Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
Currently showing reports relevant to the Community Affairs Senate estimates committee. [Remove filter]
Summary and recommendations
Background
1. The NDIS Quality and Safeguards Commission (NDIS Commission, or Commission) began operating on 1 July 2018. The powers and functions of the NDIS Quality and Safeguards Commissioner (NDIS Commissioner, or Commissioner), as regulator of the National Disability Insurance Scheme (NDIS) are set out in the National Disability Insurance Scheme Act 2013 (NDIS Act). The NDIS Commission regulates registered and unregistered NDIS providers (as defined in section 9 of the NDIS Act) and workers to improve the quality and safety of NDIS services and advance the human rights of people with disability.
2. The NDIS Commissioner’s core functions (set out in section 181E of the NDIS Act) include to secure compliance with the NDIS Act through effective compliance and enforcement; to engage in, promote and coordinate information sharing to achieve the NDIS Act’s objectives; and to provide NDIS market oversight by monitoring and mitigating market-related risks. The NDIS Act also sets out the Commissioner’s functions relating to provider registration and reportable incidents (section 181F); complaints management (section 181G); behaviour support oversight (section 181H); and establishing, operating and maintaining a worker screening database (section 181Y).
Rationale for undertaking the audit
3. The NDIS Commission is the regulator for the NDIS. The NDIS provides funding to a large number of participants — as at 30 June 2025 there were 739,414 NDIS participants with approved plans.1 The NDIS also forms a significant portion of government spending, with total scheme payments of $46.3 billion in 2024–25.2 The NDIS operating environment has been subject to a number of reviews in recent years, which have made a range of recommendations including seeking improvements in information sharing, provider registration, restrictive practices, complaints handling and compliance and enforcement arrangements. This audit provides independent assurance to Parliament over whether the NDIS Commission is effectively exercising its regulatory functions.
Audit objective and criteria
4. The objective of the audit was to assess the effectiveness of the NDIS Commission in exercising its regulatory functions.
5. To form a conclusion against the objective, the following criteria were adopted:
- Does the NDIS Commission have effective intelligence gathering and information sharing arrangements in place?
- Has the NDIS Commission developed a risk-based strategy to guide regulatory decision-making?
- Has the NDIS Commission effectively implemented risk responsive and proportionate monitoring, compliance and enforcement activities?
Conclusion
6. The NDIS Commission is partly effective in exercising its regulatory functions. The Commission does not have full visibility of the market it regulates. From 2023–24 to 2024–25 the total number of active providers grew by 25 per cent, with active registered providers and active unregistered providers growing by 15 per cent and 26 per cent respectively.3 In regulating a market that is expected to see continued growth in the number of participants and providers, the Commission’s effectiveness as a regulator would be improved by taking a risk-based approach to regulating the NDIS that is underpinned by quality data, and targets available resources to areas of greatest risk.
7. The NDIS Commission has partly effective intelligence gathering and information sharing arrangements in place. The Commission has established policies relating to information management and the management of personal information. The effectiveness of the Commission’s collection, correlation and analysis of intelligence has been impacted by limitations of the Commission Operating System (COS). The Commission engages with the disability sector and has documented arrangements to support information sharing with some government entities. These arrangements are not complete and are under review. The Commission does not have processes to ensure information disclosures meet legislative requirements.
8. Regulatory decision-making is not guided by a risk-based strategy. Since commencing operations in 2018 and becoming a national operation in 2021, the Commission has not established a framework for assessing, prioritising and managing risks of provider non-compliance. In the absence of a regulatory risk framework and assessment of regulatory risks, the Commission’s overarching compliance and enforcement approach and regulatory decision-making has not been informed by risk.
9. The Commission has implemented a range of compliance activities. It has not effectively implemented risk responsive and proportionate monitoring, compliance and enforcement activities. The Commission does not have oversight of all the NDIS providers delivering services in the market as there is no requirement for all providers to be registered. In the fourth quarter of 2024–25, 94 per cent of active providers were unregistered and received 42 per cent of plan managed NDIS payments.
- The Commission’s arrangements to monitor the market and provider compliance did not include arrangements to monitor and mitigate the risks of unplanned service withdrawal — a core function of the NDIS Commissioner under the National Disability Insurance Scheme Act 2013 (NDIS Act).
- The Commission undertook 9,520 compliance actions in 2022–23; increasing 3.73 times in 2023–24 to 35,519 compliance actions. Additionally, the Commission has seen large growth in the number of complaints received from 16,305 in 2022–23 to 29,054 in 2023–24. The NDIS Commission does not have quality assurance processes for compliance activities. In the absence of a quality assurance program the Commission is not able to assess its effectiveness in detecting and addressing non-compliance.
- The NDIS Commission had arrangements for executive oversight of annual performance although these were not fully executed. The Commission has developed a Planning and Performance Framework, but this does not address government expectations for regulators. Data reported in the Commission’s quarterly performance reports could not be reconciled with the data reported in the Commission’s 2023–24 Annual Performance Statements.
Supporting findings
Information gathering and sharing arrangements
10. The NDIS Commission has policies that set out its information management and privacy obligations in accordance with the Archives Act 1983 and the Australian Privacy Principles. The Commission has systems for storing, correlating and analysing information. These had not been sufficiently documented in accordance with the Commission’s Information Management Policy. COS has capability limitations and was assessed by the Commission as being non-compliant with Australian Government record keeping and metadata requirements. The Commission has conducted a range of activities to analyse information and intelligence gathered. A strategic framework or formalised processes have not been established for its analysis activities. The Commission has developed a data quality framework. The Commission has not implemented arrangements for assurance over the quality, accuracy, and completeness of the information held by the Commission. (See paragraphs 2.3 to 2.31)
11. The NDIS Commission has arrangements to share information with Australian Government entities, including the National Disability Insurance Agency (NDIA), and state and territory government entities. Documentation supporting these arrangements is not complete. The disclosure record for information shared does not meet the requirements of the National Disability Insurance Scheme Rules 2018. The NDIS Commission shares information and seeks feedback from the disability sector through stakeholder engagement committees and undertakes a range of activities to assist voluntary compliance. The NDIS Commission undertook stakeholder sentiment surveys in 2023 and 2024 to assist in assessing whether the activities of the Commission were meeting the needs of the sector. Responses to the 2024 survey indicated 24 per cent of respondents trusted the Commission ‘a lot’ or ‘completely’ to provide support if there are issues with NDIS services. Forty per cent of respondents ‘moderately’ trusted the Commission; and 18 per cent trusted the Commission ‘a little’ to provide this support. (See paragraphs 2.32 to 2.60)
Risk-based approach to regulatory decision-making
12. The Minister for the NDIS issued a Statement of Expectations to the NDIS Commissioner on 20 December 2022 and the NDIS Commissioner responded with a Statement of Intent dated March 2023. The NDIS Commission has not sought a new Statement of Expectations consistent with government expectations of regulators. The Commission published annual compliance priorities for 2019–20 to 2021–22, 2023–24 and 2024–25. The compliance priorities are not risk-based or informed by data and the Commission has not established arrangements to address or report on specific priorities. The Commission has an overarching approach to compliance and enforcement through the Regulatory Approach, Operating Model and Compliance and Enforcement Policy. These are not informed by risk. (See paragraphs 3.2 to 3.28)
13. The NDIS Commission has not implemented a framework for assessing and managing regulatory risk. In its Corporate Plans for 2023–24 and 2024–25, the NDIS Commission reported on the management of two enterprise risks relating to provider non-compliance and participant harm. The Commission assessed these risks under the Enterprise Risk Management Framework, which was designed to assess and manage the Commission’s operational risks. In August 2024, the NDIS Commission updated the Regulatory Approach with five risk priorities that create an unacceptable risk of harm for participants if not addressed. After these priorities were endorsed the Commission continued to have no overarching strategic approach to regulatory risk. (See paragraphs 3.29 to 3.45)
Monitoring, compliance, and enforcement
14. Compliance monitoring activities were not carried out under a risk-based strategy or work program. The Commission has not established or documented an approach to monitoring and mitigating the risks of unplanned service withdrawals — a core function of the NDIS Commissioner under the NDIS Act. (See paragraphs 4.3 to 4.34)
15. The NDIS Commission has established arrangements to detect and address non-compliance but does not have overarching procedural guidance for the end-to-end management of compliance matters. The Commission does not have quality assurance processes for compliance activities, including investigations. In the absence of quality assurance processes and up-to-date policies the Commission is unable to assesses its effectiveness in detecting and addressing non-compliance. (See paragraphs 4.35 to 4.64)
16. Arrangements were in place, but were not fully executed, for NDIS Commission senior executive oversight and the Audit and Risk Committee review of annual performance. Prior to March 2024, the NDIS Commission did not have a standardised framework to support Annual Performance Statement obligations. The Planning and Performance Framework does not address government expectations for regulators. Data reported in the NDIS Commission’s quarterly reports does not reconcile with the 2023–24 Annual Performance Statements. (See paragraphs 4.65 to 4.101)
Recommendations
Recommendation no. 1
Paragraph 2.25
To support intelligence and information analysis, the NDIS Commission implement:
- an overarching risk-based plan to guide information analysis and correlation activities; and
- guidance on establishing and conducting own motion inquiries.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 2
Paragraph 2.50
The NDIS Commission develop and implement a quality assurance process to meet legislative requirements and ensure completeness of the information disclosures record.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 3
Paragraph 3.6
The NDIS Commission:
- prepare for a refreshed Ministerial Statement of Expectations with close engagement with the appropriate minister and portfolio secretary; and
- prepare and issue a responding Regulator Statement of Intent in a timeframe consistent with the Direction to the NDIS Quality and Safeguards Commissioner under section 181K of the National Disability Insurance Scheme Act 2013 – No. 1/2023.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 4
Paragraph 3.27
The NDIS Commission:
- develop a process for setting compliance priorities to ensure they are risk-based;
- implement action plans to ensure that regulatory interventions are driven by compliance priorities;
- regularly report on compliance priorities and action plans, including publicly; and
- publicly outline its regulatory processes and decision-making criteria to support public understanding of how the Commission regulates the NDIS.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 5
Paragraph 3.41
The NDIS Commission develop, document and maintain a framework to assess, prioritise and manage regulatory risks. Regulatory priorities should be underpinned by risk assessment, data and evidence. The framework should articulate how identified risks are managed in line with well-defined risk tolerances, risk-profiling, and appropriate compliance actions.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 6
Paragraph 4.16
The NDIS Commission develop and implement an entity-wide compliance monitoring strategy, consistent with its Compliance and Enforcement Policy, that includes the monitoring activities the Commission intends to undertake, frequency of planned activities, links compliance monitoring activities to identified risks, and sets out reporting arrangements and intended results.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 7
Paragraph 4.31
The NDIS Commission:
- develop and document a strategy or plan that sets out the Commission’s approach to market oversight, including monitoring and mitigating the risks of unplanned service withdrawal; and
- works with the NDIA to update the joint operational protocol on market stewardship and oversight to include the Commission’s planned approach to market oversight developed in part (a) above.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 8
Paragraph 4.51
To provide assurance that the NDIS Commission is taking effective regulatory action using powers provided under the NDIS Act and meeting the requirements of the Australian Government Investigations Standards, the NDIS Commission implement quality assurance processes for complaints, reportable incidents, compliance matters and investigations.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 9
Paragraph 4.63
The NDIS Commission support staff to apply a consistent approach to compliance actions through:
- finalising fit-for-purpose policies and procedures for compliance actions; and
- developing guidance to assist staff with selecting and using the most suitable compliance tool for specific circumstances.
NDIS Quality and Safeguards Commission response: Agreed.
Recommendation no. 10
Paragraph 4.97
The NDIS Commission:
- implement measures to address errors in the Commission’s data holdings;
- ensure the accuracy of performance reporting in compliance with the PGPA Act and PGPA Rule, and address issues identified in relation to Annual Performance Statements for Commonwealth entities in line with expectations;
- accurately record and explain performance in line with regulator performance expectations; and
- disclose and provide written explanation for changes to and errors in publicly reported information to enhance the transparency and public confidence of performance reporting.
NDIS Quality and Safeguards Commission response: Agreed in principle.
Summary of entity response
17. The proposed audit report was provided to the NDIS Commission. The NDIS Commission’s summary response is reproduced below, and its full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
The NDIS Quality and Safeguards Commission (NDIS Commission) appreciates the work of the ANAO in assessing the Commission’s regulatory functions. The NDIS Commission is committed to improving its existing processes and becoming a formidable human rights regulator that applies an intelligence led risk-based, approach to its meet legislated outcomes.
The NDIS Commission acknowledges the findings of the report and agrees to action all recommendations and opportunities for improvement. The NDIS Commission has designed and is delivering a Data and Regulatory Transformation (DART) program that will provide access to reliable data and improve visibility of the market to support intelligence led risk-based regulation in alignment with ANAO report recommendations.
The NDIS Commission has taken steps to improve its regulatory processes through establishing a Risk-Based Regulation Prioritisation Model (the Model). The Model will provide a consistent approach to assessing risk and prioritising compliance activities. The NDIS Commission is applying a phased approach to implementation of the Risk-Based Regulation Prioritisation Model with its full roll out in October 2025.
The NDIS Commission will prioritise the establishment of a quality assurance framework to assess and continuously improve its regulatory processes. The NDIS Commission is committed to action all report recommendations to continue to protect and promote the rights, safety and wellbeing of people with disability and ensure a sustainable future for the NDIS.
Key messages from this audit for all Australian Government entities
18. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. The National Disability Insurance Scheme (NDIS) was established under the National Disability Insurance Scheme Act 2013 (NDIS Act) to fund reasonable and necessary supports for eligible people with disability to assist them in participating in economic and social life. NDIS participants have their supports costed and funded through a participant plan. The National Disability Insurance Agency (NDIA) was established under the NDIS Act to deliver the NDIS, and pays claims from participants and registered providers to fund NDIS supports in participant plans. In 2023–24, NDIS participant plan expenses totalled $41.85 billion, covering more than 661,000 participants. By 2033–34, NDIS expenses are expected to grow to $92.72 billion, covering more than 1,021,000 participants.1
2. The NDIA has defined compliance as ‘following the rules and standards of the NDIS and Australian laws’ and ‘doing the right thing and using NDIS funds in line with NDIS plans’.2 Types of claim non-compliance that have been identified through the NDIA’s fraud and non-compliance activities include: illegitimate or ‘ghost’ participants; claiming from expired plans; claiming from plans of participants who are incarcerated, in hospital or overseas for long periods (and thus ineligible for NDIS supports); claiming for services outside of plans; claiming for services that were not provided; claiming in advance of service delivery; overstating services, overcharging or duplicate charging; and double-dipping across government programs. The government has committed more than $495 million over eight years from 2021–22 to 2028–29 for the NDIA to address NDIS fraud and non-compliance.
Rationale for undertaking the audit
3. The NDIA paid out $41.85 billion for NDIS claims in 2023–24. In September 2023, the NDIA estimated that 6 to 10 per cent of these outlays could be for non-compliant, fraudulent or incorrect claims. The NDIA Board has a duty under section 16 of the Public Governance, Performance and Accountability Act 2013 to establish and maintain appropriate systems of risk oversight and management and internal control for the NDIA. It also has a duty under section 10 of the Public Governance, Performance and Accountability Rule 2014 (the Fraud and Corruption Rule) to take all reasonable measures to prevent, detect and respond to fraud and corruption relating to the NDIA (including deliberate non-compliance). There has been parliamentary interest in NDIS fraud and non-compliance and its impact on the sustainability of the NDIS. This audit was undertaken to provide assurance to the Parliament on the effectiveness of the NDIA’s arrangements for managing NDIS claim compliance.
Audit objective and criteria
4. The objective of the audit was to assess the effectiveness of the NDIA’s management of claimant compliance with NDIS claim requirements.
5. To form a conclusion against this objective, the following high-level criteria were adopted.
- Has the NDIA developed and implemented effective frameworks and processes to manage NDIS claim compliance?
- Has the NDIA implemented effective arrangements to oversee, monitor and continuously improve NDIS claim compliance?
Conclusion
6. The NDIA’s management of claimant compliance with NDIS claim requirements is partly effective. Prior to 2024, the NDIS lacked basic prevention controls for fraud and non-compliance. The NDIA is undertaking work to ‘crack down on fraud and non-compliant payments’, with tranche two of its Crack Down on Fraud program expected to be implemented by December 2025. If this work is delivered as planned, and embedded into business-as-usual activities, it has the potential to improve the financial sustainability of the NDIS.
7. The NDIA has partly effective frameworks and processes in place to manage claimant compliance with NDIS claim requirements and is implementing a large program of work to remediate identified deficiencies, with a target completion date of December 2025. The NDIA has not established a fit-for-purpose framework for managing NDIS claim compliance, although elements that could inform a more robust framework have been included in strategic planning documents for the NDIA’s Crack Down on Fraud program and the Fraud Fusion Taskforce. After identifying in 2023 that the NDIA was implemented with ‘catastrophically weak’ prevention controls, the NDIA has not yet established effective processes for preventing non-compliant claims. The NDIA has established processes to detect and respond to non-compliant claims, which are reviewing a small proportion of claims (0.4 per cent by dollar value) and detecting high levels of non-compliance (over 50 per cent by dollar value). The NDIA is working to improve the effectiveness of NDIS preventative and detective controls through the Crack Down on Fraud program, including introducing identity verification and claim validation processes and enhanced data analytics capabilities. Tranche one of the Crack Down on Fraud program was largely implemented on time and under budget. In April 2025, tranche two had an ‘amber’ status, with two June 2025 milestones identified as ‘at risk’ due to procurement delays.
8. The NDIA has implemented partly effective arrangements to oversee, monitor and continuously improve claimant compliance with NDIS claim requirements. While oversight and monitoring of NDIS claim compliance has been inconsistent, with frequent changes to reporting and oversight arrangements, a range of assurance mechanisms are in place for the Crack Down on Fraud program. The NDIA has not updated its risk assessments at the fraud and operational levels to reflect heightened claim compliance risks and identified gaps in existing controls. The NDIA has been measuring estimated payment error rates and has started reporting against compliance-related savings and benefits commitments. The transparency of its performance reporting to the government and the Disability Reform Ministerial Council could be improved. The NDIA is undertaking IT systems upgrades to improve its capacity to use data analytics to continuously improve NDIS claim compliance.
Supporting findings
Compliance frameworks and processes
9. The NDIA’s Compliance and Enforcement Framework (March 2020) and Fraud and Corruption Control Plan (July 2023) do not provide fit-for-purpose frameworks for managing claim compliance and do not delineate current accountabilities for compliance management. The NDIA Board is non-compliant with the Fraud and Corruption Rule as it has not endorsed an updated Fraud and Corruption Control Plan to meet the requirements of the new whole-of-Australian Government framework. The NDIA has developed a ‘program logic’ for the Crack Down on Fraud program and ‘strategic prevention concepts’ for the Fraud Fusion Taskforce that outline more appropriate control frameworks, as they include coverage of basic preventative controls for government payment schemes and are targeted to key non-compliance risks. The NDIA has not updated its broader compliance frameworks and related policies and procedures to reflect changes in its compliance approach. (See paragraphs 2.3 to 2.18)
10. The NDIS was designed and implemented (up until 2024) without basic prevention controls, such as clear claim requirements and robust identity verification and pre-payment validation processes. The NDIA commenced implementing activities to address these deficiencies in February 2024 through its Crack Down on Fraud program. Early program milestones were largely met, and the first tranche of the program was delivered largely on time and under budget. A large body of work to address prevention control deficiencies was still in progress as of April 2025 with a target completion date for tranche two of December 2025. In April 2025, the NDIA reported an ‘amber’ status for the program, due to procurement delays that had put the timely delivery of two milestones at risk. The NDIA has established other prevention controls, such as undertaking campaigns to improve compliance in targeted areas and providing educational information and guidance to claimants and NDIA staff. (See paragraphs 2.19 to 2.50)
11. The NDIA has established processes to detect and respond to non-compliant claims, including tip-off mechanisms, manual payment review processes and debt recovery. The NDIA has made improvements to its tip-off intake and assessment processes and is continuing to implement a tip-off redesign program. After the NDIA received advice in May 2023 that it was limited in its capacity to recover debts from non-compliant claims when supports were described generally in participant plans, the NDIA shifted its focus in 2024 from post-payment reviews to pre-payment reviews. The NDIA targets its manual pre-payment reviews based on ‘risk profiles’. These reviews cover a small proportion of NDIS outlays (0.4 per cent) and are detecting a high proportion of non-compliance (over 50 per cent of reviewed claims, by dollar value, are cancelled). The NDIA has identified deficiencies in its detection and response IT systems and is progressing work to improve its data analytics capabilities through the Crack Down on Fraud program, with a target completion date of December 2025. (See paragraphs 2.51 to 2.78)
Oversight, monitoring and evaluation
12. The NDIA’s oversight and monitoring of claim compliance has been inconsistent, with frequent changes to reporting and oversight arrangements. The NDIA consolidated integrity functions within a single group from January 2024 and established a Strategic Leadership Team sub-committee from October 2024 to March 2025 to oversee integrity functions, including claim compliance. Briefing on the status of integrity initiatives has been provided with varying frequency to the NDIA Board, other decision-makers and oversight committees. The NDIA has put in place a range of assurance mechanisms for the Crack Down on Fraud program, including regular assurance activities conducted by the program’s independent assurer. The NDIA has identified heightened claim compliance risks and significant gaps in existing controls. It has not updated its control assessments at the fraud and operational levels to reflect these identified control weaknesses. (See paragraphs 3.3 to 3.33)
13. The NDIA conducts assurance testing to estimate payment error rates and identify opportunities for continuous improvement. It does not have robust processes to monitor the implementation of identified improvement opportunities, and it has acknowledged that measured error rates underestimate fraud and non-compliance losses. In October 2023, the NDIA made commitments to the government to achieve savings and benefits from the Crack Down on Fraud program. The NDIA has not provided reporting against these commitments to the government or the Disability Reform Ministerial Council. The NDIA is implementing IT systems upgrades through the Crack Down on Fraud program, with a target completion date of December 2025, which aim to increase its capacity to use data analytics to support continuous improvement in claim compliance. (See paragraphs 3.34 to 3.60)
Recommendations
Recommendation no. 1
Paragraph 2.17
The National Disability Insurance Agency update its corporate compliance frameworks and related policies and procedures to reflect its compliance approach, delineate accountabilities for compliance management and outline how compliance activities are targeted to addressing key non-compliance risks.
National Disability Insurance Agency response: Agreed.
Recommendation no. 2
Paragraph 3.25
The National Disability Insurance Agency update its risk assessments at the fraud and operational levels to reflect known fraud and non-compliance risks and control weaknesses.
National Disability Insurance Agency response: Agreed.
Recommendation no. 3
Paragraph 3.40
The National Disability Insurance Agency:
- further expand the scope of its payment assurance testing to estimate the financial impacts of more complex fraud and non-compliance; and
- establish processes to monitor the implementation of recommendations from its root cause analysis of thematic issues identified through payment assurance testing.
National Disability Insurance Agency response: Agreed.
Recommendation no. 4
Paragraph 3.54
The National Disability Insurance Agency:
- report to the government and the Disability Reform Ministerial Council on progress against committed savings, benefits and performance measures from compliance initiatives; and
- in any reporting on savings and benefits from compliance initiatives, separately report estimated actual financial impacts and projected financial impacts and include explanatory notes on the assumptions underpinning projected figures.
National Disability Insurance Agency response: Agreed.
Summary of entity response
14. The proposed audit report was provided to the NDIA. The NDIA’s summary response is reproduced below. The full response from the NDIA is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
The NDIA appreciates the work of the ANAO in assessing the NDIA’s management of claimant compliance with NDIS claim requirements.
Over the last 2 years, the NDIA has been implementing an accelerated transformation to significantly improve the NDIA’s management of claimant compliance from a low level of maturity.
Committed to deliver integrity outcomes that detect, respond to, and prevent fraud and non-compliance against the NDIS, the NDIA secured and is implementing programs funded by the Fraud Fusion Taskforce and the Crack Down on Fraud Program. Our integrity transformation programs are focused on uplifting NDIA system capability, making it easier to get it right, and harder to get it wrong.
The scope of change has required agility and responsiveness, at scale and as the NDIA progressively implements transformation, it is building new capability through changes to law reform, technology uplifts, process uplifts and whole of government collaboration. The NDIA appreciates the ANAO’s acknowledgement of this progressive maturity journey, and the integrity outcomes that the NDIA continues to deliver.
The NDIA will continue to progressively implement transformational change to safeguard the NDIS and protect participants’ plans, safety and wellbeing. The changes aim to ensure participants have a positive NDIS experience and that the NDIS remains available to support Australians with disability when they need it.
Key messages from this audit for all Australian Government entities
15. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Policy/program design and implementation
Governance and risk management
Summary and recommendations
Background
1. An ‘interest’ is something related to an individual’s personal circumstances that may bring advantage to, or affect, that individual. Interests can include, but are not limited to: financial interests; relationships; employment, including past employment and outside employment; and memberships or affiliations.
2. A conflict of interest can occur when there is a conflict between the public duties and personal interests of a public official that could, or could be seen to, influence the decisions they make or advice they give. For example, an official may hold shares in a company that they are regulating or procuring goods and services from. Conflicts of interest can be real, apparent or potential. Real conflicts of interest occur when personal interests improperly influence officials in performing their public duties.
3. The Public Service Act 1999 sets out that the function of the Senior Executive Service (SES) is to provide APS-wide strategic leadership of the highest quality that contributes to an effective and cohesive APS.1 SES officers should, by personal example and other appropriate means, promote the Australian Public Service (APS) Values and compliance with the Code of Conduct.2 There are specific requirements for accountable authorities and SES employees in relation to the management of interests.3
Rationale for undertaking the audit
4. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties. Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosure and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.4
5. This audit was conducted to provide assurance to the Parliament whether the selected entities are effectively managing SES conflict of interest requirements.
Audit objective and criteria
6. The objective of the audit was to assess the effectiveness of selected Commonwealth entities’ management of Senior Executive Service conflict of interest requirements.
7. To form a conclusion against the objective, the ANAO adopted the following three high-level audit criteria.
- Have the entities developed appropriate arrangements to support the management of SES personal interests and conflicts of interest?
- Have the entities implemented effective controls and processes for managing SES annual declarations of interests in accordance with policies and procedures?
- Are SES officers effectively completing conflict of interest declarations for activities of heightened risk of conflict?
Conclusion
8. The Aged Care Quality and Safety Commission (ACQSC), the Australian Trade and Investment Commission (Austrade) and the Department of Home Affairs (Home Affairs) are managing conflicts of interest for SES officers in a largely effective manner. The entities’ management of conflicts of interest has generally improved since 2022. There are a number of initiatives underway to strengthen the framework for managing conflicts of interest across the Australian Public Service.
9. The audited entities have largely appropriate arrangements in place to manage the personal interests and conflicts of interest of SES officers. All entities have policies and procedures which identify interests as a matter requiring consideration. ACQSC and Austrade do not have documented procedures for managing accountable authority declarations to the relevant minister as required by the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). Home Affairs introduced a procedure in March 2025. All entities identify responsibilities for managing interests. Internal reporting on the completion of declarations and risks arising from declarations has not been undertaken. All entities include conflicts of interest in their enterprise risk registers or fraud risks. Each entity provides training on conflicts of interest within their mandatory training modules. Entities do not adequately monitor completion of this training. All entities communicate information and guidance on conflicts of interest to staff.
10. All entities have implemented partly effective controls and processes for managing SES declarations of interests. Not all SES officers are making declarations. There are limitations in the completeness of information included in declarations by officers, and demonstrated managerial review only occurred for some declarations. Records documenting management plans were not maintained by ACQSC until early 2024. All entities monitor completion of declarations and follow up non-compliant individuals. Between 2022 and 2024, the accountable authorities of ACQSC and Austrade did not make declarations to relevant ministers, as required. The ACQSC’s new incoming accountable authority made a declaration to the relevant minister in January 2025 and the Austrade accountable authority made a declaration in November 2024 and March 2025. The Home Affairs accountable authority has made declarations as required. ACQSC and Austrade included conflicts of interest in assurance activities between 2022 and 2024, and Home Affairs last did so in 2020–21.
11. Entities are partly effective with respect to SES officers completing activity-based conflict of interest declarations. Entities have generally established a requirement for officers to declare conflicts of interest for procurement, recruitment and grants administration activities. The requirement is weakened when there is no requirement for all officers to make a declaration, including for officers with nothing to declare. The ANAO found that officers from ACQSC and Austrade were generally making declarations for procurement as required. Home Affairs officers were not. Officers from all entities involved in grants administration activities are declaring as required. Results were mixed for recruitment activities. No entities had adequate arrangements in place for conflict of interest risks related to post-separation employment.
Supporting findings
Governance
12. ACQSC’s and Home Affairs’ Accountable Authority Instructions (AAIs) follow the model AAI content from the Department of Finance on the disclosure of interests. ACQSC’s AAIs give additional organisational context. Austrade’s instructions do not include the model content and make limited reference to the management of interests. All entities have supporting policies and procedures. Home Affairs’ policies and procedures provide insufficient detail on the annual SES declaration process. None of the entities had procedures supporting accountable authority declarations to the relevant minister. Home Affairs introduced such a procedure in March 2025. (See paragraphs 2.1 to 2.39)
13. All entities have clearly documented responsibilities identifying that individuals are required to make declarations. ACQSC and Home Affairs identify additional responsibilities for other roles including supervisors, managers and business areas responsible for overall management of interests. There has been no internal reporting undertaken within the entities in relation to the completion of annual interest declarations processes, except ACQSC commenced reporting in January 2025 to its internal governance forum. None of the entities analysed declarations of interests to assess and report on emerging risks. (See paragraphs 2.40 to 2.60)
14. All entities have considered conflicts of interest as part of broader integrity or legislative compliance risks. While risks associated with conflicts of interest are considered by all entities, only Home Affairs has documented the controls and control owners associated with enterprise risks. ACQSC’s register includes risk owners. Appropriate documentation of controls and control owners is absent in ACQSC and Austrade. All entities have considered conflicts of interest as a factor within their fraud and corruption control plans. Home Affairs has assessed conflicts of interest as part of its fraud and corruption risk assessments. (See paragraphs 2.61 to 2.77)
15. All entities have training on conflict of interest within their mandatory annual training. This training is not being completed by all SES officers. To help remind SES officers to complete their annual declarations, each of the entities provide officers with reminders. Information and assistance to support officers to comply with their obligations is also available within each entity. (See paragraphs 2.78 to 2.109)
Annual declarations of interests
16. Not all SES officers are completing annual declarations, with completion rates varying across entities. For ACQSC, the completion rate was 92 per cent in 2024. For Austrade, it was 99 per cent (when taking into account long-term leave and departures) and for Home Affairs it was 84 per cent. Completion rates have varied over time. Declarations generally contain sufficient information to understand the nature and extent of a declared interest, however an explanation of how the interest relates to the ‘affairs of the entity’ is not always sufficiently described. The accountable authorities of ACQSC and Austrade did not make declarations of their interests to the relevant minister as required. (See paragraphs 3.3 to 3.31)
17. None of the entities require that all annual declarations made by SES officers are subject to review. If an officer makes a ‘nil’ declaration, none of the entities have required declarations be reviewed. Home Affairs introduced a requirement in December 2024. Only declarations including an interest are subject to manager review. Management plans developed by Austrade officers document managerial review. Evidence of managerial review was lacking for plans developed by ACQSC and Home Affairs officers prior to 2024. (See paragraphs 3.32 to 3.48)
18. All entities monitor the completion of declarations of interests by SES officers. Where SES officers had not completed declarations, there was a process to follow up with relevant officers and their managers. ACQSC and Austrade undertook assurance activity through the inclusion of conflicts of interest within internal audits between 2022 and 2024. (See paragraphs 3.49 to 3.58)
Declarations of conflicts of interest for activity-based activities
19. Each entity requires that SES officers involved in procurement declare conflicts of interest. For ACQSC the SES officers involved in procurement made declarations as required. Eleven of 14 Home Affairs SES officers did not make declarations as required. From March 2025, Austrade has required that all officers involved in procurement activities make conflict of interest declarations. Before this, only officers who had a conflict to declare were required to make a declaration. As such, there were no records for the two Austrade SES officers in the ANAO sample demonstrating that they had considered conflicts of interest. (See paragraphs 4.5 to 4.8)
20. Austrade does not have a policy specifically relating to making conflict of interest declarations for grants administration. Home Affairs requires officers to disclose and manage conflicts of interest, however, there is a lack of supporting process. The three Austrade SES officers involved in grants administration activities assessed by the ANAO had made conflict of interest declarations. The 13 Home Affairs SES officers involved in grants administration had also made declarations. (See paragraphs 4.9 to 4.13)
21. Each of the entities requires that SES officers involved in recruitment declare conflicts of interest, except Home Affairs does not have a documented policy where the recruitment is for an SES officer. Within ACQSC, 38 per cent of SES officers involved in recruitment activities assessed by the ANAO did not make a declaration as required. Austrade does not require officers to make declarations if they have nothing to declare — 44 per cent of SES officers involved in the recruitment assessed by the ANAO made no declaration. Ninety-seven per cent of Home Affairs’ SES officers involved in recruitment made a declaration. Where conflicts of interest were declared, appropriate officers at the three entities were not always reviewing these and management actions were not always being put in place. (See paragraphs 4.14 to 4.39)
22. None of the entities have adequate policies and procedures to support the identification, declaration and management of conflicts of interest related to post-separation employment. Austrade has a declaration addressing conflicts of interest in its cessation checklist. The checklist was not completed by all departing officers. In addition, there was a lack of evidence to demonstrate that such conflicts of interest were considered for SES employees who had departed. (See paragraphs 4.42 to 4.50)
Recommendations
Recommendation no. 1
Paragraph 2.36
Aged Care Quality and Safety Commission and the Australian Trade and Investment Commission establish arrangements to support compliance with the requirements of the Public Governance, Performance and Accountability Rule 2014 relating to accountable authority (including acting accountable authority) declarations of interests to relevant ministers.
Aged Care Quality and Safety Commission response: Agreed.
Australian Trade and Investment Commission response: Agreed.
Recommendation no. 2
Paragraph 2.99
All entities monitor the status of mandatory training to ensure that it is completed within expected timeframes. Where completion is not timely, follow up action should be taken to ensure that requirements are met.
Aged Care Quality and Safety Commission response: Agreed.
Australian Trade and Investment Commission response: Agreed.
Department of Home Affairs response: Agreed.
Recommendation no. 3
Paragraph 3.18
Aged Care Quality and Safety Commission revise:
- guidance supporting annual declarations to ensure individuals making declarations sufficiently describe their roles and responsibilities; and
- its annual declaration form to require that annual declarations be refreshed in detail at regular intervals and specify a duration permitted for reliance on prior declarations.
Aged Care Quality and Safety Commission response: Agreed.
Recommendation no. 4
Paragraph 4.15
Aged Care Quality and Safety Commission update its form for making conflict of interest declarations in relation to recruitment to include a section to describe the nature and extent of a conflict and how it is intended to be managed, and to record acceptance by the panel chair or recruitment delegate.
Aged Care Quality and Safety Commission response: Agreed.
Recommendation no. 5
Paragraph 4.19
Australian Trade and Investment Commission revise its recruitment policy to require declarations of conflicts of interest in all instances, including where no conflict is present.
Australian Trade and Investment Commission response: Agreed.
Recommendation no. 6
Paragraph 4.23
The Department of Home Affairs document its approach to managing conflicts of interest for SES recruitment activities.
Department of Home Affairs response: Agreed.
Recommendation no. 7
Paragraph 4.46
Aged Care Quality and Safety Commission and the Department of Home Affairs update policies and procedures to include employee obligations to identify, declare and manage conflicts of interest related to post-separation employment.
Aged Care Quality and Safety Commission response: Agreed.
Department of Home Affairs response: Agreed.
Summary of entity responses
23. The proposed report was provided to ACQSC, Austrade and Home Affairs. Summary responses from the entities are reproduced below. Full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
Aged Care Quality and Safety Commission
The Aged Care and Quality Safety Commission (the Commission) welcomes the findings of the audit which align well with the uplift in our integrity policies and practices the Commission already had underway, and some of which were applied during the period of the audit.
The Commission agrees with the five recommendations relating to arrangements for the accountable authority to provide declarations to the Minister, monitoring compliance with mandatory training, ensuring declarations contain information about the person’s role and responsibilities, ensuring annual declarations are refreshed at regular intervals, updating our recruitment Conflict of Interest Form and updating policies and procedures to include post separation conflicts of interest.
The Commission had already commenced improving its conflict of interest processes as part of a wider integrity uplift prior to the audit and the learnings from this audit will continue to inform our integrity maturity uplift. Recommendations from the audit have been actioned with amendments being made to forms, policies and procedures.
Australian Trade and Investment Commission
The Australian Trade and Investment Commission welcomes the audit report and acknowledges the findings and recommendations made by the Australian National Audit Office in relation to the Management of the Senior Executive Services Conflict of interest requirements.
The Australian Trade and Investment Commission is committed to implementing the recommendations from the report. These improvements will further strengthen Austrade’s efforts to ensure all Senior Executive Service (SES) employees of the agency declare all conflicts of interest, and that all declarations are managed with integrity and consistent with legislative obligations.
Department of Home Affairs
All findings and recommendations are agreed. The Department of Home Affairs is committed to ensuring that appropriate processes are maintained for identifying and managing conflicts of interest. This is fundamental to maintaining public trust and confidence in our operations.
Mandatory training is currently in place for all staff and the department will establish follow up actions to ensure SES officers are meeting their mandatory training obligations within set timeframes. This will strengthen the current system of automatic reminders which are sent to both staff and their supervisors, and non-compliance reports that are provided to senior leaders.
The department has work underway to improve its conflict of interest process. This includes updating policies and guidance material and strengthening education. The department has already updated and strengthened procurement guidance and templates to ensure delegates are aware of their conflict of interest obligations throughout each stage of the procurement process. Formal procedures have also been implemented for the Senior Executive Service annual declaration of interest process.
Key messages from this audit for all Australian Government entities
24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. The Child Care Subsidy (CCS) is administered by the Department of Education (Education) under the Family Assistance Law (FAL), to assist families to meet the cost of early childhood education and care.
2. At a cost of $13.6 billion in 2023–24, CCS is one of the ‘fastest-growing major payments’ of the Australian Government, with forecast average annual growth of 5.5 per cent over 2024–25 to 2034–35. As of September 2024, CCS supported 1.45 million children to attend approved care. This equates to 32.6 per cent of all 0 to 13-year-olds in Australia.
3. Education has policy responsibility for the CCS, including the CCS special appropriation. Services Australia is accountable for delivering payment and ICT services on behalf of Education, and for prioritising the service delivery within its budget appropriation.
Rationale for undertaking the audit
4. The CCS was estimated to be one of the top 20 expense programs in 2024–25. Australian Government spending on CCS was $13.6 billion in 2023–24, of which an estimated 3.6 per cent ($484.1 million) was lost to incorrect payments, including fraud and non-compliance. Fraud and non-compliance reduces available funds for public goods and services.
5. This audit was conducted to provide assurance to the Parliament over the effectiveness of the management and oversight of compliance activities within the Child Care Subsidy program. This audit was identified as a priority by the Parliament’s Joint Committee of Public Accounts and Audit in the context of the ANAO’s 2023–24 Annual Audit Work Program.
Audit objective and criteria
6. The objective of the audit was to assess the effectiveness of the management and oversight of compliance activities within the CCS program.
7. To form a conclusion against the objective, the following high-level audit criteria were adopted:
- Have effective governance arrangements been established?
- Is the approach to compliance activities effective?
Conclusion
8. The management and oversight of compliance activities within the CCS is partly effective. Governance arrangements do not provide Education with whole of program oversight, and evaluation arrangements are only partly implemented. Although the payment accuracy rate improved in 2022–23 and 2023–24, and comprehensive prevention activities are in place, gaps in monitoring and enforcement are not being effectively managed.
9. Education has established partly effective arrangements to oversee CCS compliance activities. Committees accountable to a Senior Executive Service (SES) Band 2 within Education oversee its Child Care Subsidy Financial Integrity Strategy 2023–2027 (Integrity Strategy), which sets out its approach to risk based and data driven regulation of CCS providers and services, to be implemented from 2023 to 2027. To successfully complete its implementation of the Integrity Strategy, Education will need to improve its data quality in the Child Care Intelligence System (CCIS) and implement evaluation arrangements across the full suite of its compliance interventions.
10. Bilateral arrangements between Education and Services Australia are set out in a Statement of Intent and Program Delivery Services Schedule for Child Care Subsidy Program, which detail the objectives, governance, risk and issue management, roles and responsibilities and assurance obligations for CCS services. These arrangements do not provide Education with sufficient oversight of CCS compliance activities within Services Australia. Education has established a CCS Fraud and Corruption Risk Assessment (FCRA), but this is not supported by engagement with Services Australia over shared risks. Services Australia has not established a FCRA that includes CCS.
11. Education and Services Australia have established a partly effective approach to compliance activities. While Education and Services Australia have comprehensive arrangements to prevent non-compliance among providers and families respectively, deficiencies were identified in relation to monitoring, investigations and enforcement.
12. Services Australia is responsible for monitoring family compliance. It does not monitor non-employment activities, is unable to identify CCS-related matters within its tip-off data, and its income monitoring via the CCS reconciliation process is not consistent with the FAL, due to its reliance on lodged tax return data before a notice of assessment has been issued.
13. Education is responsible for monitoring provider compliance, and investigations and enforcement. It monitors whether providers continue to meet some conditions to administer CCS. It does not have assurance that all conditions are met, does not apply quality assurance across all monitoring and investigation activities, and does not investigate possible CCS provider overpayments identified while monitoring payment accuracy via the Random Sample Parent Check (RSPC). Its ability to effectively implement the Integrity Strategy is undermined by poor data quality in CCIS and a lack of cohesive enforcement strategy, which mean it is not able to assess whether decisions to take enforcement action are fair, impartial, consistent, or proportional.
Supporting findings
Governance arrangements
14. Education oversees CCS compliance activities via a Financial Integrity Governance Board (FIGB) and Financial Integrity Operational Committee (FIOC), that are accountable to the responsible SES Band 2. Education does not have visibility of compliance activities or risk management in Services Australia. Bilateral arrangements between the Department of Education and Services Australia are set out in a Statement of Intent between the Chief Executive Officer (CEO) of Services Australia and the Secretary of the Department of Education (Education Secretary). Under the Statement of Intent, the Program Delivery Services Schedule for Child Care Subsidy Program details the objectives, governance, risk and issue management, roles and responsibilities and assurance obligations for CCS services. These do not provide sufficient oversight of CCS compliance activities. (See paragraphs 2.3 to 2.26)
15. Education’s Integrity Strategy documents its approach to risk based and data driven regulation to be implemented from 2023 to 2027. To successfully complete its implementation of the Integrity Strategy, Education will need to improve its CCIS data quality. Although Services Australia’s annual CCS risk management plans document its approach to managing risk in the program, including compliance risk, there is no documented approach (either in Education’s Integrity Strategy or via Services Australia’s own program documentation) that provides strategic direction or describes how risk and data inform decision-making regarding Services Australia’s CCS compliance activities. Education has established a CCS FCRA, although information about the purpose, implementation status, and timeframes of risk treatments is not included. Risk identification, analysis and evaluation within the FCRA is not supported by engagement with Services Australia over shared risks. Services Australia has not established a FCRA that includes CCS. (See paragraphs 2.31 to 2.52)
16. Education monitors the effectiveness of the Integrity Strategy using payment accuracy data drawn from the RSPC and reporting against budget savings measures. As of March 2025, evaluations of compliance interventions have been planned but not yet implemented across the full suite of compliance interventions. Initial intervention evaluations and resulting adjustments for each team are due to be completed in 2025. As such, is not possible to effectively measure the impact of activities undertaken under the Integrity Strategy, or understand the relative contributions of different types of activities. (See paragraphs 2.53 to 2.70)
Approach to compliance activities
17. CCS program design, including the legislative framework administered by Education, has been strengthened to support compliance. Access to the program is managed via provider and individual application processes by Education and Services Australia respectively. Both entities provide appropriate information to stakeholders via a range of sector guidance, communications and advice. Education engages regularly with sector representatives and has commenced work to improve the capability of Family Day Care (FDC) providers to comply with their obligations under the FAL. (See paragraphs 3.2 to 3.19)
18. Education and Services Australia monitor family and provider compliance with the FAL using family income, sessions of care information from providers, electronic funder transfer (EFT) provider audits, and manual checking of provider reporting. These controls focus on incorrect session reporting resulting in incorrect payment. Education does not have assurance that certain other requirements, such as fit and proper person requirements, are met after initial CCS approval has been granted. Where non-compliance is suspected, Education may choose to conduct an administrative or criminal investigation. Services Australia’s use of data for checking family income is not consistent with the FAL, and there are deficiencies in Education’s record keeping, monitoring of ongoing provider and service eligibility for CCS, and quality assurance arrangements in both EFT provider audits and investigations. Services Australia’s collection of tip-off information does not effectively support the identification of CCS matters. (See paragraphs 3.22 to 3.62)
19. Education imposes fines, debts, conditions on approval, suspension and cancellation of approval, and refers matters for criminal prosecution as part of its work to enforce compliance with the FAL. Education does not have a policy to guide decisions on whether, and in what circumstances, to take enforcement action, and enforcement strategy has not been considered by the FIGB. Without cohesive policy guidance for staff, Education is unable to assess whether decisions to take enforcement action are fair, impartial, consistent, or proportional. From 2022–23 to 2023–24, across the CCS, Education withdrew $473,010 (42.2 per cent of the total $1.1 million) of fines issued, raised and recovered 11 compliance-related debts valued at $59,648 (0.9 per cent of the total $6.4 million) and identified but did not investigate 970 potential overpayments with a total value of $106,375. (See paragraphs 3.63 to 3.80)
Recommendations
Recommendation no. 1
Paragraph 2.22
The Department of Education and Services Australia review and revise arrangements giving effect to the Statement of Intent and subordinate documents to ensure sufficient oversight of shared regulatory activities is provided.
Department of Education response: Agreed.
Services Australia response: Agreed.
Recommendation no. 2
Paragraph 2.62
The Department of Education strengthen its approach to implementing evaluation of the effectiveness of compliance interventions, to cover all interventions in the Child Care Subsidy Financial Integrity Strategy 2023–2027.
Department of Education response: Agreed.
Recommendation no. 3
Paragraph 2.68
The Department of Education, in consultation with Services Australia:
- develop a program-level CCS compliance and enforcement strategy including:
- approaches to coordination;
- governance;
- risk management;
- reporting between the entities;
- reporting of savings outcomes against targets; and
- performance and impact measurement, review and evaluation.
- ensure a version of the strategy is published on each entity’s website.
Department of Education response: Agreed.
Services Australia response: Agreed.
Recommendation no. 4
Paragraph 3.28
Services Australia work with the Department of Education to review and revise its arrangements for collecting and reporting information about Child Care Subsidy compliance-related matters, including tip-offs, risk assessments and controls, and investigations, to ensure sufficient information is provided to the Department of Education to oversee compliance activities.
Department of Education response: Agreed.
Services Australia response: Agreed.
Recommendation no. 5
Paragraph 3.61
The Department of Education review whether its electronic investigation management system (EIMS) is fit for purpose and enables staff undertaking compliance related work to meet all requirements of legislation.
Department of Education response: Agreed.
Recommendation no. 6
Paragraph 3.73
The Department of Education seek independent legal advice from the Australian Government Solicitor regarding its obligations (under the Family Assistance Law and other relevant legislation such as the Privacy Act 1988) in respect to possible Child Care Subsidy provider overpayments identified while monitoring payment accuracy using the Random Sample Parent Check.
Department of Education response: Agreed.
Recommendation no. 7
Paragraph 3.79
The Department of Education update operational policies and procedures to:
- improve compliance related record keeping;
- ensure quality assurance and review arrangements are in place across relevant teams; and
- establish program-level investigations and enforcement policies to support fair, well documented, consistent, and proportional decision-making, and conflict-of-interest management.
Department of Education response: Agreed.
Summary of entity responses
20. The proposed audit report was provided to the Department of Education and Services Australia. The summary responses are reproduced below and the full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Department of Education
The Department of Education (the department) acknowledges the Australian National Audit Office (ANAO) performance audit on the management and oversight of compliance activities within the Child Care Subsidy (CCS) program.
The management and oversight of compliance activities plays an important role in ensuring the proper use of CCS and the achievement of program outcomes. In the 2023–24 financial year, the department’s integrity activities resulted in the highest accuracy rates in provider claims for CCS on record, exceeding the program target.
These are substantial achievements, testament to the department’s commitment to strong regulation of CCS approved providers and its obligations under the Resource Management Guide-128.
The department is progressing a large work program to strengthen and further mature the delivery of its CCS compliance activities under the CCS Financial Integrity Strategy 2023–27. The department agrees with the seven recommendations and will address these as part of its ongoing commitment to strengthen the management and oversight of CCS compliance activities.
Services Australia
Services Australia (the Agency) welcomes the ANAO report on Management and Oversight of Compliance Activities within the Child Care Subsidy (CCS) Program. The Agency notes the report findings, including that management and oversight of compliance activities within the CCS Program are partly effective.
The Agency’s focus is on efficiently and effectively delivering payments and services to the Australian community, and compliance and program integrity are important aspects of this work. The Agency’s strategies, performance measures, and governance arrangements are focussed on ensuring the right payment to the right person at the right time.
The Agency is committed to continually improving its internal and external governance arrangements, performance monitoring and reporting, compliance activities, and guidance and support to staff to ensure the integrity of the CCS Program.
Key messages from this audit for all Australian Government entities
21. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Program design
Performance and impact measurement
Summary and recommendations
Background
1. Corporate organisations, including in the public sector, often have a board responsible for their governance. The Australian Institute of Company Directors (AICD) refers to governance as the systems that direct and control — or govern — an organisation1:
Governance enables authority to be exercised appropriately and for the people who exercise it to be held to account. Good governance is about the effective way decisions are made and power is exercised within an organisation.
2. In March 2025, 74 Australian Government organisations have a body corporate status — known as corporate Commonwealth entities (CCEs). The governing board of a CCE is often the entity’s accountable authority with specific responsibility for ‘leading, governing and setting the strategic direction’ for the entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).
3. Boards of Australian Government entities must govern in a way that complies with the requirements of any enabling legislation, the Commonwealth finance law (which includes the PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule)), and other applicable laws and requirements.
4. Organisations, including CCEs, with governance boards vary significantly by function, and governance boards may also vary in their composition, operating arrangements, independence and subject-matter focus, depending on the specific requirements of their enabling legislation and other applicable laws.
5. The National Disability Insurance Scheme (NDIS), established in 2013 under the National Disability Insurance Scheme Act 2013 (NDIS Act), provides funding for planned supports for NDIS participants — people with permanent and significant disability. Commonwealth, state, and territory governments jointly fund the NDIS under bilateral arrangements.
6. The National Disability Insurance Agency (NDIA) is responsible for delivering the NDIS under the NDIS Act and is a CCE. The Board of the NDIA (the Board) is the accountable authority of the NDIA.
Rationale for undertaking the audit
7. The NDIS is a demand-driven program. In 2023–24, the NDIA’s participant plan expenses were $41.85 billion, 19 per cent higher than in 2022–23, making this the largest area of Australian Government expenditure managed by the board of a CCE and also the fastest growing Australian Government payment. In May 2024, Budget Paper No. 1 for the 2024–25 Budget stated, ‘NDIS Commonwealth funded participant payments growth is expected to average 9.2 per cent per year over the projections period’ (to 2034–35).23 With over 692,000 Australians registered as NDIS participants as at 31 December 2024, the NDIA is also an organisation with a direct impact on the lives of a major cohort of vulnerable Australians.
8. This audit topic provides independent assurance to Parliament on the effectiveness of the Board of the NDIA’s governance.
Audit objective and criteria
9. The objective of the audit was to assess the effectiveness of the governance of the Board of the NDIA.
10. To form a conclusion against the objective, the ANAO examined:
- Are the Board’s arrangements consistent with relevant legislative requirements for effective governance?
- Does the Board have fit-for-purpose arrangements to support sufficient oversight of the entity’s operations?
11. The ANAO analysed the Board’s governance for the period 1 July 2021 to 30 June 2024.
Conclusion
12. The Board’s governance was largely effective. The Board could strengthen its overall governance of the NDIA and the NDIS by setting clear requirements for additional strategic reporting to it on the progress of the implementation of financial sustainability initiatives. The Board’s practice of seeking further information and assurance from management where results are below targets, or other issues or risks are reported, was maturing but not consistent across the Board’s and its committees’ meetings.
13. The Board’s governance and administrative arrangements are largely consistent with relevant legislative requirements for effective governance. Board appointments are in accordance with legislative requirements and Board meetings are properly constituted. Management plans are not consistently developed for Board members’ declared real or apparent conflicts of interest.
14. The Board has a largely fit-for-purpose charter and has established committees that support it though reviewing relevant management reports and products before these are submitted to the full Board. A Sustainability Committee provides support for the oversight of actuarial reporting and NDIS financial sustainability. The Strategic Directions and Participant Outcomes Committee did not provide the Board sufficient advice against its broad charter functions, including advice on NDIA priorities.
15. Prior to March 2024, the Audit Committee structure limited its ability to provide the required range of independent advice and assurance to the Board, with risk oversight managed by a separate Risk Committee and reliance placed on the committees and Board informally sharing information. A combined Audit and Risk Committee (ARC), in place since March 2024, supports the Board by reviewing all required areas of reporting on NDIA finance, performance, risk and internal control. None of the committees provide written advice to the Board.
16. The Board has established partly fit-for-purpose arrangements to oversee NDIA operations. The Board had regard to advice and reports from the Scheme Actuary, the Independent Advisory Council and the ARC. Decision records did not always show the Board’s consideration of relevant legislative criteria. As reporting on regulatory compliance was aggregated, it lacked detail, and the Board did not always respond to indicators of non-compliance. Requirements of the National Disability Insurance Scheme—Risk Management Rules 2013 were not all met. The Board monitored and received reporting from the NDIA on NDIS sustainability and fraud risk. The Board has not directed strategic reporting on reforms to assure itself that the NDIA will fulfil the Australian Government’s commitments to moderate growth in NDIS expenses.
17. The Board has arrangements to meet PGPA Act requirements relating to governing the NDIA, systems of risk control, cooperation with others and reporting to the Minister for the NDIS. When reports on areas of poor performance or other issues are provided, the Board and its supporting committees could improve its governance by consistently seeking further information or assurance from management. Consistently seeking additional information would support the Board to mature further into a strategic role.
Supporting findings
Board governance and structure
18. Board member appointments between July 2021 and June 2024 complied with relevant NDIS Act requirements. The Department of Social Services (DSS) maintained records of appointments and advised the minister on current and upcoming vacancies. (See paragraphs 2.2 to 2.22)
19. Board meetings were properly constituted, and sufficiently frequent, with records maintained. The Board had not set guidance for the use and records of ‘in camera’ sessions. Inaccurate remuneration payments were made to Board members in 2022–23 and 2023–24. (See paragraphs 2.23 to 2.39)
20. A register of Board member interests was updated regularly. Of the seven declared interests identified by members as potential or actual conflicts, one had a documented management strategy. Conflict of interest procedures were largely followed for scheduled Board meetings; they were not consistently followed for out of session meetings or decisions without meetings. (See paragraphs 2.40 to 2.57)
21. The Board has established committees to support the governance of the NDIA. The charters for committees could be improved to set out voting requirements, the extent of delegated authority, and specify requirements for making decisions without meetings. The ARC charter could be improved by specifying who cannot be a member of the committee. The Board has not documented which NDIA policies require its approval. (See paragraphs 2.58 to 2.84)
22. The role of the committees is to provide advice to the Board on: the financial sustainability of the NDIS (Sustainability Committee); and the objectives, strategies, and policies to be followed by the NDIA, with a dedicated focus on participant outcomes (Strategic Direction and Participant Outcomes Committee). In March 2024, the Audit Committee and Risk Committee were merged into the ARC — its role is to review and advise on the appropriateness of the NDIA’s financial and performance reporting, systems of risk oversight and management, and systems of internal control. Committee membership was largely consistent with charter requirements. (See paragraphs 2.85 to 2.121)
23. Each committee receives relevant reporting according to its function and gave verbal updates and meeting minutes to the Board. The committees have not always provided written advice on critical and high-risk areas that require further Board consideration and direction, and it is unclear if the committees’ verbal updates and meeting minutes provided assurance and assisted with informing decision-making and the efficient running of the Board. (See paragraphs 2.85 to 2.121)
Oversight of compliance and performance
24. The Board has issued Accountable Authority Instructions and guidance to NDIA officials to support legislative compliance. The Board made CEO appointments and had regard to advice from the Independent Advisory Council, Scheme Actuary and ARC, consistent with NDIS Act requirements. (See paragraphs 3.3 to 3.19)
25. Reporting to the Board on regulatory compliance is aggregated which reduced the Board’s visibility of the adequacy of internal controls. The Board did not respond to senior executive advice that they could not give full assurance over their regulatory compliance obligations. The Board provided annual risk management declarations, as required by the NDIS Risk Management Rules 2013. The Board did not review its Risk Management Framework or receive sufficient reporting on NDIA risk culture, resourcing and control effectiveness, as required. (See paragraphs 3.20 to 3.47)
26. The Board has monitored NDIS financial sustainability and NDIS fraud risk. This included consideration of draft reform initiatives proposed to address increasing NDIS expenses. It is not clear if the Board provided NDIA management with direction on reform initiatives proposed before these were included in advice to government. The Board receives regular updates on the progress of reform activities. It is not clear if the Board has been active in directing reporting on reform deliverables to assure itself that the NDIA will fulfil the Australian Government’s NDIS Financial Sustainability Framework commitments. (See paragraphs 3.48 to 3.83)
27. Corporate plans largely complied with PGPA Rule requirements, and the Board approved the performance measures in corporate plans prior to their publication. Eleven of the NDIA’s 19 measures for the 2023–24 Annual Performance Statements satisfied relevant PGPA Rule requirements. The performance measures for 2023–24 did not reflect the NDIA function of managing NDIS financial sustainability, although new measures in the 2024–25 corporate plan relate to this function. (See paragraphs 3.84 to 3.114)
28. The Board received and discussed regular reporting on results against corporate plan performance measures, although it did not consistently seek further detail or assurance where internal reporting indicated poor results or potential issues with reporting mechanisms. (See paragraphs 3.84 to 3.114)
Recommendations
Recommendation no. 1
Paragraph 2.56
The Board of the National Disability Insurance Agency document how it manages conflicts of interest, including those arising from members who declared personal interests as NDIS participants, family members of participants, members of disability organisations, and/or employment with NDIS providers or consultancies providing services to the NDIA.
National Disability Insurance Agency response: Agreed.
Recommendation no. 2
Paragraph 3.37
The Board of the National Disability Insurance Agency define the frequency of review of the Risk Management Framework having regard to the size and complexity of the NDIA’s operations and implement mechanisms to ensure the reviews are conducted within these timeframes.
National Disability Insurance Agency response: Agreed.
Recommendation no. 3
Paragraph 3.113
The Board of the National Disability Insurance Agency, including through its committees, strengthen its oversight of entity performance by more consistently responding to management reporting with requests for relevant further information, reporting or assurance from management where results are below targets, assumptions are unclear, or other issues or risks are raised.
National Disability Insurance Agency response: Agreed.
Summary of entity responses
29. Copies of the proposed report were provided to the NDIA and DSS. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the audit are listed in Appendix 2.
National Disability Insurance Agency
The National Disability Insurance Agency (NDIA) welcomes the ANAO’s assessment that NDIA Board’s governance is largely effective. We note the ANAO conclusions that governance arrangements are largely consistent with its legislative requirements; that Board appointments are in accordance with legislative requirements; and Board meetings are properly constituted.
The NDIA Board acknowledges the importance of having clear and specific guidance and governance processes in relation to the Board’s responsibilities, including how these are executed. The Board has recently updated key artefacts that relate to Board practices and processes that the ANAO has identified as areas for improvement. This includes updating the Board and/or Committee charter to include clarification on the use of in camera sessions, management of conflicts of interest, and how the Audit and Risk committee provides advice to the Board.
As noted in the report, the Board approved a workplan for 2025 which identifies key artefacts required to fulfill the Board’s statutory obligations. The Board also has standing items for areas that Board has identified as either requiring monitoring or of particular interest to the Board. The Board acknowledges there is an opportunity to provide management with clarity regarding the Board’s expectations regarding strategic reporting on key programs, additional reporting where targets are not being met, and the policies and documents that the Board should approve or have oversight over.
Department of Social Services
The Department of Social Services (the Department) welcomes the Australian National Audit Office (ANAO) report on the Effectiveness of the Board of the National Disability Insurance Agency.
The Department notes the report’s three recommendations refer to the Board of the National Disability Insurance Agency.
The Department notes the key messages from this audit for all Australian Government entities, including considering whether key stakeholders and decision makers have specific accessibility requirements and producing relevant documents in accessible formats.
Key messages from this audit for all Australian Government entities
30. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Summary and recommendations
Background
1. In 2015, the Australian Government introduced the Commonwealth Home Support Programme (CHSP). CHSP services include meals, cleaning, garden maintenance, transport and aids. The CHSP meals service category aims to ensure food security and nutritional and social benefits for older Australians. The Department of Health, Disability and Ageing (Health) is responsible for administering CHSP.
2. CHSP service providers receive funding through Australian Government grants and client contribution fees. In 2023–24, CHSP grants totalled $3.1 billion, making CHSP one of the Australian Government’s largest grant programs. In 2023–24, the Australian Government funded 1,264 CHSP providers, 71 per cent of which were not-for-profit organisations. The value of grant funding awarded for the CHSP meals service category totalled $114.3 million across 540 meal providers in 2023–24.
3. Meals on Wheels is a volunteer-based meals delivery service to people at home ‘who are unable to cook or shop for themselves’ or ‘living with an illness or disability’.1 Meals on Wheels Australia Limited (MoWA) is the national peak body that represents and advocates for providers that are members of the Meals on Wheels (MoW) network. In 2023–24, 135 of 540 (25 per cent) CHSP meal providers were affiliated with the MoW brand. MoW providers received $45.4 million in CHSP grants in 2023–24.
4. The Australian Government responded to the 2021 Royal Commission into Aged Care Quality and Safety’s recommendations relating to in-home aged care through a number of measures, including the design of a new Support at Home Program.2 The Support at Home Program will bring together three in-home aged care programs, including CHSP, under a single program. CHSP is due to transition to the Support at Home Program no earlier than 1 July 2027. Under the Support at Home Program, providers will be required to invoice the Australian Government based on services provided and will receive payment after services have been delivered (a fee-for-service model).
5. The Future Fit Program aimed to improve MoWA’s organisational capability, including how it captures data on meal delivery services and accounts for aged care social outcomes associated with the MoW operating model. Health procured Miles Morgan Australia using CHSP funds to deliver the Future Fit Program.
- On 23 December 2021, Health contracted Miles Morgan Australia to deliver ‘strategic business transformation advice and services’ for $5,487,191.3 The project was to be concluded with a final report on 18 January 2023.
- On 4 October 2022, a contract variation with Miles Morgan Australia increased the 2021 contract value by $1,560,900, for a total cumulative value of $7,048,091. A key element of the variation was a customer relationship management (CRM) software system for the MoW network. The timeframe for delivery of the Future Fit Program final report was extended to 1 November 2023.
- On 19 January 2024, Health contracted Miles Morgan Australia to ‘transition’ meals operations in the Whitehorse Local Government Area (LGA) in Victoria. The value of this contract was $1.69 million, for a total cumulative value of $8.74 million across all three Future Fit Program contracts. A final report was to be delivered on 8 March 2024, and the contract stated that all work was to be completed by 10 March 2024 (with a provision for unanticipated delays to 31 May 2024).
6. This audit covers governance, procurement and contract management of the Future Fit Program between December 2021 and May 2024.
Rationale for undertaking the audit
7. In 2023–24, the Australian Government provided $3.1 billion in funding to 1,264 CHSP providers, making it one of the Australian Government’s largest grants programs. Over 800,000 Australians used CHSP services in 2023–24.4 CHSP is transitioning to the Support at Home Program no earlier than 1 July 2027. The Future Fit Program involved $8.74 million in procurement payments to Miles Morgan Australia to support Meals on Wheels Australia and the Meals on Wheels network to prepare for the transition from CHSP to the Support at Home Program.
8. This audit provides the Parliament with assurance on whether Health’s administration of the Future Fit Program was effective.5
Audit objective and criteria
9. The audit objective was to assess the effectiveness of Health’s administration of the Future Fit Program.
10. To form a conclusion against the audit objective, the following high-level criteria were adopted:
- Has Health established sound governance arrangements to support the delivery of the Future Fit Program?
- Has Health conducted procurements for the Future Fit Program effectively?
- Has Health managed the Future Fit Program contracts effectively?
Conclusion
11. Health’s administration of the Future Fit Program was ineffective. Poor project governance, procurement practices that were not aligned to the Commonwealth Procurement Rules, and weak contract management impeded the achievement of the Future Fit Program’s objectives. Health has not evaluated the Future Fit Program to determine if the project has resulted in the Meals on Wheels network being in a better position to transition to the new Support at Home Program.
12. Health did not establish sound governance arrangements to support the delivery of the Future Fit Program. Health did not maintain appropriate oversight of the project. Health did not appropriately identify and manage project risk. Health did not engage with stakeholders in accordance with its Stakeholder Engagement Framework. Health did not measure the achievement of Future Fit Program outcomes.
13. Planning and conduct of the 2021, 2022 and 2024 Future Fit Program procurements were not effective, except for meeting AusTender reporting requirements. Health did not appropriately plan for the Future Fit Program procurements and its consideration of procurement risk was limited. Approaches to market did not support a value for money outcome. Procurement effectiveness was further undermined by insufficient demonstration of value for money, failure to maintain complete records, limited achievement of procurement objectives, and weak probity management. Procurement processes fell short of ethical standards.
14. Health’s management of Future Fit Program contracts was not effective. The Future Fit Program’s objective was to prepare the MoW network for the transition from the Commonwealth Home Support Programme to the Support at Home program. Some contract deliverables were not realised, and there is no evidence-based analysis of the achievement of the intended outcomes. Health’s contract administration effectiveness was impacted by a lack of contract management planning (including risk management), inappropriate segregation of duties, a poorly justified contract variation, deficient records management, and limited probity management. Health did not establish contract performance measures. While contract management practices improved for the 2024 contract, the contract ended in a legal dispute and non-delivery of some contract requirements.
Supporting findings
Governance
15. Health did not assess the Future Fit Program against the requirements of its project management framework nor establish governance arrangements for the project that were consistent with the framework. The Future Fit Program contractor, Miles Morgan Australia, established roles and responsibilities for the Future Fit Program in 2022. Health did not have an established role in project oversight or delivery. The Future Fit Program was established in part to place MoWA in a better position to support MoW state associations and providers. In October 2022 Health agreed to a proposal from Miles Morgan Australia to remove MoWA from project governance arrangements, without consulting MoWA or advising the minister. From mid-2023, Health engaged more directly with MoWA and the MoW network on the Future Fit Program. (See paragraphs 2.1 to 2.20)
16. Health required Miles Morgan Australia to develop a project risk register at the outset of the Future Fit Program in 2022. The March 2022 project risk register identified and assessed risks and included treatments for risks outside of tolerance. Health was assigned ‘shared’ ownership of six of the 22 identified project risks, including one extreme risk that was rated ‘unacceptable.’ Health was not involved in the treatment of shared risks. Project status reports repeatedly showed the Future Fit Program as being at ‘high’ or ‘extreme’ risk of not being delivered as planned. There was no process of identifying treatments for these risks. Health did not subsequently seek updates of or refer to the 2022 register. A separate risk register was developed for the 2024 contract. Health did not contribute to the 2024 register. (See paragraphs 2.21 to 2.35)
17. Health did not have a fit-for-purpose stakeholder engagement plan for the Future Fit Program. In 2021 and 2022, communications activities were designed by a sub-contracted firm. The communications plan was not updated over time as the situation evolved. The communications plan and engagement activities did not reflect Health’s principles of effective stakeholder engagement, especially the principle of inclusivity. A decision to direct source a provider for meals provision in several Victorian locations was made without consultation with key stakeholders. Stakeholder activities were not appropriately recorded or reviewed. Health’s handling of a stakeholder management complaint in 2023 did not align with principles set out in its complaints management policy. From mid-2023, Health’s stakeholder engagement practices improved. (See paragraphs 2.36 to 2.70)
18. Health received project status reports from Miles Morgan Australia for the 2021 and 2024 contracts, although Health did not ensure that six of 21 reports were provided in a timely manner, or that reports were provided throughout the whole of the implementation period. Most of these reports identified significant issues with project delivery. Health did not acknowledge the reports. Health did not enforce contractual requirements for Miles Morgan Australia to develop an evaluation plan. As at April 2025, the Future Fit Program had not been evaluated. (See paragraphs 2.71 to 2.81)
Procurement
19. Planning and approaches to market for the 2021, 2022 and 2024 procurements were deficient and did not comply with the Commonwealth Procurement Rules.
- Health’s decision to use a procurement to fund the Future Fit Program was not underpinned by a strong policy rationale or market analysis.
- There was no planning for any of the three procurements. Procurement values were not estimated before the approach to market.
- Risk was not identified and assessed in the 2021 and 2022 procurements. For the 2024 procurement, risks were identified, however all risks were assessed as low and therefore did not require treatment despite well-known delivery issues.
- Health approached one supplier (Miles Morgan Australia) in all three procurements. The supplier was selected without analysis of alternatives. A standing arrangement (panel) to facilitate the procurement of this specific supplier was identified after a decision was made to procure the supplier.
- In 2021, Health engaged Miles Morgan Australia from the panel after having been made aware that the method was at risk of breaching the Commonwealth Procurement Rules. The 2022 procurement used the same panel and included services beyond the panel scope. There was a lack of due diligence when the contract was varied in 2022 to include a customer relationship management (CRM) system. Health used a limited tender condition for the 2024 procurement based on flawed reasoning that lacked transparency. Across the three procurements, there were instances of internal legal advice not being sought, not being followed and/or not being appropriately shared with Health’s Procurement Advisory Services.
- AusTender reporting of the procurement method was appropriate. (See paragraphs 3.1 to 3.53)
20. Demonstration of value for money and maintenance of appropriate records were deficient for the 2021, 2022 and 2024 procurements. Procurement approvals were appropriately recorded for two of three procurements. Probity was not effectively managed, and there could be improvements to Health’s gifts, benefits and hospitality policy to support probity. Conduct fell short of ethical standards. Health met AusTender timeframes for reporting contracts. (See paragraphs 3.54 to 3.82)
Contract management
21. Health did not have contract management plans in place for the Future Fit Program contracts with Miles Morgan Australia. Contract risk was not assessed in 2021 or 2022. Contract risks were assessed as low in 2024 despite known issues and some risks had already been or were quickly realised. Between 2022 and 2023, there was insufficient segregation of duties (a key control to prevent poor decision-making and fraud) in procurement and contract management, however this was improved in 2024. In October 2022, the 2021 contract was varied to include development of a Customer Relationship Management (CRM) system without an assessment of whether the variation offered value for money, whether it affected the original procurement’s value for money, or whether procured goods and services could be provided by other potential suppliers. Contract administration activities, including the verification of deliverables prior to release of payments, were poorly recorded for the 2021 and 2022 procurements. Records management and verification of deliverables improved for the 2024 contract. Probity was not managed. (See paragraphs 4.1 to 4.22)
22. Future Fit Program 2021, 2022 and 2024 contract deliverables were partially achieved. The 2024 contract was executed while 2022 contract deliverables were still outstanding, including confirmation that a CRM system, which was to be ‘transitioned’ from Miles Morgan Australia to a MoW provider under the 2024 contract, had been successfully deployed. There was a lack of success measures to determine if project outcomes had been achieved. There is no evidence that Health managed performance issues related to the 2021 and 2022 contracts. The 2024 contract was clearer about performance expectations than the 2021 and 2022 contracts, and Health managed concerns about contractor performance in 2024. (See paragraphs 4.23 to 4.32)
Recommendations
Recommendation no. 1
Paragraph 2.7
The Department of Health, Disability and Ageing implement controls to ensure that:
- all potential projects are assessed against its project tiering guidelines, to help ensure fit-for-purpose governance arrangements are established in accordance with its project management framework; and
- the rationale for not categorising a project into one of its three project tiers is recorded.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 2
Paragraph 2.33
When procuring project management services, the Department of Health, Disability and Ageing ensure that:
- the department’s accountability for project delivery is recognised in governance arrangements; and
- project risk is managed in accordance with the department’s project and risk management frameworks.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 3
Paragraph 2.64
For projects that involve complex stakeholder relationships, the Department of Health, Disability and Ageing develop processes to ensure that:
- stakeholder engagement plans are prepared that reflect the five Stakeholder Engagement Framework principles of purposeful, inclusive, timely, transparent and respectful; and
- outcomes of stakeholder interactions are appropriately recorded; including to better enable the review and measurement of stakeholder engagement as required under Health’s five-step engagement model.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 4
Paragraph 2.80
The Department of Health, Disability and Ageing evaluate the Ballarat and Whitehorse LGA pilot programs to inform future program design and to better support the transition of Commonwealth Home Support Programme providers to the new Support at Home program.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 5
Paragraph 3.23
The Department of Health, Disability and Ageing amend its procurement risk profile template to include consideration of the lawful basis for the proposed procurement expenditure.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 6
Paragraph 3.31
The Department of Health, Disability and Ageing strengthen its procurement procedures to ensure legal advice obtained in the course of arranging a procurement is shared with the Procurement Advisory Services team to mitigate procurement risk.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 7
Paragraph 3.59
The Department of Health, Disability and Ageing strengthen procurement controls to ensure that relevant information (including price, legal advice, past and ongoing disputes, and performance issues) is incorporated into the value for money assessment for procurements.
Department of Health, Disability and Ageing response: Agreed.
Recommendation no. 8
Paragraph 3.68
To ensure the proper use and management of public resources, the Department of Health, Disability and Ageing reinforce to officials their records management obligations under the Archives Act 1983, including when using mobile devices for official business.
Department of Health, Disability and Ageing response: Agreed.
Summary of entity response
23. The proposed audit report was provided to the Department of Health, Disability and Ageing. Extracts of the proposed audit report were provided to Newcastle Meals on Wheels and a representative of Miles Morgan Australia. The Department of Health, Disability and Ageing’s summary response is provided below and its full response is provided at Appendix 1. Responses from Newcastle Meals on Wheels and a representative of Miles Morgan Australia are provided at Appendix 1.
The Department of Health and Aged Care (the department) notes the findings in the report and accepts the recommendations.
The department is taking the report’s findings seriously, in particular that the actions of departmental staff did not meet ethical standards. As noted in the Secretary’s opening statement at the public hearing for the Joint Committee of Public Accounts and Audit inquiry into probity and ethics in the Australian Public Sector on 1 February 2024, the department is committed to ensuring all staff are supported in managing public resources in a transparent and ethical manner by fostering a culture of integrity. The department has well established processes for responding to such behaviours.
In response to this audit, the department will commission an evaluation of the Future Fit Program. The evaluation will form part of a suite of advice to government on future program design for the Commonwealth Home Support Program (CHSP), including advice to support government decisions on the future transition of CHSP to the new Support at Home Program no earlier than 1 July 2027. The department is also undertaking activities to strengthen its administrative processes in relation to projects, procurement and records management. In particular, the department is taking steps to ensure projects are accurately identified and appropriate departmental governance and oversight arrangements are in place.
Key messages from this audit for all Australian Government entities
24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Procurement
Summary and recommendations
Background
1. On 5 August 2017, the Minister for Health and Aged Care announced a review of Australia’s sport integrity arrangements. The Report of the Review of Australia’s Sport Integrity Arrangements (the Wood Review) was presented to the government in March 2018 and made 52 recommendations, including the establishment of a national sports integrity commission.1 In its February 2019 response to the Wood Review2, the Australian Government agreed, agreed in part, agreed in principle or noted all recommendations. Sport Integrity Australia (SIA) was established on 1 July 2020 by the Sport Integrity Australia Act 2020 (SIA Act).
2. The object of the SIA Act is to establish SIA to prevent and address threats to sports integrity and to coordinate a national approach to matters relating to sports integrity in Australia. A National Anti-Doping Scheme is required under section 3 of the SIA Act and is set out in Schedule 1 of the Sport Integrity Australia Regulations 2020 (SIA Regulations). The SIA Regulations outline the powers and functions of the SIA Chief Executive Officer, which include having the role and responsibility of a ‘national anti-doping organisation’ for Australia under the United Nations Educational, Scientific and Cultural Organization’s (UNESCO) Anti-Doping Convention and the World Anti-Doping Code.
Rationale for undertaking the audit
3. In its response to the Wood Review, the Australian Government committed to ‘comprehensively protecting the integrity of Australian sport for the benefit of the entire Australian community’ and to establishing a national sports integrity commission (SIA). The government also noted the importance of effective anti-doping measures to protect the integrity of Australian sport.
4. The audit provides assurance to the Parliament as to whether SIA has established effective governance arrangements for anti-doping and is effectively managing the National Anti-Doping Scheme.
Audit objective and criteria
5. The purpose of the audit was to assess the effectiveness of Sport Integrity Australia’s management of the National Anti-doping Scheme.
6. To form a conclusion against the objective, the following high-level criteria were adopted:
- Has Sport Integrity Australia established fit-for-purpose governance arrangements?
- Has Sport Integrity Australia established effective arrangements to prevent and detect anti-doping rule violations?
- Has Sport Integrity Australia established effective arrangements to investigate and respond to possible anti-doping rule violations?
7. The period covered by the audit is 1 July 2021 to 30 June 2024. Anti-doping matters prior to the establishment of Sport Integrity Australia on 1 July 2020 are not within the scope of this audit.
Conclusion
8. Sport Integrity Australia’s management of the National Anti-Doping Scheme is partly effective. SIA has adopted a different approach to anti-doping regulation, depending on how anti-doping samples and testing are paid for. Regulatory responsibilities are more effectively carried out for sports that receive government funded anti-doping testing. For sports where testing costs are partially recovered from the sport, regulation is not demonstrably risk-based and data driven — a key principle of good regulation. There are deficiencies in anti-doping investigation practices.
9. SIA’s governance arrangements for the National Anti-Doping Scheme are partly fit for purpose. There are largely fit-for-purpose oversight and assurance arrangements. Risk management, including for regulatory capture risks, is not fit for purpose.
10. SIA’s arrangements for preventing and detecting doping are largely effective for sports that have mainly government funded anti-doping sample collection arrangements, and partly effective for the major professional sports that have mainly ‘user pays’ anti-doping sample collection arrangements, due to the way SIA has chosen to administer ‘user pays’ arrangements.
- There is a fit-for-purpose national anti-doping framework, which is supported by a national anti-doping policy that is adopted by 87 national sporting organisations. Another three national sporting organisations have an SIA-approved anti-doping policy.
- SIA has effective arrangements to prevent anti-doping rule violations through anti-doping education plans that are implemented and evaluated.
- For sports that have mainly government funded testing arrangements, test distribution planning is generally risk-based. Transparency could be enhanced through more comprehensive documentation of planning methodology and record keeping.
- For the six major sports that have mainly user pays testing arrangements, test distribution planning is not demonstrably risk-based. The number and distribution of tests are negotiated with national sporting organisations under a service agreement. This is not consistent with World Anti-Doping Code principles or SIA’s responsibilities as a regulator of these sports.
11. SIA’s arrangements to investigate and respond to anti-doping rule violations are partly effective. The procedural framework for investigations is partly fit for purpose, including processes related to quality assurance. There were irregularities in the triage and conduct of 38 investigations commenced in the three years to 30 June 2024, when compared to existing procedures. Investigations did not consistently meet timeliness targets. SIA’s actions in response to proven anti-doping violations were appropriate.
Supporting findings
Governance arrangements
12. SIA has responded to the Minister for Sport’s statement of expectations with an appropriate statement of intent. There are management arrangements and governance bodies that give consideration to anti-doping matters. These include advisory bodies that have been established in accordance with the Sport Integrity Australia Act 2020. Governance bodies operate in accordance with legislative requirements or terms of reference, except for the declaration of interests on two key advisory bodies. SIA’s public performance reporting includes measures related to anti-doping. There is no performance reporting specifically related to anti-doping testing and investigations — a key regulatory function. There is no measure that goes to the effectiveness or efficiency of SIA’s anti-doping activities. Performance reporting on anti-doping in 2023–24 was not fully accurate. SIA reports integrity and anti-doping matters of significance to the Minister for Sport. (see paragraphs 2.2 to 2.20)
13. Sport Integrity Australia established a risk management policy in 2021, which was updated in 2023. Risk appetite statements provided in different documents are inconsistent. There is an enterprise risk register, which was last updated in November 2021. Operational risk registers for specific business areas or activities, including for anti-doping, are not maintained. SIA undertook a review of its risk management framework in 2024, which concluded that the risk management framework required ‘significant’ work to comply with the Commonwealth Risk Management Policy. SIA commenced a body of work to improve SIA’s risk management framework. There is a largely fit-for-purpose policy framework for regulatory capture risks, including risks arising from conflicts of interest; external employment; gifts, benefits and hospitality; and sports betting. The policies are poorly implemented. (see paragraphs 2.21 to 2.43)
Anti-doping prevention and detection
14. The Sport Integrity Australia Regulations 2020 establish the SIA CEO’s functions and powers in relation to anti-doping, which include sample collection and results management for ‘sporting administration bodies’, defined as ‘national sporting organisations for Australia’. SIA has established an Australian National Anti-Doping Policy (NAD Policy) that aligns with the World Anti-Doping Code and which, as of September 2024 had been adopted by 98 sporting organisations in Australia, including 87 national sporting organisations for Australia. Anti-doping policies for the remaining three national sporting organisations that have adopted alternative policies were not approved by SIA in a timely way using documented criteria.
15. SIA’s annual anti-doping activities are supported by approximately 300 full-time equivalent (FTE) and casual employees. Budgeted average staffing levels increased by six per cent for FTE staff and 17 per cent for casual staff between 2022–23 and 2024–25. The total number of anti-doping samples collected by SIA declined by 34 per cent between 2010–11 and 2022–23.
16. SIA provides anti-doping sample collection and analysis under two general funding models: government-funded and user pays. User pays arrangements involve partial cost recovery, an approach which was approved by government in March 2024. Six professional sports (Australian football, cricket, football (soccer), rugby league, rugby union and basketball) have mainly user pays arrangements. There are no documented criteria for when to apply which funding model, however SIA has advised that it depends in part on the sporting organisation’s ability to pay for its own anti-doping testing.
17. The average cost of testing increased in the five years to 2022–23 and decreased in 2023–24. SIA has assessed the value-for-money of its laboratory testing arrangements. (see paragraphs 3.7 to 3.24)
18. SIA has developed national anti-doping education plans in each year between 2021–22 and 2023–24, as required by the World Anti-Doping (WAD) Code and SIA Regulations. SIA’s 2023–24 national education plan is consistent with requirements of the WAD Code. Sport specific education plans were developed for all sampled sports except one in 2023–24, following failure to develop sport-specific education plans for one sampled government funded sport and most sampled user pays sports in 2021–22 and 2022–23. SIA has fit for purpose arrangements to evaluate the effectiveness of the national education plan. Evaluations have found that most deliverables and outcomes relating to the national education plan were met. SIA has evaluated sport-specific education plans. (see paragraphs 3.25 to 3.42)
19. SIA undertakes an annual anti-doping test distribution planning process that is consistent with the World Anti-Doping (WAD) Code for sports with mainly government funded testing arrangements. Evaluation of previous years’ plans (one component of the WAD Code requirements) to inform improvements to current year planning is not supported by a clear methodology and could be better documented. SIA alters (moderates) the results of the risk-based test planning process using an undocumented methodology.
20. SIA’s test distribution planning for sports with mainly user pays testing arrangements is deficient in terms of systematic risk analysis informing the total number and distribution of planned tests. The total number and distribution of tests are negotiated with national sporting organisations representing user pays sports under a service agreement. Testing arrangements for user pays sports do not fully cover the off-season and pre-season.
21. In a sample of 25 government funded and user pays sports/disciplines, SIA’s testing activities for 2023–24 were mostly consistent with its planned test distribution planning. The minimum levels of analysis required under the WAD Code were achieved for all but one government funded and one user pays sport. (see paragraphs 3.43 to 3.85)
Anti-doping investigations and response
22. SIA established an investigations manual in 2020, which as of September 2024 had not been updated to align with the Australian Government Investigations Standard 2022. Elements of AGIS requirements related to information and evidence management, investigative personnel and investigative practices could be better reflected in SIA’s framework for conducting investigations. Quality assurance processes for investigations have largely not been established.
23. Between 1 July 2021 and 30 June 2024, 144 anti-doping rule violation cases were recorded in SIA’s case management system, and 38 proceeded to an investigation or ‘administrative’ treatment. There is a lack of documented procedures for a type of case (non-analytical findings) and treatment of these cases was inconsistent.
24. Six of 38 investigations commenced between 1 July 2021 and 30 June 2024 lacked investigation plans, with no documented reason for five. SIA does not have a procedure for the preparation and service of disclosure notices to athletes, and disclosure notice practices were inconsistent. SIA did not follow up using established mechanisms on athlete non-compliance with disclosure notices. A brief of evidence adjudication was appropriately prepared for 19 of 26 investigations involving a brief of evidence. Of the 38 investigations commenced since 1 July 2021, 21 were finalised by 30 June 2024 (15 resulting in a sanction). SIA states that it prepares closure reports only for matters where the decision is ‘no further action’. Three of five investigations resulting in ‘no further action’ had a closure report. Closed investigations did not meet timeliness benchmarks. (see paragraphs 4.2 to 4.54)
25. Anti-doping rule violation sanctions imposed by SIA between 1 July 2021 and 30 June 2024 were largely consistent with WADA requirements. (see paragraphs 4.55 to 4.62)
Recommendations
Recommendation no. 1
Paragraph 2.17
Sport Integrity Australia develop effectiveness and efficiency measures and targets for anti-doping testing and investigations activities, consistent with requirements established in the Commonwealth Performance Framework.
Sport Integrity Australia response: Agreed.
Recommendation no. 2
Paragraph 2.44
Sport Integrity Australia improve its controls for identifying and managing potential conflicts of interest, including those arising from gifts and benefits.
Sport Integrity Australia response: Agreed.
Recommendation no. 3
Paragraph 3.45
Sport Integrity Australia establish a procedure for the test distribution planning process for user pays sports.
Sport Integrity Australia response: Agreed.
Recommendation no. 4
Paragraph 3.50
Sport Integrity Australia establish a documented methodology for evaluating test distribution planning for government and user pay sports, and document outcomes from evaluations.
Sport Integrity Australia response: Agreed.
Recommendation no. 5
Paragraph 3.61
Sport Integrity Australia undertake annual risk assessment to inform test distribution planning for all sports subject to regulation, including user pays sports.
Sport Integrity Australia response: Agreed.
Recommendation no. 6
Paragraph 4.9
Sport Integrity Australia establish controls to ensure its documented investigative practices and procedures are implemented, or update procedures to reflect current endorsed practice.
Sport Integrity Australia response: Agreed.
Recommendation no. 7
Paragraph 4.16
Sport Integrity Australia implement a quality assurance process for investigations that captures all types of investigations.
Sport Integrity Australia response: Agreed.
Summary of entity response
26. The proposed audit report was provided to SIA. SIA’s summary response is reproduced below. The full response from SIA is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
Sport Integrity Australia welcomes the findings in the ANAO audit report on Sport Integrity Australia’s Management of the National Anti-Doping Scheme and agrees with the recommendations.
These recommendations will further contribute to our continuous improvement along with our obligations to implement and enforce rules and policies relating to anti-doping in Australian sport.
The National Anti-Doping Scheme provides Australia with the legislative basis to implement obligations under the UNESCO International Convention against Doping in Sport, and in turn, the World Anti-Doping Code (the Code). The Code, and its associated mandatory International Standards, create an important, but complex set of global expectations for all National Anti-Doping Organisations.
The World Anti-Doping Agency through its most recent Code Compliance process (2022–2023) found Sport Integrity Australia to be fully compliant with all aspects of the Code. Indeed, this process highlighted the capabilities of Sport Integrity Australia far exceed many other national anti-doping agencies.
The ANAO recommendations (noting the recommendations are limited to a small section of just one of the five relevant International Standards), are valuable as we look to continually improve our program. To this end, we have already begun taking steps to implement all recommendations.
Key messages from this audit for all Australian Government entities
27. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Performance and impact measurement
Executive summary
1. Performance information is important for public sector accountability and transparency as it shows how taxpayers’ money has been spent and what this spending has achieved. The development and use of performance information is integral to an entity’s strategic planning, budgeting, monitoring and evaluation processes.
2. Annual performance statements are expected to present a clear, balanced and meaningful account of how well an entity has performed against the expectations it set out in its corporate plan. They are an important way of showing the Parliament and the public how effectively Commonwealth entities have used public resources to achieve desired outcomes.
The needs of the Parliament
3. Section 5 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out the objects of the Act, which include requiring Commonwealth entities to provide meaningful performance information to the Parliament and the public. The Replacement Explanatory Memorandum to the PGPA Bill 2013 stated that ‘The Parliament needs performance information that shows it how Commonwealth entities are performing.’1 The PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) outline requirements for the quality of performance information, and for performance monitoring, evaluation and reporting.
4. The Parliament’s Joint Committee of Public Accounts and Audit (JCPAA) has a particular focus on improving the reporting of performance by entities. In September 2023, the JCPAA tabled its Report 499, Inquiry into the Annual Performance Statements 2021–22, stating:
As the old saying goes, ‘what is measured matters’, and how agencies assess and report on their performance impacts quite directly on what they value and do for the public. Performance reporting is also a key requirement of government entities to provide transparency and accountability to Parliament and the public.2
5. Without effective performance reporting, there is a risk that trust and confidence in government could be lost (see paragraphs 1.3 to 1.6).
Entities need meaningful performance information
6. Having access to performance information enables entities to understand what is working and what needs improvement, to make evidence-based decisions and promote better use of public resources. Meaningful performance information and reporting is essential to good management and the effective stewardship of public resources.
7. It is in the public interest for an entity to provide appropriate and meaningful information on the actual results it achieved and the impact of the programs and services it has delivered. Ultimately, performance information helps a Commonwealth entity to demonstrate accountability and transparency for its performance and achievements against its purposes and intended results (see paragraphs 1.7 to 1.13).
The 2023–24 performance statements audit program
8. In 2023–24, the ANAO conducted audits of annual performance statements of 14 Commonwealth entities. This is an increase from 10 entities audited in 2022–23.
9. Commonwealth entities continue to improve their strategic planning and performance reporting. There was general improvement across each of the five categories the ANAO considers when assessing the performance reporting maturity of entities: leadership and culture; governance; reporting and records; data and systems; and capability.
10. The ANAO’s performance statements audit program demonstrates that mandatory annual performance statements audits encourage entities to invest in the processes, systems and capability needed to develop, monitor and report high quality performance information (see paragraphs 1.18 to 1.27).
Audit conclusions and additional matters
11. Overall, the results from the 2023–24 performance statements audits are mixed. Nine of the 14 auditees received an auditor’s report with an unmodified conclusion.3 Five received a modified audit conclusion identifying material areas where users could not rely on the performance statements, but the effect was not pervasive to the performance statements as a whole.
12. The two broad reasons behind the modified audit conclusions were:
- completeness of performance information — the performance statements were not complete and did not present a full, balanced and accurate picture of the entity’s performance as important information had been omitted; and
- insufficient evidence — the ANAO was unable to obtain enough appropriate evidence to form a reasonable basis for the audit conclusion on the entity’s performance statements.
13. Where appropriate, an auditor’s report may separately include an Emphasis of Matter paragraph. An Emphasis of Matter paragraph draws a reader’s attention to a matter in the performance statements that, in the auditor’s judgement, is important for readers to consider when interpreting the performance statements. Eight of the 14 auditees received an auditor’s report containing an Emphasis of Matter paragraph. An Emphasis of Matter paragraph does not modify the auditor’s conclusion (see Appendix 1).
Audit findings
14. A total of 66 findings were reported to entities at the end of the final phase of the 2023–24 performance statements audits. These comprised 23 significant, 23 moderate and 20 minor findings.
15. The significant and moderate findings fall under five themes:
- Accuracy and reliability — entities could not provide appropriate evidence that the reported information is reliable, accurate and free from bias.
- Usefulness — performance measures were not relevant, clear, reliable or aligned to the entity’s purposes or key activities. Consequently, they may not present meaningful insights into the entity’s performance or form a basis to support entity decision making.
- Preparation — entity preparation processes and practices for performance statements were not effective, including timeliness, record keeping and availability of supporting documentation.
- Completeness — performance statements did not present a full, balanced and accurate picture of the entity’s performance, including all relevant data and contextual information.
- Data — inadequate assurance over the completeness, integrity and accuracy of data, reflecting a lack of controls over how data is managed across the data lifecycle, from data collection through to reporting.
16. These themes are generated from the ANAO’s analysis of the 2023–24 audit findings, and no theme is necessarily more significant than another (see paragraphs 2.12 to 2.17).
Measuring and assessing performance
17. The PGPA Rule requires entities to specify targets for each performance measure where it is reasonably practicable to set a target.4 Clear, measurable targets make it easier to track progress towards expected results and provide a benchmark for measuring and assessing performance.
18. Overall, the 14 entities audited in 2023–24 reported against 385 performance targets in their annual performance statements. Entities reported that 237 targets were achieved/met5, 24 were substantially achieved/met, 24 were partially achieved/met and 82 were not achieved/met.6 Eighteen performance targets had no definitive result.7
19. Assessing entity performance involves more than simply reporting how many performance targets were achieved. An entity’s performance analysis and narrative is important to properly inform stakeholder conclusions about the entity’s performance (see paragraphs 2.37 to 2.44).
Connection to broader government policy initiatives
20. Performance statements audits touch many government policies and frameworks designed to enhance government efficiency, effectiveness and impact, and strengthen accountability and transparency. This is consistent with the drive to improve coherence across the Commonwealth Government’s legislative and policy frameworks that led to the PGPA Act being established.8 The relationship between performance statements audits and existing government policies and frameworks is illustrated in Figure S.1.
Figure S.1. Relationship of performance statements audits to government policies and frameworks

Source: ANAO analysis.
The future direction of annual performance statements audits
21. Public expectations and attitudes about public services are changing.9 Citizens not only want to be informed, but also to have a say between elections about choices affecting their community10 and be involved in the decision-making process, characterised by, among other things, citizen-centric and place-based approaches that involve citizens and communities in policy design and implementation.11 There is increasing pressure on Commonwealth entities from the Parliament and citizens demanding more responsible and accountable spending of public revenues and improved transparency in the reporting of results and outcomes.
22. A specific challenge for the ANAO is to ensure that performance statements audits influence entities to embrace performance reporting and shift away from a compliance approach with a focus on complying with minimum reporting requirements or meeting the minimum standard they think will satisfy the auditor.12 A compliance approach misses the opportunity to use performance information to learn from experience and improve the delivery of government policies, programs and services.
23. Performance statements audits reflect that for many entities there is not a clear link between internal business plans and the entity’s corporate plan. There can be a misalignment between the information used for day-to-day management and governance of an entity and performance information presented in annual performance statements. Periodic monitoring of performance measures is also not an embedded practice in all Commonwealth entities. These observations indicate that some entities are reporting measures in their performance statements that may not represent the highest value metrics for running the business or for measuring and assessing the entity’s performance (see paragraphs 4.32 to 4.35).
Developments in the ANAO’s audit approach
24. Working with audited entities, the ANAO has progressively sought to strengthen sector understanding of the Commonwealth Performance Framework. This includes a focus on helping entities to apply general principles and guidance to their own circumstances and how entities can make incremental improvements to their performance reporting over time. For example:
- in 2021–22, the ANAO gave prominence to ensuring entities understood and complied with the technical requirements of the PGPA Act and the PGPA Rule;
- in 2022–23, there was an increased focus on supporting entities to establish materiality policies that help determine which performance information is significant enough to be reported in performance statements and to develop entity-wide performance frameworks; and
- in 2023–24, there was an increased focus on assessing the completeness of entity purposes, key activities and performance measures and whether the performance statements present fairly the performance of the entity (see paragraphs 4.36 to 4.38).
Appropriate and meaningful
25. For annual performance statements to achieve the objects of the PGPA Act, they must present performance information that is appropriate (accountable, reliable and aligned with an entity’s purposes and key activities) and meaningful (providing useful insights and analysis of results). They also need to be accessible (readily available and understandable).
26. For the 2024–25 audit program and beyond, the ANAO will continue to encourage Commonwealth entities to not only focus on technical matters (like selecting measures of output, efficiency and effectiveness and presenting numbers and data), but on how to best tell their performance story. This could include analysis and narrative in annual performance statements that explains the ‘why’ and ‘how’ behind the reported results and providing future plans and initiatives aligned to meeting expectations set out in the corporate plan.13
27. It is difficult to demonstrate effective stewardship of public resources without good performance information and reporting. Appropriate and meaningful performance information can show that the entity is thinking beyond the short-term. It can show that the entity is committed to long-term responsible use and management of public resources and effectively achieving results to create long lasting impacts for citizens (see paragraphs 4.39 to 4.45).
Linking financial and performance information
28. The ‘Independent Review into the operation of the PGPA Act’14 noted that there would be merit in better linking performance and financial results, so that there is a clear line of sight between an entity’s strategies and performance and its financial results.15
29. Improving links between financial and non-financial performance information is necessary for measuring and assessing public sector productivity. As a minimum, entities need to understand both the efficiency and effectiveness of how taxpayers’ funds are used if they are to deliver sustainable, value-for-money programs and services. There is currently limited reporting by entities of efficiency (inputs over outputs) and even less reporting of both efficiency and effectiveness for individual key activities.
30. Where entities can demonstrate that more is produced to the same or better quality using fewer resources, this reflects improved productivity.
31. The ANAO will seek to work with the Department of Finance and entities to identify opportunities for annual performance statements to better link information on entity strategies and performance to their financial results (see paragraphs 4.46 to 4.51).
Cross entity measures and reporting
32. ANAO audits are yet to see the systemic development of cross-sector performance measures as indicators where it has been recognised that organisational performance is partly reliant on the actions of other agencies. Although there are some emerging better practices16, the ANAO’s findings reveal that integrated reporting on cross-cutting initiatives and linked programs could provide Parliament, government and the public with a clearer, more unified view of performance on key government priorities such as:
- Closing the Gap;
- women’s safety;
- housing;
- whole-of-government national security initiatives; and
- cybersecurity.
33. Noting the interdependence, common objectives and shared responsibility across multiple government programs, there is an opportunity for Commonwealth entities to make appropriate reference to the remit and reporting of outcomes by other entities in annual performance statements. This may enable the Parliament, the government and the public to understand how the work of the reporting entity complements the work done by other parts of government.17
34. As the performance statements audit program continues to broaden in coverage, there will be opportunities for the ANAO to consider the merit of a common approach to measuring performance across entities with broadly similar functions, such as providing policy advice, processing claims or undertaking compliance and regulatory functions. A common basis for assessing these functions may enable the Parliament, the government and the public to compare entities’ results and consider which approaches are working more effectively and why (see paragraphs 4.52 to 4.56).
Executive summary
The Australian National Audit Office (ANAO) publishes an annual audit work program (AAWP) which reflects the audit strategy and deliverables for the forward year. The purpose of the AAWP is to inform the Parliament, the public, and government sector entities of the planned audit coverage for the Australian Government sector by way of financial statements audits, performance audits, performance statements audits and other assurance activities. As set out in the AAWP, the ANAO prepares two reports annually that, drawing on information collected during financial statements audits, provide insights at a point in time of financial statements risks, governance arrangements and internal control frameworks of Commonwealth entities. These reports provide Parliament with an independent examination of the financial accounting and reporting of public sector entities.
These reports explain how entities’ internal control frameworks are critical to executing an efficient and effective audit and underpin an entity’s capacity to transparently discharge its duties and obligations under the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Deficiencies identified during audits that pose either a significant or moderate risk to an entity’s ability to prepare financial statements free from material misstatement are reported.
This report presents the final results of the 2023–24 audits of the Australian Government’s Consolidated Financial Statements (CFS) and 245 Australian Government entities. The Auditor-General Report No. 42 2023–24 Interim Report on Key Financial Controls of Major Entities, focused on the interim results of the audits of 27 of these entities.
Consolidated financial statements
Audit results
1. The CFS presents the whole of government and the General Government Sector financial statements. The 2023–24 CFS were signed by the Minister for Finance on 28 November 2024 and an unmodified auditor’s report was issued on 2 December 2024.
2. There were no significant or moderate audit issues identified in the audit of the CFS in 2023–24 or 2022–23.
Australian Government financial position
3. The Australian Government reported a net operating balance of a surplus of $10.0 billion ($24.9 billion surplus in 2022–23). The Australian Government’s net worth deficiency decreased from $570.3 billion in 2022–23 to $567.5 billion in 2023–24 (see paragraphs 1.8 to 1.26).
Financial audit results and other matters
Quality and timeliness of financial statements preparation
4. The ANAO issued 240 unmodified auditor’s reports as at 9 December 2024. The financial statements were finalised and auditor’s reports issued for 79 per cent (2022–23: 91 per cent) of entities within three months of financial year-end. The decrease in timeliness of auditor’s reports reflects an increase in the number of audit findings and legislative breaches identified by the ANAO, as well as limitations on the available resources within the ANAO in order to undertake additional audit procedures in response to these findings
5. A quality financial statements preparation process will reduce the risk of inaccurate or unreliable reporting. Seventy-one per cent of entities delivered financial statements in line with an agreed timetable (2022–23: 72 per cent). The total number of adjusted and unadjusted audit differences decreased during 2023–24, although 38 per cent of audit differences remained unadjusted. The quantity and value of adjusted and unadjusted audit differences indicate there remains an opportunity for entities to improve quality assurance over financial statements preparation processes (see paragraphs 2.138 to 2.154).
Timeliness of financial reporting
6. Annual reports that are not tabled in a timely manner before budget supplementary estimates hearings decrease the opportunity for the Senate to scrutinise an entity’s performance. Timeliness of tabling of entity annual reports improved. Ninety-three per cent (2022–23: 66 per cent) of entities that are required to table an annual report in Parliament tabled prior to the date that the portfolio’s supplementary budget estimates hearing commenced. Supplementary estimates hearings were held one week later in 2023–24 than in 2022–23. Fifty-seven per cent of entities tabled annual reports one week or more before the hearing (2022–23: 12 per cent). Of the entities required to table an annual report, 4 per cent (2022–23: 6 per cent) had not tabled an annual report as at 9 December 2024 (see paragraphs 2.155 to 2.166).
Official hospitality
7. Eighty-one per cent of entities permit the provision of hospitality and the majority have policies, procedures or guidance in place. Expenditure on the provision of hospitality for the period 2020–21 to 2023–24 was $70.0 million. Official hospitality involves the provision of public resources to persons other than officials of an entity to achieve the entity’s objectives. Entities that provide official hospitality should have policies, and guidance in place which clearly set expectations for officials. There are no mandatory requirements for entities in managing the provision of hospitality, however, the Department of Finance (Finance) does provide some guidance to entities in model accountable authority instructions. Of those entities that permit hospitality 83 per cent have established formal policies, guidelines or processes.
8. Entities with higher levels of exposure to the provision of official hospitality could give further consideration to implementing or enhancing compliance and reporting arrangements. Seventy-four per cent of entities included compliance requirements in their policies, procedures or guidance which support entity’s obtaining assurance over the conduct of official hospitality. Compliance processes included acquittals, formal reporting, attestations from officials and/or periodic internal audits. Thirty-one per cent of entities had established formal reporting on provision of official hospitality within their entities (see paragraphs 2.36 to 2.56).
Artificial intelligence
9. Fifty-six entities used artificial intelligence (AI) in their operations during 2023–24 (2022–23: 27 entities). Most of these entities had adopted AI for research and development activities, IT systems administration and data and reporting.
10. During 2023–24, 64 per cent of entities that used AI had also established internal policies governing the use of AI (2022–23: 44 per cent). Twenty-seven per cent of entities had established internal policies regarding assurance over AI use. An absence of governance frameworks for managing the use of emerging technologies could increase the risk of unintended consequences. In September 2024, the Digital Transformation Agency (DTA) released the Policy for the responsible use of AI in government, which establishes requirements for accountability and transparency on the use of AI within entities (see paragraphs 2.67 to 2.71).
Cloud computing
11. Assurance over effectiveness of cloud computing arrangements (CCA) could be improved. During 2023–24, 89 per cent of entities used CCAs as part of the delivery model for the IT environment, primarily software-as-a-service (SaaS) arrangements. A Service Organisation Controls (SOC) certificate provides assurance over the implementation, design and operating effectiveness of controls included in contracts, including security, privacy, process integrity and availability. Eighty-two per cent of entities did not have in place a formal policy or procedure which would require the formal review and consideration of a SOC certificate.
12. In the absence of a formal process for obtaining and reviewing SOC certificates, there is a risk that deficiencies in controls at a service provider are not identified, mitigated or addressed in a timely manner (see paragraphs 2.57 to 2.66).
Audit committee member rotation
13. Audit committee member rotation considerations could be enhanced. The rotation of audit committee membership is not mandated, though guidance to the sector indicates that rotation of members allows for a flow of new skills and talent through committees, supporting objectivity. Forty-six per cent of entities did not have a policy requirement for audit committee member rotation.
14. Entities could enhance the effectiveness of their audit committees by adopting a formal process for rotation of audit committee membership, which balances the need for continuity and objectivity of membership (see paragraphs 2.16 to 2.21).
Fraud framework requirements
15. The Commonwealth Fraud Control Framework 2017 encourages entities to conduct fraud risk assessments at least every two years and entities responsible for activities with a high fraud risk may assess risk more frequently. All entities had in place a fraud control plan. Ninety-seven per cent of entities had conducted a fraud risk assessment within the last two years. Changes to the framework which occurred on 1 July 2024 requires entities to expand plans to take account of preventing, detecting and dealing with corruption, as well as periodically examining the effectiveness of internal controls (see paragraphs 2.16 to 2.21).
Summary of audit findings
16. Internal controls largely supported the preparation of financial statements free from material misstatement. However, the number of audit findings identified by the ANAO has increased from 2023–24. A total of 214 audit findings and legislative breaches were reported to entities as a result of the 2023–24 financial statements audits. These comprised six significant, 46 moderate, 147 minor audit findings and 15 legislative breaches. The highest number of findings are in the categories of:
- IT control environment, including security, change management and user access;
- compliance and quality assurance frameworks, including legal conformance; and
- accounting and control of non-financial assets.
17. IT controls remain a key issue. Forty-three per cent of all audit findings identified by the ANAO related to the IT control environment, particularly IT security. Weaknesses in controls in this area can expose entities to an increased risk of unauthorised access to systems and data, or data leakage. The number of IT findings identified by the ANAO indicate that there remains room for improvement across the sector to enhance governance processes supporting the design, implementation and operating effectiveness of controls.
18. These audits findings included four significant legislative breaches, one of which was first identified since 2012–13. The majority (53 per cent) of other legislative breaches relate to incorrect payments of remuneration to key management personnel and/or non-compliance with determinations made by the Remuneration Tribunal. Entities could take further steps to enhance governance supporting remuneration to prevent non-compliance or incorrect payments from occurring (see paragraphs 2.72 to 2.137).
Financial sustainability
19. An assessment of an entity’s financial sustainability can provide an indication of financial management issues or signal a risk that the entity will require additional or refocused funding. The ANAO’s analysis concluded that the financial sustainability of the majority of entities was not at risk (see paragraphs 2.167 to 2.196).
Reporting and auditing frameworks
Changes to the Australian public sector reporting framework
20. The development of a climate-related reporting framework and assurance regime in Australia continues to progress. ANAO consultation with Finance to establish an assurance and verification regime for the Commonwealth Climate Disclosure (CCD) reform is ongoing (see paragraphs 3.20 to 3.24).
21. Emerging technologies (including AI) present opportunities for innovation and efficiency in operations by entities. However, rapid developments and associated risks highlight the need for Accountable Authorities to implement effective governance arrangements when adopting these technologies. The ANAO is incorporating consideration of risks relating to the use of emerging technologies, including AI, into audit planning processes to provide Parliament with assurance regarding the use of AI by the Australian Government (see paragraphs 3.25 to 3.33).
22. The ANAO Audit Quality Report 2023–24 was published on 1 November 2024. The report demonstrates the evaluation of the design, implementation and operating effectiveness of the ANAO’s Quality Management Framework and achievement of ANAO quality objectives (see paragraphs 3.34 to 3.39).
23. The ANAO Integrity Report 2023–24 and the ANAO Integrity Framework 2024–25 were also published on 1 November 2024 to provide transparency of the measures undertaken to maintain a high integrity culture within the ANAO (see paragraphs 3.44 to 3.46).
Cost of this report
24. The cost to the ANAO of producing this report is approximately $445,000.
Summary and recommendations
Background
1. The Pharmaceutical Benefits Scheme (PBS) is an Australian Government scheme that subsidises the cost of a wide range of medicines for Australian residents and eligible overseas visitors. The PBS is enabled by the National Health Act 1953 (NHA) which regulates the listing, prescribing, pricing, charging and payment of subsidies for the supply of medicines and medicinal preparations as pharmaceutical benefits. The PBS Schedule, made under the National Health (Listing of Pharmaceutical Benefits) Instrument 2024, lists medicines subsidised under the PBS and outlines requirements for the provision of these medicines.
2. The objective of the PBS is to provide Australians with timely, reliable and affordable access to necessary and cost-effective medicines. The Department of Health and Aged Care (Health) is responsible for PBS policy and has a bilateral agreement with Services Australia to deliver PBS-related services and payments.
Rationale for undertaking the audit
3. The PBS is intended to ensure that Australians have timely, reliable and affordable access to medicines. The budgeted expenditure for the PBS for the 2024–25 financial year is $19.5 billion. This performance audit was conducted to provide assurance to Parliament that the PBS is being administered effectively.
Audit objective and criteria
4. The objective of the audit was to assess the effectiveness of the administration of the PBS.
5. To form a conclusion against the audit objective, the following high-level criteria were adopted:
- Has Health established appropriate governance and oversight arrangements for the PBS?
- Has Health established appropriate arrangements to manage the cost of the PBS?
- Have Health and Services Australia established effective arrangements to manage the delivery of PBS services and payments?
Conclusion
6. Health’s and Services Australia’s administration of the PBS is partly effective. While arrangements for managing the cost of the PBS are largely effective, there were deficiencies in arrangements for whole-of-program management and administering the delivery of PBS services and payments.
7. Health’s governance and oversight arrangements for the PBS are partly appropriate. Instruments for delegating statutory powers for administering the PBS have irregularities and anomalies. Health’s PBS Program Management Plan could be improved by including more detail on Health’s management arrangements for the PBS. Health has a largely appropriate bilateral arrangement with Services Australia to oversee its delivery of PBS services and payments. Health’s performance measurement framework for the PBS does not adequately measure and report on program outcomes. Health’s risk management focuses on shared administration risks with Services Australia and has not considered broader strategic risks to the PBS. While mechanisms are in place for stakeholder engagement on the PBS, Health has not conducted an analysis of stakeholder engagement needs or developed an overarching stakeholder engagement plan.
8. Health’s arrangements to manage the cost of the PBS are largely appropriate. Arrangements were in place to assess the cost-effectiveness of individual PBS medicines and manage the cost of listed medicines. Arrangements have been established to manage pharmacy remuneration through successive Community Pharmacy Agreements (CPAs), negotiated with the pharmacy industry, which Health supported through impact analysis for the eighth CPA signed in June 2024. Health has established processes for managing patient out-of-pocket costs and monitoring and forecasting the overall cost of the PBS. Health has not established arrangements to automate patient access to the Safety Net or engaged in horizon scanning analysis to anticipate potential future costs of new and novel medicines.
9. Health and Services Australia’s arrangements to manage the delivery of PBS services and payments are partly effective. Processes and systems for PBS claims processing are not fully effective at ensuring that legislative requirements for PBS claims are met, as Services Australia is not ensuring that PBS suppliers certify claims in accordance with legislative timeframes. While payment integrity is reviewed, it is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly met. The results are not included in Services Australia’s Annual Performance Statement. The provision of authority approvals is based on an automated system. There were differences in approval rates between authority applications made online and by phone, and Services Australia’s performance target for reporting on answering authority calls in its Annual Performance Statements does not align with the performance target agreed with Health in bilateral agreements. PBS Safety Net card claims and patient refunds are reliant on manual processes and timeliness performance measures have not been consistently met.
Supporting findings
Governance and oversight
10. Instruments that delegate powers and functions for administering the PBS have irregularities and anomalies. While Health has developed a Program Management Plan for the PBS, it does not adequately cover arrangements for managing PBS costs, stakeholder engagement and whole-of-program performance measurement. Health’s support to independent statutory bodies with responsibilities for the PBS could be improved by developing governance documentation for the Pharmaceutical Benefits Advisory Committee. (See paragraphs 2.3 to 2.24)
11. Health and Services Australia have established a Bilateral Management Arrangement, which includes bilateral agreements and bilateral governance arrangements that relate to the delivery of PBS services and payments.
- PBS-related program agreements were fit for purpose, with clear objectives and defined roles and responsibilities. All protocols supporting the bilateral arrangement were reviewed and updated between November 2023 and September 2024.
- While bilateral governance meetings have not occurred at the most senior levels, there has been regular engagement between the two entities at lower levels. Governance committees relevant to the PBS began considering risk, performance reporting, and updates to bilateral agreements in late 2023. (See paragraphs 2.25 to 2.35)
12. Health has one external performance measure for the PBS, which is not outcome focused and does not provide meaningful performance information to the Parliament or the public. Health receives monthly reporting from Services Australia on bilateral performance measures. It has not used this data to oversee Services Australia’s service delivery. Health does not provide any regular performance reporting on the PBS to the minister or its executive committee. (See paragraphs 2.36 to 2.54)
13. Health has not undertaken appropriate risk assessments or developed appropriate risk management plans for the PBS at the divisional or program level. Its risk assessments and plans do not adequately cover key program activities for which Health is responsible. Health’s shared risk management plan with Services Australia covers risks relating to the services and payments Services Australia delivers for the PBS. From late 2023, bilateral governance bodies began discussing operational risks relevant to the PBS. (See paragraphs 2.55 to 2.69)
14. Health’s arrangements for stakeholder engagement for the PBS include the provision of information through websites, invitation of written submissions from stakeholders on specific PBS issues, agreement-making with industry bodies, and hosting regular stakeholder engagement forums. These arrangements have not been informed by a systematic analysis of stakeholder engagement needs or an overarching stakeholder engagement plan or strategy. (See paragraphs 2.70 to 2.83)
Managing the cost of the PBS
15. Arrangements for assessing medicine cost-effectiveness outlined in the Guidelines for preparing submissions to the Pharmaceutical Benefits Advisory Committee have been followed. Health has complied with administrative procedures for listing medicines on the Schedule and agreeing medicine prices with sponsors. Health has negotiated deeds of agreement with medicine sponsors (covering special pricing arrangements and risk-sharing agreements) to minimise the cost of PBS medicines to government. Statutory price reductions are in place to decrease the cost of listed medicines. Medicines are delisted from the Schedule by medicine sponsors with no regular delisting process performed by Health. (See paragraphs 3.3 to 3.53)
16. The Australian Government has negotiated Community Pharmacy Agreements (CPAs) with the pharmacy sector to determine pharmacy remuneration for dispensing PBS medicines since 1990. CPAs offer flexibility to include terms such as the remuneration adjustment mechanism to mitigate unexpected expenditure for the Australian Government. The choice to negotiate a CPA rather than allowing remuneration to be set by an independent tribunal was not supported by adequate impact analysis for the seventh CPA. Health prepared an Impact Analysis for the eighth CPA, signed in June 2024, which supported continuation of pharmacy remuneration setting through a CPA. (See paragraphs 3.54 to 3.74)
17. Health has used monitoring data to model the impact of proposed changes to patient co-payment amounts and Safety Net thresholds on patient out-of-pocket costs. Based on this modelling, Health has provided advice to government on proposals to help patients achieve greater cost-savings through these mechanisms. Health has not established arrangements to automatically determine eligibility for the Safety Net. Health has estimated that 640,000 patients become eligible for the Safety Net each year but do not apply, foregoing $100 million in medicine subsidies. (See paragraphs 3.75 to 3.95)
18. Health has established arrangements for modelling the overall cost of the PBS and the impact of new medicine listings, and it provides advice to the government and Parliament through the annual Budget processes.
- Health has established a system to model PBS expenditure based on the current legislative requirements, which it uses to model the impact of new and amended medicine listings.
- Reporting on PBS expenditure is available through an annual report and reporting on Services Australia’s website.
- Health has not performed horizon scanning analysis to forecast PBS expenditure and identify potential policy changes. (See paragraphs 3.96 to 3.113)
Delivery of services and payments
19. Almost all claims (99.9 per cent) made by PBS suppliers are submitted through Services Australia’s Online Claiming for PBS system, which automatically assesses claims against legislative rules before processing advance payments. Due to an absence of controls to ensure advance payments to PBS suppliers are certified within statutory timeframes, over one-third of approved PBS suppliers have uncertified claims totalling $1.514 billion (as at 30 June 2024). Payment integrity is reviewed but is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly reported as met, but it is not included in public reporting. (See paragraphs 4.3 to 4.30)
20. A system to manage authority-required approvals has been established that is consistent with Health and Services Australia’s respective responsibilities under the PBS bilateral agreement. There are differences in approval rates depending on the method used by an applicant to apply for an authority. Reported results for the timeliness of authority approvals against performance measures set out in bilateral arrangements have largely not met targets. Services Australia reports in its Annual Performance Statement on the achievement of a performance measure target of answering authority calls within 15 minutes. This does not align with the target of answering authority calls, on average, in less than 30 seconds. (See paragraphs 4.31 to 4.52)
21. Services Australia has established processes and systems to manage PBS Safety Net and patient refunds. Both systems are reliant on paper-based application forms which are submitted by post and manually processed by Services Australia. The reliance on manual processing means that performance is sensitive to staffing numbers, which has meant timeliness performance measures have not been consistently met. Services Australia’s quality checking process for Safety Net claims does not provide accurate data on the reasons for rejecting Safety Net card applications to inform education or compliance activities. (See paragraphs 4.55 to 4.78)
Recommendations
Recommendation no. 1
Paragraph 2.8
The Department of Health and Aged Care and Services Australia work to review and update relevant delegation instruments to address irregularities and anomalies.
Department of Health and Aged Care response: Agreed.
Services Australia response: Agreed.
Recommendation no. 2
Paragraph 2.46
The Department of Health and Aged Care establish and report against a performance management framework for the Pharmaceutical Benefits Scheme that:
- includes an appropriate mix of output, efficiency and effectiveness performance measures for key program activities, including those of third-party delivery partners; and
- enables the department’s performance in administering the Pharmaceutical Benefits Scheme purposes to be measured and assessed.
Department of Health and Aged Care response: Agreed.
Recommendation no. 3
Paragraph 2.64
The Department of Health and Aged Care undertake a risk assessment for the Pharmaceutical Benefits Scheme program that covers activities for which the department is responsible.
Department of Health and Aged Care response: Agreed.
Recommendation no. 4
Paragraph 2.82
The Department of Health and Aged Care:
- develop a stakeholder plan for the Pharmaceutical Benefits Scheme that identifies all stakeholder groups, consultation objectives and methods of engagement; and
- publish a stakeholder strategy that informs stakeholders of Health’s planned approach to engaging with stakeholders on the Pharmaceutical Benefits Scheme, including where written agreements or partnerships may be used.
Department of Health and Aged Care response: Agreed.
Recommendation no. 5
Paragraph 4.19
The Department of Health and Aged Care and Services Australia document and implement a strategy for addressing the backlog of uncertified Pharmaceutical Benefits Scheme claims.
Department of Health and Aged Care response: Agreed.
Services Australia response: Agreed.
Recommendation no. 6
Paragraph 4.29
Services Australia report to the Department of Health and Aged Care on payment accuracy for the Pharmaceutical Benefits Scheme (PBS) in accordance with the PBS Program Agreement, and separately report on the integrity and timeliness of PBS payments in its Annual Performance Statements.
Services Australia response: Agreed.
Recommendation no. 7
Paragraph 4.51
Services Australia align its reporting on the timeliness of issuing authority approvals in its Annual Performance Statement with performance measures and targets agreed in bilateral arrangements.
Services Australia response: Not agreed.
Summary of entity responses
22. The proposed audit report was provided to Health and Services Australia. The entities’ summary responses are provided below, and their full responses are included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.
Department of Health and Aged Care
The Department of Health and Aged Care (the Department) welcomes the findings in the report. The Department notes the overall finding by the ANAO that the Department’s and Services Australia’s administration of the Pharmaceutical Benefits Scheme (PBS) is partly effective. The Department is committed to working towards implementing the recommendations in the report as a priority and is already taking steps to address key findings identified in the audit. The Department has also commenced engagement with its partner agency, Services Australia, to address key recommendations in relation to the delivery of the PBS payment arrangement.
The ANAO found that the department has largely appropriate arrangements to manage the cost of the PBS. The Department welcomes the finding that appropriate arrangements have been established for managing patient out-of-pocket costs for Australians and monitoring the overall cost of the PBS. The Department acknowledges the findings that arrangements have been implemented to assess and manage the cost of listed medicines and to manage pharmacy remuneration through successive Community Pharmacy Agreements, and that the bilateral arrangements with Services Australia to oversee delivery of Pharmaceutical Benefits Scheme services and payments are also largely appropriate.
Services Australia
Services Australia (the Agency) notes the findings of the report that the Agency’s arrangements to manage the delivery of the PBS services and payments are partly effective, having regard to certification of claims, reporting differences at the bilateral level compared to Annual Performance Statements, delegation instruments and PBS Safety Net.
The Agency welcomes the findings of the report and is committed to delivering the payments and services related to the PBS, which subsidises the cost of medicines for Australian residents and eligible overseas visitors. The Agency administers the PBS in accordance with the policy and legislation for which the Department of Health and Aged Care (Health) has responsibility. The Agency continues to work with Health to address the issue of uncertified claims and changes to delegation instruments in addition to expanding the work types to include PBS in its Annual Performance Statements for 2024-25.
The Agency agrees with the finding that the performance targets for answering authority calls is different for bilateral agreement and Annual Performance Statement purposes. Due to the expansive nature of the services it provides, reporting is done on a tiered basis for different purposes. The Agency continues to focus on reducing reliance on the PBS Authorities telephone line and increasing digital PBS authorities.
Key messages from this audit for all Australian Government entities
23. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Administration of long-term programs
Delegations of authority
Summary and recommendations
Background
1. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:
Conflicts of interest are also a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar of integrity architectures.1
2. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out general duties of accountable authorities and officials of Australian Government entities.2 The general duties related to conflicts of interest for an official include:
- not improperly using their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth or others3; and
- disclosing the details of any material personal interests that relate to the affairs of the entity.4
3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further detail on requirements for managing conflicts of interest.5 Under the PGPA Act, accountable authorities have a duty to establish and maintain appropriate systems of risk oversight and management and internal control.6 In addition, the PGPA Rule establishes a requirement for the accountable authority to take all reasonable measures to prevent, detect and deal with fraud and corruption relating to the entity.7
4. Boards of corporate Commonwealth entities (CCEs) are the accountable authority unless otherwise prescribed by an Act or the rules. Membership of boards can consist of both executive directors and non-executive directors. CCE boards are responsible for the operations of their entities.
5. The Department of Finance states:
Corporate Commonwealth entities generally have enabling legislation that establishes the scope of their activities and a multi-member accountable authority (such as a board of directors).
6. Specialist skills and expertise may be required to provide a suitable composition for a CCE board. The board members that are appointed to CCE boards in respect of their specialist skills or expertise can have inherent interests that exist as a consequence of their specialist experience. For example, they may be involved in industry associations or have duties to other organisations. These interests can conflict with their duties as a board member of a CCE.
7. The operations of boards for four CCEs were selected for examination as a part of this audit:
- the Australian Sports Commission (ASC);
- Food Standards Australia New Zealand (FSANZ);
- Infrastructure Australia (IA); and
- the National Portrait Gallery of Australia (NPGA).
Rationale for undertaking the audit
8. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties.8 Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosures and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.
9. Section 29 of the PGPA Act provides a duty to disclose material interests. CCE board members may have material personal interests that relate to their role as a member of an accountable authority. Board requirements for specific qualifications, skills and experience pose the risk that domain knowledge and industry familiarity may lead to conflicts of interest.
10. This audit was conducted to provide assurance to the Parliament that the boards of the four CCEs are effectively managing conflicts of interest.
Audit objective and criteria
11. The objective of the audit was to assess the effectiveness of the operations of the boards of four CCEs in managing conflicts of interest.
12. To form a conclusion against the objective, the ANAO examined:
- Have the boards developed appropriate arrangements to manage board conflicts of interest?
- Have the boards effectively managed board conflicts of interest consistent with their own policies?
13. The audit examined the operations of the boards of four CCEs in managing conflicts of interest over the period 1 July 2021 to 31 December 2023. The appointment process for board members was not examined as part of this audit.
Conclusion
14. The operations of the boards in managing conflicts of interest were largely effective. Arrangements for managing conflicts of interest were implemented by the boards in accordance with legislative requirements and documented by some of the boards in policies and procedural guidance. The effectiveness in implementing these arrangements were inconsistent across the boards which resulted in deficiencies in declaring and managing conflicts of interest by the boards. This reduced the overall effectiveness of the boards in their management of conflict of interest risks.
15. The boards have developed largely appropriate arrangements for managing conflicts of interest. All boards have implemented arrangements to support the declaration of interests by board members, including following their appointment and during the term of their appointment. The arrangements implemented by the boards were aligned to requirements in the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). The board of the NPGA did not have a conflict of interest policy that included managing conflicts of interest related to its board. The boards of the ASC and FSANZ had not developed conflict of interest management plans for board members holding other roles within the Australian Government. The boards have largely relied on board induction processes to provide training and education in relation to managing conflicts of interest. The boards had implemented varying arrangements to obtain assurance over the management of conflicts of interest relating to board members.
16. The boards were partly effective in implementing arrangements for managing board conflicts of interest consistent with their own policies. There were shortcomings in the operating effectiveness of processes for declaring and managing conflicts of interest across all boards. This included instances where: declarations of interest were not obtained from newly appointed board members in a timely manner; declarations of interests were not implemented as a standing agenda item at board meetings; and boards’ assessments of declarations of interest were not sufficiently documented to record whether the board had determined declarations to be material personal interests.
Supporting findings
Arrangements to manage conflicts of interest
17. The boards had identified and assessed fraud and corruption risks within their risk management frameworks. The board of IA had identified conflict of interest controls for its then board within its operational and fraud risk registers. (See paragraphs 2.3 to 2.14)
18. All boards had arrangements for board members to declare interests following appointment and at board meetings. The arrangements implemented by the boards were aligned to requirements in the PGPA Act and PGPA Rule. The ASC, FSANZ and IA boards had policies and procedural guidance to manage board conflicts of interest. The NPGA board did not have a conflict of interest policy that provided coverage of the board, with the exception of a policy for declaring, managing and overseeing board conflicts of interest related to the acquisition of works. The boards for ASC and FSANZ had not developed management plans for potential conflicts of interest relating to ex-officio board members that held other roles within the Australian Government. (See paragraphs 2.15 to 2.60)
19. The boards largely relied on board induction processes and related resources from the Department of Finance for promoting compliance with conflict of interest requirements. The boards for the ASC and FSANZ had developed guidance specific to managing board conflicts of interest. The FSANZ board provided board members with access to its learning management system, which included training related to conflicts of interest. The IA board had delivered training for board members that included a module on conflicts of interest. None of the boards had documented training plans for board members or arrangements for monitoring training undertaken by board members. The Department of Finance’s resources on managing conflicts of interest are not specific to boards of corporate Commonwealth entities. (See paragraphs 2.61 to 2.84)
20. None of the boards had implemented an assurance strategy or framework that was specific to, or provided coverage of, board conflicts of interest. All boards had developed some form of arrangement to obtain assurance over board conflicts of interest.
- The ASC board obtained attestations from its board members on compliance with section 29 of the PGPA Act and provided reporting to its audit committee.
- The FSANZ board maintains a centralised register of interests declared by board members that is published on its website.
- The IA board undertook an internal audit in 2018–19 that covered board conflicts of interest and conducted Australian Securities and Investments Commission register searches of board members’ interests in 2021 to confirm declarations.
- The NPGA board had undertaken a specific review of board declarations to update its register of interests for board members. (See paragraphs 2.85 to 2.105)
Effectiveness of conflict of interest arrangements
21. There were instances across all boards where processes for declaring interests were not operating effectively.
- The ASC, FSANZ and NPGA boards had instances where they held board meetings where declarations of interests were not included in agendas or obtained during board meetings.
- The ASC and NPGA boards had instances where they did not obtain declarations of interests from newly appointed board members in a timely manner.
- All boards did not sufficiently document their assessment of declared interests and whether they were considered to be material personal interests. (See paragraphs 3.3 to 3.24)
22. All boards had implemented induction processes for their board members that covered conflict of interest. The ASC’s board induction processes were updated to provide coverage of conflicts of interest for board members commencing from March 2022, but not all current members had received the guidance. The FSANZ, IA and NPGA boards had implemented additional training and education arrangements on conflict of interest obligations for board members. (See paragraphs 3.25 to 3.35)
Recommendations
Recommendation no. 1
Paragraph 2.52
The National Portrait Gallery of Australia update its conflict of interest policy to document requirements and arrangements for declaring, managing and overseeing conflicts of interest relating to the board.
National Portrait Gallery of Australia response: Agreed.
Recommendation no. 2
Paragraph 2.58
The Australian Sports Commission and Food Standards Australia New Zealand assess conflict of interest risks for board members holding other roles within the Australian Government, and develop mitigations that are documented in a management plan.
Australian Sports Commission response: Agreed.
Food Standards Australian New Zealand response: Agreed.
Recommendation no. 3
Paragraph 2.82
The Department of Finance improve training and education arrangements for corporate Commonwealth entities to raise awareness for entities and their board members in understanding how to implement arrangements to meet conflict of interest obligations. This should be undertaken in consultation with portfolio departments.
Department of Finance response: Agreed.
Recommendation no. 4
Paragraph 3.21
The Australian Sports Commission, Food Standards Australia New Zealand, Infrastructure Australia and National Portrait Gallery of Australia implement arrangements to record the board’s assessment of whether a declaration made by a board member is determined to be a material personal interest. Where the interest is determined to be a material personal interest, boards should record the disclosure and consequence in accordance with the Public Governance, Performance and Accountability Rule 2014.
Australian Sports Commission response: Agreed.
Food Standards Australian New Zealand response: Agreed.
Infrastructure Australia response: Agreed.9
National Portrait Gallery of Australia response: Agreed.
Summary of entity responses
23. Extracts of the proposed report were provided to the ASC, the Department of Finance, FSANZ, IA and the NPGA. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the course of the audit are listed in Appendix 2.
Australian Sports Commission
Thank you for providing the Australian Sports Commission (ASC) with the opportunity to comment on the Australian National Audit Office (ANAO) proposed audit report on Management of Conflicts of Interest by Corporate Commonwealth Entity Boards.
The ASC acknowledges and accepts the key findings, recommendations and the opportunities for improvement presented in the Section 19 Report.
Department of Finance
The Department of Finance agrees the recommendation and findings provided in the report extract.
Food Standards Australia New Zealand
FSANZ acknowledges the importance of this audit to provide assurance to Parliament that the operations of Boards effectively manage conflicts of interest. In this context it is noted FSANZ is one of four entities (out of 74 CCE’s) assessed over the period July 2021 to December 2023.
The Board notes the audit’s findings that our arrangements for managing conflicts of interest align with the relevant legislation and are largely effective. As the independent agency responsible for the development of draft food standards for Australia and New Zealand, trust and confidence of decision-makers and stakeholders is important. The FSANZ Board takes a very conservative approach to managing conflicts of interest and, for transparency, we maintain and manage a register of all interests of Board members, regardless of whether they are classified as a material personal interest or not.
Infrastructure Australia
As the Australian Government’s independent adviser on nationally significant infrastructure investment planning and project prioritisation Infrastructure Australia values accountability, acting with integrity and upholding the highest ethical standards.
We appreciate the work of the ANAO which found that the boards of the four CCEs were largely effective in their management of conflicts of interest.
Infrastructure Australia accepts the recommendation that we strengthen our recording of the assessment and consequences of declared conflicts of interest. We have also commenced work to reflect the ANAO feedback on opportunities for improvement in administrative and management practices to strengthen our governance framework in relation to conflicts of interest.
National Portrait Gallery of Australia
The National Portrait Gallery (NPGA) welcomes the Australian National Audit Office’s (ANAO) report and accepts the recommendations made for the agency.
The report finds that the NPGA has developed largely effective arrangements for managing conflicts of interest for its the Board in accordance with legislative requirements.
The report identifies areas for improvement and makes two recommendations where the NPGA can take steps to strengthen its processes and assurance activities through update of its existing Conflict of Interest policy and processes. The NPGA agrees with, and is already taking steps to implement, these recommendations.
The NPGA also recognises the other areas of improvement identified in the Report, notably the expansion of assurance activities and the implementation of a Board training workplan. This will ensure that the NPGA is operating in alignment with government best practice in conflicts of interest management.
The NPGA thanks the ANAO audit team for their professionalism during the audit process.
Key messages from this audit for all Australian Government entities
24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.