Audit snapshot

Why did we do this audit?

  • This audit was conducted to provide: increased transparency over the Digital Transformation Agency’s (DTA’s) procurement framework; assurance that the DTA’s procurement of ICT-related services is being conducted effectively; and assurance that the DTA is effectively managing contracts to deliver on intended objectives and achieve value for money.

Key facts

  • The DTA is a non-corporate Commonwealth entity and is subject to the Commonwealth Procurement Rules (CPRs).
  • The ANAO examined nine DTA procurements with published start dates in 2019–20 and 2020–21, with a combined reported value of $54.5 million. Of these: one was an open tender; seven were panel procurements (including four where the DTA approached one supplier off the panel); and one was a limited tender.

What did we find?

  • The DTA's procurement of ICT-related services has been ineffective for the nine procurements examined by the ANAO.
  • The DTA has established a procurement framework, but its implementation and oversight has been weak.
  • For the procurements examined by the ANAO, the DTA did not conduct the procurements effectively and its approach fell short of ethical requirements.
  • For the procurements examined by the ANAO, the DTA has not managed contracts effectively.

What did we recommend?

  • There were eight recommendations to the DTA aimed at improving compliance with the CPRs and ensuring officials have a sufficient understanding of procurement requirements.
  • There was one recommendation to the Australian Government aimed at improving transparency on the reporting of panel procurements by Australian Government entities.

$122.8m

DTA expenses for procuring goods and services from suppliers in 2019–20 and 2020–21.

4

Number of the DTA’s five highest value procurements in 2019–20 and 2020–21 that involved an approach to only one supplier.

40 times

Increase in contract value (over two years) for one direct-approach procurement examined — from $121,000 to almost $5 million.

Summary and recommendations

Background

1. The Digital Transformation Agency (DTA) was established in October 2016, absorbing the former Digital Transformation Office, which had been established in March 2015. In April 2021, the DTA moved to the Prime Minister and Cabinet portfolio and its mandate was updated. In July 2022, the DTA moved to the Finance portfolio. The DTA’s 2021–22 corporate plan describes its priorities as: 1) direction setting — being a trusted advisor on digital and ICT investment decisions and driving strategic whole-of-government digital policy and advice; and 2) implementation oversight — ensuring alignment to digital strategies and priorities and simplifying digital procurement to reduce costs and increase reuse.

2. Under the Public Governance, Performance and Accountability Act 2013 (PGPA Act), an entity’s accountable authority has a duty to promote the proper (efficient, effective, economical and ethical) use and management of public resources. Under the PGPA Act, the Finance Minister issues the Commonwealth Procurement Rules (CPRs) for officials to follow when performing duties in relation to procurement.1 The CPRs govern how entities buy goods and services and are designed to ensure the government and taxpayers get value for money.

3. Achieving value for money is the core rule of the CPRs, which requires ‘the consideration of financial and non-financial costs and benefits associated with procurement’.2 The CPRs state that ‘Officials responsible for a procurement must be satisfied, after reasonable enquiries, that the procurement achieves a value for money outcome’.

4. After a procurement has been undertaken and a contract awarded, an entity needs to manage the contract. Contract management includes establishing contract management arrangements, managing contract performance, ensuring objectives are met and value for money is achieved, and reporting on contracts and variations.

Rationale for undertaking the audit

5. Procurement is a core function of the DTA. This audit was conducted to provide: increased transparency over the DTA’s procurement framework; and assurance to the Parliament that the DTA’s procurement of ICT-related services is being conducted effectively and that the DTA is effectively managing contracts to deliver on intended objectives and achieve value for money.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of the DTA’s procurement of ICT-related services.

7. To form a conclusion against the audit objective, the ANAO adopted the following high-level criteria:

  • Has the DTA established a sound procurement framework?
  • Has the DTA conducted procurements effectively?
  • Has the DTA managed contracts effectively?

8. The audit scope did not include the establishment of whole of Australian Government arrangements, which are set up for Commonwealth entities to use when procuring certain goods or services. These are either coordinated or cooperative procurements, some of which are mandatory for use, and generally result in overarching contracts or panel arrangements. The audit scope also did not include the establishment of ICT-related panels, such as the Digital Marketplace panel, which was the subject of an ANAO audit in 2020.3

9. The ANAO examined a sample of nine procurements for ICT-related services undertaken by the DTA with a published start date between 1 July 2019 and 30 June 2021. The nine procurements were selected for review on the basis of value, risk, relevance and type of procurement and included seven of the DTA’s nine highest value procurements over this period (excluding whole-of-government procurements). As most of the DTA’s ICT-related services are procured through the Digital Marketplace panel, seven of the procurements selected for examination were undertaken through this panel (which was established through an open tender). In addition, the ANAO selected one procurement that was conducted as an open tender and one that was conducted as a limited tender. The selected procurements range in value from $127,334 to $28.1 million.

10. The period within the audit scope includes the start of the COVID-19 pandemic. The pace of the Australian Government’s response to the pandemic increased the risks involved in procurements, particularly where procurements were undertaken on shortened timeframes or transferred from one entity to another.

Conclusion

11. The DTA’s procurement of ICT-related services has been ineffective for the nine ICT-related procurements examined by the ANAO.

12. The DTA has established a procurement framework, but its implementation and oversight has been weak. The DTA has Accountable Authority Instructions and procurement policies and guidance that align with relevant aspects of the finance law. However, the DTA has not been following its internal policies and procedures, and there are weaknesses in its governance, oversight and probity arrangements for procurements.

13. For the nine ICT-related procurements examined by the ANAO, the DTA did not conduct the procurements effectively and its approach fell short of ethical requirements.4 None of these procurements fully complied with the CPRs. The DTA did not conduct approach to market or tender evaluation processes effectively, and it did not consistently provide sound advice to decision-makers. The DTA’s frequent direct sourcing of suppliers using panel arrangements does not support the intent of the CPRs including the achievement of value for money.

14. For procurements examined by the ANAO, the DTA has not managed contracts effectively. The DTA has not established effective contract management arrangements. While its contracts include performance expectations, the DTA has not effectively monitored performance against these expectations. The DTA has not effectively managed contracts to deliver against the objectives of the procurements and to achieve value for money. Its management of one of the examined procurements fell particularly short of ethical requirements, with the DTA changing the scope and substantially increasing the value of the contract through 10 variations.

Supporting findings

Procurement framework

15. The DTA has established a procurement framework that aligns with the CPRs and the PGPA Act. This framework includes Accountable Authority Instructions with clear guidance on the duties of officials when conducting a procurement, and policies and guidance on key aspects of procurement. (See paragraphs 2.2 to 2.7)

16. The DTA has established governance and oversight arrangements for procurements, but there are weaknesses in these arrangements. The DTA’s Executive Board has had limited oversight of procurement risks. While the DTA has sound guidance on risk and fraud management, this guidance has not been systematically applied for procurements examined in this audit. Completion rates for fraud awareness and procurement training are low, and a 2019 internal audit found issues with procurement that have not been addressed. (See paragraphs 2.8 to 2.48)

17. For procurements examined by the ANAO, the DTA has not followed its internal probity guidelines, including requirements for declaring activity-specific conflicts of interest. The DTA’s policies and practices regarding receiving gifts and benefits did not meet whole-of-government requirements. (See paragraphs 2.49 to 2.78)

Procurement activity

18. The DTA did not conduct approach to market processes effectively for procurements examined by the ANAO. Procurements did not comply with CPR requirements to: estimate the value of the procurement prior to determining the procurement approach; assess risks to the procurement; and maintain appropriate records of the approach to market. Further, the DTA’s frequent direct sourcing of suppliers using panel arrangements such as the Digital Marketplace does not support the intent of the CPRs. (See paragraphs 3.2 to 3.44)

19. For procurements examined by the ANAO, the DTA did not conduct tender evaluation processes effectively. Evaluation plans were not consistently prepared, and evaluations did not consistently use fit-for-purpose evaluation criteria. None of the examined procurements fully complied with CPR requirements to: consider value for money; notify unsuccessful tenderers of the outcomes of procurements; and maintain appropriate records of the approach to market. (See paragraphs 3.46 to 3.65)

20. The DTA did not consistently provide sound advice to decision-makers. Advice generally did not include whether selected tenderers would achieve value for money or how risks were considered. Advice usually included information on the whole-of-life value and total contract amount, the method used to request quotes from suppliers, scoring from evaluations and the rationale for the recommended supplier. (See paragraphs 3.66 to 3.76)

Contract management

21. The DTA has not established effective contract management arrangements for the procurements examined by the ANAO. None of the nine procurements had a contract management plan. The DTA did not consistently report contract variations to AusTender within 42 days or with the correct value. All nine procurements had issues with the timeliness of payments, and there were weaknesses in the DTA’s internal payment controls that led to duplicate payments being made. (See paragraphs 4.2 to 4.24)

22. Contracts for procurements examined by the ANAO generally included performance expectations, but the DTA has not been effectively monitoring performance against these expectations. The DTA has not been consistently documenting its performance monitoring activities or its verification of services delivered. (See paragraphs 4.25 to 4.31)

23. For the procurements examined by the ANAO, the DTA has not managed contracts effectively to deliver against the objectives of the procurements and to achieve value for money. Value for money was not adequately considered for contract variations relating to the procurements. The DTA varied seven of the nine procurements examined by the ANAO. In one case, a directly sourced contract was ‘leveraged’ multiple times, increasing in value by 40 times with substantial changes to scope. Varying a contract in this way is not consistent with ethical requirements. (See paragraphs 4.32 to 4.42)

Recommendations

24. This report makes nine recommendations: one directed to the Australian Government; and eight directed to the Digital Transformation Agency.

Recommendation no. 1

Paragraph 2.31

The Digital Transformation Agency implement a system of risk management that ensures procurement risks are being monitored, managed and escalated appropriately.

Digital Transformation Agency response: Agreed.

Recommendation no. 2

Paragraph 2.45

The Digital Transformation Agency:

  1. implement a strategy to ensure all officials complete its fraud awareness and mandatory procurement and finance training; and
  2. strengthen its processes to ensure that potential fraud and probity breaches are investigated in accordance with its policies and that appropriate follow-up action is taken.

Digital Transformation Agency response: Agreed.

Recommendation no. 3

Paragraph 2.68

The Digital Transformation Agency:

  1. establish an internal control to ensure that officials directly involved in procurements make activity-specific declarations of interest; and
  2. maintain a register of declared interests.

Digital Transformation Agency response: Agreed.

Recommendation no. 4

Paragraph 3.33

The Digital Transformation Agency align its approach to market processes with the Commonwealth Procurement Rules, with a focus on:

  1. estimating the expected value of a procurement before a decision on the procurement method is made;
  2. establishing processes to identify, analyse, allocate and treat risk; and
  3. maintaining a level of documentation commensurate with the scale, scope and risk of the procurement.

Digital Transformation Agency response: Agreed.

Recommendation no. 5

Paragraph 3.44

The Australian Government implement reporting requirements for procurements from standing offers, such as panels, to provide transparency on whether an opportunity was open to all suppliers and, if not, how many suppliers were approached.

Department of Finance response: Noted.

Recommendation no. 6

Paragraph 3.65

The Digital Transformation Agency improve its tender evaluation processes to:

  1. align them with the Commonwealth Procurement Rules; and
  2. incorporate evaluation criteria to better enable the proper identification, assessment and comparison of submissions on a fair and transparent basis.

Digital Transformation Agency response: Agreed.

Recommendation no. 7

Paragraph 3.76

The Digital Transformation Agency improve its procurement processes to ensure decision-makers are provided complete advice, including information on risk and how value for money would be achieved.

Digital Transformation Agency response: Agreed.

Recommendation no. 8

Paragraph 4.24

The Digital Transformation Agency:

  1. improve its training and management of internal payment controls; and
  2. conduct an internal compliance review or audit within the next 12 months to verify the effectiveness of its payment controls.

Digital Transformation Agency response: Agreed.

Recommendation no. 9

Paragraph 4.42

The Digital Transformation Agency strengthen its internal guidance and controls to ensure officials do not vary contracts to avoid competition or obligations and ethical requirements under the Commonwealth Procurement Rules.

Digital Transformation Agency response: Agreed.

Summary of entity responses

Digital Transformation Agency

The Digital Transformation Agency (DTA) welcomes this review and agrees with the ANAO’s focus on providing increased transparency over the DTA’s internal procurement framework with a view to ensuring contracts are managed effectively and value for money is achieved.

While the audit report identifies shortfalls in relation to internal procurement processes, controls and education, each of the sampled procurements still achieved their intended outcomes and supported critical delivery requirements in an unprecedented pandemic environment.

The DTA has established a procurement framework that aligns with the Commonwealth Procurement Rules (CPRs) and the Public Governance, Performance and Accountability Act 2013 (PGPA Act). It has been designed for and remains committed to achieving value for money in ways that are efficient, effective, economical and ethical.

To further strengthen the framework internally and how the agency conducts its procurements, the DTA accepts all identified opportunities for improvement and agrees with each of the eight recommendations (1-4, 6-9) as proposed in the Report.

DTA is already actively working to address all recommendations and has introduced additional controls that will assist in driving the required uplift and strengthening of its procurement processes, overarching contract management, probity, and conflicts of interest posture.

Department of Finance

Finance notes [Recommendation 5]. Finance will consider options for entities to report on how many suppliers have been approached from a standing offer arrangement, and options to enhance functionality for reporting contract notices from standing offers in future updates to AusTender.

Key messages from this audit for all Australian Government entities

Below is a summary of key messages that have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Governance

Key learning reference
  • Accountable authorities and senior executives should set an appropriate tone from the top to encourage a culture of ethical behaviour within their entities and procurement practices that achieve value for money for the Australian Government.
  • Accountable authorities should establish appropriate controls and maintain sufficient oversight to ensure their entities support the intent of the Commonwealth Procurement Rules, including encouraging competition, behaving ethically and achieving value for money.
Group title

Procurement

Key learning reference
  • Entities should seek multiple quotes for a procurement to generate competitive tension and achieve value for money. When using a procurement panel, it is better practice to approach multiple suppliers within a relevant category, and, if not approaching all suppliers, to have a systematic selection process and documented rationale for the specific suppliers that are, and are not, approached.
Group title

Contract management

Key learning reference
  • Entities should ensure they do not significantly change the scope of procurement contracts through variations. Further, they should not extend a contract due to a failure to appropriately plan procurement needs, to continue supplier relationships, to avoid competition or to avoid obligations under the Commonwealth Procurement Rules.

1. Background

Introduction

1.1 Procurement is the process of acquiring goods and services. Procurement of goods and services is integral to the conduct of Australian Government activity and a core function of the Commonwealth public sector.

1.2 Under the Public Governance, Performance and Accountability Act 2013 (PGPA Act), an entity’s accountable authority has a duty to promote the proper (efficient, effective, economical and ethical) use and management of public resources. Under the PGPA Act, the Finance Minister issues the Commonwealth Procurement Rules (CPRs) for officials to follow when performing duties in relation to procurement.5 The CPRs govern how entities buy goods and services and are designed to ensure the government and taxpayers get value for money. The CPRs state:

[Procurement] begins when a need has been identified and a decision has been made on the procurement requirement. Procurement continues through the processes of risk assessment, seeking and evaluating alternative solutions, and the awarding and reporting of a contract.6

1.3 Achieving value for money is the core rule of the CPRs, which requires ‘the consideration of financial and non-financial costs and benefits associated with procurement’.7 The CPRs state that ‘Officials responsible for a procurement must be satisfied, after reasonable enquiries, that the procurement achieves a value for money outcome’ and that procurements should:

  • encourage competition and be non-discriminatory;
  • use public resources in an efficient, effective, economical and ethical manner that is not inconsistent with the policies of the Commonwealth;
  • facilitate accountable and transparent decision making;
  • encourage appropriate engagement with risk; and
  • be commensurate with the scale and scope of the business requirement.8

1.4 The CPRs are supported by tools such as the AusTender reporting system, guidance material and templates developed and maintained by the Department of Finance (Finance).

Procurement methods

1.5 There are two main procurement methods: open tender and limited tender.

  • Open tender involves publishing an open approach to market and inviting submissions. This includes multi-stage procurements, provided the first stage (such as setting up a panel) is an open approach to market.9 Open tender is the default for all procurements valued above the relevant threshold.10
  • Limited tender involves an entity approaching one or more potential suppliers to make submissions. These can be undertaken for any procurement under the relevant threshold where it represents value for money. For procurements above the relevant threshold, limited tender can only be used where it is specifically allowed by the CPRs, and the reasons for the limited tender must be reported on AusTender.

1.6 A standing offer arrangement, such as a panel arrangement, can be established through an open tender or limited tender process. Panel arrangements are a way to procure goods or services regularly acquired by entities. In a panel arrangement, suppliers have been appointed to supply goods or services for a set period of time under agreed terms and conditions. Once a panel has been established, an entity may approach one or more suppliers to seek a quote for a particular procurement. Finance’s guidance on panel procurements states:

Wherever possible, you should approach more than one supplier on a Panel for a quote. Even though value for money has been demonstrated for the supplier to be on a panel, you will still need to demonstrate value for money when engaging from a Panel, and competition is one of the easier ways to demonstrate this.11

Contract management

1.7 After a procurement has been undertaken and a contract awarded, an entity needs to manage the contract. Finance states that ‘good contract management is an essential component in achieving value for money’ and defines contract management as:

all the activities undertaken by an entity, after the contract has been signed or commenced, to manage the performance of the contract (including any corrective action) and to achieve the agreed outcomes.12

1.8 Finance’s guidance on contract management states: ‘When managing contracts, officials operate in a complex environment of legislation and Commonwealth policy’. This includes but is not limited to: the PGPA Act; the Public Governance, Performance and Accountability Rule 2014; the CPRs; Accountable Authority Instructions; and resource management guides (RMGs) (such as RMG 400 Commitment of Relevant Money, RMG 411 Grants, Procurements and Other Financial Arrangements and RMG 417 Supplier Pay On-Time or Pay Interest Policy).13

1.9 Contract management includes establishing contract management arrangements, managing contract performance, ensuring objectives are met and value for money is achieved, and reporting on contracts and variations.

Digital Transformation Agency

1.10 The Digital Transformation Agency (DTA) was established in October 2016, absorbing the former Digital Transformation Office, which had been established in March 2015. In April 2021, the DTA moved to the Prime Minister and Cabinet portfolio and its mandate was updated. In July 2022, the DTA moved to the Finance portfolio. The DTA’s purpose and priorities have changed over this period — from a focus on delivering ICT-related programs in 2019–20 to a focus on providing ICT investment advice and oversight in 2021–22 (as shown in Table 1.1).

Table 1.1: DTA purpose and priorities, 2019–20 to 2021–22

 

2019–20

2020–21

2021–22

Purpose

We lead digital transformation in government to make services simple, smart and user-focused.

Simple, clear and fast public services.

Provide strategic and policy leadership and investment advice and oversight to drive government digital transformation that delivers benefits to all Australians.

Priorities

Deliver whole-of-government strategies, policies and advice to support the Government’s digital and ICT agenda.

Design, deliver and support common, government-wide platforms and services that enable digital transformation.

Deliver a program of digital and ICT capability improvement, including sourcing, to enhance capability and skills across the Australian Public Service (APS).

Drive collaboration and partnerships to enable and accelerate he digital transformation of government services.

Lead whole-of-government digital and ICT strategies, policies and advice that enable modern, efficient and joined-up services.

Coordinate and drive common platforms, technologies and services that enhance user experiences by making government simple, clear and fast.

Build the digital profession to enhance digital and ICT skills and capabilities across the APS.

Collaborate and partner, both nationally and internationally, to accelerate the digital transformation of government services.

Direction setting:

We are a trusted advisor on digital and ICT investment decisions;

We drive strategic whole-of-government digital policy and advice.

Implementation oversight:

We ensure alignment to digital strategies and priorities;

We simplify digital procurement to reduce costs and increase reuse.

       

Source: ANAO analysis of DTA Corporate Plans for 2019–20, 2020–21 and 2021–22.

DTA’s procurement activities

1.11 The DTA spends most of its budget through procurement. In 2020–21, the DTA’s expenses were $119.9 million, of which $77.6 million (65 per cent) was used for procuring goods and services from suppliers, as shown in Table 1.2. The profile of the DTA’s procurement activities has changed since DTA’s mandate changed in 2021–22, with the DTA moving away from the direct delivery of ICT projects.

Table 1.2: DTA expenses, including expenses for procuring goods and services from suppliers, 2019–20 and 2020–21

Expenses

2019–20

$’000

2020–21

$’000

Suppliers (procuring goods and services)

45,158

77,613

Employee benefits

32,262

36,645

Othera

4,941

5,622

Total expenses

82,361

119,880

     

Note a: Depreciation and amortisation, impairment loss on financial instruments, write-down and impairment of other assets and finance costs.

Source: ANAO analysis of DTA Annual Reports for 2019–20 and 2020–21.

Rationale for undertaking the audit

1.12 Procurement is a core function of the DTA. This audit was conducted to provide: increased transparency over the DTA’s procurement framework; and assurance to the Parliament that the DTA’s procurement of ICT-related services is being conducted effectively and that the DTA is effectively managing contracts to deliver on intended objectives and achieve value for money.

Audit approach

Audit objective, criteria and scope

1.13 The objective of the audit was to assess the effectiveness of the DTA’s procurement of ICT-related services.

1.14 To form a conclusion against the audit objective, the ANAO adopted the following high-level criteria:

  • Has the DTA established a sound procurement framework?
  • Has the DTA conducted procurements effectively?
  • Has the DTA managed contracts effectively?

1.15 The audit scope did not include the establishment of whole of Australian Government arrangements that are set up for Commonwealth entities to use when procuring certain goods or services. These are either coordinated or cooperative procurements, some of which are mandatory for use, and generally result in overarching contracts or panel arrangements. The audit scope also did not include the establishment of ICT-related panels, which was the subject of an ANAO audit in 2020.14

Procurements examined in this audit

1.16 The ANAO examined a sample of nine procurements for ICT-related services undertaken by the DTA with a published start date between 1 July 2019 and 30 June 2021. The nine procurements were selected based on value, risk, relevance and type of procurement and included seven of the nine highest value procurements (excluding whole-of-government procurements). As most of the DTA’s ICT-related services are procured through the Digital Marketplace panel, seven of the procurements selected for examination were undertaken through this panel (which was established through an open tender).15 In addition, the ANAO selected one procurement that was conducted as an open tender and one that was conducted as a limited tender. The selected procurements range in value from $127,334 to $28.1 million — with a total value of $54.5 million, as shown in Table 1.3.

Table 1.3: Nine procurements examined during this audit, by value

Procurement

Description

Method

Start date

Value as at July 2022

myGov Upgrade Horizon 1a (CN3678817)

Enhancements to the myGov portal, intended to make it easier to access government services and information. Direct approach. Contract awarded to Deloitte Consulting Pty Ltd Australia (Deloitte).

Digital Marketplace Panel

(Open Tender)

 

 

 

 

 

23 Mar 20

$28,130,966

Hardening Government IT (HGIT) Program Support (CN3743099)

Support for the delivery of the HGIT program, intended to improve cyber security. Initial approach to 16 suppliers. Second direct approach. Contract awarded to CyberCX Pty Ltd (CyberCX).

4 Jan 21

$8,515,313

COVIDSafe App Developmenta (CN3669719)

Development of the COVIDSafe App, a COVID-19 contact tracing app. Direct approach. Contract awarded to Delv Pty Ltd (Delv).

30 Mar 20

$6,069,929

myGov Funding Case Support (CN3698013)

Drafting of funding case documentation for myGov Horizon 2 stream. Direct approach. Contract awarded to Nous Group Australia (Nous Group).

25 May 20

$4,942,080

GovDesk Development (CN3628140)

Development of a secure cloud-based desktop environment (GovDesk). 17 suppliers approached. Contract awarded to Oobe Pty Ltd (Oobe).

4 Sep 19

$2,327,863

myGov and Digital Identity Charging Framework (CN3781425)

Development of a Digital Identity Charging Framework and a pricing review for MyGov. Four suppliers approached. Contract awarded to ConceptSix Pty Ltd (ConceptSix).

7 Jun 21

$2,281,077

COVIDSafe App Enhancementsa (CN3716937)

Support for the development and enhancement of the COVIDSafe App. Nine suppliers approached. Contract awarded to Shine Solutions Group Trust (Shine Solutions Group).

 

10 Aug 20

$1,440,892

Record Management Software (CN3752974)

Record Management Software. Approach to the open market. Contract awarded to Recordpoint Software APAC Pty Ltd (Recordpoint).

Open Tender

2 Mar 21

$522,000

Workflow Ticketing Software (CN3717154)

Workflow Ticketing Software for the DTA. Direct approach. Contract awarded to Zendesk Pty Ltd (Zendesk).

Limited Tender

14 Sep 20

$127,334

Total

$54,357,454

         

Note a: This procurement related to the Australian Government’s response to the COVID-19 pandemic.

Source: ANAO analysis of DTA and AusTender data.

1.17 The period within the audit scope includes the start of the COVID-19 pandemic. The pace of the Australian Government’s response to the pandemic increased the risks involved in procurements, particularly where procurements were undertaken on shortened timeframes or transferred from one entity to another. Three of the nine procurements in the ANAO’s sample relate to the Australian Government’s response to the pandemic: myGov Upgrade Horizon 1; COVIDSafe App Development; and COVIDSafe App Enhancements. Paragraph 2.6 of the CPRs states that the CPRs do not apply to the extent that an official applies measures determined by their accountable authority to be necessary for the protection of human health. The DTA did not set aside the CPRs under paragraph 2.6 of the CPRs for any of the nine procurements.

1.18 As shown in Table 1.4, the value of the procurements in the ANAO’s sample represents approximately 44 per cent of the DTA’s procurement expenses during 2019–20 and 2020–21 (not including procurements through the ICT Coordinated Procurement Special Account16, which were out of the audit scope).

Table 1.4: Value of procurements in the ANAO sample as a percentage of total DTA procurement expenses

DTA Expenses

2019–20

$’000

2020–21

$’000

Total for 2019–20 and 2020–21

$’000

Value and % of ANAO sampled procurements

$’000

Suppliers (procuring goods and services)

45,158

77,613

122,771

54,357

(44%)

         

Source: ANAO analysis of DTA Annual Reports for 2019–20 and 2020–21 and AusTender data.

Audit methodology

1.19 To address the audit criteria and achieve the audit objective, the audit team:

  • examined relevant DTA and AusTender documentation;
  • conducted meetings with DTA senior officials and officials involved in the procurement framework and procurement activities; and
  • discussed elements of the audit relating to Australian Government procurement policy and guidelines with the Department of Finance.

1.20 In addition to a draft audit report being provided to the DTA, extracts of the draft audit report were provided to: the Department of Finance; ConceptSix; CyberCX; Delv; and Nous Group. Formal responses were provided to the ANAO by the DTA, the Department of Finance and CyberCX (see Appendix A).

1.21 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $442,000.

1.22 The team members for this audit were Jennifer Eddie, Elizabeth Robinson, Sam Jones, Graeme Corbett, Grace Sixsmith, Christine Chalmers and Daniel Whyte.

2. Procurement framework

Areas examined

This chapter examines whether the Digital Transformation Agency (DTA) has established a sound procurement framework.

Conclusion

The DTA has established a procurement framework, but its implementation and oversight has been weak. The DTA has Accountable Authority Instructions and procurement policies and guidance that align with relevant aspects of the finance law. However, the DTA has not been following its internal policies and procedures, and there are weaknesses in its governance, oversight and probity arrangements for procurements.

Areas for improvement

The ANAO made three recommendations aimed at: strengthening the DTA’s management of procurement risks and probity issues; strengthening its processes for investigating potential fraud and probity breaches and increasing fraud awareness and procurement training; and improving its processes for declaring interests.

The ANAO also identified three opportunities for improvement, which relate to: strengthening probity guidelines; providing training on identifying and avoiding conflicts of interest; and publishing a register of gifts and benefits received by the Chief Executive Officer (CEO).

2.1 This chapter examines whether the DTA has established a sound procurement framework. A procurement framework includes procurement instructions, policies and guidance and is supported by governance, oversight and probity arrangements. A sound framework helps ensure that: procurements are undertaken effectively, ethically and in compliance with relevant rules and legislation; entities properly use and manage public resources; and procurements achieve their objectives and value for money outcomes.

Has the DTA established a procurement framework that aligns with the CPRs and the PGPA Act?

The DTA has established a procurement framework that aligns with the Commonwealth Procurement Rules (CPRs) and the Public Governance, Performance and Accountability Act 2013 (PGPA Act). This framework includes Accountable Authority Instructions with clear guidance on the duties of officials when conducting a procurement, and policies and guidance on key aspects of procurement.

Accountable Authority Instructions

2.2 Section 20A of the PGPA Act states: ‘the accountable authority of a Commonwealth entity may, by written instrument, give instructions to an official of the entity about any matter relating to the finance law’. The Department of Finance (Finance) provides further guidance in its Resource Management Guide (RMG) 206 on Accountable Authority Instructions.17

2.3 The DTA has established Accountable Authority Instructions that align with the requirements of section 20A of the PGPA Act and with RMG 206. Two versions of the Accountable Authority Instructions were in place during the period examined by the audit – one was approved by the CEO in September 2018 and the second in May 2021. Both versions of the instructions stated the key duties and responsibilities of officials under the PGPA Act, including:

  • requirements for entering into commitments of relevant money (section 23); and
  • the general duties of officials (sections 25 to 29), such as the duties: of care and diligence; to act honestly, in good faith and for a proper purpose; in relation to use of position; in relation to use of information; and to disclose interests.

2.4 The May 2021 version of the Accountable Authority Instructions included clearer references to requirements under the PGPA Act relating to:

  • the proper use and management of public resources (section 15); and
  • establishing appropriate systems of risk management and internal control (section 16).

2.5 Both versions of the Accountable Authority Instructions stated that all officials undertaking a procurement must: comply with the CPRs, PGPA Act and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule); treat all potential suppliers to government equitably; act ethically throughout a procurement; and not seek to obtain benefit from supplier practices that may be dishonest, unethical or unsafe.

Procurement policies and guidance

2.6 The DTA has established other procurement policies and guidance to assist staff with understanding their duties and procurement processes, such as:

  • finance policies on simple and medium procurement, panel procurement and limited tender procurement;
  • PGPA Act operational guidelines;
  • intranet pages on procurement processes, delegations, risk management and contract management;
  • a Probity Guideline and Declaration of Interest Policy; and
  • a Fraud and Corruption Control Plan.

2.7 These policies and guidance were largely appropriate and available to staff on the DTA intranet.18 The application of the DTA’s procurement policies and instructions are discussed, where relevant, throughout this report.

Has the DTA established sound governance and oversight arrangements for procurements?

The DTA has established governance and oversight arrangements for procurements, but there are weaknesses in these arrangements. The DTA’s Executive Board has had limited oversight of procurement risks. While the DTA has sound guidance on risk and fraud management, this guidance has not been systematically applied for procurements examined in this audit. Completion rates for fraud awareness and procurement training are low, and a 2019 internal audit found issues with procurement that have not been addressed.

2.8 In its Annual Report 2020–21, the DTA described its governance framework as including (in addition to policies and instructions and corporate and business planning): governance committees (Executive Board and Audit Committee); risk and fraud management; and internal audit and assurance activities.

Executive Board

2.9 The Executive Board is the DTA’s primary governance forum. It meets monthly and comprises the senior leadership team. According to its terms of reference, the Executive Board is to determine strategic direction, manage overall performance, and provide advice on the administration and operations of the DTA, including, but not limited to, the:

  • development and implementation of systems, processes, and internal controls for the management of the DTA’s risks;
  • consideration of investment proposals;
  • prioritisation and allocation of resources; and
  • changes to scope, schedule and budget for internal mandates.

2.10 The Executive Board receives updates on DTA programs and projects on an ad hoc basis, which includes those undertaken through contracts with suppliers.

2.11 In 2020–21, the Executive Board did not consider procurements or provide advice on managing procurement risk. The DTA’s 2020–21 Corporate Plan stated that the DTA actively manages risks at its Executive Board meetings. However, risk management was not included as an agenda item for any of the Executive Board meetings in 2020–21.

2.12 From September 2021 the Board added a standing agenda item on ‘DTA governance and oversight’, which was intended to include discussions on ‘strategy, people and risk management’.

  • At the September 2021 meeting, under this item, the Executive Board: discussed the development of strategic and organisational risk management processes; decided to run a risk management session to identify significant strategic and organisational risks; and agreed to include regular risk management updates in future meetings. This discussion resulted in the following action item: ‘The Board undertake a strategic and organisational risk assessment process and report back against it on a regular basis’.
  • At the next meeting in October 2021 there was a ‘nil’ report under the new agenda item on governance and oversight. The meeting papers recommended that the risk management action item be closed, with the update: ‘A strategic and operational risk assessment was performed and included in the final version of the Corporate Plan published end of August 2021’.19

2.13 The standing agenda item on governance and oversight remained on the agenda, but there was no evidence that risk management was discussed at the five meetings between November 2021 and March 2022. At the April 2022 meeting, there was an additional agenda item on the ‘DTA Strategic Risk Assessment Review’, and a paper was provided that outlined five strategic risks with related controls and treatments. This was the first evidence of substantive consideration of risk by the DTA’s Executive Board during the period examined by this audit. None of the five strategic risks outlined in the paper related to procurement of ICT-related services.

Audit Committee

2.14 Section 17 of the PGPA Rule states that an accountable authority ‘must, by written charter, determine the functions of the audit committee for the entity’ and these functions must include reviewing the appropriateness of the entity’s: financial and performance reporting; system of risk oversight and management; and system of internal control.

2.15 The DTA’s Audit Committee Charter includes the functions required under the PGPA Rule, and states that the audit committee will meet at least four times each year. The audit committee met: five times in 2019–2020; and five times in 2020–21.21

2.16 The Audit Committee Charter indicates that the committee will review and provide advice on the appropriateness of the DTA’s: risk management framework; articulation of key roles and responsibilities relating to risk management; and approach to managing the entity’s key risks, including those associated with projects and program implementation.

2.17 In August 2019, the audit committee reviewed a one-page report on the DTA’s governance, risk and controls, which noted that the following items were ‘in place’ but not yet ‘mature’: first line monitoring and controls; business planning; staff training; control framework; Risk Policy and Framework; and Enterprise Risk Management Plan.

2.18 The June 2021 audit committee papers included a template for branch-level business plans, which included a section on risk. In June 2022, the DTA provided the ANAO with drafts of branch-level business plans that included risks, but as at June 2022, none of the plans for the 2021–22 financial year had been finalised or approved.

2.19 In November 2021, the DTA’s CEO presented his first executive briefing to the audit committee. He discussed risks facing the DTA, such as high staff turnover22, and stated that the DTA needed to revise its strategic risk assessment and corporate planning.

2.20 At the March 2022 audit committee meeting, there was an agenda item on ‘Risk Management’ and the committee was provided with a copy of the 2018 Risk Management Policy23 and a draft strategic risk assessment (with a note that it was under review by the Executive Board). There was no evidence in the Audit Committee papers that the Audit Committee considered or provided advice on risks relating to the procurement of ICT-related services during the period examined by this audit.

Risk management

2.21 Accountable authorities are required under section 16 of the PGPA Act to establish and maintain an appropriate system of risk oversight and management for the entity.

2.22 In 2018 the DTA engaged KPMG Australia to develop a risk management policy, risk management process and enterprise risk report. In 2021–22, the risk management policy and enterprise risk report documents were no longer in use. Elements of the risk management process were still in use.

2.23 As noted at paragraph 2.17, the DTA assessed the status of its governance, risk and controls in 2019 and rated the following items as ‘in place’ but not yet mature:

  • Risk Policy and Framework — ‘Developed. Work is required to embed this in product teams’; and
  • Enterprise Risk Management Plan — ‘Enterprise risk assessment is complete. Executive Board have asked for this to be included as a standard item’.24

2.24 In its 2019–20 and 2020–21 annual reports, the DTA stated:

We take a risk-based approach to treating sources of risk that may negatively affect our ability to deliver DTA priorities, while remaining open to positive risks and opportunities that support our objectives. Many of our delivery approaches, such as agile and iterative development, help to contain risk and respond quickly to changes in the surrounding environment or to feedback.

2.25 The DTA’s 2021–22 Corporate Plan (published in August 2021) identified five strategic risks — that the DTA would be unable to: provide advice, insights and assurance on whole-of-government digital and ICT investments; lead whole-of-government strategies and policies to drive the government’s agenda; deliver on its funded priorities; enlist the support of its stakeholders to achieve shared outcomes; or attract, retain and develop its people.

2.26 The DTA’s 2021–22 Corporate Plan describes the DTA’s system of risk oversight and management as follows:

We manage risk in line with our Enterprise Risk Framework, the AS/NZS 31000:2018 Risk management – Guidelines, as well as the Commonwealth Risk Management Guidelines. We have efficient and effective controls in place to anticipate and manage risk and drive organisational performance. We actively manage risks continually across our organisation with oversight provided at our Executive Board meetings. We encourage staff to engage with risk appropriately.

2.27 The DTA defines its risk management framework as ‘all policies, procedures and governance structures directly or indirectly guiding our behaviour and actions when managing risk’.

2.28 The DTA had the following risk policies and guidance in place and accessible to staff on the DTA intranet:

  • ‘Managing risk’ — an intranet page on identifying, reporting and escalating risk;
  • ‘Risk management process’ — an intranet page about the process; and
  • a template for a risk and control register, with a risk matrix and guidance on ‘how to conduct a risk assessment’ and ‘how to approach the risk register’.

2.29 Although the DTA has established guidance on risk management, this guidance is not being applied systemically. The DTA had prepared risk assessments for only two of the nine procurements examined for this audit, and neither risk assessment was consistent with DTA guidance on how to assess and rate risks.

2.30 In 2021–22, no enterprise risk plan or framework was available to staff on the DTA intranet. In March 2022, the DTA advised the ANAO that it did not currently have central or business level risk registers. In June 2022, the DTA provided the ANAO with a copy of a risk register that it stated had been in use in 2019. All of the risks listed had due dates in 2019 and there was no evidence that the register had been updated since that time. Having a central risk register or registers by division or branch that are accessible to staff would enable the DTA to better manage, and assign responsibility for, key risks.

Recommendation no.1

2.31 The Digital Transformation Agency implement a system of risk management that ensures procurement risks are being monitored, managed and escalated appropriately.

Digital Transformation Agency response: Agreed.

Fraud management

2.32 Section 10 of the PGPA Rule states that an accountable authority must take all reasonable measures to prevent, detect and deal with fraud relating to the entity, including by:

  • conducting fraud risk assessments regularly and when there is a substantial change in the structure, functions or activities of the entity;
  • developing and implementing a fraud control plan that deals with identified risks as soon as practicable after conducting a risk assessment;
  • having an appropriate mechanism for preventing fraud, including by ensuring that officials of the entity are made aware of what constitutes fraud, and the risk of fraud is taken into account in planning and conducting the activities of the entity; and
  • having an appropriate mechanism for detecting incidents of fraud or suspected fraud, investigating or otherwise dealing with incidents of fraud or suspected fraud, and recording and reporting incidents of fraud or suspected fraud.

2.33 In its annual reports for 2019–20 and 2020–21, the DTA’s CEO certified that:

in accordance with sections 10 and 17AG of the PGPA Rule, the Digital Transformation Agency has prepared a fraud risk assessment and a fraud control plan, and has in place appropriate fraud prevention, detection, investigation and reporting mechanisms and has taken all reasonable measures to appropriately deal with fraud related to our agency.

2.34 The DTA has a section on fraud control in its Accountable Authority Instructions and has established a Fraud and Corruption Control Plan. The plan outlines the DTA’s approach to fraud control, which includes (but is not limited to):

  • maintaining an effective system of internal controls to protect public money, information and property;
  • ensuring all DTA officials are aware of their obligations in relation to fraud through fraud awareness training;
  • conducting periodic fraud risk assessment reviews;
  • establishing formal procedures for reporting and investigating allegations of dishonest and/or fraudulent behaviour; and
  • investigating fraud in accordance with the Australian Government Investigations Standards.

2.35 The plan includes an assessment of key risks related to assets, decisions, finance processes, and human resources, such as that:

  • invoices are inappropriately paid to the wrong accounts or in the wrong amounts;
  • purchases are made without appropriate approval, probity and purpose;
  • contracts are awarded inappropriately or not managed according to requirements; and
  • DTA employees use their position and trusted access to commit fraud.

2.36 The Fraud and Corruption Control Plan assigns responsibility for fraud control and outlines key fraud control strategies and mechanisms for reporting and investigating fraud. The plan also states that: ‘The DTA is committed to the investigation of all reports and suspicions of fraudulent activity’.

2.37 The DTA reported ‘no instances of fraud were identified during the year’ in its annual reports for 2019–20 and 2020–21.

2.38 There was an incident of potential fraud in 2020–21, which was examined after probity concerns were raised. The examination was conducted by McGrathNicol — the firm contracted to manage the DTA’s internal audit program.

2.39 As mentioned at paragraph 2.34, the DTA Fraud and Corruption Control Plan states that the DTA’s approach to fraud control includes investigating potential fraud in accordance with the Australian Government Investigations Standards. This was not done in this instance. The McGrathNicol report does not mention the Australian Government Investigations Standards and notes that it was an ‘initial assessment’ and not a fraud investigation. The report includes the disclaimer:

This report has been prepared in accordance with the scope agreed with the DTA as set out in our engagement letter dated 10 June 2021.25 […] We have not carried out a statutory audit and accordingly, an audit opinion has not been provided. The scope of our work is different from a statutory audit and it cannot be relied upon to provide the same level of assurance as a statutory audit. Our conclusions are based solely on the information provided to us by the DTA, and we have not sought to verify any of this information.

2.40 The examination found: ‘based on available information, there is insufficient evidence to substantiate an act of fraud or corruption’; but ‘the evidence does substantiate […] a potential breach of probity guidelines, in particular the perception […] that the procurement process was not open, fair or transparent’. This incident is discussed further in Case Study 1.

Case study 1. Procurement for MyGov and Digital Identity Charging Framework

In January 2021, a DTA senior executive met with a senior executive at ConceptSix, a consulting firm, to discuss a potential tender for a project related to the Digital Identity Charging Framework for myGov. In February 2021, the ConceptSix senior executive was engaged as a contractor following an approach to ConceptSix on the Digital Marketplace. ConceptSix was to provide strategic advice on the development of a Digital Identity Charging Framework, and to oversee a team of contractors from an external provider until 30 June 2021 (with an extension option of up to six months).

On 4 May 2021, the DTA published additional opportunities on the Digital Marketplace to hire six new contractors for the same project. These labour hire procurements involved an approach to four suppliers, which included ConceptSix. The opportunities were on the Digital Marketplace for three days, and there is evidence that ConceptSix had knowledge of the procurements before the opportunities were published.

In total, 20 applications were received for the six positions, with four suppliers submitting candidates.

One of the two members of the evaluation panel had worked previously with two of the successful ConceptSix candidates. However, neither panel member completed an activity-specific declaration of interest form, and there is no record of the potential probity issue of the panel member’s prior relationship with the ConceptSix candidates (as required by the DTA probity guidelines). Both Senior Executive Service (SES) officers involved in the procurement had completed the DTA’s standard SES declaration of interest form for the relevant period, but neither had completed an activity-specific declaration.

Of the six successful candidates, five were from ConceptSix (the sixth candidate was from a different supplier and was contracted separately). When the contract with ConceptSix was drawn up, it included the five successful candidates from ConceptSix along with the ConceptSix senior executive who had been engaged in February 2021. The ConceptSix senior executive stopped charging under his original contract in mid-June 2021 and started charging under the new ConceptSix contract from 14 June 2021, with no rate change. The contract with ConceptSix was for six months from 7 June 2021, with an option to extend by one further period of up to six months.

On 10 June 2021, following concerns raised by the DTA procurement team over conflicts of interest and the above-market rates being paid, the DTA engaged McGrathNicol to examine whether there had been collusion or other activity related to the procurement that would constitute an act of fraud or corruption as defined by the Commonwealth Fraud Control Framework.

On 8 July 2021, McGrathNicol provided the final report to DTA. The conclusions of the report were based solely on information provided by the DTA; no interviews were conducted. The examination found: ‘based on available information, there is insufficient evidence to substantiate an act of fraud or corruption’; but ‘the evidence does substantiate […] a potential breach of probity guidelines, in particular the perception […] that the procurement process was not open, fair or transparent’. Further, it found the perception of a probity issue was exacerbated by the remuneration paid to the successful candidates, which was in excess of standard rates, and by the short time the opportunity was on the market (three days). The report recommended the DTA use a professional shortlisting service whenever an actual conflict could occur. The report also recommended that:

DTA should consider whether further investigation should be conducted into whether there has been a breach of the DTA Probity Guideline. Further investigation would require interviews to be conducted with relevant DTA staff and [the supplier’s] contractors.

On 2 August 2021, a senior DTA official emailed the acting DTA CEO to inform him of the report findings and suggest that the acting CEO consider: terminating the provider’s contract; providing training or performance management for the staff involved; and providing further direction to business areas to change practices in the future, with a note that ‘we recently held a discussion of a similar nature […] in relation to a different matter’.

On 11 August 2021, the acting CEO forwarded the report to another DTA senior official with the note ‘please read and lets [sic] discuss’. On 30 August, the senior official responded ‘Just closing this out from our discussion a few weeks back. We agreed that it would be beneficial to provide some procurement refresh training. If you’re still agreeable, we’ll proceed on that basis.’ The acting CEO responded the same day, stating ‘Agreed. Additionally the senior execs involved need to be made aware of the perception that this issue can create.’ Further correspondence indicates that the acting CEO and senior official had ‘discussed the outcomes of the report and […] agreed that there is a need to provide refresher training to the officials involved (and the broader division) regarding probity protocols, and procurement’ and that the senior official had spoken with the senior official involved in the procurement.

In April 2022, the DTA advised the ANAO on what actions the DTA had undertaken since the finalisation of the report, stating that the DTA had ‘engaged a third-party training provider to provide Probity and Fraud training to all of the SES in the agency’.

The DTA did not take appropriate action following this report:

  • an investigation into the breach of the DTA Probity Guideline has not been conducted — as recommended by the McGrathNicol report;
  • the officials involved in the procurement were not informed of the examination or its findings;
  • relevant officials were not provided additional training or performance management;
  • despite a potential probity breach being found, the contract was not terminated; and
  • the contract was varied twice after the examination was completed (once in October 2021, to extend the contract end date to June 2022; and again in March 2022, to increase the value of the contract by $278,300 for a total contract value of $2,281,076) and the report and the potential probity breach were not mentioned in advice to the delegate to seek spending approval for the variations.
Fraud incident register

2.41 The Fraud and Corruption Control Plan states that:

the Fraud Control Officer will maintain a Fraud Incident Register. The Fraud Incident Register records a summary of reported fraud incidents, regardless of their outcome, and is used as a basis for providing quarterly reports to the Audit Committee.

2.42 There is no evidence that the DTA maintains a fraud incident register, but there is evidence of reporting on fraud to the audit committee. The June 2021 audit committee papers mention that there had been an instance of possible fraud (the instance discussed in Case Study 1) and that an investigation was underway. The September 2021 audit committee papers included an annual fraud control minute with the statement:

There was one instance of potential fraud reported in 2020–21. The instance was related to procurement and was identified by the central procurement team in Corporate Branch. A preliminary investigation by McGrathNicol determined that there was no evidence of fraud, and a report was prepared for the CEO.

Fraud awareness and procurement training

2.43 The PGPA Rule requires that entities have ‘an appropriate mechanism for preventing fraud, including by ensuring that: officials of the entity are made aware of what constitutes fraud’. One way to help ensure that staff are aware of what constitutes fraud, and how to prevent and deal with it, is for staff to complete fraud awareness training.

2.44 The DTA has voluntary fraud awareness training and mandatory procurement and finance training, but there have been low levels of completion. In 2020–21, from a total of approximately 350 personnel (250 DTA officials and 100 contractors):

  • 95 people (27 per cent) had completed fraud awareness training; and
  • 66 people (19 per cent) had completed mandatory procurement and finance training.

Recommendation no.2

2.45 The Digital Transformation Agency:

  1. implement a strategy to ensure all officials complete its fraud awareness and mandatory procurement and finance training; and
  2. strengthen its processes to ensure that potential fraud and probity breaches are investigated in accordance with its policies and that appropriate follow-up action is taken.

Digital Transformation Agency response: Agreed.

Internal audit and assurance activities

2.46 The DTA completed 11 internal audits between 2019 and 2021. The DTA tracks audit recommendations and reports on these to the audit committee. The 2021–22 Internal Audit Program identified two breaches of the PGPA Act where instances of expenditure exceeded the approved section 23(3) purchase order. They were for labour hire, under $5,000 and considered low risk. It also identified 112 instances where contracts and variations were reported late to AusTender, in breach of paragraph 7.18 of the CPRs.

2.47 The DTA conducted an internal audit on procurement in August 2019, which found that:

Although the DTA has developed a sound foundation for its procurement framework, this framework requires significant enhancement before it will provide adequate assurance that all DTA procurements are conducted in compliance with the CPRs and the Commonwealth Procurement Framework more broadly. Specifically, the internal audit found that:

  • the DTA procurement framework is heavily reliant on the expertise of the DTA’s Procurement Team resulting in a business continuity risk; [… and]
  • the DTA could improve its probity controls in place to provide increased assurance that its complex or high-risk procurements are conducted in a manner that is fair, equitable and defensible.

2.48 The internal audit made recommendations related to: improving procurement guidance and training; documenting key elements of procurements (such as risk assessments, evaluations and interest declarations); and demonstrating compliance with the CPRs. The audit committee closed out these recommendations in November 2019. However, as discussed throughout this report, the ANAO found that there are ongoing issues related to these recommendations, such as poor documentation, not completing risk assessments and conflict of interest declarations, and not demonstrating compliance with the CPRs.

Has the DTA effectively managed probity for procurements, including identifying and managing conflicts of interest?

For procurements examined by the ANAO, the DTA has not followed its internal probity guidelines, including requirements for declaring activity-specific conflicts of interest. The DTA’s policies and practices regarding receiving gifts and benefits did not meet whole-of-government requirements.

2.49 Probity is the evidence of ethical behaviour, and can be defined as complete and confirmed integrity, uprightness and honesty in a particular process.26 It provides a level of assurance to delegates, suppliers and the Australian Government that a procurement was conducted in a manner that is fair, equitable and defensible.27 The CPRs state that officials undertaking a procurement must act ethically throughout the procurement, which includes recognising and dealing with actual, potential and perceived conflicts of interest.28

Probity guideline and probity advisors

2.50 The DTA has established a DTA Probity Guideline, which was approved by its Chief Finance Officer in July 2020. It outlines probity principles, such as: fairness and impartiality; consistency and transparency of process; security and confidentiality; identification and resolution of actual or perceived conflicts of interest; compliance with legislative obligations and government policies as they apply to competitive tendering and contracting; and accountability.

2.51 The DTA Probity Guideline outlines that: ‘all DTA Officers and DTA Affiliates29 participating in a procurement will be required to agree to, and satisfy the principles and protocols set out in this Probity Guideline before undertaking any procurement-related activities’. This involves completing and signing a ‘Declaration of Acknowledgement and Agreement to the DTA Probity Guideline’. No officials signed declarations related to probity for any of the nine procurements examined in this audit.

2.52 The DTA Probity Guideline mentions the use of procurement and evaluation plans, but it does not mention probity plans. None of the nine procurements examined by the ANAO had a probity plan.

2.53 The guideline indicates that ‘the requirement for a probity advisor is dependent on the risk and value of a procurement. An advisor is required where the procurement risk is significant or high, or the procurement is high in value.’

2.54 Higher value procurements did not have a probity advisor, and the DTA did not make risk-based decisions on whether to appoint a probity advisor. As the DTA did not assess the risk for seven of the procurements examined, the ANAO could not assess whether these procurements should have had a probity advisor according to DTA policy. The Record Management Software procurement, which was the only procurement in the ANAO sample that had a probity advisor, had been assessed for risk, but it was assessed as low risk. There was no evidence of any advice given by the probity advisor for the Record Management Software procurement, and the evaluation report for the procurement stated: ‘There were no deviations from the approved procurement plan or [evaluation plan] during the course of the [request for tender] process’.

2.55 There was one instance in 2020–21 where the DTA commissioned an examination into potential fraud after probity concerns were raised for the myGov and Digital Identify Charging Framework procurement. As discussed in Case Study 1, the DTA did not follow through on the report’s recommendation to conduct an investigation into the potential breach of the DTA Probity Guideline. Further, no remedial actions were taken in relation to the contract, and the contract was varied twice after the fraud examination was completed, without the approving delegate being informed of the potential probity breach.

Opportunity for improvement

2.56 There is an opportunity for improvement for the Digital Transformation Agency to update the DTA Probity Guideline to provide guidance to staff on how contracts with identified probity issues should be managed.

Conflicts of Interest

2.57 Effective management of conflicts of interest should be a central component of an entity’s integrity framework. Poor practice, or the perception of poor practice, in the management of conflicts of interest undermines trust and confidence in an entity’s activities. The Australian Public Service (APS) Code of Conduct, which is set out in section 13 of the Public Service Act 1999, requires that APS employees take reasonable steps to avoid any real or apparent conflict of interest. Where conflicts cannot be avoided, the APS Code of Conduct, PGPA Act, and PGPA Rule require that employees must disclose details of any material personal interest. Finance guidance on ethics and probity in procurement states that:

Persons involved in the tender process, including contractors […] should make a written declaration of any actual, potential or perceived conflicts of interests prior to taking part in the process. These persons should also have an ongoing obligation to disclose any conflicts that arise through until the completion of the tender process.30

2.58 The CPRs state officials undertaking procurement must recognise and deal with actual, potential and perceived conflicts of interest.

Activity-specific interest declarations

2.59 According to the Australian Public Service Commission (APSC) guide APS Values and Code of Conduct in Practice, entities may choose to require written declarations of interest of employees at particular risk of conflict of interest, such as those involved in procurement.

2.60 The DTA Accountable Authority Instructions state that all DTA officials ‘must disclose material personal interests in line with Commonwealth and DTA policy and operational guidelines’. The DTA Probity Guideline states that:

Any DTA Officers and DTA Affiliates with an actual, potential or perceived conflict of interest should declare that interest as soon as that conflict is known [and]

DTA Officers and DTA Affiliates must ensure their conduct does not give rise to a perception that would allow for the erosion of industry and community confidence in the way in which DTA conducts Procurement. Where DTA Officers and DTA Affiliates are concerned that a perceived or real conflict may exist, they should document all details immediately and raise the matter with the Responsible Person.

2.61 The DTA Probity Guideline further states that all DTA officers and contractors (‘DTA Affiliates’) involved in an open tender procurement must complete and sign a declaration of interests and disclosure statement (the guideline does not discuss limited tender procurements). The declaration template is provided as an appendix to the guideline — with one for APS employees and one for contractors. The DTA’s Declaration of Interest Policy also outlines that ‘procurement employees must complete the Declaration of Interest form’.

2.62 Of the nine procurements examined by the ANAO:

  • for eight procurements, there was no evidence of activity-specific declarations being completed by any of the officials or contractors involved in the procurement; and
  • for the Record Management Software procurement, a declaration of interest form had been completed for one of the five members of the evaluation panel, which included the statement that the official did not have any actual or perceived conflict of interest.

2.63 The ANAO spoke with the DTA procurement team and with the DTA officials involved in all of the examined procurements. The officials indicated that completing activity-based declarations of interest has not been part of general business practice at the DTA.

Senior Executive Service interest declarations

2.64 According to the APSC guide APS Values and Code of Conduct in Practice, ‘Agency heads and Senior Executive Service (SES) employees are subject to a specific regime that requires them to submit, at least annually, a written declaration of their own and their immediate family’s financial and other material personal interests’.

2.65 The DTA’s Declaration of Interest Policy states that ‘senior executives must complete the Declaration of Interest form on engagement. Forms are to be revised whenever personal circumstances change’.

2.66 Records of general interest declarations were maintained for all the senior executives involved in the nine procurements examined. However, there were three instances where a declaration for a particular year was not on file, with the DTA explaining for these instances:

  • for a 2019 declaration — ‘this may be due to the fact that [the SES officer’s] SES acting had recently commenced, and acting arrangements are expected to be temporary’;
  • for a 2019 declaration — ‘the missing form may not have been shared with HR’; and
  • for a 2021 declaration — ‘there is no record of a declaration of interest for [this SES officer] for 2021. […] the missing form may not have been shared with HR’.

2.67 The DTA Accountable Authority Instructions state that the Human Resources Director ‘must maintain a register of all material personal interests that relates to the affairs of the DTA in accordance with these instructions’. In April 2022, the DTA advised the ANAO that it does not maintain a register of declared personal interests. In June 2022, the DTA provided the ANAO with a declaration of interest register that included details on 15 SES declarations made in the first quarter of 2021–22. The DTA provided no evidence that a declaration of interest register had been in place in 2019–20 or 2020–21.

Recommendation no.3

2.68 The Digital Transformation Agency:

  1. establish an internal control to ensure that officials directly involved in procurements make activity-specific declarations of interest; and
  2. maintain a register of declared interests.

Digital Transformation Agency response: Agreed.

Receiving gifts and benefits

2.69 The CPRs state that procurement officials must act ethically throughout a procurement, including ‘by not accepting inappropriate gifts or hospitality’ (paragraph 6.6). Finance guidance states that: ‘officials must not accept hospitality, gifts or benefits from any potential suppliers’.31 The APS Code of Conduct states that: ‘An APS employee must not improperly use inside information or the employee’s duties, status, power or authority: to gain, or seek to gain, a benefit or an advantage for the employee or any other person’.32

2.70 The DTA established a policy for receiving gifts and benefits in June 2021. According to this policy, all gifts received that exceed $200 and all ‘consequential gifts’ received must be recorded on the gift register and published on the DTA’s website.33 The DTA policy states that before accepting a gift, DTA employees must consider (among other things) ‘any perceived conflict of interest and public perception of receiving the gift’ and ‘the relationship the DTA has with the person, company or organisation offering the gift, for example, if there is a contractual relationship’.

2.71 The DTA’s 2021 gift and benefit policy did not fully align with APSC guidance (which came into effect in 2019), with the DTA guidance requiring gifts over $200 to be reported and the APSC guidance requiring gifts over $100 to be reported. The DTA advised the ANAO in June 2022 that it had updated its policy to align with the APSC guidance in response to the ANAO’s findings.

2.72 The DTA has established a gifts and benefits register. There were nine entries on the register for 2019–20; five entries for inconsequential gifts under $50 for 2020–21; and one entry for an inconsequential gift for 2021–22.

2.73 One of the entries for 2019–20 was a gift from a supplier to a DTA senior official for a $200 ticket to an Institute of Public Administration Australia event in November 2019. The register entry gives the following reason for the gift: ‘tickets were sold out and [the supplier] offered a seat at their table’. The DTA reported 14 contracts awarded to this supplier in 2019–20 and 2020–21, with a total value of $4.5 million. One of these contracts was awarded (directly, without competition) after the SES-level gift recipient suggested this supplier for a particular set of work in March 2020. Accepting a gift or hospitality from a potential or current supplier does not align with Finance guidance or the DTA’s gifts and benefits policy.34 Further, the senior official’s accepting of a gift from a supplier could have been perceived as a conflict of interest, particularly as the official was in a position to make procurement decisions that involved this supplier.

Opportunity for improvement

2.74 There is an opportunity for improvement for the Digital Transformation Agency to provide training for senior executives on how to identify and avoid actual or perceived conflicts of interest.

2.75 In 2019, the APSC issued guidance on gifts and benefits, including that agency heads must:

  • publish a register of gifts and benefits they accept that are valued at over $100 on their departmental or agency website on a quarterly basis;
  • provide a link to the agency head gifts and benefits register to the APSC for publication on the APSC’s website;
  • collect and store the relevant information, and manage their register, in accordance with their agency’s procedures;
  • update the register within 31 days of receiving a gift or benefit; and
  • publish a ‘nil’ declaration on the gifts and benefits register where agency heads have not accepted any gifts during the reporting period.

2.76 As at 11 May 2022, no gifts and benefits register had been published to the DTA website, and there was no link to a DTA gifts and benefits register on the APSC website. In response to this finding, in June 2022, the DTA published a gifts and benefits register to its website for the first three quarters of 2021–22.35

2.77 The DTA had not recorded a declaration (nil or otherwise) for the position of CEO on the DTA gifts and benefits register for the past three financial years, and the DTA had not published any record of whether or not the CEO had received gifts and benefits over the past three financial years on the DTA website.

Opportunity for improvement

2.78 There is an opportunity for improvement for the Digital Transformation Agency to:

  1. report on a quarterly basis a register of gifts and benefits received by its CEO; and
  2. publish a ‘nil’ declaration on the gifts and benefits register where the CEO has not accepted any gifts during the reporting period.

3. Procurement activity

Areas examined

This chapter examines whether the Digital Transformation Agency (DTA) has conducted procurements effectively, including an assessment of compliance with the Commonwealth Procurement Rules (CPRs).

Conclusion

For the nine ICT-related procurements examined by the ANAO, the DTA did not conduct the procurements effectively and its approach fell short of ethical requirements.36 None of these procurements fully complied with the CPRs. The DTA did not conduct approach to market or tender evaluation processes effectively, and it did not consistently provide sound advice to decision-makers. The DTA’s frequent direct sourcing of suppliers using panel arrangements does not support the intent of the CPRs including the achievement of value for money.

Areas for improvement

The ANAO made three recommendations to the DTA aimed at improving its approach to market, tender evaluation and advice to decision-maker processes, including better aligning them with the CPRs.

The ANAO made one recommendation to the Australian Government aimed at providing greater transparency in reporting on contracts awarded by an approach to a single supplier on a standing offer, such as a panel.

The ANAO also identified one opportunity for improvement related to ensuring the DTA is not paying higher than market rates for contracts through the Digital Marketplace.

3.1 This chapter examines whether the DTA has conducted procurements effectively, including an assessment of compliance with the CPRs.37 Conducting procurements effectively includes: undertaking appropriate planning; assessing and managing procurement risks; undertaking an approach to market that is fair and transparent and promotes competition and value for money outcomes; evaluating tenders based on established evaluation criteria; treating tenderers equitably; and providing sound and complete advice to decision-makers.

Has the DTA conducted approach to market processes effectively and in compliance with the CPRs?

The DTA did not conduct approach to market processes effectively for procurements examined by the ANAO. Procurements did not comply with CPR requirements to: estimate the value of the procurement prior to determining the procurement approach; assess risks to the procurement; and maintain appropriate records of the approach to market. Further, the DTA’s frequent direct sourcing of suppliers using panel arrangements such as the Digital Marketplace does not support the intent of the CPRs.

Procurement planning and approach to market considerations

3.2 The ANAO found examples of poor planning documentation and non-compliance with the CPRs in relation to the DTA’s approach to market processes, as illustrated in Table 3.1. Only two of the nine procurements examined (GovDesk Development and Record Management Software) met or partly met all assessed components of an appropriate approach to market.

Table 3.1: Assessment of planning and approach to market considerations

A table that lists nine approaches to market, with an assessment of five different aspects of their implementation.

Note a: This includes records on planning, such as the requirement for the procurement, the procurement process, how value for money was considered, an estimate of value of procurement, and a risk assessment.

Note b: Procurement relates to the Australian Government’s response to the COVID-19 pandemic.

Source: ANAO analysis of DTA information.

Procurement planning

3.3 Adequate planning assists in achieving the efficient, effective, ethical and economical procurement practices required under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the CPRs. There was no planning documentation for four of the nine procurements examined, and only two of the procurements had a procurement plan (see Table 3.1). Of the four procurements that had no planning documentation, one related to the COVID-19 pandemic response.

Value for money consideration

3.4 As discussed at paragraph 1.3, achieving value for money is the core rule of the CPRs. Approaching multiple suppliers generates competitive tension, helps drive value for money, enables greater transparency and fairness, and is consistent with the intent of the CPRs.

3.5 Value for money was mentioned in procurement planning documentation for only one of the procurements examined (GovDesk Development) (see Table 3.1). This plan noted that the evaluation team would consider the value for money proposition for each quote taking into consideration technical scores, pricing and overall risk. The procurement for record management software included a detailed consideration of value for money in its later evaluation plan, which is discussed at paragraph 3.55.

Estimation of expected value of procurements

3.6 The CPRs state at paragraph 9.2 that: ‘the expected value of a procurement must be estimated before a decision on the procurement method is made’.38 The CPRs also state, at paragraph 9.3:

the maximum value of the goods and services being procured must include: a. all forms of remuneration, including any premiums, fees, commissions, interest, allowances and other revenue streams that may be provided for in the proposed contract; b. the value of the goods and services being procured, including the value of any options in the proposed contract; and c. any taxes or charges.

The intent of this requirement is to ensure that entities have taken the estimated value and relevant thresholds into account and have established that the chosen procurement method is allowable under the CPRs.

3.7 For five of the nine procurements examined, the DTA did not estimate the maximum value of procurements before a decision was made on the procurement method (of the five, two related to the COVID-19 pandemic response). For the four procurements that included an estimate on the maximum value, only one procurement (Record Management Software) included records to show that this estimation included all of the elements required by the CPRs (see Table 3.1).

Risk assessment

3.8 The CPRs define risk management as: ‘the activities and actions taken by a relevant entity to ensure that it is mindful of the risks it faces, that it makes informed decisions in managing these risks, and identifies and harnesses potential opportunities’.39 Paragraph 4.4 of the CPRs states that ‘Officials responsible for a procurement must be satisfied, after reasonable enquiries, that the procurement achieves a value for money outcome’ and the procurement should ‘encourage appropriate engagement with risk’. Paragraph 8.2 states that:

Relevant entities must establish processes to identify, analyse, allocate and treat risk when conducting a procurement. The effort directed to risk assessment and management should be commensurate with the scale, scope and risk of the procurement. Relevant entities should consider risks and their potential impact when making decisions relating to value for money assessments, approvals of proposals to spend relevant money and the terms of the contract.40

3.9 For seven of the nine procurements examined, the DTA had not undertaken a risk assessment (see Table 3.1). This included three procurements related to the COVID-19 pandemic response. Neither of the two risk assessments that had been completed was consistent with DTA guidance on how to assess and rate risk.

3.10 DTA guidance provides a risk matrix with five potential risk ratings: low, minor, moderate, high and very high. DTA guidance describes the risk escalation process as:

  • we treat minor risks and document them in the risk register;
  • escalate moderate risks to your product manager and monitor them quarterly;
  • escalate high risks to your SES Band 1 and report them to the Executive Board;
  • escalate very high risks to the Executive Board.

3.11 The risk assessment for the GovDesk Development procurement included a risk matrix with four (rather than five) potential risk ratings: low, medium-low, medium-high and high. The risk matrix noted ‘medium-high and high risks are to be escalated’. The procurement risk ratings of ‘medium-high’ and ‘high’ partly aligned to the DTA official risk ratings of ‘high’ and ‘very high’, respectively. Further, one of the four risks on the register was rated as ‘medium-low’ when, according to the matrix, the selected likelihood and consequence should have resulted in a rating of ‘medium-high’. If the risk had been rated in alignment with the risk matrix, this risk should have been escalated to the Executive Board, but it was not.

Recordkeeping

3.12 In relation to recordkeeping, the CPRs state at paragraphs 7.2–7.5:

7.2 Officials must maintain for each procurement a level of documentation commensurate with the scale, scope and risk of the procurement.

7.3 Documentation should provide accurate and concise information on: a. the requirement for the procurement; b. the process that was followed; c. how value for money was considered and achieved; d. relevant approvals; and e. relevant decisions and the basis of those decisions.

7.4 Relevant entities must have access to evidence of agreements with suppliers […].

7.5 Documentation must be retained in accordance with the Archives Act 1983.

3.13 The DTA did not maintain appropriate records of the approach to market for seven of the procurements examined (see Table 3.1). For two of the procurements (GovDesk Development and Record Management Software), the DTA had maintained most of the key records (see Table 3.1).

Compliance with requirements for limited and open tender procurements

Limited Tender procurement

3.14 The CPRs define limited tender procurement as an entity ‘approaching one or more potential suppliers to make submissions, when the process does not meet the rules for open tender’.41 The CPRs state at paragraph 9.10:

For procurements at or above the relevant procurement threshold,42 limited tender can only be conducted in accordance with paragraph 10.3, or when a procurement is exempt as detailed in Appendix A.43

3.15 Paragraph 9.11 further states: ‘When conducting a limited tender in accordance with paragraph 9.10, the relevant exemption or limited tender condition must be reported on AusTender’.44

3.16 In 2019–20 and 2020–21, the DTA conducted 37 limited tender procurements at a value of about $19.1 million. Of this, about $14.8 million was categorised on AusTender as for ‘software’. The ANAO examined one limited tender procurement that related to the procurement of workflow ticketing software. For this procurement, the DTA approached only one supplier. The DTA reported on AusTender that it had conducted this limited tender under the exemption outlined at paragraph 10.3.e of the CPRs:

e. for additional deliveries of goods and services by the original supplier or authorised representative that are intended either as replacement parts, extensions, or continuing services for existing equipment, software, services, or installations, when a change of supplier would compel the relevant entity to procure goods and services that do not meet requirements for compatibility with existing equipment or services.

3.17 Further detail on this procurement is provided in Case Study 2.

Case study 2. Limited Tender Procurement — Workflow Ticketing Software

In 2018, the DTA investigated implementing a ticketing system for managing support requests and identified that some business areas within the DTA had independently engaged and been using Zendesk software since 2015. The DTA sought to amalgamate these engagements into a single contract with Zendesk. The DTA engaged Zendesk directly and reported the procurement on AusTender as a limited tender under paragraph 10.3.e of the CPRs for ‘continuing services for existing […] software’. In response to ANAO requests for evidence, the DTA advised that it had ‘searched and trialled a number of tools for support ticketing system’ and that ‘Zendesk was customised to meet DTA’s specific needs’. The DTA advised that a comparison was done between Zendesk and another provider. However, documentation for the procurement retained by the DTA was limited to the 2018 spending approval and subsequent annual renewals.

This procurement was poorly documented. The DTA did not have procurement planning documents, a procurement risk assessment, approach to market documents, a tender evaluation plan, tender evaluation report, conflict of interest declarations or contract management documents (see Table 3.1).

3.18 For contracts awarded through limited tender, the CPRs also require:

In accordance with the general rules for accountability set out in these CPRs, for each contract awarded through limited tender, an official must prepare and appropriately file within the relevant entity’s records management system a written report that includes: a. the value and type of goods and services procured; b. a statement indicating the circumstances and conditions that justified the use of limited tender; and c. a record demonstrating how the procurement represented value for money in the circumstances.45

3.19 For the procurement of Zendesk software, the DTA had not prepared a written report or a statement indicating the circumstances and conditions that justified the use of limited tender or that demonstrated how the procurement represented value for money in the circumstances.

Open Tender procurement

3.20 During 2019–20 and 2020–21, the DTA reported 15 non-panel open tender procurements at a value of about $7 million. The ANAO examined one open tender procurement that related to the procurement of record management software. This procurement involved an open approach to market, was on the market for 27 days and resulted in 23 responses. The DTA issued four addenda on AusTender during the approach to market. No late quotes were received. Most of the key approach documentation had been retained, including a procurement plan, request documentation and a risk assessment (see Table 3.1).

3.21 Open Tender procurements are subject to the rules in Division 2 of the CPRs. Key requirements, and DTA compliance with these requirements, are outlined in Table 3.2.

Table 3.2: Compliance with Division 2 requirements of the CPRs for the Record Management Software procurement

A table that lists four topics and assesses if they complied with key CPR requirements for open tender procurements.

Note a: The request documentation included information on the evaluation process and stated: ‘In the first stage, all complying responses will be evaluated according to merit against the evaluation criteria listed in clause A.B.5 of the Commonwealth Approach to Market (ATM) Terms provided with this ATM document’. The request document did not include the procurement-specific evaluation criteria that were used to evaluate the tenders.

Note b: The ANAO saw no evidence to indicate that any suppliers had been treated unfairly or in a discriminatory manner.

Source: ANAO analysis of DTA information.

Panel procurements

Digital Marketplace procurements

3.22 The establishment of the Digital Marketplace panel was an initiative under the Australian Government’s 2015 National Innovation and Science Agenda.46 The DTAwas given responsibility for creating a new online marketplace of digital and ICT services. The Digital Marketplace opened in August 2016. The objectives of the Digital Marketplace were increasing participation of small to medium enterprises (SMEs) and start-ups by breaking down barriers to entry,47 making it easier for these businesses to compete for government contracts and encouraging innovation across government.

3.23 The DTA reported for 2016–17 that: there were 485 digital sellers on the marketplace; 190 opportunities had been posted; and, of the contracts reported to AusTender, 82 per cent had been awarded to SMEs. For 2020–21, the DTA reported that 60 per cent of Digital Marketplace opportunities had been awarded to SMEs, with the six SMEs receiving the highest number of contracts being employment agencies or recruitment specialists. These six SMEs received about 700 contracts in 2020–21 (an average of 115 contracts each).

3.24 In February 2022, the DTA reported that: there were 4132 sellers on the Digital Marketplace; since August 2016, 25 per cent of all Digital Marketplace opportunities had been open to all sellers; 73 per cent of all opportunities on the marketplace had been for labour hire; and 82 per cent (2309 of 2814) of non-labour hire opportunities received between zero and five responses. The DTA did not report how many of these opportunities involved an approach to only one potential supplier.48

3.25 In May 2022, the Digital Marketplace moved to BuyICT.gov.au, which is a collection of seven ICT-related marketplaces. The DTA advised the ANAO in June 2022 that the new platform has a prompt for buyers that states: ‘it is considered best practice to include at least three sellers’. The Digital Marketplace on the BuyICT website also includes information for each opportunity on whether the opportunity is open to all suppliers, a limited number of suppliers or only one supplier in the category.

DTA’s use of the Digital Marketplace

3.26 The DTA used a panel arrangement for more than 80 per cent of the contracts it reported to AusTender in 2020–21, with the Digital Marketplace panel being used in 71 per cent of those cases.49 The ANAO examined seven procurements that involved the Digital Marketplace panel, as outlined in Table 3.3. These procurements were selected on the basis of value, risk, relevance and type of procurement and include seven of the DTA’s nine highest value procurements (other than whole-of-government procurements) for 2019–20 and 2020–21.

Table 3.3: Digital Marketplace procurements in the ANAO’s sample, by contract value

Description

Start date

Number of suppliers approached

Number of responses

Number of days open

Original Value

Value as at July 2022

myGov Upgrade Horizon 1a

23-Mar-20

1

1

N/A — Verbal offer

$19,482,186

$28,130,966

HGIT Program Support

4-Jan-21

1b

1b

5b

$1,000,000

$8,515,313

COVIDSafe App Developmenta

30-Mar-20

1

1

2

$1,848,000

$6,069,929

myGov Funding Case Support

25-May-20

1

1

N/A — Verbal offer

$121,000

$4,942,080

GovDesk Development

4-Sep-19

17

5

8

$205,046

$2,327,863

myGov and Digital Identity Charging Frameworkc

7-Jun-21

4

7

3

$2,002,777

$2,281,077

7

3

3

COVIDSafe App Enhancementsa

10-Aug-20

9

7

2

$777,700

$1,440,892

Total

$25,436,709

$53,708,120

             

Note a: Procurement relates to the Australian Government’s response to the COVID-19 pandemic.

Note b: This is the data for the second approach to market. The first approach went to 16 suppliers, resulted in five responses and was on the Digital Marketplace for eight days.

Note c: The myGov and Digital Identity Charging Framework procurement was initially conducted as a labour hire, then later re-assessed as a procurement. The DTA advertised four separate opportunities on the Digital Marketplace that included a total of six positions.

Source: ANAO analysis of DTA and AusTender data.

3.27 Only one supplier was approached for four of the seven Digital Marketplace procurements examined by the ANAO: the COVIDSafe App Development procurement; the myGov Upgrade Horizon 1 procurement; the myGov Funding Case Support procurement; and the HGIT Program Support procurement.50

3.28 For the COVIDSafe App Development procurement, the rationale for approaching only one supplier was that it was an ‘urgent’ requirement ‘to support the Covid-19 response’. DTA’s internal finance team advised the business area that, as the procurement was COVID-19-related, ‘we can bypass the usual process’. The supplier had already been engaged by the Department of Health to develop the COVIDSafe App before responsibility for developing the app was transferred to the DTA. The DTA notes running the procurement process through the Digital Marketplace ‘allow[ed] the seller to transition from Department of Health to the DTA’.

3.29 For the two procurements related to the myGov project (myGov Upgrade Horizon 1 and myGov Funding Case Support), although the contractors were on the Digital Marketplace panel and the DTA reported the procurements on AusTender as ‘open tender’ Digital Marketplace procurements, in each case the contractor was approached directly outside of the Digital Marketplace portal and the DTA accepted a verbal offer. More detail on the MyGov Funding Case Support procurement is provided in Case Study 3.

Case study 3. Direct approach to Nous Group for MyGov Funding Case Support

In March 2020, Services Australia contacted DTA to advise on the availability of some contractors from the consulting firm Nous Group. The DTA contacted Nous Group in April 2020. The firm agreed to undertake work for the DTA on myGov updates under a new variation to a Services Australia contract. The contractors started work for the DTA before this variation had been finalised. On 21 May 2020, the consulting firm contacted the DTA requesting that it finalise the variation to the Services Australia contract in order to ‘invoice for some of the work that has been done [to] date’.

On 5 May 2020, a DTA official had written to a DTA senior official:

We have forecasted in the budget 200,000 for getting additional support to develop a funding proposal. Do you agree that I examine the methods of procuring Nous Group to complete this work for us? They are able to supply two cleared and previously onboarded resources to start on the 11th of May for seven weeks.

The scope of an additional contract was developed between the Nous Group and the DTA through emails. The contract was reported on AusTender as an ‘open tender’ through the Digital Marketplace, although it was never advertised on the Digital Marketplace, the Digital Marketplace portal was not used, and no tender evaluation report was completed. The DTA advised the ANAO that due to the ‘urgency of the business need’ the consulting firm had been approached directly.

The new contract was signed on 25 May 2020, to develop ‘the funding case documentation for the single view of customer work’ for the myGov taskforce. In the following two years, the contract was varied ten times, increasing the value of the contract by 40 times from $121,000 to $4,942,080. This is discussed further in paragraphs 4.37 to 4.41.

3.30 For the HGIT Program Support procurement, 16 suppliers on the Digital Marketplace panel were approached and five tenders were received and evaluated, but the DTA decided not to proceed with any of the tenderers. The DTA then directly approached and contracted one supplier, CyberCX, as outlined in Case Study 4.

Case study 4. Direct approach to CyberCX following an approach to multiple suppliers on the Digital Marketplace

On 6 August 2020, the Australian Government released Australia’s Cyber Security Strategy 2020. It mentioned a new initiative ‘Harden Australian Government IT’, which was to involve a consideration of secure cyber hubs.

On 18 August 2020, a senior representative from CyberCX called the DTA CEO and followed up with an email saying ‘Thanks so much for taking my call just now. As discussed, I am keen to introduce you to [our] team […]. We would like to get your views and understand your plans re cyber hubs for government’. Following this, the DTA CEO’s office sent a meeting invitation for 2 September 2020 to two DTA senior officials and three CyberCX representatives.

The DTA CEO’s office asked DTA senior officials to prepare a brief for the CEO ahead of this meeting. The brief included: information on the Hardening Government IT Program (HGIT); questions for CyberCX; and some background on CyberCX, such as that it had over ‘500 staff in 20 offices across Australia and New Zealand’. On 31 August 2020, one of the senior officials invited to the meeting commented on the brief, mentioning that they should be aware of not ‘giving [CyberCX] too much and a competitive advantage’.

On 2 September 2020, three representatives from CyberCX met with the DTA CEO, the Deputy CEO and the Chief Technology Officer ‘to discuss the way the DTA is approaching the Hardening Government IT Systems initiative’. This meeting was followed by emails from CyberCX representatives to DTA senior officials thanking them for the meeting and saying, ‘we would welcome the opportunity to explore any potential partnership or support we could provide’.

On 2 October 2020, DTA’s Chief Technology Officer met with CyberCX representatives again. Following this meeting, CyberCX emailed the DTA with information on which Digital Marketplace categories it was approved for. On 7 October 2020, a senior official responded to CyberCX, ‘That is helpful and thanks for following up, we are firming up our requirement now so will be in touch shortly.’

On 5 November 2020, DTA senior officials requested approval from the CEO to engage a consultancy company to support the ongoing delivery of HGIT through two separate procurements — one for ‘business case and model development’ and one for ‘program management support’. The DTA estimated the expected value for each of the two procurements to be between $800,000 and $1 million for a six-month engagement. The CEO approved these requests on 10 November 2020 and directed for both ‘Please ensure that SME’s/mid-range sellers are offered an opportunity to compete for this work’.51

On 11 November 2020, DTA approached 16 suppliers in the ‘Agile Delivery and Governance’ category on the Digital Marketplace, including a CyberCX company, seeking a ‘partner to support the long-term delivery of the Hardening Government IT program’. The approach was open for seven days, and five offers were received. CyberCX did not submit a tender by the deadline. The DTA advised the ANAO that this was due to a miscommunication within CyberCX.

On 20 November 2020, a day after the approach had closed, a CyberCX representative wrote to the DTA seeking information on how the work they had discussed was progressing. Later that day, internal correspondence between DTA officials involved in the procurement indicated that they were surprised by this email. One email included a question about whether the DTA had the ‘the ability to ask [CyberCX] again’ given CyberCX had missed the deadline. (Two weeks later, a decision was made to reapproach CyberCX.)

The following week, two officials evaluated the five tenders that had been received by the deadline. Value for money considerations in the evaluation report included consideration of risk, capacity to deliver, assumptions underlying costings and total proposed costs. Three tenders were evaluated as either ‘good’ or ‘satisfactory’ against each of the two assessment criteria; and two were evaluated as poor.

The tenderer with the highest ranking against the criteria was recommended as the preferred supplier. The two other suppliers with ‘good’ or ‘satisfactory’ ratings were ranked as the second and third options; and the two rated as ‘poor’ were not ranked. The two-member evaluation panel provided a rationale for why they had assessed the preferred supplier as representing the best value for money solution, noting that ‘The biggest issue with [the preferred supplier] is their quote’ which was ‘more than the other proposals’ but it ‘did offer the biggest full-time team and was clearly able to minimise the risk to the program delivery’.

On 1 December 2020, the evaluation panel chair wrote to the Deputy CEO asking that as delegate he review and approve the outcomes of two procurement processes.

  • For the HGIT Business case and model development procurement, the DTA approached eight suppliers, had three responses, but did not find any of the responses ‘acceptable’. The email indicated the DTA would look at an ‘alternative approach’.
  • For the HGIT Program Management procurement, the DTA approached 16 suppliers and received five responses. The panel recommended that the DTA enter into a contract with the preferred supplier.

On 3 December 2020, the Deputy CEO responded, ‘I have spoken to [the responsible senior official] about [the HGIT Program Management procurement] — thank for your efforts on it — I think we need to get the cost down a bit’. A few hours later, the DTA sent request documentation (which was the same as for the first approach) to CyberCX asking it to prepare a response. The DTA advised the ANAO that there was no written approval from the delegate to set aside the first approach and to undertake the second approach and that this approval ‘would have been a verbal approval’.

Following the direct approach, CyberCX provided a proposal for $659,208 (including GST), based on a monthly fixed fee component of $109,868 (including GST) for an initial six months. The proposal also stated:

In addition to the fixed monthly fee component, we suggest that the DTA also proactively establish a requisition of budget for draw down upon via Time and Materials. This would be drawn down at the direction of the DTA for additional technical SME, agile coach or other support where required. CyberCX proposes this approach to enable the DTA to efficiently scale the team size and required subject matter expertise.

On 11 December 2020, the evaluation panel recommended this consultancy as the preferred provider and best value for money solution, with a total contract price of $1 million, made up of original quote of $659,208 and up to $340,792 in time and materials costs to support flexibility in delivering the program’ (with the amount of the additional time and materials costs determined by the DTA).

The evaluation report and request for spending approval did not compare the CyberCX offer against any of the offers in the first approach. The Deputy CEO gave spending approval for this procurement on 11 December 2020. The initial contract was signed on 21 December 2020.

On 26 March 2021, three months after the initial contract was signed, the contract was varied to increase the scope to include deliverables related to business case and model development. The value of the contract was increased by $1.6 million to $2.6 million. As at May 2022 the contract value had been varied four times and increased to 8.5 times its original value ($8,513,313). The end date after the fourth variation was 30 August 2022.

3.31 Multiple suppliers were approached for three of the seven Digital Marketplace procurements examined by the ANAO: the GovDesk Development procurement, the myGov and Digital Identity Charging Framework procurement, and the COVIDSafe App Enhancements procurement. However, for the myGov and Digital Identity Charging Framework procurement, where four suppliers were approached, the opportunity was on the Digital Marketplace for only three days and one of the successful suppliers knew about the procurement at least one week before the opportunity was published (see Case Study 1 in Chapter 2).

3.32 The ANAO saw examples where the DTA’s procurement processes, particularly the use of panels, fell short of supporting the intent of the CPRs. These included:

  • finding a supplier and then working with the Digital Marketplace team to get the supplier assessed and added to the relevant category on the marketplace so that the supplier could be approached on the marketplace;
  • the DTA procurement team instructing an official to investigate which panels a specific provider was on to approach them for a quote, after a DTA official was advised by the provider in a ‘random catch up’ that they could provide probity training;
  • a senior official asking why there was no flexibility in a contract to fill a new position and asking if they could ‘work around’ the issue, with the team suggesting a direct approach to an existing supplier on a panel, with a request for their preferred person;
  • an official advising a senior official that directly approaching a supplier through the Digital Marketplace is a ‘better approach’ because it is an ‘open approach to market as opposed to a limited tender’; and
  • planning to leverage a current contract for a new body of work, but after being told by the procurement team that new work was out of scope for the original contract, directly approaching the same supplier through the Digital Marketplace.

Recommendation no.4

3.33 The Digital Transformation Agency align its approach to market processes with the Commonwealth Procurement Rules, with a focus on:

  1. estimating the expected value of a procurement before a decision on the procurement method is made;
  2. establishing processes to identify, analyse, allocate and treat risk; and
  3. maintaining a level of documentation commensurate with the scale, scope and risk of the procurement.

Digital Transformation Agency response: Agreed.

Use of procurement panels by Australian Government entities

3.34 Auditor-General Report No.31 of 2011–12 Establishment and Use of Procurement Panels highlighted concerns with how procurement panels were being used at the time — particularly, the low percentage of panel procurements that involved multiple quotes and the lack of documentation on how procurements represented value for money. The report states:

A purchase made under a panel arrangement is a procurement activity subject to the procurement policy framework and accordingly must, in itself, achieve value for money. Obtaining multiple quotes is one way in which competition can be used to promote value for money when procuring from a panel. In this respect, the agencies should have more often sought multiple quotes when selecting a supplier to support the achievement of value for money, particularly for higher value procurements. For procurements over $100 000 two of the agencies only sought multiple quotes in around one‐third of their procurements included in the audit sample. Further, the three agencies did not sufficiently document how individual procurements represented value for money for between 41 per cent and 71 per cent of the procurements examined. These results highlight the need for greater emphasis to be given by agencies to clearly demonstrating the basis for supplier selection when procurements are made under a panel arrangement.52

3.35 The ANAO made recommendations that entities ‘succinctly document the basis for selecting a particular supplier to evidence value for money in the circumstances’ and ‘evaluate the use and effectiveness of panels at an appropriate time during their lifecycle’.53

3.36 Auditor-General Report No.27 of 2019–20 Australian Government Procurement Contract Reporting Update reported that the number and value of panel contracts had increased significantly over the last ten years, with the number of panel contracts reported on AusTender increasing from 652 contracts in 2009–10 to 28,560 contracts in 2018–19.54

3.37 Auditor-General Report No.4 of 2020–21 Establishment and Use of ICT Related Procurement Panels and Arrangements states:

Entities should ensure their approach to using panel arrangements supports the intent of the CPRs by encouraging competition to drive value for money, and is not limited to doing the minimum necessary — such as always seeking a single quote — to achieve technical compliance.55

3.38 Entities using panels to approach single suppliers with insufficient consideration of value for money, suggests that there are continuing issues with how panels are being used by Australian Government entities.56

3.39 The Department of Finance (Finance) ‘assists the Australian Government to achieve its fiscal and policy objectives by advising on expenditure, managing sustainable public sector resourcing, driving public sector transformation and delivering efficient, cost-effective services to, and for, government’.57 Finance is responsible for administering the PGPA Act and managing the Australian Government’s resource management framework, CPRs, policies and guidance that supports Australian Government procurement, including procurement from panels.

3.40 Finance’s guidance on panels states:

A Panel is designed to deliver efficiencies for both agencies and the supplier – with that in mind, when procuring from a panel, you should resist seeking all suppliers on a Panel to provide a quote unless there is a demonstrated business need for such an approach.58

3.41 The guidance also states:

Wherever possible, you should approach more than one supplier on a Panel for a quote. Even though value for money has been demonstrated for the supplier to be on a panel, you will still need to demonstrate value for money when engaging from a Panel, and competition is one of the easier ways to demonstrate this. Where you only approach one supplier, you should provide your delegate with reasons on how value for money will be achieved in the procurement.59

3.42 On 1 July 2022, the CPRs were amended to include a new paragraph 9.14: ‘To maximise competition, officials should, where possible, approach multiple potential suppliers on a standing offer’.

3.43 The CPRs state in relation to procurements from standing offers (such as a panel) that officials ‘should report the original procurement method used to establish the standing offer’. As panel procurements involve two stages of procurement and the method for only the first stage (establishing the panel) is reported, there is no transparency on AusTender as to which contracts involved a direct approach to one supplier — as all contracts established through a panel that had been established by open tender are reported as ‘open tender’ on AusTender. Transparency on whether an opportunity was open to all suppliers on a panel (or in the relevant panel category) and the number of suppliers that were approached would encourage entities to conduct competitive procurements and would help achieve value for money outcomes.

Recommendation no.5

3.44 The Australian Government implement reporting requirements for procurements from standing offers, such as panels, to provide transparency on whether an opportunity was open to all suppliers and, if not, how many suppliers were approached.

Department of Finance response: Noted.

3.45 Finance will consider options for entities to report on how many suppliers have been approached from a standing offer arrangement, and options to enhance functionality for reporting contract notices from standing offers in future updates to AusTender. As of 1 July 2022, the CPRs include the requirement that officials should, where possible, approach multiple potential suppliers on a standing offer, in order to maximise competition (paragraph 9.14 of the CPRs). As part of value for money considerations, when approaching suppliers on a panel, officials should balance the need for competitive tension with the administrative burden on both entities and panellists who have no guarantee of being awarded work off of standing offer arrangements. The number of suppliers approached on a panel should be commensurate with the scale, scope and risk of the procurement.

Has the DTA conducted tender evaluation processes effectively and in compliance with the CPRs?

For procurements examined by the ANAO, the DTA did not conduct tender evaluation processes effectively. Evaluation plans were not consistently prepared, and evaluations did not consistently use fit-for-purpose evaluation criteria. None of the examined procurements fully complied with CPR requirements to: consider value for money; notify unsuccessful tenderers of the outcomes of procurements; and maintain appropriate records of the approach to market.

Evaluation planning, criteria and value for money considerations

3.46 Internal DTA policy states that evaluation plans should set out the procurement need and ensure compliance with legislation. The CPRs recommend that entities use relevant evaluation criteria to enable the proper identification, assessment and comparison of submissions on a fair, common and appropriately transparent basis. The CPRs state that evaluation criteria should be included in request documentation and that entities must consider relevant financial and non-financial costs and benefits of each submission. The ANAO found examples of poor evaluation planning documentation and non-compliance with the CPRs for the evaluation phase, as outlined in Table 3.4.

Table 3.4: Assessment of evaluation planning, criteria and value for money considerations

A table that lists nine procurement activities and assesses their evaluations across four aspects.

Note a: Procurement relates to the Australian Government’s response to the COVID-19 pandemic.

Source: ANAO analysis of DTA information.

Evaluation plans

3.47 The establishment and application of an evaluation plan that sets out evaluation criteria and how decisions will be made helps promote fairness and transparency. The DTA’s internal finance policy states that panel procurements and ‘more complicated simple and medium procurements’ should use procurement and evaluation plans to set out the procurement need and ensure compliance with legislation. The DTA’s internal policy states that an evaluation plan should include: evaluation criteria and weightings; the names of the DTA employees who will evaluate the suppliers; a description of how evaluation will be conducted and how DTA employees will make a decision; and an explanation of how quality and standards, total costs, value for money and any associated commercial risks will be assessed.

3.48 Of the eight open tender (including panel) procurements examined by the ANAO, two had an evaluation plan: the GovDesk Development procurement and the Record Management Software procurement (see Table 3.4). These two evaluation plans were approved by the relevant delegate; however, the plans were not approved until after the market had been approached. The plans included details on the evaluation criteria and weightings, the names and responsibilities of the DTA employees on the evaluation panel, how the evaluation would be conducted, and how submissions would be assessed. The evaluation plan for the Record Management Software procurement provided detail on how value for money would be assessed, including taking into account cost, technical worth and an assessment of risk. The evaluation plan for the GovDesk Development procurement did not discuss how value for money would be assessed, however value for money was subsequently discussed in the evaluation report.

3.49 Both evaluation plans included a risk assessment. The risk assessments did not directly address how associated commercial risks would be assessed and neither risk assessment complied with the DTA risk assessment template. Both risk assessments listed four risks.

  • The risk assessment for the Record Management Software procurement included an inherent risk rating, mitigation strategy and residual risk rating. It did not list risk sources, consequences, likelihood, impact or a responsible official for treatment of risk, as instructed by the DTA risk assessment template.
  • The risk assessment for the GovDesk Development procurement included risk consequences, existing controls, and an initial assessment of the risk likelihood, impact and rating. It did not include a consideration of risk sources, treatments, responsible official for treatment or an assessment of the residual likelihood and impact of the risk after treatment, as instructed by the DTA risk assessment template.

3.50 For limited tender procurements, internal DTA policy requires employees to complete a limited tender procurement plan. The one limited tender procurement examined by the ANAO did not have a tender procurement plan. The DTA advised the ANAO it was unable to locate any documentation relating to the initial approach to market for this procurement.

Evaluation criteria

3.51 The CPRs state that ‘Relevant entities should include relevant evaluation criteria in request documentation to enable the proper identification, assessment and comparison of submissions on a fair, common and appropriately transparent basis’.60

3.52 While six procurements had evaluation reports that included evidence of evaluation criteria, only three sets of evaluation criteria were fit for purpose. Three of the evaluation reports with evidence of evaluation criteria used the same generic criteria in their evaluation reports, ‘the extent to which the offer met the Request for Quote requirements; capacity to provide the requirement; proposed costs’, without specifying how these criteria would be assessed. In summary, six of the nine procurements examined did not use fit-for-purpose evaluation criteria in their evaluation reports (see Table 3.4).

3.53 Two of the three procurements with fit-for-purpose evaluation criteria did not include the criteria in the request documentation to potential tenderers (see Table 3.4).

Value for money

3.54 As mentioned in paragraph 1.3, achieving value for money is the core rule of the CPRs. Price is not the sole factor when assessing value for money. When conducting a procurement, the CPRs state an official must consider relevant financial and non-financial costs and benefits of each submissions including: the quality of the goods and services; fitness for purpose of the proposal; the potential suppliers’ relevant experience and performance history; and whole of life costs (including initial purchase price, maintenance and operating costs, additional features procured after the initial procurement).

3.55 For the nine procurements examined by the ANAO, the DTA did not consistently evaluate tenders for value for money.

  • One procurement (Workflow Ticketing Software) did not have any documentation relating to the initial approach to market or evaluation of the supplier.
  • For two procurements relating to the myGov project, suppliers (Deloitte and Nous Group) were approached directly, and value for money considerations were not documented.
  • One procurement (HGIT Program Support) included partial consideration of value for money, with the evaluation report stating that the proposal was value for money, without an explanation or rationale.
  • Value for money was considered as part of the evaluation process for five procurements.
Comparison with maximum daily rates approved for sellers on the Digital Marketplace

3.56 To be approved as a seller on the Digital Marketplace, suppliers are required to provide a maximum daily rate as part of the assessment process for each marketplace category they would like to be included on. The ‘Seller pricing’ page of the Digital Marketplace stated ‘To determine value for money, rates are evaluated along with the seller’s technical and commercial capabilities’. Four of the nine procurements examined (for the CyberCX, Nous Group, ConceptSix and Deloitte contracts) included hourly or daily rates for contractors in contracts. Of the rates for the 22 positions included in these four procurements, the rates for six positions exceeded the maximum daily rate that the DTA had approved for that seller on the Digital Marketplace.

Comparison with Digital Marketplace reported daily market rates

3.57 To help Digital Marketplace buyers achieve value for money, the DTA also publishes reports on daily rates, showing the overall market rate ranges (from lowest rate to highest rate) and median rates charged by category and role on the Digital Marketplace over the previous year. Of the 22 positions included in the four contracts with contractor rates (in the ANAO sample), the rates for only three positions were within the daily market rate ranges published on the Digital Marketplace. The daily rates for 19 positions were higher than the relevant daily market rate ranges.

Opportunity for improvement

3.58 There is an opportunity for improvement for the Digital Transformation Agency to:

  1. provide clear advice to decision-makers on whether proposed rates are under the maximum rates approved for the relevant seller; and
  2. establish internal controls to ensure it does not pay higher than overall market rates for contracts through the Digital Marketplace unless a clear rationale is provided.

Evaluation reports, notifying tenderers and recordkeeping considerations

3.59 The DTA’s internal finance policy states that once a procurement evaluation team has completed its evaluations, it should complete an evaluation report. The CPRs require that entities notify unsuccessful tenderers and keep appropriate records of procurement processes. The ANAO found examples of poor documentation and non-compliance with the CPRs for the evaluation phase, as outlined in Table 3.5.

Table 3.5: Assessment of evaluation reporting, notifying tenderers and recordkeeping considerations

A table that lists nine procurement activities and assesses their evaluation reporting, notifying tenderers and recordkeeping across five categories.

Note a: This includes records and information such as the evaluation plan, evaluation criteria, the evaluation report, consideration of value for money and tenderer debriefings.

Note b: Procurement relates to the Australian Government’s response to the COVID-19 pandemic.

Source: ANAO analysis of DTA information.

Evaluation reports and value for money consideration

3.60 Three of the nine procurements examined did not have a tender evaluation report (see Table 3.5). One procurement was a limited tender procurement. The two other procurements without evaluation reports were classified as open tender, but suppliers were directly approached by the DTA outside of the Digital Marketplace portal.

3.61 Of the six evaluation reports, five included a record that value for money was considered as part of the evaluation process (see Table 3.5). One report, for the HGIT Program Support procurement, stated the proposal represented value for money, but did not demonstrate how value for money was considered or assessed.

Notifying and debriefing tenderers

3.62 The CPRs state at paragraph 7.17:

Following the rejection of a submission or the award of a contract, officials must promptly inform affected tenderers of the decision. Debriefings must be made available, on request, to unsuccessful tenderers outlining the reasons the submission was unsuccessful. Debriefings must also be made available, on request, to the successful supplier(s).61

3.63 For two of the examined procurements, there was no evidence that unsuccessful tenderers were notified (see Table 3.5). One of these involved two approaches to market, with the first approach involving an approach to 16 sellers and the second approach being a direct approach. There is no evidence that any of the 16 sellers in the first approach were notified of the decision (this procurement is discussed in Case Study 4 above). For the two procurements where debriefings were requested by tenderers, the DTA advised the ANAO that these debriefings were provided. However, the DTA did not document the debriefings.

Recordkeeping

3.64 For six of the examined procurements, the DTA did not maintain appropriate records of the evaluation phase, such as a record of evaluation criteria, how value for money was considered and an evaluation report (see Table 3.5). For three of the examined procurements, the DTA had maintained most of the key records, but evaluation criteria and tenderer debriefings were not always documented.

Recommendation no.6

3.65 The Digital Transformation Agency improve its tender evaluation processes to:

  1. align them with the Commonwealth Procurement Rules; and
  2. incorporate evaluation criteria to better enable the proper identification, assessment and comparison of submissions on a fair and transparent basis.

Digital Transformation Agency response: Agreed.

Has the DTA provided sound advice to decision-makers, including how the selected tenderers would achieve value for money?

The DTA did not consistently provide sound advice to decision-makers. Advice generally did not include whether selected tenderers would achieve value for money or how risks were considered. Advice usually included information on the whole-of-life value and total contract amount, the method used to request quotes from suppliers, scoring from evaluations and the rationale for the recommended supplier.

Advice to decision-makers

3.66 As noted at paragraph 1.3, the CPRs state that achieving value for money is the core rule of the CPRs, and that ‘officials responsible for a procurement must be satisfied, after reasonable enquires, that the procurement achieves a value for money outcome’.62 Procurements should also facilitate accountable and transparent decision making and encourage appropriate engagement with risk. Decision-makers rely on sound advice to make informed procurement decisions and ensure that the selected tenders will achieve value for money.

3.67 Following evaluation, the DTA’s policy states that a recommendation in writing should be put to the delegate outlining the outcomes of the evaluation process, the preferred supplier and the final contract value. The policy notes the spending approval request to the delegate should include: the procurement’s total whole-of-life value including any extension options and total contract amount; the approach to market process; details on the evaluation including scoring against selection criteria; and the reason for choosing a supplier who does not offer the lowest price.

3.68 The ANAO found examples of the DTA not providing complete advice to decision-makers, as outlined in Table 3.6.

Table 3.6: Assessment of advice to decision-makers

A table that lists nine procurement activities and assesses their advice to decision-makers across five categories.

Note a: Procurement relates to the Australian Government’s response to the COVID-19 pandemic.

Source: ANAO analysis of DTA information.

Advice on value for money

3.69 Paragraph 7.3 of the CPRs states that procurement documentation should provide accurate and concise information on ‘how value for money was considered and achieved’. The advice to decision-makers did not consistently provide a statement on how value for money was considered and achieved. The request for spending approval for three of the nine procurements included advice on value for money and for five procurements it did not include this information. For the myGov Upgrade Horizon 1 procurement (which was one of the DTA’s highest value procurements for 2019–20 and 2020–21), the DTA had not maintained a record of the request for spending approval (see Table 3.6).

Advice on whole-of-life procurement value

3.70 While one procurement (myGov Upgrade Horizon 1) did not have a record of the spending advice or approval, the other eight procurements had advice that included information on the whole-of-life value and total contract amount (see Table 3.6). For seven of these procurements, the advice included information on options to extend; and for one procurement (myGov and Digital Identity Charging Framework), it did not. In the advice for two procurements (HGIT Program Support and COVIDSafe App Enhancements) the DTA included costs for ‘time and materials’ in addition to the tenderer’s quote to ‘support flexibility in delivering the program’:

  • for the COVIDSafe App Enhancements procurement, an additional $200,000 was added by the DTA for ‘time and materials’ to the recommended supplier’s quote (Shine Solutions Group), bringing the contract up to $777,700; and
  • for the HGIT Program Support procurement, additional funds for ‘time and materials’ (up to $340,792) were added by the DTA to the recommended supplier’s quote (CyberCX) for $659,208, bringing the request for spending approval to $1 million.

3.71 The advice to the delegate for both of these procurements did not include how the additional funds for ‘time and materials’ would be charged or agreed. The contract with Shine Solutions Group did not mention that funds for time and materials were included, stating only ‘the total contract price is not to exceed $777,700’. The contract with CyberCX included: a statement that ‘an additional $340,792 (incl GST) is available to scale up or scale down as required based on a Time and Materials arrangement’; and a table of rates for any additional work.

Advice on procurement processes

3.72 Paragraph 7.3 of the CPRs states that procurement documentation should provide accurate and concise information on ‘the process that was followed’. Information on the process includes the method that was used to request quotes, who was approached and the results from the evaluation of tenders.

  • Advice for seven procurements included the method used to request quotes and suppliers who were approached in the spending request. One procurement involved a direct approach to Nous Group outside of the Digital Marketplace portal, and this information was not included in the spending approval request to the delegate (this is discussed further in Case Study 3). For the myGov Upgrade Horizon 1 procurement, the DTA had not maintained a record of the advice to the decision-maker (see Table 3.6).
  • Five of the procurements examined included multiple tenderers.
    • For three of the five, the advice to the decision-maker included a ranking of the tenderers based on the evaluation criteria.
    • The advice to the decision-maker for the myGov and Digital Identity Charging Framework procurement did not include information on the tender evaluation process or rankings.
    • The advice to the decision-maker for the HGIT Program Support procurement did not include a comparison between the 16 suppliers approached in the initial approach and the supplier that was approached directly in the second approach (this is discussed further in Case Study 4).
Advice on procurement risk

3.73 The CPRs state that entities ‘should consider risks and their potential impact when making decisions relating to value for money assessments, approvals of proposals to spend relevant money and the terms of the contract’.63 Seven of the procurements examined did not have advice to decision-makers that included information on risks or how they would be managed. Requests for spending approval for two procurements included advice on risks, with both procurements rated as a ‘minor risk’ with no issues identified.

3.74 The DTA’s risk management guidance instructs DTA officials to report high risks to the Executive Board and to escalate very high risks to the Executive Board. As discussed at paragraphs 3.9 to 3.11, the risk matrix in one procurement evaluation plan (for the GovDesk Development procurement) noted that medium-high and high risks are to be escalated. The same procurement evaluation plan incorrectly calculated one risk as medium-low, when according to the matrix it should have been medium-high. No risks were escalated or mentioned in the spending advice to the delegate.

Advice on selected supplier

3.75 Advice for seven of the procurements examined included the recommended supplier and a rationale for the recommendation — however, the rationale did not always mention value for money considerations (see Table 3.6). Advice for one procurement (Workflow Ticketing System) included the recommended supplier but did not provide the rationale. As mentioned at paragraph 3.69, the myGov Upgrade Horizon 1 procurement had no advice or approval documentation.

Recommendation no.7

3.76 The Digital Transformation Agency improve its procurement processes to ensure decision-makers are provided complete advice, including information on risk and how value for money would be achieved.

Digital Transformation Agency response: Agreed.

4. Contract management

Areas examined

This chapter examines whether the Digital Transformation Agency (DTA) has managed contracts effectively.

Conclusion

For procurements examined by the ANAO, the DTA has not managed contracts effectively. The DTA has not established effective contract management arrangements. While its contracts include performance expectations, the DTA has not effectively monitored performance against these expectations. The DTA has not effectively managed contracts to deliver against the objectives of the procurements and to achieve value for money. Its management of one of the examined procurements fell particularly short of ethical requirements, with the DTA changing the scope and substantially increasing the value of the contract through 10 variations.64

Areas for improvement

The ANAO made two recommendations aimed at improving the DTA’s guidance and controls for making payments and varying contracts.

The ANAO also identified three opportunities for improvement for managing risks related to: contract management; timeliness and accuracy of reporting to AusTender; and performance verification for contracts.

4.1 This chapter examines whether the DTA has managed contracts effectively. Effective contract management is essential to achieving value for money and ensuring that contract objectives are met. Effective contract management includes: assigning key roles and responsibilities; identifying, assessing and managing risks; monitoring and verifying performance against expectations; ensuring payments are timely and accurate; actively managing contracts to ensure they deliver against their objectives and achieve value for money; and not varying contracts due to a failure to appropriately plan procurement needs, to continue supplier relationships, or with the intention of avoiding competition or obligations under the Commonwealth Procurement Rules (CPRs).

Has the DTA established effective contract management arrangements?

The DTA has not established effective contract management arrangements for the procurements examined by the ANAO. None of the nine procurements had a contract management plan. The DTA did not consistently report contract variations to AusTender within 42 days or with the correct value. All nine procurements had issues with the timeliness of payments, and there were weaknesses in the DTA’s internal payment controls that led to duplicate payments being made.

Contract management plans

4.2 Effective planning affects how a contract is managed and whether there is a successful outcome. A contract manager should: assign key roles and responsibilities; identify the management activities and resources needed to effectively manage the contract; and assess the risks to the performance of the contract and its ability to achieve desired outcomes.65

4.3 A contract management plan should reflect the contract’s complexity and risk profile and contain key information about how the contract will be managed over its life to ensure that objectives are met and value for money is achieved. A contract management plan can include a summary of key activities to be completed, roles and responsibilities, identified risks and how these risks will be managed.

4.4 None of the nine procurements examined by the ANAO had a contract management plan. In response to requests for documents that outlined contract management roles and responsibilities, the DTA referred the ANAO to procurement contracts, requirements documents and seller proposals.

4.5 For three of the nine procurements, contract management roles and responsibilities were partly outlined in the contract.

  • Contracts for two procurements listed a business representative and procurement representative. For one procurement, the contract listed the procurement manager responsible for financial matters and another DTA employee responsible for project matters.
  • Contracts for five procurements listed DTA officials as the buyer representative, but no details were provided on their role and responsibilities.
  • One procurement used a purchase order instead of a contract and this document did not list roles and responsibilities.

Risk management

4.6 Managing risk is an essential part of procurement and contract management. Contract managers should identify risks associated with delivery of a contract and assess the seriousness of those risks and likelihood of them occurring. Risk controls and treatments should be applied to prevent risks from occurring or to minimise their consequences. All officials with a role in managing the contract play a part in managing risks and identifying emerging issues. A risk management plan provides a systematic approach to identifying, evaluating and treating risks associated with the contract.66

4.7 None of the nine procurements examined had a risk management plan. In response to ANAO requests for risk management documentation, the DTA advised the ANAO for one procurement that: ‘risk was managed in line with standard processes under the Digital Marketplace and in line with standard DTA processes’. For two other procurements, DTA advised the ANAO that: ‘Risks were assessed on a per submission basis and can be found in the evaluation criteria and documentation’. There was no evidence to indicate that the DTA was actively managing risks related to contract management for the examined procurements.

Opportunity for improvement

4.8 There is an opportunity for the Digital Transformation Agency to strengthen its processes for managing risks related to contract management.

Reporting to AusTender

4.9 The CPRs state that relevant entities must report contracts and amendments on AusTender within 42 days of entering into (or amending) a contract if they are valued at or above the reporting threshold. Accurate and timely reporting of contracts and amendments on AusTender provides transparency in the use of public money.

4.10 As shown in Table 4.1, the majority of the DTA’s contracts and variations were reported to AusTender on time (within 42 days) in 2019–20 and 2020–21. There were 167 instances (13.5 per cent) over this period where a contract or amendment was published 42 days or more after the reported start date. These 167 contract notices were not compliant with the CPRs.

  • In 2019–20: 36 contracts were reported late, with a range of between one and 934 days late; and nine variations were reported late, with a range of between six and 302 days late.
  • In 2020–21: 70 contracts were reported late, with a range of between one and 294 days late; and 52 variations were reported late, with a range of between one and 360 days late.

Table 4.1: DTA contracts and variations reported to AusTender within 42 days or late

Financial year

Contracts reported to AusTender

Contracts reported to AusTender within 42 days

Contracts reported to AusTender late

Variations report to AusTender

Variations reported to AusTender within 42 days

Variations reported to AusTender late

2019–20

284

248

(87%)

36

(13%)

181

172

(95%)

9

(5%)

2020–21

463

393

(85%)

70

(15%)

307

255

(83%)

52

(17%)

Total

747

641

(86%)

106

(14%)

488

427

(88%)

61

(12%)

             

Source: ANAO analysis of AusTender information.

4.11 As illustrated in Figure 4.1, more than 30 per cent of non-compliant contract notices were published more 90 days after the reported start date.

Figure 4.1: Non-compliant contract notices by reporting delay, 2019–20 and 2020–21

 

Source: ANAO analysis of AusTender data.

4.12 For the nine procurements examined by the ANAO, eight were reported to AusTender within the 42 days of the contract commencement date. One procurement (myGov Upgrade Horizon 1) was reported to AusTender late (52 days after the commencement date). The original value of the contract was incorrectly reported by $9,995,000. This discrepancy was discovered one month after the contract had been signed. Another procurement examined (myGov Funding Case Support) did not include GST in the original reported contract value, and the DTA amended it six months later to the correct value.

4.13 For seven procurements examined, contracts were amended to increase the total contract value by at least $10,000, requiring the variation be reported to AusTender (under paragraphs 7.18 and 7.19a of the CPRs). For two procurements, all amendments were reported to AusTender within 42 days. Five procurements had at least one variation that: did not match the amendment value reported to AusTender; was published more than 42 days after commencement; or was not reported to AusTender at all.

4.14 For the GovDesk Development procurement, all four contract amendments were reported to AusTender on the same day. The amendment start dates were incorrectly reported as 10 April 2020, whereas the actual commencement dates ranged between November 2019 and March 2020. Two amendments were reported 141 and 161 days after commencement. The other two amendments were reported within 42 days.

Opportunity for improvement

4.15 There is an opportunity for the Digital Transformation Agency to improve the timeliness and accuracy of its reporting to AusTender.

Timeliness and accuracy of payments

4.16 When verifying an invoice, the Department of Finance’s (Finance’s) guidance recommends that the contract manager check:

  • the description of goods or services on the invoice matches the description in the contract and the quantity matches a delivery receipt and does not exceed the contracted amount;
  • the invoice has been correctly calculated;
  • the invoice date is after the goods or services were received (unless payment in advance has been agreed);
  • there are no other obvious errors; and
  • the invoice meets any other contract requirements.

4.17 To mitigate the risk of fraud, Finance recommends at least two people independently verify the invoice payment process. Finance also recommends paying an invoice only when:

  • all goods or services received meet the required standards;
  • the supplier is compliant with the contract and other contract payment terms;
  • the invoice received is accurate and correct according to the contract; and
  • all necessary authorisations and approvals have been obtained.

4.18 Finance’s Resource Management Guide (RMG) 417 Supplier Pay On-Time or Pay Interest Policy (January 2020) stated that for contracts with an original value of $1 million or below, suppliers must be paid within 20 calendar days following the acknowledgement of satisfactory delivery of goods or services and receipt of the invoice.67 DTA reported paying 83.8 per cent of invoices for contracts up to $1 million within 20 days in 2019–20 and 87.8 per cent in 2020–21.

4.19 The ANAO found issues with the timeliness, accuracy or recordkeeping of payments for eight of the nine procurements examined. For eight of the procurements there were instances of late payments, for one there were inaccurate payments, and for five there were incomplete records (see Table 4.2).

Table 4.2: Payment timeliness, accuracy and recordkeeping

A table that lists nine procurement activities and assesses their payment timeliness, accuracy and recordkeeping across four categories.

Note a: This includes invoices, confirmation of goods receipt and payment receipts.

Note b: Procurement related to the Australian Government’s response to the COVID-19 pandemic.

Source: ANAO analysis of DTA information.

4.20 For the COVIDSafe App Development procurement, the ANAO identified two duplicate payments — which resulted in overpayments totalling $380,600 — as outlined in Case Study 5.

Case study 5. Duplicate payments for the COVIDSafe App Development procurement

For the COVIDSafe App Development procurement, the ANAO found the DTA had made two duplicate payments to the supplier, Delv. One invoice (INV-2285), received on 30 September 2020 for $275,000, was paid twice by the DTA finance team:

  • On 30 September 2020, a member of the DTA finance team emailed the contract manager to confirm goods had been received for the invoice. Following confirmation of goods receipt, the invoice was paid on 8 October 2020.
  • On 7 October 2020, the same DTA finance team member emailed a different contract manager for the procurement to confirm goods had been received and the invoice was approved to be paid. Following confirmation, the same invoice was paid again on 20 October 2020.

Another invoice (INV-2346) was received 30 January 2021 for $105,600, which was also paid twice. On 1 February 2021, a member of the DTA Finance team emailed the contract manager to confirm goods for the invoice had been received. Following confirmation on 1 February 2021 that services had been received, the same contract manager was emailed again on 4 February 2021 to confirm which contract variation the invoice needed to be paid from. The DTA finance team member noted the invoice was for variation one but there was only funding remaining on variations two and six. On 9 February 2021, the DTA contract manager confirmed funding was to be drawn from variation six. The invoice was then paid by the DTA finance team twice on 16 February 2021, for a total of $211,200. The double payment was recorded on the same receipt, with two separate internal reference numbers.

In March 2022, the ANAO drew these payments to the DTA’s attention. The DTA advised the ANAO that these payments were duplicates that had not been identified by either the DTA or the supplier and had likely occurred due to human error. The DTA advised that while their financial management software should have displayed an error message identifying a potential duplicate payment, this could have been overridden. In June 2022, the DTA advised the ANAO ‘Delv have acknowledged the overpayment. The DTA is now working with Delv to agree a payment schedule to meet the needs of both the DTA and Delv’. As at 18 August 2022, the DTA had not yet reached an agreement with Delv on a repayment plan or recovered any of the funds.

Internal controls to prevent and detect irregular payments

4.21 After identifying the issue with duplicate payments, the ANAO: met with the DTA’s Chief Finance Officer and finance team to discuss the issues; and requested further documentation from the DTA on its historical accounts payable system. The ANAO’s examination of the DTA’s historical procurement controls is discussed in Box 1.

Box 1: DTA’s historical IT-related payment controls

DTA has been using a shared SAP environment for accounts payable processing since 2018. Controls were largely manual and required officials to manually enter data such as numbers for invoices and purchase orders. This resulted in cases where differences in these free text fields made it difficult to identify the payments related to specific invoices or purchase orders. This was highlighted by the two instances of duplicate payments that were identified in relation to the COVIDSafe App Development contract (discussed in Case Study 5).

Under the historical system, the SAP application controls were also able to be bypassed by privileged users with elevated permissions. Monitoring and discovery of such changes was poor, and the DTA discovered overpayments when vendors alerted them.

The ANAO asked the DTA to run a report on duplicate payments. The report, which included over 700 line items, included only one of the two duplicate payments identified by the audit team. The other was unable to be detected due to a difference in how the invoice had been recorded in the free text field. The ANAO sampled seven sets of potential duplicate payments from the report. The sample was selected on a risk basis, after removing sets of payments that were clearly not duplicates (such as regular superannuation contributions). Of these seven instances, three were duplicate payments. In these instances, the DTA did not detect the overpayments through its internal controls. However, the vendors had identified the duplicate payments, notified the DTA and voluntarily provided refunds.

4.22 The DTA’s accounts payable (AP) system was ‘uplifted’ to Finance’s Service Delivery Office (SDO)68 in February 2022 as part of an ‘AP Uplift’ program. The ANAO requested information from the SDO on the new system controls implemented for the DTA. New procurement controls were identified that would resolve some of the historical issues identified in Box 1. However, there are still risks that duplicate payments could occur, as discussed in Box 2.

Box 2: Current state of the DTA’s IT-related payment controls

The new accounts payable uplift (AP Uplift) program within the SDO includes new processes that: remove some of the manual handling of procurement documents; reduce manual data entry; and link invoices to the relevant purchase order.

With the introduction of these improved controls, the DTA has moved away from manual processing of invoices. The overall process is now as follows:

  • invoices are sent to the SDO directly by vendors into an invoice mailbox;
  • invoices are read by the vendor invoice management system and a ticket is created;
  • invoices must include a purchase order number to be processed; and
  • the ticket is then directed to the DTA for goods receipt69 (the historical goods receipting confirmation process remains the same).

Once goods are receipted, the ticket is sent back to the SDO for payment. The new process, where invoices are required to include the purchase order number, helps to ensure that each invoice is paid against the correct purchase order. However, there is still a risk that overpayments could occur; particularly if DTA officials are not well trained or are not enforcing compensating controls (such as contract management, cost centre reviews, monitoring project budgets, segregation of duties, limiting who can modify vendor account details and other standard payment controls). The new system makes it more difficult to issue a duplicate payment, but it cannot remove the risk entirely — particularly the risk of privileged users overriding controls.

4.23 To mitigate the risks identified in Box 2, the DTA should improve its training and management of internal payment controls such as contract management, cost centre reporting and the monitoring of privileged users’ activity. The DTA should also verify the effectiveness of its payment controls.

Recommendation no.8

4.24 The Digital Transformation Agency:

  1. improve its training and management of internal payment controls; and
  2. conduct an internal compliance review or audit within the next 12 months to verify the effectiveness of its payment controls.

Digital Transformation Agency response: Agreed.

Do contracts include performance expectations and has the DTA been effectively monitoring performance against these expectations?

Contracts for procurements examined by the ANAO generally included performance expectations, but the DTA has not been effectively monitoring performance against these expectations. The DTA has not been consistently documenting its performance monitoring activities or its verification of services delivered.

4.25 Performance management involves ensuring goods or services are delivered as required under the contract. Good performance management is key to delivering value for money. Performance management should take place throughout the life of the contract and be based on the performance expectations established in the contract. Paragraph 2.10 of the CPRs states:

Following the awarding of the contract, the delivery of and payment for the goods and services and, where relevant, the ongoing management of the contract and consideration of disposal of goods, are important elements in achieving the objectives of the procurement.

4.26 The role of a contract manager is to ensure the supplier is meeting its obligations under the contract — including that the goods or services purchased under the contract are received on time, within budget and fully compliant with contract specifications.

Performance expectations

4.27 Eight of the nine ICT-related procurements examined by the ANAO included a description of the scope of services, deliverables and performance expectations in the contract work order. Performance expectations were broken down into specific deliverables, such as: program management and secretariat activities; technical support and maintenance; strategic advice; and data modelling. One procurement (Workflow Ticketing System) used a purchase order instead of a contract.

Performance monitoring

4.28 For three of the nine procurements examined, performance monitoring was documented through weekly status reports or other forms of milestone tracking prepared by contractors for the DTA. For two procurements, the DTA advised performance was monitored primarily through regular meetings with the contractor. For the two procurements related to the COVIDSafe App, the DTA was unable to produce any documentation to demonstrate that performance had been monitored. The DTA noted that the contract manager for these two contracts was no longer employed at the DTA and it could not find any relevant records. The ANAO’s assessment of the DTA’s performance management of the nine procurements is provided in Appendix 4.

Performance verification

4.29 For two of the nine procurements (GovDesk Development and myGov and Digital Identity Charging Framework), performance was tied to milestone payments. Invoices for both procurements were linked to specific milestones agreed under the contracts. ConceptSix (the contractor for the myGov and Digital Identity Charging Framework procurement) also included timesheets in PDF form to the DTA with its invoices.

4.30 For five of the nine procurements, payments were not tied to milestones. Invoices for four procurements (for contractors Deloitte, CyberCX, Nous Group and Shine Solutions Group) were for time charged by consultants on the project and were not linked to milestones or deliverables. The DTA did not have documentation to demonstrate how timesheets were verified for any of the procurements. For the COVIDSafe App Development procurement, the invoices did not include timesheets for time charged or consistently specify the milestones or deliverables completed under the work order or variation.

Opportunity for improvement

4.31 There is an opportunity for the Digital Transformation Agency to improve its processes for: monitoring and verifying performance under contracts; and documenting whether performance expectations are being met and value for money is being achieved.

Has the DTA effectively managed contracts to deliver against the objectives of the procurements and to achieve value for money?

For the procurements examined by the ANAO, the DTA has not managed contracts effectively to deliver against the objectives of the procurements and to achieve value for money. Value for money was not adequately considered for contract variations relating to the procurements. The DTA varied seven of the nine procurements examined by the ANAO. In one case, a directly sourced contract was ‘leveraged’ multiple times, increasing in value by 40 times with substantial changes to scope. Varying a contract in this way is not consistent with ethical requirements.70

4.32 Part of achieving value for money is ensuring that the objectives of the procurement are met without a substantial increase in cost. Finance’s guidance on contract end dates states that, when officials are deciding whether to exercise an extension option or extend a contract by variation, they should consider the costs and benefits in continuing with the current contract, including: whether extending the contract would continue to provide value for money; whether reapproaching the market would result in a better outcome, having regard to potential costs involved; the performance of the current provider(s); whether there will be sufficient time to run a new procurement process; and the changing needs/requirements of entities.71

4.33 Finance’s guidance also states:

  • Any variation to a procurement contract should not significantly change the scope of the contract’ and ‘as a general rule, contract should only be extended for the length of time that will allow for the […] provision of all deliverables under the original contract’.
  • Entities should only extend a contract where necessary. Extending a contract via variation may not result in a value for money outcome […]. Entities are therefore encouraged to not rely upon the ability to extend a contract by variation. Contracts should not be extended by variation due to a failure to appropriately plan procurement needs, continue supplier relationships, or with the intention of discriminating against a supplier, avoiding competition, or to avoid obligations under the CPRs.72

4.34 A contract may be extended if all of the following conditions are met: the contract contains an (unused) option to extend; it is value for money to extend the contract; and the contract has not yet expired. When increasing a contract value by $10,000 or more, appropriate approval must be obtained from a delegate under subsection 23(3) of the Public Governance, Performance and Accountability Act 2013. The DTA’s internal guidance on approving spending notes the spending approval should contain ‘an explanation as to how the expenditure represents value for money’.

4.35 Seven of the nine procurements examined by the ANAO were varied to increase the value of the contract by more than $10,000 at least once, as summarised in Table 4.3.

Table 4.3: Contract variations to increase contract value, by largest increase

A table that lists seven procurement activities, with details about contract variations and an assessment of whether there was a discussion about value for money.

Source: ANAO analysis.

Value for money considerations

4.36 Value for money was not consistently discussed in spending approval documentation provided to delegates for the variations to the seven contracts (as outlined in Table 4.3).

  • For one procurement (COVIDSafe App Enhancements), value for money was discussed in all four variation spending approvals that went to the delegate. The value for money rationale covered both financial and non-financial benefits.
  • Four procurements had one or more spending approvals that discussed value for money.
  • For two procurements (COVIDSafe App Development and myGov and Digital Identity Charging Framework), value for money was not discussed in any spending approvals.

Contract for myGov Funding Case Support

4.37 As discussed in Case Study 3 (in Chapter 3), the myGov Funding Case Support procurement involved substantial increases in value and scope. The contract was varied ten times over two years, increasing to 40 times its original value from $121,000 to $4,942,080 (illustrated at Figure 4.2).

Figure 4.2: Variations to myGov Funding Case Support contract, May 2020 to May 2022

 

Source: ANAO Analysis of DTA information.

4.38 The scope of the contract also significantly increased. The DTA advised the ANAO that it had ‘leveraged’ the contract for additional work in another team. The scope substantially changed from providing advice on a business case, to include writing ministerial briefs and other correspondence and providing strategic advice on different projects for four different teams, such as on the Mid-Year Economic Fiscal Outlook (MYEFO) 2021–22, Digital Identity program and ‘Front Door for Business’ project (see Table 4.4).

Table 4.4: Contract variations — myGov Funding Case Support

Variation

Date signed

No. of personnel

Reported to AusTender?

Value of work order

Variation details and deliverables

Initial contract

25 May 2020

2

Y

$121,000

Two consultants to work on the myGov taskforce providing advice and strategic guidance, including developing a business case, detailed costing and benefits analysis review, supporting material and a stakeholder engagement plan.

Variation 1

24 Jul 2020

5

Y

$934,340

Increase to five contractors to provide supplemental skills to the team, facilitate workshops, advice and strategic guidance for the myGov enhancements taskforce.

Variation 2

11 Dec 2020

5

Y

$285,890

Preparation of correspondence, briefs and other communications and reports as directed by DTA.

Variation 3

5 Mar 2021

5

N/A

$0

Replace one contractor with another.

Variation 4

17 May 2021

7

N/A

$0

Two additional personnel. Extend contract end date to 31 December 2021.a

Variation 5A

4 Jun 2021

8

N

$547,708

Extend the contract end date to 30 June 2021 to provide support services of strategic writers and business case team for digital prioritisation and brief work.

Variation 5B

30 Jun 2021

8

Y (and included additional funds not reported for variation 5A)

$1,174,849b

Evidence-based written and verbal advice in the form of reports and business cases which the DTA is able to use to inform decisions and seek funding, as well as other duties. Extend contract end date to 30 September 2021.

Variation 6

5 Aug 2021

 

10

Y

$166,320

Work with DTA on a business submission for MYEFO 2021–22. Two additional personnel.

Variation 7

26 Aug 2021

11

N/A

$0

One additional contractor.

Variation 8

24 Sep 2021

13

Y

$1,025,690

Strategic support and advice for the ‘Front Door for Business’ submission for MYEFO 2021–22 and other ministerial requirements. Briefing and engagement support for the Digital Identity program. Two additional personnel. Extended end date to 31 December 2021.

Variation 9

23 Dec 2021

15

Y

$671,807

Strategic and engagement support for the Digital Identity consultation and Front Door for Business and Nominees work. Two additional personnel. Extend contract end date to 31 March 2022.

Variation 10

1 June 2022

 

15

Y

$14,475

Value of the contract increased to cover an overspend.

Total

$4,942,080

 

           

Note a: It was later discovered that the DTA could not extend the contract to 31 December 2021, as under the terms of the contract, it could be extended by four further periods of up to only three months each.

Note b: Variation 5B was reported to AusTender with a value of $1,722,557, which included $547,708 for Variation 5A, which had not been reported.

Source: ANAO analysis of DTA information.

4.39 In addition to the 10 variations outlined in Table 4.4, DTA senior officials attempted to vary the contract to include work on another project. The DTA’s finance and procurement team strongly advised against this, which led to the DTA directly approaching Nous Group and engaging them under a separate contract, as discussed in Case Study 6.

Case study 6. Additional contract with Nous Group after potential variation to myGov Funding Case Support contract discontinued

On 17 November 2020, DTA senior executives met to discuss a review of the DTA’s role and mandate. A senior official followed up by email the next day suggesting Nous Group for the project, as it had assisted with a similar review a few years before.

On 20 November 2020, a DTA official wrote to a senior official asking if there was a contract that they could ‘leverage’ for the DTA Review. Senior officials discussed using the Nous Group and what ‘mechanism’ they could use to engage them. One senior official indicated that he had a Nous Group contract they could use and that he had already told the senior official responsible that ‘we might need to turn up the tap’.

On 26 November 2020, officials involved in the DTA Review sought advice from the corporate procurement team on using the existing Nous Group contract (myGov Funding Case Support) for the DTA Review. The procurement team indicated that the contract had already had ‘considerable changes to scope’ in its first variation (see Variation 1 in Table 4.4) and said that it would be inappropriate to extend the contract to work outside the myGov project. The procurement team indicated that it could assist with approaching the market ‘to get a result as quickly as possible’.

On 27 November 2020, the DTA CEO wrote to the portfolio Secretary as part of regular communication: ‘I’ve created a small internal team to rapidly progress the review […] and plan on getting a small amount of support from Nous (under an existing contact) to supplement my internal team.’

On the same day, the corporate procurement team provided advice to the business area that:

The existing Nous contract cannot be used for the DTA Review, and it will be necessary to approach the market to bring Nous onboard; the contract’s scope isn’t sufficient to engage with Nous for the DTA Review, and the media risk associated with varying it to expand the scope would be extreme.

The procurement team offered to rapidly engage Nous through a direct approach using the Digital Marketplace. An official within the business area asked a senior official ‘Are you able to assist? I was under the impression we were all set to use the Nous contract!’ The senior official replied, ‘We were happy for you to use our current Nous contract but I don’t have any influence over whether Corporate Procurement deem it within the requirements based on the original scope of the contract which is what appears to be the issue.’

Later on 27 November 2020, the DTA directly approached Nous Group through the Digital Marketplace for work on the DTA Review.

On 30 November 2020, while the DTA Review procurement was underway, officials discussed that they needed a brief writer for a separate task and that Nous Group had a contractor available. This additional work was subsequently added to the myGov Funding Case Support contract as part of Variation 2, which was signed on 11 December 2020 (see Table 4.4).

On 3 December 2020, Nous Group responded with a quote for the DTA Review procurement. Three officials evaluated the quote, rating it as satisfactory or good against three criteria. On 4 December, the corporate finance team provided feedback on the draft evaluation report:

It is difficult to achieve effective or efficient spending of public money as required under the PGPA Act if scope and deliverables are not clearly articulated. Only a single provider was offered the opportunity to quote for this work. Alternative providers could legitimately claim to have been excluded from the opportunity of submitting a competing quote, and DTA’s previous relationship with the selected provider could be seen as having given the selected provider an unfair advantage, breaching DTA’s ethical obligations under the PGPA Act and Commonwealth Procurement Rules. The delegate should be informed of, and actively accept on behalf of the DTA, the above shortcomings.

The final evaluation report reflected this advice, stating that the corporate finance team had advised that ‘it is not ideal that a single provider is offered the opportunity […, it] represented a risk that other sellers could escalate an issue with being excluded from the opportunity’ and the DTA ‘needs to be mindful of using large consultant companies on an ongoing basis’. This was followed by the statement, ‘it is the delegate’s decision and the delegate ultimately takes responsibility where they believe this is the best value for money outcome for the DTA. The evaluation team and the [Executive Board …] determined that an approach to Nous […] was the most appropriate method of procurement and would ensure timely delivery of the services’.

A senior official from the corporate area wrote to the CEO later that day:

The Procurement team are pulling out all the stops to ensure we can onboard Nous Group well before the standard 10 day turnaround. Following the completion of the final evaluation today, we are seeking to include some minor commentary that supports the approach to only a single provider in a limited tender sense to ensure coverage should there be external criticism when the contract is published.

Later on 4 December 2020, a senior official from the business area sought approval from the CEO to engage Nous Group to assist in the DTA Review noting that they had directly approached Nous Group on the Digital Marketplace. The CEO responded the same day ‘while not part of our normal process, I’m happy to approve on the basis of urgency’.

A contract was signed with Nous Group on 7 December 2020 for $142,890 to work on the DTA Review.

On 24 December 2020 (17 days later), the business area requested a variation to the DTA Review contract with Nous Group — requesting an additional $58,500. An official in the corporate finance team raised concerns about this variation, stating:

The proposal is inconsistent with effective and ethical stewardship of public resources. I am also concerned that in mid-January, we will be asked for another increase. And then another. Until mysteriously, the total is equal to the excess amounts we were first offered and rejected as being unacceptable. It is unclear from the proposal what value is being added by the consultant, or what the consultant is doing, combined with a complete lack of tangible deliverables. Given the large number of APS already involved in this project, when DTA is paying [higher than market rates] per day for a consultant, they had better be delivering something exceptional.

The CEO approved the variation on 24 December 2020 for the additional spend of $58,500 — taking the total contract value up to $201,400.

On 22 January 2021, a senior official wrote to the CEO asking for urgent approval for additional funds for the DTA Review contract: ‘I am writing to seek your urgent approval […] The Nous Group has exhausted the funding envelope and as such, this extension will require your approval of an additional $58,685.’ The CEO approved the second variation to the DTA Review contract for a further $58,685, taking the total contract value up to $260,085.

As outlined in Table 4.4, the original contract with Nous Group, for myGov Funding Support, went on to be varied a further nine times with substantial changes to scope and value and with Nous Group working on up to four separate projects at one time. The corporate finance and procurement teams advised against several of the variations. In August 2021, the procurement team asked in response to a request for a seventh variation ‘Why aren’t we conducting an approach to market (rather than leveraging the Nous contract)?’. For what would become variation eight in September 2021, the procurement team asked why Nous Group was doing work on a separate project and stating, ‘I have previously provided advice that we are not comfortable with varying [the Nous Group] contract for that piece of work’ and reiterating that an approach to market should be conducted, as there had been ‘no competitive approach’ for the Nous Group contract.

4.40 These contracts with Nous, which were the result of direct approaches, are an example of the DTA leveraging contracts and substantially changing the scope of contracts through variations for multiple teams across the DTA. These types of procurement practices fall short of ethical behaviour requirements and in supporting the intent of the CPRs.73

4.41 As mentioned at paragraph 4.33, Finance guidance states that contracts should not be extended by variation due to a failure to appropriately plan procurement needs, to continue supplier relationships, or with the intention of avoiding competition or obligations under the CPRs.

Recommendation no.9

4.42 The Digital Transformation Agency strengthen its internal guidance and controls to ensure officials do not vary contracts to avoid competition or obligations and ethical requirements under the Commonwealth Procurement Rules.

Digital Transformation Agency response: Agreed.

Appendices

Appendix 1 Entity responses

The response from the Digital Transformation Agency. You can find a summary of the response in the summary and recommendations chapter of this report.
The response from the Department of Finance. You can find a summary of the response in the summary and recommendations chapter of this report.
The response from CyberCX.

Appendix 2 Improvements observed by the ANAO

1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of ANAO audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s 2021–22 Corporate Plan states that the ANAO’ s annual performance statements will provide a narrative that will consider, among other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

  • strengthening governance arrangements;
  • introducing or revising policies, strategies, guidelines or administrative processes; and
  • initiating reviews or investigations.

4. In this context, the below actions were observed by the ANAO during the course of the audit. It is not clear whether these actions and/or the timing of these actions were planned in response to proposed or actual audit activity. The ANAO has not sought to obtain assurance over the source of these actions or whether they have been appropriately implemented.

Table A.1: Improvements observed by the ANAO

Actions observed during the course of the audit

Report paragraphs

The DTA’s Executive Board started a review of the DTA’s risk management framework.

2.10–2.13; 2.20

The DTA updated its gifts and benefits policy and published a gifts and benefits register to its website.

2.69–2.78

In May 2022, the Digital Marketplace moved to buyICT.gov.au, which is a collection of seven ICT-related marketplaces. The DTA advised the ANAO in June 2022 that the new platform prompts buyers to approach at least three sellers and that opportunities are publicly accessible on the new website.

3.25

The CPRs were amended on 1 July 2022 to include a new paragraph (among other changes): ‘9.14. To maximise competition, officials should, where possible, approach multiple potential suppliers on a standing offer’.

3.42

   

Appendix 3 Ethical behaviour requirements

1. The Australian Parliament has established requirements in the Public Governance, Performance and Accountability Act 2013 (PGPA Act) including to require the Commonwealth and Commonwealth entities to use and manage public resources properly (section 5). The accountable authority for an entity responsible for relevant money has a duty under section 15 of the PGPA Act to promote the proper use of the money for which the accountable authority is responsible. ‘Proper’, when used in relation to the use or management of public resources, means efficient, effective, economical and ethical (section 8).

2. The Department of Finance PGPA Glossary defines ethical as:

the extent to which the proposed use of public resources is consistent with the core beliefs and values of society. Where a person behaves in an ethical manner it could be expected that a person in a similar situation would undertake a similar course of action. For the approval of proposed commitments of relevant money, an ethical use of resources involves managing conflicts of interests, and approving the commitment based on the facts without being influenced by personal bias. Ethical considerations must be balanced with whether the use will also be efficient, effective and economical.

3. The Australian Parliament has also established, through the Public Service Act 1999 (PS Act), the Australian Public Service (APS) Values set out in section 10. Subsection 10(2) states that: ‘The APS demonstrates leadership, is trustworthy, and acts with integrity, in all that it does’. The APS Commissioner has made directions under the PS Act including in subsection 16(f) requiring accountability of APS members by ‘being able to demonstrate clearly that resources have been used efficiently, effectively, economically and ethically’. A mandatory code of conduct is set out in section 13 of the PS Act for APS employees.

4. PGPA Act requirements, including ethical requirements, directly inform key public sector resource management frameworks for specific Australian public sector activities addressed through performance audits. These frameworks contain ethical requirements specific to the activity they regulate. For government procurement, the Commonwealth Procurement Rules (CPRs) state that ‘officials undertaking a procurement must act ethically throughout the procurement’ and outline key ethical behaviour expectations, which are set out in paragraphs 4.4, 6.5 and 6.6 of the CPRs, as outlined in the table below. For the ANAO, in conducting performance audits of procurement activities in entities subject to the PS Act, compliance with the CPRs is assessed against the background of the requirements of the PS Act.

5. In conducting performance audits of entities, the ANAO obtains evidence to inform an assessment of whether the audited entity executes its activities in accordance with the requirement to promote proper use of public money. Findings may be made as to whether the use or management of public money was efficient, effective, economical and ethical. In forming an overall conclusion in a performance audit, the ANAO may also form a view on whether the entity’s activities have been executed in accordance with both compliance with the Rules framework and the intent of that framework, including the requirements of the PS Act for the APS (the entity) to act with integrity in all that it does.

6. Where ANAO findings or a conclusion are made as to whether the use or management of public resources by the entity has been ethical, it is a matter for an accountable authority to assess whether the audit findings in the particular case reflect the broader posture of the entity or relate to individual APS staff conduct.

Table A.2: Key ethical behaviour requirements in the CPRs and instances of entity non-compliance

Key ethical behaviour requirements in the CPRs

Instances of non-compliance identified during the audit

Identifying and managing conflicts of interest (CPRs, paragraph 6.5).

Recognising and dealing with actual, potential and perceived conflicts of interest (CPRs, paragraph 6.6(a)).

  • Activity-specific declarations of interest were not made by officials involved in procurement (discussed at paragraphs 2.59–2.68)
  • Potential conflicts of interest were not appropriately handled (discussed in Case Study 1 and at paragraph 2.72)
  • Dealing with potential suppliers, tenderers and suppliers equitably (CPRs, paragraph 6.6(b).
  • Encouraging competition and being non-discriminatory (CPRs, paragraph 4.4(a)).
  • The DTA frequently approached only one supplier on the Digital Marketplace (discussed at paragraphs 3.26–3.33)
  • In one instance, the DTA approached 16 suppliers and then decided to contract a different supplier who had not submitted a tender under the initial request for quote (discussed in Case Study 4 in Chapter 3)
  • The DTA repeatedly varied a contract to change the scope of work and to substantially increase the value of the contract to 40 times the original value — the new scope of work should have been subject to a new approach to market where other suppliers would have had the opportunity to compete for the work (discussed at Case Studies 3 and 6 and paragraphs 4.37–4.42)
  • Seeking appropriate internal or external advice when probity issues arise (CPRs, paragraph 6.6(b)(i)).
  • High value procurements did not have a probity advisor (discussed at paragraph 2.53)
  • Not accepting inappropriate gifts or hospitality (CPRs, paragraph 6.6(b)(ii)).
  • The DTA has not reported on whether or not the CEO has received gifts or benefits, as required by the Australian Public Service Commission (discussed at paragraphs 2.75–2.78)
  • A DTA senior official accepted a $200 gift from a supplier, where the officer was in a position to make decisions on contracts involving this supplier (discussed at paragraph 2.72).
  • Carefully considering the use of public resources (CPRs, paragraph 6.6(c)).
  • Using public resources in an efficient, effective, economical and ethical manner (CPRs, paragraph 4.4(b)).
  • Evaluations did not include clear and transparent criteria and evaluation criteria were not provided to potential tenderers (discussed at paragraphs 3.51–3.53)
  • The DTA varied a contract 10 times to change the scope of work and to increase the value of the contract to 40 times the original value without providing a sound rationale for how the variations represented value for money and an efficient, effective, economical and ethical use of public resources (discussed at Case Studies 3 and 6 and paragraphs 4.37–4.42)
   

Source: ANAO analysis of the CPRs and DTA information.

Appendix 4 DTA procurement performance monitoring

Table A.3: DTA procurement performance monitoring

A table that lists nine procurement activities and each activities associated performance monitoring detail. An assessment of each activity’s performance monitoring performance is also made.

Note a: Procurement relates to the Australian Government’s response to the COVID-19 pandemic.

Source: ANAO analysis of DTA information.

Footnotes

1 When examining the compliance of a specific procurement with the Commonwealth Procurement Rules (CPRs), the ANAO considered the version of the CPRs that was in effect at the time the procurement was undertaken. For the audit sample, this was either the version that came into effect on 20 April 2019 or the subsequent version that came into effect on 14 December 2020. General references to the CPRs in this report (not in relation to a specific procurement) relate to the 2020 version of the CPRs, which was in effect at the time of audit fieldwork. An updated version of the CPRs came into effect on 1 July 2022.

2 Department of Finance, Commonwealth Procurement Rules, Finance, Canberra, 2020, para. 3.2 and 4.4.

3 Auditor-General Report No.4 2020–21 Establishment and Use of ICT Related Procurement Panels and Arrangements.

4 Ethical behaviour requirements are discussed in Appendix 3.

5 When examining the compliance of a specific procurement with the Commonwealth Procurement Rules (CPRs), the ANAO considered the version of the CPRs that was in effect at the time the procurement was undertaken. For the audit sample, this was either the version that came into effect on 20 April 2019 or the subsequent version that came into effect on 14 December 2020. General references to the CPRs in this report (not in relation to a specific procurement) relate to the 2020 version of the CPRs, which was in effect at the time of audit fieldwork. An updated version of the CPRs came into effect on 1 July 2022.

6 Department of Finance, Commonwealth Procurement Rules, Finance, Canberra, 2020, para. 2.7.

7 Department of Finance, Commonwealth Procurement Rules, Finance, Canberra, 2020, para. 4.4.

8 Department of Finance, Commonwealth Procurement Rules, Finance, Canberra, 2020, para. 4.4.

9 All procurements undertaken through a panel arrangement are reported as ‘open tender’ if the relevant panel was set up through an open tender process — even if the procurement itself is not ‘open’ and involved an approach to only one supplier on the panel.

10 The procurement threshold for non-corporate Commonwealth entities (other than for construction services) is $80,000. Exemptions are listed at paragraph 10.3 and Appendix A of the CPRs.

11 Department of Finance, Procuring from a panel – panels 101, available from https://www.finance.gov.au/government/procurement/buying-australian-government/procuring-panel-panels-101 [accessed March 2022], para. 9. On 1 July 2022 the CPRs were updated to include paragraph 9.14, which states ‘To maximise competition, officials should, where possible, approach multiple potential suppliers on a standing offer’.

12 Department of Finance, Contract Management Guide, December 2020, pp. 1–2. Available from https://www.finance.gov.au/government/procurement/contract-management-guide [accessed April 2022].

13 Department of Finance, Contract Management Guide, December 2020, p. 3. Available from https://www.finance.gov.au/government/procurement/contract-management-guide [accessed April 2022].

14 Auditor-General Report No.4 2020–21 Establishment and Use of ICT Related Procurement Panels and Arrangements.

15 The Digital Marketplace is an online marketplace of digital and ICT services. To be a seller on the marketplace, suppliers can apply to be assessed for a particular marketplace category. The DTA assesses suppliers based on the seller’s technical and commercial capabilities as well as proposed maximum daily rates. However, the maximum rates approved as part of the assessment process are not binding. Officials responsible for a procurement must make reasonable enquiries and be satisfied that the procurement achieves a value for money outcome — regardless of whether suppliers being approached are on a panel.

16 The ICT Coordinated Procurement Special Account was established for the purpose of administering the operations of centralised ICT procurement for the Australian Government. DTA spending through the ICT Coordinated Procurement Special Account totalled $314.7 million in 2019–20 and $384.9 million in 2020–21.

17 Accountable Authority Instructions are written instruments that may be issued by an entity’s accountable authority to instruct officials on matters relating to the finance law. They assist accountable authorities in meeting their general duties under the PGPA Act and establishing appropriate internal controls for their entity.

18 DTA’s Probity Guideline is discussed further at paragraphs 2.52 to 2.58, including an opportunity for improvement to update the guideline to provide further guidance on managing identified probity issues.

19 The DTA Corporate Plans for 2019–20, 20–21 and 2021–22 included strategic risks, but they did not include operational risks.

20 On 21 August 2019, 18 September 2019, 20 November 2019, 11 March 2020 and 17 June 2020.

21 On 19 August 2020, 16 September 2020, 18 November 2020, 10 March 2021 and 16 June 2021.

22 In the 18 months leading up to November 2021, the DTA had a turnover of 120 (of its approximately 250) staff.

23 This policy was prepared in 2018 by KPMG Australia. It was not available on the DTA intranet or referenced in DTA guidance on risk management in 2021–22.

24 As discussed at paragraphs 2.11 to 2.13, there was limited evidence that DTA’s Executive Board considered risk during 2019–20 and 2020–21.

25 This letter outlined two stages: Stage 1 — initial assessment of whether there is likely to have been fraudulent conduct, which would enable a decision other whether to progress to stage 2 or conclude the matter if there is no indication of fraudulent conduct; and Stage 2 — detailed investigation of the fraudulent conduct, including preparation of a report and brief of evidence if required. Only stage 1 was completed.

26 Department of Finance, Ethics and Probity in Procurement [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/ethics-and-probity-procurement [accessed February 2022].

27 Department of Finance, Ethics and Probity in Procurement [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/ethics-and-probity-procurement [accessed February 2022].

28 Ethical behaviour requirements are discussed in Appendix 3.

29 The DTA Probity Guideline defines DTA Affiliates as ‘a contractor or other person engaged by the DTA to perform services for the DTA’.

30 Department of Finance, Ethics and Probity in Procurement, [Internet], Finance, available from https://www.finance.gov.au/government/procurement/buying-australian-government/ethics-probity-procurement [accessed February 2022].

31 Department of Finance, Ethics and Probity in Procurement [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/ethics-and-probity-procurement [accessed February 2022].

32Public Service Act 1999 (Cth), subsection 13(10).

33 The DTA gifts and benefits policy defines ‘consequential gifts or benefits’ as those with a value of $200 or more or under $200 with a characteristic that would suggest public scrutiny is justified, such as gifts of cash or cash-like items (e.g., gift cards) or where there is a clear intention to influence a DTA employee.

34 Finance guidance states that: ‘officials must not accept hospitality, gifts or benefits from any potential suppliers’. See Department of Finance, Ethics and Probity in Procurement [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/ethics-and-probity-procurement [accessed February 2022]. The DTA gifts and benefits policy states that before accepting a gift, DTA employees must consider (among other things) ‘any perceived conflict of interest and public perception of receiving the gift’ and ‘the relationship the DTA has with the person, company or organisation offering the gift, for example, if there is a contractual relationship’.

35 DTA, Gifts and Benefits Register 2021–22 [Internet], available from https://www.dta.gov.au/about-us/reporting-and-plans/gifts-and-benefits-register-2021-22 [accessed 22 June 2022].

36 Ethical behaviour requirements are discussed in Appendix 3.

37 As discussed at paragraph 1.16, the ANAO examined a sample of nine procurements for ICT-related services undertaken by the DTA with a published start date in 2019–20 and 2020–21, which were selected on the basis of value, risk, relevance and type of procurement. Three of the nine procurements in the ANAO’s sample relate to the Australian Government’s response to the COVID-19 pandemic: myGov Upgrade Horizon 1; COVIDSafe App Development; and COVIDSafe App Enhancements.

38 The expected value is the maximum value (including GST) of the proposed contract, including options, extensions, renewals or other mechanisms that may be executed over the life of the contract. Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 9.2.

39 Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 8.1.

40 Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 8.2.

41 Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 9.2.

42 The procurement threshold for non-corporate Commonwealth entities (other than for construction services) is $80,000. Exemptions are listed at paragraph 10.3 and Appendix A of the CPRs. Paragraph 9.12 of the CPRs further states that procurements from an existing standing offer (such as a panel arrangement) are not subject to the rules in Division 2 of these CPRs. Paragraph 3.9 of the CPRs states that these exemptions do not prevent an entity from voluntarily conducting procurements in accordance with some or all of the processes and principles of Division 2.

43 Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 9.10. Appendix A of the CPRs provides a list of 17 exemptions.

44 Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 9.11.

45 Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 10.5.

46National Innovation and Science Agenda Welcome to the Ideas Boom, p.15 [Internet], available from https://www.industry.gov.au/sites/default/files/July%202018/document/pdf/national-innovation-and-science-agenda-report.pdf?acsf_files_redirect [accessed May 2022].

47 The Commonwealth Procurement Rules define an SME as ‘an Australian or New Zealand firm with fewer than 200 full-time equivalent employees’.

48 DTA advised the ANAO in June 2022 that since August 2016, 24 per cent of opportunities (including labour hire) had been open to all sellers (in the relevant category) and 21 per cent of opportunities (including labour hire) went to a single seller.

49 The DTA used pre-existing panels for 382 procurements in 2020–21; of these, 272 (71 per cent) were undertaken through the Digital Marketplace panel.

50 The HGIT Program Support procurement included two approaches. The second approach was a direct approach to one supplier, as discussed in Case Study 4.

51 The Commonwealth Procurement Rules define an SME as ‘an Australian or New Zealand firm with fewer than 200 full-time equivalent employees’.

52 Auditor-General Report No.31 2011–12 Establishment and Use of Procurement Panels, paragraph 20, p. 21.

53 Auditor-General Report No.31 2011–12 Establishment and Use of Procurement Panels, p. 30.

54 Auditor-General Report No.27 2019–20 Australian Government Procurement Contract Reporting Update, paragraph 4.3 and Figure 4.1.

55 Auditor-General Report No.4 2020–21 Establishment and Use of ICT Related Procurement Panels and Arrangements, paragraph 4.8.

56 The ANAO has found other Australian Government entities have used panels to approach single suppliers with insufficient consideration of value for money. For example, see: Auditor-General Report No.4 2020–21 Establishment and Use of ICT Related Procurement Panels and Arrangements, paragraph 4.37; Auditor-General Report No.1 2021–22 Defence’s Administration of Enabling Services — Enterprise Resource Planning Program: Tranche 1, paragraph 3.76; and Auditor-General Report No.30 2021–22 Procurement by the National Capital Authority, paragraph 2.26.

57 Department of Finance, Corporate Plan 2021–22, p. 6, available from https://www.finance.gov.au/sites/default/files/2021-08/Corporate-Plan-2021-22.pdf [accessed May 2022].

58 Department of Finance, Procuring from a panel – panels 101, Finance, Canberra, 2021, available from https://www.finance.gov.au/government/procurement/buying-australian-government/procuring-panel-panels-101 [accessed 21 March 2022].

59 Department of Finance, Procuring from a panel – panels 101, Finance, Canberra, 2021, available from https://www.finance.gov.au/government/procurement/buying-australian-government/procuring-panel-panels-101 [accessed 21 March 2022].

60 Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 7.12.

61 Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 7.17.

62 Department of Finance, Commonwealth Procurement Rules, December 2020, paragraph 4.4.

63 Department of Finance, Commonwealth Procurement Rules, Finance, Canberra, 2020, para. 8.2.

64 Ethical behaviour requirements are discussed in Appendix 3.

65 Department of Finance, Contract Management Guide, December 2020, pp. 12–13. Available from https://www.finance.gov.au/government/procurement/contract-management-guide [accessed April 2022].

66 Department of Finance, Contract Management Guide, December 2020, p. 17. Available from https://www.finance.gov.au/government/procurement/contract-management-guide [accessed April 2022].

67 RMG 417 Supplier Pay On-Time or Pay Interest Policy was updated on 1 July 2022: ‘The 1 July 2022 Supplier Pay On-Time or Pay Interest Policy […] replaces the previous version dated 1 January 2020. […] the $1 million threshold has been removed and the maximum payment terms now apply to all contracts regardless of value.’ Department of Finance, Supplier Pay On-Time or Pay Interest Policy (RMG 417). Available from https://www.finance.gov.au/publications/resource-management-guides/supplier-pay-time-or-pay-interest-policy-rmg-417 [accessed September 2022].

68 The SDO provides shared services for Australian Government entities, including payroll administration, accounts payable and accounts receivable.

69 Goods receipt is the process where a DTA contract manager verifies the description of goods on the invoice and confirms all goods have been received and the invoice can be paid.

70 Ethical behaviour requirements are discussed in Appendix 3.

71 Department of Finance, Contracts End Dates [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/contracts-end-dates [accessed January 2022].

72 Department of Finance, Contracts End Dates [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/contracts-end-dates [accessed January 2022].

73 Ethical behaviour requirements are discussed in Appendix 3.