Introduction

1.1 Auditor-General Report No. 5 2022–23 Digital Transformation Agency’s Procurement of ICT Related Services (Auditor-General Report No. 5 2022–23) assessed the effectiveness of the Digital Transformation Agency’s (DTA’s) procurement of ICT-related services. The audit report was tabled in the Parliament in September 2022 and concluded that the DTA’s:

• procurement of ICT-related services had been ineffective for nine procurements examined by the Australian National Audit Office (ANAO);
• implementation and oversight of its procurement framework had been weak;
• conduct of procurements had not been effective and its approach fell short of ethical requirements; and
• the DTA’s management of contracts for the procurements examined was not effective.¹¹

1.2 Auditor-General Report No. 5 2022–23 included nine recommendations, of which eight were directed to the DTA and were agreed to. These recommendations were aimed at improving compliance with the Commonwealth Procurement Rules (CPRs) and ensuring officials have a sufficient understanding of procurement requirements (see Appendix 3, Table A.3) for full details of the recommendations). The remaining recommendation (Recommendation 5) was directed to the Australian Government. The Department of Finance (Finance), as the entity with responsibility for administering the procurement framework, ‘noted’ rather than agreed or disagreed to the recommendation, which is normal practice for these types of recommendations.¹²

Parliamentary inquiry

1.3 On 30 September 2022, the Joint Committee of Public Accounts and Audit (JCPAA) commenced an inquiry into Commonwealth procurement ‘with a view to improving the culture of how procurement rules and guidelines are implemented across the Australian Public Service.’¹³

1.4 In August 2023, the JCPAA tabled Report 498: ‘Commitment issues’ - An inquiry into Commonwealth procurement (Report 498). Report 498 included 19 recommendations. Recommendations 11 and 13 are in the scope of this audit (see Appendix 3, Table A.3). These recommendations related to the DTA updating the JPCAA on the progress of improvements to its procurement processes and its audit committee reviewing procurement risk and controls; and the DTA ensuring that procurement is subject to the agency’s internal audit program. The DTA agreed to these recommendations in January 2024.¹⁴

Rationale for undertaking the audit

1.5 Parliamentary committee and Auditor-General reports provide recommendations to address identified risks related to the successful delivery of government outcomes. The appropriate and timely implementation of agreed recommendations is an important part of realising the full benefit of a parliamentary inquiry or ANAO audit and demonstrating accountability to the Parliament. This audit provides assurance to the Parliament as to whether the recommendations directed to the DTA and the one recommendation directed to the Australian Government¹⁵ were implemented, as agreed, and whether the procurement reforms were successful.

1.6 The JCPAA recommended in Report 498 that:

the Australian National Audit Office consider conducting a follow up audit within three years of the tabling of this report to determine the success or otherwise of the Digital Technology Agency’s procurement reforms.¹⁶

1.7 The ANAO agreed to the recommendation in December 2023 and advised the JCPAA that ‘The ANAO will include a follow-up audit on the Digital Transformation Agency’s procurement processes in the ANAO’s 2024–25 Annual Audit Work Program.’¹⁷

Audit approach

Audit objective, criteria and scope

1.8 The objective of the audit was to assess the effectiveness of the implementation of procurement reforms by the DTA and Finance following on from Auditor-General Report No. 5 2022–23 Digital Transformation Agency’s procurement of ICT-related services.

1.9 To form a conclusion against the audit objective, the following high-level criteria were adopted.

• Have the DTA and Finance effectively implemented selected Joint Committee of Public Accounts and Audit and Auditor-General recommendations?
• For a sample of procurements, has the DTA conducted an effective procurement process to achieve value for money?

Procurements examined in this audit

1.10 The ANAO selected a sample of four procurements (one procurement resulted in two separate contracts) undertaken by the DTA with AusTender¹⁸ publication dates ranging from March to July 2024. The details of the procurements and contracts are outlined in Table 3.1.

1.11 The sample did not include procurements related to whole-of-government arrangements, which are set up for Commonwealth entities to use when procuring certain goods or services.¹⁹ The DTA advised the ANAO in August 2024 that the reforms relating to the implementation of recommendations had not been applied to the DTA’s whole-of-government procurement activities.²⁰ This is discussed further in paragraphs 2.26 to 2.30.

Audit methodology

1.12 The audit methodology included:

• reviewing entity documentation such as internal guidance, management reports, audit and risk committee papers, meeting minutes, and other supporting evidence relevant to the scope of this audit; and
• conducting meetings with relevant DTA and Finance senior officials and officers involved in the implementation of recommendations and procurement activities.

1.13 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $857,000.

1.14 The team members for this audit were Grace Guilfoyle, James Sheeran, Jo Rattray-Wood, Irena Robertson, Pam O’Connor, Elias Alikhani, Alannah Perry, Malinda Donny and Susan Drennan.

2.1 Previous ANAO audits relating to the implementation of parliamentary committee and Auditor-General recommendations have identified that the successful implementation of recommendations requires:

• effective implementation planning;
• having systems in place to monitor and track the implementation of recommendations; and
• oversight and assurance of implementation.²¹

Did the DTA and Finance develop fit-for-purpose implementation plans for each of the selected recommendations?

2.2 Timely and effective implementation of recommendations is facilitated by fit-for-purpose implementation plans that clearly identify the intent of the recommendations and associated actions, set clear responsibilities and timeframes for addressing required actions and measures of success and/or outcomes to be realised.²² Where implementation plans are not prepared, past audit evidence indicates that actions are not always implemented to address the identified issue, not implemented in a timely way, or not implemented at all.²³ Determining what constitutes fit for purpose will depend on the size of the entity, the nature of its business, its governance structure, and the number and frequency of recommendations requiring attention.

2.3 Table 2.1 outlines the ANAO’s assessment of the DTA’s and Finance’s practices for implementation planning for JCPAA and Auditor-General recommendations.

Table 2.1: Assessment of implementation planning practices for JCPAA and Auditor-General recommendations, as at May 2025

Key: ■ No documented requirement and no practice established ▲ No documented requirement but practice established ◆ Requirement is documented and practice established

Note a: For the DTA, the ANAO examined implementation planning practices for the two JCPAA and eight Auditor-General recommendations in scope for of this audit. For Finance, the ANAO examined implementation planning practices for the one Auditor-General recommendation (made to the Australian Government and implemented by Finance) in scope for this audit.

Note b: The DTA did not have a documented requirement to develop an implementation plan for JCPAA and Auditor-General recommendations. Given the details captured in the DTA’s recommendation tracking documents contained components commonly found in an implementation plan (see paragraph 2.5), the ANAO considered that there was an established practice for implementation planning.

Note c: During the period that Finance was implementing the selected Auditor-General recommendation, there were no documented requirements in place for implementation plans, risk ratings or the establishment of action items for the open recommendations. Given the details captured in Finance’s audit recommendations tracker contained components commonly found in implementation plans, the ANAO considered that there was an established practice for implementation planning. Finance advised the ANAO in November 2024 that it assigned risk ratings to ANAO and JCPAA recommendations following a review of open recommendations (see Table A.2). As at June 2025, finalisation of an implementation plan template and supporting guidance remained underway.

Source: ANAO analysis of DTA and Finance documentation.

Digital Transformation Agency

2.4 The DTA does not have a documented policy or procedure to guide the implementation of JCPAA and Auditor-General recommendations. The DTA advised the ANAO on 28 October 2024 that the internal audit manual ‘has some high level information on closure of recommendations’, and later advised the ANAO in December 2024 that:

Due to the timing of development, the internal audit manual was not used in the process of identifying, responding to, implementation planning, [or] implementation of the recommendations from the ANAO.

2.5 The DTA’s recommendation tracking spreadsheets contained components commonly found in an implementation plan. This included details of the assigned responsible officers²⁴, implementation due dates, and action items.

2.6 Risk ratings were not assigned to the 10 selected JCPAA and Auditor-General recommendations. Assigning risk ratings can help identify the impact on the entity if recommendations are not implemented. The DTA advised the ANAO in November 2024 that the DTA Executive Board considered the implementation of recommendations to be a high priority.²⁵ The DTA further advised the ANAO in May 2025 that ‘for the DTA, any recommendations from ANAO and JCPAA were of great significance, which in practice translated to being a default high risk rating for the DTA.’

Department of Finance

2.8 During a previous ANAO performance audit, a recommendation was made to Finance to strengthen its internal planning arrangements for the implementation of agreed parliamentary committee and Auditor-General recommendations.²⁶ As at June 2025, implementation of this recommendation was still underway (see Table 2.1). Finance recorded the one selected Auditor-General recommendation in its audit recommendations tracker. Finance identified the assigned action officer, responsible officer, and recorded comments on the planned implementation timeframes and action items, and progress to implement the recommendation.²⁷ Finance did not assign a risk rating. Finance advised the ANAO in November 2024 that risk ratings were assigned to ANAO and JCPAA recommendations following a review of open recommendations (see Appendix 2, Table A.2).

Did the DTA and Finance effectively monitor the implementation of selected recommendations?

2.9 Effective monitoring requires oversight arrangements and an approach that accurately tracks progress and records the actions of the business area, or individual, responsible for implementing a recommendation. Where an audit committee has a role in monitoring the implementation of recommendations²⁸, entities should provide the committee with sufficient and appropriate information to enable the committee to provide informed advice and assurance to the accountable authority regarding the implementation of individual recommendations.

Digital Transformation Agency

Monitoring

2.10 The DTA does not have documented arrangements in place for monitoring JCPAA and Auditor-General recommendations. The DTA provided updates to its ARC²⁹ and Executive Board on progress toward implementation of the recommendations.

2.11 Between August 2023 and November 2024, the DTA’s ARC was provided with four progress updates on JCPAA Recommendation 11 and seven updates on Recommendation 13. The DTA’s ARC received evidence of implementation for the two selected JCPAA recommendations. At its 27 March 2024 meeting, the DTA ARC received a copy of the letter sent to the JCPAA that evidenced the implementation of JCPAA Recommendation 11. For JCPAA Recommendation 13, the ARC received separate briefs on the internal audit program, which reflected the work that the DTA was doing to include an audit topic on procurement in the program.³⁰

2.12 Progress updates to the DTA ARC on the Auditor-General recommendations commenced in September 2022 in the form of verbal updates. Between November 2022 and November 2024, the DTA ARC received written updates for all selected recommendations. This included information on the implementation status, responsible officers, due dates, and written advice on progress.³¹ For the JCPAA recommendations, the ARC received evidence of implementation for all Auditor-General recommendations.

2.13 Between June 2023 and November 2024, the DTA’s Executive Board considered a summary of JCPAA and Auditor-General recommendations. Two summaries included information on the progress of the closure process involving the ARC (see Table 2.6) and three updates on the progress of an April 2024 management initiated review on procurement, which assessed the implementation of recommendations from Auditor-General Report No. 5 2022–23 and found that none of the recommendations had been implemented.³² The DTA provided updates on the implementation of all Auditor-General recommendations to the responsible Minister.

Timeliness

2.14 The DTA addressed JCPAA Recommendation 11 within the six-month timeframe required by the JCPAA.³³ JCPAA Recommendation 13 had a due date set by the DTA of 30 November 2023. The DTA advised the ANAO in May 2025 that ‘The actions [for this recommendation] were substantively in place as the DTA Strategic Internal Audit Plan was finalised in October 2023 which included the planned internal audit on procurements.’ The DTA reported to the ARC in November 2024 that this recommendation was proposed for closure, citing a completion date of 30 June 2024 (seven months after the DTA’s original due date). The DTA advised the ANAO in November 2024 that:

We have treated this as an ongoing matter and further actioned the internal audit side by including a procurement audit in the 2023-24 Strategic Internal Audit Plan (SIAP) for 2023-24 (finalised in October 2023), as well as future internal audit outlooks for 2024-25 and 2025-26 on procurement topics.

2.15 The DTA did not implement the eight Auditor-General recommendations within the original planned timeframe of 9.3 months. The DTA first closed the Auditor-General recommendations in August 2023, after they had been open for 11.1 months. The recommendations were subject to further reviews of their closure reports, with the final closure being approved by the Chief Audit Executive (CAE) in September 2024, 24.1 months after Auditor-General Report No. 5 2022–23 tabled. Recommendation closure is discussed in Table 2.6.

Department of Finance

Monitoring

2.16 Finance’s Legal and Assurance Branch is responsible for monitoring JCPAA and Auditor-General recommendations and maintains an audit recommendations tracker.³⁴ Action officers are required to submit implementation progress updates for discussion at Finance’s ARC³⁵, which are approved by the allocated responsible officer and collated by officials in the Legal and Assurance Branch.

2.17 Finance’s ARC monitored the implementation of the recommendation through progress reporting at nine of 10 meetings held between November 2022 and September 2024 (the period during which the recommendation was open).³⁶ Written progress updates were provided to the ARC on seven occasions for the recommendation. These updates focused on the planned implementation timeframes. Details on the specific actions taken to implement the recommendation were provided at the time the recommendations were proposed for closure.³⁷

2.18 Finance’s Performance and Risk Committee (PRC) was established in February 2023 as a subcommittee of Finance’s Executive Board.³⁸ Under its March 2023 terms of reference, one of the PRC’s responsibilities is to provide oversight of ‘internal business improvement activities and recommendations arising from internal audit (and external audit as appropriate), ensuring responsibility for business improvements and resource implications are assessed, considered and progressed as appropriate’.

2.19 Finance’s Assurance and Risk Standard Operating Procedure states that from November 2023, the PRC would ‘play a key role in overseeing the response and implementation to recommendations’. Finance advised the ANAO in December 2024 that ‘Reporting on open external audit recommendations was incorporated into Assurance Reporting to the Performance and Risk Committee in February 2024, May 2024 and August 2024.’ The PRC received updates at these meetings on the recommendation as part of a quarterly assurance report, which indicated that the recommendation was open and stipulated the responsible business area for implementing the recommendation. The recommendation was reported to the PRC as closed in October 2024. The updates did not contain information on progress towards implementation or documentation supporting the closure of the recommendation.

Timeliness

2.20 As discussed in paragraph 1.2, the one selected Auditor-General recommendation was made to the Australian Government in September 2022. Finance ‘Noted’ the recommendation and advised that it ‘will consider options for entities to report on how many suppliers have been approached from a standing offer arrangement, and options to enhance functionality for reporting contract notices from standing offers in future updates to AusTender’.³⁹

2.21 In November 2022, Finance commenced reporting the recommendation as ‘open’ to the Finance ARC (see paragraph 2.17). In August 2023, Finance advised the ARC that the recommendation would take until 2025 to implement. The planned implementation timeframe for the recommendation was later changed to July 2024, which was met.

Were the selected recommendations implemented in full, and closed in accordance with requirements?

2.22 Effective and timely implementation of agreed recommendations contributes to realising the full benefit of a parliamentary committee inquiry or an ANAO audit and demonstrates accountability to the Parliament.⁴⁰ When recommendations have been implemented, it is important they are formally closed and that prior to closure, evidence of implementation is subject to an appropriate level of scrutiny to ensure recommendations have been implemented in full and in accordance with the intent of the recommendation.⁴¹ Closing recommendations prevents recommendations from remaining unresolved and promotes accountability by confirming that entities have addressed identified issues.

2.23 The ANAO assessed the implementation status for the 11 selected JCPAA and Auditor-General recommendations. The categories for assessment are outlined in Table 2.2.

Table 2.2: Implementation status of recommendations — ANAO assessment categories

Source: ANAO documentation.

2.24 Table 2.3 outlines the ANAO’s assessment of the DTA and Finance’s implementation of recommendations against the intention of the original recommendation and compared with the entities recorded status.

Table 2.3: Implementation status of recommendations — summary of entity and ANAO assessments

Note a: The details of each recommendation are provided in Appendix 3.

Note b: Highlighted yellow shading indicates that the ANAO’s assessment differed from the entity’s assessment for the recommendations.

Source: ANAO analysis.

Digital Transformation Agency

JCPAA recommendations

2.25 The ANAO’s assessment differed from the DTA’s assessment of the selected JCPAA recommendations, as outlined in Table 2.4.

Table 2.4: Joint Committee of Public Accounts and Audit, Report 498: ‘Commitment issues’ - An inquiry into Commonwealth procurement — ANAO assessment of DTA implementation, at May 2025

Note a: While the management initiated review was finalised in April 2024, an earlier version was discussed at the March 2024 DTA ARC meeting.

Source: ANAO analysis of DTA documentation.

Auditor-General recommendations

2.26 Tabling in the Parliament of an agreed response to a parliamentary committee or Auditor-General recommendation is a formal commitment by the government or an entity to implement the recommended action. The Parliament’s expectation is that the entity makes improvements that address the deficiency identified. Agreement to implement recommendations should not be qualified.

2.27 The DTA advised the ANAO in August 2024 that changes made in response to the selected JCPAA and Auditor-General recommendations were limited to the DTA’s internal procurement activities and were not implemented for DTA procurement activities relating to the establishment of whole-of-government procurement arrangements.⁴² When the DTA’s ARC received updates on implementation progress, it did not receive explicit advice explaining the limitations to the extent of the DTA’s implementation of procurement reforms across the organisation.⁴³ The DTA advised the ANAO in May 2025 that:

the agency’s administration of its whole-of-government sourcing responsibilities is structurally separated from corporate/internal procurement functions with wholly separate policies and procedures including extensive specialist legal, commercial and probity support. The DTA’s view is that no qualification on the scope of the recommendations was needed as the findings and recommendations were not developed based on any assessment or audit activity of these arrangements.⁴⁴

2.28 Parliamentary committee inquiry reports and Auditor-General reports identify risks to the successful delivery of outcomes and provide recommendations to address them. Entities should ensure that the risks or issues that led to recommendations being made are addressed across all their operations. Section 16 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) establishes a ‘duty to establish and maintain systems relating to risk and control’ for accountable authorities.⁴⁵ Accountable authorities require assurance that the underlying risks and issues that have resulted in recommendations being made are addressed and improvements have been embedded across the entity.

2.29 Recommendations are made to an entity, not a structure within it. Establishment and administration of procurement panels and arrangements are subject to the procurement framework, which includes the Commonwealth Procurement Rules (CPRs). Paragraph 2.2 of the CPRs states that ‘Officials from non-corporate Commonwealth entities … must comply with the CPRs when performing duties related to procurement.’ Many of the risks relating to recommendations made in Auditor-General Report No. 5 2022–23 apply to the DTA’s procurement-related activities at an enterprise level, including relating to whole-of-government procurement arrangements.

2.30 The DTA advised the ANAO in August 2025 that ‘Considerations of the applicability of those recommendations across the organisation, including the DTA’s whole-of-government procurement activities has occurred at the business unit level.’ The DTA provided the ANAO with an assessment of the applicability of the recommendations to the DTA’s whole-of-government procurement activities in August 2025.

2.32 The ANAO’s assessment differed from the DTA’s assessment of the selected Auditor-General recommendations, as outlined in Table 2.5.

Table 2.5: Auditor-General Report No. 5 2022–23 Digital Transformation Agency’s Procurement of ICT Related Services — ANAO assessment of DTA implementation, at May 2025

Note a: The internal audit report included three recommendations, which were closed in August 2023.

Source: ANAO analysis of DTA documentation.

2.33 The DTA advised the ANAO in May 2025 that as part of ‘procurement uplift’ activities, it would:

Develop new training module for all non-SES staff, complementing APS foundational courses in Fraud and Corruption, Integrity in the APS and Commonwealth Resource Management and ensuring all staff understand procurement requirements.

Ensuring all relevant staff complete procurement-related training is important to successfully building capability.

Closure

2.35 Throughout 2023 and 2024, the DTA engaged in discussions with its ARC on an appropriate closure process for Auditor-General recommendations. In July 2024, the DTA documented closure processes for internal audit recommendations in the DTA’s internal audit manual. The internal audit manual does not explicitly state that these processes apply to external recommendations such as parliamentary committee or Auditor-General recommendations. As discussed in paragraph 2.4, the DTA advised the ANAO in December 2024 that the audit manual was not followed for the implementation of Auditor-General recommendations. In practice, the DTA’s process for closing Auditor-General recommendations was aligned to the internal audit manual. Under the July 2024 internal audit manual, the recommendation closure process included the preparation of closure report forms, with supporting evidence, and requires approval from the responsible officer and from the CAE.⁴⁶ The internal audit manual states that:

The decision to close an audit recommendation is a management decision … Closures will be reported at the next ARC meeting. The ARC will provide independent oversite [sic] of closure requests and if they have any concerns about closure, they will advise the CAE [Chief Audit Executive] of their opinion. Should an instance arise where their concerns have been raised with the CAE and the ARC believes that the closure of an audit recommendation exposes the DTA to unreasonable risk, the Chair will discuss their concerns with the CEO at their private meeting after each ARC meeting.

2.36 The timeline for the DTA’s closure of the JCPAA and Auditor-General recommendations is outlined in Table 2.6.

Table 2.6: Timeline for closing the JCPAA and Auditor-General recommendations

Note a: The DTA’s response to the JCPAA is available at Parliament of Australia, Government Response Executive Minute Digital Transformation Agency - Report 498 - Recommendations 11 and 13, Parliament of Australia, Canberra, 2024, available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public _Accounts_and_Audit/CommonwealthProcurement/Government_Response [accessed 16 September 2025].

Note b: A senior responsible officer is an Executive Board member with overall responsibility for the implementation of the recommendation.

Source: ANAO review of DTA documentation.

2.37 The closure processes, while matching the process outlined in the DTA’s internal audit manual for the Auditor-General recommendations (see paragraph 2.35), did not support the effective implementation of recommendations. There is no record that the ARC supported the closure of the JCPAA or Auditor-General recommendations. The DTA ARC’s oversight role would be enhanced by it scrutinising implementation of recommendations prior to their closure by management and clearly documenting whether or not it supports recommendation closure.

Department of Finance

2.41 Finance implemented the one selected Auditor-General recommendation made to the Australian Government. Finance implemented a new reporting field for contract notices on AusTender for ‘suppliers invited’. For contracts entered into from 1 July 2024, if a procurement was limited tender or through a standing offer arrangement, entities have been required to identify the number of suppliers invited to participate in the procurement process. The reporting field became mandatory for entities from 1 July 2025. Finance advised the ANAO in August 2025 that ‘100% of entities that are required to report on AusTender are reporting on the new fields from 1 July 2025.’ Finance also updated its Resource Management Guide 423: Procurement Publishing and Reporting Obligations to reflect the changes to reporting requirements.

Closure

2.42 Finance closed the Auditor-General recommendation in accordance with its documented requirements by preparing closure reports in June 2024 that summarised the action taken to implement and close the recommendation.⁴⁷ The closure reports referenced evidence of implementation and included comments from Finance’s internal audit provider, noting the evidence provided and advising support for closure. The Head of Internal Audit indicated support for closure and this was recorded in Finance’s audit recommendations tracker. The responsible officer approved the closure reports in August 2024. In September 2024, the closure reports were provided to Finance’s ARC, which endorsed the closure of the recommendation.

2.43 Finance’s closure process for Auditor-General recommendation involves internal assurance arrangements that allows for the scrutiny of implementation activities. Undertaking an assurance process before closing a recommendation can support entities to consider whether a recommendation has been implemented in full and in accordance with the intent of the recommendation.

3.1 The ANAO assessed a sample of four procurements⁴⁸ to determine whether:

• the DTA complied with selected requirements of the Commonwealth Procurement Rules (CPRs); and
• actions taken by the DTA, in response to the selected Joint Committee of Public Accounts and Audit (JCPAA) and Auditor-General recommendations (see Appendix 3), had been applied in practice.

3.2 The details of the four procurements are outlined in Table 3.1.

Has the DTA complied with selected requirements of the Commonwealth Procurement Rules (CPRs)?

3.3 To assess the DTA’s compliance with selected requirements of the CPRs for the four sampled procurements, the ANAO reviewed the DTA’s:

• procurement planning and approach to market considerations;
• risk management;
• probity management;
• tender evaluation and value for money assessments;
• notifying and debriefing tenderers;
• AusTender reporting; and
• recordkeeping.

3.4 The ANAO had regard to whether actions taken by the DTA in response to the selected JCPAA and Auditor-General recommendations (see Appendix 3) had been applied in practice, where applicable.

Procurement planning and approach to market considerations

3.5 Fit-for-purpose planning aims to achieve the efficient, effective, ethical and economical procurement practices required under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the CPRs.⁴⁹ Of the eight Auditor-General recommendations directed to the DTA in Auditor-General Report No. 5 2022–23, two related to effective planning for procurements.⁵⁰

3.6 For the four sampled procurements, the ANAO assessed whether the DTA:

• established a procurement plan for each procurement;
• estimated the value of the procurement;
• undertook a procurement approach that encouraged competition; and
• established evaluation criteria that enabled comparison of submissions and supported the achievement of value for money outcomes.

3.7 Table 3.2 outlines the outcomes of the assessment.

Table 3.2: Assessment of procurement planning and approach to market considerations^a

Key: ◯ Not met or not compliant ◑ Partly met or partly compliant ● Fully met or fully compliant

Note a: Only the ‘estimated value of procurement’ and ‘procurement approach encouraged competition’ columns of the table are mandatory CPR requirements for all procurements. Others are considered better practice or were requirements introduced by the DTA.

Note b: Paragraph 5.1 of the CPRs states ‘Competition is a key element of the Australian Government’s procurement framework. Effective competition requires non-discrimination and the use of competitive procurement processes.’

Note c: Paragraph 7.12 of the CPRs states ‘Relevant entities should include relevant evaluation criteria in request documentation to enable the proper identification, assessment and comparison of submissions on a fair, common and appropriately transparent basis’. This is better practice not a requirement.

Source: ANAO analysis of DTA information.

Procurement plans

3.8 As outlined in Table 2.5 and in response to Auditor-General Recommendation 5, the DTA introduced a mandatory procurement checklist, and procurement and evaluation plan, which are required to be completed for all procurements and must be approved by the relevant delegate.⁵¹ These documents are developed by the relevant business area with advice from the DTA’s Corporate Procurement Team.

3.9 The mandatory procurement checklist was completed for three of the four sampled procurements.⁵² The reuse assessment, cloud native secure internet gateway and labour hire procurements had Evaluation and Procurement plans approved by a delegate. For the limited tender office fitout procurement, a procurement plan was drafted but was not finalised. The DTA advised the ANAO in January 2025 that the plan was not considered appropriate for the procurement and was replaced by a minute to the relevant financial delegate.⁵³ The minute included elements of the DTA Evaluation and Procurement Plan template but did not document the evaluation criteria, the planned evaluation process, procurement risk, justification for the suppliers to be approached and the proposed evaluation panel.

Estimating the expected value

3.11 The CPRs allow for two procurement methods: open tender⁵⁴ and limited tender.⁵⁵ For procurements at or above the relevant procurement thresholds⁵⁶, limited tender can only be conducted in accordance with the circumstances prescribed in paragraph 10.3 of the CPRs, or when a procurement is exempt in accordance with Appendix A to the CPRs.⁵⁷ The CPRs require that ‘the expected value of a procurement must be estimated before a decision on the procurement method is made.’⁵⁸ Part of Recommendation 4 from Auditor-General Report No. 5 2022–23 related to estimating the expected value of procurements before determining the procurement method.⁵⁹

3.12 The expected value of each of the four sampled procurements was estimated prior to the DTA approaching the market. The four sampled procurements were identified by the DTA as being greater than the $80,000 threshold for open tender.⁶⁰ For the office fitout procurement, the minute to the delegate noted that the estimated value was below the $7.5 million threshold for procurements of construction services, which meant a limited tender approach was permissible under the CPRs. As all four procurements had an estimated value greater than $200,000, the Australian Government’s Indigenous Procurement Policy Mandatory Set Aside did not apply.⁶¹

Encouraging competition

3.13 The CPRs state that ‘Competition is a key element of the Australian Government’s procurement framework. Effective competition requires non-discrimination and the use of competitive procurement processes.’⁶² The reuse assessment and labour hire procurements were undertaken through the Digital Marketplace panel and the cloud native secure internet gateway procurement was undertaken through the Cloud Marketplace panel.⁶³ These panels are ‘standing offers’.⁶⁴ Paragraph 9.12 of the CPRs states: ‘Procurements from an existing standing offer are not subject to the rules in Division 2 of these CPRs. However, these procurements must comply with the rules in Division 1.’ The CPRs further state: ‘To maximise competition, officials should, where possible, approach multiple potential suppliers on a standing offer.’⁶⁵

3.14 For the reuse assessment and the labour hire procurements, all suppliers in the relevant category of expertise were provided the opportunity to submit a tender.⁶⁶ The DTA’s engagement with one of the potential suppliers in the labour hire procurement reduced the effect of competition in that procurement process (see paragraphs 3.45 to 3.51). For the cloud native secure internet gateway procurement, nine suppliers on the Cloud Marketplace panel were provided the opportunity to submit a tender.

3.15 The number of suppliers approached and the number of responses received for the three panel procurements are outlined in Table 3.3.

Table 3.3: Number of suppliers approached and responses received for each panel procurement

Note a: Responses that were blank or incomplete were not included in the total. The DTA advised the ANAO in May 2025 that supplier ‘responses … may appear blank if they are incomplete when the ATM [approach to market] closes’.

Source: ANAO analysis of the DTA and AusTender data.

3.16 The office fitout procurement was conducted via a limited tender approach. The minute to the delegate seeking approval to approach the market indicated that the estimated value was below the threshold for limited tender procurement of construction services, which was consistent with the CPRs.⁶⁷ The minute included a list of potential suppliers but did not explain how the potential suppliers had been identified.⁶⁸ The delegate for the procurement was advised that five suppliers would be approached whereas four suppliers were actually approached⁶⁹, with two suppliers providing a response.

Evaluation criteria that supported value for money outcomes

3.17 Paragraph 7.12 of the CPRs states:

Relevant entities should include relevant evaluation criteria in request documentation to enable the proper identification, assessment and comparison of submissions on a fair, common and appropriately transparent basis.

3.18 Establishing an evaluation plan that includes evaluation criteria assists in promoting equitable treatment of suppliers and transparency. Part of Recommendation 6 in Auditor-General Report No. 5 2022–23 was that the DTA ‘incorporate evaluation criteria to better enable the proper identification, assessment and comparison of submissions on a fair and transparent basis.’⁷⁰

3.19 The three panel procurements⁷¹ included evaluation criteria in the procurement and evaluation plans prior to approaching the market. Two of those procurements also included the evaluation criteria in the request documentation.⁷²

3.20 The DTA’s development of evaluation criteria would enable the identification, assessment and comparison of submissions on a fair and transparent basis. The CPRs provide a non-exhaustive list of factors that must be considered when assessing value for money. These factors include fitness for purpose, a potential supplier’s experience and performance history, flexibility, environmental sustainability and whole-of-life costs. The criteria the DTA developed primarily related to supplier capability and capacity to fulfil the procurement requirement. Tender evaluation is discussed in paragraphs 3.55 to 3.68.

Risk management

3.21 Paragraph 8.2 of the CPRs states that:

Relevant entities must establish processes to identify, analyse, allocate and treat risk when conducting a procurement. The effort directed to risk assessment and management should be commensurate with the scale, scope and risk of the procurement. Relevant entities should consider risks and their potential impact when making decisions relating to value for money assessments, approvals of proposals to spend relevant money and the terms of the contract.⁷³

3.22 Auditor-General Report No. 5 2022–23 included two recommendations relating to the DTA’s management of procurement risks.⁷⁴ Table 2.5 details the ANAO’s assessment of the DTA’s implementation of these recommendations.

3.23 The DTA’s Risk Management Policy and procurement checklist requires that a risk assessment is conducted for procurements, including:

• identifying risks and associated controls;
• allocating risk and treatment owners; and
• managing, treating, and escalating residual risks as prescribed.

3.24 The DTA’s compliance with these requirements is summarised in Table 3.4.

Table 3.4: Assessment of compliance with DTA risk management requirements

Key: ◯ Not met or not compliant ◑ Partly met or partly compliant ● Fully met or fully compliant

Source: ANAO analysis of DTA documentation.

3.25 The DTA completed a risk assessment using its prescribed risk assessment template for all procurements. In each risk assessment, risks, risk owners⁷⁵ and treatment owners⁷⁶ were identified. For three of the four procurements, risk assessments were assigned inherent risk ratings in accordance with DTA guidance.

3.26 There were shortcomings in the DTA’s processes to identify, analyse, allocate and treat procurement-related risks due to deficiencies and inconsistencies within the DTA’s risk management guidance and its application of this guidance in practice. For example, the DTA’s guidance contained conflicting information on how risks should be analysed to identify a suitable risk rating and to appropriately manage, treat and escalate the risk. In practice, one risk assessment was completed with incorrect ratings. For three of the four risk assessments, there was no documented evidence of risk treatment or review activity as prescribed by DTA’s risk management process. The DTA advised the ANAO in December 2024 that ‘there was no requirement to implement risk treatment actions’.⁷⁷

3.27 As at April 2025, the DTA has implemented revised risk management guidance, including an updated risk assessment template, risk management policy, and risk management framework document. The ANAO identified improvements in the DTA’s guidance, such as improved matrices for assessing risks, revised requirements around risk treatment and monitoring during procurement activities, and new instructions on how to complete the template. Deficiencies remain due to inconsistencies between the risk assessment template, the risk management policy and the risk management framework regarding how procurement risks should be managed depending on the residual risk rating.

Probity management

3.29 Effective conflict-of-interest (COI) management is essential and should be a central component of an entity’s integrity framework. Poor practice, or the perception of it, in the management of COIs undermines trust and confidence in an entity’s activities. The Australian Public Service (APS) Code of Conduct, which is set out in section 13 of the Public Service Act 1999, requires APS employees to take reasonable steps to avoid any real or apparent COI.

3.30 Paragraph 6.6 of the CPRs states that:

officials undertaking procurement must act ethically throughout the procurement. Ethical behaviour includes:

a. dealing with potential suppliers, tenderers and suppliers equitably, including by seeking appropriate internal or external advice when probity issues arise;

b. carefully considering the use of public resources⁷⁸

3.31 Paragraph 6.7 of the CPRs states that ‘Officials undertaking procurement must seek to prevent corrupt practices by recognising and dealing with actual, potential and perceived conflicts of interest and not accepting inappropriate gifts or hospitality’. Recommendation 3 in Auditor-General Report No. 5 2022–23 related to the DTA establishing ‘an internal control to ensure that officials directly involved in procurements make activity-specific declarations of interest; and … maintain[ing] a register of declared interests’.

3.32 The DTA established a DTA Probity Guideline (Probity Guideline), which was approved by the Chief Financial Officer in December 2022. The Probity Guideline outlines: probity principles⁷⁹; probity-specific roles and responsibilities of personnel involved in procurement; and requirements for declaring and managing COI and ensuring confidentiality. The Probity Guideline states that:

All Officials participating in a Procurement will be required to agree to, and satisfy the principles and protocols set out in this Probity Guideline (Guideline) before undertaking any Procurement-related activities.

3.33 The Probity Guideline provides four templates as appendices. These are:

• Appendix A — Declaration and Agreement to the DTA Probity Guideline;
• Appendix B — Conflict of Interest (APS Employee);
• Appendix C — Conflict of Interest (Contractors); and
• Appendix D — Deed of Confidentiality.

3.34 The Probity Guideline states that ‘In the course of an open tender Procurement, all involved Officials must complete, sign and lodge with DTA Corporate Procurement the undertakings and declarations’ in appendices A to D ‘unless the relevant Officials can establish, to the Responsible Person’s reasonable satisfaction’, that appropriate arrangements are already in place.⁸⁰

3.35 In addition to the Probity Guideline, there is procurement and probity related guidance on the DTA’s intranet and in the mandatory procurement checklist. The DTA’s intranet guidance states that officials are to:

Complete a conflict-of-interest declaration, even if no conflicts exist. This needs to be completed by all officers involved in the procurement including the spending delegate, prior to the approach to market.⁸¹

3.36 The DTA officials involved in the four sampled procurements did not complete the Declaration and Agreement to the DTA Probity Guideline (Appendix A declaration) or the Deed of Confidentiality (Appendix D guideline). The DTA advised the ANAO in December 2024 that:

In practice the probity protocols and principles implemented for a Procurement will be dependent on the Procurement risk and value. Considering the risk and value of the sample set of Procurements it was not considered necessary for a “Declaration and Agreement to the DTA Probity Guideline” to be completed. ⁸²

3.37 The DTA advised the ANAO in May 2025 that:

The assessment was not documented at the time. However, for the staff involved in the four sampled procurements, it was deemed sufficient to complete Conflict of Interest (COI) forms instead of confidentiality deeds.

3.38 DTA processes stipulate that completed COI declarations are to be provided to the DTA Corporate Procurement Team, which maintains the COI register. The DTA’s compliance with these requirements is summarised in Table 3.5.

Table 3.5: Assessment of compliance with DTA probity requirements

Key: ◯ Not met or not compliant ◑ Partly met or partly compliant ● Fully met or fully compliant

Source: ANAO analysis of DTA information.

3.39 Three COI declarations (two for the labour hire procurement and one for the office fitout procurement) were completed after the evaluation reports had been signed. The evaluation panel chair for the labour hire procurement signed a COI declaration four days after the evaluation report for the procurement was signed. Another panel member signed a COI declaration nearly six months after signing the evaluation report. Both officials identified potential COIs in their declarations relating to relationships with the incumbent contractor (see paragraph 3.45). The COI declaration for a panel member of the office fitout procurement was signed eight months after the evaluation report for the procurement was signed. No conflicts of interest were declared.

3.40 The reuse assessment procurement was the only procurement for which the delegate completed a COI declaration. The DTA advised the ANAO in January 2025 that ‘only delegates that are included in the evaluation process have signed and provided a COI [declaration]’. Procurement delegates approve ‘commitments of relevant money’ and are the key decision-maker in awarding contracts. If COI declarations are not completed by delegates, conflicts cannot be identified or managed.⁸³

3.41 The reuse assessment was the only one of the four sampled procurements for which all conflict-of-interest forms were recorded in the COI register.⁸⁴

Management of declared COIs

3.45 As discussed in paragraph 3.39, two of the three panel members (including the chair) for the labour hire procurement identified potential conflicts of interest in their COI declarations relating to having a working relationship with the incumbent contractor.⁸⁵ Actions identified to manage these COIs included:

• the panel member being ‘removed from evaluating [the incumbent contractor’s] responses’; and
• the panel chair and panel member ‘Refrain[ing] from any discussions with [the incumbent contractor] and potential suppliers to ensure that all suppliers are evaluated fairly and equitably.’⁸⁶

3.46 The panel member with the declared COI did not assess the incumbent contractor during the initial evaluation of written applications stage of the supplier evaluation process. There were no documented arrangements in place to manage the COI during the subsequent stages of the supplier evaluation process, which included an interview stage, ranking of suppliers post interview and the selection of the preferred suppliers.⁸⁷ The evaluation panel member signed the evaluation report, which recommended that the DTA enter into contracts with two candidates, one of which was the incumbent contractor referred to in the COI declaration.

3.47 The hourly rate for the incumbent contractor recorded in the evaluation report provided to the delegate was lower than the rate included in the supplier’s response.⁸⁸ Between the initial shortlisting of candidates and interview stage, the chair of the procurement panel (who also copied into the email the other panel member who declared a COI) wrote to the supplier proposing the incumbent candidate saying:

We had significant interest from the market for this role and have now finished our evaluation, we have shortlisted candidates for interviews and [the incumbent contractor] is one of the shortlisted candidates.

I did want to call out early the rate that was submitted for [the incumbent contractor] was very high. It was in the top 10% of rates submitted by the market, and a 13% increase from the current contract.

We recognise there is advantage being the incumbent and having familiarity with the project, however we would need to see a reduced rate to make a value for money recommendation to our delegate … I am happy to discuss further if you would like.

3.48 The DTA advised the ANAO in May 2025 that ‘the approach to the supplier set out in the email occurred in the context of their rate being outside the panel rate benchmark range’. This rationale was not supported by documented evidence and the evaluation report noted that, prior to evaluating supplier responses, a compliance assessment excluded candidates with ‘an hourly rate above $195 GST Inclusive.’ The candidate’s original hourly rate was $192.50 (GST inclusive).

3.49 DTA email correspondence from the panel chair stated that ‘Following the interviews I did ring the supplier as they didn’t respond to the [email], essentially re-iterating that the rate was not VFM, and we wanted to negotiate. They agreed to a decreased rate verbally, which ultimately ended up in the contract.’ The DTA advised the ANAO in May 2025 that the third evaluation panel member, the delegate and the DTA’s Corporate Procurement Team were not informed of the communication with the potential supplier.⁸⁹ Advice to the delegate did not contain information on this negotiation and did not disclose the change in rate from the supplier’s initial submission.⁹⁰ The DTA did not follow actions committed to as mitigation measures in the evaluation COI declarations and communication with the supplier was not documented and logged as required under DTA’s Probity Guideline.⁹¹ Entities’ management of conflict-of-interests declarations are critical to mitigate bias that could be introduced in a procurement activity.

3.50 As discussed in paragraph 3.30, paragraph 6.6 of the CPRs states that ‘officials undertaking procurement must act ethically throughout the procurement. This includes: … dealing with potential suppliers, tenderers and suppliers equitably, including by seeking appropriate internal or external advice when probity issues arise’. The DTA’s conduct of this procurement fell short of these standards established in the CPRs as other suppliers were not offered the opportunity to submit revised rates and were not provided with information on how their rates compared to those submitted by other potential suppliers.

3.53 In May 2025, the DTA created a procurement factsheet that provides guidance on managing probity risks. The factsheet identified ‘Supplier Incumbency Risk: Where an existing supplier could gain an unfair advantage due to their prior involvement’ as an example of a probity risk. There was no further guidance provided on specific actions required to manage risks relating to the involvement of incumbent suppliers in procurement processes.

Tender evaluation and value for money assessments

3.55 The CPRs state that:

Achieving value for money is the core rule of the CPRs. Officials responsible for a procurement must be satisfied, after reasonable enquiries, that the procurement achieves a value for money outcome.⁹²

3.56 In addition, the CPRs also state documentation should provide accurate and concise information on how value for money was considered and achieved.⁹³

3.57 As discussed in paragraph 3.18, one element of Recommendation 6 in Auditor-General Report No. 5 2022–23 was that the DTA ‘incorporate evaluation criteria to better enable the proper identification, assessment and comparison of submissions on a fair and transparent basis’.

3.58 An evaluation report was prepared for each of the four sampled procurements. Evaluation reports for the three panel procurements included the evaluation panels’ assessment against the evaluation criteria established at the planning stage and was reflected in the request documentation for two procurements.⁹⁴ For the reuse assessment and cloud native secure internet gateway procurements, there was a clear rationale for the evaluation panels’ recommendation for the preferred tenderer based on the value for money assessments documented in the respective evaluation reports.⁹⁵

Labour hire procurement evaluation

3.59 The rationale for the ranking of candidates as part of the value for money assessment for the labour hire procurement was not documented. As outlined in Table 3.3, there were 98 responses to the approach to market for the procurement. The DTA assessed all responses. Scores against the combined ‘essential’ and ‘desirable’ evaluation criteria established in the procurement and evaluation plan for the top six shortlisted candidates were in the evaluation report.⁹⁶ The DTA interviewed the shortlisted candidates and recorded further information on its assessment of the candidates in the evaluation report. As this additional information was not presented as a direct assessment against the defined ‘essential’ or ‘desirable’ evaluation criteria, comparison of shortlisted candidates on their suitability against the established evaluation criteria after the interview stage was not possible. The evaluation report included a record of candidates’ hourly rates but no indication of how differences between candidates, in terms of price or capabilities, affected value for money considerations.

3.60 There was an incumbent contractor in place at the time the DTA commenced a new procurement activity to continue services being provided through a new contract.⁹⁷

• The incumbent contractor was shortlisted for an interview by the evaluation panel and ranked as the second highest candidate in terms of value for money in the evaluation report.
• The incumbent contractors’ hourly rate was significantly higher than the first and third ranked candidates and the evaluation report did not include an explanation of how this represented value for money.⁹⁸ As discussed in paragraph 3.47, the hourly rate of the incumbent contractor recorded in the evaluation report provided to the delegate was lower than the rate included in the supplier’s response.⁹⁹

• The procurement and evaluation plan stated that the procurement was to engage one contractor for a proposed contract term of six months with two six month extension options. The recommendation from the evaluation panel, which the delegate accepted, was to award a 12-month labour hire contract to the candidate ranked second place (the incumbent contractor) and a six-month contract to the candidate ranked first.¹⁰⁰ The initial values of the contracts were $340,000 and $146,544 respectively. No rationale for this recommendation was documented in the evaluation report. The DTA advised the ANAO in April 2025 that:

  The decision to structure these contract offerings was influenced by business needs, continuity considerations, and value-for-money principles. While [the first ranked candidate] was ranked first in the evaluation, [the incumbent contractor’s] existing product knowledge and ability to maintain ongoing work without disruption made [them] the most suitable candidate for the long-term role. [The first ranked candidate’s] strong technical capability and cost-effective rate made [them] the best fit for the short-term engagement.

3.61 Advice to decision-makers is discussed in paragraphs 3.93 to 3.98.

Office fitout procurement evaluation

3.62 In the request for documentation¹⁰¹ issued to the four potential suppliers, the DTA advised that responses would be assessed on the ‘technical capabilities’ of:

• Generic design principles to be employed in the layouts and design of workstations and offices to enable easy/quick/inexpensive change, long life, and high durability.
• capability and capacity to provide the requirements.
• demonstrated experience in delivering the requirements.
• commitment to occupational health, safety, and environment.

3.63 Two of the four suppliers that were sent the request documentation provided a response. The tenderers were assessed against three of the four ‘technical capabilities’¹⁰², which were reflected as numbered criteria in the evaluation report:

• Criterion 1: Capability and capacity to provide the requirements;
• Criterion 2: Demonstrated experience in delivering the requirements; and
• Criterion 3: Commitment to occupational health, safety and environment.

3.64 Both tenderers scored equally on criteria two and three. The non-preferred tenderer was rated ‘poor’¹⁰³ for criterion one because it ‘did not quote for video conferencing equipment’.¹⁰⁴ The request documentation stated that ‘video conferencing facilities will need [to] be installed in conjunction with the DTA ICT team’.

3.65 The evaluation report stated that:

Whilst on face value [the non-preferred tender] portrayed a better value for money proposition, it had several exclusions that poised a significant risk to the project budget. These exclusions included the following

(i) Video conferencing
(ii) Consultants
(iii) Mechanical Designs
(iv) CDC¹⁰⁵
(v) Certifications.

3.66 This was not consistent with documentation supplied by the tenderers. Neither tenderer quoted for mechanical designs and both tenderers quoted for a private certifier.

3.67 There was a significant difference in price between the two tenders. The preferred tenderer quoted $281,738 (excluding GST), of which $34,579 was for video conferencing equipment. The non-preferred tenderer quoted $162,406.74 (excluding GST). In the price evaluation section of the evaluation report there was no reference to the price of the non-preferred tender. The DTA advised the ANAO in December 2024 that given the non-preferred tender was rated poor in the technical assessment, no detailed price assessment of the non-preferred tender was required in accordance with the evaluation plan. The price evaluation section did not address the difference in cost of the preferred tender. It stated that the ‘initial quote is slightly higher than the DTA budget however, there are additional items outside scope that can be negotiated to lower expenditure to meet budget requirements.’¹⁰⁶ The DTA acknowledged its documentation of assessments related to this procurement could be improved.

Notifying and debriefing tenderers

3.69 Paragraph 7.17 of the CPRs states:

Following the rejection of a submission or the award of a contract, officials must promptly inform affected tenderers of the decision. Notification should be provided in writing, and must be provided in writing if requested by the tenderer. Debriefings must be made available, on request, to unsuccessful tenderers outlining the reasons the submission was unsuccessful. Debriefings must also be made available, on request, to the successful supplier(s).¹⁰⁷

3.70 Across the four procurements, all unsuccessful tenderers were notified and debriefs were provided upon request.

AusTender reporting

3.71 The CPRs require non-corporate Commonwealth entities to report on AusTender, contracts valued at or above $10,000 within 42 days of the contract being entered into.¹⁰⁸ The four sampled procurements resulted in the creation of five contracts.¹⁰⁹ All five contracts were published on AusTender within the required timeframe.¹¹⁰

3.72 For all sampled procurements, the DTA reported incorrect information on AusTender. Specifically:

• the reuse assessment procurement contract period was reported incorrectly¹¹¹;
• the cloud native secure internet gateway procurement was reported as having occurred through the Digital Marketplace panel, rather than the Cloud Marketplace panel;
• one of the two labour hire contracts (CN4076862), which had no option to extend at the time of signing, was incorrectly reported on AusTender as having been extended for six months due to ‘Execution of option, extension, renewal, or other mechanism outlined when the contract was initially awarded’; and
• the office fitout procurement variation amount was reported incorrectly.¹¹²

3.73 The DTA incorrectly reported on AusTender that the limited tender office fitout procurement was exempt from the rules of Division 2 of the CPRs as it had an exemption under Appendix A:1 of the CPRs for ‘Leasing of immovable property or any associated rights’.¹¹³

3.74 On 5 February 2025, the DTA amended the contract notice on AusTender. The DTA removed reference to the exemption and reported that it had undertaken a limited tender procurement in accordance paragraph 10.3e of the CPRs (‘Additional deliveries by original supplier intended as replacement parts, extensions, or continuation for existing goods or services for compatibility’). As discussed in paragraph 3.12, limited tender was permissible because the services being procured met the definition of construction services and the value of the procurement was under $7.5 million and paragraph 10.3e of the CPRs did not apply. As at June 2025, AusTender had been corrected to provide the correct limited tender condition.

3.75 The office fitout contract was varied twice. The first variation was reported on AusTender 229 days after that variation was signed, 187 days longer than the six week period allowed under the CPRs.¹¹⁴ The second variation was under the threshold for reporting on AusTender.¹¹⁵

3.76 Ensuring that reporting on AusTender is accurate and completed in a timely manner is important in supporting transparency and trust in government.

Maintaining records

3.78 The CPRs state that ‘Officials must maintain for each procurement a level of documentation commensurate with the scale, scope and risk of the procurement.’¹¹⁶ Paragraph 7.3 of the CPRs details the documentation that should be maintained.¹¹⁷ Effective records management is required by law and helps entities retain critical sources of evidence for robust public administration, responsive service delivery, and accountability to the Parliament and public.¹¹⁸

3.79 There were shortfalls identified with the DTA maintaining complete procurement records for the four sampled procurements, including:

• aspects of the procurement approach in the limited tender office fitout procurement (see paragraph 3.9);
• information on how COIs were managed (see Recommendation 3 in Table 2.5) and how a declared conflict of interest was managed in the labour hire procurement (see paragraphs 3.45 to 3.51);
• documentation of consideration of cost when assessing value for money for two of the four procurements examined could be improved (see paragraphs 3.59 to 3.68); and
• advice and decisions regarding the procurements were not always documented (see paragraphs 3.93 to 3.98).

Has decision-making been accountable and transparent?

Approval arrangements

Original contracts

3.80 The accountable authority has a duty under section 15 of the PGPA Act to promote the proper use (that is, the efficient, effective, economical and ethical use) and management of public resources for which the accountable authority is responsible.¹¹⁹ This duty applies when approving commitments of relevant money. Under section 23 of the PGPA Act¹²⁰, an accountable authority may enter into, vary and administer arrangements and approve commitments of relevant money. The Chief Executive Officer of the DTA, as the accountable authority, has delegated these powers to certain DTA officials and imposed conditions on their use. In accordance with subsection 18(1) of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule)¹²¹, the delegate approving a commitment of relevant money must record in writing their approval as soon as practicable after giving it.

3.81 All four procurements had section 23 approval for the initial contract, in accordance with the DTA Financial Delegation.

Contract amendments

3.82 Recommendation 9 in Auditor-General Report No. 5 2022–23 related to the DTA ‘strengthen[ing] its internal guidance and controls to ensure officials do not vary contracts to avoid competition or obligations and ethical requirements under the Commonwealth Procurement Rules.’ As at May 2025, there were a total of seven amendments across the four sampled procurements. Amendments included contract extensions and variations to the contract end date, specified personnel, and increasing the contract value.

3.83 Of the seven amendments that required delegate approval:

• four received the required section 23 approval before the amendment was executed;
• one was approved when there was no option to extend the contract;
• one was approved for the correct amount after the contract amendment had been executed; and
• one was executed after the contract expired.

3.84 The DTA advised the ANAO in May 2025 that:

All DTA officials are appropriately delegated as per the DTA’s Financial Delegation Instrument … to enter and vary arrangements under section 23(1) of the PGPA Act.

3.85 The DTA’s 2021 and 2024 Financial Delegations describe a delegation of ‘Entering into and administering an arrangement’ under PGPA Act subsection 23(1) and give that power to all DTA staff members to the limit of a previously approved spending proposal. The descriptive wording in the delegation does not reference the power to ‘vary’ arrangements, although section 23(1) of the PGPA Act does (see Footnote 120). This inconsistency in the delegations should be rectified.

3.86 Finance guidance states that:

A contract must not be extended unless:

• it contains an option to extend,
• it is value for money to extend the contact and
• the contract has not yet expired.¹²²

3.87 Finance guidance also states that:

An extension option must be exercised in accordance with the terms of the contract…

Extension options should not solely be exercised due to failure to appropriately plan procurement needs, continue supplier relationships, or with the intention of discriminating against a supplier or avoiding competition.¹²³

3.88 One contract (CN4076862) for the labour hire procurement had an end date of 8 January 2025 with no provision to extend and no clauses relating to variation. Having no option to extend was acknowledged in the request to the DTA Chief Operating Officer to approve the variation.¹²⁴ AusTender records show that on 16 December 2024, the contract end date was extended by six months, listing the amendment as ‘Execution of option, extension, renewal, or other mechanism outlined when the contract was initially awarded’.

3.89 There were two variations relating to the office fitout procurement. Neither was signed by the supplier and for the first variation DTA delegate approval was not appropriately documented before the amendment was executed. The section 23 approval was for less than the total variation amount¹²⁵ and the delegate’s executive assistant documented the approval instead of the delegate.¹²⁶ Approval for the full amount of the first variation was obtained 103 days after the variation was signed by the DTA. The second variation was signed after the previous contract had expired, which is inconsistent with Finance’s guidance.

3.90 As discussed in Table 2.5, a briefing provided to DTA senior management in September 2024 stated that ‘Variations are required to be approved by the COO.’ This requirement was not captured in the DTA’s procurement guidance.¹²⁷ Of the seven variations, two were approved by the COO before the variation was signed, two were approved by the COO after the variation was signed and three were not approved by the COO.¹²⁸

Advice to decision-makers

3.93 Recommendation 7 in Auditor-General Report No. 5 2022–23 stated that ‘The Digital Transformation Agency improve its procurement processes to ensure decision-makers are provided complete advice, including information on risk and how value for money would be achieved.’

Advice on value for money

3.94 Paragraph 4.4 of the CPRs states that ‘Officials responsible for a procurement must be satisfied, after reasonable enquiries, that the procurement achieves a value for money outcome.’¹²⁹

3.95 As discussed in paragraphs 3.59 to 3.68, it was not clear from the evaluation reports for the labour hire and office fitout procurements how the preferred tenderers represented value for money. Where advice received does not provide a clear basis for a decision on value for money, delegates should request clarification.

Advice on probity matters

3.96 Potential COIs were identified and declared by evaluation panel members on the labour hire procurement.¹³⁰ The evaluation report stated that:

All panel members completed a conflict-of-interest declaration. [A panel member] identified a conflict-of-interest prior to evaluations. The Delegate was informed of this conflict and the proposals set out for managing the conflict.

3.97 At the time of the evaluation report being signed by evaluation panel members, two of the three evaluation panel members (including the panel chair) had not signed a COI declaration (see paragraph 3.39) and the DTA did not document how the delegate was informed of the conflict and the arrangements in place to manage it. The evaluation report did not document what arrangements, if any, were in place to manage the conflict after the initial shortlisting stage of the evaluation. As discussed in paragraphs 3.47 to 3.51, actions undertaken by the panel chair relating to one supplier were not appropriately documented and were not included in the report to the delegate.

Contract payments

3.103 The Australian Government’s Supplier Pay On-Time or Pay Interest Policy (RMG 417), outlines that non-corporate Commonwealth entities ‘must make all payments to suppliers within the maximum payment terms, following the acknowledgement of the satisfactory delivery of goods or services and the receipt of a correctly rendered invoice’.¹³¹ The maximum payment terms are 20 calendar days, unless shorter maximum payment terms are agreed with the supplier. Recommendation 8 in Auditor-General Report No. 5 2022–23 related to the DTA’s arrangements for payments to suppliers.¹³²

3.104 The DTA’s guidance states that invoices must be paid in accordance with the terms and timeframes set out in RMG 417. It further states that the DTA’s standard payment terms are generally 30 days from the invoice date and deviation from the DTA’s standard payment terms requires approval by the DTA’s Chief Financial Officer. The ANAO assessed whether the payments relating to the four sampled procurements: were paid by the invoice due date; were paid within the agreed or maximum payment terms; were for the correct amount; and whether the DTA maintained appropriate payment records for each payment (see Table 3.6).¹³³ For three of the five contracts established, the DTA did not specify the payment terms in the written agreements.

Table 3.6: Assessment of contract payments

Key: ■ Not met or not compliant ▲ Partly met or partly compliant ◆ Fully met or fully compliant

Note a: This includes invoices, confirmation of goods receipt and payment receipts.

Note b: As no payment terms were specified in this contract, the maximum payment terms were 20 calendar days, as specified in RMG 417.

Note c: The agreed payment terms were 20 business days.

Note d: Two contracts were awarded and contract payments for both were assessed.

Note e: All four invoices were paid after the invoice due date (the average was 30.5 days after the invoice due date).

Note f: The agreed payment terms were 15 business days.

Note g: While all payment amounts were accurate, the DTA made a payment of $74,389.92 to the wrong bank account (see paragraph 3.106).

Source: ANAO analysis of DTA information.

3.105 For the four sampled procurements, the DTA maintained appropriate records of payments. For three of the four procurements, the DTA made payments by the invoice due date, within the agreed or maximum payment terms and payments were accurate.

3.106 For the office fitout procurement, the invoice due dates were different to the agreed payment terms specified within the contract. The DTA paid two of four invoices within the agreed payment terms and did not pay any invoices by the invoice due date. On 24 June 2024, one payment totalling $74,389.92 was made to an incorrect bank account.¹³⁴ The DTA contacted the supplier on 9 July 2024 and requested the payment be returned to the DTA. DTA documentation stated that ‘all teams had been advised to be cautious in the future and carry out necessary checks before processing’. Following the DTA’s investigation into how to recover the payment, the DTA decided to not progress the remaining two invoices to the supplier until the $74,389.92 was recovered.¹³⁵ After the funds were returned to the DTA on 11 September 2024, it took approximately one month for the DTA to reconcile payments and make the outstanding payments to the correct account. The supplier followed up with the DTA on three occasions to request the outstanding payments be made, including advising the DTA that legal action would be commenced if the payments were not settled.

Appendix 1 Entity responses

Digital Transformation Agency

Department of Finance

Appendix 2 Improvements observed by the ANAO

1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of ANAO audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s corporate plan states that the ANAO’s annual performance statements will provide a narrative that will consider, amongst other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include

• strengthening governance arrangements;
• introducing or revising policies, strategies, guidelines or administrative processes; and
• initiating reviews or investigations.

4. In this context, the below actions were observed by the ANAO during the course of the audit. It is not clear whether these actions and/or the timing of these actions were planned in response to proposed or actual audit activity. The ANAO has not sought to obtain assurance over the source of these actions or whether they have been appropriately implemented.

Table A.1: Improvements at the DTA observed by the ANAO

Table A.2: Improvements at Finance observed by the ANAO

Appendix 3 Recommendations included in the audit

Table A.3: The DTA agreed recommendations included in the audit and the DTA’s assessment of implementation

Note a: Department of Finance, Contracts End Dates [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/contracts-end-dates [accessed 16 September 2025].

Source: JCPAA, Report 498: ‘Commitment issues’ — An inquiry into Commonwealth procurement (2023); Auditor-General Report No. 5 2022–23 Digital Transformation Agency’s Procurement of ICT Related Services, ANAO, Canberra, (2022); and ANAO analysis.

Table A.4: Finance recommendations included in the audit and Finance assessment of implementation

Source: Auditor-General Report No. 5 2022–23 Digital Transformation Agency’s Procurement of ICT Related Services, ANAO, Canberra, (2022); and ANAO analysis.