Currently showing reports relevant to the Legal and Constitutional Affairs Senate estimates committee. [Remove filter]

Type: Performance audit
Report number: 47 of 2024-25
Portfolios: Health, Disability and Ageing; Foreign Affairs and Trade; Home Affairs
Entities: Aged Care Quality and Safety Commission; Australian Trade and Investment Commission; Department of Home Affairs
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. An ‘interest’ is something related to an individual’s personal circumstances that may bring advantage to, or affect, that individual. Interests can include, but are not limited to: financial interests; relationships; employment, including past employment and outside employment; and memberships or affiliations.

2. A conflict of interest can occur when there is a conflict between the public duties and personal interests of a public official that could, or could be seen to, influence the decisions they make or advice they give. For example, an official may hold shares in a company that they are regulating or procuring goods and services from. Conflicts of interest can be real, apparent or potential. Real conflicts of interest occur when personal interests improperly influence officials in performing their public duties.

3. The Public Service Act 1999 sets out that the function of the Senior Executive Service (SES) is to provide APS-wide strategic leadership of the highest quality that contributes to an effective and cohesive APS.1 SES officers should, by personal example and other appropriate means, promote the Australian Public Service (APS) Values and compliance with the Code of Conduct.2 There are specific requirements for accountable authorities and SES employees in relation to the management of interests.3

Rationale for undertaking the audit

4. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties. Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosure and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.4

5. This audit was conducted to provide assurance to the Parliament whether the selected entities are effectively managing SES conflict of interest requirements.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of selected Commonwealth entities’ management of Senior Executive Service conflict of interest requirements.

7. To form a conclusion against the objective, the ANAO adopted the following three high-level audit criteria.

  • Have the entities developed appropriate arrangements to support the management of SES personal interests and conflicts of interest?
  • Have the entities implemented effective controls and processes for managing SES annual declarations of interests in accordance with policies and procedures?
  • Are SES officers effectively completing conflict of interest declarations for activities of heightened risk of conflict?

Conclusion

8. The Aged Care Quality and Safety Commission (ACQSC), the Australian Trade and Investment Commission (Austrade) and the Department of Home Affairs (Home Affairs) are managing conflicts of interest for SES officers in a largely effective manner. The entities’ management of conflicts of interest has generally improved since 2022. There are a number of initiatives underway to strengthen the framework for managing conflicts of interest across the Australian Public Service.

9. The audited entities have largely appropriate arrangements in place to manage the personal interests and conflicts of interest of SES officers. All entities have policies and procedures which identify interests as a matter requiring consideration. ACQSC and Austrade do not have documented procedures for managing accountable authority declarations to the relevant minister as required by the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). Home Affairs introduced a procedure in March 2025. All entities identify responsibilities for managing interests. Internal reporting on the completion of declarations and risks arising from declarations has not been undertaken. All entities include conflicts of interest in their enterprise risk registers or fraud risks. Each entity provides training on conflicts of interest within their mandatory training modules. Entities do not adequately monitor completion of this training. All entities communicate information and guidance on conflicts of interest to staff.

10. All entities have implemented partly effective controls and processes for managing SES declarations of interests. Not all SES officers are making declarations. There are limitations in the completeness of information included in declarations by officers, and demonstrated managerial review only occurred for some declarations. Records documenting management plans were not maintained by ACQSC until early 2024. All entities monitor completion of declarations and follow up non-compliant individuals. Between 2022 and 2024, the accountable authorities of ACQSC and Austrade did not make declarations to relevant ministers, as required. The ACQSC’s new incoming accountable authority made a declaration to the relevant minister in January 2025 and the Austrade accountable authority made a declaration in November 2024 and March 2025. The Home Affairs accountable authority has made declarations as required. ACQSC and Austrade included conflicts of interest in assurance activities between 2022 and 2024, and Home Affairs last did so in 2020–21.

11. Entities are partly effective with respect to SES officers completing activity-based conflict of interest declarations. Entities have generally established a requirement for officers to declare conflicts of interest for procurement, recruitment and grants administration activities. The requirement is weakened when there is no requirement for all officers to make a declaration, including for officers with nothing to declare. The ANAO found that officers from ACQSC and Austrade were generally making declarations for procurement as required. Home Affairs officers were not. Officers from all entities involved in grants administration activities are declaring as required. Results were mixed for recruitment activities. No entities had adequate arrangements in place for conflict of interest risks related to post-separation employment.

Supporting findings

Governance

12. ACQSC’s and Home Affairs’ Accountable Authority Instructions (AAIs) follow the model AAI content from the Department of Finance on the disclosure of interests. ACQSC’s AAIs give additional organisational context. Austrade’s instructions do not include the model content and make limited reference to the management of interests. All entities have supporting policies and procedures. Home Affairs’ policies and procedures provide insufficient detail on the annual SES declaration process. None of the entities had procedures supporting accountable authority declarations to the relevant minister. Home Affairs introduced such a procedure in March 2025. (See paragraphs 2.1 to 2.39)

13. All entities have clearly documented responsibilities identifying that individuals are required to make declarations. ACQSC and Home Affairs identify additional responsibilities for other roles including supervisors, managers and business areas responsible for overall management of interests. There has been no internal reporting undertaken within the entities in relation to the completion of annual interest declarations processes, except ACQSC commenced reporting in January 2025 to its internal governance forum. None of the entities analysed declarations of interests to assess and report on emerging risks. (See paragraphs 2.40 to 2.60)

14. All entities have considered conflicts of interest as part of broader integrity or legislative compliance risks. While risks associated with conflicts of interest are considered by all entities, only Home Affairs has documented the controls and control owners associated with enterprise risks. ACQSC’s register includes risk owners. Appropriate documentation of controls and control owners is absent in ACQSC and Austrade. All entities have considered conflicts of interest as a factor within their fraud and corruption control plans. Home Affairs has assessed conflicts of interest as part of its fraud and corruption risk assessments. (See paragraphs 2.61 to 2.77)

15. All entities have training on conflict of interest within their mandatory annual training. This training is not being completed by all SES officers. To help remind SES officers to complete their annual declarations, each of the entities provide officers with reminders. Information and assistance to support officers to comply with their obligations is also available within each entity. (See paragraphs 2.78 to 2.109)

Annual declarations of interests

16. Not all SES officers are completing annual declarations, with completion rates varying across entities. For ACQSC, the completion rate was 92 per cent in 2024. For Austrade, it was 99 per cent (when taking into account long-term leave and departures) and for Home Affairs it was 84 per cent. Completion rates have varied over time. Declarations generally contain sufficient information to understand the nature and extent of a declared interest, however an explanation of how the interest relates to the ‘affairs of the entity’ is not always sufficiently described. The accountable authorities of ACQSC and Austrade did not make declarations of their interests to the relevant minister as required. (See paragraphs 3.3 to 3.31)

17. None of the entities require that all annual declarations made by SES officers are subject to review. If an officer makes a ‘nil’ declaration, none of the entities have required declarations be reviewed. Home Affairs introduced a requirement in December 2024. Only declarations including an interest are subject to manager review. Management plans developed by Austrade officers document managerial review. Evidence of managerial review was lacking for plans developed by ACQSC and Home Affairs officers prior to 2024. (See paragraphs 3.32 to 3.48)

18. All entities monitor the completion of declarations of interests by SES officers. Where SES officers had not completed declarations, there was a process to follow up with relevant officers and their managers. ACQSC and Austrade undertook assurance activity through the inclusion of conflicts of interest within internal audits between 2022 and 2024. (See paragraphs 3.49 to 3.58)

Declarations of conflicts of interest for activity-based activities

19. Each entity requires that SES officers involved in procurement declare conflicts of interest. For ACQSC the SES officers involved in procurement made declarations as required. Eleven of 14 Home Affairs SES officers did not make declarations as required. From March 2025, Austrade has required that all officers involved in procurement activities make conflict of interest declarations. Before this, only officers who had a conflict to declare were required to make a declaration. As such, there were no records for the two Austrade SES officers in the ANAO sample demonstrating that they had considered conflicts of interest. (See paragraphs 4.5 to 4.8)

20. Austrade does not have a policy specifically relating to making conflict of interest declarations for grants administration. Home Affairs requires officers to disclose and manage conflicts of interest, however, there is a lack of supporting process. The three Austrade SES officers involved in grants administration activities assessed by the ANAO had made conflict of interest declarations. The 13 Home Affairs SES officers involved in grants administration had also made declarations. (See paragraphs 4.9 to 4.13)

21. Each of the entities requires that SES officers involved in recruitment declare conflicts of interest, except Home Affairs does not have a documented policy where the recruitment is for an SES officer. Within ACQSC, 38 per cent of SES officers involved in recruitment activities assessed by the ANAO did not make a declaration as required. Austrade does not require officers to make declarations if they have nothing to declare — 44 per cent of SES officers involved in the recruitment assessed by the ANAO made no declaration. Ninety-seven per cent of Home Affairs’ SES officers involved in recruitment made a declaration. Where conflicts of interest were declared, appropriate officers at the three entities were not always reviewing these and management actions were not always being put in place. (See paragraphs 4.14 to 4.39)

22. None of the entities have adequate policies and procedures to support the identification, declaration and management of conflicts of interest related to post-separation employment. Austrade has a declaration addressing conflicts of interest in its cessation checklist. The checklist was not completed by all departing officers. In addition, there was a lack of evidence to demonstrate that such conflicts of interest were considered for SES employees who had departed. (See paragraphs 4.42 to 4.50)

Recommendations

Recommendation no. 1

Paragraph 2.36

Aged Care Quality and Safety Commission and the Australian Trade and Investment Commission establish arrangements to support compliance with the requirements of the Public Governance, Performance and Accountability Rule 2014 relating to accountable authority (including acting accountable authority) declarations of interests to relevant ministers.

Aged Care Quality and Safety Commission response: Agreed.

Australian Trade and Investment Commission response: Agreed.

Recommendation no. 2

Paragraph 2.99

All entities monitor the status of mandatory training to ensure that it is completed within expected timeframes. Where completion is not timely, follow up action should be taken to ensure that requirements are met.

Aged Care Quality and Safety Commission response: Agreed.

Australian Trade and Investment Commission response: Agreed.

Department of Home Affairs response: Agreed.

Recommendation no. 3

Paragraph 3.18

Aged Care Quality and Safety Commission revise:

  1. guidance supporting annual declarations to ensure individuals making declarations sufficiently describe their roles and responsibilities; and
  2. its annual declaration form to require that annual declarations be refreshed in detail at regular intervals and specify a duration permitted for reliance on prior declarations.

Aged Care Quality and Safety Commission response: Agreed.

Recommendation no. 4

Paragraph 4.15

Aged Care Quality and Safety Commission update its form for making conflict of interest declarations in relation to recruitment to include a section to describe the nature and extent of a conflict and how it is intended to be managed, and to record acceptance by the panel chair or recruitment delegate.

Aged Care Quality and Safety Commission response: Agreed.

Recommendation no. 5

Paragraph 4.19

Australian Trade and Investment Commission revise its recruitment policy to require declarations of conflicts of interest in all instances, including where no conflict is present.

Australian Trade and Investment Commission response: Agreed.

Recommendation no. 6

Paragraph 4.23

The Department of Home Affairs document its approach to managing conflicts of interest for SES recruitment activities.

Department of Home Affairs response: Agreed.

Recommendation no. 7

Paragraph 4.46

Aged Care Quality and Safety Commission and the Department of Home Affairs update policies and procedures to include employee obligations to identify, declare and manage conflicts of interest related to post-separation employment.

Aged Care Quality and Safety Commission response: Agreed.

Department of Home Affairs response: Agreed.

Summary of entity responses

23. The proposed report was provided to ACQSC, Austrade and Home Affairs. Summary responses from the entities are reproduced below. Full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

Aged Care Quality and Safety Commission

The Aged Care and Quality Safety Commission (the Commission) welcomes the findings of the audit which align well with the uplift in our integrity policies and practices the Commission already had underway, and some of which were applied during the period of the audit.

The Commission agrees with the five recommendations relating to arrangements for the accountable authority to provide declarations to the Minister, monitoring compliance with mandatory training, ensuring declarations contain information about the person’s role and responsibilities, ensuring annual declarations are refreshed at regular intervals, updating our recruitment Conflict of Interest Form and updating policies and procedures to include post separation conflicts of interest.

The Commission had already commenced improving its conflict of interest processes as part of a wider integrity uplift prior to the audit and the learnings from this audit will continue to inform our integrity maturity uplift. Recommendations from the audit have been actioned with amendments being made to forms, policies and procedures.

Australian Trade and Investment Commission

The Australian Trade and Investment Commission welcomes the audit report and acknowledges the findings and recommendations made by the Australian National Audit Office in relation to the Management of the Senior Executive Services Conflict of interest requirements.

The Australian Trade and Investment Commission is committed to implementing the recommendations from the report. These improvements will further strengthen Austrade’s efforts to ensure all Senior Executive Service (SES) employees of the agency declare all conflicts of interest, and that all declarations are managed with integrity and consistent with legislative obligations.

Department of Home Affairs

All findings and recommendations are agreed. The Department of Home Affairs is committed to ensuring that appropriate processes are maintained for identifying and managing conflicts of interest. This is fundamental to maintaining public trust and confidence in our operations.

Mandatory training is currently in place for all staff and the department will establish follow up actions to ensure SES officers are meeting their mandatory training obligations within set timeframes. This will strengthen the current system of automatic reminders which are sent to both staff and their supervisors, and non-compliance reports that are provided to senior leaders.

The department has work underway to improve its conflict of interest process. This includes updating policies and guidance material and strengthening education. The department has already updated and strengthened procurement guidance and templates to ensure delegates are aware of their conflict of interest obligations throughout each stage of the procurement process. Formal procedures have also been implemented for the Senior Executive Service annual declaration of interest process.

Key messages from this audit for all Australian Government entities

24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Governance and risk management

Key learning reference
  • Accountable authorities have obligations to declare interests to relevant ministers. This obligation applies to both the permanent accountable authority and anyone filling the role on an acting basis.
  • More comprehensive annual declarations of interests by SES officers include detail on the nature and extent of the interest, as well as how the interest relates to the affairs of the entity. For example, declarations could identify the role held by the SES officer and relevance to this role of the declared interest.
  • There should be clearly defined obligations for managers or other officials to document review of declarations, and the approval of any associated management actions.
  • For activities with heightened risk of conflicts of interest (such as procurement, grants administration, recruitment and post-separation employment), controls are strengthened where officials are required to make a declaration in all instances, even where no interest is present. This supports transparency and helps to ensure that officials have turned their minds to conflicts of interest.
Type: Performance audit
Report number: 44 of 2024-25
Portfolios: Attorney-General’s
Entities: Attorney-General’s Department
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. The National Office for Child Safety (NOCS) was established in July 2018 in response to the Royal Commission into Institutional Responses to Child Sexual Abuse (the Royal Commission). The Royal Commission had reported in December 2017. NOCS was initially located in the Department of the Prime Minister and Cabinet. It was moved in 2022 to the Attorney-General’s Department (AGD) as a result of the June 2022 Administrative Arrangements Order.

2. In October 2021, the Australian Government launched the National Strategy to Prevent and Respond to Child Sexual Abuse 2021–2030 (National Strategy).1 The first phase of the National Strategy includes two four-year action plans (from 2021 to 2024): the First National Action Plan (NAP), to be delivered by Commonwealth, state and territory governments; and the First Commonwealth Action Plan, to be delivered by Commonwealth agencies.

3. NOCS is responsible for launching three new national support services. The provision of the three national support services is to be contracted. The approach to procuring service providers for NAP Measures 7, 10 and 21 was considered in the same procurement strategy, in which the department stated, ‘the three services are in varying stages of development and would likely be ready to approach the market at different times throughout 2023’. A Request for Tender (RFT) process has been undertaken for NAP Measures 10 and 21. Procurements have also been undertaken for the advisers and consultants to assist with the NAP Measure procurement processes as well as an evaluation provider for the NAP 10 and NAP 21 services.

4. There will be a lag between contracts being signed and services being provided to non-offending family members of child sexual abuse perpetrators (NAP 10) and persons at risk of offending or re-offending (NAP 21). The contractual arrangements that were the subject of the RFTs set out that there would be four phases to service delivery. The first two phases are, on the basis of the tender responses from the two preferred tenderers, expected to take at least five to six months. Those phases involving planning, design and establishing the infrastructure to enable service delivery (including the operation of the helplines and provision of websites) to commence in the third phase. Service delivery to citizens commences in the third phase. The offer periods were extended in January 2025 from August 2024 to April 2025 and the department advised the ANAO in April 2025 that the preferred tenders had agreed to further extend their offer periods (to 31 July 2025).

Rationale for undertaking the audit

5. The establishment of the new services is part of the response to the 2017 final report of the Royal Commission into Institutional Responses to Child Sexual Abuse. The timely conduct of the related procurements is intended to establish services that will provide support and advocacy for a cohort of secondary victims of child sexual abuse perpetration and protect children by intervening before an individual offends. The audit was conducted to provide assurance to the Parliament about the establishment of the two new national services, as well as the department’s approach to procurement.

Audit objective and criteria

6. The audit objective was to assess whether the Attorney-General’s Department’s conduct of the procurements relating to two of the new child sexual abuse-related national services employed open and effective competition and achieved value for money, consistent with the Commonwealth Procurement Rules (CPRs).2

7. The new child sexual abuse-related national services identified as needed by the Royal Commission and agreed by government are not being provided, with no contracts in place for the delivery of those services as at May 2025. The audit examined the conduct of the procurements up to the point at which preferred tenderers were selected as representing the best value for money, and did not examine the conduct of contract negotiations given they had not been completed.

8. To form a conclusion against the objective, the following high-level criteria were adopted.

  • Were the procurement processes open, competitive, fair and non-discriminatory?
  • Was the selection of preferred tenderers consistent with achieving value for money?

Conclusion

9. The Attorney-General’s Department’s conduct of the procurements for two of the new national services (NAP 21 and NAP 10) did not involve open and effective competition and the selection of preferred tenderers was not consistent with achieving value for money. There have been significant delays with the conduct of both procurements and the preferred tenders were not capable of being accepted by the department without further clarification and negotiation. The offer validity periods expired with substantive matters continuing to be negotiated with each preferred tenderer.3 While the department selected preferred tenderers in June 2024 (for NAP 21) and September 2024 (for NAP 10) as offering the best value for money through a competitive procurement process, since then it has, in effect, conducted limited tenders with the two preferred tenderers, in circumstances that do not satisfy the conditions for a limited tender set out in the Commonwealth Procurement Rules (CPRS).4

10. The Attorney-General’s Department (AGD) conducted a single-stage, open approach to market for each of the NAP 10 and NAP 21 services. In most respects, the Request for Tender (RFT) documentation for the NAP 10 and NAP 21 procurements identified the information required by the Commonwealth Procurement Rules. The procurement processes were not conducted in accordance with the Commonwealth Procurement Rules. Of note:

  • Seven of the 11 tenders received for the NAP 10 and NAP 21 procurements were not compliant with one or more of the requirements set out in the RFTs. This included six tenders that did not provide all of the pricing information that the RFT stated was required to be submitted to inform evaluation. The department’s approach did not include any marking down of the evaluation of those tenderers against the price criterion to reflect that information required by the RFT had not been provided. The two preferred tenderers were in the cohort of seven.
  • The procurement processes were not consistently conducted in accordance with ethical requirements. The engagement of the probity adviser was through a process that lacked probity, and the later engagement (without any competition) of the probity adviser to also provide strategic procurement advice adversely impacted the independence and objectivity of the probity adviser.5 The declaration and management of conflicts of interest was also not to an appropriate standard. This included ineffective management of a conflict the chair of the Evaluation Committee for the NAP 21 procurement had with the tenderer that emerged as the preferred candidate.

11. In relation to advisers and consultants to support the conduct of the NAP 10 and NAP 21 service procurements, competition was not employed for five of the nine engagements and the department did not evaluate candidates against the specified criteria for each of the procurements.

12. The procurements were not timely with the result that selection of preferred tenderers occurred later than planned, no contracts are in place as of May 2025 and services are not being provided. The approach to evaluation was not designed and conducted in a way that enabled the Attorney-General’s Department (AGD) to demonstrate achievement of value for money in the selection of preferred tenderers for the National Action Plan Measure 10 (NAP 10) and National Action Plan Measure 21 (NAP 21) procurements.

  • Departmental records do not document how the budgeted funding amounts for services were arrived at. Awarding the contracts to tenders that were less than the budgeted funding was an important element of procurement planning yet the price criterion was not one of the weighted evaluation criteria. The budgeted amounts played an important role in the outcome of the procurement process for the NAP 10 procurement.
  • While tender evaluation plans were in place prior to the closing date for the NAP 10 and NAP 21 tenders, they did not adequately address how the department planned to evaluate the pricing information tenderers were required to include. The department also admitted into evaluation tenders that had not provided all of the required pricing information (including from the two preferred tenderers).
  • The conduct of the tender evaluation for the NAP 10 and NAP 21 procurements was not timely. It was also not consistent with approach to market documents.
  • The department’s evaluation records do not clearly demonstrate that the preferred tenderers for the NAP 10 and NAP 21 procurements provided the best value for money.

13. The processes to engage the consultants and advisers to support the NAP 10 and NAP 21 procurements also did not demonstrate value for money. This was due to an absence of competition and/or value for money not being assessed, or the successful candidate not being assessed as providing the best value for money.

Supporting findings

Open and competitive procurement

14. Open tender approaches to market were employed to engage the service providers for the NAP 10 and NAP 21 services. The procurement approach to engage the evaluation provider was a panel procurement, which involved approaching 12 candidates to respond to a RFQ. When procuring advisers and consultants to assist with the NAP 10 and NAP 21 procurements, the department’s processes involved some competition for less than half of the engagements and no competition for more than half of the engagements, which is inconsistent with the Commonwealth Procurement Rules. (See paragraphs 2.3 to 2.16)

15. In most respects, the RFT documentation for the NAP 10 and NAP 21 procurements issued by AGD identified the information required by the CPRs. This included the conditions for participation, minimum content and format requirements and evaluation criteria. AGD did not clearly identify the relative importance of each of the criteria to be applied in the evaluation processes. (See paragraphs 2.17 to 2.34)

16. With one exception, all tenders accepted for evaluation had been lodged by the specified closing date. ( See paragraphs 2.35 to 2.36)

17. Six of the tenders received for the NAP 10 and NAP 21 procurements were not compliant with the requirements of the RFT. The two preferred tenderers were not compliant with all of the requirements set out in the RFT, as neither had submitted all of the pricing information that the RFT had said was required. In addition, for the NAP 21 procurement, for the preferred tenderer the evaluation report identified 24 items related to service delivery, the solution/technical issues, legal/contract issues and pricing issues for which additional information was required by the department before a contract negotiation directive could be prepared. The department’s approach also did not satisfy the requirement of the CPRs that further consideration only be given to submissions that meet minimum content and format requirements. Three of the tenders for the NAP 10 and NAP 21 procurements that did not meet those requirements were progressed to evaluation before the department sought to address the situation. (See paragraphs 2.37 to 2.43)

18. Tenders for the NAP 10 and NAP 21 procurements were not fully and fairly evaluated against each of the criteria. In relation to the price criterion, tenderers were required to provide information under three scenarios (low, medium and high call volumes). The department did not evaluate tenders under each of the three scenarios because not all tenderers provided the required information. For the NAP 21 procurement, the department analysed the high volume call scenario whereas, for the NAP 10 procurement, the medium call volume scenario was used. The department’s approach reflects that it accepted for evaluation tenders that had not provided all the required price information and so it used the call volume scenario in each tender where it had a response from all tenderers. The approach to evaluation did not include any marking down of the evaluation against the price criterion for the tenderers that had not provided all of the required information.

19. In relation to the evaluation provider procurement, a second evaluation panel had to convene to re-evaluate responses after the department became aware it had not evaluated all four of those received.

20. For one of the procurements of advisers, the department’s evaluation did not address a mandatory requirement such that it had to retract its advice that the candidate assessed as offering value for money was preferred after it eventuated that the candidate did not meet the requirement. (See paragraphs 2.44 to 2.91)

21. The department did not conduct all tender clarification and collaboration activities in a fair and transparent manner as required by the Commonwealth Procurement Rules. (See paragraphs 2.92 to 2.105)

22. The department’s procurement processes did not demonstrate ethical conduct as required by the Commonwealth Procurement Rules.6 This included the approach employed to procuring the probity adviser. The department did not have an effective approach to the declaration, and management, of conflicts of interest. (See paragraphs 2.106 to 2.151)

Demonstrating achievement of value for money

23. Departmental records do not document how the budgeted funding amounts for services were arrived at. (See paragraphs 3.2 to 3.8)

24. There have been significant delays with the department’s conduct of the procurements with the result that the services aimed at protecting children from sexual abuse by intervening before an individual offends or re-offends, and at providing nationally available free support to non-offending family members of child sexual abuse perpetrators, are not yet available. The Requests for Tender (RFTs) were issued later than had been planned by the department. It also took longer than planned to evaluate the tender responses, select the preferred tenderers (who were notified in June 2024 and September 2024) and enter into contract negotiations. The offer validity periods expired with substantive matters continuing to be negotiated with each preferred tenderer. Should contract negotiations be successful, the department expects that services will not begin to be provided until mid-2025, which would be four years and eight months after the National Strategy was released. (See paragraphs 3.9 to 3.19)

25. Tender evaluation plans were in place prior to the closing date for the NAP 10 and NAP 21 tenders. The evaluation plans had not been signed off by the probity adviser. The evaluation plans did not adequately address how the department planned to evaluate the pricing information tenderers were required to submit. (See paragraphs 3.20 to 3.30)

26. The conduct of the tender evaluation for the NAP 10 and NAP 21 procurements was not timely and was not consistent with approach to market documents. (See paragraphs 3.31 to 3.44)

27. The department’s evaluation records do not clearly demonstrate that the preferred tenderers provided the best value for money.

  • Each of the two preferred tenderers had not provided all of the information the RFT had identified as being required.
  • For the NAP 21 procurement, after it was selected as the preferred tenderer, the department obtained significant additional information from the tenderer related to service delivery, the solution/technical issues and legal/contract issues. The need for this information was not identified in the tender evaluation report.
  • For the NAP 10 procurement, the tenderer that scored highest against the weighted criteria was excluded from participating further in the tender process in favour of the second highest scoring tenderer. There were also departures from the RFT in terms of the evaluation criteria that were applied, and the approach taken to putting in place a performance guarantee with the successful tenderer. Further, the tender evaluation report did not identify that the department considered there were areas requiring clarification relating to pricing issues and solution/technical issues, including a concern that the tenderer’s pricing for the medium and high call volume scenarios exceeded the budgeted amount for each year of service delivery. (See paragraphs 3.45 to 3.60)

28. The roles and responsibilities of individuals involved in the NAP 10 and NAP 21 procurements set out in the evaluation plans provided for an appropriate separation of duties between the spending delegate and the Evaluation Committees. The probity adviser was not independent of the procurement processes as it also performed the role of strategic procurement adviser. (See paragraphs 3.61 to 3.65)

29. Appropriate procurement records were partly maintained. While available records addressed the requirement for the NAP 10 and NAP 21 procurements, evidence to support key decisions was not maintained. In addition, the tender evaluation report did not accurately reflect the evaluation process that was employed or satisfactorily demonstrate that value for money had been achieved. There are no records evidencing how the department arrived at the budgeted amounts for the two services. (See paragraphs 3.66 to 3.71)

30. Contracts for the two new services have not been signed, meaning the requirement to report on AusTender has not been triggered. The department met its obligation to report the evaluation provider contract accurately within the 42 day deadline. The department was also required to report on AusTender a number of the adviser and consultant contracts it entered into for the purpose of assisting with the main procurements. There were delays and inaccuracies in reporting of six of the eight contracts that required reporting on AusTender. (See paragraphs 3.72 to 3.74)

Recommendations

Recommendation no. 1

Paragraph 2.25

When conducting procurements, the Attorney-General’s Department clearly identify the relative importance of each of the criteria to be applied in the evaluation process. This should include appropriate weighting of the price criterion in circumstances where a budget has been established for the goods and/or services being procured.

Attorney-General’s Department response: Agreed.

Recommendation no. 2

Paragraph 2.65

When planning procurements, the Attorney-General’s Department:

  1. ensures that potential suppliers are required to provide all the information that is relevant for the purposes of evaluation, and not ask for any information that is not required;
  2. where data that is required for evaluation is not provided by a tenderer, this should be reflected in the tender either being excluded or a lower score against the relevant criterion (where the missing information relates to the evaluation criteria); and
  3. where data that is required for evaluation has been provided, the department should have a plan to evaluate this information and it should be evaluated in full by the department.

Attorney-General’s Department response: Agreed.

Recommendation no. 3

Paragraph 2.104

The Attorney-General’s Department improve its procurement framework to address the conduct of additional processes, including collaboration activities to ensure they are conducted in a fair and transparent manner.

Attorney-General’s Department response: Agreed.

Recommendation no. 4

Paragraph 2.151

The Attorney-General’s Department strengthen its adherence to recognised principles and processes for conducting procurements ethically, including the identification and effective management of conflicts of interest.

Attorney-General’s Department response: Agreed.

Recommendation no. 5

Paragraph 3.29

When developing evaluation plans, the Attorney-General’s Department ensure that the planned evaluation addresses all information tenderers are required to include in submissions.

Attorney-General’s Department response: Agreed.

Recommendation no. 6

Paragraph 3.70

The Attorney-General’s Department improve its procurement record keeping so that accurate and concise information exists on the process that was followed, how value for money was considered and achieved, and relevant decisions and basis of those decisions.

Attorney-General’s Department response: Agreed.

Summary of entity response

31. The proposed audit report was provided to the Attorney-General’s Department and an extract of the proposed report was provided to Astryx Pty Ltd. The Attorney-General’s Department’s summary response is reproduced below.

Attorney General’s Department

The department appreciates the opportunity afforded from the ANAO audit process to improve future procurement practices and accepts the ANAO’s key finding in the Section 19 Report. This includes all six of the ANAO’s recommendations, along with the opportunities for improvement identified throughout. The procurement processes being reviewed were complex in nature and the department made genuine efforts to ensure correct process was followed and ethical requirements were met throughout. The department has already taken steps to improve current procurements being run the by the National Office for Child Safety (NOCS) based on discussions with the ANAO, and is also committed to implementing departmental-wide improvements. The department thanks the ANAO for its audit of the conduct of procurements relating to two new child sexual abused-related national services, and is confident that procurement practices of NOCS, and across the whole of the department, will be improved as a result.

Key messages from this audit for all Australian Government entities

32. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Procurement

Key learning reference
  • When advising ministers on the conduct of procurements it is important that entities provide advice that is comprehensive and does not, for example, exclude important information that identifies shortcomings or risks with the conduct of the procurement.
  • To treat potential suppliers fairly, entities should issue any addenda to all candidates in a limited tender, and make the addenda available to all potential candidates when the procurement is by way of an open tender process.
  • To conduct a fair evaluation process, it is important that entities ensure information required to be submitted by tenderers is appropriate and sufficient to enable a full evaluation against each evaluation criterion. If incomplete tenders, including where required pricing has not been provided, are accepted by an entity, the entity faces an increased risk of not being able to consider the tenders on a level playing field and then move to efficiently put the contract in place when the preferred tenderer is selected. The non-provision of pricing and any other information the approach to market identifies as required should be reflected in the tender evaluation results.
  • Tender evaluation reports should be objective, impartial and written to give the decision-maker all the information they need. This includes all relevant information, good and bad, about tenderers and not just the information that supports the selection of the preferred tenderer.
  • Selecting a lead negotiator, and members of the negotiation team, is an important decision in order for negotiations to be timely and effective. For important and/or complex procurements in particular, a lead negotiator who has a senior role in the entity can assist to drive the process forward within the entity, as well as sending an important message to the other party. Entities should also consider the benefits of specialist negotiation training being undertaken by the negotiation team, or investigating how the entity can access the necessary skills and experience (including, potentially, from other Australian Government entities).
Group title

Probity in procurement

Key learning reference
  • When obtaining probity advice on the conduct of tender evaluations, entities should direct probity advisers to explicitly address whether the issue on which advice is being sought is acceptable in terms of the approach to market documentation and evaluation plan for the particular procurement. The focus should not be only on identifying opportunities for improvement in future procurements.
  • Acting ethically when conducting procurements requires more than documenting plans and guidance, obtaining and filing conflict of interest declarations and obtaining sign offs at key points from probity advisers. It requires ethical principles to be applied to all actions throughout the entire procurement process and for management action to be taken when ethical issues are identified. It also requires good recordkeeping so that it can be transparently demonstrated that the procurement was conducted ethically.
  • While probity advisers can be engaged to assist entities conduct procurements ethically as required by the Commonwealth Procurement Rules, responsibility and accountability for the procurement cannot be outsourced by entities to their probity (or any other) advisers. When engaging an external probity adviser, it is important that entities conduct the procurement process in a way that is ethical. It is also important that entities consider the risks of engaging the same probity adviser on an ongoing basis and ensure that the tasks allocated to the probity adviser do not threaten the independence and objectivity of the probity adviser.
Type: Performance audit
Report number: 40 of 2024-25
Portfolios: Prime Minister and Cabinet; Defence; Education; Employment and Workplace Relations; Home Affairs; Infrastructure, Transport, Regional Development, Communications and the Arts
Entities: Across Entities
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. Reducing the disparity between Indigenous and non-Indigenous economic outcomes has been a longstanding goal of Australian governments. The National Agreement on Closing the Gap aims to strengthen economic participation and development of Aboriginal and Torres Strait Islander people and their communities.1 Increasing opportunities for Indigenous economic participation has also been an area of interest for the Australian Parliament.2

2. The Indigenous Procurement Policy (IPP) was established in 2015 with the objective ‘to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy’.3 One of three elements of the IPP are the mandatory minimum requirements (MMRs), which are targets for minimum Indigenous employment and/or supply use for Australian Government contracts valued from $7.5 million in certain specified industries.4 The National Indigenous Australians Agency (NIAA) is responsible for administering the IPP, including the MMRs.

Rationale for undertaking the audit

3. The stated policy objective of the MMRs is to ‘ensure that Indigenous Australians gain skills and economic benefit from some of the larger pieces of work that the Commonwealth outsources, including in Remote Areas’.5 Compliance with the MMRs is mandatory for non-corporate Commonwealth entities. The MMRs were established in July 2015 and became binding on contractors from 1 July 2016.

4. Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements was undertaken to provide assurance that the MMRs were being effectively administered and selected entities were complying with them.6 The audit concluded that while the MMRs were effectively designed, their administration had been undermined by ineffective implementation and monitoring by the policy owner and insufficient compliance by the selected entities.7 The audit made six recommendations to improve administration of and compliance with the MMRs, which were all agreed to.

5. Auditor-General reports identify risks to the successful delivery of government outcomes and provide recommendations to address them. The tabling in the Parliament of an agreed response to an Auditor-General recommendation is a formal commitment by the entity to implement the recommended action. Effective implementation of agreed Auditor-General recommendations demonstrates accountability to the Parliament and contributes to realising the full benefit of an audit.8

6. This audit examines whether the NIAA; Department of Defence (Defence); Department of Education (Education); Department of Employment and Workplace Relations (DEWR)9; Department of Home Affairs (Home Affairs); and Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts (Infrastructure) have effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20. Entities’ implementation of agreed recommendations will help provide assurance to the Parliament about whether the MMRs are meeting the objective of stimulating Indigenous entrepreneurship, business and economic development and providing Indigenous Australians with opportunities to participate in the economy.

Audit objective and criteria

7. The audit objective was to assess whether selected entities effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.

8. To form a conclusion against the objective, the following high-level criteria were adopted.

  • Did the NIAA implement recommendations related to the administration of the MMRs?
  • Does the NIAA manage exemptions to the MMRs effectively?
  • Did selected entities implement recommendations related to their compliance with the MMRs?

Conclusion

9. Almost five years after the recommendations were agreed to, entities had partly implemented recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements. Although the NIAA had improved guidance for entities and sought to increase MMR reporting compliance, a recommendation for the NIAA as the policy owner to implement an evaluation strategy was not completed. The NIAA has not demonstrated whether the MMRs are improving Indigenous economic participation. A risk related to the inappropriate use of exemptions was not managed. Recommendations intended to address the risk that reporting on MMR contracts is incomplete and inaccurate were partly implemented by audited entities. Reforms to the Indigenous Procurement Policy were announced in February 2025 without a clear understanding of the policy’s effectiveness.

10. The NIAA largely implemented two of three recommendations relating to its administration of the MMRs: to develop guidance on the MMRs for Australian Government entities and contractors; and to implement a strategy to increase MMR reporting compliance. The NIAA did not complete a third recommendation as it developed but did not implement an MMR evaluation strategy. Additional commitments made by the NIAA in response to two recommendations were not met.

11. Contracts subject to the MMRs may be exempted by entities for valid reasons established in the Indigenous Procurement Policy. The inappropriate use of exemptions impedes achievement of the Indigenous Procurement Policy’s objectives. The NIAA’s management of exemptions has been partly effective. Systems have been set up to allow potentially invalid exemptions. There is a lack of guidance and assurance over the appropriate use of exemptions.

12. Defence, Education and Home Affairs largely implemented the agreed recommendations relating to compliance with the MMRs. The NIAA, DEWR and Infrastructure partly implemented the agreed recommendations. The MMRs are relevant to the approach to market, tender evaluation, contract management, reporting and finalisation phases of a procurement. Compliance with the MMR requirements was higher in the approach to market, tender evaluation and contract management phases than in the reporting and finalisation phases. All entities could do more to ensure contractors’ compliance with MMR targets and to gain assurance over reported MMR performance.

Supporting findings

Administration of mandatory minimum requirements

13. Auditor-General Report No. 25 2019–20 recommended that the NIAA develop tailored guidance on managing the MMRs throughout the contract lifecycle in consultation with entities and contractors. The NIAA published updated guidance on managing the MMRs in July 2020, following stakeholder consultation. The guidance included complete information for nine of 14 topics identified as requiring additional guidance in Auditor-General Report No. 25 2019–20. Guidance included incomplete information on MMR exemptions, managing MMR performance reporting, and obtaining assurance over contractors’ MMR performance reporting. As at March 2025, guidance had not been updated since July 2020 despite changes to MMR reporting requirements. A commitment to publish guidance tailored for Indigenous businesses was not met. (See paragraphs 2.5 to 2.22)

14. Contractors must report on, and Australian Government entities must assess, performance in meeting agreed MMR targets. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement a strategy to increase entity and contractor compliance with MMR reporting requirements to ensure information in the Indigenous Procurement Policy Reporting Solution (IPPRS) is complete. The NIAA planned and undertook activities aimed at increasing contractors’ compliance with MMR reporting requirements and entities’ management of reporting non-compliance. These included improvements to the IPPRS and monitoring reporting compliance in Australian Government portfolios. The NIAA closed the ANAO recommendation before planned changes to the IPPRS were implemented. As at February 2025, the IPPRS did not fully support contract managers to meet reporting requirements for all types of MMR contracts. User feedback indicated ongoing access and support issues. While reporting compliance increased between 2022 and 2024, as at June 2024, entities and contractors were not fully compliant with MMR reporting requirements and information in the IPPRS was incomplete. Reforms to the IPP announced by government in February 2025 included potentially increasing transparency of suppliers’ performance against MMR targets. (See paragraphs 2.23 to 2.32)

15. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement an evaluation strategy for the MMRs that outlines an approach to measuring the impact of the policy on Aboriginal and Torres Strait Islander employment and business outcomes. Although an evaluation strategy for the MMRs was finalised, it was not implemented. The NIAA has not met requirements to review the effectiveness of a procurement-connected policy every five years. There is no performance monitoring and limited public reporting about the MMRs. (See paragraphs 2.33 to 2.54)

Exemptions from mandatory minimum requirements

16. Between July 2016 and September 2024, 63 per cent (valued at $69.3 billion) of all contracts recorded in the Indigenous Procurement Policy Reporting Solution (IPPRS) were exempted from the MRRs by relevant entities. The proportion of contracts exempted by entities from the MMRs has increased over time. The IPPRS has been set up by the NIAA to allow entities to record reasons for exemptions. The reason categories in the IPPRS mainly align with the Indigenous Procurement Policy, however include a category called ‘other’ that does not align. Of exempted contracts, 34 per cent (valued at $30.2 billion) used the exemption category ‘other’. The NIAA advised the ANAO that some contracts exempted for ‘other’ reasons were exempted because they are in practice non-compliant with the Indigenous Procurement Policy. Entities’ use of the ‘other’ exemption category for non-compliant contracts obscures the degree of non-compliance with the MMRs and is not appropriate. The NIAA does not provide complete guidance on the use of exemptions, or assurance over the legitimacy of exemptions. The NIAA has not considered the strategic implications of exemption usage for the achievement of policy objectives. (See paragraphs 3.1 to 3.13)

Compliance with mandatory minimum requirements

17. Auditor-General Report No. 25 2019–20 recommended that all audited entities review and update their procurement protocols to ensure procuring officers undertaking major procurements that trigger the MMRs comply with required steps in the procurement process.

  • As at December 2024, all entities updated their procurement protocols for MMR requirements. One component of this was the development of detailed internal guidance. As at December 2024, Defence, Education, Home Affairs and Infrastructure’s guidance identified key MMR requirements for the approach to market to contract management phases of the procurement lifecycle. DEWR’s guidance and the NIAA’s internal guidance did not identify all key MMR requirements.
  • Aside from Home Affairs, all entities’ contracts were largely compliant with the MMRs at the approach to market, tender evaluation and contract management phases of the procurement lifecycle. Home Affairs’ contracts was partly compliant. Defence’s compliance was poorer for contracts resulting from panel procurements.
  • All audited entities could improve tender evaluation processes by including an IPPRS search on tenderers’ past MMR compliance.
  • In summary: Defence, Education, and Infrastructure largely implemented the 2019–20 recommendation, and the NIAA and DEWR partly implemented it. Home Affairs’ guidance was appropriately updated, however it has not consistently ensured that procuring officers undertaking major procurements that trigger the MMRs comply in practice with the required steps. (See paragraphs 4.3 to 4.18)

18. Auditor-General Report No. 25 2019–20 recommended that all audited entities establish processes, or update existing processes, to ensure contract managers and contractors regularly use the IPP Reporting Solution (IPPRS) for MMR reporting.

  • Defence, Education and Home Affairs’ internal guidance identified key IPPRS reporting requirements, while the NIAA, DEWR and Infrastructure’s internal guidance did not identify all key requirements.
  • For a sample of contracts, the NIAA’s MMR reporting was timely and based on accurate IPPRS data. For the other five entities, there were issues with both timeliness and accuracy. None of the five entities consistently followed up on late contractor reporting.
  • When a contract variation is published on AusTender, IPPRS data is not consistently updated. This means a contract may be identified as on track to meet the MMR target based on incorrect values or a contract may move to the finalisation step prematurely as the end date is inaccurate.
  • In summary: Defence, Education and Home Affairs largely implemented the 2019–20 recommendation, and the NIAA, DEWR and Infrastructure partly implemented it. (See paragraphs 4.19 to 4.37)

19. Auditor-General Report No. 25 2019–20 recommended that after guidance has been provided by the policy owner, all audited entities establish appropriate controls and risk-based assurance activities for active MMR contracts.

  • As the policy owner, the NIAA published guidance in July 2020 that has a short overview on how MMR performance information could be verified.
  • All six entities established at least some controls and arrangements to gain assurance over contractors’ MMR performance reporting. Controls and arrangements were more developed in Education and Home Affairs.
  • For a sample of contracts examined, none of the entities consistently undertook assurance activities to verify contractor performance reporting. Defence undertook the most assurance activity.
  • In summary: all entities partly implemented the 2019–20 recommendation. (See paragraphs 4.38 to 4.59)

Effectiveness of the mandatory minimum requirements

Based on MMR performance information reported by Australian Government entities and contractors, the number and value of MMR contracts have grown since the introduction of the Indigenous Procurement Policy (IPP) in 2015. In 2016–17, 17 contracts with MMR targets for Indigenous employment and/or supply use were awarded, with a total value of $756.4 million. In 2023–24, 189 MMR contracts were awarded with a total value of $5.9 billion. Between 1 July 2016 and 30 September 2024, 870 MMR contracts were awarded by 52 Australian Government entities with a total value of $45.2 billion. Indigenous employment and/or supply use targets established under the MMR contracts were reported to be met for 72 per cent of completed MMR contracts.a

The majority of MMR contracts were reported to be meeting established employment and supply use targets. These results, however, were based only on contracts where reporting was complete. As at June 2024, 28 per cent of MMR contracts in the reporting phase were not compliant with MMR reporting requirements. Reporting relies on contractor information, and entities largely had not undertaken activities to verify that MMR performance information was accurate.

While the application of the MMRs is trending upwards, between July 2016 and September 2024, 1,475 contracts valued at $69.3 billion were ‘exempted’ by entities from the MMRs, often for reasons that are unclear.

There is a lack of performance information and evaluation data that allows for the impact and outcomes of the IPP to be assessed. The NIAA’s public reporting on the IPP does not provide information on the MMRs’ effectiveness. It is unclear if the IPP’s objectives of stimulating Indigenous entrepreneurship, business and economic development, and providing Indigenous Australians with more opportunities to participate in the economy, are achieved. While the Indigenous business sector has grown since the introduction of the IPP, in November 2024 the Joint Standing Committee on Aboriginal and Torres Strait Islander Affairs highlighted limitations in available data on the economic contribution of the sector and the impact of policies to support Indigenous economic participation.b

Note a: Based on 161 contracts where an assessment outcome was reported as at 30 September 2024.

Note b: Joint Standing Committee on Aboriginal and Torres Strait Islander Affairs, Inquiry into economic self-determination and opportunities for First Nations Australians (2024), pp. 13–19, 39–40.

Recommendations

20. This report makes eight recommendations.

Recommendation no. 1

Paragraph 2.21

To support Australian Government entities and contractors to comply with the mandatory minimum requirements (MMRs), in consultation with entities and contractors, the National Indigenous Australians Agency review and update MMR guidance material to ensure that it:

  1. accurately reflects the current process for managing MMR reporting in the Indigenous Procurement Policy Reporting Solution and provides guidance on appropriate reporting timeframes;
  2. provides sufficient information to support entities to implement risk-based assurance activities for MMR contracts; and
  3. provides sufficient information for entities and contractors on suitable evidence to support performance reporting.

National Indigenous Australians Agency response: Agreed.

Recommendation no. 2

Paragraph 2.45

The National Indigenous Australians Agency establish a process to ensure it meets Australian Government requirements placed on policy owners of procurement-connected policies, including reapplication for recognition as a procurement-connected policy.

National Indigenous Australians Agency response: Agreed.

Recommendation no. 3

Paragraph 2.52

The National Indigenous Australians Agency:

  1. complete and publish an evaluation of the effectiveness of the mandatory minimum requirements in contributing to meeting the objectives of the Indigenous Procurement Policy; and
  2. develop mandatory minimum requirements performance measures to enable ongoing monitoring.

National Indigenous Australians Agency response: Agreed.

Recommendation no. 4

Paragraph 3.11

To ensure exemptions are accurately recorded in the Indigenous Procurement Policy Reporting Solution, non-compliance with the Indigenous Procurement Policy can be appropriately identified, all applicable contracts are subject to the mandatory minimum requirements reporting and assessment process, and the Indigenous Procurement Policy is achieving its policy objectives, the National Indigenous Australians Agency:

  1. amend its protocols to ensure that it is not treating non-compliance with mandatory minimum requirements as an exemption or exclusion;
  2. consider what scenarios that are consistent with allowable exclusions and exceptions within the Indigenous Procurement Policy are not covered by existing categories in the Indigenous Procurement Policy Reporting Solution and therefore whether the ‘other’ category is still justified and required;
  3. when implementing recommendation 1, provide additional guidance to Australian Government entities on the use of exemption categories, which includes information on when it is appropriate to classify a contract as an ‘exemption’, and when it is appropriate and inappropriate to use the exemption category of ‘other’; and
  4. implement a risk-based assurance process to ensure that reported exemptions or exclusions are legitimate.

National Indigenous Australians Agency response: Agreed to parts a–c, Not agreed to part d.

Recommendation no. 5

Paragraph 4.7

The National Indigenous Australians Agency and Department of Employment and Workplace Relations update internal procurement guidance to better support procuring officers undertaking major procurements that trigger the mandatory minimum requirements to comply with required steps in the procurement process.

National Indigenous Australians Agency response: Agreed.

Department of Employment and Workplace Relations response: Agreed.

Recommendation no. 6

Paragraph 4.16

Department of Home Affairs strengthen controls to ensure compliance with the mandatory minimum requirements at the approach to market, tender evaluation and contract management phases of major procurements.

Department of Home Affairs response: Agreed.

Recommendation no. 7

Paragraph 4.24

The National Indigenous Australians Agency; Department of Employment and Workplace Relations; and Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts establish, strengthen or update guidance to ensure contract managers and contractors appropriately use the Indigenous Procurement Policy Reporting Solution for mandatory minimum requirements reporting.

National Indigenous Australians Agency response: Agreed.

Department of Employment and Workplace Relations response: Agreed.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts response: Agreed.

Recommendation no. 8

Paragraph 4.53

All audited entities meet their responsibility under the Indigenous Procurement Policy to establish or strengthen processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

National Indigenous Australians Agency response: Agreed.

Department of Defence response: Agreed.

Department of Education response: Agreed.

Department of Employment and Workplace Relations response: Agreed.

Department of Home Affairs response: Agreed.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts response: Agreed.

Summary of entity responses

21. Extracts of the proposed audit report were provided to the NIAA, Defence, Education, DEWR, Home Affairs and Infrastructure. Entities’ summary responses are provided below. Entities’ full responses are provided at Appendix 1.

National Indigenous Australians Agency

The National Indigenous Australians Agency (NIAA) welcomes the findings of the audit.

The primary purpose of the Indigenous Procurement Policy (IPP) is to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy. The Mandatory Minimum Requirements (MMR) are a key component of this policy.

Prior to the implementation of the policy in 2015, Indigenous businesses secured limited business from Commonwealth procurement. The policy has significantly increased the rate of purchasing from Indigenous businesses.

The NIAA is proud to take the lead on behalf of the Commonwealth in providing advice on how to best meet the requirements of the IPP. The NIAA provides advice to Commonwealth entities through its many publications and its dedicated IPP team. Within the resources available, the NIAA has also invested in providing ICT tools and support to assist Commonwealth entities with their responsibility to ensure accurate reporting on targets and MMRs.

As with all other elements of the Commonwealth Procurement Rules, it is the responsibility of each Commonwealth entity to meet the obligations of the IPP. The NIAA welcomes the ANAO’s recommendations on how it can improve the advice it provides to entities to meet their obligations.

Department of Defence

Defence welcomes the ANAO Audit Report assessing whether selected entities effectively implemented the agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.

Defence agrees to the recommendation directed at all audited entities to establish or strengthen processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with the mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

As the Commonwealth’s largest procurer, Defence is proud of its significant commitment towards supporting the long-term growth and sustainability of the Indigenous business sector, and will continue working with the National Indigenous Australians Agency to improve the monitoring and reporting of the MMR targets.

Department of Education

The Department of Education welcomes this report. The report recognises the significant efforts the department has made to implement changes recommended by the ANAO’s performance audit of February 2020, however the department acknowledges the need to continue its efforts to strengthen its processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

Education is already making progress towards meeting the report’s recommendation, including working with contract managers to ensure that assurance activities are performed more consistently, and that contract managers regularly review and verify contractor reports. Education will continue to engage with departmental contract managers to ensure that MMR contracts are actioned in the IPPRS within the audit’s recommended timeframes.

Education notes the audit’s broader messages to all entities on the importance of strengthening procurement processes to ensure tenderers’ Indigenous Participation Plans are assessed and that assessments are appropriately documented. Education has added additional information to its intranet guidance on the process required when evaluating tender responses for MMR contracts, and its guides on approaching the market and evaluating and selecting suppliers. In addition, Education has updated its Evaluation Plan templates to include MMR requirements as part of the evaluation process, where applicable.

Education are regular participants in the Commonwealth Procurement and Contract Management Community of Practice and participate in networking opportunities across the Australian Public Service, including informal knowledge sharing across entities.

Department of Employment and Workplace Relations

The Department of Employment and Workplace Relations (DEWR) acknowledges the Australian National Audit Office’s (ANAO) report detailing the outcomes of the follow up audit of Targets for minimum Indigenous employment or supply use in major Australian Government procurements.

DEWR is committed to delivering compliant procurement processes that deliver the expected business outcomes. This includes ensuring compliance with the Indigenous Procurement Policy and that our high value (as defined by the Indigenous Procurement Policy) contracts are properly managed and reported on. Starting from a low maturity level, we have been on a continuous journey of improvement since the Department’s creation in July 2022 (following a Machinery of Government change). We acknowledge and accept the ANAO’s findings and commit to implementing their recommendations as part of our broader procurement maturity program of work.

Department of Home Affairs

The Department of Home Affairs is committed to the implementation of the Government’s policy objective to drive growth in Aboriginal and Torres Strait Islander businesses and employment.

The Department agrees with the two recommendations made by the Auditor-General aimed at improving the Department’s compliance with mandatory minimum requirements (MMR) of the Indigenous Procurement Policy throughout the procurement and contract management phases, and will strengthen its processes, guidance, reporting and assurance activities to achieve this.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts

The department supports the policy objectives of the Indigenous Procurement Policy and the achievement of the Mandatory Minimum Requirements (MMR) as a key element of the IPP. This follow up audit, which examined all five of the department’s procurements that triggered the MMR, has highlighted the need for further improvement in aspects of the department’s arrangements for meeting the MMR. The department is committed to making the necessary improvements to its processes.

Key messages from this audit for all Australian Government entities

22. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Policy implementation

Key learning reference
  • The policy owner of a whole-of-government policy is responsible for the stewardship of that policy. As part of their stewardship role, the policy owner should actively monitor the implementation of the policy and whether the policy is effective in achieving its stated purpose and outcomes. This includes understanding entities’ implementation of the policy; monitoring the appropriateness of exemptions from the policy; working with entities to address implementation issues and instances of non-compliance; and evaluating the long-term impacts of the policy.
  • All Australian Public Service employees are stewards. To support implementation of whole-of-government policies, Australian Government officials should work with each other across agencies to share knowledge, learn about good practice and innovate.
Group title

Procurement

Key learning reference
  • Under the Commonwealth Procurement Rules, compliance with procurement-connected policies is mandatory for non-corporate Commonwealth entities and prescribed corporate Commonwealth entities. Central procurement areas can support compliance by: actively promoting awareness of policy requirements; ensuring that procurement templates are up to date; and providing training and operational support to procuring officers and contract managers.
  • The requirement for entities and contractors to comply with the Indigenous Procurement Policy and other procurement-connected policies continues to apply through machinery-of-government changes. Entities undergoing a machinery-of-government change should plan appropriately and maintain appropriate records to ensure that policy requirements continue to be met.
Group title

Governance and risk management

Key learning reference
  • Auditor-General reports and recommendations seek to address risks to the successful delivery of government outcomes. To ensure risks are appropriately managed, entities should close agreed recommendations based on robust evidence that the intent of the recommendation has been met.
Type: Financial statement audit
Report number: 39 of 2024-25
Portfolios: Across Entities
Entities: Across Entities
Date tabled/scheduled:
Audit Summary : show
Type: Performance audit
Report number: 35 of 2024-25
Portfolios: Home Affairs
Entities: National Emergency Management Agency
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. Established by the Disaster Ready Fund Act 2019, the Disaster Ready Fund (DRF) is described by the Australian Government as its flagship disaster resilience and risk reduction initiative. To be eligible for funding, projects must fall under one of two eligible streams: infrastructure project or systemic risk reduction project.1

2. The National Emergency Management Agency (NEMA) is responsible for administration of the DRF. While anyone can develop a DRF proposal (an ‘applicant’), only state and territory governments are eligible to submit projects to NEMA for potential funding through the ‘lead agency’ in that state or territory. Lead agencies were responsible for coordinating, reviewing, evaluating and submitting applications to NEMA on behalf of project proponents. Lead agencies could also develop project proposals. In addition, payments for projects awarded funding were made by NEMA to the relevant state and territory lead agency, including where the project proponent was not a state or territory entity. The choice to conduct the DRF funding rounds in this way meant that the DRF was not subject to the Commonwealth Grants Rules and Principles and required that the cost of administering the DRF be shared between NEMA and the state and territory lead agencies.

3. NEMA was responsible for conducting an initial eligibility review of applications received from the state and territory lead agencies. Eligible projects were then referred to the DRF Assessment Panel (chaired by NEMA). The panel was to assess applications individually against the published selection criteria, rank proposals and make funding recommendations to the Minister for Emergency Management (the minister) through NEMA’s Coordinator-General.

4. Up to $1 billion in DRF funding has been announced as available over five years from 1 July 2023 to 30 June 2028 to fund projects. As of January 2025, two funding rounds have been conducted and a third is underway.

Rationale for undertaking the audit

5. The $1 billion DRF is described by the Australian Government as its flagship disaster resilience and risk reduction initiative. This performance audit was conducted to provide assurance to the Parliament about whether the award of DRF funding is effective and consistent with the published guidelines.

Audit objective and criteria

6. The objective of this audit was to assess whether the award of funding under the DRF was effective and consistent with the published guidelines.

7. To form a conclusion against the objective, the following high-level criteria were applied:

  • Were appropriate guidelines in place?
  • Was an appropriate approach taken to assessing candidate projects?
  • Were funding decisions appropriately informed and documented?

8. The audit examined the awarding of funding under the DRF across the first two rounds. For the first criterion, the ANAO planned to also examine the development of the Round 3 guidelines. As those guidelines were not finalised and published until 22 January 2025 the ANAO analysis against the first criterion (as set out in Chapter 2) relates to the first two rounds only, so as to meet tabling commitments to the Parliament.

Conclusion

9. The award of funding under the Disaster Ready Fund was largely effective. Across the first two rounds, $402.15 million in funding was awarded to 362 projects with projects in the systemic risk reduction stream receiving the most funding (ahead of those in the infrastructure stream or those that applied under both streams). The aggregate scores against the three published criteria were a key factor used to decide which applications would be recommended for funding, an approach that is consistent with awarding funding on merit. Improvements to program design and, in particular, strengthened assessment arrangements, would provide greater confidence that the approved projects are those that will make the greatest contribution to the Fund achieving its objectives.

10. Funding guidelines for the first two rounds were in place. The publication of the guidelines was not timely. The guidelines were largely appropriate. The guidelines:

  • outlined the way in which funding candidates would be identified;
  • set out relevant and appropriate eligibility requirements and appraisal criteria;
  • set out how applications would be scored and how the scoring results would be used, albeit with some relevant information about assessment processes not being published;
  • identified some, not all, assessment and decision-making responsibilities; and
  • identified assessment and decision-making responsibilities in relation to applications assessed as ineligible. The guidelines lack clarity in relation to assessment and decision-making responsibilities for aspects of eligibility checking, and in relation to the co-funding requirements.

11. The approach taken to assessing candidate projects was partly appropriate. The assessment and scoring of applications against the three published selection criteria were the primary input into the ranking of applications and identification of which projects would be recommended for funding. The approach to assessment meant that:

  • the processes by which members of the assessment panel are appointed were not open, and the membership was not disclosed in the published guidelines;
  • conflicts of interests for those involved in the assessment processes were not consistently identified, declared and managed;
  • requests for waivers to the applicant co-contribution requirement were not assessed and decided prior to those applications proceeding to merit assessment; and
  • the full panel did not undertake a detailed merit assessment of all applications with adjustments to total scores made during panel meetings not identifying which criteria were affected.

12. Funding decisions were appropriately informed and documented through written briefings. In each round, a clear recommendation was provided to the minister as to which applications should, on the basis of the panel’s assessment report, be approved for funding. The minister agreed with the recommendations received.

Supporting findings

Program guidelines

13. Guidelines for the first two rounds were developed, approved and published. There were two key shortcomings in NEMA’s approach:

  • in both rounds, changes were made to the guidelines after they had been provided to NEMA’s probity adviser for sign-off, and also after the guidelines had been approved by the minister, without NEMA obtaining updated probity sign-off or ministerial approval of the changes; and
  • publication was not timely. For the first round, one jurisdiction had opened its application process by the time the guidelines were released. For the second round, one jurisdiction had opened and closed its application process by the time the guidelines were released. The guidelines for the third round were publicly released on 22 January 2025. (See paragraphs 2.3 to 2.18)

14. The guidelines clearly outlined that a closed competitive application process was being employed. This included identifying the key role to be played by state and territory lead agencies to coordinate proposals in each jurisdiction, and for submitting applications to NEMA on behalf of the jurisdiction. It was up to lead agencies to decide how they would seek and coordinate proposals. For the first round, some jurisdictions released guidance and opened public submission and participation processes prior to the release of the DRF guidelines. For the second round, one jurisdiction had opened and closed its application process by the time the guidelines were released. Ministers had decided that NEMA should use the Business Grants Hub in the second round. NEMA procured an off-the-shelf commercial product for that round. (See paragraphs 2.19 to 2.22)

15. Relevant and appropriate eligibility requirements and appraisal criteria were established. (See paragraphs 2.23 to 2.29)

16. The guidelines set out how applications would be scored and how the scoring results would be used. NEMA also developed internal assessment framework documents for each round. There were some differences and/or additions between the internal documents and the published guidelines. (See paragraphs 2.30 to 2.31)

17. The program guidelines did not fully identify assessment and decision-making responsibilities for each round. (See paragraphs 2.33 to 2.36)

18. An evaluation strategy was developed in March 2024, which was after the first round had been completed and after the application stage for the second round had been undertaken. No evaluations are planned until at least 2026. (See paragraphs 2.37 to 2.41)

Assessment of candidate projects

19. Of the 44 applications in the first two rounds assessed as ineligible, 18 (41 per cent) were removed from consideration. The remaining 26 applications assessed as ineligible proceeded to the panel assessment stage, with one removed after the panel identified it as ineligible. (See paragraphs 3.1 to 3.6)

20. Appointments to the DRF Assessment Panel were not open or transparent. (See paragraphs 3.7 to 3.14)

21. Probity advice in the first round was compromised by the ongoing contracting by NEMA of the same firm to also provide advice on the design and conduct of the first two DRF funding rounds. NEMA did not take steps to ensure it was fully aware of, nor did it seek to manage, the potential impact and risk of this arrangement adversely affecting the independence of the probity adviser. (See paragraphs 3.17 to 3.26)

22. Internal NEMA processes for managing conflicts of interest centred around briefing participants on their probity requirements, collating conflict of interest declarations, and reliance on participants to update NEMA if information became available that required the individual to update their declaration. There was no active monitoring and management of potential or actual conflicts of interest beyond those declared by individuals. The conflict of interest registers for the first and second rounds were incomplete and inaccurate. The conflict of interest declarations required by the probity framework were not provided by a number of people in each round including from the Coordinator-General of NEMA in both rounds, the Deputy Coordinator-General in the second round and the lead probity adviser in the first round. There was no register of completed probity briefings. (See paragraphs 3.27 to 3.44)

23. The three appraisal criteria identified in the guidelines for the first two funding rounds were applied to assess the merit of competing candidate projects. The approach to assessment was not fully set out in the published guidelines, as it was not identified that a subset of the panel (four of six panellists in the first round, and three of 12 panellists in the second round) would undertake preliminary assessments of individual applications applying the individual criteria. The resulting average score for each application was provided to the full panel to consider individual applications against the merit criteria on an exception basis. There were shortcomings in the application of the documented assessment framework which meant that not all applications identified as achieving a ‘competitive’ preliminary assessment score were provided to the panel for full consideration. There were also gaps in the minutes of the panel meetings, with no record of decisions or discussion by the panel for 113 applications. Where there were records, it was common for the records to not explain score changes with relevance to the appraisal criteria, or explain the equity or diversity reasons for adjustments. (See paragraphs 3.45 to 3.71)

24. There were inconsistencies and anomalies in the assessment and decision-making in relation to requests from applicants for a waiver of the requirement that they provide a co-contribution of at least 50 per cent of eligible project expenditure. In the first round, the Program Delegate sought advice from the assessment panel, and waiver decisions reflected the panel advice. In the second round, no recommendations from the panel were recorded for 24 of the 60 requests for waivers. Of the 89 requests for a full or partial waiver received across the two rounds 80 were assessed, with 44 of the requests granted. The projects approved for DRF funding included 20 where a full or partial wavier was granted. (See paragraphs 3.73 to 3.84)

25. Applications were placed into three lists, a recommended for funding list, a suitable (but not recommended) list, and a list of not suitable projects. Projects were ranked within those lists. This approach was consistent with the requirement in the program guidelines that projects be ranked after they had been assessed against the three published selection criteria. (See paragraphs 3.85 to 3.100)

Funding decisions

26. Timely and clear funding recommendations were provided in writing each round to a delegate of the Coordinator-General. The recommendation was to endorse (in the first round) and approve (in the second round) the recommendations of the panel as set out in its assessment report. (See paragraphs 4.2 to 4.9).

27. Timely and clear funding recommendations were provided to the minister in each of the first two rounds. The recommendations reflected the results of the assessment process, as recorded by the panel in its assessment report for each round (the guidelines required that the recommendations be based on advice from the panel). (See paragraphs 4.10 to 4.17)

28. The minister recorded agreement in full to the funding recommendations in each round. The minister recorded the basis for the funding decision in the format provided by NEMA, referencing the Disaster Ready Fund Act 2019, and confirmed satisfaction that the expenditure was a ‘proper use of money’ in each round (the test set out in the PGPA Act). (See paragraphs 4.19 to 4.24)

29. Distribution of the award of funding in each round was commensurate with scale of applications from each jurisdiction, and the intent of the guidelines to support jurisdictions to achieve baseline funding thresholds. There was no evidence of political factors influencing the distribution of funding. (See paragraphs 4.25 to 4.32)

Recommendations

Recommendation no. 1

Paragraph 2.17

The National Emergency Management Agency, when obtaining probity review of funding guidelines:

  1. identify in its tasking of the probity adviser the points in the process at which probity sign-off will be required and the framework(s) to be considered when providing those sign-offs;
  2. ensure the probity review considers all substantive changes made to the guidelines; and
  3. provide clear and accurate advice to the decision-maker on whether the version of the draft guidelines being considered for approval has been the subject of probity review.

National Emergency Management Agency response: Agreed

Recommendation no. 2

Paragraph 2.34

The National Emergency Management Agency improve the funding guidelines for the Disaster Ready Fund by:

  1. ensuring consistency with its internal assessment framework, including by addressing in the published guidelines all key assessment and decision-making processes; and
  2. clearly identifying responsibility for each step in the assessment and decision-making processes.

National Emergency Management Agency response: Agreed in part

Recommendation no. 3

Paragraph 3.13

The National Emergency Management Agency:

  1. develop a strategy for the processes to appoint members of the Disaster Ready Fund assessment panel including appropriate procurement processes for members that are to be contracted for their expertise; and
  2. disclose the membership of the panel in the guidelines for each funding round.

National Emergency Management Agency response: Agreed in part

Recommendation no. 4

Paragraph 3.42

The National Emergency Management Agency strengthen the identification and management of conflicts of interest for the Disaster Ready Fund.

National Emergency Management Agency response: Agreed in part

Recommendation no. 5

Paragraph 3.70

The National Emergency Management Agency:

  1. include in the published guidelines for rounds of the Disaster Ready Fund information about the conduct of preliminary assessments and scoring of individual applications prior to the panel meetings; and
  2. address in its documented assessment framework the process that will be employed to decide which applications will be assigned to individual panel members for preliminary assessment and scoring.

National Emergency Management Agency response: Agreed

Recommendation no. 6

Paragraph 3.83

The National Emergency Management Agency improve the design and administration of future funding rounds of the Disaster Ready Fund by requiring that, where permitted, requests or co-contribution waivers be considered in advance of the merit assessment stage, with only those applications approved for a waiver being provided to the panel for merit assessment.

National Emergency Management Agency response: Noted

Summary of entity response

30. The proposed audit report was provided to NEMA. Extracts of the proposed report were also provided to: Maddocks, Australian Government Actuary, Natural Hazards Research Australia, Dr Mark Crosweller and Dr Jessica Weir. The letters of response that were received for inclusion in the audit report are at Appendix 1. Summary response from NEMA is below.

National Emergency Management Agency

The National Emergency Management Agency (NEMA) welcomes the audit and is committed to strengthening its delivery of the Disaster Ready Fund (DRF) in accordance with legislative requirements, government policies and better practice.

In awarding funds for over 350 projects, valued at $400 million, the first and second rounds of the DRF have supported communities across Australia to reduce disaster risk and build resilience. NEMA welcomes the overall conclusions of the audit the award of funds was largely effective, funding guidelines were largely appropriate and funding decisions were appropriately informed and documented.

NEMA notes six recommendations have been made to improve aspects of program delivery. Of these, NEMA agrees with Recommendations one and five, agrees in part with Recommendations two, three and four and notes Recommendation six.

NEMA also notes various findings throughout the report, several of which are premised on different interpretations of requirements and weightings of principles to those applied by NEMA. While NEMA acknowledges the ANAO’s views and will consider these in designing future rounds, NEMA disagrees with some findings and maintains its approach was consistent with a pragmatic interpretation of guideline requirements and struck an appropriate balance between better practice principles.

Key messages from this audit for all Australian Government entities

31. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Governance and risk management

Key learning reference
  • Probity review and sign-off should be planned for and incorporated into processes, with review to incorporate all significant changes, and decision-makers accurately informed about what the probity review and any sign-off relates to (including which iteration of guidelines the sign-off is specific to).
  • Transcribing meetings of assessment panels provides a comprehensive record of key inputs to decision-making. It is consistent with accountability and transparency principles of the Commonwealth Grants Rules and Principles, and represents better practise in grants administration. The benefits of transcriptions to entities include: streamlining record keeping; supporting entities to demonstrate the basis for funding recommendations and decisions; and supporting the provision of feedback to unsuccessful applicants (the Commonwealth Grants Rules and Principles outline that feedback promotes transparency in decision-making and improves the capacity of potential grantees to apply for future grant activities).
Group title

Program design and implementation

Key learning reference
  • When assessment is conducted by individuals or parties outside of the decision-makers listed in the guidelines, entities should promote transparency by clearly identifying who is undertaking the assessment and participating in making recommendations to decision-makers.
Group title

Procurement

Key learning reference
  • Sufficient and appropriate records must be maintained at all stages of a procurement, including obtaining contracts for all engagements. Not maintaining adequate records impacts the entity’s ability to understand and manage contracts entered into. Record keeping is the responsibility of every public servant and is required by law.
Type: Performance statements audit
Report number: 25 of 2024-25
Portfolios: Across entities
Entities: Across entities
Date tabled/scheduled:
Audit Summary : show

Executive summary

1. Performance information is important for public sector accountability and transparency as it shows how taxpayers’ money has been spent and what this spending has achieved. The development and use of performance information is integral to an entity’s strategic planning, budgeting, monitoring and evaluation processes.

2. Annual performance statements are expected to present a clear, balanced and meaningful account of how well an entity has performed against the expectations it set out in its corporate plan. They are an important way of showing the Parliament and the public how effectively Commonwealth entities have used public resources to achieve desired outcomes.

The needs of the Parliament

3. Section 5 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out the objects of the Act, which include requiring Commonwealth entities to provide meaningful performance information to the Parliament and the public. The Replacement Explanatory Memorandum to the PGPA Bill 2013 stated that ‘The Parliament needs performance information that shows it how Commonwealth entities are performing.’1 The PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) outline requirements for the quality of performance information, and for performance monitoring, evaluation and reporting.

4. The Parliament’s Joint Committee of Public Accounts and Audit (JCPAA) has a particular focus on improving the reporting of performance by entities. In September 2023, the JCPAA tabled its Report 499, Inquiry into the Annual Performance Statements 2021–22, stating:

As the old saying goes, ‘what is measured matters’, and how agencies assess and report on their performance impacts quite directly on what they value and do for the public. Performance reporting is also a key requirement of government entities to provide transparency and accountability to Parliament and the public.2

5. Without effective performance reporting, there is a risk that trust and confidence in government could be lost (see paragraphs 1.3 to 1.6).

Entities need meaningful performance information

6. Having access to performance information enables entities to understand what is working and what needs improvement, to make evidence-based decisions and promote better use of public resources. Meaningful performance information and reporting is essential to good management and the effective stewardship of public resources.

7. It is in the public interest for an entity to provide appropriate and meaningful information on the actual results it achieved and the impact of the programs and services it has delivered. Ultimately, performance information helps a Commonwealth entity to demonstrate accountability and transparency for its performance and achievements against its purposes and intended results (see paragraphs 1.7 to 1.13).

The 2023–24 performance statements audit program

8. In 2023–24, the ANAO conducted audits of annual performance statements of 14 Commonwealth entities. This is an increase from 10 entities audited in 2022–23.

9. Commonwealth entities continue to improve their strategic planning and performance reporting. There was general improvement across each of the five categories the ANAO considers when assessing the performance reporting maturity of entities: leadership and culture; governance; reporting and records; data and systems; and capability.

10. The ANAO’s performance statements audit program demonstrates that mandatory annual performance statements audits encourage entities to invest in the processes, systems and capability needed to develop, monitor and report high quality performance information (see paragraphs 1.18 to 1.27).

Audit conclusions and additional matters

11. Overall, the results from the 2023–24 performance statements audits are mixed. Nine of the 14 auditees received an auditor’s report with an unmodified conclusion.3 Five received a modified audit conclusion identifying material areas where users could not rely on the performance statements, but the effect was not pervasive to the performance statements as a whole.

12. The two broad reasons behind the modified audit conclusions were:

  • completeness of performance information — the performance statements were not complete and did not present a full, balanced and accurate picture of the entity’s performance as important information had been omitted; and
  • insufficient evidence — the ANAO was unable to obtain enough appropriate evidence to form a reasonable basis for the audit conclusion on the entity’s performance statements.

13. Where appropriate, an auditor’s report may separately include an Emphasis of Matter paragraph. An Emphasis of Matter paragraph draws a reader’s attention to a matter in the performance statements that, in the auditor’s judgement, is important for readers to consider when interpreting the performance statements. Eight of the 14 auditees received an auditor’s report containing an Emphasis of Matter paragraph. An Emphasis of Matter paragraph does not modify the auditor’s conclusion (see Appendix 1).

Audit findings

14. A total of 66 findings were reported to entities at the end of the final phase of the 2023–24 performance statements audits. These comprised 23 significant, 23 moderate and 20 minor findings.

15. The significant and moderate findings fall under five themes:

  • Accuracy and reliability — entities could not provide appropriate evidence that the reported information is reliable, accurate and free from bias.
  • Usefulness — performance measures were not relevant, clear, reliable or aligned to the entity’s purposes or key activities. Consequently, they may not present meaningful insights into the entity’s performance or form a basis to support entity decision making.
  • Preparation — entity preparation processes and practices for performance statements were not effective, including timeliness, record keeping and availability of supporting documentation.
  • Completeness — performance statements did not present a full, balanced and accurate picture of the entity’s performance, including all relevant data and contextual information.
  • Data — inadequate assurance over the completeness, integrity and accuracy of data, reflecting a lack of controls over how data is managed across the data lifecycle, from data collection through to reporting.

16. These themes are generated from the ANAO’s analysis of the 2023–24 audit findings, and no theme is necessarily more significant than another (see paragraphs 2.12 to 2.17).

Measuring and assessing performance

17. The PGPA Rule requires entities to specify targets for each performance measure where it is reasonably practicable to set a target.4 Clear, measurable targets make it easier to track progress towards expected results and provide a benchmark for measuring and assessing performance.

18. Overall, the 14 entities audited in 2023–24 reported against 385 performance targets in their annual performance statements. Entities reported that 237 targets were achieved/met5, 24 were substantially achieved/met, 24 were partially achieved/met and 82 were not achieved/met.6 Eighteen performance targets had no definitive result.7

19. Assessing entity performance involves more than simply reporting how many performance targets were achieved. An entity’s performance analysis and narrative is important to properly inform stakeholder conclusions about the entity’s performance (see paragraphs 2.37 to 2.44).

Connection to broader government policy initiatives

20. Performance statements audits touch many government policies and frameworks designed to enhance government efficiency, effectiveness and impact, and strengthen accountability and transparency. This is consistent with the drive to improve coherence across the Commonwealth Government’s legislative and policy frameworks that led to the PGPA Act being established.8 The relationship between performance statements audits and existing government policies and frameworks is illustrated in Figure S.1.

Figure S.1. Relationship of performance statements audits to government policies and frameworks

Figure S.1: Relationship of performance statements audits to government policies and frameworks

Source: ANAO analysis.

The future direction of annual performance statements audits

21. Public expectations and attitudes about public services are changing.9 Citizens not only want to be informed, but also to have a say between elections about choices affecting their community10 and be involved in the decision-making process, characterised by, among other things, citizen-centric and place-based approaches that involve citizens and communities in policy design and implementation.11 There is increasing pressure on Commonwealth entities from the Parliament and citizens demanding more responsible and accountable spending of public revenues and improved transparency in the reporting of results and outcomes.

22. A specific challenge for the ANAO is to ensure that performance statements audits influence entities to embrace performance reporting and shift away from a compliance approach with a focus on complying with minimum reporting requirements or meeting the minimum standard they think will satisfy the auditor.12 A compliance approach misses the opportunity to use performance information to learn from experience and improve the delivery of government policies, programs and services.

23. Performance statements audits reflect that for many entities there is not a clear link between internal business plans and the entity’s corporate plan. There can be a misalignment between the information used for day-to-day management and governance of an entity and performance information presented in annual performance statements. Periodic monitoring of performance measures is also not an embedded practice in all Commonwealth entities. These observations indicate that some entities are reporting measures in their performance statements that may not represent the highest value metrics for running the business or for measuring and assessing the entity’s performance (see paragraphs 4.32 to 4.35).

Developments in the ANAO’s audit approach

24. Working with audited entities, the ANAO has progressively sought to strengthen sector understanding of the Commonwealth Performance Framework. This includes a focus on helping entities to apply general principles and guidance to their own circumstances and how entities can make incremental improvements to their performance reporting over time. For example:

  • in 2021–22, the ANAO gave prominence to ensuring entities understood and complied with the technical requirements of the PGPA Act and the PGPA Rule;
  • in 2022–23, there was an increased focus on supporting entities to establish materiality policies that help determine which performance information is significant enough to be reported in performance statements and to develop entity-wide performance frameworks; and
  • in 2023–24, there was an increased focus on assessing the completeness of entity purposes, key activities and performance measures and whether the performance statements present fairly the performance of the entity (see paragraphs 4.36 to 4.38).

Appropriate and meaningful

25. For annual performance statements to achieve the objects of the PGPA Act, they must present performance information that is appropriate (accountable, reliable and aligned with an entity’s purposes and key activities) and meaningful (providing useful insights and analysis of results). They also need to be accessible (readily available and understandable).

26. For the 2024–25 audit program and beyond, the ANAO will continue to encourage Commonwealth entities to not only focus on technical matters (like selecting measures of output, efficiency and effectiveness and presenting numbers and data), but on how to best tell their performance story. This could include analysis and narrative in annual performance statements that explains the ‘why’ and ‘how’ behind the reported results and providing future plans and initiatives aligned to meeting expectations set out in the corporate plan.13

27. It is difficult to demonstrate effective stewardship of public resources without good performance information and reporting. Appropriate and meaningful performance information can show that the entity is thinking beyond the short-term. It can show that the entity is committed to long-term responsible use and management of public resources and effectively achieving results to create long lasting impacts for citizens (see paragraphs 4.39 to 4.45).

Linking financial and performance information

28. The ‘Independent Review into the operation of the PGPA Act’14 noted that there would be merit in better linking performance and financial results, so that there is a clear line of sight between an entity’s strategies and performance and its financial results.15

29. Improving links between financial and non-financial performance information is necessary for measuring and assessing public sector productivity. As a minimum, entities need to understand both the efficiency and effectiveness of how taxpayers’ funds are used if they are to deliver sustainable, value-for-money programs and services. There is currently limited reporting by entities of efficiency (inputs over outputs) and even less reporting of both efficiency and effectiveness for individual key activities.

30. Where entities can demonstrate that more is produced to the same or better quality using fewer resources, this reflects improved productivity.

31. The ANAO will seek to work with the Department of Finance and entities to identify opportunities for annual performance statements to better link information on entity strategies and performance to their financial results (see paragraphs 4.46 to 4.51).

Cross entity measures and reporting

32. ANAO audits are yet to see the systemic development of cross-sector performance measures as indicators where it has been recognised that organisational performance is partly reliant on the actions of other agencies. Although there are some emerging better practices16, the ANAO’s findings reveal that integrated reporting on cross-cutting initiatives and linked programs could provide Parliament, government and the public with a clearer, more unified view of performance on key government priorities such as:

  • Closing the Gap;
  • women’s safety;
  • housing;
  • whole-of-government national security initiatives; and
  • cybersecurity.

33. Noting the interdependence, common objectives and shared responsibility across multiple government programs, there is an opportunity for Commonwealth entities to make appropriate reference to the remit and reporting of outcomes by other entities in annual performance statements. This may enable the Parliament, the government and the public to understand how the work of the reporting entity complements the work done by other parts of government.17

34. As the performance statements audit program continues to broaden in coverage, there will be opportunities for the ANAO to consider the merit of a common approach to measuring performance across entities with broadly similar functions, such as providing policy advice, processing claims or undertaking compliance and regulatory functions. A common basis for assessing these functions may enable the Parliament, the government and the public to compare entities’ results and consider which approaches are working more effectively and why (see paragraphs 4.52 to 4.56).

Type: Performance audit
Report number: 24 of 2024-25
Portfolios: Attorney-General's
Entities: Australian Human Rights Commission
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. The Australian Human Rights Commission (AHRC or the Commission) was established in December 1986 by the Australian Human Rights Commission Act 1986 (AHRC Act). The AHRC is a corporate Commonwealth entity under the Public Governance, Performance and Accountability Act 2013.

2. The Commission’s key goal related to complaint handling set out in its Corporate Plan is ‘improving enjoyment of human rights by all, supporting access to justice and remedies for people and communities whose rights are breached.’1

3. AHRC’s Investigation and Conciliation service (ICS) is responsible for delivery of complaint investigation and conciliation. ICS also operates two information services (the National Information Service and Respect@Work National Information Service) to provide information about AHRC’s complaint handling function and respond to enquiries from the general public.

Rationale for undertaking the audit

4. AHRC is Australia’s national human rights institution. The handling of complaints is central to its purpose, which is to ensure that Australians have access to effective, independent complaints handling and public inquiry processes on human rights and discrimination matters, and benefit from human rights education, advocacy, monitoring and compliance activities. The AHRC has reported that, in 2023–24, it received 2,708 complaints. This performance audit was conducted to provide independent assurance to the Parliament that AHRC’s handling of complaints is efficient and effective.

Audit objective and criteria

5. The objective of this audit was to assess the efficiency and effectiveness of AHRC’s handling of complaints.

6. To form a conclusion against the audit objective, the following high-level criteria were adopted:

  • Are AHRC’s complaint handling arrangements designed in a way to support the effective management of complaints?
  • Is AHRC’s handling of complaints efficient?
  • Is AHRC’s handling of complaints effective?

Conclusion

7. The AHRC’s handling of complaints is partly efficient and partly effective.

8. The AHRC has designed its complaint handling arrangements to support effective management of complaints with two exceptions. The two key shortcomings relate to it not having conducted a recent procurement for, or having a contract in place for, an information technology system to assist with the management of complaints, and not having developed a formal approach to obtaining assurance over the handling of individual complaints.

9. The timeliness of complaints handling has been declining, with the Commission not meeting its performance indicator (consistent with its enabling legislation) to finalise 85 per cent of complaints within 12 months in 2023–24. A significant backlog has developed and, although the backlog has stabilised, it remains high. Resource efficiency improved over the four years up to and including 2021–22, a trend that did not continue in 2022–23 and 2023–24.

10. A lower proportion of complaints are being conciliated by the Commission, with the Commission not meeting its related performance indicator for the last three years. A greater proportion of complaints are being terminated or discontinued. Data on complainant and respondent satisfaction with the AHRC’s complaint handling is not reliable.

Supporting findings

Complaint handling arrangements

11. Complaints mechanisms and processes are clear and accessible. (See paragraphs 2.2 to 2.13)

12. Suitable systems and processes are, in most respects, in place for complaints handling. From a random sample of 137 complaints examined by the ANAO, no systemic deviations from legislation or existing procedural guidance were identified. The main shortcomings relate to the AHRC not having appropriate contractual arrangements in place for its electronic complaints management system and the absence of a formalised quality assurance process. Since 2021, multiple reviews initiated at the request of the Australian Government to achieve savings have recommended changes to the complaints management system to improve operational efficiency. The recommended changes have not been made. (See paragraphs 2.14 to 2.52)

Complaint handling efficiency

13. AHRC has implemented systems and processes to capture input and output data which can be used to calculate basic measures of efficiency. There are issues with the reliability of complaints data that adversely affects the Commission’s management of complaints handling and its performance reporting. (See paragraphs 3.2 to 3.15)

14. Complaints handling by AHRC is not timely.

  • A significant backlog in complaints developed between the first quarter of 2019–20 and quarter 3 2021–22. With fewer complaints received in 2023–24 and some additional resources, the backlog has stabilised. It remains around double what it was prior to 2019–20.
  • The proportion of complaints being finalised within 12 months (one of AHRC’s performance measures, consistent with the Commission’s enabling legislation) has been declining, with AHRC not achieving its target for 2023–24. Further, this performance measure is not focused on measuring performance from the perspective of parties to the complaint.
  • Complaints identified as a priority by the AHRC are typically finalised more quickly than those not prioritised. Notwithstanding this, the duration of both standard and priority complaints has increased.
  • Complaint handling delays are primarily a result of delays in an accepted complaint being allocated to a case officer (rather than delays in the first stage, between complaint receipt and acceptance, or in the final stage, progressing the complaint to finalisation). The increasing time taken to allocate matters to case officers has coincided with a decrease in the number of complaints conciliated and increase in the number of discontinued complaints. (See paragraphs 3.16 to 3.41)

15. AHRC has not established a target and does not measure the resource efficiency of its Investigation and Conciliation service. The efficiency of the Investigation and Conciliation service, measured both in terms of the direct cost per finalised complaint and ratio of complaints finalised per staff member, improved over the four years up to and including 2021–22. That trend did not continue in 2022–23 and 2023–24 as a result of fewer complaints being finalised and, for 2023–24, some additional resources being provided to stabilise the backlog in complaints.

16. AHRC has not prioritised resourcing ICS in line with demand for its complaints handling services. AHRC has not developed an activity-based costing model to demonstrate the effect of the demand driven complaints workload or inform its internal allocation of resources despite an earlier recommendation from consultants in August 2021. (See paragraphs 3.42 to 3.60)

Complaint handling effectiveness

17. It has become less likely for complaints to be conciliated and more likely for complaints to be discontinued, terminated or declined by the AHRC.

  • An increasing number of complaints have been assessed as suitable for conciliation and an increasing number of conciliations have been held over the last seven financial years (reflecting the higher complaint numbers overall). The proportion of complaints recorded as resolved through conciliation has decreased from 46 per cent of complaints in 2017-18 to 33 per cent in 2023-24. The Commission did not meet its target of conciliating 40 per cent of complaints in 2021-22, 2022-23 or 2023-24, notwithstanding the additional resources provided through the October 2022 Budget.
  • The proportion of complaints terminated, declined or discontinued has grown, increasing from 40 per cent of complaints finalised in 2017–18 to 58 per cent of complaints finalised in 2023–24. (See paragraphs 4.4 to 4.34)

18. The AHRC is not obtaining reliable data on the extent to which complainants and respondents are satisfied with its complaint handling process.

  • Parties’ measured level of satisfaction with Commission’s complaint handling processes has been decreasing over time. Overall satisfaction decreased from 91 per cent in 2017–18 to 85 per cent in 2023–24.
  • Respondents and their representatives report higher levels of overall satisfaction than complainants do with AHRC complaint handling processes. Respondents also report higher levels of agreement that Commission processes are timely and fair.
  • The results of the surveys reported by the Commission are not demonstrably reliable and unbiased. Of note is that 61 per cent of participants were not sent the satisfaction survey over the seven years examined. Satisfaction surveys were most often sent to participants with conciliated (53 per cent of complainants and 51 per cent of respondents) and terminated or declined outcomes (53 per cent of complainants and 52 per cent of respondents). Complainants who withdraw their complaints or complainants whose complaints are discontinued by the AHRC were less likely to be surveyed. (See paragraphs 4.35 to 4.51)

Recommendations

Recommendation no. 1

Paragraph 2.50

The Australian Human Rights Commission strengthen its handling of complaints by:

  1. testing the market for an electronic complaints management system;
  2. establishing fit-for-purpose contractual arrangements for an electronic complaints management system; and
  3. establishing a formal process for quality assurance over the handling of individual complaints.

Australian Human Rights Commission response: Agreed.

Recommendation no. 2

Paragraph 3.10

The Australian Human Rights Commission improve the reliability and verifiability of its reported performance information by:

  1. documenting its methodology and data sources it uses to produce performance information;
  2. updating its guidance and practices to address data integrity, with a particular focus on updating guidance on deferrals and secondary matters; and
  3. establish processes to ensure quality assurance on reported performance information is undertaken and documented.

Australian Human Rights Commission response: Agreed.

Recommendation no. 3

Paragraph 3.26

The Australian Human Rights Commission improve its performance measures to include an explicit focus on the time it takes from the lodgement of the complaint until its finalisation.

Australian Human Rights Commission response: Agreed.

Recommendation no. 4

Paragraph 3.59

The Australian Human Rights Commission improve its management of complaint handling efficiency by developing an internal budget strategy that supports the delivery of its targets outlined in its Portfolio Budget Statement and Corporate Plan.

Australian Human Rights Commission response: Agreed in principle.

Recommendation no. 5

Paragraph 4.41

The Australian Human Rights Commission improve its approach to measuring complainant and respondent satisfaction with its complaint handling effectiveness by developing a methodology that obtains sufficient levels of reliable, representative feedback.

Australian Human Rights Commission response: Agreed.

Summary of entity response

19. The proposed audit report was provided to AHRC. The AHRC’s summary response is reproduced below. The full response from the AHRC is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

Providing people and organisations across Australia with a free, accessible and effective dispute resolution process for discrimination and human rights complaints is one of the Australian Human Rights Commission’s key statutory functions. It is also a core component of the Commission’s vision of an Australian society in which people’s human rights are respected, promoted and protected.

The Commission welcomes the ANAO’s report and agrees or agrees in principle with its five recommendations to improve our complaint handling function.

The Commission acknowledges that currently our complaint handling function is not timely. The COVID-19 pandemic generated an unprecedented rise in complaints. Complaint numbers have remained around 30% higher than pre-pandemic levels. This continues to adversely impact timeframes. Reducing these timeframes by ensuring the Commission’s complaint function is appropriately resourced is a key priority.

Implementing the recommendations will also strengthen the Commission’s collection and analysis of complaint performance information and public reporting.

The Commission acknowledges the professionalism, integrity and empathy of our staff who deliver our information and complaint handling services. They have supported thousands of Australians over the 7-year audit period to access justice on discrimination and the human rights issues affecting them.

Key messages from this audit for all Australian Government entities

20. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Policy/program design

Key learning reference
  • Accountable authorities should align the allocation of resources with the priorities and targets set for the organisation in corporate planning documentation.
Group title

Procurement

Key learning reference
  • When key management systems are sourced under contract, the contract should be current. Periodic market testing is important for entities to meet their obligations under the Commonwealth Procurement Rules, including demonstrating value for money and the principle of open and effective competition.
Group title

Performance and impact measurement

Key learning reference
  • When assessing client satisfaction, it is important that the methodology employed provides results that are representative and reliable.
Type: Financial statement audit
Report number: 22 of 2024-25
Portfolios: Across Entities
Entities: Across Entities
Date tabled/scheduled:
Audit Summary : show

Executive summary

The Australian National Audit Office (ANAO) publishes an annual audit work program (AAWP) which reflects the audit strategy and deliverables for the forward year. The purpose of the AAWP is to inform the Parliament, the public, and government sector entities of the planned audit coverage for the Australian Government sector by way of financial statements audits, performance audits, performance statements audits and other assurance activities. As set out in the AAWP, the ANAO prepares two reports annually that, drawing on information collected during financial statements audits, provide insights at a point in time of financial statements risks, governance arrangements and internal control frameworks of Commonwealth entities. These reports provide Parliament with an independent examination of the financial accounting and reporting of public sector entities.

These reports explain how entities’ internal control frameworks are critical to executing an efficient and effective audit and underpin an entity’s capacity to transparently discharge its duties and obligations under the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Deficiencies identified during audits that pose either a significant or moderate risk to an entity’s ability to prepare financial statements free from material misstatement are reported.

This report presents the final results of the 2023–24 audits of the Australian Government’s Consolidated Financial Statements (CFS) and 245 Australian Government entities. The Auditor-General Report No. 42 2023–24 Interim Report on Key Financial Controls of Major Entities, focused on the interim results of the audits of 27 of these entities.

Consolidated financial statements

Audit results

1. The CFS presents the whole of government and the General Government Sector financial statements. The 2023–24 CFS were signed by the Minister for Finance on 28 November 2024 and an unmodified auditor’s report was issued on 2 December 2024.

2. There were no significant or moderate audit issues identified in the audit of the CFS in 2023–24 or 2022–23.

Australian Government financial position

3. The Australian Government reported a net operating balance of a surplus of $10.0 billion ($24.9 billion surplus in 2022–23). The Australian Government’s net worth deficiency decreased from $570.3 billion in 2022–23 to $567.5 billion in 2023–24 (see paragraphs 1.8 to 1.26).

Financial audit results and other matters

Quality and timeliness of financial statements preparation

4. The ANAO issued 240 unmodified auditor’s reports as at 9 December 2024. The financial statements were finalised and auditor’s reports issued for 79 per cent (2022–23: 91 per cent) of entities within three months of financial year-end. The decrease in timeliness of auditor’s reports reflects an increase in the number of audit findings and legislative breaches identified by the ANAO, as well as limitations on the available resources within the ANAO in order to undertake additional audit procedures in response to these findings

5. A quality financial statements preparation process will reduce the risk of inaccurate or unreliable reporting. Seventy-one per cent of entities delivered financial statements in line with an agreed timetable (2022–23: 72 per cent). The total number of adjusted and unadjusted audit differences decreased during 2023–24, although 38 per cent of audit differences remained unadjusted. The quantity and value of adjusted and unadjusted audit differences indicate there remains an opportunity for entities to improve quality assurance over financial statements preparation processes (see paragraphs 2.138 to 2.154).

Timeliness of financial reporting

6. Annual reports that are not tabled in a timely manner before budget supplementary estimates hearings decrease the opportunity for the Senate to scrutinise an entity’s performance. Timeliness of tabling of entity annual reports improved. Ninety-three per cent (2022–23: 66 per cent) of entities that are required to table an annual report in Parliament tabled prior to the date that the portfolio’s supplementary budget estimates hearing commenced. Supplementary estimates hearings were held one week later in 2023–24 than in 2022–23. Fifty-seven per cent of entities tabled annual reports one week or more before the hearing (2022–23: 12 per cent). Of the entities required to table an annual report, 4 per cent (2022–23: 6 per cent) had not tabled an annual report as at 9 December 2024 (see paragraphs 2.155 to 2.166).

Official hospitality

7. Eighty-one per cent of entities permit the provision of hospitality and the majority have policies, procedures or guidance in place. Expenditure on the provision of hospitality for the period 2020–21 to 2023–24 was $70.0 million. Official hospitality involves the provision of public resources to persons other than officials of an entity to achieve the entity’s objectives. Entities that provide official hospitality should have policies, and guidance in place which clearly set expectations for officials. There are no mandatory requirements for entities in managing the provision of hospitality, however, the Department of Finance (Finance) does provide some guidance to entities in model accountable authority instructions. Of those entities that permit hospitality 83 per cent have established formal policies, guidelines or processes.

8. Entities with higher levels of exposure to the provision of official hospitality could give further consideration to implementing or enhancing compliance and reporting arrangements. Seventy-four per cent of entities included compliance requirements in their policies, procedures or guidance which support entity’s obtaining assurance over the conduct of official hospitality. Compliance processes included acquittals, formal reporting, attestations from officials and/or periodic internal audits. Thirty-one per cent of entities had established formal reporting on provision of official hospitality within their entities (see paragraphs 2.36 to 2.56).

Artificial intelligence

9. Fifty-six entities used artificial intelligence (AI) in their operations during 2023–24 (2022–23: 27 entities). Most of these entities had adopted AI for research and development activities, IT systems administration and data and reporting.

10. During 2023–24, 64 per cent of entities that used AI had also established internal policies governing the use of AI (2022–23: 44 per cent). Twenty-seven per cent of entities had established internal policies regarding assurance over AI use. An absence of governance frameworks for managing the use of emerging technologies could increase the risk of unintended consequences. In September 2024, the Digital Transformation Agency (DTA) released the Policy for the responsible use of AI in government, which establishes requirements for accountability and transparency on the use of AI within entities (see paragraphs 2.67 to 2.71).

Cloud computing

11. Assurance over effectiveness of cloud computing arrangements (CCA) could be improved. During 2023–24, 89 per cent of entities used CCAs as part of the delivery model for the IT environment, primarily software-as-a-service (SaaS) arrangements. A Service Organisation Controls (SOC) certificate provides assurance over the implementation, design and operating effectiveness of controls included in contracts, including security, privacy, process integrity and availability. Eighty-two per cent of entities did not have in place a formal policy or procedure which would require the formal review and consideration of a SOC certificate.

12. In the absence of a formal process for obtaining and reviewing SOC certificates, there is a risk that deficiencies in controls at a service provider are not identified, mitigated or addressed in a timely manner (see paragraphs 2.57 to 2.66).

Audit committee member rotation

13. Audit committee member rotation considerations could be enhanced. The rotation of audit committee membership is not mandated, though guidance to the sector indicates that rotation of members allows for a flow of new skills and talent through committees, supporting objectivity. Forty-six per cent of entities did not have a policy requirement for audit committee member rotation.

14. Entities could enhance the effectiveness of their audit committees by adopting a formal process for rotation of audit committee membership, which balances the need for continuity and objectivity of membership (see paragraphs 2.16 to 2.21).

Fraud framework requirements

15. The Commonwealth Fraud Control Framework 2017 encourages entities to conduct fraud risk assessments at least every two years and entities responsible for activities with a high fraud risk may assess risk more frequently. All entities had in place a fraud control plan. Ninety-seven per cent of entities had conducted a fraud risk assessment within the last two years. Changes to the framework which occurred on 1 July 2024 requires entities to expand plans to take account of preventing, detecting and dealing with corruption, as well as periodically examining the effectiveness of internal controls (see paragraphs 2.16 to 2.21).

Summary of audit findings

16. Internal controls largely supported the preparation of financial statements free from material misstatement. However, the number of audit findings identified by the ANAO has increased from 2023–24. A total of 214 audit findings and legislative breaches were reported to entities as a result of the 2023–24 financial statements audits. These comprised six significant, 46 moderate, 147 minor audit findings and 15 legislative breaches. The highest number of findings are in the categories of:

  • IT control environment, including security, change management and user access;
  • compliance and quality assurance frameworks, including legal conformance; and
  • accounting and control of non-financial assets.

17. IT controls remain a key issue. Forty-three per cent of all audit findings identified by the ANAO related to the IT control environment, particularly IT security. Weaknesses in controls in this area can expose entities to an increased risk of unauthorised access to systems and data, or data leakage. The number of IT findings identified by the ANAO indicate that there remains room for improvement across the sector to enhance governance processes supporting the design, implementation and operating effectiveness of controls.

18. These audits findings included four significant legislative breaches, one of which was first identified since 2012–13. The majority (53 per cent) of other legislative breaches relate to incorrect payments of remuneration to key management personnel and/or non-compliance with determinations made by the Remuneration Tribunal. Entities could take further steps to enhance governance supporting remuneration to prevent non-compliance or incorrect payments from occurring (see paragraphs 2.72 to 2.137).

Financial sustainability

19. An assessment of an entity’s financial sustainability can provide an indication of financial management issues or signal a risk that the entity will require additional or refocused funding. The ANAO’s analysis concluded that the financial sustainability of the majority of entities was not at risk (see paragraphs 2.167 to 2.196).

Reporting and auditing frameworks

Changes to the Australian public sector reporting framework

20. The development of a climate-related reporting framework and assurance regime in Australia continues to progress. ANAO consultation with Finance to establish an assurance and verification regime for the Commonwealth Climate Disclosure (CCD) reform is ongoing (see paragraphs 3.20 to 3.24).

21. Emerging technologies (including AI) present opportunities for innovation and efficiency in operations by entities. However, rapid developments and associated risks highlight the need for Accountable Authorities to implement effective governance arrangements when adopting these technologies. The ANAO is incorporating consideration of risks relating to the use of emerging technologies, including AI, into audit planning processes to provide Parliament with assurance regarding the use of AI by the Australian Government (see paragraphs 3.25 to 3.33).

22. The ANAO Audit Quality Report 2023–24 was published on 1 November 2024. The report demonstrates the evaluation of the design, implementation and operating effectiveness of the ANAO’s Quality Management Framework and achievement of ANAO quality objectives (see paragraphs 3.34 to 3.39).

23. The ANAO Integrity Report 2023–24 and the ANAO Integrity Framework 202425 were also published on 1 November 2024 to provide transparency of the measures undertaken to maintain a high integrity culture within the ANAO (see paragraphs 3.44 to 3.46).

Cost of this report

24. The cost to the ANAO of producing this report is approximately $445,000.