The objective of the audit was to assess the extent to which the Department of the Environment and Energy has implemented the recommendations from ANAO Report No. 43 2013–14 and strengthened its framework for the delivery of its regulatory activities.

Summary and recommendation

Background

1. The objectives of the Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act), which is administered by the Department of the Environment and Energy (Environment), include the protection of matters of national environmental significance (MNES). Actions, such as land clearing and mining, that are likely to have a significant impact on, for example, national threatened species and ecological communities, must be approved by the Minister for the Environment and may be subject to conditions.

2. The effective monitoring by Environment of approval holders’ compliance with conditions helps to ensure achievement of the EPBC Act’s objectives. The ANAO has previously examined Environment’s monitoring of compliance in ANAO Report No. 43 2013–14, Managing Compliance with Environment Protection and Biodiversity Conservation Act 1999 Conditions of Approval. In that audit, the ANAO concluded that Environment had limited assurance regarding approval holders’ compliance with approval conditions and was generally passive in its approach to managing non-compliance with EPBC Act conditions of approval. The ANAO made five recommendations aimed at improving Environment’s regulatory performance. Environment agreed to implement all recommendations.

3. Subsequently, in ANAO Audit Report No. 7 2015–16, Managing Compliance with the Wildlife Trade Provisions of the Environment Protection and Biodiversity Conservation Act 1999, the ANAO concluded that Environment’s management of compliance with the EPBC Act was undermined by the absence of, among other matters, a risk-based approach to monitoring compliance. The ANAO noted that, at that time, Environment was implementing a five-year Regulatory Capability Development Program to strengthen its regulatory compliance framework. Further, in his October 2015 response to the audit, the departmental Secretary foreshadowed a review of the department’s regulatory practices and maturity (the Regulatory Maturity Project).

Audit objective and criteria

4. The objective of the audit was to assess the extent to which the Department of the Environment and Energy has implemented the recommendations from ANAO Report No. 43 2013–14 and strengthened its framework for the delivery of its regulatory activities. To form a conclusion against the audit objective, the ANAO adopted the following high level criteria:

  • Has Environment implemented the recommendations?
  • Has Environment progressed initiatives to strengthen the delivery of regulatory activities?

Conclusion

5. Environment has made progress in addressing the five recommendations made in ANAO Report No. 43 2013–14, Managing Compliance with Environment Protection and Biodiversity Conservation Act 1999 Conditions of Approval (as outlined in Table S.1). To date, limited progress has been made in relation to the implementation of broader initiatives to strengthen the department’s regulatory performance.

Table S.1. Implementation status of recommendations

Recommendation

Status

ANAO recommendation No. 1

Develop an effective compliance intelligence capability and relevant risk factors for approved controlled actions

Implemented

ANAO recommendation No. 2

Transfer approved controlled actions to the compliance monitoring area

Partially implemented

ANAO recommendation No. 3

Establish risk-based arrangements to manage compliance

Implemented

ANAO recommendation No. 4

Implement processes for responding to instances of non-compliance

Implemented

ANAO recommendation No. 5

Establish functional support systems and appropriate performance monitoring and reporting arrangements

Partially implemented

   

Note: A full description of the ANAO’s recommendations is provided in Box 1, Chapter 1.

Source: ANAO analysis.

6. Environment has implemented Recommendations 1, 3 and 4 from ANAO Audit Report No. 43, 2013–14 and has made progress in implementing Recommendations 2 and 5. As a result, Environment is better placed to provide assurance that approval holders are complying with conditions of approval. Fully implementing Recommendations 2 and 5 from ANAO Audit Report No. 43, 2013–14, addressing areas for improvement identified in this audit and implementing the recommendations arising from departmental reviews should further strengthen Environment’s delivery of regulatory functions.

7. Environment had made limited progress to address identified shortcomings in its regulatory activities through its five-year Regulatory Capability Development Program prior to the early termination of the program in December 2015. A subsequent Regulatory Maturity Project, which was finalised in April 2016, identified further options to strengthen the delivery of Environment’s regulatory activities, with a number of recommendations made to address weaknesses that had previously been identified by internal and external audit coverage. As was also highlighted by previous ANAO audit coverage, the project identified that Environment is yet to undertake a structured departmental-wide risk assessment of its regulatory activities to inform its regulatory settings and resourcing decisions. Environment has committed to implement the recommendations of the project.1

Supporting findings

Implementation actions

8. Recommendation 1 has been implemented. Environment has established an annual Compliance Monitoring Program, with the development of the program informed by an effective compliance intelligence capability and the application of relevant risk factors for controlled actions. The arrangements that are in place support Environment to identify, analyse and monitor regulatory risks relating to controlled actions and aid in prioritising compliance activities to mitigate these risks. There is further scope for Environment to improve arrangements for the development of the annual programs, including: finalising programs in a more timely manner; and strengthening processes for the collection, retention and analysis of compliance intelligence.

9. Recommendation 2 has been partially implemented. Environment has established procedures for the transfer of responsibility for approved controlled actions from environment assessment branches to post approval monitoring teams and routinely monitors the transfer process. However, the established procedures included inconsistent guidance to staff and transfers were not occurring in accordance with established timelines. Further, limited documentation outlining the reasons for the retention of some controlled actions by assessment branches means that Environment is not well placed to demonstrate that the transfer process is operating effectively and, ultimately, that all approved controlled actions are subject to appropriate compliance activity.

10. Recommendation 3 has been implemented. Environment has established appropriate arrangements to manage risks to compliance with conditions of approval, primarily through: the revision of guidance material for staff; targeting of compliance monitoring activities to high risk actions; and the improved coordination of compliance monitoring activities across the population of controlled actions. There would be merit in strengthening arrangements to ensure that compliance monitoring activities are delivering an appropriate level of assurance against a clearly articulated risk appetite and tolerances and that accurate data is being used to determine risk ratings and to direct compliance activities.

11. Recommendation 4 has been implemented. Environment has established appropriate processes for responding to non-compliance, with: guidance that requires departmental officers to centrally record all instances of non-compliance that are identified; and the establishment and operation of a Regulatory Advisory Panel that has enhanced the consistency of Environment’s decision-making in relation to compliance and enforcement actions. The introduction of the panel has also led to improvements in the documentation underpinning decisions. There would be merit in Environment improving the arrangements in place to monitor the recording of non-compliance incidents and reviewing the roles and responsibilities for the panel and delegated decision-makers.

12. Recommendation 5 has been partially implemented. Environment has improved its arrangements to monitor and report on compliance activities, but continuing IT system functionality limitations impact on Environment’s ability to effectively and efficiently monitor its regulatory performance. Further: internal report arrangements do not provide timely and targeted information on the performance of the compliance function; and performance information reported externally by Environment does not currently provide stakeholders with sufficient insights into the extent to which compliance monitoring activities have been effective in protecting the environment from significant impacts.

Initiatives to strengthen regulatory performance

13. Environment made limited progress on the achievement of the objectives established for its Regulatory Capability Development Program prior to the early termination of the program in December 2015. The subsequent completion of a Regulatory Maturity Project has provided Environment with a broad range of recommendations to strengthen the delivery of its regulatory functions. In light of the issues encountered when implementing the earlier program, Environment should take steps to appropriately support the implementation of the recommendations made in the project report.

14. Environment has not undertaken a structured departmental-wide risk assessment of its regulatory activities to inform its resourcing decisions. Environment has agreed to the recommendation to undertake such an assessment in response to the Regulatory Maturity Project.

Recommendation

Recommendation No.1

Paragraph 3.18

The Department of the Environment and Energy should routinely review its compliance monitoring approach to ensure that an appropriate level of assurance is obtained relative to the risk appetite and tolerances specified.

Department of the Environment and Energy’s response: Agreed.

Summary of entity response

15. The Department of the Environment and Energy’s summary response to the report is provided below, while its full response is at Appendix 1.

The Department agrees with the recommendation in the report. The Department is grateful for the assistance and cooperation of the Australian National Audit Office in assessing the performance of the Department’s compliance monitoring activities for approvals under the Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act).

The Department has published a formal response to the Regulatory Maturity Project review and established a Regulatory Steering Committee to oversee a program of work over the next 12–18 months. The Department has already completed actions to address several priority recommendations and has measures in place to address the remainder.

In light of the Department’s Risk Management Policy (which is currently being updated to include articulating risk appetite and tolerances) and the Regulatory Maturity Project, the Department has already commenced reviewing its compliance risk approach. The Department will also review compliance monitoring approaches across all relevant legislation as part of creation of the Independent Office of Compliance.

The Department will continue to implement improvements to procedures, IT systems and governance relating to compliance monitoring activities for approvals under the EPBC Act, in order to fully implement recommendations 2 and 5 of the 2013–2014 ANAO Audit (ANAO Report No. 43).

1. Background

Introduction

1.1 The objectives of the Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act) include the protection of matters of national environmental significance (MNES), the promotion of ecologically sustainable development, the conservation of biodiversity, and cooperative approaches to the protection and management of the environment. The effective monitoring of compliance with the EPBC Act helps to ensure achievement of its objectives. Actions, such as land clearing, mining, residential/commercial developments and land transport, that are likely to have a significant impact on, for example, world heritage properties or national threatened species and ecological communities must be approved by the Minister for the Environment2 and may be subject to conditions.

1.2 The Department of the Environment and Energy (Environment) is responsible for ensuring that approval holders (such as landholders, developers and companies) comply with any conditions attached to an approval by the Minister. According to Environment’s records, there were 786 active controlled actions3 and 79 expired approvals as at 31 August 2016.

1.3 Compliance monitoring and investigations/enforcement activities undertaken by Environment, including those associated with approved controlled actions, are managed by the Compliance and Enforcement Branch within the Environment Standards Division.4 In 2016–17, the branch received a budget allocation of around $9.7 million and had approximately 68 officers across five sections.

The ANAO’s previous audit

1.4 In June 2014, the Australian National Audit Office (ANAO) tabled Audit Report No.43 2013–14, Managing Compliance with Environment Protection and Biodiversity Conservation Act 1999 Conditions of Approval in the Parliament. In that audit, the ANAO found that Environment had limited assurance regarding approval holders’ compliance with approval conditions and was ‘generally passive’ in its approach to managing non-compliance with EPBC Act conditions of approval for controlled actions. The ANAO made five recommendations (see Box 1) aimed at improving Environment’s regulatory performance. Environment agreed to implement all recommendations.

Box 1: Recommendations of the previous ANAO audit

ANAO Recommendation No.1

To better assess and manage the risks to matters of national environmental significance posed by approved controlled actions, the ANAO recommends that Environment develop and implement an annual program of compliance activities having regard to:

  1. a structured approach to collect, retain and regularly analyse, compliance intelligence; and
  2. the identification and regular review of relevant risk factors for approved controlled actions.

ANAO Recommendation No.2

To strengthen compliance monitoring of approved controlled actions, the ANAO recommends that Environment:

  1. transfer approved controlled actions to the compliance monitoring area at the time of their approval, unless a specific need has been identified for the assessment branches’ retention of the actions; and
  2. establish, and monitor adherence to, appropriate protocols and procedures to help ensure that approved controlled actions retained by the assessment branches are transferred to the compliance monitoring area once the specific need has been addressed.

ANAO Recommendation No.3

To improve the management of risks to compliance and matters of national environmental significance, the ANAO recommends that Environment:

  1. review standard operating procedures and reinforce the need for staff to document the assessment and/or approval of material submitted by proponents of approved controlled actions;
  2. better target monitoring activities towards those approved controlled actions that pose the greatest risks to matters of national environmental significance; and
  3. develop and resource a coordinated program of compliance monitoring activities, monitoring inspections and compliance audits.

ANAO Recommendation No.4

To improve processes for responding to instances of non‐compliance, the ANAO recommends that Environment:

  1. reinforce to staff the need for all instances of non‐compliance by proponents of approved controlled actions to be recorded centrally; and
  2. improve the documentation of reasons for enforcement decisions, including the key factors considered when an appropriate response was determined.

ANAO Recommendation No.5

To improve the governance and oversight of the compliance monitoring function, the ANAO recommends that Environment:

  1. implement improvements to IT systems and records management practices, to address identified gaps and enhance functionality;
  2. improve the frequency and coverage of management reports in relation to compliance monitoring activities, outputs and outcomes; and
  3. develop and report against appropriate performance measures that relate to the activities undertaken to monitor compliance with the EPBC Act.

1.5 Environment’s Audit Committee agreed to close ANAO Recommendations 1–4 on 23 June 2015 and ANAO Recommendation 5 on 17 November 2015.

Review by the Joint Committee of Public Accounts and Audit

1.6 The Parliament’s Joint Committee of Public Accounts and Audit (JCPAA) conducted an inquiry into the previous ANAO audit in late 2014 and released its report in March 2015.5 The JCPAA made three recommendations (see Box 2) in relation to the previous audit. Of these three recommendations, recommendations 4 and 6 included elements aimed at improving Environment’s overall management of compliance with EPBC Act conditions of approval.6 Environment responded to these recommendations on 4 September 2015, with the departmental Secretary advising the committee that considerable progress had been made to address the issues identified in the ANAO report. The Status of Recommendations summary attached to the Secretary’s advice indicated that Recommendations 1 and 2 had been implemented and that Environment was still in the process of implementing elements of Recommendations 3, 4 and 5.

1.7 The JCPAA also recommended (Recommendation 5) that the ANAO consider following-up on Environment’s progress in implementing the recommendations from the previous audit in 12–18 months.

Box 2: Recommendations of the JCPAA reporta

JCPAA Recommendation No.4 (points 1, 2 and 4)

The Committee recommends that Environment report back to the JCPAA, within six months of the tabling of this report, on its continued progress:

  • implementing the ANAO’s recommendations in Report No. 43 (2013–14);
  • implementing improvement initiatives for managing compliance under its business improvement program; and
  • implementing up-to-date guidance material that reflects better practice regulatory considerations.

JCPAA Recommendation No.5 (points 1 and 3)

The Committee recommends that the ANAO consider including, in its schedule of performance audits for the next 12–18 months, a follow up audit of Environment’s management of compliance with EPBC Act conditions of approval, with a particular focus on:

  • the effectiveness of Environment’s ongoing implementation of the ANAO recommendations in Report No. 43 (2013–14); and
  • the effectiveness of Environment’s reporting against appropriate performance measures relating to activities undertaken to monitor compliance with EPBC Act conditions of approval.

JCPAA Recommendation No.6

The Committee recommends that Environment take a leadership role in its governance arrangements concerning management of compliance with EPBC Act conditions of approval, particularly in the context of the new one-stop-shop arrangements, by demonstrating effective reporting against appropriate performance measures.

Note a: Environment does not currently report to its Audit Committee on the progress of implementation of parliamentary committee recommendations

Related ANAO audit coverage and departmental reviews

ANAO audit coverage

1.8 In November 2015, the ANAO tabled Audit Report No. 7 2015–16, Managing Compliance with the Wildlife Trade Provisions of the Environment Protection and Biodiversity Conservation Act 1999 in the Parliament. In that report, the ANAO concluded that Environment’s management of compliance was undermined by the absence of appropriate and tailored policy and procedural guidance, functional IT support systems and a risk-based approach to monitoring compliance. Further, the ANAO found that settings and resources allocated by Environment to its regulatory responsibilities were not informed by a structured departmental-wide risk assessment focusing on its regulatory activities. The ANAO noted that Environment had recognised the need to address shortcomings in its regulatory activities and was establishing a comprehensive regulatory compliance framework through its existing five-year Regulatory Capability Development Program. This program had been identified in the ANAO’s previous audit as a mechanism Environment was using to address findings from a 2013 internal audit it had conducted.

Departmental reviews

1.9 In 2015, Environment commenced a Regulatory Maturity Project (the project)7 to assess the maturity, capability and capacity of Environment’s regulatory functions.8 Environment commissioned the project in response to:

  • a number of reviews and audits (including the previous audit and ANAO Audit Report No. 7 2015–16) that identified the need for Environment to build its capacity and maturity as a regulator; and
  • the setting aside of the approval for the Carmichael Coal and Rail Project by the Federal Court in mid-2015, with the Court identifying shortfalls in Environment’s regulatory systems.

1.10 Overall, the project concluded that:

Environment’s approach to regulation is sound and consistent with many other regulators. … However, while the Senior Executive has a strong desire to continue to move Environment towards being a modern best practice regulator, it is fair to say that Environment is on the road to best practice, but has not yet reached that goal.

1.11 The report included 37 recommendations aimed at positioning Environment as a contemporary, mature and trusted regulator. In addition, the report outlined areas for Environment to concentrate its efforts, including: objectives and performance; approach to regulation; approach to risk; people; engagement; and systems and tools. Environment formally responded to the report in October 2016, accepting all recommendations.

Audit approach

1.12 The objective of the audit was to assess the extent to which the Department of the Environment and Energy has implemented the recommendations from ANAO Report No. 43 2013–14, Managing Compliance with Environment Protection and Biodiversity Conservation Act 1999 Conditions of Approval and strengthened its framework for the delivery of its regulatory activities.

1.13 To form a conclusion against the audit objective, the ANAO adopted the following high level criteria:

  • Has Environment implemented the recommendations?
  • Has Environment progressed initiatives to strengthen the delivery of regulatory activities?

1.14 The audit examined the extent to which Environment has implemented the five recommendations made in ANAO Report No. 43 2013–14 and the effectiveness of arrangements in place, as well as Environment’s progress in implementing the Regulatory Capability Development Program and undertaking a structured departmental-wide risk assessment of its regulatory activities. Given the alignment of relevant JCPAA recommendations and recommendations made previously by the ANAO, the JCPAA’s recommendations have been addressed in the context of assessing the department’s progress in implementing the ANAO’s recommendations.

1.15 In undertaking the audit, the ANAO reviewed Environment’s records (including policies, procedures, reviews, records of decisions, management reporting, and briefings), and examined relevant systems and databases. In addition, the ANAO interviewed departmental officers and sampled approved controlled actions with conditions to determine the extent to which compliance monitoring, inspection and audit activity had been undertaken by Environment during the period from July 2014 to June 2016.

1.16 The performance audit was conducted in accordance with ANAO auditing standards at a cost to the ANAO of approximately $276 000.

2. Implementation actions

Areas examined

The ANAO examined the Department of the Environment and Energy’s (Environment’s) progress towards implementing the recommendations of the previous ANAO audit, including whether it had:

  • established arrangements for the timely transfer of approved controlled actions to the Compliance and Enforcement Branch (Recommendation 2)a;
  • developed an effective compliance intelligence capability and risk factors for approved controlled actions (Recommendation 1);
  • established appropriate risk-based arrangements for the management of compliance (Recommendation 3);
  • implemented appropriate processes for responding to instances of non-compliance (Recommendation 4); and
  • established sound governance and oversight arrangements for its compliance monitoring function (Recommendation 5).
Conclusion

Environment has implemented Recommendations 1, 3 and 4 from ANAO Audit Report No. 43, 2013–14 and has made progress in implementing Recommendations 2 and 5. As a result, Environment is better placed to provide assurance that approval holders are complying with conditions of approval. Fully implementing Recommendations 2 and 5 from ANAO Audit Report No. 43, 2013–14, addressing areas for improvement identified in this audit and implementing the recommendations arising from departmental reviews should further strengthen Environment’s delivery of regulatory functions.

Areas for improvement

The ANAO identified scope for Environment to improve its monitoring of compliance with conditions of approval, including:

  • enhancements to systems to support effective retention and analysis of compliance information;
  • improving arrangements in relation to the transfer of controlled actions within Environment;
  • strengthening arrangements to ensure that accurate and current data is being used to determine risk ratings; and
  • improving the quality of performance information in relation to the delivery of regulatory functions.

Note a: The coverage of the recommendations in the chapter has been adjusted to align with the compliance continuum.

Have sound arrangements been established for transferring approved controlled actions? (Recommendation 2)

Recommendation 2 has been partially implemented. Environment has established procedures for the transfer of responsibility for approved controlled actions from environment assessment branches to post approval monitoring teams and routinely monitors the transfer process. However, the established procedures included inconsistent guidance to staff and transfers were not occurring in accordance with established timelines. Further, limited documentation outlining the reasons for the retention of some controlled actions by assessment branches means that Environment is not well placed to demonstrate that the transfer process is operating effectively and, ultimately, that all approved controlled actions are subject to appropriate compliance activity.

2.1 Once a controlled action is approved by the Minister, responsibility is to be transferred from the environment assessment branches to the Compliance and Enforcement Branch. In the previous audit, the ANAO found that:

  • notwithstanding the establishment of a transfer protocol, approximately 20 per cent (119 of 635) of approved controlled actions had been retained by the environment assessment branches for extended periods of time without clear justification for doing so9; and
  • approved controlled actions that were not transferred were less likely to receive sufficient compliance monitoring activity.

2.2 On this basis, Recommendation 2 aimed to strengthen transfer protocols to help ensure that approved controlled actions were subject to appropriate compliance monitoring, with controlled actions remaining with assessment teams only in those circumstances where there was a specific need. In response to this recommendation, Environment established procedures that require approved projects to be transferred from environment assessment branches to the Compliance and Enforcement Branch within one week of the date of approval. Further, the timely transfer of approved actions was to be monitored through weekly reports that were designed to inform senior managers of the: action’s title; type of activity (such as residential development or coal seam gas development); project section; assigned officer; case and status dates; and action(s) taken to implement the transfer.

2.3 The ANAO reviewed the arrangements established by Environment10 and found that:

  • the timeframe established for transferring approved controlled actions to the Post Approval Section was not being met in the majority of cases examined11;
  • the procedures established to govern the transfer process were inconsistent; and
  • weekly status reports did not sufficiently explain the reasons why approved controlled actions had been retained by assessment teams.

2.4 Given the risk identified in the earlier audit relating to approved controlled actions retained by assessment teams being less likely to receive sufficient compliance monitoring coverage, further work is required by Environment to ensure that responsibility for all approved controlled actions is clearly assigned and that they are subject to appropriate compliance activity.

Management of approved controlled actions that had not been transferred when the previous audit was conducted

2.5 In evidence to the Joint Committee of Public Accounts and Audit’s (JCPAA’s) inquiry into the previous audit, Environment advised the committee that all legacy approved controlled actions had been transferred to the Compliance Monitoring Team by June 2014. Records retained by Environment indicate that there had been a substantive reduction in the number of legacy controlled actions awaiting transfer as of 1 July 2014.12 However, departmental records also indicate that the transfer of legacy controlled actions was ongoing as at 15 September 2014. Further, Environment did not retain evidence to confirm that all actions retained by the assessment area at the time of the previous audit had been transferred to the Compliance and Enforcement Branch.

Has Environment developed an effective compliance intelligence capability and relevant risk factors for approved controlled actions? (Recommendation 1)

Recommendation 1 has been implemented. Environment has established an annual Compliance Monitoring Program, with the development of the program informed by an effective compliance intelligence capability and the application of relevant risk factors for controlled actions. The arrangements that are in place support Environment to identify, analyse and monitor regulatory risks relating to controlled actions and aid in prioritising compliance activities to mitigate these risks. There is further scope for Environment to improve arrangements for the development of the annual programs, including: finalising programs in a more timely manner; and strengthening processes for the collection, retention and analysis of compliance intelligence.

2.6 Compliance intelligence should feed into every aspect of compliance management, including planning, risk assessment, monitoring and enforcement activities. In this regard, the ANAO’s previous audit found that Environment had not established an effective compliance intelligence capability for controlled approved actions some 14 years after the EPBC Act came into force. Recommendation 1 aimed to improve Environment’s assessment and management of risks to matters of national environmental significance (MNES) from approved controlled actions by developing an annual program of compliance activities informed by a structured approach to the collection, retention and analysis of compliance intelligence and the assessment of compliance risks.

2.7 Since 2014, Environment has published annual Compliance Monitoring Programs13, which outline targets for key compliance monitoring activities such as the preparation of Compliance Monitoring Plans for specific controlled actions, audits and site inspections. Environment has, however, experienced delays in finalising its annual compliance programs, with programs endorsed after the year to which they relate has commenced (see Table 2.1). Environment advised that these delays are due to the incorporation of performance information of compliance activities conducted in the previous year into the document. To ensure that the programs are endorsed in a timely manner to enable the appropriate targeting and coordination of compliance activities over the full year, Environment could explore alternate approaches to reporting on the previous year’s performance.

Table 2.1: Delays in approving the annual Compliance Monitoring Programs

Period

Due

Finalised

Extent of delay

2014–2015

1 July 2014

1 August 2014

One month

2015–2016

1 July 2015

6 September 2015

Two months

2016–2017

1 July 2016

21 October 2016

More than three monthsa

       

Note a: Environment’s Regulatory Advisory Panel endorsed the 2016–2017 program on 3 November 2016, with the plan published on Environment’s website on 21 November 2016.

Source: ANAO analysis of departmental information.

Compliance intelligence

2.8 The previous ANAO audit found that there was considerable scope for Environment to improve the collection of relevant intelligence, including from other regulators and post-approval monitoring activities. At that time, intelligence was primarily obtained from post-approval monitoring of reports and plans that approval holders are required to prepare, supplemented by monitoring inspections, compliance audits, engagement with environmental regulators, and contact from members of the public.

2.9 In 2015, Environment reviewed its regulatory intelligence capability. This review highlighted that arrangements had been established to obtain adequate access to the information that the department requires to effectively monitor compliance by regulated entities. For example, since the previous audit Environment has improved its collection of relevant intelligence by:

  • establishing:
    • procedures that require officers to record intelligence identified during post-approval monitoring activities in Environment’s Compliance and Enforcement Management System (CEMS)14;
    • a team to identify activities that are not covered by an approval, but where a breach of the EPBC Act may have occurred. For example, Environment has undertaken compliance-related activities (education, investigations and enforcement actions) in relation to land clearing activities permitted by the Queensland Government, but potentially in breach of the EPBC Act;
    • arrangements to conduct inspections with co-regulators, which provide opportunities to share intelligence data;
    • access to intelligence information collected by Australian Government intelligence-led entities through the National Border Targeting Centre15; and
    • a strategic intelligence capability in 2016 to undertake analyses of operational and tactical intelligence to identify risks relating to categories of entities, clusters, sectors or geographic areas and develop an understanding of environmental risks, drivers and priorities; and
  • accessing and using publicly available information, such as social media, as a source of compliance intelligence.

2.10 Environment’s reliance on hard copy records at the time of the previous audit made information sharing and analysis of compliance intelligence more difficult. While the introduction of an electronic document management system (SPIRE) in 2014 and the expanded use of CEMS has made the analysis of intelligence data more efficient, Environment is unable to retain intelligence information electronically that is classified as ‘Protected’ or above. The review discussed at paragraph 2.9, highlighted that the lack of a Protected-level system also affected Environment’s ability to efficiently access key intelligence sources. In this context, the Regulatory Maturity Project16 has recommended that Environment invest in IT tools for gathering and analysing intelligence, including data sharing with other entities.

2.11 The retention of compliance intelligence that has a ‘Protected’ classification outside of CEMS and in hard copy makes it more difficult for Environment to effectively incorporate this intelligence into its risk analyses. To address system limitations, Environment established an Intelligence Capability Working Group in July 2016 to deliver a series of enhancements to Environment’s IT systems to better support its intelligence capability. Planned enhancements include establishing a ‘Protected’ enclave to allow Environment to store and analyse intelligence information classified up to ‘Protected’. These enhancements are expected to be completed in March 2017.

Risk factors used to assess and rank approved controlled actions

2.12 The previous audit found that Environment: had not identified an appropriate set of relevant risk factors against which approved controlled actions could be assessed and ranked; and did not regularly review the small number of risk factors used at the time. In response to these findings, Environment identified factors for assessing the risks a controlled action poses to matters of national environmental significance (MNES), with this information used to inform the development of the National Environmental Significance Threat and Risk Assessment (NESTRA) tool.17 Environment uses the NESTRA tool to assess and rank (on a risk basis) approved activities, including approved controlled actions.18

2.13 The NESTRA tool incorporates 32 risk factors that are used to calculate a risk score in the post approval stage for activities. The 32 factors are weighted and reflect the likelihood and consequence of non-compliance impacting MNES. Of these 32 factors: 17 factors relate to the number and type of MNES potentially affected as a consequence of non-compliance; and 15 factors relate to the likelihood that the approval holder would be non-compliant based on the their compliance history (number of enforcement actions, compliance incidents, allegations or infringement notices) as well as the nature, number and complexity of conditions attached to the approval of the controlled action. Following the first year of NESTRA’s use, Environment made a number of amendments to NESTRA risk factors and weightings in mid-2015.

2.14 The risk factors used by the NESTRA tool to calculate the likelihood of non-compliance do not currently incorporate data into the risk assessment relating to the frequency and coverage of monitoring by other government regulators. This is an area that the ANAO has previously identified as being a weakness in Environment’s risk assessment approach.19 This is particularly important given the EPBC Act allows the Minister for the Environment to attach a single condition to an approval that requires the approval holder to comply with state/territory government conditions. In this context, there would be merit in Environment exploring options to incorporate intelligence data collected through other regulators’ compliance monitoring activities into the NESTRA tool. Further, given planned improvements to enable intelligence classified as ‘Protected’ to be stored and analysed electronically, it would be timely for Environment to consider how this data might also be better used to inform risk rankings.

Have appropriate risk-based arrangements for the management of compliance been established? (Recommendation 3)

Recommendation 3 has been implemented. Environment has established appropriate arrangements to manage risks to compliance with conditions of approval, primarily through: the revision of guidance material for staff; targeting of compliance monitoring activities to high risk actions; and the improved coordination of compliance monitoring activities across the population of controlled actions. There would be merit in strengthening arrangements to ensure that compliance monitoring activities are delivering an appropriate level of assurance against a clearly articulated risk appetite and tolerances and that accurate data is being used to determine risk ratings and to direct compliance activities.

2.15 The previous audit concluded that Environment had limited assurance regarding approval holders’ compliance with their approval conditions due to inadequate monitoring arrangements. Recommendation 3 aimed to improve guidance to staff on the importance of documenting the assessment and approval of materials submitted by approval holders and to establish an effective risk-based and coordinated approach to Environment’s compliance monitoring activities.

Assessment and/or approval of material submitted by approval holders

2.16 The conditions that are attached to the approval of a controlled action may require:

  • approval holders to submit/make publicly available management plans20 and compliance and monitoring reports demonstrating that conditions are being met; and
  • Environment to assess and/or approve the material submitted.

2.17 The previous audit found that Environment’s assessment of material submitted by approval holders was not appropriate or adequate in terms of timeliness and rigour, with issues also identified in the documentation of the assessments undertaken. To address these issues, the ANAO recommended that relevant standard operating procedures be reviewed, with the requirement to document the assessment and approval of material submitted by approval holders to be reinforced to departmental staff.

2.18 Environment has reviewed its standard operating procedures for the approval of project documents and compliance monitoring. The revised procedures reinforce to staff the need for the assessment and approval of material submitted by approval holders to be appropriately documented. Further, the Management Plan Approval Coversheet that was introduced by Environment in August 2016 to improve workflow processes includes a quality assurance checklist that highlights the need for staff to comply with established procedural requirements when assessing plans. Environment has established a process to verify officers’ compliance with procedures, but is yet to routinely assess officers’ adherence to the revised standard operating procedures.

2.19 As was the case when the ANAO conducted the previous audit, a key challenge for Environment in effectively monitoring compliance with conditions of approval is the limited visibility of report submission due dates. Environment’s IT systems contain limited information in relation to key dates for controlled actions (such as commencement dates), but do not have the functionality to enable reporting milestones to be recorded. Notwithstanding the establishment of manual processes to monitor submission dates, there would be benefits in Environment improving arrangements for the monitoring of approval holders’ compliance with report requirements.

Assessment and approval of management plans

2.20 The ANAO selected a sample of 87 approved controlled actions to examine the assessment and approval of management plans received between 1 July 2014 and 30 June 2016. Of the 87 controlled actions sampled, 56 approvals included conditions that required management plans to be approved by the Minister or by Environment. For these 56 approved controlled actions, 11 management plans were submitted between 1 July 2014 and 30 June 2016 in relation to eight approved controlled actions. It was not clear from departmental records whether all approval holders had submitted plans as required across the period reviewed by the ANAO.

2.21 All 11 plans received by Environment were submitted in a timely manner. Environment’s records included evidence of the assessment and approval of nine of the 11 plans.21 The ANAO noted that for one approval (two plans) the approval holders would not be able to implement the plans as required due to the time taken by the department to review the plans.22

Review of compliance and monitoring reports

2.22 During 2014–15, Environment aimed to review all compliance and monitoring reports that were required to be submitted by approval holders. Of the 253 reports submitted, 120 were reviewed (48 per cent). In relation to the 87 controlled actions selected in the ANAO’s sample, 30 approvals included conditions that required compliance and monitoring reports or compliance certificates to be submitted to Environment. In relation to these 30, Environment received 11 reports during 2014–15 and reviewed seven reports. Due to limitations in Environment’s data, it was unclear whether the 11 reports received were the total number of reports that were due.

2.23 In 2015–16, Environment focused its resources on reviewing compliance and monitoring reports for high risk controlled actions. Environment advised the ANAO that it had met this objective, as it had reviewed all 70 annual compliance reports and monitoring reports submitted for high risk projects. In relation to the ANAO’s sample, three reports had been submitted for high risk controlled actions and evidence was retained to indicate that all three reports had been reviewed by departmental officers.

Targeting monitoring activities to high risk controlled actions

2.24 Environment uses the NESTRA tool to assess and rank controlled actions according to the risk posed to MNES bi-annually. On the basis of the resulting NESTRA ranking, Environment categorises controlled actions as ‘high’, ‘medium’ and ‘low’ and records this information in a Compliance Monitoring Spreadsheet (the ‘tracker‘ spreadsheet). The tracker spreadsheet also contains data about the type of controlled action, approval dates and is used to record the status of compliance monitoring activities that have been conducted. As at August 2016, the 850 controlled actions recorded in the tracker spreadsheet comprised 111 (13 per cent) high risk, 354 (42 per cent) medium risk, and 385 (45 per cent) low risk.23

2.25 The annual Compliance Monitoring Program outlines Environment’s intended coverage of monitoring activities and advised approval holders of its focus on high risk controlled actions. Environment’s approach to targeting high risk controlled actions in 2016–17 is outlined in Table 2.2.24

Table 2.2: Compliance monitoring coverage for high, medium and low risk approved controlled actions, 2016–17

Activity

High risk projects

Medium risk projects

Low risk projects

Compliance Monitoring Plan prepared

All

For new approvals or where selected for a random inspection or audit

Monitoring Inspection

At least 30%a

At least 70 other risk rated controlled actions

Compliance Audit

5%b

Only where selected for a random audit

Review Annual Compliance Reports

All

-

-

       

Note a: This equates to approximately 33 controlled actions.

Note b: This equates to approximately five controlled actions.

Source: ANAO analysis of Environment’s 2016–17 Compliance Monitoring Program.

2.26 Using the tracker spreadsheets, Environment can analyse controlled actions on a sectoral (such as, the mining, energy, construction, and transport sectors) and geographical basis to identify where there are groups of high risk controlled actions. This information is subsequently incorporated into compliance monitoring programs. For example, the 2015–16 Compliance Monitoring Program identified common challenges by sector and priority regions for additional focus. Environment has conducted industry outreach activities to raise awareness of common compliance issues as well as targeted compliance monitoring activities towards identified priority regions and sectors.

2.27 The NESTRA tool has helped Environment to better direct compliance monitoring activities to those controlled actions that have been assessed as presenting a high risk. Environment could further enhance its approach by setting a risk tolerance for compliance activities associated with approved controlled actions to ensure its compliance monitoring activities are delivering an appropriate level of assurance against its risk appetite and tolerance.25 The ANAO has made a recommendation in Chapter 3 to this end.

Data quality underpinning the NESTRA tool

2.28 The establishment of risk ratings calculated from the NESTRA tool is reliant on the quality of compliance data incorporated into the ‘load file’ for the tool. At present, these files are manually populated by departmental officers and require data to be collected from a number of sources and subsequently interpreted. A key mechanism for reviewing the accuracy of data in the load file is the development of a Compliance Monitoring Plan, as data is updated and recorded for each risk factor when these plans are prepared or reviewed.26

2.29 Of the 850 approved controlled actions identified in Environment’s tracker spreadsheet as at August 2016, there was a current Compliance Monitoring Plan for 95 of the 111 high risk controlled actions and 98 of the 739 medium and low risk controlled actions. In relation to the 657 controlled actions where there was not a current plan, the load files for these actions may not have been checked since July 2014 (when the NESTRA tool was first introduced). As a consequence, there is an increased risk of inaccurate NESTRA ratings for the 657 controlled actions that do not have a current plan, with compliance activities potentially misdirected as a result.27 Given the reliance placed on the NESTRA ratings when determining compliance coverage, there would be merit in Environment undertaking spot checks of the accuracy of data inputs to the tool for medium and low risk controlled actions.

Coordinating compliance monitoring activities

2.30 The ANAO’s previous audit found that overall, the monitoring undertaken by Environment for controlled actions had been insufficient to determine approval holders’ compliance with conditions of approval. A coordinated approach to compliance monitoring involves a range of tools to provide ongoing assurance that approval holders comply with the conditions attached to an approval.

2.31 As previously noted, Environment has implemented a risk-based approach to compliance monitoring activities that is informed by the risk ratings derived from the NESTRA risk assessment. Environment obtains assurance that approval holders comply with conditions attached to an approval by:

  • requiring approval holders to publicly release material and providing mechanisms for project stakeholders to report non-compliance;
  • reviewing materials that approval holders are required to prepare, including reports and plans; and
  • conducting monitoring of approval holders’ adherence to the conditions of approval through inspections and compliance audits.

2.32 Approvals for controlled actions may be current for a significant period of time. In the absence of an effective management information system from which key compliance dates and data can be extracted to aid the coordination of compliance monitoring activities, Environment manually prepares Compliance Monitoring Plans to assist in the management of its compliance activities. Each plan is current for 12 months and provides a snapshot of key monitoring data, including the: status of a controlled action; number of management plans required; details of environmental offsets28; monitoring requirements; and current listing status of species.29

2.33 Compliance monitoring activities conducted for each controlled action, including the preparation of Compliance Monitoring Plans, are recorded in the ‘tracker’ spreadsheet.30 From its tracker spreadsheets, Environment can identify, monitor and report on the extent of compliance monitoring coverage achieved for each controlled action. While the preparation of Compliance Monitoring Plans and the use of the ‘tracker’ spreadsheet are practical workarounds, the efficiency and effectiveness of Environment’s compliance monitoring across the lifespan of approved controlled actions is limited by the lack of an appropriate IT system.31

Have appropriate processes for responding to instances of non-compliance been implemented? (Recommendation 4)

Recommendation 4 has been implemented. Environment has established appropriate processes for responding to non-compliance, with: guidance that requires departmental officers to centrally record all instances of non-compliance that are identified; and the establishment and operation of a Regulatory Advisory Panel that has enhanced the consistency of Environment’s decision-making in relation to compliance and enforcement actions. The introduction of the panel has also led to improvements in the documentation underpinning decisions. There would be merit in Environment improving the arrangements in place to monitor the recording of non-compliance incidents and reviewing the roles and responsibilities for the panel and delegated decision-makers.

2.34 At the time of the previous audit, Environment’s processes did not require information on potential non-compliance with conditions of approval to be recorded centrally. Further, where enforcement actions had been taken to address non-compliance, the audit found that there was scope for Environment to better demonstrate the consistency of its decision-making by improving the documentation of reasons: to explicitly address the factors to be considered when determining an appropriate response as outlined in the Regulatory Compliance Manual32; and by including comparisons of how the proposed enforcement action corresponded to recent decisions for relevant past cases. Recommendation 4 aimed to improve Environment’s processes for responding to non-compliance.

Recording non-compliance

2.35 Environment has developed procedures outlining the manner in which departmental officers are to manage approval holders’ non-compliance with conditions of approval. These procedures reinforce the importance of: officers reporting all identified instances of non-compliance; and recording all incidents (which may or may not require a response) centrally in the CEMS database.33 Further, Environment has established an internal key performance indicator in its annual Branch Plan covering the recording of identified non-compliance, with the target set at 100 per cent.34 The documentation retained by Environment indicates that reporting against this target during 2015–16 was limited to February and March when the target was reported as met.35 However, the basis for Environment’s assessment of its performance against the indicator was not documented, such as information on any verification sampling or review work that was undertaken. Environment should ensure that robust arrangements are in place to effectively monitor and report against established performance indicators.

Documenting reasons for enforcement actions

2.36 The documentation of reasons for enforcement actions taken by Environment (such as using coercive powers, decisions to refer a matter to the Commonwealth Director of Public Prosecutions or decisions to commence civil proceedings) has been enhanced through the establishment of the Regulatory Advisory Panel.36 The panel has been established to provide guidance, advice and recommendations to Environment’s regulatory decision-makers. Its role includes providing oversight of high risk operational decisions proposed by regulatory line areas and endorsing strategic approaches.

2.37 To obtain the panel’s advice about compliance activities to be undertaken for a controlled action, officers are required to submit a template-based briefing paper. The template requires officers to identify, among other details, the factors considered in proposing the action and relevant past cases.37 The panel’s consideration and endorsement of the proposed approach is to be recorded on the briefing paper and a summary is to be captured in relevant meeting minutes.

2.38 The minutes from 20 panel meetings covering the period from May 2015 to July 2016 indicate that the panel’s advice was sought by several areas of Environment in relation to a range of matters, including: consultation and endorsement of compliance and enforcement related policy documentation; endorsement of investigation approaches, such as applications for warrants; and grant program related fraud investigations. The breadth of compliance related actions considered by the panel contributes to greater consistency in relation to regulatory action taken across Environment.

Roles and responsibilities

2.39 The responsibility for decisions relating to compliance and enforcement actions is assigned to delegated senior managers within Environment, with the Regulatory Advisory Panel responsible for providing advice and for ‘endorsing’ proposed enforcement actions. In those circumstances where the decision-maker does not follow the panel’s endorsed course of action, they are required to provide the panel with details of the decision taken and the supporting rationale. In the period from May 2015 to July 2016, the panel minutes reviewed by the ANAO did not include any instances where a decision-maker advised that they had taken a decision that had not previously been endorsed by the panel.

2.40 The panel comprises departmental officers with experience in regulatory activity. In some circumstances, the delegated decision-maker is also a member of the panel. While this approach capitalises on the skills and experience of officers from across Environment, it has the potential to confuse the roles and responsibilities of the delegated decision-maker and of the panel. Further, the role of the panel in ‘endorsing’ a proposed course of action as opposed to a role of ‘recommending’ a course of action to the decision-maker also has the potential to confuse decision-making in relation to compliance and enforcement actions. As such, there would be merit in Environment reviewing the roles and responsibilities of the Regulatory Advisory Panel and decision-makers in relation to compliance and enforcement actions.

Has Environment established functional support systems and appropriate performance monitoring and reporting arrangements? (Recommendation 5)

Recommendation 5 has been partially implemented. Environment has improved its arrangements to monitor and report on compliance activities, but continuing IT system functionality limitations impact on Environment’s ability to effectively and efficiently monitor its regulatory performance. Further: internal report arrangements do not provide timely and targeted information on the performance of the compliance function; and performance information reported externally by Environment does not currently provide stakeholders with sufficient insights into the extent to which compliance monitoring activities have been effective in protecting the environment from significant impacts.

2.41 The previous audit found that Environment’s expanded use of IT systems to support regulatory activities had delivered mixed results and that its management of hard copy records did not effectively support the compliance monitoring function. In addition, the audit found that there was scope for Environment to improve its performance monitoring and reporting arrangements for its compliance function. Recommendation 5 was aimed at strengthening support systems and improving Environment’s approach to performance monitoring and reporting.

Records management practices

2.42 The previous audit found that the records necessary for officers to effectively and efficiently monitor approval holders’ compliance with conditions of approval and to demonstrate management activities that had been undertaken were not maintained and/or could not be retrieved efficiently. In July 2014, Environment introduced an electronic document management system (SPIRE). This new system has search functionality, which has improved the management of compliance related documentation within Environment. However, pre-existing hard copy records and network drive files were not migrated to SPIRE. As a consequence, these records along with those retained on SPIRE are required to be reviewed by compliance staff in order to gain a ‘complete picture’ of an approval holder’s pre-July 2014 compliance history. There would be merit in Environment reviewing the cost and benefits of retaining information in a more accessible format.

IT systems

2.43 The two IT systems that were used by Environment for the management of regulatory information at the time of the previous audit were the:

  • Compliance and Enforcement Management System (CEMS), which supports workflow management and the recording and investigation of potential non-compliance and enforcement actions. The previous audit found that the usefulness of the query and reporting functionality of CEMS was reduced because incidents of non-compliance were not being recorded in CEMS and the links between actions, approval holders, related entities and major contractors had not been fully established; and
  • Chapter 4 database, which supported Environment’s monitoring of approved controlled actions. The previous audit found that functional limitations had led officers to establish a number of workarounds. This system is no longer used by the Compliance and Enforcement Branch.

2.44 In relation to the CEMS database, Environment has taken steps to address the data quality issues previously noted by the ANAO and improvements to CEMS’ functionality are expected to be in place by March 2017.38 As outlined earlier, current guidance reinforces the need for departmental officers to centrally record all instances of non-compliance that are identified.39 Environment’s guidance also outlines the manner in which records retained in CEMS are to be linked to other relevant information. Linked data is used by Environment to incorporate information about infringement notices and civil or criminal actions relating to an approval holder’s other approval(s) into the NESTRA tool.40

2.45 In 2015, Environment replaced the Chapter 4 database with the Environmental Impact Assessment System (EIAS). Similar to the ANAO’s finding in the previous audit, given limited functionality of IT systems, departmental officers have developed a number of workarounds (usually spreadsheet based ‘trackers’) to undertake monitoring activities and to inform management reporting on compliance activities. In this context, the Regulatory Maturity Project report included a recommendation regarding IT systems, highlighting the need for Environment to invest in an end-to-end IT system as a high priority. The department accepted this recommendation and advised that it was increasing its investment in IT systems and products.

Internal management reporting

2.46 The previous report noted that senior departmental management had limited visibility of the activities, outputs and performance of the compliance monitoring function. In response to this finding, the ANAO recommended that Environment improve the frequency and coverage of management reporting relating to the activities undertaken to monitor compliance.

2.47 Environment’s Executive is informed of the Compliance and Enforcement Branch’s performance bi-annually through divisional-level reports, which are cleared by the First Assistant Secretary of the Environment Standards Division. The reports provide information on the:

  • number of allegations of non-compliance being investigated under the EPBC Act;
  • number of inspections conducted of NESTRA high risk projects against target;
  • status of the branch’s deliverable—‘undertaken risk based compliance and enforcement activities to support regulation under the EPBC Act […]’; and
  • results against performance measures and any concerns in relation to performance measures.

2.48 While these reports provide information on the quantum of key compliance monitoring activities conducted, they provided limited visibility of the branch’s activities, outputs and performance due to the high level nature of the information provided. In particular, a performance measure has not been established relating to the branch’s performance regarding the effectiveness of their monitoring of approval holders’ compliance with conditions of approval.

2.49 The previous report noted that the branch reviewed its activities and outputs on a quarterly basis. The performance expectations for departmental branches within Environment are initially set out as part of each branch’s annual business plan. The Compliance and Enforcement Branch’s Business Plan for 2014–15, 2015–16 and 2016–17 set out:

  • the role, objectives, priorities, key risks and measures of success for the branch;
  • key deliverables, including the implementation of the compliance monitoring program; and
  • key performance indicators (KPIs).

2.50 The KPIs established for the branch and sections within the branch comprise targets for the number of activities to be conducted to implement the annual Compliance Monitoring Program. For example, targets in the 2016–17 branch plan include: ‘compliance plans are to be developed for all EPBC Act projects identified through NESTRA as high risk’; and ‘at least 30 per cent of NESTRA high risk projects are to be the subject of a compliance monitoring inspection’. The previous report noted that the inclusion of information about the number and type of non-compliance identified or the frequency of Environment’s contact with high risk approval holders would better demonstrate the active monitoring of approved controlled actions.41 To date, targets relating to the types of non-compliance identified and the frequency of contact with high risk approval holders have not been included in the branch’s business plans.

2.51 Records retained by Environment indicate that reporting against the branch’s 2015–16 Business Plan was limited with the department:

  • advising that it did not undertake reporting in Quarter 1 because the relevant branch business plan was not approved until November 2015;
  • placing reliance on the less detailed reporting prepared for the divisional-level performance reports for Quarter 2 and 4; and
  • providing a detailed report against the branch plan’s KPIs for February-March (referred to as Quarter 3) 2016 only.

2.52 The branch’s limited reporting due to the delayed finalisation of the branch plan, as well as the reliance on the divisional level reports across the year reduces the visibility of trends in activities across the year. The ANAO notes that the 2016–17 Branch Plan was also approved in Quarter 2 (21 October 2016). There would be merit in Environment establishing fit-for-purpose reporting arrangements that provide departmental management with timely and targeted information on the performance of the compliance function.

External performance reporting

2.53 The previous audit concluded that the establishment of, and reporting against, improved performance measures was necessary to better position Environment to demonstrate to external stakeholders that it was appropriately regulating approved controlled actions.42 In April 2016, the Regulatory Maturity Project report also recommended that Environment develop robust and measurable objectives and KPIs relating to its regulatory activities.

2.54 There is further work required from Environment to address this recommendation and the recommendation arising from the Regulatory Maturity Project, as reported performance in Environment’s annual reports remains focused on the activity level rather than demonstrating the effectiveness or impact of compliance monitoring activities in protecting the environment from significant impacts due to controlled actions. The indicators, deliverables and the information reported for 2013–14, 2014–15 and 2015–16 are outlined in Table 2.3.

Table 2.3: External performance reporting

Year

Indicator/deliverable

Performance reported

2013–14

Key Performance Indicator: All reported compliance incidents under the EPBC Act and the Sea Dumping Act are assessed or investigated within statutory timeframes.

Achieved.

  • All allegations of non-compliance under Part 3 and Part 13A of the EPBC Act were considered.
  • 364 potential breaches of Part 3 of the EPBC Act were examined.

2014–15

Program deliverable: Undertake risk based compliance and enforcement activities to support regulation under the EPBC Act and Sea Dumping Act.

No relevant Key Performance Indicator

Achieved.

  • Developed and implemented NESTRA.
  • Published and implemented an annual compliance plan.
  • Implemented a quality assurance framework.

Program deliverable: Ensure environmental regulation is effective by reviewing all allegations of non-compliance under the EPBC Act and Sea Dumping Act and investigating as appropriate.

Achieved.

  • All allegations of non-compliance under Part 3 and Part 13A of the EPBC Act were considered.
  • 275 potential breaches of Part 3 of the EPBC Act were examined.

2015–16

Program deliverable:

  • Undertake risk based compliance and enforcement activities to support regulation under the EPBC Act and the Environment Protection (Sea Dumping) Act 1981.
  • At least 20 per cent of high risk post approval projects, identified using the NESTRA model, are actively managed to ensure compliance with project conditions.
  • All allegations of non-compliance under the EPBC and Sea Dumping Acts are investigated.

No relevant Key Performance Indicator

  • During 2015–16, at least 20 per cent of higher-risk projects identified by the NESTRA tool were inspected to ensure compliance with project conditions.
  • Twenty-nine high risk projects were subject to a compliance monitoring inspection, and all compliance and monitoring reports submitted for high risk projects were reviewed.
  • Its compliance and enforcement activities remained of a high standard, playing a very significant part in ensuring that objectives of legislation are met.
     

Source: ANAO analysis of Environment’s Annual Reports for 2014–15 and 2015–16.

2.55 In addition to information about regulatory performance provided in its Annual Report, Environment’s annual Compliance Monitoring Program outlines the number and type of compliance monitoring activities planned for the year and reports on achievements against the plan in the subsequent year’s program.43 The ANAO reviewed the activities planned by Environment for 2015–16 and the achievements subsequently reported in the 2016–17 program and found that there is scope for Environment to report more clearly on whether planned activities were achieved or not. For example, while the department indicated it would develop compliance plans for 20 per cent of high risk projects (approximately 20 projects), it subsequently reported that it had developed compliance plans for 104 projects. Reporting would be clearer and more meaningful if Environment confirmed that the 104 plans prepared included plans for the targeted number of high risk projects.

2.56 As of 2015–16, Environment is also required to publicly report against the Regulator Performance Framework that is intended to increase the transparency and accountability of Commonwealth regulators.44 The first assessment period covers the 2015–16 financial year, with regulators required to self-assess their regulatory performance and administration against six KPIs. Environment’s self-assessment for 2015–1645 applied to all regulatory responsibilities of the department, including the regulation of approved controlled actions. Environment reported that its regulatory performance was:

  • maturing to well established in relation to risk managed proportionate actions (KPI 3) and its compliance and monitoring approaches (KPI 4);
  • maturing in relation to its impact on the efficient operation of regulated entities (KPI 1) and how it communicates and engages with regulated entities (KPI 2 and KPI 5); and
  • developing in relation to actively improving its regulatory frameworks (KPI 6).

2.57 The framework also requires regulators’ self-assessments to be validated by external stakeholders. Four stakeholder organisations provided feedback on Environment’s self-assessment. The department reported that the feedback was generally positive and that stakeholders requested that future assessments include more detail about the performance of individual regulatory regimes and better performance information to help track regulatory improvements over time. The inclusion of more detail about the contribution of individual regulatory regimes towards the rating for each KPI would better support the validation of the department’s assessment by external stakeholders who may not be familiar with all aspects of Environment’s regulatory responsibilities.

3. Initiatives to strengthen regulatory performance

Areas examined

The ANAO examined the Department of the Environment and Energy’s (Environment’s) progress in implementing initiatives to improve its regulatory performance, including: the five-year Regulatory Capability Development Program; and the conduct of a structured departmental-wide risk assessment of regulatory activities to inform regulatory settings and resourcing decisions.

Conclusion

Environment had made limited progress to address identified shortcomings in its regulatory activities through its five-year Regulatory Capability Development Program prior to the early termination of the program in December 2015. A subsequent Regulatory Maturity Project, which was finalised in April 2016, identified further options to strengthen the delivery of Environment’s regulatory activities, with a number of recommendations made to address weaknesses that had previously been identified by internal and external audit coverage. As was also highlighted by previous ANAO audit coverage, the project identified that Environment is yet to undertake a structured departmental-wide risk assessment of its regulatory activities to inform its regulatory settings and resourcing decisions. Environment has committed to implement the recommendations of the project.

Recommendation and areas for improvement

The ANAO has made one recommendation aimed at aligning the level of assurance obtained through Environment’s compliance monitoring program with the risk appetite that is to be articulated by Environment.

Given the limited progress made on the earlier Regulatory Capability Development Program, the need for effective oversight arrangements to be established to monitor progress of the implementation of the Regulatory Maturity Project’s recommendations was identified as an area for improvement.

3.1 The ANAO’s previous performance audit noted that the Regulatory Capability Development Program was part of a broad body of work that Environment had initiated to address identified shortcomings in its regulation of approved controlled actions. Shortcomings, identified in an earlier 2013 internal audit of Environment’s management of its compliance and enforcement program, included that regulatory activities and resourcing needed to be targeted according to a risk-based assessment of all departmental legislation containing regulatory provisions.

3.2 In 2015, the ANAO’s performance audit of wildlife regulation46 found that Environment’s implementation of the Regulatory Capability Development Program had been slower than expected. The ANAO’s performance audit of wildlife regulation also found that Environment’s settings and resourcing decisions for wildlife regulation had not been informed by a structured departmental-wide risk assessment of its regulatory activities.47 Such an assessment would have better positioned Environment to make informed decisions about the regulatory settings to apply and the resourcing to allocate to its regulatory functions.

Has Environment appropriately progressed its Regulatory Capability Development Program?

Environment made limited progress on the achievement of the objectives established for its Regulatory Capability Development Program prior to the early termination of the program in December 2015. The subsequent completion of a Regulatory Maturity Project has provided Environment with a broad range of recommendations to strengthen the delivery of its regulatory functions. In light of the issues encountered when implementing the earlier program, Environment should take steps to appropriately support the implementation of the recommendations made in the project report.

3.3 The business case for the five-year Regulatory Capability Development Program was endorsed by Environment’s Executive in September 2013 with the objective of: establishing a comprehensive regulatory compliance framework, supporting the entire regulatory spectrum, from regime design through to litigation and enforcement; and enabling Environment to undertake an integrated and risk-based approach to advance Environment’s regulatory maturation.

3.4 The program was designed to deliver this objective over four project phases:

  • Phase 1: planning and support (to be completed by January 2014);
  • Phase 2: response to Environment’s 2013 internal audit and structural benefits to departmental areas (to be completed by 1 July 2014);
  • Phase 3: line area benefits and regulatory capability building (to be completed by end of October 2015); and
  • Phase 4: future positioning (to be completed by end of 2018).

3.5 Activities were aligned to six streams of activity: organisation and culture; regulatory design; regulation; regulatory compliance; litigation and enforcement; and awareness, communication and education. The total cost of delivery was initially budgeted at $1.97 million, which was subsequently revised down to $1.7 million. Environment advised that $1.03 million had been expended.

3.6 The governance arrangements for the program included a Program Board comprised of senior officers that reported on progress to Environment’s Executive Board and to Environment’s Audit Committee. Initially, a specific team was established to manage program delivery and provide secretariat services to the Program Board.

Progress made prior to the program’s closure

3.7 Environment advised the ANAO that, following the decision to undertake an assessment of Environment’s regulatory maturity, the Regulatory Capability Development Program and the Project Board ceased on 17 December 2015. Environment had not retained evidence of the program’s closure arrangements or the date on which the project had been closed.

3.8 Prior to the termination of the program, some elements had been progressed (see Figure 3.1).

Figure 3.1: Key steps and changes made prior to the termination of the Regulatory Capability Development Program

Key steps and changes made prior to the termination of the Regulatory Capability Development Program

Source: ANAO analysis of departmental data.

3.9 The records retained by Environment indicate that the department’s Executive was advised that all Phase 1 projects were nearing completion in February 2015, including:

  • updates to the Compliance and Enforcement Policy;
  • the introduction of reporting requirements, whereby the Regulatory Advisory Panel would inform the Governance and Performance Committee or the Executive Board of trends and issues related to regulatory issues and practice management. This was to help Environment to capture, identify and monitor changes impacting regulatory compliance; and
  • updates to the Regulatory Compliance Manual.

3.10 While a Program Plan was developed for Phase 2, departmental records do not indicate the extent of progress against the plan. Further, departmental records indicated that the Project Board did not meet for an extended period prior to the program being terminated in December 2015.

3.11 As of November 2016, Environment had not undertaken an evaluation of the program or documented any lessons learned from its implementation.48 The findings of the subsequent Regulatory Maturity Project indicate that the Regulatory Capability Development Program was not effective in meeting its objectives. Among other findings, the project concluded that Environment: did not have an overarching regulatory posture and that there were opportunities to improve regulatory governance structures; and did not have a systematic approach for identifying and managing risk across regulatory functions or across Environment. The project report made 37 recommendations, including that Environment develop a new regulatory framework (a key objective of the original program) and five recommendations to improve Environment’s approach to risk.

3.12 In light of the limited progress made by the Regulatory Capability Development Program and its early termination, Environment should take steps to appropriately support the implementation of the recommendations made in the Regulatory Maturity Project report. This includes establishing robust governance arrangements, including regular and timely performance reporting to the Executive Board to enable oversight of delivery. To this end, the departmental Secretary has committed to improving Environment’s internal practices and capability as a regulator.49

Has Environment undertaken a structured departmental-wide risk assessment of its regulatory activities?

Environment has not undertaken a structured departmental-wide risk assessment of its regulatory activities to inform its resourcing decisions. Environment has agreed to the recommendation to undertake such an assessment in response to the Regulatory Maturity Project.

3.13 Environment advised the ANAO that it is yet to undertake a structured departmental-wide risk assessment of its regulatory activities to inform its regulatory settings and resourcing decisions. Environment did, however, cite its pilot of a ‘zero-based budgeting’ approach across all departmental activities for the 2016–17 budget as an avenue that Environment is exploring to better direct its resources.50 This approach involved departmental branches ‘justifying’ their expenses based on task priority. While acknowledging the insights gained from piloting a new budgeting approach, Environment would benefit from a clearer understanding of the relative regulatory risks of each regulatory function through a structured assessment as outlined previously by the ANAO.

3.14 Similar to the finding outlined in the ANAO audit of wildlife regulation, the Regulatory Maturity Project also commented on the lack of a structured departmental-wide risk assessment of regulatory activities within Environment. The absence of such an assessment made it difficult for Environment to obtain assurance that its resources are being appropriately allocated according to risk. On this basis, the project report included five recommendations designed to equip Environment with a better understanding of risks across regulatory functions and across Environment.51 In particular, the Regulatory Maturity Project report recommended that Environment:

  • review its Risk Management Framework;
  • analyse risk across its regulatory activities;
  • systematically allocate resources proportionate to risk;
  • utilise intelligence for gathering data and analysing risks; and
  • improve its external communication of risk.

3.15 Environment has agreed to implement these recommendations, with some actions taken during the conduct of the project to assist in building its understanding of departmental risks. These actions included the establishment of the following two new positions:

  • Chief Risk Officer (December 2015) whose role is to facilitate a coordinated approach to risk management across Environment and to act as an agent for change to further strengthen Environment’s risk culture and to ensure risks are effectively identified and managed; and
  • Strategic Intelligence Manager (August 2016) whose role is to build strategic intelligence capability into risk management and prioritisation frameworks.

3.16 As part of its assessment of Environment’s risk management functions, the Regulatory Maturity Project noted that Environment did not have a well-defined or communicated risk appetite. According to the Commonwealth Risk Management Policy, which was released on 1 July 2014, an entity must establish, endorse and maintain an entity specific risk management policy that defines the entity’s risk appetite and risk tolerance. The project report’s recommendations required that a risk appetite be established as part of the new regulatory framework and consistently communicated and reinforced as part of revisions to the risk framework.

3.17 Environment has subsequently outlined its risk appetite and tolerances in its Corporate Plan 2016–17. The ANAO notes that the department has reflected its risk appetite and tolerances broadly in the Corporate Plan, but that the level of risk tolerated varies across the department depending on the operating environment, the nature of the work being undertaken and the acceptance for loss in the pursuit of delivering the activity. In this context there would be merit in the department clearly articulating the risk appetite and tolerance relating to its regulatory activities and routinely reviewing its compliance monitoring approach to ensure that settings are providing an appropriate level of assurance to address Environment’s articulated risk appetite and tolerances.

Recommendation No.1

3.18 The Department of the Environment and Energy should routinely review its compliance monitoring approach to ensure that an appropriate level of assurance is obtained relative to the risk appetite and tolerances specified.

Department of the Environment and Energy’s response: Agreed.

Appendices

Appendix 1 Department of the Environment and Energy’s response

Footnotes

1 The project report and Environment’s response were released on the department’s website on 21 November 2016. Available from: <www.environment.gov.au> [accessed 28 November 2016].

2 Part 3, Environment Protection and Biodiversity Conservation Act 1999, prohibits the undertaking of an action without approval from the Minister for the Environment that is likely to have a significant impact on MNES.

3 The Minister may decide that the action is a ‘controlled action’ and can apply conditions to avoid, mitigate or offset (compensate) for the action’s impact(s) on MNES.

4 In addition to the management of compliance with conditions attached to EPBC Act approved controlled actions, the Compliance and Enforcement Branch is also responsible for the regulation of other actions approved under EPBC Act Parts 7, 9, 10 and 13, the Environment Protection (Sea Dumping) Act 1981, the Fuel Quality Standards Act 2000 and the Ozone Protection and Synthetic Greenhouse Gas Management Act 1989.

5 Joint Committee of Public Accounts and Audit, Report No. 447, EPBC Act, Cyber Security, Mail Screening, ABR and Helicopter Program: Review of Auditor-General Reports Nos 32–54 (2013–14).

6 At the time that the inquiry was conducted, Environment was focused on addressing the Government’s commitment to establishing a One-stop Shop for environmental approvals covering both Commonwealth and state/territory government legislation. The new arrangements were intended to reduce the regulatory burden on proponents. As such, aspects of the JCPAA’s recommendations also related to One-stop Shop arrangements. As of December 2016, the legislation necessary to support the implementation of One-stop Shop arrangements has not been re-introduced for the 45th Parliament’s consideration. On this basis, parts of Recommendations 4, 5 and 6 that were directed towards the One-stop Shop arrangements were not considered within the scope of this audit.

7 Environment engaged Mr Joe Woodward, a former Deputy Director-General of the New South Wales Department of Environment and Climate Change to conduct the review. Mr Woodward was supported by departmental officers.

8 Environment published the Regulatory Maturity Project Final Report and its response to the recommendations on its website on 21 November 2016. Available from: <http://www.environment.gov.au/ epbc/publications/regulatory-maturity-project-final-report> [accessed 28 November 2016].

9 Some controlled actions retained by the environment assessment branches had been approved in 2001.

10 The ANAO examined weekly status reports covering a two month period—4 July 2016 to 29 August 2016 (nine status reports). These reports recorded the transfer status of 13 approved controlled actions.

11 Environment advised that there may be sound reasons for delaying the transfer of controlled actions, for example where subject to legal challenge, and that approved projects that remain with the environment assessment branches may be subject to compliance monitoring activities. However, as discussed later in this section, documentation weaknesses meant that the basis on which approved controlled actions were retained was not generally evident.

12 Departmental records indicate that there were 13 controlled actions with pre-2014 approval dates (approximately 10 per cent of the legacy population) awaiting transfer as at 17 July 2014.

13 Available from: <www.environment.gov.au>.

14 The recording of non-compliance in CEMS is discussed further in paragraph 2.35.

15 The members of the National Border Targeting Centre include the: Department of Immigration and Border Protection, Australian Federal Police, Australian Securities and Investments Commission, Australian Crime Commission, Department of Foreign Affairs and Trade, Department of Agriculture and Water Resources, Office of Transport Security.

16 Discussed previously in paragraphs 1.9–1.11.

17 The NESTRA tool was developed in partnership with the Commonwealth Scientific and Industrial Research Organisation (CSIRO). Environment commenced using the NESTRA tool on 1 July 2014. The CSIRO also assisted Environment with the selection of threat and risk indicators to determine risk rankings.

18 The use of the NESTRA tool is discussed further from paragraph 2.24.

19 ANAO Audit Report No.43 2013–14, paragraph 2.13, p. 48.

20 Conditions may require approval holders to submit for Environment’s approval, plans or other documents that provide detailed information not available during the assessment phase. These documents generally require approval before an element or phase of the project can proceed. For example, environmental management plans, conservation management plans, revegetation or rehabilitation plans, offset management plans, water monitoring and management plans and significant species management plans.

21 The department advised that the remaining two plans did not yet require approval as the project had not commenced.

22 The Regulatory Maturity Project report noted that, alongside a number of risks attached to relying on management plans as a condition of approval, the volume of management plans requiring review exceeded the available resources available within Environment’s compliance teams.

23 The tracker spreadsheet includes controlled actions with expired approvals.

24 The Regulatory Maturity Project noted that Environment targets a significantly lower proportion of high risk projects than other regulatory entities.

25 According to the Commonwealth Risk Management Policy (2014), an entity must establish, endorse and maintain an entity specific risk management policy that defines the entity’s risk appetite and risk tolerance.

26 Compliance monitoring plans are discussed further in paragraphs 2.32–2.33.

27 As discussed previously in paragraph 2.13, the controlled actions are assessed and ranked against 32 risk factors. Many of these risk factors will be static across the life of the controlled action.

28 Environmental offsets are measures that compensate for the residual impacts of an action on the environment and can be required as a condition of approval.

29 Listed threatened species and ecological communities are recognised as a MNES. The listing status and category, for example as critically endangered or vulnerable, can be amended over time following consideration of conservation status.

30 Use of the tracker spreadsheet was previously discussed in paragraph 2.24.

31 Environment’s IT system limitations and the related recommendations made by the Regulatory Maturity Program report are discussed in paragraph 2.45.

32 The Regulatory Compliance Manual has been replaced by the Compliance Procedures Manual. Factors to be considered are also outlined in the new manual.

33 Department of the Environment and Energy, Standard Operating Procedure: Compliance Procedures Manual for Compliance Incidents, 30 June 2014 and Standard Operating Procedure: Non-compliance with Conditions of Approval, 18 August 2016.

34 Similar indicators for EPBC Act related compliance monitoring activity were included in Environment’s Compliance Monitoring Program for 2015–16 and 2016–17.

35 Internal management reporting is discussed further in paragraphs 2.46-2.52.

36 The Regulatory Advisory Panel is chaired by Environment’s General-Counsel and is comprised of officers with experience in: operational regulatory activity, inspection and investigations, legal and litigation and risk management and governance. The panel first met on 21 May 2015.

37 The factors that officers are to consider when determining an appropriate response to non-compliance are outlined in the Standard Operating Procedure: Compliance Procedures Manual for Compliance Incidents.

38 The planned improvements to CEMS are discussed in paragraph 2.11.

39 As previously noted, Environment is yet to establish arrangements to gain assurance that this is occurring.

40 One of the 32 risk factors incorporated into NESTRA is ‘in the last three years, has the approval holder been subject to an infringement notice or civil or criminal action in relation to another approval?’.

41 Australian National Audit Office, op. cit. p. 116, paragraph 5.53.

42 Australian National Audit Office, op. cit. p. 119, paragraph 5.63.

43 As previously noted in paragraph 2.7, annual Compliance Monitoring Programs have been published by Environment since 2014. These plans outline a risk-based approach to monitoring compliance among the controlled actions subject to regulation.

44 The framework has applied from 1 July 2015. Further information about the framework and the KPIs is available from: <https://www.cuttingredtape.gov.au/resources/rpf/reviewing-performance> [accessed 18 November 2016].

45Regulator Performance Framework Annual Self-Assessment Report 2015–16, Commonwealth of Australia 2016.

46 ANAO Audit Report No. 7 2015–16, Managing Compliance with the Wildlife Trade Provisions of the Environment Protection and Biodiversity Conservation Act 1999, November 2015.

47 At the time, Environment considered that the risk arising from its responsibilities to regulate the wildlife trade under Part 13A of the EPBC Act was low compared to its other regulatory activities and risk settings and resources were allocated according to this relative risk.

48 Environment did, however, advise that lessons learned had been discussed with senior officers involved in the program’s delivery in the context of the Regulatory Maturity Project.

49 Environment published the Regulatory Maturity Project Final Report and its response to the recommendations on its website on 21 November 2016. Available from: <http://www.environment.gov.au/ epbc/publications/regulatory-maturity-project-final-report> [accessed 28 November 2016].

50 A zero-based budget requires all budgeted expenditure to be justified rather than year-on-year incremental changes to the budget or actual results from the preceding year.

51 The relevant recommendations relate to Environment’s: regulatory framework; compliance and enforcement strategy (using a risk-approach to allocation of resources); risk management framework; risk assessment and resource allocation; and use of intelligence (to inform its risk management approach).

Related documents: