Background

1. The NDIS Quality and Safeguards Commission (NDIS Commission, or Commission) began operating on 1 July 2018. The powers and functions of the NDIS Quality and Safeguards Commissioner (NDIS Commissioner, or Commissioner), as regulator of the National Disability Insurance Scheme (NDIS) are set out in the National Disability Insurance Scheme Act 2013 (NDIS Act). The NDIS Commission regulates registered and unregistered NDIS providers (as defined in section 9 of the NDIS Act) and workers to improve the quality and safety of NDIS services and advance the human rights of people with disability.

2. The NDIS Commissioner’s core functions (set out in section 181E of the NDIS Act) include to secure compliance with the NDIS Act through effective compliance and enforcement; to engage in, promote and coordinate information sharing to achieve the NDIS Act’s objectives; and to provide NDIS market oversight by monitoring and mitigating market-related risks. The NDIS Act also sets out the Commissioner’s functions relating to provider registration and reportable incidents (section 181F); complaints management (section 181G); behaviour support oversight (section 181H); and establishing, operating and maintaining a worker screening database (section 181Y).

Rationale for undertaking the audit

3. The NDIS Commission is the regulator for the NDIS. The NDIS provides funding to a large number of participants — as at 30 June 2025 there were 739,414 NDIS participants with approved plans.¹ The NDIS also forms a significant portion of government spending, with total scheme payments of $46.3 billion in 2024–25.² The NDIS operating environment has been subject to a number of reviews in recent years, which have made a range of recommendations including seeking improvements in information sharing, provider registration, restrictive practices, complaints handling and compliance and enforcement arrangements. This audit provides independent assurance to Parliament over whether the NDIS Commission is effectively exercising its regulatory functions.

Audit objective and criteria

4. The objective of the audit was to assess the effectiveness of the NDIS Commission in exercising its regulatory functions.

5. To form a conclusion against the objective, the following criteria were adopted:

• Does the NDIS Commission have effective intelligence gathering and information sharing arrangements in place?
• Has the NDIS Commission developed a risk-based strategy to guide regulatory decision-making?
• Has the NDIS Commission effectively implemented risk responsive and proportionate monitoring, compliance and enforcement activities?

Conclusion

6. The NDIS Commission is partly effective in exercising its regulatory functions. The Commission does not have full visibility of the market it regulates. From 2023–24 to 2024–25 the total number of active providers grew by 25 per cent, with active registered providers and active unregistered providers growing by 15 per cent and 26 per cent respectively.³ In regulating a market that is expected to see continued growth in the number of participants and providers, the Commission’s effectiveness as a regulator would be improved by taking a risk-based approach to regulating the NDIS that is underpinned by quality data, and targets available resources to areas of greatest risk.

7. The NDIS Commission has partly effective intelligence gathering and information sharing arrangements in place. The Commission has established policies relating to information management and the management of personal information. The effectiveness of the Commission’s collection, correlation and analysis of intelligence has been impacted by limitations of the Commission Operating System (COS). The Commission engages with the disability sector and has documented arrangements to support information sharing with some government entities. These arrangements are not complete and are under review. The Commission does not have processes to ensure information disclosures meet legislative requirements.

8. Regulatory decision-making is not guided by a risk-based strategy. Since commencing operations in 2018 and becoming a national operation in 2021, the Commission has not established a framework for assessing, prioritising and managing risks of provider non-compliance. In the absence of a regulatory risk framework and assessment of regulatory risks, the Commission’s overarching compliance and enforcement approach and regulatory decision-making has not been informed by risk.

9. The Commission has implemented a range of compliance activities. It has not effectively implemented risk responsive and proportionate monitoring, compliance and enforcement activities. The Commission does not have oversight of all the NDIS providers delivering services in the market as there is no requirement for all providers to be registered. In the fourth quarter of 2024–25, 94 per cent of active providers were unregistered and received 42 per cent of plan managed NDIS payments.

• The Commission’s arrangements to monitor the market and provider compliance did not include arrangements to monitor and mitigate the risks of unplanned service withdrawal — a core function of the NDIS Commissioner under the National Disability Insurance Scheme Act 2013 (NDIS Act).
• The Commission undertook 9,520 compliance actions in 2022–23; increasing 3.73 times in 2023–24 to 35,519 compliance actions. Additionally, the Commission has seen large growth in the number of complaints received from 16,305 in 2022–23 to 29,054 in 2023–24. The NDIS Commission does not have quality assurance processes for compliance activities. In the absence of a quality assurance program the Commission is not able to assess its effectiveness in detecting and addressing non-compliance.
• The NDIS Commission had arrangements for executive oversight of annual performance although these were not fully executed. The Commission has developed a Planning and Performance Framework, but this does not address government expectations for regulators. Data reported in the Commission’s quarterly performance reports could not be reconciled with the data reported in the Commission’s 2023–24 Annual Performance Statements.

Supporting findings

Information gathering and sharing arrangements

10. The NDIS Commission has policies that set out its information management and privacy obligations in accordance with the Archives Act 1983 and the Australian Privacy Principles. The Commission has systems for storing, correlating and analysing information. These had not been sufficiently documented in accordance with the Commission’s Information Management Policy. COS has capability limitations and was assessed by the Commission as being non-compliant with Australian Government record keeping and metadata requirements. The Commission has conducted a range of activities to analyse information and intelligence gathered. A strategic framework or formalised processes have not been established for its analysis activities. The Commission has developed a data quality framework. The Commission has not implemented arrangements for assurance over the quality, accuracy, and completeness of the information held by the Commission. (See paragraphs 2.3 to 2.31)

11. The NDIS Commission has arrangements to share information with Australian Government entities, including the National Disability Insurance Agency (NDIA), and state and territory government entities. Documentation supporting these arrangements is not complete. The disclosure record for information shared does not meet the requirements of the National Disability Insurance Scheme Rules 2018. The NDIS Commission shares information and seeks feedback from the disability sector through stakeholder engagement committees and undertakes a range of activities to assist voluntary compliance. The NDIS Commission undertook stakeholder sentiment surveys in 2023 and 2024 to assist in assessing whether the activities of the Commission were meeting the needs of the sector. Responses to the 2024 survey indicated 24 per cent of respondents trusted the Commission ‘a lot’ or ‘completely’ to provide support if there are issues with NDIS services. Forty per cent of respondents ‘moderately’ trusted the Commission; and 18 per cent trusted the Commission ‘a little’ to provide this support. (See paragraphs 2.32 to 2.60)

Risk-based approach to regulatory decision-making

12. The Minister for the NDIS issued a Statement of Expectations to the NDIS Commissioner on 20 December 2022 and the NDIS Commissioner responded with a Statement of Intent dated March 2023. The NDIS Commission has not sought a new Statement of Expectations consistent with government expectations of regulators. The Commission published annual compliance priorities for 2019–20 to 2021–22, 2023–24 and 2024–25. The compliance priorities are not risk-based or informed by data and the Commission has not established arrangements to address or report on specific priorities. The Commission has an overarching approach to compliance and enforcement through the Regulatory Approach, Operating Model and Compliance and Enforcement Policy. These are not informed by risk. (See paragraphs 3.2 to 3.28)

13. The NDIS Commission has not implemented a framework for assessing and managing regulatory risk. In its Corporate Plans for 2023–24 and 2024–25, the NDIS Commission reported on the management of two enterprise risks relating to provider non-compliance and participant harm. The Commission assessed these risks under the Enterprise Risk Management Framework, which was designed to assess and manage the Commission’s operational risks. In August 2024, the NDIS Commission updated the Regulatory Approach with five risk priorities that create an unacceptable risk of harm for participants if not addressed. After these priorities were endorsed the Commission continued to have no overarching strategic approach to regulatory risk. (See paragraphs 3.29 to 3.45)

Monitoring, compliance, and enforcement

14. Compliance monitoring activities were not carried out under a risk-based strategy or work program. The Commission has not established or documented an approach to monitoring and mitigating the risks of unplanned service withdrawals — a core function of the NDIS Commissioner under the NDIS Act. (See paragraphs 4.3 to 4.34)

15. The NDIS Commission has established arrangements to detect and address non-compliance but does not have overarching procedural guidance for the end-to-end management of compliance matters. The Commission does not have quality assurance processes for compliance activities, including investigations. In the absence of quality assurance processes and up-to-date policies the Commission is unable to assesses its effectiveness in detecting and addressing non-compliance. (See paragraphs 4.35 to 4.64)

16. Arrangements were in place, but were not fully executed, for NDIS Commission senior executive oversight and the Audit and Risk Committee review of annual performance. Prior to March 2024, the NDIS Commission did not have a standardised framework to support Annual Performance Statement obligations. The Planning and Performance Framework does not address government expectations for regulators. Data reported in the NDIS Commission’s quarterly reports does not reconcile with the 2023–24 Annual Performance Statements. (See paragraphs 4.65 to 4.101)

Recommendations

Summary of entity response

17. The proposed audit report was provided to the NDIS Commission. The NDIS Commission’s summary response is reproduced below, and its full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

The NDIS Quality and Safeguards Commission (NDIS Commission) appreciates the work of the ANAO in assessing the Commission’s regulatory functions. The NDIS Commission is committed to improving its existing processes and becoming a formidable human rights regulator that applies an intelligence led risk-based, approach to its meet legislated outcomes.

The NDIS Commission acknowledges the findings of the report and agrees to action all recommendations and opportunities for improvement. The NDIS Commission has designed and is delivering a Data and Regulatory Transformation (DART) program that will provide access to reliable data and improve visibility of the market to support intelligence led risk-based regulation in alignment with ANAO report recommendations.

The NDIS Commission has taken steps to improve its regulatory processes through establishing a Risk-Based Regulation Prioritisation Model (the Model). The Model will provide a consistent approach to assessing risk and prioritising compliance activities. The NDIS Commission is applying a phased approach to implementation of the Risk-Based Regulation Prioritisation Model with its full roll out in October 2025.

The NDIS Commission will prioritise the establishment of a quality assurance framework to assess and continuously improve its regulatory processes. The NDIS Commission is committed to action all report recommendations to continue to protect and promote the rights, safety and wellbeing of people with disability and ensure a sustainable future for the NDIS.

Background

1. The National Disability Insurance Scheme (NDIS) was established under the National Disability Insurance Scheme Act 2013 (NDIS Act) to fund reasonable and necessary supports for eligible people with disability to assist them in participating in economic and social life. NDIS participants have their supports costed and funded through a participant plan. The National Disability Insurance Agency (NDIA) was established under the NDIS Act to deliver the NDIS, and pays claims from participants and registered providers to fund NDIS supports in participant plans. In 2023–24, NDIS participant plan expenses totalled $41.85 billion, covering more than 661,000 participants. By 2033–34, NDIS expenses are expected to grow to $92.72 billion, covering more than 1,021,000 participants.¹

2. The NDIA has defined compliance as ‘following the rules and standards of the NDIS and Australian laws’ and ‘doing the right thing and using NDIS funds in line with NDIS plans’.² Types of claim non-compliance that have been identified through the NDIA’s fraud and non-compliance activities include: illegitimate or ‘ghost’ participants; claiming from expired plans; claiming from plans of participants who are incarcerated, in hospital or overseas for long periods (and thus ineligible for NDIS supports); claiming for services outside of plans; claiming for services that were not provided; claiming in advance of service delivery; overstating services, overcharging or duplicate charging; and double-dipping across government programs. The government has committed more than $495 million over eight years from 2021–22 to 2028–29 for the NDIA to address NDIS fraud and non-compliance.

Rationale for undertaking the audit

3. The NDIA paid out $41.85 billion for NDIS claims in 2023–24. In September 2023, the NDIA estimated that 6 to 10 per cent of these outlays could be for non-compliant, fraudulent or incorrect claims. The NDIA Board has a duty under section 16 of the Public Governance, Performance and Accountability Act 2013 to establish and maintain appropriate systems of risk oversight and management and internal control for the NDIA. It also has a duty under section 10 of the Public Governance, Performance and Accountability Rule 2014 (the Fraud and Corruption Rule) to take all reasonable measures to prevent, detect and respond to fraud and corruption relating to the NDIA (including deliberate non-compliance). There has been parliamentary interest in NDIS fraud and non-compliance and its impact on the sustainability of the NDIS. This audit was undertaken to provide assurance to the Parliament on the effectiveness of the NDIA’s arrangements for managing NDIS claim compliance.

Audit objective and criteria

4. The objective of the audit was to assess the effectiveness of the NDIA’s management of claimant compliance with NDIS claim requirements.

5. To form a conclusion against this objective, the following high-level criteria were adopted.

• Has the NDIA developed and implemented effective frameworks and processes to manage NDIS claim compliance?
• Has the NDIA implemented effective arrangements to oversee, monitor and continuously improve NDIS claim compliance?

Conclusion

6. The NDIA’s management of claimant compliance with NDIS claim requirements is partly effective. Prior to 2024, the NDIS lacked basic prevention controls for fraud and non-compliance. The NDIA is undertaking work to ‘crack down on fraud and non-compliant payments’, with tranche two of its Crack Down on Fraud program expected to be implemented by December 2025. If this work is delivered as planned, and embedded into business-as-usual activities, it has the potential to improve the financial sustainability of the NDIS.

7. The NDIA has partly effective frameworks and processes in place to manage claimant compliance with NDIS claim requirements and is implementing a large program of work to remediate identified deficiencies, with a target completion date of December 2025. The NDIA has not established a fit-for-purpose framework for managing NDIS claim compliance, although elements that could inform a more robust framework have been included in strategic planning documents for the NDIA’s Crack Down on Fraud program and the Fraud Fusion Taskforce. After identifying in 2023 that the NDIA was implemented with ‘catastrophically weak’ prevention controls, the NDIA has not yet established effective processes for preventing non-compliant claims. The NDIA has established processes to detect and respond to non-compliant claims, which are reviewing a small proportion of claims (0.4 per cent by dollar value) and detecting high levels of non-compliance (over 50 per cent by dollar value). The NDIA is working to improve the effectiveness of NDIS preventative and detective controls through the Crack Down on Fraud program, including introducing identity verification and claim validation processes and enhanced data analytics capabilities. Tranche one of the Crack Down on Fraud program was largely implemented on time and under budget. In April 2025, tranche two had an ‘amber’ status, with two June 2025 milestones identified as ‘at risk’ due to procurement delays.

8. The NDIA has implemented partly effective arrangements to oversee, monitor and continuously improve claimant compliance with NDIS claim requirements. While oversight and monitoring of NDIS claim compliance has been inconsistent, with frequent changes to reporting and oversight arrangements, a range of assurance mechanisms are in place for the Crack Down on Fraud program. The NDIA has not updated its risk assessments at the fraud and operational levels to reflect heightened claim compliance risks and identified gaps in existing controls. The NDIA has been measuring estimated payment error rates and has started reporting against compliance-related savings and benefits commitments. The transparency of its performance reporting to the government and the Disability Reform Ministerial Council could be improved. The NDIA is undertaking IT systems upgrades to improve its capacity to use data analytics to continuously improve NDIS claim compliance.

Supporting findings

Compliance frameworks and processes

9. The NDIA’s Compliance and Enforcement Framework (March 2020) and Fraud and Corruption Control Plan (July 2023) do not provide fit-for-purpose frameworks for managing claim compliance and do not delineate current accountabilities for compliance management. The NDIA Board is non-compliant with the Fraud and Corruption Rule as it has not endorsed an updated Fraud and Corruption Control Plan to meet the requirements of the new whole-of-Australian Government framework. The NDIA has developed a ‘program logic’ for the Crack Down on Fraud program and ‘strategic prevention concepts’ for the Fraud Fusion Taskforce that outline more appropriate control frameworks, as they include coverage of basic preventative controls for government payment schemes and are targeted to key non-compliance risks. The NDIA has not updated its broader compliance frameworks and related policies and procedures to reflect changes in its compliance approach. (See paragraphs 2.3 to 2.18)

10. The NDIS was designed and implemented (up until 2024) without basic prevention controls, such as clear claim requirements and robust identity verification and pre-payment validation processes. The NDIA commenced implementing activities to address these deficiencies in February 2024 through its Crack Down on Fraud program. Early program milestones were largely met, and the first tranche of the program was delivered largely on time and under budget. A large body of work to address prevention control deficiencies was still in progress as of April 2025 with a target completion date for tranche two of December 2025. In April 2025, the NDIA reported an ‘amber’ status for the program, due to procurement delays that had put the timely delivery of two milestones at risk. The NDIA has established other prevention controls, such as undertaking campaigns to improve compliance in targeted areas and providing educational information and guidance to claimants and NDIA staff. (See paragraphs 2.19 to 2.50)

11. The NDIA has established processes to detect and respond to non-compliant claims, including tip-off mechanisms, manual payment review processes and debt recovery. The NDIA has made improvements to its tip-off intake and assessment processes and is continuing to implement a tip-off redesign program. After the NDIA received advice in May 2023 that it was limited in its capacity to recover debts from non-compliant claims when supports were described generally in participant plans, the NDIA shifted its focus in 2024 from post-payment reviews to pre-payment reviews. The NDIA targets its manual pre-payment reviews based on ‘risk profiles’. These reviews cover a small proportion of NDIS outlays (0.4 per cent) and are detecting a high proportion of non-compliance (over 50 per cent of reviewed claims, by dollar value, are cancelled). The NDIA has identified deficiencies in its detection and response IT systems and is progressing work to improve its data analytics capabilities through the Crack Down on Fraud program, with a target completion date of December 2025. (See paragraphs 2.51 to 2.78)

Oversight, monitoring and evaluation

12. The NDIA’s oversight and monitoring of claim compliance has been inconsistent, with frequent changes to reporting and oversight arrangements. The NDIA consolidated integrity functions within a single group from January 2024 and established a Strategic Leadership Team sub-committee from October 2024 to March 2025 to oversee integrity functions, including claim compliance. Briefing on the status of integrity initiatives has been provided with varying frequency to the NDIA Board, other decision-makers and oversight committees. The NDIA has put in place a range of assurance mechanisms for the Crack Down on Fraud program, including regular assurance activities conducted by the program’s independent assurer. The NDIA has identified heightened claim compliance risks and significant gaps in existing controls. It has not updated its control assessments at the fraud and operational levels to reflect these identified control weaknesses. (See paragraphs 3.3 to 3.33)

13. The NDIA conducts assurance testing to estimate payment error rates and identify opportunities for continuous improvement. It does not have robust processes to monitor the implementation of identified improvement opportunities, and it has acknowledged that measured error rates underestimate fraud and non-compliance losses. In October 2023, the NDIA made commitments to the government to achieve savings and benefits from the Crack Down on Fraud program. The NDIA has not provided reporting against these commitments to the government or the Disability Reform Ministerial Council. The NDIA is implementing IT systems upgrades through the Crack Down on Fraud program, with a target completion date of December 2025, which aim to increase its capacity to use data analytics to support continuous improvement in claim compliance. (See paragraphs 3.34 to 3.60)

Recommendations

Summary of entity response

14. The proposed audit report was provided to the NDIA. The NDIA’s summary response is reproduced below. The full response from the NDIA is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

The NDIA appreciates the work of the ANAO in assessing the NDIA’s management of claimant compliance with NDIS claim requirements.

Over the last 2 years, the NDIA has been implementing an accelerated transformation to significantly improve the NDIA’s management of claimant compliance from a low level of maturity.

Committed to deliver integrity outcomes that detect, respond to, and prevent fraud and non-compliance against the NDIS, the NDIA secured and is implementing programs funded by the Fraud Fusion Taskforce and the Crack Down on Fraud Program. Our integrity transformation programs are focused on uplifting NDIA system capability, making it easier to get it right, and harder to get it wrong.

The scope of change has required agility and responsiveness, at scale and as the NDIA progressively implements transformation, it is building new capability through changes to law reform, technology uplifts, process uplifts and whole of government collaboration. The NDIA appreciates the ANAO’s acknowledgement of this progressive maturity journey, and the integrity outcomes that the NDIA continues to deliver.

The NDIA will continue to progressively implement transformational change to safeguard the NDIS and protect participants’ plans, safety and wellbeing. The changes aim to ensure participants have a positive NDIS experience and that the NDIS remains available to support Australians with disability when they need it.

Background

1. An ‘interest’ is something related to an individual’s personal circumstances that may bring advantage to, or affect, that individual. Interests can include, but are not limited to: financial interests; relationships; employment, including past employment and outside employment; and memberships or affiliations.

2. A conflict of interest can occur when there is a conflict between the public duties and personal interests of a public official that could, or could be seen to, influence the decisions they make or advice they give. For example, an official may hold shares in a company that they are regulating or procuring goods and services from. Conflicts of interest can be real, apparent or potential. Real conflicts of interest occur when personal interests improperly influence officials in performing their public duties.

3. The Public Service Act 1999 sets out that the function of the Senior Executive Service (SES) is to provide APS-wide strategic leadership of the highest quality that contributes to an effective and cohesive APS.¹ SES officers should, by personal example and other appropriate means, promote the Australian Public Service (APS) Values and compliance with the Code of Conduct.² There are specific requirements for accountable authorities and SES employees in relation to the management of interests.³

Rationale for undertaking the audit

4. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties. Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosure and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.⁴

5. This audit was conducted to provide assurance to the Parliament whether the selected entities are effectively managing SES conflict of interest requirements.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of selected Commonwealth entities’ management of Senior Executive Service conflict of interest requirements.

7. To form a conclusion against the objective, the ANAO adopted the following three high-level audit criteria.

• Have the entities developed appropriate arrangements to support the management of SES personal interests and conflicts of interest?
• Have the entities implemented effective controls and processes for managing SES annual declarations of interests in accordance with policies and procedures?
• Are SES officers effectively completing conflict of interest declarations for activities of heightened risk of conflict?

Conclusion

8. The Aged Care Quality and Safety Commission (ACQSC), the Australian Trade and Investment Commission (Austrade) and the Department of Home Affairs (Home Affairs) are managing conflicts of interest for SES officers in a largely effective manner. The entities’ management of conflicts of interest has generally improved since 2022. There are a number of initiatives underway to strengthen the framework for managing conflicts of interest across the Australian Public Service.

9. The audited entities have largely appropriate arrangements in place to manage the personal interests and conflicts of interest of SES officers. All entities have policies and procedures which identify interests as a matter requiring consideration. ACQSC and Austrade do not have documented procedures for managing accountable authority declarations to the relevant minister as required by the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). Home Affairs introduced a procedure in March 2025. All entities identify responsibilities for managing interests. Internal reporting on the completion of declarations and risks arising from declarations has not been undertaken. All entities include conflicts of interest in their enterprise risk registers or fraud risks. Each entity provides training on conflicts of interest within their mandatory training modules. Entities do not adequately monitor completion of this training. All entities communicate information and guidance on conflicts of interest to staff.

10. All entities have implemented partly effective controls and processes for managing SES declarations of interests. Not all SES officers are making declarations. There are limitations in the completeness of information included in declarations by officers, and demonstrated managerial review only occurred for some declarations. Records documenting management plans were not maintained by ACQSC until early 2024. All entities monitor completion of declarations and follow up non-compliant individuals. Between 2022 and 2024, the accountable authorities of ACQSC and Austrade did not make declarations to relevant ministers, as required. The ACQSC’s new incoming accountable authority made a declaration to the relevant minister in January 2025 and the Austrade accountable authority made a declaration in November 2024 and March 2025. The Home Affairs accountable authority has made declarations as required. ACQSC and Austrade included conflicts of interest in assurance activities between 2022 and 2024, and Home Affairs last did so in 2020–21.

11. Entities are partly effective with respect to SES officers completing activity-based conflict of interest declarations. Entities have generally established a requirement for officers to declare conflicts of interest for procurement, recruitment and grants administration activities. The requirement is weakened when there is no requirement for all officers to make a declaration, including for officers with nothing to declare. The ANAO found that officers from ACQSC and Austrade were generally making declarations for procurement as required. Home Affairs officers were not. Officers from all entities involved in grants administration activities are declaring as required. Results were mixed for recruitment activities. No entities had adequate arrangements in place for conflict of interest risks related to post-separation employment.

Supporting findings

Governance

12. ACQSC’s and Home Affairs’ Accountable Authority Instructions (AAIs) follow the model AAI content from the Department of Finance on the disclosure of interests. ACQSC’s AAIs give additional organisational context. Austrade’s instructions do not include the model content and make limited reference to the management of interests. All entities have supporting policies and procedures. Home Affairs’ policies and procedures provide insufficient detail on the annual SES declaration process. None of the entities had procedures supporting accountable authority declarations to the relevant minister. Home Affairs introduced such a procedure in March 2025. (See paragraphs 2.1 to 2.39)

13. All entities have clearly documented responsibilities identifying that individuals are required to make declarations. ACQSC and Home Affairs identify additional responsibilities for other roles including supervisors, managers and business areas responsible for overall management of interests. There has been no internal reporting undertaken within the entities in relation to the completion of annual interest declarations processes, except ACQSC commenced reporting in January 2025 to its internal governance forum. None of the entities analysed declarations of interests to assess and report on emerging risks. (See paragraphs 2.40 to 2.60)

14. All entities have considered conflicts of interest as part of broader integrity or legislative compliance risks. While risks associated with conflicts of interest are considered by all entities, only Home Affairs has documented the controls and control owners associated with enterprise risks. ACQSC’s register includes risk owners. Appropriate documentation of controls and control owners is absent in ACQSC and Austrade. All entities have considered conflicts of interest as a factor within their fraud and corruption control plans. Home Affairs has assessed conflicts of interest as part of its fraud and corruption risk assessments. (See paragraphs 2.61 to 2.77)

15. All entities have training on conflict of interest within their mandatory annual training. This training is not being completed by all SES officers. To help remind SES officers to complete their annual declarations, each of the entities provide officers with reminders. Information and assistance to support officers to comply with their obligations is also available within each entity. (See paragraphs 2.78 to 2.109)

Annual declarations of interests

16. Not all SES officers are completing annual declarations, with completion rates varying across entities. For ACQSC, the completion rate was 92 per cent in 2024. For Austrade, it was 99 per cent (when taking into account long-term leave and departures) and for Home Affairs it was 84 per cent. Completion rates have varied over time. Declarations generally contain sufficient information to understand the nature and extent of a declared interest, however an explanation of how the interest relates to the ‘affairs of the entity’ is not always sufficiently described. The accountable authorities of ACQSC and Austrade did not make declarations of their interests to the relevant minister as required. (See paragraphs 3.3 to 3.31)

17. None of the entities require that all annual declarations made by SES officers are subject to review. If an officer makes a ‘nil’ declaration, none of the entities have required declarations be reviewed. Home Affairs introduced a requirement in December 2024. Only declarations including an interest are subject to manager review. Management plans developed by Austrade officers document managerial review. Evidence of managerial review was lacking for plans developed by ACQSC and Home Affairs officers prior to 2024. (See paragraphs 3.32 to 3.48)

18. All entities monitor the completion of declarations of interests by SES officers. Where SES officers had not completed declarations, there was a process to follow up with relevant officers and their managers. ACQSC and Austrade undertook assurance activity through the inclusion of conflicts of interest within internal audits between 2022 and 2024. (See paragraphs 3.49 to 3.58)

Declarations of conflicts of interest for activity-based activities

19. Each entity requires that SES officers involved in procurement declare conflicts of interest. For ACQSC the SES officers involved in procurement made declarations as required. Eleven of 14 Home Affairs SES officers did not make declarations as required. From March 2025, Austrade has required that all officers involved in procurement activities make conflict of interest declarations. Before this, only officers who had a conflict to declare were required to make a declaration. As such, there were no records for the two Austrade SES officers in the ANAO sample demonstrating that they had considered conflicts of interest. (See paragraphs 4.5 to 4.8)

20. Austrade does not have a policy specifically relating to making conflict of interest declarations for grants administration. Home Affairs requires officers to disclose and manage conflicts of interest, however, there is a lack of supporting process. The three Austrade SES officers involved in grants administration activities assessed by the ANAO had made conflict of interest declarations. The 13 Home Affairs SES officers involved in grants administration had also made declarations. (See paragraphs 4.9 to 4.13)

21. Each of the entities requires that SES officers involved in recruitment declare conflicts of interest, except Home Affairs does not have a documented policy where the recruitment is for an SES officer. Within ACQSC, 38 per cent of SES officers involved in recruitment activities assessed by the ANAO did not make a declaration as required. Austrade does not require officers to make declarations if they have nothing to declare — 44 per cent of SES officers involved in the recruitment assessed by the ANAO made no declaration. Ninety-seven per cent of Home Affairs’ SES officers involved in recruitment made a declaration. Where conflicts of interest were declared, appropriate officers at the three entities were not always reviewing these and management actions were not always being put in place. (See paragraphs 4.14 to 4.39)

22. None of the entities have adequate policies and procedures to support the identification, declaration and management of conflicts of interest related to post-separation employment. Austrade has a declaration addressing conflicts of interest in its cessation checklist. The checklist was not completed by all departing officers. In addition, there was a lack of evidence to demonstrate that such conflicts of interest were considered for SES employees who had departed. (See paragraphs 4.42 to 4.50)

Recommendations

Summary of entity responses

23. The proposed report was provided to ACQSC, Austrade and Home Affairs. Summary responses from the entities are reproduced below. Full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

Aged Care Quality and Safety Commission

The Aged Care and Quality Safety Commission (the Commission) welcomes the findings of the audit which align well with the uplift in our integrity policies and practices the Commission already had underway, and some of which were applied during the period of the audit.

The Commission agrees with the five recommendations relating to arrangements for the accountable authority to provide declarations to the Minister, monitoring compliance with mandatory training, ensuring declarations contain information about the person’s role and responsibilities, ensuring annual declarations are refreshed at regular intervals, updating our recruitment Conflict of Interest Form and updating policies and procedures to include post separation conflicts of interest.

The Commission had already commenced improving its conflict of interest processes as part of a wider integrity uplift prior to the audit and the learnings from this audit will continue to inform our integrity maturity uplift. Recommendations from the audit have been actioned with amendments being made to forms, policies and procedures.

Australian Trade and Investment Commission

The Australian Trade and Investment Commission welcomes the audit report and acknowledges the findings and recommendations made by the Australian National Audit Office in relation to the Management of the Senior Executive Services Conflict of interest requirements.

The Australian Trade and Investment Commission is committed to implementing the recommendations from the report. These improvements will further strengthen Austrade’s efforts to ensure all Senior Executive Service (SES) employees of the agency declare all conflicts of interest, and that all declarations are managed with integrity and consistent with legislative obligations.

Department of Home Affairs

All findings and recommendations are agreed. The Department of Home Affairs is committed to ensuring that appropriate processes are maintained for identifying and managing conflicts of interest. This is fundamental to maintaining public trust and confidence in our operations.

Mandatory training is currently in place for all staff and the department will establish follow up actions to ensure SES officers are meeting their mandatory training obligations within set timeframes. This will strengthen the current system of automatic reminders which are sent to both staff and their supervisors, and non-compliance reports that are provided to senior leaders.

The department has work underway to improve its conflict of interest process. This includes updating policies and guidance material and strengthening education. The department has already updated and strengthened procurement guidance and templates to ensure delegates are aware of their conflict of interest obligations throughout each stage of the procurement process. Formal procedures have also been implemented for the Senior Executive Service annual declaration of interest process.

Background

1. The Child Care Subsidy (CCS) is administered by the Department of Education (Education) under the Family Assistance Law (FAL), to assist families to meet the cost of early childhood education and care.

2. At a cost of $13.6 billion in 2023–24, CCS is one of the ‘fastest-growing major payments’ of the Australian Government, with forecast average annual growth of 5.5 per cent over 2024–25 to 2034–35. As of September 2024, CCS supported 1.45 million children to attend approved care. This equates to 32.6 per cent of all 0 to 13-year-olds in Australia.

3. Education has policy responsibility for the CCS, including the CCS special appropriation. Services Australia is accountable for delivering payment and ICT services on behalf of Education, and for prioritising the service delivery within its budget appropriation.

Rationale for undertaking the audit

4. The CCS was estimated to be one of the top 20 expense programs in 2024–25. Australian Government spending on CCS was $13.6 billion in 2023–24, of which an estimated 3.6 per cent ($484.1 million) was lost to incorrect payments, including fraud and non-compliance. Fraud and non-compliance reduces available funds for public goods and services.

5. This audit was conducted to provide assurance to the Parliament over the effectiveness of the management and oversight of compliance activities within the Child Care Subsidy program. This audit was identified as a priority by the Parliament’s Joint Committee of Public Accounts and Audit in the context of the ANAO’s 2023–24 Annual Audit Work Program.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of the management and oversight of compliance activities within the CCS program.

7. To form a conclusion against the objective, the following high-level audit criteria were adopted:

• Have effective governance arrangements been established?
• Is the approach to compliance activities effective?

Conclusion

8. The management and oversight of compliance activities within the CCS is partly effective. Governance arrangements do not provide Education with whole of program oversight, and evaluation arrangements are only partly implemented. Although the payment accuracy rate improved in 2022–23 and 2023–24, and comprehensive prevention activities are in place, gaps in monitoring and enforcement are not being effectively managed.

9. Education has established partly effective arrangements to oversee CCS compliance activities. Committees accountable to a Senior Executive Service (SES) Band 2 within Education oversee its Child Care Subsidy Financial Integrity Strategy 2023–2027 (Integrity Strategy), which sets out its approach to risk based and data driven regulation of CCS providers and services, to be implemented from 2023 to 2027. To successfully complete its implementation of the Integrity Strategy, Education will need to improve its data quality in the Child Care Intelligence System (CCIS) and implement evaluation arrangements across the full suite of its compliance interventions.

10. Bilateral arrangements between Education and Services Australia are set out in a Statement of Intent and Program Delivery Services Schedule for Child Care Subsidy Program, which detail the objectives, governance, risk and issue management, roles and responsibilities and assurance obligations for CCS services. These arrangements do not provide Education with sufficient oversight of CCS compliance activities within Services Australia. Education has established a CCS Fraud and Corruption Risk Assessment (FCRA), but this is not supported by engagement with Services Australia over shared risks. Services Australia has not established a FCRA that includes CCS.

11. Education and Services Australia have established a partly effective approach to compliance activities. While Education and Services Australia have comprehensive arrangements to prevent non-compliance among providers and families respectively, deficiencies were identified in relation to monitoring, investigations and enforcement.

12. Services Australia is responsible for monitoring family compliance. It does not monitor non-employment activities, is unable to identify CCS-related matters within its tip-off data, and its income monitoring via the CCS reconciliation process is not consistent with the FAL, due to its reliance on lodged tax return data before a notice of assessment has been issued.

13. Education is responsible for monitoring provider compliance, and investigations and enforcement. It monitors whether providers continue to meet some conditions to administer CCS. It does not have assurance that all conditions are met, does not apply quality assurance across all monitoring and investigation activities, and does not investigate possible CCS provider overpayments identified while monitoring payment accuracy via the Random Sample Parent Check (RSPC). Its ability to effectively implement the Integrity Strategy is undermined by poor data quality in CCIS and a lack of cohesive enforcement strategy, which mean it is not able to assess whether decisions to take enforcement action are fair, impartial, consistent, or proportional.

Supporting findings

Governance arrangements

14. Education oversees CCS compliance activities via a Financial Integrity Governance Board (FIGB) and Financial Integrity Operational Committee (FIOC), that are accountable to the responsible SES Band 2. Education does not have visibility of compliance activities or risk management in Services Australia. Bilateral arrangements between the Department of Education and Services Australia are set out in a Statement of Intent between the Chief Executive Officer (CEO) of Services Australia and the Secretary of the Department of Education (Education Secretary). Under the Statement of Intent, the Program Delivery Services Schedule for Child Care Subsidy Program details the objectives, governance, risk and issue management, roles and responsibilities and assurance obligations for CCS services. These do not provide sufficient oversight of CCS compliance activities. (See paragraphs 2.3 to 2.26)

15. Education’s Integrity Strategy documents its approach to risk based and data driven regulation to be implemented from 2023 to 2027. To successfully complete its implementation of the Integrity Strategy, Education will need to improve its CCIS data quality. Although Services Australia’s annual CCS risk management plans document its approach to managing risk in the program, including compliance risk, there is no documented approach (either in Education’s Integrity Strategy or via Services Australia’s own program documentation) that provides strategic direction or describes how risk and data inform decision-making regarding Services Australia’s CCS compliance activities. Education has established a CCS FCRA, although information about the purpose, implementation status, and timeframes of risk treatments is not included. Risk identification, analysis and evaluation within the FCRA is not supported by engagement with Services Australia over shared risks. Services Australia has not established a FCRA that includes CCS. (See paragraphs 2.31 to 2.52)

16. Education monitors the effectiveness of the Integrity Strategy using payment accuracy data drawn from the RSPC and reporting against budget savings measures. As of March 2025, evaluations of compliance interventions have been planned but not yet implemented across the full suite of compliance interventions. Initial intervention evaluations and resulting adjustments for each team are due to be completed in 2025. As such, is not possible to effectively measure the impact of activities undertaken under the Integrity Strategy, or understand the relative contributions of different types of activities. (See paragraphs 2.53 to 2.70)

Approach to compliance activities

17. CCS program design, including the legislative framework administered by Education, has been strengthened to support compliance. Access to the program is managed via provider and individual application processes by Education and Services Australia respectively. Both entities provide appropriate information to stakeholders via a range of sector guidance, communications and advice. Education engages regularly with sector representatives and has commenced work to improve the capability of Family Day Care (FDC) providers to comply with their obligations under the FAL. (See paragraphs 3.2 to 3.19)

18. Education and Services Australia monitor family and provider compliance with the FAL using family income, sessions of care information from providers, electronic funder transfer (EFT) provider audits, and manual checking of provider reporting. These controls focus on incorrect session reporting resulting in incorrect payment. Education does not have assurance that certain other requirements, such as fit and proper person requirements, are met after initial CCS approval has been granted. Where non-compliance is suspected, Education may choose to conduct an administrative or criminal investigation. Services Australia’s use of data for checking family income is not consistent with the FAL, and there are deficiencies in Education’s record keeping, monitoring of ongoing provider and service eligibility for CCS, and quality assurance arrangements in both EFT provider audits and investigations. Services Australia’s collection of tip-off information does not effectively support the identification of CCS matters. (See paragraphs 3.22 to 3.62)

19. Education imposes fines, debts, conditions on approval, suspension and cancellation of approval, and refers matters for criminal prosecution as part of its work to enforce compliance with the FAL. Education does not have a policy to guide decisions on whether, and in what circumstances, to take enforcement action, and enforcement strategy has not been considered by the FIGB. Without cohesive policy guidance for staff, Education is unable to assess whether decisions to take enforcement action are fair, impartial, consistent, or proportional. From 2022–23 to 2023–24, across the CCS, Education withdrew $473,010 (42.2 per cent of the total $1.1 million) of fines issued, raised and recovered 11 compliance-related debts valued at $59,648 (0.9 per cent of the total $6.4 million) and identified but did not investigate 970 potential overpayments with a total value of $106,375. (See paragraphs 3.63 to 3.80)

Recommendations

Summary of entity responses

20. The proposed audit report was provided to the Department of Education and Services Australia. The summary responses are reproduced below and the full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Department of Education

The Department of Education (the department) acknowledges the Australian National Audit Office (ANAO) performance audit on the management and oversight of compliance activities within the Child Care Subsidy (CCS) program.

The management and oversight of compliance activities plays an important role in ensuring the proper use of CCS and the achievement of program outcomes. In the 2023–24 financial year, the department’s integrity activities resulted in the highest accuracy rates in provider claims for CCS on record, exceeding the program target.

These are substantial achievements, testament to the department’s commitment to strong regulation of CCS approved providers and its obligations under the Resource Management Guide-128.

The department is progressing a large work program to strengthen and further mature the delivery of its CCS compliance activities under the CCS Financial Integrity Strategy 2023–27. The department agrees with the seven recommendations and will address these as part of its ongoing commitment to strengthen the management and oversight of CCS compliance activities.

Services Australia

Services Australia (the Agency) welcomes the ANAO report on Management and Oversight of Compliance Activities within the Child Care Subsidy (CCS) Program. The Agency notes the report findings, including that management and oversight of compliance activities within the CCS Program are partly effective.

The Agency’s focus is on efficiently and effectively delivering payments and services to the Australian community, and compliance and program integrity are important aspects of this work. The Agency’s strategies, performance measures, and governance arrangements are focussed on ensuring the right payment to the right person at the right time.

The Agency is committed to continually improving its internal and external governance arrangements, performance monitoring and reporting, compliance activities, and guidance and support to staff to ensure the integrity of the CCS Program.

Background

1. Corporate organisations, including in the public sector, often have a board responsible for their governance. The Australian Institute of Company Directors (AICD) refers to governance as the systems that direct and control — or govern — an organisation¹:

Governance enables authority to be exercised appropriately and for the people who exercise it to be held to account. Good governance is about the effective way decisions are made and power is exercised within an organisation.

2. In March 2025, 74 Australian Government organisations have a body corporate status — known as corporate Commonwealth entities (CCEs). The governing board of a CCE is often the entity’s accountable authority with specific responsibility for ‘leading, governing and setting the strategic direction’ for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

3. Boards of Australian Government entities must govern in a way that complies with the requirements of any enabling legislation, the Commonwealth finance law (which includes the PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule)), and other applicable laws and requirements.

4. Organisations, including CCEs, with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.

5. The National Disability Insurance Scheme (NDIS), established in 2013 under the National Disability Insurance Scheme Act 2013 (NDIS Act), provides funding for planned supports for NDIS participants — people with permanent and significant disability. Commonwealth, state, and territory governments jointly fund the NDIS under bilateral arrangements.

6. The National Disability Insurance Agency (NDIA) is responsible for delivering the NDIS under the NDIS Act and is a CCE. The Board of the NDIA (the Board) is the accountable authority of the NDIA.

Rationale for undertaking the audit

7. The NDIS is a demand-driven program. In 2023–24, the NDIA’s participant plan expenses were $41.85 billion, 19 per cent higher than in 2022–23, making this the largest area of Australian Government expenditure managed by the board of a CCE and also the fastest growing Australian Government payment. In May 2024, Budget Paper No. 1 for the 2024–25 Budget stated, ‘NDIS Commonwealth funded participant payments growth is expected to average 9.2 per cent per year over the projections period’ (to 2034–35).²³ With over 692,000 Australians registered as NDIS participants as at 31 December 2024, the NDIA is also an organisation with a direct impact on the lives of a major cohort of vulnerable Australians.

8. This audit topic provides independent assurance to Parliament on the effectiveness of the Board of the NDIA’s governance.

Audit objective and criteria

9. The objective of the audit was to assess the effectiveness of the governance of the Board of the NDIA.

10. To form a conclusion against the objective, the ANAO examined:

• Are the Board’s arrangements consistent with relevant legislative requirements for effective governance?
• Does the Board have fit-for-purpose arrangements to support sufficient oversight of the entity’s operations?

11. The ANAO analysed the Board’s governance for the period 1 July 2021 to 30 June 2024.

Conclusion

12. The Board’s governance was largely effective. The Board could strengthen its overall governance of the NDIA and the NDIS by setting clear requirements for additional strategic reporting to it on the progress of the implementation of financial sustainability initiatives. The Board’s practice of seeking further information and assurance from management where results are below targets, or other issues or risks are reported, was maturing but not consistent across the Board’s and its committees’ meetings.

13. The Board’s governance and administrative arrangements are largely consistent with relevant legislative requirements for effective governance. Board appointments are in accordance with legislative requirements and Board meetings are properly constituted. Management plans are not consistently developed for Board members’ declared real or apparent conflicts of interest.

14. The Board has a largely fit-for-purpose charter and has established committees that support it though reviewing relevant management reports and products before these are submitted to the full Board. A Sustainability Committee provides support for the oversight of actuarial reporting and NDIS financial sustainability. The Strategic Directions and Participant Outcomes Committee did not provide the Board sufficient advice against its broad charter functions, including advice on NDIA priorities.

15. Prior to March 2024, the Audit Committee structure limited its ability to provide the required range of independent advice and assurance to the Board, with risk oversight managed by a separate Risk Committee and reliance placed on the committees and Board informally sharing information. A combined Audit and Risk Committee (ARC), in place since March 2024, supports the Board by reviewing all required areas of reporting on NDIA finance, performance, risk and internal control. None of the committees provide written advice to the Board.

16. The Board has established partly fit-for-purpose arrangements to oversee NDIA operations. The Board had regard to advice and reports from the Scheme Actuary, the Independent Advisory Council and the ARC. Decision records did not always show the Board’s consideration of relevant legislative criteria. As reporting on regulatory compliance was aggregated, it lacked detail, and the Board did not always respond to indicators of non-compliance. Requirements of the National Disability Insurance Scheme—Risk Management Rules 2013 were not all met. The Board monitored and received reporting from the NDIA on NDIS sustainability and fraud risk. The Board has not directed strategic reporting on reforms to assure itself that the NDIA will fulfil the Australian Government’s commitments to moderate growth in NDIS expenses.

17. The Board has arrangements to meet PGPA Act requirements relating to governing the NDIA, systems of risk control, cooperation with others and reporting to the Minister for the NDIS. When reports on areas of poor performance or other issues are provided, the Board and its supporting committees could improve its governance by consistently seeking further information or assurance from management. Consistently seeking additional information would support the Board to mature further into a strategic role.

Supporting findings

Board governance and structure

18. Board member appointments between July 2021 and June 2024 complied with relevant NDIS Act requirements. The Department of Social Services (DSS) maintained records of appointments and advised the minister on current and upcoming vacancies. (See paragraphs 2.2 to 2.22)

19. Board meetings were properly constituted, and sufficiently frequent, with records maintained. The Board had not set guidance for the use and records of ‘in camera’ sessions. Inaccurate remuneration payments were made to Board members in 2022–23 and 2023–24. (See paragraphs 2.23 to 2.39)

20. A register of Board member interests was updated regularly. Of the seven declared interests identified by members as potential or actual conflicts, one had a documented management strategy. Conflict of interest procedures were largely followed for scheduled Board meetings; they were not consistently followed for out of session meetings or decisions without meetings. (See paragraphs 2.40 to 2.57)

21. The Board has established committees to support the governance of the NDIA. The charters for committees could be improved to set out voting requirements, the extent of delegated authority, and specify requirements for making decisions without meetings. The ARC charter could be improved by specifying who cannot be a member of the committee. The Board has not documented which NDIA policies require its approval. (See paragraphs 2.58 to 2.84)

22. The role of the committees is to provide advice to the Board on: the financial sustainability of the NDIS (Sustainability Committee); and the objectives, strategies, and policies to be followed by the NDIA, with a dedicated focus on participant outcomes (Strategic Direction and Participant Outcomes Committee). In March 2024, the Audit Committee and Risk Committee were merged into the ARC — its role is to review and advise on the appropriateness of the NDIA’s financial and performance reporting, systems of risk oversight and management, and systems of internal control. Committee membership was largely consistent with charter requirements. (See paragraphs 2.85 to 2.121)

23. Each committee receives relevant reporting according to its function and gave verbal updates and meeting minutes to the Board. The committees have not always provided written advice on critical and high-risk areas that require further Board consideration and direction, and it is unclear if the committees’ verbal updates and meeting minutes provided assurance and assisted with informing decision-making and the efficient running of the Board. (See paragraphs 2.85 to 2.121)

Oversight of compliance and performance

24. The Board has issued Accountable Authority Instructions and guidance to NDIA officials to support legislative compliance. The Board made CEO appointments and had regard to advice from the Independent Advisory Council, Scheme Actuary and ARC, consistent with NDIS Act requirements. (See paragraphs 3.3 to 3.19)

25. Reporting to the Board on regulatory compliance is aggregated which reduced the Board’s visibility of the adequacy of internal controls. The Board did not respond to senior executive advice that they could not give full assurance over their regulatory compliance obligations. The Board provided annual risk management declarations, as required by the NDIS Risk Management Rules 2013. The Board did not review its Risk Management Framework or receive sufficient reporting on NDIA risk culture, resourcing and control effectiveness, as required. (See paragraphs 3.20 to 3.47)

26. The Board has monitored NDIS financial sustainability and NDIS fraud risk. This included consideration of draft reform initiatives proposed to address increasing NDIS expenses. It is not clear if the Board provided NDIA management with direction on reform initiatives proposed before these were included in advice to government. The Board receives regular updates on the progress of reform activities. It is not clear if the Board has been active in directing reporting on reform deliverables to assure itself that the NDIA will fulfil the Australian Government’s NDIS Financial Sustainability Framework commitments. (See paragraphs 3.48 to 3.83)

27. Corporate plans largely complied with PGPA Rule requirements, and the Board approved the performance measures in corporate plans prior to their publication. Eleven of the NDIA’s 19 measures for the 2023–24 Annual Performance Statements satisfied relevant PGPA Rule requirements. The performance measures for 2023–24 did not reflect the NDIA function of managing NDIS financial sustainability, although new measures in the 2024–25 corporate plan relate to this function. (See paragraphs 3.84 to 3.114)

28. The Board received and discussed regular reporting on results against corporate plan performance measures, although it did not consistently seek further detail or assurance where internal reporting indicated poor results or potential issues with reporting mechanisms. (See paragraphs 3.84 to 3.114)

Recommendations

Summary of entity responses

29. Copies of the proposed report were provided to the NDIA and DSS. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the audit are listed in Appendix 2.

National Disability Insurance Agency

The National Disability Insurance Agency (NDIA) welcomes the ANAO’s assessment that NDIA Board’s governance is largely effective. We note the ANAO conclusions that governance arrangements are largely consistent with its legislative requirements; that Board appointments are in accordance with legislative requirements; and Board meetings are properly constituted.

The NDIA Board acknowledges the importance of having clear and specific guidance and governance processes in relation to the Board’s responsibilities, including how these are executed. The Board has recently updated key artefacts that relate to Board practices and processes that the ANAO has identified as areas for improvement. This includes updating the Board and/or Committee charter to include clarification on the use of in camera sessions, management of conflicts of interest, and how the Audit and Risk committee provides advice to the Board.

As noted in the report, the Board approved a workplan for 2025 which identifies key artefacts required to fulfill the Board’s statutory obligations. The Board also has standing items for areas that Board has identified as either requiring monitoring or of particular interest to the Board. The Board acknowledges there is an opportunity to provide management with clarity regarding the Board’s expectations regarding strategic reporting on key programs, additional reporting where targets are not being met, and the policies and documents that the Board should approve or have oversight over.

Department of Social Services

The Department of Social Services (the Department) welcomes the Australian National Audit Office (ANAO) report on the Effectiveness of the Board of the National Disability Insurance Agency.

The Department notes the report’s three recommendations refer to the Board of the National Disability Insurance Agency.

The Department notes the key messages from this audit for all Australian Government entities, including considering whether key stakeholders and decision makers have specific accessibility requirements and producing relevant documents in accessible formats.

Background

1. In 2015, the Australian Government introduced the Commonwealth Home Support Programme (CHSP). CHSP services include meals, cleaning, garden maintenance, transport and aids. The CHSP meals service category aims to ensure food security and nutritional and social benefits for older Australians. The Department of Health, Disability and Ageing (Health) is responsible for administering CHSP.

2. CHSP service providers receive funding through Australian Government grants and client contribution fees. In 2023–24, CHSP grants totalled $3.1 billion, making CHSP one of the Australian Government’s largest grant programs. In 2023–24, the Australian Government funded 1,264 CHSP providers, 71 per cent of which were not-for-profit organisations. The value of grant funding awarded for the CHSP meals service category totalled $114.3 million across 540 meal providers in 2023–24.

3. Meals on Wheels is a volunteer-based meals delivery service to people at home ‘who are unable to cook or shop for themselves’ or ‘living with an illness or disability’.¹ Meals on Wheels Australia Limited (MoWA) is the national peak body that represents and advocates for providers that are members of the Meals on Wheels (MoW) network. In 2023–24, 135 of 540 (25 per cent) CHSP meal providers were affiliated with the MoW brand. MoW providers received $45.4 million in CHSP grants in 2023–24.

4. The Australian Government responded to the 2021 Royal Commission into Aged Care Quality and Safety’s recommendations relating to in-home aged care through a number of measures, including the design of a new Support at Home Program.² The Support at Home Program will bring together three in-home aged care programs, including CHSP, under a single program. CHSP is due to transition to the Support at Home Program no earlier than 1 July 2027. Under the Support at Home Program, providers will be required to invoice the Australian Government based on services provided and will receive payment after services have been delivered (a fee-for-service model).

5. The Future Fit Program aimed to improve MoWA’s organisational capability, including how it captures data on meal delivery services and accounts for aged care social outcomes associated with the MoW operating model. Health procured Miles Morgan Australia using CHSP funds to deliver the Future Fit Program.

• On 23 December 2021, Health contracted Miles Morgan Australia to deliver ‘strategic business transformation advice and services’ for $5,487,191.³ The project was to be concluded with a final report on 18 January 2023.
• On 4 October 2022, a contract variation with Miles Morgan Australia increased the 2021 contract value by $1,560,900, for a total cumulative value of $7,048,091. A key element of the variation was a customer relationship management (CRM) software system for the MoW network. The timeframe for delivery of the Future Fit Program final report was extended to 1 November 2023.
• On 19 January 2024, Health contracted Miles Morgan Australia to ‘transition’ meals operations in the Whitehorse Local Government Area (LGA) in Victoria. The value of this contract was $1.69 million, for a total cumulative value of $8.74 million across all three Future Fit Program contracts. A final report was to be delivered on 8 March 2024, and the contract stated that all work was to be completed by 10 March 2024 (with a provision for unanticipated delays to 31 May 2024).

6. This audit covers governance, procurement and contract management of the Future Fit Program between December 2021 and May 2024.

Rationale for undertaking the audit

7. In 2023–24, the Australian Government provided $3.1 billion in funding to 1,264 CHSP providers, making it one of the Australian Government’s largest grants programs. Over 800,000 Australians used CHSP services in 2023–24.⁴ CHSP is transitioning to the Support at Home Program no earlier than 1 July 2027. The Future Fit Program involved $8.74 million in procurement payments to Miles Morgan Australia to support Meals on Wheels Australia and the Meals on Wheels network to prepare for the transition from CHSP to the Support at Home Program.

8. This audit provides the Parliament with assurance on whether Health’s administration of the Future Fit Program was effective.⁵

Audit objective and criteria

9. The audit objective was to assess the effectiveness of Health’s administration of the Future Fit Program.

10. To form a conclusion against the audit objective, the following high-level criteria were adopted:

• Has Health established sound governance arrangements to support the delivery of the Future Fit Program?
• Has Health conducted procurements for the Future Fit Program effectively?
• Has Health managed the Future Fit Program contracts effectively?

Conclusion

11. Health’s administration of the Future Fit Program was ineffective. Poor project governance, procurement practices that were not aligned to the Commonwealth Procurement Rules, and weak contract management impeded the achievement of the Future Fit Program’s objectives. Health has not evaluated the Future Fit Program to determine if the project has resulted in the Meals on Wheels network being in a better position to transition to the new Support at Home Program.

12. Health did not establish sound governance arrangements to support the delivery of the Future Fit Program. Health did not maintain appropriate oversight of the project. Health did not appropriately identify and manage project risk. Health did not engage with stakeholders in accordance with its Stakeholder Engagement Framework. Health did not measure the achievement of Future Fit Program outcomes.

13. Planning and conduct of the 2021, 2022 and 2024 Future Fit Program procurements were not effective, except for meeting AusTender reporting requirements. Health did not appropriately plan for the Future Fit Program procurements and its consideration of procurement risk was limited. Approaches to market did not support a value for money outcome. Procurement effectiveness was further undermined by insufficient demonstration of value for money, failure to maintain complete records, limited achievement of procurement objectives, and weak probity management. Procurement processes fell short of ethical standards.

14. Health’s management of Future Fit Program contracts was not effective. The Future Fit Program’s objective was to prepare the MoW network for the transition from the Commonwealth Home Support Programme to the Support at Home program. Some contract deliverables were not realised, and there is no evidence-based analysis of the achievement of the intended outcomes. Health’s contract administration effectiveness was impacted by a lack of contract management planning (including risk management), inappropriate segregation of duties, a poorly justified contract variation, deficient records management, and limited probity management. Health did not establish contract performance measures. While contract management practices improved for the 2024 contract, the contract ended in a legal dispute and non-delivery of some contract requirements.

Supporting findings

Governance

15. Health did not assess the Future Fit Program against the requirements of its project management framework nor establish governance arrangements for the project that were consistent with the framework. The Future Fit Program contractor, Miles Morgan Australia, established roles and responsibilities for the Future Fit Program in 2022. Health did not have an established role in project oversight or delivery. The Future Fit Program was established in part to place MoWA in a better position to support MoW state associations and providers. In October 2022 Health agreed to a proposal from Miles Morgan Australia to remove MoWA from project governance arrangements, without consulting MoWA or advising the minister. From mid-2023, Health engaged more directly with MoWA and the MoW network on the Future Fit Program. (See paragraphs 2.1 to 2.20)

16. Health required Miles Morgan Australia to develop a project risk register at the outset of the Future Fit Program in 2022. The March 2022 project risk register identified and assessed risks and included treatments for risks outside of tolerance. Health was assigned ‘shared’ ownership of six of the 22 identified project risks, including one extreme risk that was rated ‘unacceptable.’ Health was not involved in the treatment of shared risks. Project status reports repeatedly showed the Future Fit Program as being at ‘high’ or ‘extreme’ risk of not being delivered as planned. There was no process of identifying treatments for these risks. Health did not subsequently seek updates of or refer to the 2022 register. A separate risk register was developed for the 2024 contract. Health did not contribute to the 2024 register. (See paragraphs 2.21 to 2.35)

17. Health did not have a fit-for-purpose stakeholder engagement plan for the Future Fit Program. In 2021 and 2022, communications activities were designed by a sub-contracted firm. The communications plan was not updated over time as the situation evolved. The communications plan and engagement activities did not reflect Health’s principles of effective stakeholder engagement, especially the principle of inclusivity. A decision to direct source a provider for meals provision in several Victorian locations was made without consultation with key stakeholders. Stakeholder activities were not appropriately recorded or reviewed. Health’s handling of a stakeholder management complaint in 2023 did not align with principles set out in its complaints management policy. From mid-2023, Health’s stakeholder engagement practices improved. (See paragraphs 2.36 to 2.70)

18. Health received project status reports from Miles Morgan Australia for the 2021 and 2024 contracts, although Health did not ensure that six of 21 reports were provided in a timely manner, or that reports were provided throughout the whole of the implementation period. Most of these reports identified significant issues with project delivery. Health did not acknowledge the reports. Health did not enforce contractual requirements for Miles Morgan Australia to develop an evaluation plan. As at April 2025, the Future Fit Program had not been evaluated. (See paragraphs 2.71 to 2.81)

Procurement

19. Planning and approaches to market for the 2021, 2022 and 2024 procurements were deficient and did not comply with the Commonwealth Procurement Rules.

• Health’s decision to use a procurement to fund the Future Fit Program was not underpinned by a strong policy rationale or market analysis.
• There was no planning for any of the three procurements. Procurement values were not estimated before the approach to market.
• Risk was not identified and assessed in the 2021 and 2022 procurements. For the 2024 procurement, risks were identified, however all risks were assessed as low and therefore did not require treatment despite well-known delivery issues.
• Health approached one supplier (Miles Morgan Australia) in all three procurements. The supplier was selected without analysis of alternatives. A standing arrangement (panel) to facilitate the procurement of this specific supplier was identified after a decision was made to procure the supplier.
• In 2021, Health engaged Miles Morgan Australia from the panel after having been made aware that the method was at risk of breaching the Commonwealth Procurement Rules. The 2022 procurement used the same panel and included services beyond the panel scope. There was a lack of due diligence when the contract was varied in 2022 to include a customer relationship management (CRM) system. Health used a limited tender condition for the 2024 procurement based on flawed reasoning that lacked transparency. Across the three procurements, there were instances of internal legal advice not being sought, not being followed and/or not being appropriately shared with Health’s Procurement Advisory Services.
• AusTender reporting of the procurement method was appropriate. (See paragraphs 3.1 to 3.53)

20. Demonstration of value for money and maintenance of appropriate records were deficient for the 2021, 2022 and 2024 procurements. Procurement approvals were appropriately recorded for two of three procurements. Probity was not effectively managed, and there could be improvements to Health’s gifts, benefits and hospitality policy to support probity. Conduct fell short of ethical standards. Health met AusTender timeframes for reporting contracts. (See paragraphs 3.54 to 3.82)

Contract management

21. Health did not have contract management plans in place for the Future Fit Program contracts with Miles Morgan Australia. Contract risk was not assessed in 2021 or 2022. Contract risks were assessed as low in 2024 despite known issues and some risks had already been or were quickly realised. Between 2022 and 2023, there was insufficient segregation of duties (a key control to prevent poor decision-making and fraud) in procurement and contract management, however this was improved in 2024. In October 2022, the 2021 contract was varied to include development of a Customer Relationship Management (CRM) system without an assessment of whether the variation offered value for money, whether it affected the original procurement’s value for money, or whether procured goods and services could be provided by other potential suppliers. Contract administration activities, including the verification of deliverables prior to release of payments, were poorly recorded for the 2021 and 2022 procurements. Records management and verification of deliverables improved for the 2024 contract. Probity was not managed. (See paragraphs 4.1 to 4.22)

22. Future Fit Program 2021, 2022 and 2024 contract deliverables were partially achieved. The 2024 contract was executed while 2022 contract deliverables were still outstanding, including confirmation that a CRM system, which was to be ‘transitioned’ from Miles Morgan Australia to a MoW provider under the 2024 contract, had been successfully deployed. There was a lack of success measures to determine if project outcomes had been achieved. There is no evidence that Health managed performance issues related to the 2021 and 2022 contracts. The 2024 contract was clearer about performance expectations than the 2021 and 2022 contracts, and Health managed concerns about contractor performance in 2024. (See paragraphs 4.23 to 4.32)

Recommendations

Summary of entity response

23. The proposed audit report was provided to the Department of Health, Disability and Ageing. Extracts of the proposed audit report were provided to Newcastle Meals on Wheels and a representative of Miles Morgan Australia. The Department of Health, Disability and Ageing’s summary response is provided below and its full response is provided at Appendix 1. Responses from Newcastle Meals on Wheels and a representative of Miles Morgan Australia are provided at Appendix 1.

The Department of Health and Aged Care (the department) notes the findings in the report and accepts the recommendations.

The department is taking the report’s findings seriously, in particular that the actions of departmental staff did not meet ethical standards. As noted in the Secretary’s opening statement at the public hearing for the Joint Committee of Public Accounts and Audit inquiry into probity and ethics in the Australian Public Sector on 1 February 2024, the department is committed to ensuring all staff are supported in managing public resources in a transparent and ethical manner by fostering a culture of integrity. The department has well established processes for responding to such behaviours.

In response to this audit, the department will commission an evaluation of the Future Fit Program. The evaluation will form part of a suite of advice to government on future program design for the Commonwealth Home Support Program (CHSP), including advice to support government decisions on the future transition of CHSP to the new Support at Home Program no earlier than 1 July 2027. The department is also undertaking activities to strengthen its administrative processes in relation to projects, procurement and records management. In particular, the department is taking steps to ensure projects are accurately identified and appropriate departmental governance and oversight arrangements are in place.

Background

1. On 5 August 2017, the Minister for Health and Aged Care announced a review of Australia’s sport integrity arrangements. The Report of the Review of Australia’s Sport Integrity Arrangements (the Wood Review) was presented to the government in March 2018 and made 52 recommendations, including the establishment of a national sports integrity commission.¹ In its February 2019 response to the Wood Review², the Australian Government agreed, agreed in part, agreed in principle or noted all recommendations. Sport Integrity Australia (SIA) was established on 1 July 2020 by the Sport Integrity Australia Act 2020 (SIA Act).

2. The object of the SIA Act is to establish SIA to prevent and address threats to sports integrity and to coordinate a national approach to matters relating to sports integrity in Australia. A National Anti-Doping Scheme is required under section 3 of the SIA Act and is set out in Schedule 1 of the Sport Integrity Australia Regulations 2020 (SIA Regulations). The SIA Regulations outline the powers and functions of the SIA Chief Executive Officer, which include having the role and responsibility of a ‘national anti-doping organisation’ for Australia under the United Nations Educational, Scientific and Cultural Organization’s (UNESCO) Anti-Doping Convention and the World Anti-Doping Code.

Rationale for undertaking the audit

3. In its response to the Wood Review, the Australian Government committed to ‘comprehensively protecting the integrity of Australian sport for the benefit of the entire Australian community’ and to establishing a national sports integrity commission (SIA). The government also noted the importance of effective anti-doping measures to protect the integrity of Australian sport.

4. The audit provides assurance to the Parliament as to whether SIA has established effective governance arrangements for anti-doping and is effectively managing the National Anti-Doping Scheme.

Audit objective and criteria

5. The purpose of the audit was to assess the effectiveness of Sport Integrity Australia’s management of the National Anti-doping Scheme.

6. To form a conclusion against the objective, the following high-level criteria were adopted:

• Has Sport Integrity Australia established fit-for-purpose governance arrangements?
• Has Sport Integrity Australia established effective arrangements to prevent and detect anti-doping rule violations?
• Has Sport Integrity Australia established effective arrangements to investigate and respond to possible anti-doping rule violations?

7. The period covered by the audit is 1 July 2021 to 30 June 2024. Anti-doping matters prior to the establishment of Sport Integrity Australia on 1 July 2020 are not within the scope of this audit.

Conclusion

8. Sport Integrity Australia’s management of the National Anti-Doping Scheme is partly effective. SIA has adopted a different approach to anti-doping regulation, depending on how anti-doping samples and testing are paid for. Regulatory responsibilities are more effectively carried out for sports that receive government funded anti-doping testing. For sports where testing costs are partially recovered from the sport, regulation is not demonstrably risk-based and data driven — a key principle of good regulation. There are deficiencies in anti-doping investigation practices.

9. SIA’s governance arrangements for the National Anti-Doping Scheme are partly fit for purpose. There are largely fit-for-purpose oversight and assurance arrangements. Risk management, including for regulatory capture risks, is not fit for purpose.

10. SIA’s arrangements for preventing and detecting doping are largely effective for sports that have mainly government funded anti-doping sample collection arrangements, and partly effective for the major professional sports that have mainly ‘user pays’ anti-doping sample collection arrangements, due to the way SIA has chosen to administer ‘user pays’ arrangements.

• There is a fit-for-purpose national anti-doping framework, which is supported by a national anti-doping policy that is adopted by 87 national sporting organisations. Another three national sporting organisations have an SIA-approved anti-doping policy.
• SIA has effective arrangements to prevent anti-doping rule violations through anti-doping education plans that are implemented and evaluated.
• For sports that have mainly government funded testing arrangements, test distribution planning is generally risk-based. Transparency could be enhanced through more comprehensive documentation of planning methodology and record keeping.
• For the six major sports that have mainly user pays testing arrangements, test distribution planning is not demonstrably risk-based. The number and distribution of tests are negotiated with national sporting organisations under a service agreement. This is not consistent with World Anti-Doping Code principles or SIA’s responsibilities as a regulator of these sports.

11. SIA’s arrangements to investigate and respond to anti-doping rule violations are partly effective. The procedural framework for investigations is partly fit for purpose, including processes related to quality assurance. There were irregularities in the triage and conduct of 38 investigations commenced in the three years to 30 June 2024, when compared to existing procedures. Investigations did not consistently meet timeliness targets. SIA’s actions in response to proven anti-doping violations were appropriate.

Supporting findings

Governance arrangements

12. SIA has responded to the Minister for Sport’s statement of expectations with an appropriate statement of intent. There are management arrangements and governance bodies that give consideration to anti-doping matters. These include advisory bodies that have been established in accordance with the Sport Integrity Australia Act 2020. Governance bodies operate in accordance with legislative requirements or terms of reference, except for the declaration of interests on two key advisory bodies. SIA’s public performance reporting includes measures related to anti-doping. There is no performance reporting specifically related to anti-doping testing and investigations — a key regulatory function. There is no measure that goes to the effectiveness or efficiency of SIA’s anti-doping activities. Performance reporting on anti-doping in 2023–24 was not fully accurate. SIA reports integrity and anti-doping matters of significance to the Minister for Sport. (see paragraphs 2.2 to 2.20)

13. Sport Integrity Australia established a risk management policy in 2021, which was updated in 2023. Risk appetite statements provided in different documents are inconsistent. There is an enterprise risk register, which was last updated in November 2021. Operational risk registers for specific business areas or activities, including for anti-doping, are not maintained. SIA undertook a review of its risk management framework in 2024, which concluded that the risk management framework required ‘significant’ work to comply with the Commonwealth Risk Management Policy. SIA commenced a body of work to improve SIA’s risk management framework. There is a largely fit-for-purpose policy framework for regulatory capture risks, including risks arising from conflicts of interest; external employment; gifts, benefits and hospitality; and sports betting. The policies are poorly implemented. (see paragraphs 2.21 to 2.43)

Anti-doping prevention and detection

14. The Sport Integrity Australia Regulations 2020 establish the SIA CEO’s functions and powers in relation to anti-doping, which include sample collection and results management for ‘sporting administration bodies’, defined as ‘national sporting organisations for Australia’. SIA has established an Australian National Anti-Doping Policy (NAD Policy) that aligns with the World Anti-Doping Code and which, as of September 2024 had been adopted by 98 sporting organisations in Australia, including 87 national sporting organisations for Australia. Anti-doping policies for the remaining three national sporting organisations that have adopted alternative policies were not approved by SIA in a timely way using documented criteria.

15. SIA’s annual anti-doping activities are supported by approximately 300 full-time equivalent (FTE) and casual employees. Budgeted average staffing levels increased by six per cent for FTE staff and 17 per cent for casual staff between 2022–23 and 2024–25. The total number of anti-doping samples collected by SIA declined by 34 per cent between 2010–11 and 2022–23.

16. SIA provides anti-doping sample collection and analysis under two general funding models: government-funded and user pays. User pays arrangements involve partial cost recovery, an approach which was approved by government in March 2024. Six professional sports (Australian football, cricket, football (soccer), rugby league, rugby union and basketball) have mainly user pays arrangements. There are no documented criteria for when to apply which funding model, however SIA has advised that it depends in part on the sporting organisation’s ability to pay for its own anti-doping testing.

17. The average cost of testing increased in the five years to 2022–23 and decreased in 2023–24. SIA has assessed the value-for-money of its laboratory testing arrangements. (see paragraphs 3.7 to 3.24)

18. SIA has developed national anti-doping education plans in each year between 2021–22 and 2023–24, as required by the World Anti-Doping (WAD) Code and SIA Regulations. SIA’s 2023–24 national education plan is consistent with requirements of the WAD Code. Sport specific education plans were developed for all sampled sports except one in 2023–24, following failure to develop sport-specific education plans for one sampled government funded sport and most sampled user pays sports in 2021–22 and 2022–23. SIA has fit for purpose arrangements to evaluate the effectiveness of the national education plan. Evaluations have found that most deliverables and outcomes relating to the national education plan were met. SIA has evaluated sport-specific education plans. (see paragraphs 3.25 to 3.42)

19. SIA undertakes an annual anti-doping test distribution planning process that is consistent with the World Anti-Doping (WAD) Code for sports with mainly government funded testing arrangements. Evaluation of previous years’ plans (one component of the WAD Code requirements) to inform improvements to current year planning is not supported by a clear methodology and could be better documented. SIA alters (moderates) the results of the risk-based test planning process using an undocumented methodology.

20. SIA’s test distribution planning for sports with mainly user pays testing arrangements is deficient in terms of systematic risk analysis informing the total number and distribution of planned tests. The total number and distribution of tests are negotiated with national sporting organisations representing user pays sports under a service agreement. Testing arrangements for user pays sports do not fully cover the off-season and pre-season.

21. In a sample of 25 government funded and user pays sports/disciplines, SIA’s testing activities for 2023–24 were mostly consistent with its planned test distribution planning. The minimum levels of analysis required under the WAD Code were achieved for all but one government funded and one user pays sport. (see paragraphs 3.43 to 3.85)

Anti-doping investigations and response

22. SIA established an investigations manual in 2020, which as of September 2024 had not been updated to align with the Australian Government Investigations Standard 2022. Elements of AGIS requirements related to information and evidence management, investigative personnel and investigative practices could be better reflected in SIA’s framework for conducting investigations. Quality assurance processes for investigations have largely not been established.

23. Between 1 July 2021 and 30 June 2024, 144 anti-doping rule violation cases were recorded in SIA’s case management system, and 38 proceeded to an investigation or ‘administrative’ treatment. There is a lack of documented procedures for a type of case (non-analytical findings) and treatment of these cases was inconsistent.

24. Six of 38 investigations commenced between 1 July 2021 and 30 June 2024 lacked investigation plans, with no documented reason for five. SIA does not have a procedure for the preparation and service of disclosure notices to athletes, and disclosure notice practices were inconsistent. SIA did not follow up using established mechanisms on athlete non-compliance with disclosure notices. A brief of evidence adjudication was appropriately prepared for 19 of 26 investigations involving a brief of evidence. Of the 38 investigations commenced since 1 July 2021, 21 were finalised by 30 June 2024 (15 resulting in a sanction). SIA states that it prepares closure reports only for matters where the decision is ‘no further action’. Three of five investigations resulting in ‘no further action’ had a closure report. Closed investigations did not meet timeliness benchmarks. (see paragraphs 4.2 to 4.54)

25. Anti-doping rule violation sanctions imposed by SIA between 1 July 2021 and 30 June 2024 were largely consistent with WADA requirements. (see paragraphs 4.55 to 4.62)

Recommendations

Summary of entity response

26. The proposed audit report was provided to SIA. SIA’s summary response is reproduced below. The full response from SIA is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

Sport Integrity Australia welcomes the findings in the ANAO audit report on Sport Integrity Australia’s Management of the National Anti-Doping Scheme and agrees with the recommendations.

These recommendations will further contribute to our continuous improvement along with our obligations to implement and enforce rules and policies relating to anti-doping in Australian sport.

The National Anti-Doping Scheme provides Australia with the legislative basis to implement obligations under the UNESCO International Convention against Doping in Sport, and in turn, the World Anti-Doping Code (the Code). The Code, and its associated mandatory International Standards, create an important, but complex set of global expectations for all National Anti-Doping Organisations.

The World Anti-Doping Agency through its most recent Code Compliance process (2022–2023) found Sport Integrity Australia to be fully compliant with all aspects of the Code. Indeed, this process highlighted the capabilities of Sport Integrity Australia far exceed many other national anti-doping agencies.

The ANAO recommendations (noting the recommendations are limited to a small section of just one of the five relevant International Standards), are valuable as we look to continually improve our program. To this end, we have already begun taking steps to implement all recommendations.

Background

1. The Pharmaceutical Benefits Scheme (PBS) is an Australian Government scheme that subsidises the cost of a wide range of medicines for Australian residents and eligible overseas visitors. The PBS is enabled by the National Health Act 1953 (NHA) which regulates the listing, prescribing, pricing, charging and payment of subsidies for the supply of medicines and medicinal preparations as pharmaceutical benefits. The PBS Schedule, made under the National Health (Listing of Pharmaceutical Benefits) Instrument 2024, lists medicines subsidised under the PBS and outlines requirements for the provision of these medicines.

2. The objective of the PBS is to provide Australians with timely, reliable and affordable access to necessary and cost-effective medicines. The Department of Health and Aged Care (Health) is responsible for PBS policy and has a bilateral agreement with Services Australia to deliver PBS-related services and payments.

Rationale for undertaking the audit

3. The PBS is intended to ensure that Australians have timely, reliable and affordable access to medicines. The budgeted expenditure for the PBS for the 2024–25 financial year is $19.5 billion. This performance audit was conducted to provide assurance to Parliament that the PBS is being administered effectively.

Audit objective and criteria

4. The objective of the audit was to assess the effectiveness of the administration of the PBS.

5. To form a conclusion against the audit objective, the following high-level criteria were adopted:

• Has Health established appropriate governance and oversight arrangements for the PBS?
• Has Health established appropriate arrangements to manage the cost of the PBS?
• Have Health and Services Australia established effective arrangements to manage the delivery of PBS services and payments?

Conclusion

6. Health’s and Services Australia’s administration of the PBS is partly effective. While arrangements for managing the cost of the PBS are largely effective, there were deficiencies in arrangements for whole-of-program management and administering the delivery of PBS services and payments.

7. Health’s governance and oversight arrangements for the PBS are partly appropriate. Instruments for delegating statutory powers for administering the PBS have irregularities and anomalies. Health’s PBS Program Management Plan could be improved by including more detail on Health’s management arrangements for the PBS. Health has a largely appropriate bilateral arrangement with Services Australia to oversee its delivery of PBS services and payments. Health’s performance measurement framework for the PBS does not adequately measure and report on program outcomes. Health’s risk management focuses on shared administration risks with Services Australia and has not considered broader strategic risks to the PBS. While mechanisms are in place for stakeholder engagement on the PBS, Health has not conducted an analysis of stakeholder engagement needs or developed an overarching stakeholder engagement plan.

8. Health’s arrangements to manage the cost of the PBS are largely appropriate. Arrangements were in place to assess the cost-effectiveness of individual PBS medicines and manage the cost of listed medicines. Arrangements have been established to manage pharmacy remuneration through successive Community Pharmacy Agreements (CPAs), negotiated with the pharmacy industry, which Health supported through impact analysis for the eighth CPA signed in June 2024. Health has established processes for managing patient out-of-pocket costs and monitoring and forecasting the overall cost of the PBS. Health has not established arrangements to automate patient access to the Safety Net or engaged in horizon scanning analysis to anticipate potential future costs of new and novel medicines.

9. Health and Services Australia’s arrangements to manage the delivery of PBS services and payments are partly effective. Processes and systems for PBS claims processing are not fully effective at ensuring that legislative requirements for PBS claims are met, as Services Australia is not ensuring that PBS suppliers certify claims in accordance with legislative timeframes. While payment integrity is reviewed, it is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly met. The results are not included in Services Australia’s Annual Performance Statement. The provision of authority approvals is based on an automated system. There were differences in approval rates between authority applications made online and by phone, and Services Australia’s performance target for reporting on answering authority calls in its Annual Performance Statements does not align with the performance target agreed with Health in bilateral agreements. PBS Safety Net card claims and patient refunds are reliant on manual processes and timeliness performance measures have not been consistently met.

Supporting findings

Governance and oversight

10. Instruments that delegate powers and functions for administering the PBS have irregularities and anomalies. While Health has developed a Program Management Plan for the PBS, it does not adequately cover arrangements for managing PBS costs, stakeholder engagement and whole-of-program performance measurement. Health’s support to independent statutory bodies with responsibilities for the PBS could be improved by developing governance documentation for the Pharmaceutical Benefits Advisory Committee. (See paragraphs 2.3 to 2.24)

11. Health and Services Australia have established a Bilateral Management Arrangement, which includes bilateral agreements and bilateral governance arrangements that relate to the delivery of PBS services and payments.

• PBS-related program agreements were fit for purpose, with clear objectives and defined roles and responsibilities. All protocols supporting the bilateral arrangement were reviewed and updated between November 2023 and September 2024.
• While bilateral governance meetings have not occurred at the most senior levels, there has been regular engagement between the two entities at lower levels. Governance committees relevant to the PBS began considering risk, performance reporting, and updates to bilateral agreements in late 2023. (See paragraphs 2.25 to 2.35)

12. Health has one external performance measure for the PBS, which is not outcome focused and does not provide meaningful performance information to the Parliament or the public. Health receives monthly reporting from Services Australia on bilateral performance measures. It has not used this data to oversee Services Australia’s service delivery. Health does not provide any regular performance reporting on the PBS to the minister or its executive committee. (See paragraphs 2.36 to 2.54)

13. Health has not undertaken appropriate risk assessments or developed appropriate risk management plans for the PBS at the divisional or program level. Its risk assessments and plans do not adequately cover key program activities for which Health is responsible. Health’s shared risk management plan with Services Australia covers risks relating to the services and payments Services Australia delivers for the PBS. From late 2023, bilateral governance bodies began discussing operational risks relevant to the PBS. (See paragraphs 2.55 to 2.69)

14. Health’s arrangements for stakeholder engagement for the PBS include the provision of information through websites, invitation of written submissions from stakeholders on specific PBS issues, agreement-making with industry bodies, and hosting regular stakeholder engagement forums. These arrangements have not been informed by a systematic analysis of stakeholder engagement needs or an overarching stakeholder engagement plan or strategy. (See paragraphs 2.70 to 2.83)

Managing the cost of the PBS

15. Arrangements for assessing medicine cost-effectiveness outlined in the Guidelines for preparing submissions to the Pharmaceutical Benefits Advisory Committee have been followed. Health has complied with administrative procedures for listing medicines on the Schedule and agreeing medicine prices with sponsors. Health has negotiated deeds of agreement with medicine sponsors (covering special pricing arrangements and risk-sharing agreements) to minimise the cost of PBS medicines to government. Statutory price reductions are in place to decrease the cost of listed medicines. Medicines are delisted from the Schedule by medicine sponsors with no regular delisting process performed by Health. (See paragraphs 3.3 to 3.53)

16. The Australian Government has negotiated Community Pharmacy Agreements (CPAs) with the pharmacy sector to determine pharmacy remuneration for dispensing PBS medicines since 1990. CPAs offer flexibility to include terms such as the remuneration adjustment mechanism to mitigate unexpected expenditure for the Australian Government. The choice to negotiate a CPA rather than allowing remuneration to be set by an independent tribunal was not supported by adequate impact analysis for the seventh CPA. Health prepared an Impact Analysis for the eighth CPA, signed in June 2024, which supported continuation of pharmacy remuneration setting through a CPA. (See paragraphs 3.54 to 3.74)

17. Health has used monitoring data to model the impact of proposed changes to patient co-payment amounts and Safety Net thresholds on patient out-of-pocket costs. Based on this modelling, Health has provided advice to government on proposals to help patients achieve greater cost-savings through these mechanisms. Health has not established arrangements to automatically determine eligibility for the Safety Net. Health has estimated that 640,000 patients become eligible for the Safety Net each year but do not apply, foregoing $100 million in medicine subsidies. (See paragraphs 3.75 to 3.95)

18. Health has established arrangements for modelling the overall cost of the PBS and the impact of new medicine listings, and it provides advice to the government and Parliament through the annual Budget processes.

• Health has established a system to model PBS expenditure based on the current legislative requirements, which it uses to model the impact of new and amended medicine listings.
• Reporting on PBS expenditure is available through an annual report and reporting on Services Australia’s website.
• Health has not performed horizon scanning analysis to forecast PBS expenditure and identify potential policy changes. (See paragraphs 3.96 to 3.113)

Delivery of services and payments

19. Almost all claims (99.9 per cent) made by PBS suppliers are submitted through Services Australia’s Online Claiming for PBS system, which automatically assesses claims against legislative rules before processing advance payments. Due to an absence of controls to ensure advance payments to PBS suppliers are certified within statutory timeframes, over one-third of approved PBS suppliers have uncertified claims totalling $1.514 billion (as at 30 June 2024). Payment integrity is reviewed but is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly reported as met, but it is not included in public reporting. (See paragraphs 4.3 to 4.30)

20. A system to manage authority-required approvals has been established that is consistent with Health and Services Australia’s respective responsibilities under the PBS bilateral agreement. There are differences in approval rates depending on the method used by an applicant to apply for an authority. Reported results for the timeliness of authority approvals against performance measures set out in bilateral arrangements have largely not met targets. Services Australia reports in its Annual Performance Statement on the achievement of a performance measure target of answering authority calls within 15 minutes. This does not align with the target of answering authority calls, on average, in less than 30 seconds. (See paragraphs 4.31 to 4.52)

21. Services Australia has established processes and systems to manage PBS Safety Net and patient refunds. Both systems are reliant on paper-based application forms which are submitted by post and manually processed by Services Australia. The reliance on manual processing means that performance is sensitive to staffing numbers, which has meant timeliness performance measures have not been consistently met. Services Australia’s quality checking process for Safety Net claims does not provide accurate data on the reasons for rejecting Safety Net card applications to inform education or compliance activities. (See paragraphs 4.55 to 4.78)

Recommendations

Summary of entity responses

22. The proposed audit report was provided to Health and Services Australia. The entities’ summary responses are provided below, and their full responses are included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Department of Health and Aged Care

The Department of Health and Aged Care (the Department) welcomes the findings in the report. The Department notes the overall finding by the ANAO that the Department’s and Services Australia’s administration of the Pharmaceutical Benefits Scheme (PBS) is partly effective. The Department is committed to working towards implementing the recommendations in the report as a priority and is already taking steps to address key findings identified in the audit. The Department has also commenced engagement with its partner agency, Services Australia, to address key recommendations in relation to the delivery of the PBS payment arrangement.

The ANAO found that the department has largely appropriate arrangements to manage the cost of the PBS. The Department welcomes the finding that appropriate arrangements have been established for managing patient out-of-pocket costs for Australians and monitoring the overall cost of the PBS. The Department acknowledges the findings that arrangements have been implemented to assess and manage the cost of listed medicines and to manage pharmacy remuneration through successive Community Pharmacy Agreements, and that the bilateral arrangements with Services Australia to oversee delivery of Pharmaceutical Benefits Scheme services and payments are also largely appropriate.

Services Australia

Services Australia (the Agency) notes the findings of the report that the Agency’s arrangements to manage the delivery of the PBS services and payments are partly effective, having regard to certification of claims, reporting differences at the bilateral level compared to Annual Performance Statements, delegation instruments and PBS Safety Net.

The Agency welcomes the findings of the report and is committed to delivering the payments and services related to the PBS, which subsidises the cost of medicines for Australian residents and eligible overseas visitors. The Agency administers the PBS in accordance with the policy and legislation for which the Department of Health and Aged Care (Health) has responsibility. The Agency continues to work with Health to address the issue of uncertified claims and changes to delegation instruments in addition to expanding the work types to include PBS in its Annual Performance Statements for 2024-25.

The Agency agrees with the finding that the performance targets for answering authority calls is different for bilateral agreement and Annual Performance Statement purposes. Due to the expansive nature of the services it provides, reporting is done on a tiered basis for different purposes. The Agency continues to focus on reducing reliance on the PBS Authorities telephone line and increasing digital PBS authorities.

Background

1. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:

Conflicts of interest are also a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar of integrity architectures.¹

2. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out general duties of accountable authorities and officials of Australian Government entities.² The general duties related to conflicts of interest for an official include:

• not improperly using their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth or others³; and
• disclosing the details of any material personal interests that relate to the affairs of the entity.⁴

3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further detail on requirements for managing conflicts of interest.⁵ Under the PGPA Act, accountable authorities have a duty to establish and maintain appropriate systems of risk oversight and management and internal control.⁶ In addition, the PGPA Rule establishes a requirement for the accountable authority to take all reasonable measures to prevent, detect and deal with fraud and corruption relating to the entity.⁷

4. Boards of corporate Commonwealth entities (CCEs) are the accountable authority unless otherwise prescribed by an Act or the rules. Membership of boards can consist of both executive directors and non-executive directors. CCE boards are responsible for the operations of their entities.

5. The Department of Finance states:

Corporate Commonwealth entities generally have enabling legislation that establishes the scope of their activities and a multi-member accountable authority (such as a board of directors).

6. Specialist skills and expertise may be required to provide a suitable composition for a CCE board. The board members that are appointed to CCE boards in respect of their specialist skills or expertise can have inherent interests that exist as a consequence of their specialist experience. For example, they may be involved in industry associations or have duties to other organisations. These interests can conflict with their duties as a board member of a CCE.

7. The operations of boards for four CCEs were selected for examination as a part of this audit:

• the Australian Sports Commission (ASC);
• Food Standards Australia New Zealand (FSANZ);
• Infrastructure Australia (IA); and
• the National Portrait Gallery of Australia (NPGA).

Rationale for undertaking the audit

8. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties.⁸ Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosures and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.

9. Section 29 of the PGPA Act provides a duty to disclose material interests. CCE board members may have material personal interests that relate to their role as a member of an accountable authority. Board requirements for specific qualifications, skills and experience pose the risk that domain knowledge and industry familiarity may lead to conflicts of interest.

10. This audit was conducted to provide assurance to the Parliament that the boards of the four CCEs are effectively managing conflicts of interest.

Audit objective and criteria

11. The objective of the audit was to assess the effectiveness of the operations of the boards of four CCEs in managing conflicts of interest.

12. To form a conclusion against the objective, the ANAO examined:

• Have the boards developed appropriate arrangements to manage board conflicts of interest?
• Have the boards effectively managed board conflicts of interest consistent with their own policies?

13. The audit examined the operations of the boards of four CCEs in managing conflicts of interest over the period 1 July 2021 to 31 December 2023. The appointment process for board members was not examined as part of this audit.

Conclusion

14. The operations of the boards in managing conflicts of interest were largely effective. Arrangements for managing conflicts of interest were implemented by the boards in accordance with legislative requirements and documented by some of the boards in policies and procedural guidance. The effectiveness in implementing these arrangements were inconsistent across the boards which resulted in deficiencies in declaring and managing conflicts of interest by the boards. This reduced the overall effectiveness of the boards in their management of conflict of interest risks.

15. The boards have developed largely appropriate arrangements for managing conflicts of interest. All boards have implemented arrangements to support the declaration of interests by board members, including following their appointment and during the term of their appointment. The arrangements implemented by the boards were aligned to requirements in the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). The board of the NPGA did not have a conflict of interest policy that included managing conflicts of interest related to its board. The boards of the ASC and FSANZ had not developed conflict of interest management plans for board members holding other roles within the Australian Government. The boards have largely relied on board induction processes to provide training and education in relation to managing conflicts of interest. The boards had implemented varying arrangements to obtain assurance over the management of conflicts of interest relating to board members.

16. The boards were partly effective in implementing arrangements for managing board conflicts of interest consistent with their own policies. There were shortcomings in the operating effectiveness of processes for declaring and managing conflicts of interest across all boards. This included instances where: declarations of interest were not obtained from newly appointed board members in a timely manner; declarations of interests were not implemented as a standing agenda item at board meetings; and boards’ assessments of declarations of interest were not sufficiently documented to record whether the board had determined declarations to be material personal interests.

Supporting findings

Arrangements to manage conflicts of interest

17. The boards had identified and assessed fraud and corruption risks within their risk management frameworks. The board of IA had identified conflict of interest controls for its then board within its operational and fraud risk registers. (See paragraphs 2.3 to 2.14)

18. All boards had arrangements for board members to declare interests following appointment and at board meetings. The arrangements implemented by the boards were aligned to requirements in the PGPA Act and PGPA Rule. The ASC, FSANZ and IA boards had policies and procedural guidance to manage board conflicts of interest. The NPGA board did not have a conflict of interest policy that provided coverage of the board, with the exception of a policy for declaring, managing and overseeing board conflicts of interest related to the acquisition of works. The boards for ASC and FSANZ had not developed management plans for potential conflicts of interest relating to ex-officio board members that held other roles within the Australian Government. (See paragraphs 2.15 to 2.60)

19. The boards largely relied on board induction processes and related resources from the Department of Finance for promoting compliance with conflict of interest requirements. The boards for the ASC and FSANZ had developed guidance specific to managing board conflicts of interest. The FSANZ board provided board members with access to its learning management system, which included training related to conflicts of interest. The IA board had delivered training for board members that included a module on conflicts of interest. None of the boards had documented training plans for board members or arrangements for monitoring training undertaken by board members. The Department of Finance’s resources on managing conflicts of interest are not specific to boards of corporate Commonwealth entities. (See paragraphs 2.61 to 2.84)

20. None of the boards had implemented an assurance strategy or framework that was specific to, or provided coverage of, board conflicts of interest. All boards had developed some form of arrangement to obtain assurance over board conflicts of interest.

• The ASC board obtained attestations from its board members on compliance with section 29 of the PGPA Act and provided reporting to its audit committee.
• The FSANZ board maintains a centralised register of interests declared by board members that is published on its website.
• The IA board undertook an internal audit in 2018–19 that covered board conflicts of interest and conducted Australian Securities and Investments Commission register searches of board members’ interests in 2021 to confirm declarations.
• The NPGA board had undertaken a specific review of board declarations to update its register of interests for board members. (See paragraphs 2.85 to 2.105)

Effectiveness of conflict of interest arrangements

21. There were instances across all boards where processes for declaring interests were not operating effectively.

• The ASC, FSANZ and NPGA boards had instances where they held board meetings where declarations of interests were not included in agendas or obtained during board meetings.
• The ASC and NPGA boards had instances where they did not obtain declarations of interests from newly appointed board members in a timely manner.
• All boards did not sufficiently document their assessment of declared interests and whether they were considered to be material personal interests. (See paragraphs 3.3 to 3.24)

22. All boards had implemented induction processes for their board members that covered conflict of interest. The ASC’s board induction processes were updated to provide coverage of conflicts of interest for board members commencing from March 2022, but not all current members had received the guidance. The FSANZ, IA and NPGA boards had implemented additional training and education arrangements on conflict of interest obligations for board members. (See paragraphs 3.25 to 3.35)

Recommendations

Summary of entity responses

23. Extracts of the proposed report were provided to the ASC, the Department of Finance, FSANZ, IA and the NPGA. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the course of the audit are listed in Appendix 2.

Australian Sports Commission

Thank you for providing the Australian Sports Commission (ASC) with the opportunity to comment on the Australian National Audit Office (ANAO) proposed audit report on Management of Conflicts of Interest by Corporate Commonwealth Entity Boards.

The ASC acknowledges and accepts the key findings, recommendations and the opportunities for improvement presented in the Section 19 Report.

Department of Finance

The Department of Finance agrees the recommendation and findings provided in the report extract.

Food Standards Australia New Zealand

FSANZ acknowledges the importance of this audit to provide assurance to Parliament that the operations of Boards effectively manage conflicts of interest. In this context it is noted FSANZ is one of four entities (out of 74 CCE’s) assessed over the period July 2021 to December 2023.

The Board notes the audit’s findings that our arrangements for managing conflicts of interest align with the relevant legislation and are largely effective. As the independent agency responsible for the development of draft food standards for Australia and New Zealand, trust and confidence of decision-makers and stakeholders is important. The FSANZ Board takes a very conservative approach to managing conflicts of interest and, for transparency, we maintain and manage a register of all interests of Board members, regardless of whether they are classified as a material personal interest or not.

Infrastructure Australia

As the Australian Government’s independent adviser on nationally significant infrastructure investment planning and project prioritisation Infrastructure Australia values accountability, acting with integrity and upholding the highest ethical standards.

We appreciate the work of the ANAO which found that the boards of the four CCEs were largely effective in their management of conflicts of interest.

Infrastructure Australia accepts the recommendation that we strengthen our recording of the assessment and consequences of declared conflicts of interest. We have also commenced work to reflect the ANAO feedback on opportunities for improvement in administrative and management practices to strengthen our governance framework in relation to conflicts of interest.

National Portrait Gallery of Australia

The National Portrait Gallery (NPGA) welcomes the Australian National Audit Office’s (ANAO) report and accepts the recommendations made for the agency.

The report finds that the NPGA has developed largely effective arrangements for managing conflicts of interest for its the Board in accordance with legislative requirements.

The report identifies areas for improvement and makes two recommendations where the NPGA can take steps to strengthen its processes and assurance activities through update of its existing Conflict of Interest policy and processes. The NPGA agrees with, and is already taking steps to implement, these recommendations.

The NPGA also recognises the other areas of improvement identified in the Report, notably the expansion of assurance activities and the implementation of a Board training workplan. This will ensure that the NPGA is operating in alignment with government best practice in conflicts of interest management.

The NPGA thanks the ANAO audit team for their professionalism during the audit process.