its IT contract arrangements are due to expire. It was estimated that the new contracts would be valued at $2,536 million over 10 years if contract extension options are used (see paragraph 1.15). These contracts affect all ATO staff, clients and service delivery.

6. A cross entity audit of Establishment and Use of ICT Related Procurement Panels and Arrangements that included ATO was tabled in August 2020. That audit identified issues with ATO’s IT procurement, including that ATO did not meet the conditions for limited tender (including that there was no evidence of market research and that advice regarding risks to achieving value for money was not provided to the delegate), and that there was no or insufficient documentation of value for money and risk management, including probity risk management.

7. This audit provides assurance to Parliament about the ATO’s compliance with the CPRs for the procurement of IT managed services.

Audit objective and criteria

8. The objective of the audit was to assess the effectiveness of ATO’s procurement of IT managed services.

9. To form a conclusion against the objective, the following criteria were adopted.

• Has the ATO established sound governance arrangements for the IT managed services procurements?
• Has the ATO conducted the procurements in compliance with Commonwealth Procurement Rules and other requirements?

Conclusion

10. The ATO’s procurement of IT managed services was largely effective. Procurement activities for IT managed services were largely in line with the CPRs, including market engagement and soundings, and demonstrating value for money. There were, however, some shortcomings such as the ATO failing to observe core elements of the CPRs when conducting the legal services procurement, and not appropriately managing probity risks including declaring and managing conflicts of interest of the IT Strategic Sourcing Program delegate.

11. The ATO established largely sound governance arrangements for the IT managed services procurements. It established governance and oversight arrangements, procurement policies and procedures, and undertook market research to inform the design of its procurement strategy and plans. During planning, the program governance arrangements did not sufficiently distinguish endorsement and decision-making roles when seeking approvals. There were instances where the delegate, who was also the chair of the steering committee, provided approval to procurement planning related documentation and not separate delegate approval. Contrary to finance law in some instances Chief Executive Instructions (CEIs) were not consistently issued and approved by the accountable authority.

12. The ATO largely met core requirements of the CPRs except for probity management and conflict of interest. Mainframe Services and Hardware, Enterprise Operations and Technical Enablement (EOTE) and strategic sourcing partner procurements were largely in compliance with CPRs and other requirements. The approach to market and evaluation of the legal services procurement were not consistent with the intent of the CPRs⁴, and all required records were not maintained. The effectiveness of ATO’s management of probity risks could have been improved by ensuring that incumbent provider probity plans were approved by the ATO, and probity register records were effectively maintained. In addition, conflict of interest processes could have been better managed, including to address risks in a timely manner. Demonstration of value for money for the six advisor procurements was deficient with the cost of advisor contracts increasing from a total estimated value when approving the initial contracts of $19.06 million to a total value of $88.11 million, as at February 2025.

Supporting findings

Procurement governance and planning

13. A governance framework was implemented for the IT Strategic Sourcing Program (ITSSP), with the Chief Information Officer (CIO) as the delegate and senior accountable officer. Program risks were identified, assessed and managed. The initial planned completion including transition for the ITSSP was June 2024, this has been revised to December 2025. All procurements were completed and contracts signed by 20 June 2024 and transition is anticipated to be completed by December 2025. The steering committee considered options and risks to manage delays and impact on budget and timeframe. In some instances, consensus decision-making arrangements that were established through a steering committee led to a lack of clarity about when the delegate was exercising their delegation to make decisions. Over a period of 41 months there were 34 versions of the Chief Finance Officer’s (CFO’s) delegation schedules. (See paragraphs 2.4 to 2.31)

14. CEIs, procedures and guidance support ATO officials to undertake procurement in accordance with the CPRs. The ATO’s policy framework establishes arrangements where officers, other than the Commissioner, can approve and issue CEIs under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the Public Service Act 1999 (PS Act). This has led to some instances where the Commissioner has not approved and issued CEIs that were required to be made under section 20A of the PGPA Act. The ATO’s CEIs, procedures and guidance align with the CPRs. The ITSSP applied the existing ATO procurement framework to the IT managed services and advisor procurements. (See paragraphs 2.32 to 2.50)

15. The ATO conducted redesign and planning activities in 2021 and 2022. Its annual procurement plan provided advance notice to the market of the planned ITSSP procurement. Market research supporting the procurement strategy included early market engagement through a request for information (RFI), a technology horizon scan, a market comparison report and like-sized agency comparison. For each of these activities there was clear advice to the steering committee and delegate about outcomes and how they inform the procurement approach. A procurement plan for the ITSSP set out the procurement strategy. Procurement plans were developed for the selected ITSSP and advisor procurements, except for the legal services procurement. (See paragraphs 2.51 to 2.71)

IT and advisor procurement processes

16. Approaches to market were fair and transparent for the selected procurements, except for the legal services procurement. Approach to market documentation apart from the legal services procurement was compliant with the CPRs with a few exceptions. For example, the request documentation was not a complete description in compliance with paragraph 10(6)(d) of the CPRs as there were instances where changes were subsequently made to the request for tender (RFT) evaluation criteria (such as the relative importance of the criteria) in the evaluation plan or report. The legal services advisor procurement did not demonstrate good practice as the ATO approached one supplier to quote for services and did not include evaluation criteria, with costs increasing from an initial quote of $665,500 to $10.9 million. (See paragraphs 3.3 to 3.18)

17. Tender evaluation plans were prepared for the selected ITSSP procurements prior to tenders closing. While a tender evaluation plan was prepared for the strategic sourcing partner procurement, it was not finalised prior to quotes closing. Instances of inconsistencies between evaluation criteria weightings presented in procurement plans, RFTs, evaluation plans and those applied during evaluation were: sub-criteria weightings were not included in the procurement plan or RFT; and priority rankings set were not included in the evaluation report. Non-compliant and unsuccessful tenderers were not notified promptly of outcomes of the evaluation phase for both of the selected ITSSP procurements. The legal services procurement did not develop an evaluation plan, involve an evaluation or meet mandatory reporting timeframes for contract notices on AusTender. (See paragraphs 3.19 to 3.48)

18. To support the management of probity risks for the ITSSP, the ATO appointed an external probity advisor, developed a probity plan and probity protocols, maintained a register of probity briefings, maintained a probity register, and maintained a register of probity cleared personnel (ATO staff and advisors). Some probity requirements, such as approval and review of incumbent provider management plans, were not fully implemented and records in registers were incomplete, impacting the ATO’s ability to manage probity, including conflicts of interest. Probity arrangements, including the management of conflict of interest, were established and largely implemented for one of the two selected advisor procurements. (See paragraphs 3.49 to 3.100)

19. The ATO has an established process for the management of conflict of interest, with additional processes introduced for the ITSSP. Not all elements of the process were followed, including for key personnel exercising delegation. Not all conflict of interest declarations were made (for example, a delegate was not asked to complete an initial conflict of interest declaration for the ITSSP) or were not made in a timely manner (for example, the ITSSP delegate did not declare a conflict for the first 12 months of the program), did not contain sufficient detail for the approver to make an informed decision (for example, three of the four officers that declared a shareholding did not report the quantum or value of the shareholding in all declarations), and did not contain a detailed management plan to support monitoring and assessment of their implementation. Record keeping was incomplete. (See paragraphs 3.75 to 3.100)

20. Advice was provided to the decision-maker at key stages throughout the selected procurements and approvals were documented, apart from the legal services procurement. The ATO documented value for money assessments for the selected ITSSP procurements and strategic sourcing partner procurement. An assessment of value for money was not documented for the legal services procurement. The ATO considered how the unit price of IT professional services changed over the period of the EOTE procurement process when assessing value for money, it did not consider other potential changes to the market such as new entrants and how this might impact value for money. The value of advisor procurements increased significantly throughout the life of the program without ongoing assessment of whether the services continued to represent value for money. (See paragraphs 3.103 to 3.123)

Recommendations

Summary of entity response

21. The proposed audit report was provided to ATO, with an extract being provided to the former CIO. The ATO’s summary is provided below, and its full response is included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Australian Taxation Office

The ATO welcomes the audit findings that the ATO conducted largely effective and compliant procurements for IT managed services with largely sound governance.

We accept all 4 recommendations and have commenced or completed improvements prior to, throughout, and subsequent to, the audit. Over the past three years, the ATO has made improvements to our procurement processes, Chief Executive Instructions, probity processes and policies to maintain the integrity of procurement outcomes. We will continue to strengthen our governance processes and ensure alignment with best practice.

The procurements examined through this audit set out to break-down and replace 5 contracts of significant scale and complexity prior to expiry. These contracts underpin the delivery of the ATO’s digital and ICT services to all Australians. We established 8 new contracts through open, transparent and competitive tenders that have delivered better outcomes.

Large IT procurements are challenging, needing robust governance, and forecasting of market trends and organisational demands while carefully balancing stability against transformation. The ATO is proud of the work the organisation has done in conjunction with the market to deliver this outcome.

Background

1. Established by the Disaster Ready Fund Act 2019, the Disaster Ready Fund (DRF) is described by the Australian Government as its flagship disaster resilience and risk reduction initiative. To be eligible for funding, projects must fall under one of two eligible streams: infrastructure project or systemic risk reduction project.¹

2. The National Emergency Management Agency (NEMA) is responsible for administration of the DRF. While anyone can develop a DRF proposal (an ‘applicant’), only state and territory governments are eligible to submit projects to NEMA for potential funding through the ‘lead agency’ in that state or territory. Lead agencies were responsible for coordinating, reviewing, evaluating and submitting applications to NEMA on behalf of project proponents. Lead agencies could also develop project proposals. In addition, payments for projects awarded funding were made by NEMA to the relevant state and territory lead agency, including where the project proponent was not a state or territory entity. The choice to conduct the DRF funding rounds in this way meant that the DRF was not subject to the Commonwealth Grants Rules and Principles and required that the cost of administering the DRF be shared between NEMA and the state and territory lead agencies.

3. NEMA was responsible for conducting an initial eligibility review of applications received from the state and territory lead agencies. Eligible projects were then referred to the DRF Assessment Panel (chaired by NEMA). The panel was to assess applications individually against the published selection criteria, rank proposals and make funding recommendations to the Minister for Emergency Management (the minister) through NEMA’s Coordinator-General.

4. Up to $1 billion in DRF funding has been announced as available over five years from 1 July 2023 to 30 June 2028 to fund projects. As of January 2025, two funding rounds have been conducted and a third is underway.

Rationale for undertaking the audit

5. The $1 billion DRF is described by the Australian Government as its flagship disaster resilience and risk reduction initiative. This performance audit was conducted to provide assurance to the Parliament about whether the award of DRF funding is effective and consistent with the published guidelines.

Audit objective and criteria

6. The objective of this audit was to assess whether the award of funding under the DRF was effective and consistent with the published guidelines.

7. To form a conclusion against the objective, the following high-level criteria were applied:

• Were appropriate guidelines in place?
• Was an appropriate approach taken to assessing candidate projects?
• Were funding decisions appropriately informed and documented?

8. The audit examined the awarding of funding under the DRF across the first two rounds. For the first criterion, the ANAO planned to also examine the development of the Round 3 guidelines. As those guidelines were not finalised and published until 22 January 2025 the ANAO analysis against the first criterion (as set out in Chapter 2) relates to the first two rounds only, so as to meet tabling commitments to the Parliament.

Conclusion

9. The award of funding under the Disaster Ready Fund was largely effective. Across the first two rounds, $402.15 million in funding was awarded to 362 projects with projects in the systemic risk reduction stream receiving the most funding (ahead of those in the infrastructure stream or those that applied under both streams). The aggregate scores against the three published criteria were a key factor used to decide which applications would be recommended for funding, an approach that is consistent with awarding funding on merit. Improvements to program design and, in particular, strengthened assessment arrangements, would provide greater confidence that the approved projects are those that will make the greatest contribution to the Fund achieving its objectives.

10. Funding guidelines for the first two rounds were in place. The publication of the guidelines was not timely. The guidelines were largely appropriate. The guidelines:

• outlined the way in which funding candidates would be identified;
• set out relevant and appropriate eligibility requirements and appraisal criteria;
• set out how applications would be scored and how the scoring results would be used, albeit with some relevant information about assessment processes not being published;
• identified some, not all, assessment and decision-making responsibilities; and
• identified assessment and decision-making responsibilities in relation to applications assessed as ineligible. The guidelines lack clarity in relation to assessment and decision-making responsibilities for aspects of eligibility checking, and in relation to the co-funding requirements.

11. The approach taken to assessing candidate projects was partly appropriate. The assessment and scoring of applications against the three published selection criteria were the primary input into the ranking of applications and identification of which projects would be recommended for funding. The approach to assessment meant that:

• the processes by which members of the assessment panel are appointed were not open, and the membership was not disclosed in the published guidelines;
• conflicts of interests for those involved in the assessment processes were not consistently identified, declared and managed;
• requests for waivers to the applicant co-contribution requirement were not assessed and decided prior to those applications proceeding to merit assessment; and
• the full panel did not undertake a detailed merit assessment of all applications with adjustments to total scores made during panel meetings not identifying which criteria were affected.

12. Funding decisions were appropriately informed and documented through written briefings. In each round, a clear recommendation was provided to the minister as to which applications should, on the basis of the panel’s assessment report, be approved for funding. The minister agreed with the recommendations received.

Supporting findings

Program guidelines

13. Guidelines for the first two rounds were developed, approved and published. There were two key shortcomings in NEMA’s approach:

• in both rounds, changes were made to the guidelines after they had been provided to NEMA’s probity adviser for sign-off, and also after the guidelines had been approved by the minister, without NEMA obtaining updated probity sign-off or ministerial approval of the changes; and
• publication was not timely. For the first round, one jurisdiction had opened its application process by the time the guidelines were released. For the second round, one jurisdiction had opened and closed its application process by the time the guidelines were released. The guidelines for the third round were publicly released on 22 January 2025. (See paragraphs 2.3 to 2.18)

14. The guidelines clearly outlined that a closed competitive application process was being employed. This included identifying the key role to be played by state and territory lead agencies to coordinate proposals in each jurisdiction, and for submitting applications to NEMA on behalf of the jurisdiction. It was up to lead agencies to decide how they would seek and coordinate proposals. For the first round, some jurisdictions released guidance and opened public submission and participation processes prior to the release of the DRF guidelines. For the second round, one jurisdiction had opened and closed its application process by the time the guidelines were released. Ministers had decided that NEMA should use the Business Grants Hub in the second round. NEMA procured an off-the-shelf commercial product for that round. (See paragraphs 2.19 to 2.22)

15. Relevant and appropriate eligibility requirements and appraisal criteria were established. (See paragraphs 2.23 to 2.29)

16. The guidelines set out how applications would be scored and how the scoring results would be used. NEMA also developed internal assessment framework documents for each round. There were some differences and/or additions between the internal documents and the published guidelines. (See paragraphs 2.30 to 2.31)

17. The program guidelines did not fully identify assessment and decision-making responsibilities for each round. (See paragraphs 2.33 to 2.36)

18. An evaluation strategy was developed in March 2024, which was after the first round had been completed and after the application stage for the second round had been undertaken. No evaluations are planned until at least 2026. (See paragraphs 2.37 to 2.41)

Assessment of candidate projects

19. Of the 44 applications in the first two rounds assessed as ineligible, 18 (41 per cent) were removed from consideration. The remaining 26 applications assessed as ineligible proceeded to the panel assessment stage, with one removed after the panel identified it as ineligible. (See paragraphs 3.1 to 3.6)

20. Appointments to the DRF Assessment Panel were not open or transparent. (See paragraphs 3.7 to 3.14)

21. Probity advice in the first round was compromised by the ongoing contracting by NEMA of the same firm to also provide advice on the design and conduct of the first two DRF funding rounds. NEMA did not take steps to ensure it was fully aware of, nor did it seek to manage, the potential impact and risk of this arrangement adversely affecting the independence of the probity adviser. (See paragraphs 3.17 to 3.26)

22. Internal NEMA processes for managing conflicts of interest centred around briefing participants on their probity requirements, collating conflict of interest declarations, and reliance on participants to update NEMA if information became available that required the individual to update their declaration. There was no active monitoring and management of potential or actual conflicts of interest beyond those declared by individuals. The conflict of interest registers for the first and second rounds were incomplete and inaccurate. The conflict of interest declarations required by the probity framework were not provided by a number of people in each round including from the Coordinator-General of NEMA in both rounds, the Deputy Coordinator-General in the second round and the lead probity adviser in the first round. There was no register of completed probity briefings. (See paragraphs 3.27 to 3.44)

23. The three appraisal criteria identified in the guidelines for the first two funding rounds were applied to assess the merit of competing candidate projects. The approach to assessment was not fully set out in the published guidelines, as it was not identified that a subset of the panel (four of six panellists in the first round, and three of 12 panellists in the second round) would undertake preliminary assessments of individual applications applying the individual criteria. The resulting average score for each application was provided to the full panel to consider individual applications against the merit criteria on an exception basis. There were shortcomings in the application of the documented assessment framework which meant that not all applications identified as achieving a ‘competitive’ preliminary assessment score were provided to the panel for full consideration. There were also gaps in the minutes of the panel meetings, with no record of decisions or discussion by the panel for 113 applications. Where there were records, it was common for the records to not explain score changes with relevance to the appraisal criteria, or explain the equity or diversity reasons for adjustments. (See paragraphs 3.45 to 3.71)

24. There were inconsistencies and anomalies in the assessment and decision-making in relation to requests from applicants for a waiver of the requirement that they provide a co-contribution of at least 50 per cent of eligible project expenditure. In the first round, the Program Delegate sought advice from the assessment panel, and waiver decisions reflected the panel advice. In the second round, no recommendations from the panel were recorded for 24 of the 60 requests for waivers. Of the 89 requests for a full or partial waiver received across the two rounds 80 were assessed, with 44 of the requests granted. The projects approved for DRF funding included 20 where a full or partial wavier was granted. (See paragraphs 3.73 to 3.84)

25. Applications were placed into three lists, a recommended for funding list, a suitable (but not recommended) list, and a list of not suitable projects. Projects were ranked within those lists. This approach was consistent with the requirement in the program guidelines that projects be ranked after they had been assessed against the three published selection criteria. (See paragraphs 3.85 to 3.100)

Funding decisions

26. Timely and clear funding recommendations were provided in writing each round to a delegate of the Coordinator-General. The recommendation was to endorse (in the first round) and approve (in the second round) the recommendations of the panel as set out in its assessment report. (See paragraphs 4.2 to 4.9).

27. Timely and clear funding recommendations were provided to the minister in each of the first two rounds. The recommendations reflected the results of the assessment process, as recorded by the panel in its assessment report for each round (the guidelines required that the recommendations be based on advice from the panel). (See paragraphs 4.10 to 4.17)

28. The minister recorded agreement in full to the funding recommendations in each round. The minister recorded the basis for the funding decision in the format provided by NEMA, referencing the Disaster Ready Fund Act 2019, and confirmed satisfaction that the expenditure was a ‘proper use of money’ in each round (the test set out in the PGPA Act). (See paragraphs 4.19 to 4.24)

29. Distribution of the award of funding in each round was commensurate with scale of applications from each jurisdiction, and the intent of the guidelines to support jurisdictions to achieve baseline funding thresholds. There was no evidence of political factors influencing the distribution of funding. (See paragraphs 4.25 to 4.32)

Recommendations

Summary of entity response

30. The proposed audit report was provided to NEMA. Extracts of the proposed report were also provided to: Maddocks, Australian Government Actuary, Natural Hazards Research Australia, Dr Mark Crosweller and Dr Jessica Weir. The letters of response that were received for inclusion in the audit report are at Appendix 1. Summary response from NEMA is below.

National Emergency Management Agency

The National Emergency Management Agency (NEMA) welcomes the audit and is committed to strengthening its delivery of the Disaster Ready Fund (DRF) in accordance with legislative requirements, government policies and better practice.

In awarding funds for over 350 projects, valued at $400 million, the first and second rounds of the DRF have supported communities across Australia to reduce disaster risk and build resilience. NEMA welcomes the overall conclusions of the audit the award of funds was largely effective, funding guidelines were largely appropriate and funding decisions were appropriately informed and documented.

NEMA notes six recommendations have been made to improve aspects of program delivery. Of these, NEMA agrees with Recommendations one and five, agrees in part with Recommendations two, three and four and notes Recommendation six.

NEMA also notes various findings throughout the report, several of which are premised on different interpretations of requirements and weightings of principles to those applied by NEMA. While NEMA acknowledges the ANAO’s views and will consider these in designing future rounds, NEMA disagrees with some findings and maintains its approach was consistent with a pragmatic interpretation of guideline requirements and struck an appropriate balance between better practice principles.

Background

1. In July 2023, the Australian Government released a national wellbeing framework called Measuring What Matters (MWM). The Department of the Treasury (Treasury), as the policy owner for MWM, described the purpose for MWM was to construct a more complete picture of societal progress and enable government to better set and communicate policy priorities. Treasury stated a national wellbeing framework was important for better measurement of the progress of all Australians beyond economic measures. Treasury identified five themes for MWM — healthy, secure, sustainable, cohesive and prosperous — supported by 12 dimensions that describe aspects of the wellbeing themes and 50 key indicators¹, to monitor and track progress, which will be updated over time.²

Rationale for undertaking the audit

2. The Australian Government has stated that MWM is ‘an important foundation on which we can build — to understand, measure and improve on the things that matter to Australians’.

3. This audit provides assurance to Parliament that the MWM framework was effectively designed and developed; and that Treasury’s arrangements to support implementation are effective.

Audit objective and criteria

4. The objective of the audit was to assess the effectiveness of Treasury’s design and implementation of the Measuring What Matters framework.

5. To form a conclusion against this objective, the following high-level criteria were examined.

• Did Treasury effectively design and develop Measuring What Matters?
• Are arrangements to support the implementation of Measuring What Matters effective?

Conclusion

6. Treasury was largely effective in designing and implementing the Measuring What Matters framework. While Treasury had provided sound policy advice and considered practical implementation, it did not have arrangements in place to assess if MWM was meeting its policy objective.

7. Treasury was largely effective in its design and development of MWM. MWM was supported by sound policy advice and considered practical policy implementation. There was no evaluation plan to measure the effectiveness of the MWM framework. Treasury conducted stakeholder consultation with government and non-government bodies domestically and internationally. Treasury did not document the rationale for how themes and indicators were selected based on the consultation feedback.

8. Treasury had largely effective arrangements in place to support the implementation activities for embedding MWM. Treasury facilitates discussions on MWM across government through an interdepartmental committee. Treasury has made progress to embed MWM into policy design and consulted with the Australian Bureau of Statistics (ABS) to improve the data quality. There are no arrangements in place to monitor, report or evaluate whether MWM is achieving its intended policy objective. The second MWM statement is intended to be released in 2026. Treasury does not have arrangements in place to facilitate the publication of the next MWM statement.

Supporting findings

Design and development

9. Treasury defined the intent of the policy and how outcomes would be measured. Treasury considered ways of integrating quantitative data into the MWM framework, and analysed information to select indicators based on qualitative data and quantitative measures. The policy advice identified risk and potential mitigation strategies. Treasury did not document decisions made to show linkages between data analysis and conclusions. (See paragraphs 2.2 to 2.22)

10. Treasury researched and consulted on other wellbeing frameworks used globally, and tested indicators with other government entities to determine if indicators were practical to implement. The design process considered policy evaluation in relation to indicators. Treasury is considering how to embed the MWM framework into policy-making processes. There is no evaluation plan in place to measure the effectiveness of the MWM framework. (See paragraphs 2.23 to 2.30)

11. Before the release of MWM in July 2023, Treasury consulted with stakeholders to design the themes, dimensions and indicators. The consultation consisted of meetings with government and non-government bodies domestically and internationally; and two public submission rounds. Treasury provided public updates throughout the consultation process. Treasury received feedback from the public wanting more time for consultations. Treasury did not document the rationale for how themes and indicators were selected based on the consultation feedback. (See paragraphs 2.31 to 2.71)

Planning for implementation

12. Treasury established an interdepartmental committee to facilitate discussions and seek feedback on MWM across government. Treasury worked with the ABS to provide advice to government and received funding for the ABS to reinstate and expand the General Social Survey as a dedicated survey for MWM. Treasury has made progress to embed MWM into policy design across government. (See paragraphs 3.3 to 3.37)

13. There are no monitoring or evaluation arrangements in place to measure the embedding of MWM across government. Treasury provides reports externally through the MWM dashboard and statement. The second MWM statement is intended to be released in 2026. Treasury does not have arrangements in place to facilitate the development and publication of the next MWM statement. (See paragraphs 3.38 to 3.48)

Recommendations

Summary of entity response

14. The proposed audit report was provided to Treasury. Treasury’s summary response is reproduced below. The full response from Treasury is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Treasury welcomes the report’s conclusion that it was largely effective in providing advice to Government regarding the design and implementation of the Measuring What Matters framework. Treasury welcomes the key messages that it provided sound policy advice, considered practical implementation of the framework and consulted broadly at all stages of design and implementation.

Treasury agrees with the recommendations presented in the report. As part of the work to implement Measuring What Matters, Treasury will establish arrangements for monitoring and evaluating progress toward achieving its intended outcomes and will design a plan to develop and publish the 2026 Measuring What Matters Statement.

Implementation and closure of these recommendations will be monitored by our Audit and Risk Committee.

Background

1. Impact Analysis (IA) is a long-established administrative process in the Australian Public Service (APS) with the intention to support informed policy decision-making. Any policy proposals or action of government with an expectation of compliance, and assessed to have a more than minor change in behaviour or impact on people, businesses or community organisations, are required to have an IA.¹ The Australian Government Guide to Policy Impact Analysis provides high-level principles for policy makers and an outline of the process for developing IAs.²

2. The Office of Impact Analysis (OIA), a branch within the Department of the Prime Minister and Cabinet (PM&C), is responsible for the administration of the IA framework.³ The OIA’s work has two elements: an assessment element, to assess the IA work of policy agencies against the requirements of the IA framework; and a coaching element, to lift the APS’s capability to conduct evidence-based policy analysis.⁴ As at September 2024 the OIA was comprised of 16 staff and had been allocated $2.5 million to undertake its activities in 2023–24.

Rationale for undertaking the audit

3. The Public Service Act 1999 states that the APS ‘provides the Government with advice that is frank, honest, timely and based on the best available evidence’. Providing quality advice to support government in making policy decisions is a core function of the APS. Priority four of the APS reform agenda is ‘An APS that has the capability to do its job well’. This includes improving the capability of the APS to deliver good policy advice to support informed decision-making.

4. The IA framework is intended to support evidence-based policy development and informed decision-making by the Australian Government, including by improving the APS’s capability to undertake quality evidence-based policy analysis. The Assistant Minister to the Prime Minister’s foreword to the Australian Government Guide to Policy Impact Analysis states that an IA ‘provides decision-makers with information about how people, community organisations and businesses may be affected and how the costs and benefits fall across these groups’ to ‘help government choose the best path forward’. Published IAs support transparency over Australian Government decision‐making.

5. This audit provides assurance about whether PM&C is effectively administering the IA framework to achieve the IA framework’s objective of enabling well‐informed and transparent Australian Government decision‐making.

Audit objective and criteria

6. The audit objective was to assess the effectiveness of PM&C’s administration of the IA framework to enable well-informed and transparent Australian Government decision-making.

7. To form a conclusion against the objective, the ANAO adopted the following high-level criteria.

• Are PM&C’s governance arrangements for the IA framework fit for purpose?
• Is the IA framework implemented effectively?
• Has PM&C been an effective steward of the IA framework?

8. The audit focused on the period 1 July 2022 to 30 June 2024.

Conclusion

9. PM&C’s administration of the IA framework, including its governance and day-to-day implementation, has been largely effective. As steward of an Australian Government framework designed to achieve well-informed and transparent policy decision-making, PM&C could do more to evaluate whether the IA framework is fully achieving its objectives.

10. PM&C’s governance arrangements for the Impact Analysis framework are largely fit for purpose. Structural arrangements, settings and practices of the Office of Impact Analysis (OIA) do not clearly support independence of the office from government — a key principle. PM&C has established governance arrangements relating to conflict of interest, risk management, business planning, workforce planning, and information management, which apply to the work of the OIA. The OIA has largely implemented required governance arrangements. As steward of the framework, PM&C undertakes some engagement with stakeholders in Australia and internationally, which could be improved by better strategic planning and coordination across the Australian public sector.

11. The IA framework is implemented largely effectively. PM&C provides effective assistance to policy agencies to comply with the IA framework. PM&C has not examined the merits of a risk-based approach to increasing usage of non-mandatory early assessments, which positively impact IA quality. PM&C’s scrutiny of policy agencies’ use of ‘IA equivalents’, which exempt a policy proposal from the full IA assessment process, has been strengthened. Implementation of preliminary and final assessments is largely effective. Across all stages of the IA assessment process, internal guidance supporting decision-making and documentation of decision-making could be improved.

12. PM&C has been a largely effective steward of the IA framework. It has taken steps to evaluate whether the IA framework is achieving its objectives. PM&C provides advice to government on IA framework activities and on how the IA framework could be improved. PM&C could do more to monitor its effective and efficient implementation of the IA framework, to plan its monitoring and evaluation activities, and to evaluate its secondary role in improving policy capability across the Australian Public Service. Transparency could be enhanced through better public performance reporting.

Supporting findings

Governance

13. Independence of the office is an underlying principle of the IA framework. PM&C states that the OIA ‘maintain(s) day-to-day independence from the Australian Government in our decision-making’. The office is a branch within PM&C. Practical and structural controls to protect independence could be better articulated to increase confidence in how the framework is implemented. PM&C’s governance framework includes relevant policies and tools to manage probity, risk, workforce planning and information management. Conflicts of interest are largely managed by the OIA in accordance with departmental policy. Risk management was insufficient but improved following a ‘health check’ on the office undertaken in 2023. Controls for a workforce risk have been partly implemented. The case management system is being improved. PM&C requires staff to undertake annual mandatory training on integrity, records management and security. This was not completed by all OIA staff in 2023–24, however mandatory training compliance increased in 2024–25. (See paragraphs 2.4 to 2.39)

14. While PM&C undertakes engagement activities related to its stewardship of the IA framework, including some initiated in 2024, it does not have a clearly articulated stakeholder engagement plan that identifies the desired outcomes of engagement activity, who should be part of engagement activity, the form that engagement activities should take or how PM&C will measure the effectiveness of engagement. Engagement with the Australian Public Service Commission could be increased given shared goals. (See paragraphs 2.41 to 2.52)

Implementation of the Impact Analysis framework

15. PM&C provides accessible guidance to policy agencies to assist them to meet the IA framework requirements. PM&C has developed and delivered training sessions for the Australian Public Service (APS). Feedback from training participants is sought, which is analysed and largely positive. A training strategy was finalised in March 2025. PM&C has recognised the policy agency practice of using consultants to develop IAs, and has not considered the risk that this practice may impede the development of APS policy capability. The OIA provides early assessments of IAs to policy agencies to assist with their development. Relatively few agencies participate in the voluntary early assessment stage when drafting an IA. PM&C does not have a risk-based strategy for encouraging participation in training or early assessment. (See paragraphs 3.4 to 3.22)

16. PM&C undertakes a range of assurance activities to ensure IAs have been submitted when required. It maintains guidance regarding special cases that do not require agencies to submit an IA for assessment (IA equivalent reviews, carve-outs, Prime Minister’s exemptions and sunsetting instruments). The inappropriate use of IA equivalent certifications by policy agencies to avoid IA framework requirements has been identified as a risk by government. Processes implemented in 2023 were meant to tighten PM&C’s scrutiny over the use of IA equivalent certifications by policy agencies. Record keeping of suitability decisions over IA equivalent certifications was not always complete, and there could be more internal guidance to support suitability decisions. PM&C reviewed the appropriateness of existing carve-outs in 2024 and found that 12 per cent should have been cancelled. These were cancelled after the review. There is no internal requirement regarding how promptly carve-out decisions should be published or how frequently carve-outs should be reviewed. PM&C’s treatment of Prime Minister’s exemptions and sunsetting instruments was appropriate. (See paragraphs 3.23 to 3.49)

17. The OIA undertakes preliminary assessments to determine if an IA is required for a particular policy proposal. Guidance to assist staff to consistently undertake preliminary assessments was improved in 2023–24. PM&C’s record keeping associated with preliminary assessment decisions would have been improved through better documentation of the OIA’s assessed impacts (affected cohorts, type of impacts) of the policy proposal — a key consideration in determining whether an IA is required — and the rationale for the OIA’s final decision about whether an IA was required. The preliminary assessment process had appropriate quality assurance. The outcome was appropriately communicated to agencies. PM&C provided timely advice to policy agencies on the outcomes of preliminary assessments, although a timeliness service standard was not always met. (See paragraphs 3.50 to 3.60)

18. The OIA assesses IAs for the quality of the analysis and IA development process. It uses a framework to support consistent assessments of the quality of IAs. There could be more documented guidance for assessment scoring and maintaining appropriate records of decision-making. Decision-making (including the rationale) for final assessments was not always appropriately documented. There is a lack of documented procedures for quality assurance over final assessments. Advice to policy agencies on final assessment outcomes was provided in all sampled IAs. On average, PM&C provides feedback to agencies to assist them to improve the quality of their IAs within a five working day standard, although the service standard is not always met. On average, publication of IAs is typically within four days of policy announcement. Publication included all of the required documents (including an accessible version of each document) for 58 per cent of 2022–23 and 2023–24 IAs. (See paragraphs 3.61 to 3.83)

19. Some policy proposals require a post implementation review (PIR). There is a lack of internal guidance about how to identify policy proposals that meet the ‘substantial or widespread economic impact’ criterion for a PIR. Registers of required and overdue PIRs are published by PM&C. As at October 2024, five of 17 required PIRs were overdue, including one due in 2013. (See paragraphs 3.84 to 3.92)

Stewardship

20. PM&C does not have an overarching monitoring plan to establish what needs to be measured and monitored in relation to its effective and efficient delivery of the IA framework process. PM&C has established performance measures in corporate planning documents relating to its administration of the IA framework, some of which are reported to the PM&C executive. PM&C has access to various monitoring data. This data is not always fully utilised, accurate or complete. Despite having timeliness service standards, PM&C does not monitor the timeliness and efficiency of its IA assessment work. (See paragraphs 4.4 to 4.11)

21. The objectives of the IA framework are clearly stated. The OIA’s objectives could be more prominently and consistently communicated, particularly with regard to its secondary role of lifting policy capability across the Australian Public Service. PM&C has taken some steps to evaluate whether the IA framework is meeting its objectives, including a survey of policy agencies in late 2023 that examined perceived impacts of the IA framework on policy uplift. It has not developed an overarching evaluation plan for the IA framework. (See paragraphs 4.12 to 4.24)

22. PM&C regularly reports to government on administration of the IA framework. There was no public performance reporting on PM&C’s implementation of the IA framework or on the achievement of policy objectives in 2023–24. (See paragraphs 4.27 to 4.32)

Recommendations

23. This report makes four recommendations to the Department of the Prime Minister and Cabinet.

Summary of entity response

24. The proposed audit report was provided to PM&C. PM&C’s summary response to the audit is provided below and its full response is at Appendix 1.

The Department of the Prime Minister and Cabinet (PM&C) welcomes the Auditor-General Report on the Administration of the Impact Analysis framework. PM&C is committed to supporting informed decision-making by ensuring the Prime Minister, the Cabinet and portfolio ministers are provided with advice that is informed, takes a whole-of-government and whole-of-nation perspective, and incorporates the views of a diverse range of stakeholders. Impact Analysis provides decision makers with information about how people, community organisations and businesses may be affected and how the costs and benefits fall across these groups.

PM&C accepts the recommendations made by the Auditor-General on the Administration of the Impact Analysis framework. PM&C will continue to work with other relevant agencies, including the Treasury’s Australian Centre for Evaluation and the Australian Public Service Commission, to ensure that advice to government continues to be accompanied by the best available analysis.

25. An extract of the proposed report was provided to the Department of the Treasury (Treasury). Treasury’s summary response is provided below and its full response is provided at Appendix 1.

Treasury welcomes the report and notes the ANAO’s finding of outstanding post-implementation reviews (PIRs) predating the transfer of that function from the Office of Impact Analysis to Treasury in July 2023. Treasury has contacted the agencies with non-compliant PIRs for action. Further, Treasury will consider PIR non-compliance more generally, as part of a review of the Post-Implementation Reviews Guidance Note that is scheduled for 2025-26.

Background

1. Australia’s biosecurity system protects its environment, economy and way of life. Australia is one of the few countries that remain free from some of the world’s most damaging pests and diseases, for example foot-and-mouth disease (FMD).¹ The Department of Agriculture, Fisheries and Forestry (the department) has forecast the value of production in the agriculture, fisheries and forestry sectors to reach $94.3 billion in 2024–25.²

2. In 2021, the department (then the Department of Agriculture, Water and the Environment (DAWE)) released Commonwealth Biosecurity 2030, a ‘strategic roadmap for protecting Australia’s environment, economy, and way of life’.³ The roadmap identified that the department needs a ‘workforce that has the capacity, skills, and flexibility to prepare for and respond to emerging biosecurity risks, challenges, and opportunities,’ and included a priority action to ‘invest in a skilled and responsive workforce supported by improved regulatory tools and information.’⁴

Rationale for undertaking the audit

3. Regulatory and workforce capability has been identified by the department as a strategic risk that has the potential to impact its ability to achieve its purposes and priorities.⁵

4. Recent reviews of the department, including by the ANAO, the Inspector-General of Biosecurity, and the Australian Public Service Commission have found weaknesses in the department’s workforce planning, governance, arrangements to respond to non-compliance with biosecurity requirements, and culture.

5. This audit provides assurance to Parliament that the department has effective workforce planning, delivery, and oversight to deliver Australia’s Appropriate Level of Protection against biosecurity import risks at the Australian border.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of the Department of Agriculture, Fisheries and Forestry’s management of the biosecurity workforce.

7. To form a conclusion against the audit objective, the following criteria were adopted.

• Has the department undertaken appropriate workforce planning to deliver the biosecurity function?
• Does the department meet the requirements of its workforce plans for the biosecurity workforce?
• Has the department established effective arrangements to monitor and report on the activities and delivery of the biosecurity workforce?

Conclusion

8. The department’s planning and management of the biosecurity workforce is partly effective. Deficiencies in planning for and the delivery of the workforce and systemic and ongoing issues with information management compromise the department’s ability to effectively manage biosecurity risks. The department is progressing workforce planning activities at the enterprise level and within Biosecurity Operations Division (BOD) and the Post Entry Quarantine Facility (PEQ). These workforce planning activities will need to be supported by monitoring and reporting arrangements that identify and allocate the workforce resources to the areas of greatest biosecurity risk; and allow for an assessment of the effectiveness of biosecurity activities.

9. The department has been partly effective in its workforce planning for the biosecurity function. A group-level tactical workforce plan was approved in October 2024 and an enterprise-wide workforce strategy was published in December 2024. These documents, when implemented, have the potential to integrate workforce planning into the department’s enterprise planning framework and to align it with the department’s purpose. Prior to the development of these plans, BOD undertook workforce planning activities including the development of workforce reports and an operational Workforce Strategy. The operational Workforce Strategy for BOD would benefit from the inclusion of a future state workforce design. An operational workforce plan has not been developed for PEQ. The impact of changes in biosecurity risk on workforce resource requirements are not consistently measured. The department does not have a strategy for coordinating surge support at the border. Business continuity plans for BOD have not been maintained. Business continuity plans for PEQ are published and maintained.

10. The department has been partly effective in meeting the requirements of its biosecurity workforce plans. The biosecurity workforce is below budgeted levels, driven by understaffing in BOD. The department has established mechanisms to authorise biosecurity officers under the Biosecurity Act 2015 (the Act). The department does not have a policy that clarifies the circumstances for biosecurity officer authorisations, including when authorisation is no longer required. The department supports staff to make decisions regarding biosecurity risk through training and the development of decision support material, and has funded projects to update decision support material. Not all instructional material used by biosecurity officers is held in the instructional material library, and 39 per cent of biosecurity-related material in the library is out of date. Staff competencies are not stored in an appropriate record-keeping system and ongoing verification of staff competencies is not part of a risk-based framework that supports divisional and enterprise learnings and continual improvement. The department does not have assurance that staff are booked to cargo inspections in accordance with their competencies.

11. The department’s monitoring and reporting of biosecurity activities and workforce is partly effective. The department has systems in place that collect data on the biosecurity workforce and on the activities and delivery of the biosecurity function. Data quality issues relating to establishment and scheduling data limit the department’s understanding of its resource allocation. The department is currently progressing an enterprise-level human resources data-linking project, which has the potential to provide insights into its workforce. Until there are links between resource systems and biosecurity outcomes, the department is unable to gain assurance over the effectiveness of its workforce allocations against biosecurity risks. Ongoing deficiencies in the department’s record keeping impact its documentation of its business considerations and decisions, and risks the department being unable to demonstrate that staff have the competencies to undertake tasks they are assigned.

Supporting findings

Workforce planning for the biosecurity function

12. In October 2024 the department developed a group-level tactical workforce plan for the Biosecurity, Operations and Compliance Group. An enterprise-level workforce strategy and planning framework was published in December 2024. The governance framework over workforce planning that occurs at the group, division and team levels does not ensure that existing work is leveraged for department-wide impact and to prevent duplication of effort. BOD has developed operational and program level planning specific to its operating context. These set out activities intended to support workforce attraction, recruitment and retention. They do not describe a clear future state for the workforce in terms of identifying required staffing numbers, linked to skills and capabilities, location and strategies for delivering against surge and overtime requirements. The PEQ does not have finalised workforce plans. (See paragraphs 2.3 to 2.49)

13. The department has commenced work to develop interventions across the employment lifecycle intended to deliver a sustainable future workforce. BOD has drafted a recruitment strategy and commenced developing a capability framework. PEQ has a draft capability framework, which has not been implemented. The department does not have a strategy to meet government targets for First Nations representation in the biosecurity workforce. (See paragraphs 2.50 to 2.73)

14. The department has processes in place to consider the workforce impact of changes in risk at the border. These are not consistently applied. BOD has identified the need to formalise surge capacity and capability in executive forums. The division does not currently have a dedicated surge response for deployment during an unexpected biosecurity event. BOD undertook a review of its business continuity plans in 2022 and developed a framework and some plans as a result of the review. The plans are now out of date and have been removed from the department’s intranet. A further review and updating project is planned for 2025. PEQ has a business continuity plan that is available on the intranet. (See paragraphs 2.74 to 2.99)

Delivering the biosecurity workforce

15. At June 2024, BOD was 320.9 full time equivalent staff below budgeted staffing levels. This has resulted in increased wait times for industry. At June 2024, PEQ staffing was at budgeted levels. Over 2022–23 and 2023–24, BOD and PEQ recruitment process timelines exceeded departmental policy requirements. The department has developed materials to assist staff to make biosecurity related decisions and manage biosecurity risk. Not all materials are centrally located in an approved system, and 39 per cent of biosecurity-related instructional material is out of date, creating a risk that biosecurity risk is not being effectively managed. (See paragraphs 3.3 to 3.39)

16. The department has established mechanisms to authorise biosecurity officers under the Act. The department would benefit from documentation guiding when authorisation is appropriate, when it should be maintained, and when it should be revoked. The department has identified necessary staff competencies and has developed training and competency assessment processes. Records of competency assessment are not stored in an appropriate record-keeping system and the department does not have assurance the cargo and maritime inspections scheduling system schedules inspectors according to their competencies. The process of verifying staff competencies does not ensure a risk-based approach to coverage, allow for continual improvement of processes, or provide executive oversight. (See paragraphs 3.40 to 3.112)

Monitoring and reporting of the activities and delivery of the biosecurity workforce

17. The department has systems in place that collect data on the activities and delivery of the biosecurity workforce. BOD has identified deficiencies in its data governance over the collection of information into Aurion and the Scheduling and Workload Management System (SWMS). There are also deficiencies in the department’s record keeping, which result in a lack of clarity over decisions taken and assurance over key processes. The inconsistent, incorrect or incomplete collection of information impedes the ability of the department to use data to understand its workforce and activities. (See paragraphs 4.3 to 4.27)

18. The department has created dashboard reports summarising biosecurity activities and the workforce. These are used by staff at all levels and in all pathways. Reports present information on the activities undertaken by the department, and its operating context. Inconsistent data collection and the absence of leakage reporting against all pathways and locations impacts the department’s ability to understand and prioritise risks presented by each pathway and to allocate its workforce in response. (See paragraphs 4.28 to 4.49)

Recommendations

Summary of entity response

19. The proposed audit report was provided to the department. The department’s summary response is reproduced below. The full response from the department is at Appendix 1. Improvements observed by the ANAO over the course of this audit are listed at Appendix 2.

The Department of Agriculture, Fisheries and Forestry (the department) welcomes the findings of the ANAO and is committed to implementing the report’s seven recommendations appropriately and in a timely manner.

The recommendations focus on strengthening workforce planning, resource allocation, benefits management, record keeping, and reporting. As import volumes rise and the biosecurity risk environment continues to evolve, the department recognises the critical role that these business functions play in managing biosecurity risks. The department is committed to understanding the systemic issues that could limit our effective delivery of the biosecurity workforce. The ANAO findings, therefore, provide valuable insights that will support ongoing efforts to enhance effective and efficient management of the biosecurity workforce and regulatory capability uplift initiatives.

We will continue to improve processes that support the biosecurity workforce and broader management of biosecurity risks. Work is already underway across the department to address several elements of the recommendations and to leverage identified opportunities for improvement. The department remains committed to driving positive change through the Transformation Action Plan, other departmental strategic initiatives, and enhanced Biosecurity, Operations and Compliance Group operating models.

Background

1. For the financial year 2022–23, the Department of Defence (Defence) ranked as the Australian Government’s largest procurer with 51.7 per cent of Commonwealth entity contracting, valued at $38.69 billion.¹ Successive Australian governments have encouraged the involvement of domestic industries in Defence procurement to develop and maintain the industrial base, secure supply chains, and promote employment and economic growth.

2. Defence initiatives to maximise the opportunities for domestic suppliers to participate in government procurement include the Australian Industry Capability (AIC) Program, launched in February 2008.² The AIC Program required potential contractors to demonstrate how their tenders provide opportunities for Australian businesses.

3. On 28 March 2019, the Minister for Defence Industry released the Defence Policy for Industry Participation (DPIP) to improve consistency in Defence’s approach to maximising Australian industry’s opportunity to participate in Defence procurement. The DPIP requires Defence to consider AIC plans or schedules (or Local Industry Capability plans for construction projects) during procurement decision-making and to ensure the industry commitments in those plans are captured as contracted obligations in materiel and non-materiel procurements valued at or above $4 million, and construction procurements at or above $7.5 million.

Rationale for undertaking the audit

4. Defence’s implementation and delivery of contracted Australian industry requirements has been an area of focus for successive governments and an ongoing interest for the Parliament. The government intent to maximise Australian industry involvement in Defence procurement was reflected in the AIC Program in 2008 and reaffirmed in the 2016 Defence Industry Policy Statement and the 2018 Defence Industrial Capability Plan. This audit provides the Parliament with independent assurance on the effectiveness of Defence’s arrangements to deliver Australian industry policy outcomes through its contractual arrangements with its suppliers.

Audit objective and criteria

5. The objective of the audit was to examine the effectiveness of Defence’s administration of contractual obligations to maximise Australian industry participation.

6. To form a conclusion against the audit objective, the ANAO adopted the following high-level criteria:

• Have fit-for-purpose administrative arrangements been established to maximise Australian industry participation in Defence procurement and contracting?
• Have applicable contracting requirements been implemented to maximise Australian industry participation?
• Has Defence implemented appropriate governance, assurance and reporting arrangements to support the objective of maximising Australian industry participation?

Conclusion

7. Defence has not maximised Australian industry participation through the administration of its contracts. Defence industry policy and contracting requirements were not applied to all relevant procurements, and — where supplier commitments have been contracted — Defence has not effectively monitored or ensured the delivery of those obligations.

8. Defence’s administrative arrangements for maximising Australian industry participation through its procurement and contracting activities are partly fit for purpose. Defence’s procurement framework has not been updated in a timely manner, and as at August 2024, did not fully reflect the requirements of the March 2019 DPIP. Guidance for Defence personnel in relevant tendering and contracting templates is incomplete, and in some cases outdated. Defence engages with industry through forums and other activities as well as through individual procurement processes to support the intent of government’s industry contracting policy.

9. Defence has not implemented applicable contracting requirements effectively. Of the eight contracts examined, each had one or more important shortcomings resulting from limitations in Defence’s advice to potential suppliers, weaknesses in Defence’s contracting of industry participation commitments, and ineffective monitoring of supplier compliance with those commitments.

10. Defence’s governance, assurance and reporting arrangements for industry participation are partly appropriate. Senior Defence committees have received reports on activities to support Australian industry policy objectives. Defence did not establish the Industry Policy Division working group to periodically review the policy in accordance with the DPIP. The AIC Plan assurance framework does not align with a professional standard-setting framework and activities conducted under that framework do not provide reasonable assurance over the matters examined. Defence reports on Australian industry expenditure and has undertaken to further develop its reporting as part of the 2024 Defence Industry Development Strategy.

11. As outlined in the 2024 Defence Industry Development Strategy, Defence was to update the DPIP in late 2024. This policy update follows the 2023 Defence Strategic Review and the 2024 National Defence Strategy. Effective implementation of the next iteration of Australian defence industry contracting policy will require appropriate administrative and IT support systems, including sound procurement controls and contract management activities.

Supporting findings

Administrative arrangements

12. Defence gives effect to its Australian industry contracting requirements through its internal policy framework. Defence’s framework is informed by requirements under the Public Governance, Performance and Accountability Act 2013, the Commonwealth Procurement Rules and government’s Defence industry policies, as set out by the 2016 Defence Industry Policy Statement and the 2018 Defence Industrial Capability Plan. Key elements of Defence’s established policy framework, such as the Defence Procurement Manual (DPM) and its contracting templates, were not updated in a timely manner following the release of the DPIP in March 2019. The DPM was not updated until 1 July 2020, 15 months after the DPIP’s release. Defence lacks arrangements to ensure that procurement documents and contracting templates are aligned with the DPIP requirements, and up to date. Automated system controls, which were established in 2022 and mandated in 2024 — to improve compliance with mandatory procurement policies — do not cover the requirements of the DPIP. (See paragraphs 2.2 to 2.41)

13. Guidance on the Australian Standard for Defence Contracting (ASDEFCON) and the Suite of Facilities tendering and contracting templates is incomplete, with additional guidance notes planned but not developed and released. Defence does not assess its personnel training data by role and therefore cannot provide assurance that its procurement and contracting staff have undertaken training relevant to their roles. The dedicated AIC training course announced in February 2019 is primarily focused on materiel procurements and was not implemented until September 2022. (See paragraphs 2.42 to 2.67)

14. Defence has undertaken a range of industry engagement activities to support the objective of maximising Australian industry participation in procurement. These activities have included the establishment of an Australian Industry Capability Forum and engagements with industry associations. In the absence of a communications strategy for the DPIP, Defence is unable to measure the effectiveness of the information and guidance it has provided to industry on the industry contracting policy requirements in place since 2019. (See paragraphs 2.68 to 2.80)

Implementation of requirements

15. Defence’s advice on Australian industry contracting requirements was provided to potential suppliers as part of the relevant tender processes. Each of the eight contracts examined contained one or more shortcomings with respect to this advice or in the contracting materials provided by Defence, including:

• Defence not considering industry contracting requirements during the early stage of the procurement and therefore not advising suppliers of all requirements;
• the rationale for exemptions from implementing Australian industry contracting requirements not being documented by Defence; and
• outdated or incorrect terminology and reference material being used by Defence or available to suppliers. (See paragraphs 3.6 to 3.15)

16. Of the eight contracts examined, the relevant suppliers for four had provided Defence with a project or industry plan (or schedule) in accordance with the procurement stage requirements of the DPIP. By 29 August 2024, one of these plans (or schedules) remained in draft and had not been further developed as required, and three had been finalised and approved by Defence. For the five contracts without finalised plans, Defence did not document the exemption from this requirement for three suppliers, provided one supplier with an extension to 20 June 2023, and did not finalise the draft plan for the remaining supplier.

17. For four examined contracts, additional AIC or LIC commitments were also within other contract documents. For the two examined contracts with no plans or schedules developed, AIC or LIC commitments were located in other contract artefacts such as a service management plan or statement of work. Unclear or imprecise clauses were included in the contract documentation for three contracts. Of the five that met the threshold for the publication of an AIC Plan, one was published on Defence’s website. Shortfalls in record keeping were observed in the documentation for each of the eight contracts. (See paragraph 3.16 to 3.33)

18. Defence undertakes limited monitoring to ensure the delivery of contracted Australian industry commitments. Where suppliers have reported against their DPIP-related commitments, this reporting has not been complete, with 12 of 59 relevant measures reported against. For four of the five contracts where supplier commitments have been contracted:

• the reporting to Defence indicated that these commitments were not being delivered. Defence undertook follow up action with respect to one of those contracts; and
• the DPIP-related terms in Defence’s contract with the head contractor are required to ‘flow down’ as requirements to the head contractor’s subcontractors. One of these four suppliers has reported to Defence on its engagement with subcontractors. (See paragraphs 3.34 to 3.46)

Governance, assurance and reporting

19. Senior Defence committees at the enterprise and group levels have received reports on the implementation of activities relevant to the DPIP, including the implementation of the ‘enhanced’ Australian industry capability (AIC) contractual framework announced in mid-2020. The policy oversight forum responsible for the periodic review and alignment of the policy with government’s defence industry policy objectives was not established as foreshadowed by the DPIP. In the absence of this forum, Defence has not regularly reported on the DPIP or monitored its implementation activities to ensure a unified approach at a whole-of-enterprise level, consistent with the intent of the DPIP. (See paragraphs 4.2 to 4.15)

20. Defence’s assurance framework does not prescribe the level of assurance to be obtained and does not align with an auditing standards framework. Defence’s ‘AIC Audit Program’ has provided limited insights on the extent to which Defence is implementing its DPIP obligations or whether suppliers are meeting their contracted DPIP-related commitments. Assurance activities conducted under Defence’s framework are limited to materiel contracts over $20 million in value, representing one-fifth of the procurement categories covered by the DPIP. The scope of Defence’s assurance program has included contracts that were executed prior to the March 2019 introduction of the DPIP. Of the 17 assurance activities conducted by Defence since July 2021, seven did not report the deficiencies identified in AIC plans as non-compliance, as the DPIP did not apply to those contracts.

21. Other assurance-related activities such as Defence’s self-reporting through compliance surveys under its Supplier Rating System indicate that Defence has not fully complied with its obligation to ensure supplier commitments are contracted in accordance with the DPIP. Of the 768 contract surveys conducted as at July 2024, 209 (27 per cent) reported that AIC obligations were ‘not applicable’. Other procurement and contracting compliance arrangements in Defence do not cover the DPIP’s requirements and have therefore not identified issues relating to its implementation. (See paragraphs 4.16 to 4.38)

22. Defence has established performance measures related to its engagement with Australian industry and provides quarterly reporting to the Minister for Defence. Defence’s administrative systems do not support reporting at the project level or ensure that AIC Plans are published where required. Defence has undertaken to further develop its reporting on defence industry as part of its implementation of the Defence Industry Development Strategy. (See paragraphs 4.39 to 4.57)

Recommendations

Summary of entity response

23. The proposed audit report was provided to the Department of Defence. Defence’s summary response is provided below, and its full response is included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Defence acknowledges the findings of the Auditor-General’s Performance Audit report: Maximising Australian industry participation through Defence contracting. Defence is committed to ensuring that Australian industry participation in Defence contracts is considered and optimised in the delivery of Defence capabilities.

Defence accepts the key findings and recommendations aimed at enhancing governance, assurance, reporting arrangements, relevant training and guidance when implementing Australian industry participation policy requirements in Defence procurements.

In alignment with the Defence Industry Development Strategy, Defence has commenced the process to update the Defence Policy for Industry Participation and procurement reform initiatives to ensure Defence and industry are better positioned to deliver the required capabilities within reduced timeframes. These reforms will directly support the implementation of the ANAO’s recommendations relating to improvement of administrative arrangements to enable identification and monitoring of Defence’s industry policies enabled through its contract frameworks.

Background

1. The Office of the Fair Work Ombudsman (the OFWO) was established on 1 July 2009 as an independent statutory office created by the Fair Work Act 2009 (the Fair Work Act) to promote compliance with workplace relations through advice, education and, where necessary, enforcement.¹

2. The OFWO regulates all businesses and workers covered by the Fair Work Act. This represents approximately one million employing businesses and around 13 million workers. In 2023–24 the OFWO reported that it recovered $473 million in unpaid wages and entitlements for nearly 160,000 employees, of which $333 million was recovered from the large corporates sector.²

3. The Fair Work Ombudsman is the accountable authority of the OFWO. The Minister for Employment and Workplace Relations sets government policies and objectives relevant to the OFWO in carrying out its statutory functions as a regulator.³ Since July 2022, there have been legislative amendments to the Fair Work Act, including changes to the protection and entitlements of employees and additional responsibilities and funding for the OFWO. This included the OFWO assuming responsibility for the regulation of the Fair Work Act for the commercial building and construction industry and the ability to investigate allegations related to the prohibition of workplace sexual harassment.

Rationale for undertaking the audit

4. The OFWO is the national workplace relations regulator. Its functions include promoting and monitoring compliance with workplace laws, inquiring into and investigating breaches of the Fair Work Act and taking appropriate enforcement action. Since July 2022, the OFWO has made changes to its approach and operations in response to: the expansion of the coverage of the Fair Work Act; implementation of the recommendations resulting from an external review; and revisions to its budget. This audit was conducted to provide assurance to Parliament that the OFWO is exercising its regulatory functions effectively.

Audit objective and criteria

5. The objective of the audit was to assess the effectiveness of the Office of the Fair Work Ombudsman’s exercise of its regulatory functions.

6. To form a conclusion against the objective, the following high-level criteria were adopted:

• Has the OFWO established fit-for-purpose governance arrangements to support the effective management of compliance with the Fair Work Act?
• Are the OFWO’s arrangements to encourage voluntary compliance and detect non-compliance with the Fair Work Act effective?
• Are the OFWO’s arrangements to enforce compliance with the Fair Work Act effective?

Conclusion

7. The OFWO is largely effective in the exercise of its regulatory functions. There are opportunities for it to improve its effectiveness by improving strategic oversight of its regulatory objectives and outcomes, establishing frameworks for implementing and monitoring of regulatory priority areas and activities, and measuring the efficiency and effectiveness of its regulation.

8. The OFWO has established largely fit-for-purpose governance arrangements to support the effective management of compliance with the Fair Work Act. The OFWO developed compliance strategies that reflected ministerial Statements of Expectations. The compliance strategies were partly risk-based and not fully integrated into OFWO’s business planning. The OFWO is effective in managing its stakeholder relationships except for not assessing regulatory capture risk as a discrete source of risk. The OFWO’s monitoring of its regulatory performance focused on operational decision-making rather than the achievement of its regulatory priorities and outcomes. The OFWO is redeveloping its performance measures with the intention of improving its reporting of efficiency and effectiveness.

9. The OFWO’s arrangements to encourage voluntary compliance and detect non-compliance with the Fair Work Act are largely effective. The OFWO has established arrangements for the prevention, and proactive and reactive detection, of non-compliance and has published a compliance and enforcement policy. The OFWO does not monitor timeliness, risk, or return on investment for its prevention and detection of non-compliance. The OFWO does not have insight into whether the balance of preventative and detective compliance and enforcement activities is appropriate.

10. The OFWO’s arrangements to enforce compliance with the Fair Work Act are largely effective. The OFWO has established arrangements to manage non-compliance cases and the OFWO deploys its enforcement tools in line with its regulatory posture and policies. The OFWO’s monitoring and reporting does not provide an assessment of the effectiveness of its enforcement activities and outcomes in promoting compliance with the Fair Work Act. The OFWO compliance and enforcement actions were undertaken in accordance with internal policies. These actions were not adequately documented in OFWO’s records management systems. The OFWO documented that it would deviate from implementing the mandatory requirements of the Australian Government Investigations Standard, October 2022 (AGIS 2022). Deviations include not implementing a quality assurance framework.

Supporting findings

Governance arrangements

11. The OFWO’s approach to developing and implementing regulatory priorities and compliance strategies takes into consideration the requirements of the ministerial Statements of Expectations. The OFWO’s regulatory priorities and compliance strategies are not fully integrated into business planning and do not reflect a comprehensive assessment of risk exposures and mitigations. (See paragraphs 2.4 to 2.30)

12. The OFWO has established stakeholder engagement and management arrangements to support its regulatory functions. The OFWO has also established stakeholder feedback processes. The OFWO has not documented regulatory capture as a discrete source of risk or assessed the adequacy of its controls to mitigate regulatory capture risk. (See paragraphs 2.31 to 2.49)

13. The OFWO’s governance arrangements have a focus on operational decision-making. The enforcement board did not fully meet its terms of reference to provide strategic monitoring of regulatory activities. The OFWO’s performance reporting arrangements prior to 2024–25 included measures of output rather than efficiency and effectiveness. The OFWO is re-developing its performance measures and will need to provide greater insight into the ongoing effectiveness of its regulatory outcomes and impacts. (See paragraphs 2.50 to 2.84)

Prevention and detection of non-compliance

14. The OFWO has provided assistance, advice and education to employees, employers, outworkers, outworker entities and organisations to achieve regulatory objectives. The OFWO has developed and published a compliance and enforcement policy. The policy does not provide clear guidance to users about: how services will be prioritised and provided; and does not fully address the different needs of internal and external users. (See paragraphs 3.4 to 3.33)

15. The OFWO has established arrangements for proactive and reactive detection of non-compliance, including intelligence and analysis, proactive investigations, responding to requests for assistance, self-reporting of non-compliance and ad hoc investigations. These arrangements do not consider operational requirements and constraints, such as budgets, timeliness, risk and return on investment. This information would allow the OFWO to monitor the efficiency and effectiveness of its regulatory activities and assess whether the balance of preventative and detective activities is appropriate for the OFWO’s regulatory objectives. (See paragraphs 3.34 to 3.66)

Enforcement

16. The OFWO deploys its compliance and enforcement tools in line with its regulatory posture and compliance and enforcement policy. The use of compliance and enforcement tools requires long term management. Fifty per cent of investigations take more than 136 days to finalise with two per cent taking more than two years. The OFWO’s monitoring and reporting does not provide an assessment of the effectiveness of its enforcement activities and outcomes in promoting compliance with the Fair Work Act. (See paragraphs 4.2 to 4.17)

17. In July 2024, the OFWO assessed and agreed deviations from AGIS 2022. One ‘notable deviation’ from AGIS 2022 was the decision not to implement a quality assurance framework. Prior to July 2024, the OFWO did not use the relevant AGIS to inform the development of its policies, procedures, staff roles and staff qualifications. At November 2024, 50 per cent of OFWO staff conducting or oversighting investigations did not hold the relevant certification as required by AGIS 2022. The OFWO’s decision records did not evidence that compliance and enforcement activities were performed adequately. For example, case monitoring meeting and approvals were not consistently recorded in OFWO’s records management systems. (See paragraphs 4.18 to 4.55)

Recommendations

Summary of entity response

18. The proposed audit report was provided to the OFWO. The OFWO’s summary response is reproduced below and its full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

The OFWO welcomes the ANAO’s report and agrees with the recommendations.

The OFWO has experienced considerable transformation over the past year. Central to the new strategic enforcement approach is tripartism, recognising that each element within the workplace relations system plays an important role in fostering a culture of compliance. As part of this, the OFWO has established a range of collaborative mechanisms with stakeholders and is updating critical strategic documents that define the Agency’s approach and operating environment.

A new organisational structure took effect on 1 July 2024 so that the OFWO is best positioned to deliver its identified objectives and strategic goals.

As detailed in our Statement of Intent, we use intelligence and data to inform our work, including the selection of our priority areas. We are committed to maintaining strong governance, supporting transparent and consistent decision-making.

As detailed in our Statement of Intent, we strive for continuous improvement in our policies, processes and practices. We are committed to focussing on developing the leadership and operational capability of staff at all levels, through our capability uplift program, to ensure we effectively discharge our statutory functions.

Background

1. The Australian Government’s campaign advertising framework (the framework) applies to non-corporate Commonwealth entities under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).¹ The overarching aim of the framework, introduced in 2008, is to provide the Parliament and the community with confidence that public funds are used to meet the genuine information needs of the community.²

2. The government periodically issues guidance for entities undertaking information and advertising campaigns. The most recent version of the Australian Government Guidelines on Information and Advertising Campaigns by non-corporate Commonwealth entities (the Guidelines) was released in December 2022 (2022 Guidelines)³, replacing the October 2020 Guidelines (2020 Guidelines). The Guidelines are administered by the Department of Finance (Finance) and state that they:

operate on the underpinning premise that:

1. members of the public have equal rights to access comprehensive information about government policies, programs and services which affect their entitlements, rights and obligations; and
2. governments may legitimately use public funds to explain government policies, programs or services, to inform members of the public of their obligations, rights and entitlements, to encourage informed consideration of issues or to change behaviour.⁴

3. The Guidelines apply to all information and advertising campaigns⁵ undertaken in Australia by non-corporate Commonwealth entities.⁶ Entities subject to them:

must be able to demonstrate compliance with the five overarching principles when planning, developing and implementing publicly-funded information and advertising campaigns. The principles require that campaigns are:

• relevant to government responsibilities
• presented in an objective, fair and accessible manner
• objective and not directed at promoting party political interests
• justified and undertaken in an efficient, effective and relevant manner, and
• compliant with legal requirements and procurement policies and procedures⁷

Rationale for undertaking the audit

4. This audit is part of an ongoing program of performance audits on Australian Government advertising. The rationale for undertaking this audit is to provide the Parliament with information on key developments in the framework since the period covered by the 2022 ANAO audit⁸, when the ANAO last reported on its operation.

5. The audit provides independent assurance on whole-of-government administration of the framework by the Department of Finance and selected entities’ compliance with the Guidelines and the wider framework requirements.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of the Department of Finance’s and selected entities’ implementation of the Australian Government’s campaign advertising framework.

7. To form a conclusion against this objective, the following high-level criteria were adopted:

• Does the Department of Finance effectively administer the Australian Government’s campaign advertising framework?
• Were selected campaigns compliant with the Australian Government’s campaign advertising framework?

8. The audit examined developments in the administration of the framework from November 2021 to November 2024. Three campaigns were selected for review:

• One Talk at a Time campaign, conducted from October 2023 to April 2025, administered by the Attorney-General’s Department (AGD)⁹;
• Your Answer Matters campaign, conducted from August to October 2023, administered by Australian Electoral Commission (AEC)¹⁰; and
• Youth Vaping Education (phase one) campaign, conducted from February to June 2024, administered by the Department of Health and Aged Care (Health).¹¹

Conclusion

9. Finance has been effective at administering the framework. AGD and Health were largely compliant with the framework. The AEC largely complied with its internal requirements and the intent of the framework.

10. Finance has supported entities undertaking campaigns and has arrangements in place to manage brand safety risks relating to advertising on social media platforms. There are emerging gaps relating to the identification and management of risks, including to brand safety, associated with the use of artificial intelligence (AI) and emerging technologies in government advertising campaigns, and the changing nature of campaign activities, such as the use of media partnerships and influencers to reach target audiences in government campaigns. Finance extended the whole-of-government Master Media Agency contract after all extension options had been exercised. Finance has met its reporting requirements for expenditure on advertising campaigns.

11. AGD’s One Talk at a Time campaign largely complied with the review, certification and publication requirements of the framework. AGD complied with the requirements of Principles 1 to 3 and largely complied with Principles 4 and 5 of the 2020 Guidelines. Campaign effectiveness was reduced by the delayed implementation of pre-launch public relations activities. Not all campaign materials contained appropriate attribution of Australian Government involvement and two procurements were not accurately reported on AusTender. The advertising component of the campaign was evaluated, with the evaluation report finding that the campaign ‘achieved’ one objective and ‘partially achieved’ two objectives. At November 2024, an evaluation addressing other aspects of the campaign had not been undertaken as public relations activities were still underway.

12. Since 2009, the AEC has had an exemption from most aspects of the framework and has committed to complying with the intent of the 2022 Guidelines. Documentation capturing the AEC’s requirements for campaign development and certification, known as ‘AEC communication campaigns: Guidelines and mandatory checklist’ (AEC Guidelines), was in draft and there was no documented approval. The AEC’s Your Answer Matters campaign largely complied with the review and publication requirements. Publication requirements were met, although AEC did not publish campaign research reports, did not document consideration of whether doing so was appropriate and there were inaccuracies in the reporting of campaign expenditure figures in the AEC annual report and subsequent reporting to the Department of Finance. The AEC complied with Principles 1 to 4 of the 2022 Guidelines and largely complied with Principle 5. Legal advice addressing all legal requirements of Principle 5 was finalised after the campaign had commenced. The AEC’s requirements for attribution of AEC contribution to media partnerships and public relations materials was not documented. The AEC evaluated the campaign with the evaluation report finding that of the total 23 objectives, 16 were ‘met’, six were ‘partly met’ and one was ‘not met’.

13. Health largely complied with the review, certification and publication requirements of the framework. Health complied with the requirements of Principles 1, 3 and 4 of the 2022 Guidelines and largely complied with Principles 2 and 5 of the 2022 Guidelines. Health did not document how campaign imagery reflected a diverse range of Australians. Not all campaign materials contained attribution of Australian Government involvement. Health evaluated the Youth Vaping Education (phase one) campaign to determine its effectiveness. The evaluation report consolidated the campaign’s original seven objectives into four objectives. The evaluation found that two objectives were achieved and two objectives were partially achieved.

Supporting findings

Administration of the Australian Government campaign advertising framework — Finance

14. Finance maintains a suite of guidance documents on a clearly signposted section of its website and manages a campaign community through its GovTEAMS site to support entities undertaking campaigns throughout the campaign advertising development process. Finance facilitates the Independent Communications Committee’s review process and provides advice to government regarding requests for exemption from the Guidelines. Finance has established arrangements to receive feedback from suppliers and entities through evaluations undertaken at the end of campaigns, with annual reviews providing a whole-of-government view across all campaigns. (See paragraphs 2.3 to 2.21)

15. Finance has arrangements to manage risks relating to brand safety on social media platforms. Given the changing nature of campaign activities there are emerging gaps in relation to the use of media partnerships, public relations and influencers. Gaps relate to the appropriateness of the level of information relating to these activities provided for final government review and the attribution of campaign materials. There is an absence of guidance around emerging risks, including to brand safety, relating to the potential use of AI and emerging technologies in advertising and information campaigns. Finance extended the whole-of-government Master Media Agency contract after all extension options had been exercised. ( See paragraphs 2.22 to 2.80)

16. Finance has reported to the Parliament on annual media placement and associated campaign development expenditure by non-corporate Commonwealth entities, for campaigns with expenditure greater than $250,000 (exclusive of GST), in its annual report on Campaign Advertising by Australian Government Departments and Entities. Details of expenditure relating to Finance’s contracts with the Master Media Agency and Independent Communications Committee (ICC) members have not been included in these reports. Finance guidance does not address the publication of advertising campaign research reports which, under the 2022 Guidelines, must be published on entity websites ‘where it is appropriate to do so’ for campaigns with an expenditure of $250,000 (exclusive of GST) or more. (See paragraphs 2.81 to 2.93)

One Talk at a Time campaign

17. AGD’s One Talk at a Time campaign received government approvals in accordance with the framework requirements applying at the time it was considered.

18. The Secretary of the Attorney-General’s Department (Secretary of AGD), as the accountable authority, certified that the campaign complied with all five principles of the 2020 Guidelines and the certification was published on AGD’s website, as required. The Secretary’s certification was informed by a third-party certification from the ICC, as required by the 2020 Guidelines, and AGD advice on compliance. AGD provided the Attorney-General with the signed Secretary’s certification.

19. AGD complied with publication requirements, except for those relating to the statement in its 2023–24 annual report. AGD published its developmental research report on the One Talk at a Time campaign website. (See paragraphs 3.14 to 3.24)

20. AGD complied with Principles 1 to 3 of the 2020 Guidelines and largely complied with Principles 4 and 5.

21. For Principle 4, campaign effectiveness was reduced by the delayed execution of pre-launch public relations activities. For Principle 5, 17 of the 21 media partnership materials had appropriate attribution statements noting Australian Government involvement and two of the campaign procurements were not accurately reported on AusTender. (See paragraphs 3.25 to 3.62)

22. Advertising components of the One Talk at a Time campaign were evaluated to determine their effectiveness. This evaluation identified that the advertising component of the campaign ‘achieved’ one objective and ‘partially achieved’ two objectives. At November 2024, the planned integrated evaluation of all campaign components, including media partnerships and public relations, had not been completed.

23. The performance of the campaign was monitored against media metrics, including key performance indicators (KPIs). AGD received in-flight monitoring of the campaign’s performance, including a mid-campaign report and a final media performance report. (See paragraphs 3.63 to 3.71)

Your Answer Matters campaign

24. Due to its exemption, the AEC was not subject to review by the ICC or government review and approval processes. The AEC had documented requirements for campaign development and certification in the form of the AEC Guidelines. The version of the AEC Guidelines used for the Your Answer Matters campaign was in draft and there was no documented approval.

25. Under the AEC Guidelines, the AEC has committed to complying with the intent of the 2022 Guidelines. The AEC Guidelines did not establish a requirement for legal advice confirming compliance with Principle 5 of the 2022 Guidelines to be provided to the Electoral Commissioner prior to campaign certification.

26. The AEC followed an internal review process that involved the Electoral Commissioner providing approval for key campaign development milestones. The Electoral Commissioner signed two certifications for the campaign, which were both published on the AEC’s website in accordance with the AEC Guidelines. The AEC did not publish campaign research reports on its website and did not document consideration of whether publication of the research reports was appropriate and there were inaccuracies in the reporting of campaign expenditure figures in the AEC annual report and subsequent reporting to the Department of Finance. (See paragraphs 4.18 to 4.40)

27. The AEC complied with the intent of Principles 1 to 4 of the 2022 Guidelines and largely complied with Principle 5. Legal advice addressing all legal requirements of Principle 5 was finalised after the campaign had commenced. The AEC had not documented attribution requirements for media partnerships or public relations materials. Details of one procurement were not accurately reported on AusTender. (See paragraphs 4.41 to 4.78)

28. The Your Answer Matters campaign was evaluated to determine its effectiveness. Of the 23 objectives across the five phases of the campaign, 16 were assessed as ‘met’, six were assessed as ‘partly met’ and one was assessed as ‘not met’.

29. The performance of the campaign was monitored against media metrics, including KPIs. The AEC received weekly reporting on the performance of media channels. (See paragraphs 4.79 to 4.85)

Youth Vaping Education (phase one) campaign

30. Health’s Youth Vaping Education (phase one) campaign received government approvals in accordance with the framework requirements applying at the time it was considered.

31. The accountable authority, the Secretary of the Department of Health and Aged Care (Secretary of Health and Aged Care), certified that the campaign complied with the five ‘overarching principles’ of the 2022 Guidelines and the certification was published on Health’s website, as required. The Secretary’s certification was informed by a third-party review from the ICC, as required by the 2022 Guidelines, and Health advice on compliance. Health provided the Secretary’s certification to the Minister for Health and Aged Care on 3 May 2024, approximately three months after the campaign commenced, which was not compliant with the 2022 Guidelines.

32. Health complied with publication requirements. Health published the campaign developmental research report on its website. (See paragraphs 5.12 to 5.23)

33. Health complied with Principles 1, 3 and 4 and largely complied with Principles 2 and 5 of the 2022 Guidelines.

34. For Principle 2, Health did not document how campaign imagery reflected a diverse range of Australians. Legal advice provided in support of compliance with Principle 5 addressed the media partnerships component of the campaign but not the influencer component. Seventeen of the 28 media partnership materials did not contain attribution of Australian Government contribution to the materials. Health’s audit trail of procurement decision-making was mostly complete. (See paragraphs 5.24 to 5.74)

35. Health evaluated the Youth Vaping Education (phase one) campaign to determine its effectiveness. The evaluation report consolidated the campaign’s original seven objectives into four objectives. The evaluation found that two objectives were achieved and two objectives were partially achieved.

36. Campaign performance was monitored against media metrics, including KPIs. Health received in-flight monitoring of the campaign’s performance, including a report on the performance of influencers, a mid-campaign report and a final media performance report. (See paragraphs 5.75 to 5.82)

Recommendations

Summary of entity responses

37. The proposed audit report was provided to Finance, AGD, AEC and Health, with an extract being provided to the Independent Communications Committee. The entities’ summary responses are provided below, and their full responses are included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Department of Finance

The Department of Finance welcomes the conclusion that the Department has been effective in the whole-of-government administration of the Government’s campaign advertising framework, including Finance’s role in supporting entities, providing secretariat support to the Independent Communications Committee, meeting its requirements for reporting on campaign advertising expenditure by non-corporate Commonwealth entities, and having arrangements in place to manage brand safety risks relating to advertising on social media platforms.

Finance agrees the two recommendations directed to the Department and will take appropriate action to address the matters raised.

Attorney-General’s Department

The Attorney-General’s Department (the department) welcomes the Australian National Audit Office’s (ANAO) report on Australian Government Advertising: November 2021 to November 2024, in particular the findings for the department’s “One Talk at a Time” campaign.

The department agrees with the recommendations and acknowledges the opportunity for administrative improvements in relation to record keeping, attribution of Australian Government involvement in campaign activity and reporting on AusTender.

The department acknowledges the ANAO’s finding that the campaign successfully achieved one objective and “partially achieved” two others. However, the full evaluation of the campaign’s effectiveness is yet to be completed and is expected to conclude in 2025, following the completion of below-the-line activities.

The department is committed to continuous improvement and will use the ANAO’s findings and recommendations to further refine our campaign processes and guidance.

Australian Electoral Commission

The Australian Electoral Commission (AEC) welcomes the ANAO report.

The AEC notes it is exempt from the Australian Government Guidelines on Information and Advertising Campaigns by non-corporate Commonwealth entities, including exemption from review and approval of AEC campaigns by government. This is due to the need for campaigns on electoral events to be independent of government. Instead, the AEC has its own Guidelines and certification process.

The AEC agrees with the one recommendation relating to improvement of our own Guidelines; and acknowledges the areas for improvement. We have reviewed and are addressing the highlighted administrative processes, noting they do not compromise compliance with our Guidelines.

The AEC remains committed to continuous improvement, and to our ongoing conformance with the intent of the Australian Government Guidelines.

Department of Health and Aged Care

The Department of Health and Aged Care (the department) acknowledges the findings in this report. The department is committed to responding to the opportunities for improvement identified by the Australian National Audit Office.

It is pleasing to note the finding the department was largely compliant with the Australian Government’s campaign advertising framework, including the review, certification and publication requirements.

The department also welcomes the finding the department complied with the requirements of Principles 1, 3 and 4 of the 2022 Australian Government Guidelines on Information and Advertising Campaigns and largely complied with Principles 2 and 5 of the Guidelines. The department also appreciates the report’s recognition the department established arrangements and processes to meet the objectivity requirements of Principle 2 of the Guidelines and mitigate the risks associated with engaging with influencers.

The audit identified two opportunities to improve the documentation of how a diverse range of Australians are reflected in campaign imagery and ensuring campaign materials contain appropriate attribution of the department’s involvement. To address these findings, the department will continue to strengthen its administrative processes when implementing government advertising campaigns.

Background

1. The Australian Taxation Office (ATO) is the principal revenue collection agency of the Australian Government. Its roles and responsibilities include administering legislation governing tax, superannuation and the Australian Business Register. The ATO’s corporate plan 2024–25¹ outlines a strategic objective to ensure its client experience and interactions are ‘well designed, tailored, fair, transparent.’ This objective includes a core priority to ‘enable trust and confidence through policy, sound law design and interpretation, as well as resolving disputes’.

2. The ATO Charter (the Charter) outlines the ATO’s commitments to its clients and what can be expected in interactions with the ATO.² Under the Charter, the ATO is obligated to be fair and reasonable, provide professional service, provide support and assistance, keep clients’ data and privacy secure, and keep the community informed. This includes working with clients to address concerns and informing them how to make a complaint. The Charter provides ‘we treat all complaints seriously and aim to resolve them quickly and fairly.’

Rationale for undertaking the audit

3. The Commonwealth Ombudsman’s Better Practice Complaint Handling Guide states that ‘Australian Public Service agencies and contractors must deliver high quality programs and services to the Australian community in a way that is fair, transparent, timely, respectful and effective’³, and that ‘[g]ood complaint handling will also help meet general principles of good administration, including fairness, transparency, accountability, accessibility and efficiency’.⁴ Between 2020–21 and 2023–24 the number of complaints received by the ATO, including those referred by the Inspector-General of Taxation and Taxation Ombudsman (IGTO), increased from 24,740 to 49,414.

4. This audit will provide assurance to Parliament of the Australian Taxation Office’s effectiveness in managing complaints, including engaging with complainants, resolving complaints, and the implementation of relevant IGTO recommendations.

Audit objective and criteria

5. The audit objective was to assess the Australian Taxation Office’s effectiveness in managing complaints.

6. To form a conclusion against the objective, the following criteria were adopted.

• Does the ATO have fit-for-purpose arrangements to support the effective handling of complaints?
• Does the ATO report on complaints, effectively review its complaints management framework, and seek to improve processes and service delivery?
• Were agreed recommendations from the Inspector-General of Taxation regarding ATO complaint handling effectively implemented?

Conclusion

7. The ATO’s management of complaints is largely effective. Effectiveness would be improved if the ATO’s analysis of its complaints data also sought to identify the underlying causes of complaints and used this information to improve business processes and complaint handling.

8. The ATO’s complaints management framework is largely aligned with the Commonwealth Ombudsman’s Better Practice Complaints Handling Guide. The complaints process is accessible through multiple channels, and complaints are triaged to allocate complaints to resolvers with appropriate experience. The ATO seeks to resolve complaints at first contact. The proportion of complaints resolved at first contact has declined over the last four financial years. The ATO uses timeliness of complaint handling as its indicator for efficiency. The process is reliant on complainant feedback to improve accessibility. The ATO largely applies its framework to handle complaints, though it does not consistently document discussions with complainants to extend complaint due dates which has an impact on the accuracy of performance reporting. The ATO has also not consistently communicated taxpayer review rights to the complainant.

9. The ATO is largely effective at reporting on complaints, collecting complaint data to monitor incoming complaint volumes, categories of complaints, performance against service commitments and performance of key complaint topics. The data is used to generate internal reports based on the needs of individual business areas and bodies that meet to discuss complaint trends. Public reporting through the ATO Annual Report consists of the total number of complaints received and performance against the ATO service commitment targets. The ATO is able to determine which issue categories lead to increases in complaints but does not identify the root causes of these increases. Analysis of cross-product issues indicates that ‘timeliness’ is the largest complaint issue across many business lines, accounting for 56.5 per cent of all complaints from 2020–21 to 2023–24.

10. The ATO is largely effective in using a variety of sources including complaint data to identify business improvements to enhance both the complaint handling system and broader ATO processes and service delivery. It manages these through the Business Intelligence and Improvement register to iteratively improve its processes and service delivery. The ATO could strengthen its Business Intelligence and Improvements framework.

11. The ATO was largely effective in implementing the six IGTO recommendations made between 1 July 2020 and 30 July 2024 concerning the ATO’s management of complaints. The ATO has guidance to assist business lines developing implementation plans for recommendations. Implementation plans for the selected recommendations were largely consistent with this guidance, with the exception that the ATO’s template does not address measures of success or outcomes to be realised as required in ATO guidance. Recommendations are monitored through quarterly reporting to the ATO External Scrutineers Unit (ESU), the Audit and Risk Committee (ARC) and the IGTO. Reporting of selected recommendations was completed for all relevant quarters, though there were inconsistencies in reporting regarding revisions to the target implementation date of one recommendation. Three of the selected recommendations were assessed by the ANAO as implemented in full, two were largely implemented, and one was assessed as partly implemented. The ATO completed closure statements with attached evidence of implementation for all selected recommendations, though these were all endorsed after the reported closure dates and the ATO did not establish if the desired outcome of the recommendation had been achieved before closure of the recommendations. Evidence gathering and finalisation of the closure statements continued after the closure date for five of the six recommendations, with two also identifying ongoing work at the time of closure.

Supporting findings

Arrangements to support the effective handling of complaints

12. The ATO’s complaints management framework is largely aligned with the Commonwealth Ombudsman’s Better Practice Complaint Handling Guide. Complaints are received, are categorised, and are sent to the relevant Business Service Line if they cannot be resolved at first point of contact. Resolution is through prioritisation of calls to the complaints hotline, the use of First Contact Resolution, and via complaint categorisation at the point of receipt. The ATO approach to determining efficiency focuses on timeliness and does not consider inputs and outputs. (See paragraphs 2.3 to 2.48)

13. The process to make a complaint to the ATO is clearly articulated on its website, and guidance documents provided to staff to explain the complaints process are clear. The complaints process is accessed primarily through online web form and telephone, and is largely compliant with the BPG. The ATO does not specifically survey complainants on the ATO’s complaint management process, however complainants who have had an identity-verified interaction with the ATO were eligible to be randomly sampled for the ATO’s broader monthly Client Experience Survey. The information on complaints obtained through this survey does not support meaningful analysis. The ATO relies on complainant feedback to identify and address accessibility issues, and does not proactively monitor and assess potential accessibility barriers. The ATO implements changes when issues are brought to its attention through this channel. (See paragraphs 2.49 to 2.61)

14. The ATO uses notes, attachments and templates in the Siebel work management system to record actions taken while resolving a complaint. The complaint capture template was consistently completed by ATO staff. The issues template was largely completed in line with ATO guidelines and use of this template increased from 2020–21 to 2023–24. Notes and attachments recorded in Siebel and analysed by the ANAO indicate the ATO actions complaints in accordance with its guidance. Regular ongoing contact was not consistently maintained with complainants in 2022–23 and 2023–24, and some complainants were not advised of their review rights when a complaint was closed. The ATO did not have a discussion with complainants before extending due dates in the majority of complaint cases. The extended due dates exceed the ATO’s service commitment to resolve complaints within 15 business days. (See paragraphs 2.62 to 2.86)

Reporting, process improvement, and review

15. The ATO generates internal reports based on the needs of individual business areas and bodies that meet to discuss complaints. Public reporting through the ATO Annual Report consists of the total number of complaints received and performance against the ATO service commitment targets. The ATO is able to determine which issue categories have led to increases in complaints, but does not identify the root causes of these increases. Analysis of cross-product issues indicates that ‘timeliness’ is the largest complaint issue across many business lines, accounting for 56.5 per cent of complaints from 2020–21 to 2023–24. (See paragraphs 3.2 to paragraph 3.42)

16. The ATO uses a variety of sources including complaint data to identify opportunities to improve its complaints management framework. The ATO manages changes to its complaints management framework manually through the Business Intelligence and Improvement register. The ATO does not undertake regular evaluation of its complaint handing processes. (See paragraphs 3.43 to 3.46)

17. The complaint data collected by the ATO is used to monitor incoming complaint volumes and categories, performance against service commitments and performance of key complaint topics. The ATO also improves non-complaint handling processes and service delivery through the Business Intelligence and Improvement register. There is an opportunity for the ATO to strengthen the Business Intelligence and Improvements framework. (See paragraphs 3.47 to 3.63)

Implementation of Inspector-General of Taxation recommendations regarding complaint handling

18. The ATO has guidance for business lines developing implementation plans to address recommendations from the Inspector-General of Taxation and Taxation Ombudsman (IGTO). The ATO External Scrutineers Unit coordinates this process. Implementation plans were developed for all selected recommendations and largely reflect ATO requirements. Implementation plans are not provided to the IGTO for feedback as required and the implementation plan template does not address measures of success or outcomes to be realised as required in ATO guidance. (See paragraphs 4.3 to 4.21)

19. The implementation of recommendations from the IGTO is primarily monitored through quarterly reporting. The ATO’s External Scrutineers Unit sources updates from Business Service Lines on the implementation of recommendations to produce quarterly reporting. These updates were often returned to ESU after their due date and lacked evidence of action taken. The progress of selected recommendations was reported to the IGTO and ATO Audit and Risk Committee (ARC) in all relevant quarters. The ATO classified four of the six closed recommendations as implemented by their original target date. There are inconsistencies in the reporting of revisions to the target implementation date of one recommendation to the ARC. These revisions were made after the previous target date had passed. (See paragraphs 4.22 to 4.49)

20. Three of the six closed recommendations were assessed by the ANAO as implemented in full, two were largely implemented, and one was assessed as partly implemented. The ATO completed all required closure statements, although endorsement was provided after the closure date for all recommendations, and evidence attached was not sufficient to provide assurance of implementation status without seeking documentation from additional sources. Evidence gathering and finalisation of the closure statements continued after the closure date for five recommendations, with two also identifying ongoing work. The ATO did not establish if the desired outcome of the recommendation had been achieved before closure of the recommendations. (See paragraphs 4.50 to 4.80)

Recommendations

Summary of entity response

21. The proposed audit report was provided to the ATO. The ATO’s summary response is reproduced below and its full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

The Australian Taxation Office (the ATO) welcomes the ANAO’s report and finding that the ATO is largely effective in managing complaints.

Whilst complaints represent a very small portion of our interactions with taxpayers, we understand the importance of complaints in helping us to continue to improve their experience.

We are proud of the work we do to deliver for the Australian community in a manner that meets Government and community expectations. We are pleased to see the ANAO has found the ATO has developed largely effective arrangements to handle complaints and that we monitor, report and process improvements effectively. We remain committed to understanding the systemic issues that may be driving trends through complaints as it enables us to continually improve how we operate.

The ATO agrees with the four recommendations in the report. Implementation of the recommendations and opportunities for improvement identified by the ANAO will help us further strengthen our complaints processes, and ensure we continue to effectively meet our commitments to taxpayers and the Australian Government.

Background

1. On 5 August 2017, the Minister for Health and Aged Care announced a review of Australia’s sport integrity arrangements. The Report of the Review of Australia’s Sport Integrity Arrangements (the Wood Review) was presented to the government in March 2018 and made 52 recommendations, including the establishment of a national sports integrity commission.¹ In its February 2019 response to the Wood Review², the Australian Government agreed, agreed in part, agreed in principle or noted all recommendations. Sport Integrity Australia (SIA) was established on 1 July 2020 by the Sport Integrity Australia Act 2020 (SIA Act).

2. The object of the SIA Act is to establish SIA to prevent and address threats to sports integrity and to coordinate a national approach to matters relating to sports integrity in Australia. A National Anti-Doping Scheme is required under section 3 of the SIA Act and is set out in Schedule 1 of the Sport Integrity Australia Regulations 2020 (SIA Regulations). The SIA Regulations outline the powers and functions of the SIA Chief Executive Officer, which include having the role and responsibility of a ‘national anti-doping organisation’ for Australia under the United Nations Educational, Scientific and Cultural Organization’s (UNESCO) Anti-Doping Convention and the World Anti-Doping Code.

Rationale for undertaking the audit

3. In its response to the Wood Review, the Australian Government committed to ‘comprehensively protecting the integrity of Australian sport for the benefit of the entire Australian community’ and to establishing a national sports integrity commission (SIA). The government also noted the importance of effective anti-doping measures to protect the integrity of Australian sport.

4. The audit provides assurance to the Parliament as to whether SIA has established effective governance arrangements for anti-doping and is effectively managing the National Anti-Doping Scheme.

Audit objective and criteria

5. The purpose of the audit was to assess the effectiveness of Sport Integrity Australia’s management of the National Anti-doping Scheme.

6. To form a conclusion against the objective, the following high-level criteria were adopted:

• Has Sport Integrity Australia established fit-for-purpose governance arrangements?
• Has Sport Integrity Australia established effective arrangements to prevent and detect anti-doping rule violations?
• Has Sport Integrity Australia established effective arrangements to investigate and respond to possible anti-doping rule violations?

7. The period covered by the audit is 1 July 2021 to 30 June 2024. Anti-doping matters prior to the establishment of Sport Integrity Australia on 1 July 2020 are not within the scope of this audit.

Conclusion

8. Sport Integrity Australia’s management of the National Anti-Doping Scheme is partly effective. SIA has adopted a different approach to anti-doping regulation, depending on how anti-doping samples and testing are paid for. Regulatory responsibilities are more effectively carried out for sports that receive government funded anti-doping testing. For sports where testing costs are partially recovered from the sport, regulation is not demonstrably risk-based and data driven — a key principle of good regulation. There are deficiencies in anti-doping investigation practices.

9. SIA’s governance arrangements for the National Anti-Doping Scheme are partly fit for purpose. There are largely fit-for-purpose oversight and assurance arrangements. Risk management, including for regulatory capture risks, is not fit for purpose.

10. SIA’s arrangements for preventing and detecting doping are largely effective for sports that have mainly government funded anti-doping sample collection arrangements, and partly effective for the major professional sports that have mainly ‘user pays’ anti-doping sample collection arrangements, due to the way SIA has chosen to administer ‘user pays’ arrangements.

• There is a fit-for-purpose national anti-doping framework, which is supported by a national anti-doping policy that is adopted by 87 national sporting organisations. Another three national sporting organisations have an SIA-approved anti-doping policy.
• SIA has effective arrangements to prevent anti-doping rule violations through anti-doping education plans that are implemented and evaluated.
• For sports that have mainly government funded testing arrangements, test distribution planning is generally risk-based. Transparency could be enhanced through more comprehensive documentation of planning methodology and record keeping.
• For the six major sports that have mainly user pays testing arrangements, test distribution planning is not demonstrably risk-based. The number and distribution of tests are negotiated with national sporting organisations under a service agreement. This is not consistent with World Anti-Doping Code principles or SIA’s responsibilities as a regulator of these sports.

11. SIA’s arrangements to investigate and respond to anti-doping rule violations are partly effective. The procedural framework for investigations is partly fit for purpose, including processes related to quality assurance. There were irregularities in the triage and conduct of 38 investigations commenced in the three years to 30 June 2024, when compared to existing procedures. Investigations did not consistently meet timeliness targets. SIA’s actions in response to proven anti-doping violations were appropriate.

Supporting findings

Governance arrangements

12. SIA has responded to the Minister for Sport’s statement of expectations with an appropriate statement of intent. There are management arrangements and governance bodies that give consideration to anti-doping matters. These include advisory bodies that have been established in accordance with the Sport Integrity Australia Act 2020. Governance bodies operate in accordance with legislative requirements or terms of reference, except for the declaration of interests on two key advisory bodies. SIA’s public performance reporting includes measures related to anti-doping. There is no performance reporting specifically related to anti-doping testing and investigations — a key regulatory function. There is no measure that goes to the effectiveness or efficiency of SIA’s anti-doping activities. Performance reporting on anti-doping in 2023–24 was not fully accurate. SIA reports integrity and anti-doping matters of significance to the Minister for Sport. (see paragraphs 2.2 to 2.20)

13. Sport Integrity Australia established a risk management policy in 2021, which was updated in 2023. Risk appetite statements provided in different documents are inconsistent. There is an enterprise risk register, which was last updated in November 2021. Operational risk registers for specific business areas or activities, including for anti-doping, are not maintained. SIA undertook a review of its risk management framework in 2024, which concluded that the risk management framework required ‘significant’ work to comply with the Commonwealth Risk Management Policy. SIA commenced a body of work to improve SIA’s risk management framework. There is a largely fit-for-purpose policy framework for regulatory capture risks, including risks arising from conflicts of interest; external employment; gifts, benefits and hospitality; and sports betting. The policies are poorly implemented. (see paragraphs 2.21 to 2.43)

Anti-doping prevention and detection

14. The Sport Integrity Australia Regulations 2020 establish the SIA CEO’s functions and powers in relation to anti-doping, which include sample collection and results management for ‘sporting administration bodies’, defined as ‘national sporting organisations for Australia’. SIA has established an Australian National Anti-Doping Policy (NAD Policy) that aligns with the World Anti-Doping Code and which, as of September 2024 had been adopted by 98 sporting organisations in Australia, including 87 national sporting organisations for Australia. Anti-doping policies for the remaining three national sporting organisations that have adopted alternative policies were not approved by SIA in a timely way using documented criteria.

15. SIA’s annual anti-doping activities are supported by approximately 300 full-time equivalent (FTE) and casual employees. Budgeted average staffing levels increased by six per cent for FTE staff and 17 per cent for casual staff between 2022–23 and 2024–25. The total number of anti-doping samples collected by SIA declined by 34 per cent between 2010–11 and 2022–23.

16. SIA provides anti-doping sample collection and analysis under two general funding models: government-funded and user pays. User pays arrangements involve partial cost recovery, an approach which was approved by government in March 2024. Six professional sports (Australian football, cricket, football (soccer), rugby league, rugby union and basketball) have mainly user pays arrangements. There are no documented criteria for when to apply which funding model, however SIA has advised that it depends in part on the sporting organisation’s ability to pay for its own anti-doping testing.

17. The average cost of testing increased in the five years to 2022–23 and decreased in 2023–24. SIA has assessed the value-for-money of its laboratory testing arrangements. (see paragraphs 3.7 to 3.24)

18. SIA has developed national anti-doping education plans in each year between 2021–22 and 2023–24, as required by the World Anti-Doping (WAD) Code and SIA Regulations. SIA’s 2023–24 national education plan is consistent with requirements of the WAD Code. Sport specific education plans were developed for all sampled sports except one in 2023–24, following failure to develop sport-specific education plans for one sampled government funded sport and most sampled user pays sports in 2021–22 and 2022–23. SIA has fit for purpose arrangements to evaluate the effectiveness of the national education plan. Evaluations have found that most deliverables and outcomes relating to the national education plan were met. SIA has evaluated sport-specific education plans. (see paragraphs 3.25 to 3.42)

19. SIA undertakes an annual anti-doping test distribution planning process that is consistent with the World Anti-Doping (WAD) Code for sports with mainly government funded testing arrangements. Evaluation of previous years’ plans (one component of the WAD Code requirements) to inform improvements to current year planning is not supported by a clear methodology and could be better documented. SIA alters (moderates) the results of the risk-based test planning process using an undocumented methodology.

20. SIA’s test distribution planning for sports with mainly user pays testing arrangements is deficient in terms of systematic risk analysis informing the total number and distribution of planned tests. The total number and distribution of tests are negotiated with national sporting organisations representing user pays sports under a service agreement. Testing arrangements for user pays sports do not fully cover the off-season and pre-season.

21. In a sample of 25 government funded and user pays sports/disciplines, SIA’s testing activities for 2023–24 were mostly consistent with its planned test distribution planning. The minimum levels of analysis required under the WAD Code were achieved for all but one government funded and one user pays sport. (see paragraphs 3.43 to 3.85)

Anti-doping investigations and response

22. SIA established an investigations manual in 2020, which as of September 2024 had not been updated to align with the Australian Government Investigations Standard 2022. Elements of AGIS requirements related to information and evidence management, investigative personnel and investigative practices could be better reflected in SIA’s framework for conducting investigations. Quality assurance processes for investigations have largely not been established.

23. Between 1 July 2021 and 30 June 2024, 144 anti-doping rule violation cases were recorded in SIA’s case management system, and 38 proceeded to an investigation or ‘administrative’ treatment. There is a lack of documented procedures for a type of case (non-analytical findings) and treatment of these cases was inconsistent.

24. Six of 38 investigations commenced between 1 July 2021 and 30 June 2024 lacked investigation plans, with no documented reason for five. SIA does not have a procedure for the preparation and service of disclosure notices to athletes, and disclosure notice practices were inconsistent. SIA did not follow up using established mechanisms on athlete non-compliance with disclosure notices. A brief of evidence adjudication was appropriately prepared for 19 of 26 investigations involving a brief of evidence. Of the 38 investigations commenced since 1 July 2021, 21 were finalised by 30 June 2024 (15 resulting in a sanction). SIA states that it prepares closure reports only for matters where the decision is ‘no further action’. Three of five investigations resulting in ‘no further action’ had a closure report. Closed investigations did not meet timeliness benchmarks. (see paragraphs 4.2 to 4.54)

25. Anti-doping rule violation sanctions imposed by SIA between 1 July 2021 and 30 June 2024 were largely consistent with WADA requirements. (see paragraphs 4.55 to 4.62)

Recommendations

Summary of entity response

26. The proposed audit report was provided to SIA. SIA’s summary response is reproduced below. The full response from SIA is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

Sport Integrity Australia welcomes the findings in the ANAO audit report on Sport Integrity Australia’s Management of the National Anti-Doping Scheme and agrees with the recommendations.

These recommendations will further contribute to our continuous improvement along with our obligations to implement and enforce rules and policies relating to anti-doping in Australian sport.

The National Anti-Doping Scheme provides Australia with the legislative basis to implement obligations under the UNESCO International Convention against Doping in Sport, and in turn, the World Anti-Doping Code (the Code). The Code, and its associated mandatory International Standards, create an important, but complex set of global expectations for all National Anti-Doping Organisations.

The World Anti-Doping Agency through its most recent Code Compliance process (2022–2023) found Sport Integrity Australia to be fully compliant with all aspects of the Code. Indeed, this process highlighted the capabilities of Sport Integrity Australia far exceed many other national anti-doping agencies.

The ANAO recommendations (noting the recommendations are limited to a small section of just one of the five relevant International Standards), are valuable as we look to continually improve our program. To this end, we have already begun taking steps to implement all recommendations.

Background

1. The Australian Human Rights Commission (AHRC or the Commission) was established in December 1986 by the Australian Human Rights Commission Act 1986 (AHRC Act). The AHRC is a corporate Commonwealth entity under the Public Governance, Performance and Accountability Act 2013.

2. The Commission’s key goal related to complaint handling set out in its Corporate Plan is ‘improving enjoyment of human rights by all, supporting access to justice and remedies for people and communities whose rights are breached.’¹

3. AHRC’s Investigation and Conciliation service (ICS) is responsible for delivery of complaint investigation and conciliation. ICS also operates two information services (the National Information Service and Respect@Work National Information Service) to provide information about AHRC’s complaint handling function and respond to enquiries from the general public.

Rationale for undertaking the audit

4. AHRC is Australia’s national human rights institution. The handling of complaints is central to its purpose, which is to ensure that Australians have access to effective, independent complaints handling and public inquiry processes on human rights and discrimination matters, and benefit from human rights education, advocacy, monitoring and compliance activities. The AHRC has reported that, in 2023–24, it received 2,708 complaints. This performance audit was conducted to provide independent assurance to the Parliament that AHRC’s handling of complaints is efficient and effective.

Audit objective and criteria

5. The objective of this audit was to assess the efficiency and effectiveness of AHRC’s handling of complaints.

6. To form a conclusion against the audit objective, the following high-level criteria were adopted:

• Are AHRC’s complaint handling arrangements designed in a way to support the effective management of complaints?
• Is AHRC’s handling of complaints efficient?
• Is AHRC’s handling of complaints effective?

Conclusion

7. The AHRC’s handling of complaints is partly efficient and partly effective.

8. The AHRC has designed its complaint handling arrangements to support effective management of complaints with two exceptions. The two key shortcomings relate to it not having conducted a recent procurement for, or having a contract in place for, an information technology system to assist with the management of complaints, and not having developed a formal approach to obtaining assurance over the handling of individual complaints.

9. The timeliness of complaints handling has been declining, with the Commission not meeting its performance indicator (consistent with its enabling legislation) to finalise 85 per cent of complaints within 12 months in 2023–24. A significant backlog has developed and, although the backlog has stabilised, it remains high. Resource efficiency improved over the four years up to and including 2021–22, a trend that did not continue in 2022–23 and 2023–24.

10. A lower proportion of complaints are being conciliated by the Commission, with the Commission not meeting its related performance indicator for the last three years. A greater proportion of complaints are being terminated or discontinued. Data on complainant and respondent satisfaction with the AHRC’s complaint handling is not reliable.

Supporting findings

Complaint handling arrangements

11. Complaints mechanisms and processes are clear and accessible. (See paragraphs 2.2 to 2.13)

12. Suitable systems and processes are, in most respects, in place for complaints handling. From a random sample of 137 complaints examined by the ANAO, no systemic deviations from legislation or existing procedural guidance were identified. The main shortcomings relate to the AHRC not having appropriate contractual arrangements in place for its electronic complaints management system and the absence of a formalised quality assurance process. Since 2021, multiple reviews initiated at the request of the Australian Government to achieve savings have recommended changes to the complaints management system to improve operational efficiency. The recommended changes have not been made. (See paragraphs 2.14 to 2.52)

Complaint handling efficiency

13. AHRC has implemented systems and processes to capture input and output data which can be used to calculate basic measures of efficiency. There are issues with the reliability of complaints data that adversely affects the Commission’s management of complaints handling and its performance reporting. (See paragraphs 3.2 to 3.15)

14. Complaints handling by AHRC is not timely.

• A significant backlog in complaints developed between the first quarter of 2019–20 and quarter 3 2021–22. With fewer complaints received in 2023–24 and some additional resources, the backlog has stabilised. It remains around double what it was prior to 2019–20.
• The proportion of complaints being finalised within 12 months (one of AHRC’s performance measures, consistent with the Commission’s enabling legislation) has been declining, with AHRC not achieving its target for 2023–24. Further, this performance measure is not focused on measuring performance from the perspective of parties to the complaint.
• Complaints identified as a priority by the AHRC are typically finalised more quickly than those not prioritised. Notwithstanding this, the duration of both standard and priority complaints has increased.
• Complaint handling delays are primarily a result of delays in an accepted complaint being allocated to a case officer (rather than delays in the first stage, between complaint receipt and acceptance, or in the final stage, progressing the complaint to finalisation). The increasing time taken to allocate matters to case officers has coincided with a decrease in the number of complaints conciliated and increase in the number of discontinued complaints. (See paragraphs 3.16 to 3.41)

15. AHRC has not established a target and does not measure the resource efficiency of its Investigation and Conciliation service. The efficiency of the Investigation and Conciliation service, measured both in terms of the direct cost per finalised complaint and ratio of complaints finalised per staff member, improved over the four years up to and including 2021–22. That trend did not continue in 2022–23 and 2023–24 as a result of fewer complaints being finalised and, for 2023–24, some additional resources being provided to stabilise the backlog in complaints.

16. AHRC has not prioritised resourcing ICS in line with demand for its complaints handling services. AHRC has not developed an activity-based costing model to demonstrate the effect of the demand driven complaints workload or inform its internal allocation of resources despite an earlier recommendation from consultants in August 2021. (See paragraphs 3.42 to 3.60)

Complaint handling effectiveness

17. It has become less likely for complaints to be conciliated and more likely for complaints to be discontinued, terminated or declined by the AHRC.

• An increasing number of complaints have been assessed as suitable for conciliation and an increasing number of conciliations have been held over the last seven financial years (reflecting the higher complaint numbers overall). The proportion of complaints recorded as resolved through conciliation has decreased from 46 per cent of complaints in 2017-18 to 33 per cent in 2023-24. The Commission did not meet its target of conciliating 40 per cent of complaints in 2021-22, 2022-23 or 2023-24, notwithstanding the additional resources provided through the October 2022 Budget.
• The proportion of complaints terminated, declined or discontinued has grown, increasing from 40 per cent of complaints finalised in 2017–18 to 58 per cent of complaints finalised in 2023–24. (See paragraphs 4.4 to 4.34)

18. The AHRC is not obtaining reliable data on the extent to which complainants and respondents are satisfied with its complaint handling process.

• Parties’ measured level of satisfaction with Commission’s complaint handling processes has been decreasing over time. Overall satisfaction decreased from 91 per cent in 2017–18 to 85 per cent in 2023–24.
• Respondents and their representatives report higher levels of overall satisfaction than complainants do with AHRC complaint handling processes. Respondents also report higher levels of agreement that Commission processes are timely and fair.
• The results of the surveys reported by the Commission are not demonstrably reliable and unbiased. Of note is that 61 per cent of participants were not sent the satisfaction survey over the seven years examined. Satisfaction surveys were most often sent to participants with conciliated (53 per cent of complainants and 51 per cent of respondents) and terminated or declined outcomes (53 per cent of complainants and 52 per cent of respondents). Complainants who withdraw their complaints or complainants whose complaints are discontinued by the AHRC were less likely to be surveyed. (See paragraphs 4.35 to 4.51)

Recommendations

Summary of entity response

19. The proposed audit report was provided to AHRC. The AHRC’s summary response is reproduced below. The full response from the AHRC is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

Providing people and organisations across Australia with a free, accessible and effective dispute resolution process for discrimination and human rights complaints is one of the Australian Human Rights Commission’s key statutory functions. It is also a core component of the Commission’s vision of an Australian society in which people’s human rights are respected, promoted and protected.

The Commission welcomes the ANAO’s report and agrees or agrees in principle with its five recommendations to improve our complaint handling function.

The Commission acknowledges that currently our complaint handling function is not timely. The COVID-19 pandemic generated an unprecedented rise in complaints. Complaint numbers have remained around 30% higher than pre-pandemic levels. This continues to adversely impact timeframes. Reducing these timeframes by ensuring the Commission’s complaint function is appropriately resourced is a key priority.

Implementing the recommendations will also strengthen the Commission’s collection and analysis of complaint performance information and public reporting.

The Commission acknowledges the professionalism, integrity and empathy of our staff who deliver our information and complaint handling services. They have supported thousands of Australians over the 7-year audit period to access justice on discrimination and the human rights issues affecting them.

Background

1. The Murray–Darling Basin (the Basin) is a system of interconnected rivers and lakes in the south-east of Australia with significant environmental, cultural and economic value.

2. The Murray–Darling Basin Plan (the Basin Plan) was developed in 2012 in response to a significant period of drought in the Basin in the early 2000s (the Millennium Drought), which resulted in a recognition across the governments that a plan was needed to manage the Basin’s water resources carefully and protect the Basin for future generations. The Basin Plan sets limits on the amount of water that can be taken from the Basin for consumptive purposes by communities, farmers and businesses, while maintaining environmental sustainability, known as the Sustainable Diversion Limits (SDLs).

3. The establishment of the SDLs was accompanied by a water recovery target to ‘bridge the gap’ between the SDLs and how much water was taken from the Basin before the introduction of the Basin Plan. At the time the Basin Plan was agreed in 2012, the ‘Bridging the Gap’ target was set at 2,750 gigalitres. This was amended in 2018 to 2,075 gigalitres. As at 31 December 2022, the Murray–Darling Basin Authority (MDBA) estimated that a gap of 49.2 gigalitres of water remained in seven catchments to reach the ‘Bridging the Gap’ target.

4. The Department of Climate Change, Energy, the Environment and Water (the department) is the Australian Government entity responsible for recovering water to bridge the gap through: monitoring water recovery programs; funding, implementing and managing water infrastructure projects and efficiency measures; and undertaking purchases of water entitlements.

5. In March 2023, the department commenced an open tender process to purchase water entitlements to recover 44.3 gigalitres of water against the remaining gap of 49.2 gigalitres. The 4.9 gigalitres of surface water located in the ACT that also needed to be recovered to achieve the Bridging the Gap target was not included in the procurement process as water rights in the ACT are held and owned by a government entity. Separate arrangements were established with the ACT Government to bridge the gap in the territory.

6. The procurement process was finalised in January 2024. As at 17 January 2025, approximately 21.62 gigalitres of water has been recovered, fully bridging the gap in two of the six target catchments, with a gap of approximately 23.07 gigalitres remaining in the other four catchments.

Rationale for undertaking the audit

7. This audit examined the effectiveness of the department’s strategic procurement of water entitlements to meet the Bridging the Gap target under the Basin Plan. It followed on from Auditor-General Report No. 2 2020–21 Procurement of Strategic Water Entitlements to provide assurance to Parliament over the arrangements in place to support the procurement process, and the conduct of the procurement process to achieve value for money.

8. Water recovery is a topic of parliamentary and public interest. The Joint Committee of Public Accounts and Audit (JCPAA) identified the audit as a priority of the Parliament for 2023–24.

Audit objective and criteria

9. The audit objective was to assess the effectiveness of the department’s strategic procurement of water entitlements to meet the Bridging the Gap target under the Basin Plan.

10. To form a conclusion against the objective, the following high-level criteria were adopted.

• Did the department establish appropriate arrangements to support strategic water procurement?
• Did the department conduct an effective procurement process to achieve value for money?

11. The audit focused on the 2023 Bridging the Gap procurement process, including arrangements to support the procurement and whether value for money was achieved. It also examined whether the recommendations from Auditor-General Report No. 2 2020–21 and the JCPAA Report 492 were implemented.

12. The audit did not examine: water recovery initiatives for targets other than the 2,075 GL/y Bridging the Gap target; compliance with water trading rules in the Basin Plan; activities of related bodies such as the MDBA or state water regulatory authorities; or the socioeconomic impacts of water recovery on local communities, except to the extent considered by the department as part of the procurement process.

Conclusion

13. The department’s strategic procurement of water entitlements to meet the Bridging the Gap target under the Murray–Darling Basin Plan was largely effective. While the department conducted an effective procurement process and demonstrated how it assessed value for money in accordance with its value for money framework, it was not able to meet the intended policy objective of fully bridging the gap through the procurement process. The current evaluation framework requires revision to enable an accurate measurement of the program’s impact on intended policy objectives, including in the context of broader evaluation activities planned for the Basin Plan. Further improvements are being made for subsequent tender processes to incorporate lessons learned, increase efficiency, and ensure better management of probity risks.

14. The department has established largely appropriate arrangements to support strategic water procurement. There are appropriate procurement frameworks in place, including a Strategic Water Purchasing Framework developed specifically for the water purchasing program outlining the scope of the program and the investment principles that would underpin water purchasing. The department has established appropriate oversight mechanisms to oversee the program and is managing program and procurement risks. An evaluation framework to monitor, report on and evaluate the strategic water purchasing program has been established. The evaluation framework does not enable an accurate measurement of the program’s impact on intended policy objectives, and requires revision to ensure that outcomes are appropriately defined, including in the context of other evaluation activities planned for the Basin Plan.

15. The department established a value for money framework for the procurement, specifying the key factors that would inform its purchasing decisions. The department documented and demonstrated how it assessed value for money in each of the six SDL resource units in accordance with its value for money framework. The procurement was compliant with the Commonwealth Procurement Rules (CPRs), except in relation to minor errors in reporting contracts on AusTender. Negotiations were undertaken to maximise value for money outcomes, and revised value for money assessments were undertaken where negotiated prices differed from the delegate’s original approved figure. Relevant information and clear recommendations were provided to the delegate to enable them to make an informed procurement decision. The department provided sound advice to the minister on options to bridge the gap in the ACT and in SDL resource units with remaining gaps to bridge.

Supporting findings

Arrangements to support procurement

16. The department has established a procurement framework that aligns with the PGPA Act and the CPRs. This framework includes Accountable Authority Instructions providing guidance on the duties of officials when conducting a procurement, and departmental policies and guidance on key aspects of procurement. The department developed a Strategic Water Purchasing Framework specific to the water purchasing program, outlining the scope of the program and the investment principles that would underpin water purchasing. (See paragraphs 2.3 to 2.14)

17. The department has established appropriate oversight mechanisms for the water purchasing program, with clearly documented roles and responsibilities. The department is managing risks to the program and there is an appropriate level of oversight over program and procurement risks. (See paragraphs 2.15 to 2.52)

18. The department has established an evaluation framework to monitor, report on and evaluate the strategic water purchasing program. The evaluation framework is focussed on short- and medium-term program outputs and does not enable an accurate measurement of the program’s impact on intended policy objectives or link the program to evaluation activities planned for the Basin Plan. Monitoring and reporting arrangements have been established, and process improvements are being made following a lessons learned review of the 2023 Bridging the Gap procurement process. (See paragraphs 2.53 to 2.85)

Procurement process and value for money

19. The procurement process was compliant with the Commonwealth Procurement Rules (CPRs), except in relation to minor errors in reporting contracts on AusTender. The department complied with the requirements relating to procurement planning and approach to market, and the tender evaluation process was conducted in accordance with the tender evaluation plan. Management of conflicts of interest was impacted by deficiencies in the declaration process. Manual tender screening and assessment processes resulted in some process inefficiencies and errors that were later discovered and corrected. (See paragraphs 3.3 to 3.46)

20. The department established a value for money framework for the strategic water purchasing program, specifying the relevant financial and non-financial factors it would consider in assessing value for money. The Tender Evaluation Panel’s value for money assessments were conducted in accordance with the approved value for money framework, and its discussions and recommendations were clearly documented in the tender evaluation reports and briefs to the delegate. Of 57 tenders approved for negotiation, the department negotiated reduced prices for 33 tenders. Revised value for money assessments were undertaken where negotiated prices differed from the delegate’s original approved figure. All tenders that were accepted or counteroffered were those recommended to the delegate as representing value for money. (See paragraphs 3.47 to 3.82)

21. The advice provided to the delegate contained relevant information to enable them to make an informed procurement decision. The department provided sound advice to the minister on options to bridge the gap in the ACT, including on whether the ACT’s proposal would contribute to bridging the gap and achieve value for money, and on strategies to bridge the remaining gap following the conclusion of 2023 Bridging the Gap procurement process. (See paragraphs 3.83 to 3.107)

Recommendations

Summary of entity response

22. The proposed audit report was provided to the department. The department’s summary response to the audit is provided below and its full response is at Appendix 1.

The Department of Climate Change, Energy, the Environment and Water (the department) welcomes the ANAO’s audit report on the Strategic Water Purchasing – Bridging the Gap 2023 procurement. The department appreciates ANAO’s recognition that administration of the Strategic Water Purchasing program for the 2023 procurement process was largely effective, with appropriate procurement frameworks and oversight mechanisms in place to support an effective procurement process, undertaken in accordance with the value for money framework.

The department agrees with the ANAO’s two recommendations identified in the audit report. Implementation of the recommendations has already commenced. The department is committed to providing meaningful evaluation of the program outcomes and has commenced a review of the evaluation framework. The department has also implemented strengthened arrangements to improve the oversight of conflict-of-interest requirements for its water purchasing programs.

Background

1. The Bureau of Meteorology (the Bureau) is responsible for providing weather, water, climate, and ocean services for Australia. The Bureau’s weather forecasts, warnings, and analyses support decision-making by governments, industry, and the community. Australian sectors that are supported by timely and accurate weather services include emergency management, agriculture, aviation, land and marine transport, energy and resources operations, climate policy, water management, defence and foreign affairs.¹

2. The Bureau is established by the Meteorology Act 1955 (Meteorology Act). Since 2002, it is an Executive Agency under the Public Service Act 1999. The Director of Meteorology has the powers and responsibilities of an accountable authority under the Public Governance, Performance and Accountability Act 2013. The Bureau’s accountable authority reports to the minister or ministers responsible for administering the Meteorology Act and the Water Act 2007 (Water Act). Since June 2022, the Director of Meteorology has reported to the Minister for the Environment and Water.

3. The Meteorology Act and the Water Act define the Bureau’s functions and the powers of the Director of Meteorology. Broadly, these are to:

• take and record meteorological observations and supply information such as forecasts, warnings, and advice on meteorological matters²; and
• collect, hold, manage, interpret, and disseminate Australia’s water information.³

Rationale for undertaking the audit

4. The Bureau manages more than $1.3 billion in non-financial assets. The Bureau estimates that observing network assets including observing network instruments and other items and systems that support the instruments’ proper functioning make up approximately 28 per cent of the Bureau’s total asset base.

5. Effective management of assets in the observing network is fundamental to the Bureau’s ability to provide services to the community. Meteorological instruments are highly specialised, geographically dispersed, and can require significant levels of investment to purchase, maintain, and repair to effectively support weather and climate forecasting, warnings, and research.

6. The audit was conducted to provide assurance to the Parliament over the Bureau’s management of assets in its observing network.

Audit objective and criteria

7. The objective of the audit was to assess whether the Bureau of Meteorology is effectively managing assets in its observing network.

8. To form a conclusion against the objective, the following high-level criteria were applied.

• Does the Bureau of Meteorology have effective frameworks and systems governing assets in its observing network?
• Does the Bureau of Meteorology have appropriate arrangements to manage the lifecycle of assets in its observing network?
• Does the Bureau of Meteorology effectively monitor, measure, and report on its management of assets in its observing network?

9. This audit focused on the Bureau’s assets in its observing network including operational maintenance practices and records, and relevant plans, policies, and frameworks for managing assets that take observations. The ANAO reviewed the Bureau’s activities from 2018 to October 2024.

10. This audit did not assess:

• the accuracy or security of the measurements taken by the Bureau’s observing network meteorological instruments;
• the quality or accuracy of the Bureau’s forecasting in the delivery of general and extreme weather services, including the ‘downstream’ processing of data and the models used to develop and inform forecasting;
• the quality or accuracy of the Bureau’s maintenance of the climate record;
• supporting infrastructure systems and items, such as air-conditioners, fencing, and small buildings;
• the procurement of observing network assets where the procurement represented expenditure other than operational maintenance; or
• the Bureau’s provision of services to the Department of Defence and related stakeholders for civil defence exercises and operations.

Conclusion

11. The Bureau is partly effective in managing assets in its observing network. The Bureau has been implementing an asset management framework and supporting elements since 2020 however the asset management framework is not fully implemented. While the Bureau has continued to deliver weather services, key areas for further improvement include reviewing asset management planning documents, establishing medium to long term financial planning arrangements to support long term strategic planning, and establishing and embedding more extensive monitoring and reporting arrangements.

12. The frameworks and systems governing the Bureau’s management of assets in its observing network are partly effective. Not all policies and plans have been completed, reviewed, and embedded as planned. The Bureau has not reviewed or updated the Strategic Asset Management Plan to reflect its current practices and does not have a financial forecast for asset intensive areas to enable long term strategic planning. Roles and responsibilities are clearly identified. The Bureau’s Enterprise Asset Management System is in place and largely being used as planned. Development of asset management processes and training pathways is not complete.

13. The Bureau’s arrangements to manage the lifecycle of assets in its observing network are partly appropriate. The Bureau’s asset management plans include lifecycle management activities and related cost estimates. The Bureau’s budget planning process for 2024–25 did not incorporate the predicted costs presented in the asset management plans. All types of maintenance are recorded in the Bureau’s Enterprise Asset Management System and triaged based on priority. The Bureau’s asset management plans include outcomes to report against, however target and actual performance levels are not complete. The Bureau’s guidance surrounding disposals is not complete. The Bureau’s Fixed Asset Register and Enterprise Asset Management System each record assets and disposals differently and the Bureau does not have guidance to ensure records are aligned.

14. The Bureau’s monitoring, measuring, and reporting on assets in its observing network is partly effective. Information on observing network asset data availability is being recorded in Bureau systems and reported to established governance bodies. The Bureau is not reporting against the achievement of sustainability funding commitments. Three of the Bureau’s newly developed observing network performance measures report whether risks have eventuated and two report whether risk controls are being implemented. Since November 2020, the Bureau has been reporting against out-of-tolerance risks relating to ‘unviable’ asset capabilities. Monitoring and reporting is not being undertaken to regularly review asset management maturity, as proposed in the Strategic Asset Management Plan.

Supporting findings

Governance and planning

15. The Bureau has developed an Enterprise Asset Management Policy and a Strategic Asset Management Plan. The Bureau has not reviewed or updated the Strategic Asset Management Plan in the required timeframes. The Enterprise Asset Financial Overview has not been implemented, and the Bureau does not have a financial forecast for ongoing and capital funding requirements for asset intensive areas to enable long term strategic planning. (See paragraphs 2.3 to 2.30)

16. The Bureau has established governance bodies that support asset management. The Bureau has established asset management roles identified as needed in the Strategic Asset Management Plan. Responsibility and accountability for asset lifecycle management is defined. Maintenance and operations responsibilities of each observing network sub-network are documented in asset management plans. (See paragraphs 2.31 to 2.45)

17. The Bureau’s procedures and systems to support the management of assets are incomplete. The Bureau’s Enterprise Asset Management System is in place and largely being used as originally planned. The Bureau does not have a plan to develop all asset management processes identified as necessary in 2022. Development is not complete for training and competency frameworks for three sub-networks and two asset classes. (See paragraphs 2.46 to 2.84)

Asset lifecycle

18. The Bureau’s asset management plans include a section on lifecycle strategies, which describes the types of activities to be undertaken within each sub-network across the lifecycle, and a five- or ten-year investment profile that includes cost estimates and key activities. The Bureau’s budget planning process for 2024–25 did not incorporate the predicted costs presented in the asset management plans. Planning for renewal and disposal is not complete for all asset management plans. (See paragraphs 3.3 to 3.37)

19. All types of maintenance are structured through work orders in the Bureau’s Enterprise Asset Management System. Maintenance tasks are assigned priorities and triaged in accordance with these. For each sub-network, between 52 per cent and 79 per cent of target preventative maintenance work orders were achieved in 2023–24. The outcomes to measure performance throughout the 11 sub-networks are not complete. (See paragraphs 3.38 to 3.69)

20. The Bureau has established policies and procedural guidance that acknowledge the necessity of disposal. This guidance is not complete as there is no guidance to support operational decision-making about when disposal is appropriate. The Bureau’s Fixed Asset Register and Enterprise Asset Management System each record assets and disposals differently. The Bureau does not have a process or guidance to ensure records are aligned between the two systems. (See paragraphs 3.70 to 3.83)

Monitoring and reporting

21. The Bureau’s performance measurement strategy measures the output of the observing network through information on observing network asset data availability. This supports reporting on the achievement of corporate outcomes identified in the Bureau Strategy 2022–2027 and Data and Digital Group Plan. The Bureau is not reporting against the achievement of sustainability funding commitments. Without a strategy for investment in asset maintenance and monitoring and reporting of the impacts of investment, the Bureau cannot know whether investment is effective. (See paragraphs 4.2 to 4.23)

22. The key performance indicator for observing network assets is data availability which is based on the risk of weather information not being available to stakeholders. Three of the Bureau’s newly developed observing network performance measures report whether risks have eventuated and two provide insight into whether risk controls are available and being implemented. Since November 2020, the Bureau has been reporting against out-of-tolerance risks relating to ‘unviable’ asset capabilities. The addition and completion of treatment plans and controls has not reduced the reported risk level. (See paragraphs 4.24 to 4.58)

23. The Bureau has identified corrective actions to take against assets or the asset management approach when observing network asset performance monitoring targets are not met. Monitoring and reporting is not being undertaken to regularly review asset management maturity, as proposed in the Strategic Asset Management Plan. The Bureau has not addressed the risks identified within internal audit recommendations. (See paragraphs 4.59 to 4.76)

Recommendations

Summary of entity response

24. The proposed audit report was provided to the Bureau. The Bureau’s summary response is reproduced below. The full response from the Bureau is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Thank you for providing the Australian National Audit Office’s report on the Bureau of Meteorology’s Management of Assets in its Observing Network.

The observing network, consisting of almost 15,000 individual assets, distributed across Australia and its territories, is one of the nation’s largest and most complex data gathering endeavours. The meteorological information gathered by the observing assets, 24 hours a day every day of the year, consists of observations of the atmosphere, space weather, terrestrial waterways and oceans.

Together, they form the information base which is vital for the provision of public weather services, the specialist needs of industry and national security, the integrity of the national climate record, and Australia’s contribution to international meteorological data and science.

I recognise the Bureau’s significant reforms and investment in the observing capabilities over the last decade, including improvements to logistics and maintenance practices through automation of manual observations and new observations maintenance hubs, the introduction of consistent asset management and technology competency and training frameworks, and the recent implementation of a new enterprise asset management system.

The Bureau agrees with the ANAO’s recommendations as further contributions to the maturity of its observing network asset management and operations, and commits to relevant actions.

Background

1. The Pharmaceutical Benefits Scheme (PBS) is an Australian Government scheme that subsidises the cost of a wide range of medicines for Australian residents and eligible overseas visitors. The PBS is enabled by the National Health Act 1953 (NHA) which regulates the listing, prescribing, pricing, charging and payment of subsidies for the supply of medicines and medicinal preparations as pharmaceutical benefits. The PBS Schedule, made under the National Health (Listing of Pharmaceutical Benefits) Instrument 2024, lists medicines subsidised under the PBS and outlines requirements for the provision of these medicines.

2. The objective of the PBS is to provide Australians with timely, reliable and affordable access to necessary and cost-effective medicines. The Department of Health and Aged Care (Health) is responsible for PBS policy and has a bilateral agreement with Services Australia to deliver PBS-related services and payments.

Rationale for undertaking the audit

3. The PBS is intended to ensure that Australians have timely, reliable and affordable access to medicines. The budgeted expenditure for the PBS for the 2024–25 financial year is $19.5 billion. This performance audit was conducted to provide assurance to Parliament that the PBS is being administered effectively.

Audit objective and criteria

4. The objective of the audit was to assess the effectiveness of the administration of the PBS.

5. To form a conclusion against the audit objective, the following high-level criteria were adopted:

• Has Health established appropriate governance and oversight arrangements for the PBS?
• Has Health established appropriate arrangements to manage the cost of the PBS?
• Have Health and Services Australia established effective arrangements to manage the delivery of PBS services and payments?

Conclusion

6. Health’s and Services Australia’s administration of the PBS is partly effective. While arrangements for managing the cost of the PBS are largely effective, there were deficiencies in arrangements for whole-of-program management and administering the delivery of PBS services and payments.

7. Health’s governance and oversight arrangements for the PBS are partly appropriate. Instruments for delegating statutory powers for administering the PBS have irregularities and anomalies. Health’s PBS Program Management Plan could be improved by including more detail on Health’s management arrangements for the PBS. Health has a largely appropriate bilateral arrangement with Services Australia to oversee its delivery of PBS services and payments. Health’s performance measurement framework for the PBS does not adequately measure and report on program outcomes. Health’s risk management focuses on shared administration risks with Services Australia and has not considered broader strategic risks to the PBS. While mechanisms are in place for stakeholder engagement on the PBS, Health has not conducted an analysis of stakeholder engagement needs or developed an overarching stakeholder engagement plan.

8. Health’s arrangements to manage the cost of the PBS are largely appropriate. Arrangements were in place to assess the cost-effectiveness of individual PBS medicines and manage the cost of listed medicines. Arrangements have been established to manage pharmacy remuneration through successive Community Pharmacy Agreements (CPAs), negotiated with the pharmacy industry, which Health supported through impact analysis for the eighth CPA signed in June 2024. Health has established processes for managing patient out-of-pocket costs and monitoring and forecasting the overall cost of the PBS. Health has not established arrangements to automate patient access to the Safety Net or engaged in horizon scanning analysis to anticipate potential future costs of new and novel medicines.

9. Health and Services Australia’s arrangements to manage the delivery of PBS services and payments are partly effective. Processes and systems for PBS claims processing are not fully effective at ensuring that legislative requirements for PBS claims are met, as Services Australia is not ensuring that PBS suppliers certify claims in accordance with legislative timeframes. While payment integrity is reviewed, it is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly met. The results are not included in Services Australia’s Annual Performance Statement. The provision of authority approvals is based on an automated system. There were differences in approval rates between authority applications made online and by phone, and Services Australia’s performance target for reporting on answering authority calls in its Annual Performance Statements does not align with the performance target agreed with Health in bilateral agreements. PBS Safety Net card claims and patient refunds are reliant on manual processes and timeliness performance measures have not been consistently met.

Supporting findings

Governance and oversight

10. Instruments that delegate powers and functions for administering the PBS have irregularities and anomalies. While Health has developed a Program Management Plan for the PBS, it does not adequately cover arrangements for managing PBS costs, stakeholder engagement and whole-of-program performance measurement. Health’s support to independent statutory bodies with responsibilities for the PBS could be improved by developing governance documentation for the Pharmaceutical Benefits Advisory Committee. (See paragraphs 2.3 to 2.24)

11. Health and Services Australia have established a Bilateral Management Arrangement, which includes bilateral agreements and bilateral governance arrangements that relate to the delivery of PBS services and payments.

• PBS-related program agreements were fit for purpose, with clear objectives and defined roles and responsibilities. All protocols supporting the bilateral arrangement were reviewed and updated between November 2023 and September 2024.
• While bilateral governance meetings have not occurred at the most senior levels, there has been regular engagement between the two entities at lower levels. Governance committees relevant to the PBS began considering risk, performance reporting, and updates to bilateral agreements in late 2023. (See paragraphs 2.25 to 2.35)

12. Health has one external performance measure for the PBS, which is not outcome focused and does not provide meaningful performance information to the Parliament or the public. Health receives monthly reporting from Services Australia on bilateral performance measures. It has not used this data to oversee Services Australia’s service delivery. Health does not provide any regular performance reporting on the PBS to the minister or its executive committee. (See paragraphs 2.36 to 2.54)

13. Health has not undertaken appropriate risk assessments or developed appropriate risk management plans for the PBS at the divisional or program level. Its risk assessments and plans do not adequately cover key program activities for which Health is responsible. Health’s shared risk management plan with Services Australia covers risks relating to the services and payments Services Australia delivers for the PBS. From late 2023, bilateral governance bodies began discussing operational risks relevant to the PBS. (See paragraphs 2.55 to 2.69)

14. Health’s arrangements for stakeholder engagement for the PBS include the provision of information through websites, invitation of written submissions from stakeholders on specific PBS issues, agreement-making with industry bodies, and hosting regular stakeholder engagement forums. These arrangements have not been informed by a systematic analysis of stakeholder engagement needs or an overarching stakeholder engagement plan or strategy. (See paragraphs 2.70 to 2.83)

Managing the cost of the PBS

15. Arrangements for assessing medicine cost-effectiveness outlined in the Guidelines for preparing submissions to the Pharmaceutical Benefits Advisory Committee have been followed. Health has complied with administrative procedures for listing medicines on the Schedule and agreeing medicine prices with sponsors. Health has negotiated deeds of agreement with medicine sponsors (covering special pricing arrangements and risk-sharing agreements) to minimise the cost of PBS medicines to government. Statutory price reductions are in place to decrease the cost of listed medicines. Medicines are delisted from the Schedule by medicine sponsors with no regular delisting process performed by Health. (See paragraphs 3.3 to 3.53)

16. The Australian Government has negotiated Community Pharmacy Agreements (CPAs) with the pharmacy sector to determine pharmacy remuneration for dispensing PBS medicines since 1990. CPAs offer flexibility to include terms such as the remuneration adjustment mechanism to mitigate unexpected expenditure for the Australian Government. The choice to negotiate a CPA rather than allowing remuneration to be set by an independent tribunal was not supported by adequate impact analysis for the seventh CPA. Health prepared an Impact Analysis for the eighth CPA, signed in June 2024, which supported continuation of pharmacy remuneration setting through a CPA. (See paragraphs 3.54 to 3.74)

17. Health has used monitoring data to model the impact of proposed changes to patient co-payment amounts and Safety Net thresholds on patient out-of-pocket costs. Based on this modelling, Health has provided advice to government on proposals to help patients achieve greater cost-savings through these mechanisms. Health has not established arrangements to automatically determine eligibility for the Safety Net. Health has estimated that 640,000 patients become eligible for the Safety Net each year but do not apply, foregoing $100 million in medicine subsidies. (See paragraphs 3.75 to 3.95)

18. Health has established arrangements for modelling the overall cost of the PBS and the impact of new medicine listings, and it provides advice to the government and Parliament through the annual Budget processes.

• Health has established a system to model PBS expenditure based on the current legislative requirements, which it uses to model the impact of new and amended medicine listings.
• Reporting on PBS expenditure is available through an annual report and reporting on Services Australia’s website.
• Health has not performed horizon scanning analysis to forecast PBS expenditure and identify potential policy changes. (See paragraphs 3.96 to 3.113)

Delivery of services and payments

19. Almost all claims (99.9 per cent) made by PBS suppliers are submitted through Services Australia’s Online Claiming for PBS system, which automatically assesses claims against legislative rules before processing advance payments. Due to an absence of controls to ensure advance payments to PBS suppliers are certified within statutory timeframes, over one-third of approved PBS suppliers have uncertified claims totalling $1.514 billion (as at 30 June 2024). Payment integrity is reviewed but is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly reported as met, but it is not included in public reporting. (See paragraphs 4.3 to 4.30)

20. A system to manage authority-required approvals has been established that is consistent with Health and Services Australia’s respective responsibilities under the PBS bilateral agreement. There are differences in approval rates depending on the method used by an applicant to apply for an authority. Reported results for the timeliness of authority approvals against performance measures set out in bilateral arrangements have largely not met targets. Services Australia reports in its Annual Performance Statement on the achievement of a performance measure target of answering authority calls within 15 minutes. This does not align with the target of answering authority calls, on average, in less than 30 seconds. (See paragraphs 4.31 to 4.52)

21. Services Australia has established processes and systems to manage PBS Safety Net and patient refunds. Both systems are reliant on paper-based application forms which are submitted by post and manually processed by Services Australia. The reliance on manual processing means that performance is sensitive to staffing numbers, which has meant timeliness performance measures have not been consistently met. Services Australia’s quality checking process for Safety Net claims does not provide accurate data on the reasons for rejecting Safety Net card applications to inform education or compliance activities. (See paragraphs 4.55 to 4.78)

Recommendations

Summary of entity responses

22. The proposed audit report was provided to Health and Services Australia. The entities’ summary responses are provided below, and their full responses are included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Department of Health and Aged Care

The Department of Health and Aged Care (the Department) welcomes the findings in the report. The Department notes the overall finding by the ANAO that the Department’s and Services Australia’s administration of the Pharmaceutical Benefits Scheme (PBS) is partly effective. The Department is committed to working towards implementing the recommendations in the report as a priority and is already taking steps to address key findings identified in the audit. The Department has also commenced engagement with its partner agency, Services Australia, to address key recommendations in relation to the delivery of the PBS payment arrangement.

The ANAO found that the department has largely appropriate arrangements to manage the cost of the PBS. The Department welcomes the finding that appropriate arrangements have been established for managing patient out-of-pocket costs for Australians and monitoring the overall cost of the PBS. The Department acknowledges the findings that arrangements have been implemented to assess and manage the cost of listed medicines and to manage pharmacy remuneration through successive Community Pharmacy Agreements, and that the bilateral arrangements with Services Australia to oversee delivery of Pharmaceutical Benefits Scheme services and payments are also largely appropriate.

Services Australia

Services Australia (the Agency) notes the findings of the report that the Agency’s arrangements to manage the delivery of the PBS services and payments are partly effective, having regard to certification of claims, reporting differences at the bilateral level compared to Annual Performance Statements, delegation instruments and PBS Safety Net.

The Agency welcomes the findings of the report and is committed to delivering the payments and services related to the PBS, which subsidises the cost of medicines for Australian residents and eligible overseas visitors. The Agency administers the PBS in accordance with the policy and legislation for which the Department of Health and Aged Care (Health) has responsibility. The Agency continues to work with Health to address the issue of uncertified claims and changes to delegation instruments in addition to expanding the work types to include PBS in its Annual Performance Statements for 2024-25.

The Agency agrees with the finding that the performance targets for answering authority calls is different for bilateral agreement and Annual Performance Statement purposes. Due to the expansive nature of the services it provides, reporting is done on a tiered basis for different purposes. The Agency continues to focus on reducing reliance on the PBS Authorities telephone line and increasing digital PBS authorities.

Background

1. Tourism Australia (TA) was established in 2004 under the Tourism Australia Act 2004 (TA Act). Its corporate plan states that its purpose is to ‘grow demand to enable a competitive and sustainable Australian tourism industry’.¹ The accountable authority for TA is the Board of Directors. TA reports having around 220 staff.

2. TA is a corporate Commonwealth entity within the Foreign Affairs and Trade portfolio. It is subject to the Commonwealth Procurement Rules (CPRs) issued by the Minister for Finance under section 105B of the Public Governance, Performance and Accountability Act 2013.

3. According to its audited financial statements, payments to suppliers represented 74 per cent of TA’s total expenses in 2023–24. Of its total budgeted expenses for 2024–25, 73 per cent were attributable to supplier expenses. As at 30 June 2024, TA had reported 55 contracts on AusTender with a start date falling within the last three financial years, valued at $265.6 million (including contract amendments).

Rationale for undertaking the audit

4. Noting that nearly three-quarters of organisational expenses relate to contracting suppliers, this audit provides assurance to the Parliament over the effectiveness of TA’s procurement and contract management activities.

Audit objective and criteria

5. The audit objective was to assess whether TA’s procurement and contract management activities are complying with the CPRs and demonstrating the achievement of value for money.

6. To form a conclusion against the objective, the following high-level criteria were applied:

• Do the procurement processes demonstrate the achievement of value for money?
• Are the contracts being managed appropriately to achieve the objectives of the procurement?

Conclusion

7. TA’s procurement and contract management activities are not effective in complying with the CPRs and demonstrating the achievement of value for money.

8. TA’s procurement processes have not demonstrated the achievement of value for money. TA makes insufficient use of open and competitive procurement processes, with 70 per cent of the 33 procurements examined in detail by the ANAO not involving open competition. An appropriate procurement policy framework is not in place and TA’s conduct of procurement activities regularly fails to adhere to requirements under the CPRs such as:

• including evaluation criteria in request documentation and using those criteria to select the candidate that represents the best value for money;
• acting ethically including fair treatment of suppliers and through the declaration and management of any conflicts of interest²; and
• maintaining appropriate records commensurate with the scale, scope and risk of the procurement.

9. TA has not effectively managed contracts to achieve the objectives of the procurement. In relation to the 33 contracts examined in detail by the ANAO:

• none had a contract management plan, including some high-risk and high-value arrangements;
• for more than half (55 per cent), TA had not included clear performance requirements in the contract. There were also shortcomings in TA’s monitoring of contractor performance across the sample examined by the ANAO;
• contract variations are common, with 33 per cent of contracts examined by the ANAO being varied. None of the variations had records created and retained by TA that demonstrated that the variation represented value for money; and
• invoicing and payments for 64 per cent did not adhere to the contracts and/or requirements under TA’s policies.

10. TA has also not been meeting its AusTender reporting requirements.

Supporting findings

Procurement processes

11. An appropriate procurement policy framework is not in place. The two versions of the Procurement Policy in place for the period covered by this ANAO performance audit do not fully reflect, or address, the principles, prescriptive requirements and mandatory rules set out in the CPRs. (See paragraphs 2.2 to 2.19)

12. Based on TA’s AusTender reporting, the majority (62 per cent) of procurements valued at or above the $400,000 threshold set by the CPRs did not involve open approaches to the market. (See paragraphs 2.23 to 2.39)

13. A competitive procurement approach was evident in the establishment of 55 per cent of the contracts examined by the ANAO. For 36 per cent of the contracts, a non-competitive approach was taken and in nine per cent there were insufficient records maintained to evidence the procurement approach taken by TA. For 10 of the procurements (30 per cent) examined by the ANAO, it was evident from the evaluation records that TA had favoured existing or previous suppliers when evaluating competing offers through panel procurement or when deciding which potential provider(s) should be invited to participate in a limited tender. Favouring existing or previous suppliers in the conduct of procurement processes is inconsistent with the CPRs. (See paragraphs 2.40 to 2.63)

14. Relevant evaluation criteria were included in request documentation for 52 per cent of the contracts examined in detail by the ANAO. For the remaining 48 per cent, either the request documentation did not include any evaluation criteria (12 per cent) or there were no records of the request documentation on file (36 per cent). This situation is not consistent with the CPRs which require evaluation criteria to be included in the request documentation. (See paragraphs 2.67 to 2.69)

15. Just over half of the contracts examined by the ANAO were awarded to the candidate where records demonstrated that it had been assessed by TA to offer the best value for money. For the remaining 48 per cent of contracts where value for money outcomes had not been demonstrated, this was primarily the result of insufficient analysis being presented commensurate with the scale of the procurement, or insufficient documentation being maintained. (See paragraphs 2.72 to 2.83)

16. TA had not conducted procurements to a consistent ethical standard as required under the CPRs. Of note was that:

• conflict of interest declarations were not completed by all evaluation team members in four per cent of the contracts examined where there was sufficient documentation on file;
• for eight per cent of the contracts where advisers were appointed to assist with the procurement process, TA’s records did not include a complete list of the individuals involved; and
• the procurements of external probity advisers were deficient in relation to how those advisers were engaged as well as the limited scope of probity services obtained by TA. (See paragraphs 2.86 to 2.110)

17. TA did not maintain appropriate records commensurate with the scale, scope and risk of the procurement (which is what the CPRs require). Forty-eight per cent of contracts examined by the ANAO were missing one or more important documents. In addition, for those contracts where adequate records were available, more than half of the contracts involved work commencing before a contract was in place. (See paragraphs 2.113 to 2.132)

Contract management

18. TA’s reporting of contracts on AusTender was not compliant with the CPRs. TA accurately reported 19 per cent of the relevant contracts examined in detail by the ANAO within the required timeframe. Key information on contract values and contract start and end dates have been reported inaccurately with contract amendments usually not reported at all. (See paragraphs 3.2 to 3.17)

19. An appropriate contract management framework is not in place. None of the 33 contracts examined by the ANAO had a contract management plan and none had a risk management plan. This included a five-year $311.3 million contract that relates to a key element of TA’s marketing efforts. (See paragraphs 3.18 to 3.32)

20. Less than half (45 per cent) of the contracts examined by the ANAO included clear performance requirements. Methods for monitoring performance were included for 79 per cent of contracts examined, including a number of contracts where performance requirements had not been specified (that is the monitoring arrangements, such as reporting and/or progress meetings, were not against a clear performance requirement). Further, TA has not consistently adhered to the performance framework set out in the contracts and it was common for there to be gaps in the records to evidence the contract management activities undertaken that TA was paying for. (See paragraphs 3.33 to 3.40)

21. For the procurements examined by the ANAO, TA has not consistently managed contracts effectively to deliver against the objectives of the procurements and to achieve value for money.

• Of the 33 contracts examined by the ANAO, 11 (33 per cent) had records of at least one variation being executed. None of the variations had supporting evidence of records to the delegate documenting the decision-making process and demonstrating that the variation represented value for money. Some variations have significantly increased the value of the contract (by up to 105 per cent) and retrospectively added additional services already delivered and/or paid for. There have also been instances of contracts continuing to operate past their stated completion date without being varied.
• Invoicing and payments under 21 of the 33 contracts examined by the ANAO did not adhere to the contracts and/or requirements under TA’s policies. This has included instances of full payments being made before final deliverables under the contract are received and payments exceeding the contracted amount. (See paragraphs 3.41 to 3.51)

Recommendations