The audit objective was to assess whether the Department of Immigration and Border Protection adopted sound contract management practices for the delivery of garrison support and welfare services for offshore processing centres in Nauru and Manus Island.

Summary and recommendations

Background

1. In 2012 the Australian Government established offshore processing centres1 in the Republic of Nauru (Nauru) and Papua New Guinea (PNG) with the agreement of the Nauruan and PNG Governments.2 Under the agreements, the Australian Government was to bear all costs associated with the construction and operation of the centres. Transfers of asylum seekers to Nauru commenced on 14 September 2012 and to PNG on Manus Island3 on 21 November 2012.4

2. To underpin operations at the centres, the Department of Immigration and Border Protection (DIBP or the department)5 entered into contracts for the delivery of garrison support and/or welfare services with a number of providers. Garrison support includes security, cleaning and catering services. Welfare services include individualised care to maintain health and well-being such as recreational and educational activities. The total combined value of the contracts at 6 December 2016, as reported on AusTender, was $3386 million.

3. For the purposes of this report the contracts are discussed in two groups:

  • initial contracts signed in 2013 (referred to as the initial or 2013 contracts) with The Salvation Army, Save the Children, Transfield Services (Transfield) and G4S; and
  • contracts signed in 2014 with Transfield and Save the Children to consolidate service provision (referred to as the consolidated or 2014 contracts).

4. In October 2015, Transfield6 became the sole provider of all garrison support and welfare services to asylum seekers at the offshore processing centres7 in Nauru and on Manus Island. In February 2016 these arrangements were extended through to 28 February 2017 and in August 2016 the contract with Transfield was further extended until 31 October 2017.

Audit objective, scope and criteria

5. The objective of the audit was to assess whether DIBP had appropriately established and managed the contracts for garrison support and welfare services at offshore processing centres in Nauru and Papua New Guinea (Manus Island); and whether the processes adopted met the requirements of the Commonwealth Procurement Rules (CPRs), including consideration and achievement of value for money.

6. The audit examined contracts entered into in 2012, when the arrangements were first put into place, through to the current contract which is due to expire in October 2017.

7. This is a companion audit to ANAO Performance Audit Report No.16 2016—17 Offshore Processing Centres in Nauru and Papua New Guinea: Procurement of Garrison Support and Welfare Services. As in the earlier audit, the ANAO’s review of departmental records was, due to shortcomings in DIBP’s record keeping system, based on the available records. DIBP was not able to provide the ANAO with assurance that it provided all departmental records relevant to the audit.

Conclusion

8. The Department of Immigration and Border Protection’s management of the garrison support and welfare services contracts at the offshore processing centres in Nauru and Papua New Guinea (Manus Island) has fallen well short of effective contract management practice.

9. The garrison support and welfare contracts were established in circumstances of great haste to give effect to government policy decisions8 and the department did not have a detailed view of what it wanted to purchase or the standards to apply. These are key considerations in achieving value for money. While the department took between 20 to 43 weeks (depending on the contract) to enter into final 2013 contracts, there remained significant shortcomings in the contractual framework. Many of the shortcomings persisted in the 2014 contracts, indicating that the 2014 contract consolidation process was not informed by lessons learned from the department’s management and operation of the 2013 contracts.

10. The department did not put in place effective mechanisms to manage the contracts. Other than the contracts, there was no documentation of the means by which the contract objectives would be achieved. In the absence of a plan, assurance processes such as the inspection and audit of services delivered, has not occurred in a systematic way and risks were not effectively managed. In addition, the department has not maintained appropriate records of decisions and actions taken in the course of its contract management. As a consequence, the department has not been well placed to assess whether its service strategies were adequate or fully met government objectives.

11. The department developed a comprehensive and risk based performance framework for the contracts to help it assess provider performance. However, development of the framework was delayed and in applying the framework the department was not consistent in its treatment of different providers. Performance measurement under the framework relied heavily on self-assessments by providers and the department performed limited independent checks. Delays in the department’s review of self-assessments and the provision of feedback on contractor performance eroded the link between actual performance and contract payments. Risk assessment was a key component of the performance reporting processes and while risk assessments were conducted, DIBP did not review risk ratings or determine if controls and mitigations were in place and working. Risks materialised in both the 2013 and 2014 contracts.

12. An appropriate framework of controls was in place for payments under the contracts, including the authorisation of actual payments by a delegate. This control was intended to provide additional assurance over payments under the contracts9 but did not always operate as intended. In respect to $2.3 billion in payments made between September 2012 and April 2016, delegate authorisations were not always secured or recorded: an appropriate delegate provided an authorisation for payments totalling $80 million; $1.1 billion was approved by DIBP officers who did not have the required authorisation; and for the remaining $1.1 billion there was no departmental record of who authorised the payments.

13. In addition, this audit highlighted further weaknesses in the department’s management of procurement. Substantial contract variations totalling over $1 billion were made without a documented assessment of value for money.

14. Contract management is core business for Australian Government entities, and the department has managed detention contracts since 1997. Previous ANAO audits of the department’s contract management have found that: its contracting framework had not established clear expectations of the level and quality of services to be delivered; and its ability to monitor the performance of contractors was compromised by a lack of clarity in standards and performance measures and reliance on incident reporting to determine when standards were not being met. This audit has identified a recurrence of these (and other) deficiencies, which have resulted in higher than necessary expense for taxpayers and significant reputational risks for the Australian Government and the department. The audit recommendations are intended to address the significant weaknesses observed in DIBP’s contract management practices.

Supporting findings

Establishing the contracts

15. The 2013 and 2014 garrison support and welfare contracts described only in general terms the goods and services to be delivered with the expectation that further detail would be contained in supporting documents. While the department had advised Government on a number of occasions that the contracts would be underpinned by service standards, these were not articulated and delivery timeframes were not clearly established in the resulting contracts.

16. It took some time to reach agreement on the supporting guidelines for the 2013 contracts, and 14 guidelines (22 per cent) were never settled. The department rolled over the majority of guidelines already established into the 2014 contracts, despite significant changes to the size and risk profile of the centres. In particular, a Joint Agency Taskforce Review conducted in October and November 2013 had identified a number of security concerns requiring attention as a matter of priority, and this should have been reflected in the relevant guidelines and plans. In the absence of an approved guideline, service providers (including Transfield as the current service provider), operated under their own procedures.

17. DIBP does not hold a complete set of current guidelines in its record keeping system. In the absence of a complete and current set of guidelines, DIBP cannot confidently assess contract compliance and the achievement of value for money under the contract.

18. There was limited evidence of the department agreeing to or approving any of the management plans required for the 2013 contracts. Seven of the 27 plans required under the 2014 contract have been approved. The failure to agree management plans introduced a risk that the Commonwealth’s expectations under the contracts may not be met. It is not evident that the department established a framework to monitor the timely settlement of management plans, and there were also shortcomings in the department’s record keeping in this respect. DIBP advised the ANAO in October 2016, in a response to emerging findings of this audit, that it would require Transfield to provide all plans by 31 October 2016. On 5 December 2016, DIBP advised that Transfield had provided 22 of a total of 35 management plans. Of the 22 plans, 10 had been approved by DIBP.10

19. The roles and responsibilities of key DIBP officers were outlined in the contracts. While the Contract Authority and Contract Administrator were responsible for contract management, on island operations were led by the Operations Team Leader who did not report to either of these positions. This has led to a lack of clarity in contract roles and responsibilities.

20. The 2013 contracts specified a governance framework with two layers: senior management meetings (comprising individual service provider and joint service provider meetings) to address strategic matters; and a suite of meetings on location to deal with day-to-day operations. In the 2014 contracts, the requirement changed and there was no specific requirement for senior management meetings between the parties. Following recommendations from the Moss Review11, the department re-introduced the requirement for senior management meetings from June 2015.

21. In practice, senior management meetings between the parties were held less frequently than required under the 2013 contracts. For Transfield, there were no DIBP records of individual service provider meetings in 2013. In addition, the department held one senior management meeting with Save the Children during 2014. This approach made it difficult for issues arising under the contract to be escalated and resolved.

Managing the contracts

22. The department did not develop an effective framework and strategies to manage the contracts and is not well placed to determine if the contract objectives have been fully met. Some four years into managing the contracts, a contract management plan was not fully in place, despite the complexity, risk and value of the contract.

  • At the time the ANAO was finalising this performance audit (October 2016), DIBP provided a contract management plan which was approved by the Contract Administrator on 13 October 2016. DIBP advised it was implementing this plan.

23. DIBP did not adopt a systematic approach to monitoring the large number and variety of goods and services delivered under the contracts. A structured quality inspection program was not implemented and only three of the scheduled monthly audits for the period December 2014 to October 2015, were conducted.12 From April 2015 no audits occurred.13

24. While services have been delivered day-to-day, the absence of standards and a systematic approach to monitoring delivery have reduced the ability of the department to verify that:

  • key welfare services have been delivered in accordance with contracted requirements;
  • facilities have been appropriately maintained;
  • asset registers were adequately maintained in accordance with the contract; and
  • responsibilities for work, health and safety are clear and requirements were being met.

25. An Offshore Processing Programme Risk Management Plan was developed by DIBP’s program management office. The plan identified program and fraud risks associated with the offshore processing centres. However, the risk management strategy relied on controls that were not always in place or operating effectively, and the risk assessment was not reviewed or updated when risks materialised.

26. The department did not develop a systematic approach to establishing and maintaining records in support of the contracts. Key records were not created, could not be found or were incomplete. Poor record keeping has affected DIBP’s capacity to satisfy accountability requirements and protect the Commonwealth’s interests. For example, the department:

  • did not update its asset register and advise Comcover of new facilities in Nauru valued at $75 million. As a consequence the facility was not insured when it burnt down in a riot in 2013, shortly after being commissioned; and
  • was unable to respond to many ANAO requests relating to evidence of contract deliverables.

27. The ANAO’s review identified shortcomings in record keeping relating to incidents at the centres. There was a significant variance in the records of incidents held by DIBP and service providers. While DIBP’s records of incidents started to improve from late 2014, there remained differences between it and Transfield’s records. As a result, the department cannot be entirely confident that it is reporting accurately on incidents to internal and external stakeholders.

28. In respect to the retention of digital (audio-visual) records, available evidence indicates that relevant contract guidelines were not always complied with. The department advised the ANAO that all digital (audio-visual) records of incidents were maintained by Transfield’s sub­contractor Wilson Security, on its behalf. DIBP did not have in place any arrangements to ensure that these digital records were being appropriately maintained. DIBP has no assurance that the visual records retained by the subcontractor are in keeping with the centre guidelines, which prevent the capture of visual records of the centres and of asylum seekers, with the exception of incidents and CCTV footage. In addition, the department could not make available any records to demonstrate that the privacy of individuals, including in relation to filming children without parental consent, had been considered in respect of filming, handling or storage of these digital records.

Performance management

29. DIBP developed a performance framework to manage the 2013 contracts. The framework was comprehensive, adopting a risk based approach and was intended to drive service provider behaviour. However, the contracts were for durations of up to 12 months, and the new approach was not implemented until July 2013. This meant that two-thirds of the G4S contract period and half of the Transfield and The Salvation Army contract periods had elapsed before the framework was implemented. No systematic monitoring of performance occurred prior to implementation of the framework.

30. The DIBP Contract Administrator awarded Transfield and The Salvation Army an excusable performance failure from all performance reporting (including performance monitoring and assessment) in Nauru for the period July 2013 to March 2014. The excusable performance failure was awarded due to the loss of facilities following the riot and fire in Nauru in July 2013. The combined effect of the excusable performance failure and delay in the framework’s development was that performance monitoring or assessment was not undertaken in Nauru for the duration of the 2013 contracts.

31. On Manus Island, The Salvation Army and G4S provided the department with individual and joint service provider reports on their performance. However, there is limited evidence that the department reviewed the reports submitted. The individual service provider reports were often incomplete and/or unsigned, and the process did not provide a solid basis for managing risk. Risk ratings and mitigations were not reviewed over the period despite a range of risks eventuating.

32. DIBP did not develop a transition plan to manage the changeover between the 2013 and 2014 contracts, nor did it conduct a risk assessment to identify and mitigate risk. Significant risks materialised in the transition period, such as major riots which occurred on 16–18 February 2014.

33. The department considered the performance management framework to be critical to its management of contractors. Notwithstanding the importance of the framework:

  • the framework was implemented after the 2014 contracts were in operation;
  • reporting relied on self-assessment by individual service providers, with limited independent checks to provide DIBP with additional assurance; and
  • reporting for each period for the 2014 contracts was not finalised in accordance with the established timeframes. Departmental delays in reviewing reports and providing feedback to contractors eroded the link between the performance framework, actual performance and contract payments. For example, the department advised Transfield of its March 2015 performance outcome in April 2016.

34. As with the 2013 contracts, DIBP needed to establish a risk rating for each performance measure. This process was planned to be directly linked to the timing and extent of any financial abatement for service failure. For Transfield and Save the Children, the first risk assessments were not agreed until late August 2014 and December 2014, respectively. This was five months after Transfield’s 2014 contract was signed.

35. The department did not hold any records to demonstrate that the risk assessment it developed for performance management purposes was used as part of the individual service provider reporting process for Transfield. In addition, risks were not reviewed when they materialised, and there was inconsistency in the department’s management of risk. For example, DIBP’s response to allegations raised in the Moss Review relating to staff behaviour for Transfield differed from its response to Save the Children. DIBP required Save the Children to remove named staff in July and October 2014, when it had concerns regarding staff behaviour. In contrast, Transfield was permitted to conduct its own investigations into staff behaviour and only one staff member had their employment terminated due to alleged illegal behaviour. In two further instances, Transfield removed staff from working in the families’ compound, but they remained employed in the centre.

36. Save the Children was the only service provider to be abated over the course of the 2013 and 2014 contracts. It was abated for various failures identified as part of the individual service provider reporting process, including for information security breaches.

Managing payments and contract changes

37. An appropriate framework of controls was in place for payments under the contracts and was documented in the department’s Accountable Authority Instructions.14

38. In terms of providing an opinion on the department’s 2015–16 financial statements, and based on substantive analytical procedures, the ANAO found that in the aggregate, payments in 2015–16 were made for the purposes of the contracts.

39. In the course of this performance audit, the ANAO also reviewed whether approved payments under the contracts were authorised by an appropriate delegate, as provided for in DIBP’s Accountable Authority Instructions. In respect to $2.3 billion in payments made between September 2012 and April 2016, delegate authorisations were not always secured or recorded: an appropriate delegate provided an authorisation for payments totalling $80 million; $1.1 billion was approved by DIBP officers who did not have the required authorisation; and for the remaining $1.1 billion there was no departmental record of who authorised the payments.

40. There was limited evidence of DIBP’s finance team confirming with the contract manager (or the service delivery team) that invoiced services were actually obtained and correct, in accordance with the contract, prior to payment. There was no monitoring of goods receipting on location.

41. While it was contractually required to provide full substantiation for all pass through costs, Transfield did not provide full substantiation and DIBP generally did not seek it. In mid-2014, DIBP agreed to a Transfield proposal to provide substantiation for a sample of pass through cost expenditure, but could not provide documentation of the revised arrangement. DIBP advised the ANAO on 14 October 2016, in response to emerging audit findings, that it had requested full substantiation of pass through costs from Transfield from 1 November 2016.

42. DIBP and Transfield established pick lists15 for pass through costs. For an item to be placed on the pick list, DIBP guidelines required value for money to be established by obtaining three quotes. The delegate’s approval was also required when expenditure limits for individual items on the list changed. This approach was not implemented in practice. One pick list included pre-approved monthly limits of $4.4 million for Nauru and $5 million for Manus Island for pass through costs. The effect of these limits was that potential expenditures of up to $112 million per year would not be directly assessed for value for money by the department.

43. When entering into additional service requests, DIBP was entering into additional commitments for the expenditure of public money. DIBP agreed to additional service requests for Transfield’s 2014 contract to a value of $105 million. Service providers were expected to demonstrate value for money for additional service requests by providing three quotes to the department, but this did not always occur.

44. Contract extensions were not always consistent with contractual requirements. On seven occasions DIBP did not provide sufficient notice of its intention to extend and had to waive or vary clauses when seeking an extension. In addition, one agreement was signed after it had expired, and two agreements were signed after services commenced.

  • Save the Children’s 2013 contract was varied to increase the number of extensions that could be agreed, resulting in four extensions. These short extensions, of between one to three months, resulted in additional administration for DIBP and the contractor, and increased uncertainty for the contractor. This approach also introduced risk for the Commonwealth. Had Save the Children refused an extension, DIBP would have had little time to put in place alternative service delivery arrangements.

45. DIBP’s Contract Management Manual provided that contract variations be justified on value for money grounds. A variation to Transfield’s 2014 contract, with a combined whole-of-life value of $1 billion, was made in 2016 without documented consideration of value for money.

Recommendations

46. Contract management is core business for Commonwealth entities. The audit recommendations are intended to address the significant deficiencies observed in the department’s management of the contracts under review.

Recommendation No.1

Paragraph 2.50

The Department of Immigration and Border Protection ensure that contracts and supporting documentation clearly specify—including through articulating applicable standards and timeframes—the goods and services to be delivered.

Department of Immigration and Border Protection Response: Agreed.

Recommendation No.2

Paragraph 4.54

The Department of Immigration and Border Protection introduce and implement a risk-based contract management plan, approved by the Contract Authority, and commensurate with the value, complexity and risks associated with the garrison support and welfare contracts. The plan should address: roles and responsibilities; the management of contractor performance; key timeframes and deliverables; risk management and mitigation strategies; the retention of key records; and the department’s approach to quality inspection and audit.

Department of Immigration and Border Protection Response: Agreed.

Recommendation No.3

Paragraph 5.45

The Department of Immigration and Border Protection take immediate steps to:

  1. strengthen the control framework for the garrison and welfare services contracts, by:
    • complying with the Secretary’s Accountable Authority Instructions relating to the authorisation by a delegate of all payments made under the contracts;
    • confirming goods or services are received prior to payment; and
    • retaining relevant documentation; and
  2. strengthen its application of the Commonwealth procurement framework by assessing all contract variations for value for money.

Department of Immigration and Border Protection Response: Agreed.

Summary of entity responses

47. The proposed report was provided to the department and extracts were provided to the following non-government organisations:

  • Broadspectrum (Australia) Pty Ltd (formerly Transfield Services (Australia) Pty Ltd);
  • G4S;
  • Save the Children;
  • The Salvation Army; and
  • Wilson Security.

48. Formal responses and feedback were received from the department, Broadspectrum, The Salvation Army and Wilson Security. Summary responses (where provided) are reproduced below and formal responses are included at Appendix 1.

Department of Immigration and Border Protection

The Department agrees with the recommendations of the report and has work underway to continue to improve our contract management practices. There are several matters raised in the report that the Department disputes including unauthorised payments, treatment of additional service requests, contract variations and mould remediation work.

The Department disagrees with the claim that a large volume of payments were not appropriately authorised. The vast majority of these payments were fixed monthly contractual fees which are dependent on the numbers of residents in the RPCs.

The Department also disagrees with claims that additional service requests and contract variations were made without consideration of value for money or if funds were available.16

These and other matters are detailed in our full response in Appendix 1 of this report.

Broadspectrum (Australia) Pty Ltd (formerly Transfield Services (Australia) Pty Ltd)

Broadspectrum welcomes the opportunity to respond to the ANAO’s proposed draft extract of the audit report on Offshore Processing Centres (OPCs) in Nauru and Papua New Guinea (PNG) - Contract Management of Garrison Support and Welfare Services (Draft Report). Our understanding is that the Draft Report is a companion audit to ANAO Performance Audit Report No 16 2016 – 17 Offshore Processing Centres in Nauru and PNG: Procurement of Garrison Support and Welfare Services (Procurement Report), to which Broadspectrum also provided a response.

Broadspectrum understands the objective of the Draft Report was to assess whether the DIBP had appropriately established and managed the contracts for garrison and welfare services at the OPCs and whether the processes adopted met the requirements of the CPRs. It also understands that when assessing compliance with the CPRs consideration is given to the end to end procurement process including ongoing management of contracts, and that, amongst other things, consideration is required of factors such as the quality of goods and services received, a potential supplier’s relevant experience and performance history and the flexibility and innovation of both suppliers and their specific proposals.

While the Draft Report focuses on the actions of the DIBP in respect of ongoing management of a number of contracts with various Service Providers, including Broadspectrum, on a fair reading of the extract provided to us to the ANAO appears to suggest that Broadspectrum did not comply with certain obligations under the contracts with DIBP, either at all or in a timely manner. Broadspectrum does not agree that this is the case. To the contrary, we consider that our compliance with our contractual obligations has been exemplary. Further, that compliance with our contractual obligations has been of the highest quality and consistency despite rolling variations to the contractual framework.

The Draft Report (at least the extract provided to us) does not appear to address the complexity of the operations, the dynamic and changing conditions at the OPCs nor the flexibility and responsiveness required of both DIBP and Service Providers to respond to the requirements of two very different sovereign governments with ultimate control over the legal and operating environment at the OPCs. Broadspectrum respectfully suggests that any balanced assessment of compliance with the CPRs, in particular if that is to involve evaluation of the services that it and other Service Providers delivered at the OPCs, requires that the Draft Report should address the context in which the contracts were being managed and negotiated. For example, no reference is made to the management by Broadspectrum of the July 2013 riots in Nauru and the re-establishment of emergency infrastructure without loss of life or serious injury which have been praised in independent reports17. While we have done our utmost to respond in a comprehensive and detailed manner to the ANAO’s Draft Report, our ability to do so has been constrained in circumstances where the Draft Report that has been provided to us is heavily redacted. In particular, several references to time frames and DIBP Guidelines relevant to Broadspectrum (in that they comment on alleged non-compliance by it) are incomplete so that we do not have visibility of the documents and information relied on by the ANAO. Accordingly, there might be aspects of our response to the Draft Report where the ANAO considers it would be assisted by further detail or clarification or where it wishes to provide additional detail so as to allow us to understand references to timeframes and documents that are currently obscure. Where that is the case, please let us know and we would be happy to assist further.

The Salvation Army

1. The audit recommendations and overall conclusions have not been provided to The Salvation Army as they are directed to the Department of Immigration and Border Protection (the ‘Department’). Accordingly, The Salvation Army has not provided any comments in respect of the audit recommendations and/or conclusions.

2. The Salvation Army in its response details the substantial communications it had with the Department in respect of the development of the Policy and Procedure Manual.

3. The Salvation Army is concerned about the statement that the individual and joint service provider reports were incomplete and/or unsigned. The Salvation Army has sought further information from the Australian National Audit Office in respect of this statement; specifically, it has requested the dates of the incomplete and/or unsigned reports, so that it may cross-check its own records.

4. The Salvation Army has provided further information in respect of the number of meetings held with the Department of Immigration and Border Protection (the ‘Department’), the industry standards with which it was required to comply with under its Contract, and the Manus Island Excusable Performance Failure Submissions.

5. At this stage, in light of the current Federal Court of Australia proceedings between The Salvation Army and the Commonwealth of Australia, The Salvation Army does not consider it appropriate to comment on the matters in respect of invoicing for services under its Contract with the Commonwealth of Australia (as represented by the Department).

Wilson Security

A number of the paragraphs and comments in which Wilson Security is specifically mentioned deal with the maintenance and storage of digital data including video-graphic recording and incident reporting.

Wilson Security wishes to acknowledge the challenges that exist in maintaining data integrity in these operational environments.

The environmental and infrastructure conditions that exist on Nauru and Manus Island mean that, at times, all organisations have struggled to maintain the information and communication technology access and service continuity that would be experienced in a modern, developed nation.

Complicating factors range from the quality and consistency of electricity supply, to the quality and availability of data and internet services and connections on the islands.

The capacity of data transfer services (i.e. internet connections) between the islands and Australia has necessitated the establishment of local data storage capability at the Regional Processing Centres.

Wilson Security has provided all relevant stored video data to the audit. Additional data is held regarding community events, training videos, assessment videos and other unrelated events. I [Chief Executive Officer Security] have instructed that these data be audited to confirm their compliance with the RPC Guidelines. I am confident that this audit will demonstrate a high level of compliance. I am advised that the guidelines are well understood, that compliance with them is mandatory in the business.

1. Background

Introduction

1.1 On 28 June 2012 the Prime Minister and Minister for Immigration and Citizenship announced that an expert panel would provide a report on the best way forward to prevent asylum seekers risking their lives on boat journeys to Australia.18 The expert panel’s report, released on 13 August 2012, included a range of disincentives, including the establishment of offshore processing centres19 in the Republic of Nauru (Nauru) and Papua New Guinea (PNG).

1.2 The centres were subsequently established with the agreement of the Nauruan and PNG Governments.20 The Australian Government was to bear all costs associated with the construction and operation of the centres. Transfers of asylum seekers to Nauru commenced on 14 September 2012 and to PNG on Manus Island21 on 21 November 2012.22

1.3 To underpin operations at the centres, the Department of Immigration and Border Protection (DIBP or the department)23 entered into contractual arrangements for the delivery of garrison support and/or welfare services. These services are essential to the operation of the offshore processing centres. Garrison support includes security, cleaning and catering services. Welfare services include individualised care to maintain health and well-being such as recreational and educational activities.

1.4 The number of asylum seekers held in offshore processing centres has varied over time (see Figure 1.1), as has each centre’s demographic profile. In August 2013 Manus Island became a single adult male facility when the women and children held on Manus Island were transferred to Nauru. At its peak there were 300 women held and 208 children held in Nauru. As at 31 August 2016 there was a total of 1233 people housed in the offshore processing centres. In Nauru there were 410 asylum seekers made up of 306 men, 55 women and 49 children. On Manus Island there were 823 men.

Figure 1.1: Number of asylum seekers held in Nauru and on Manus Island

Number of asylum seekers held in Nauru and on Manus Island

Source: ANAO summary of DIBP statistics.

Garrison Support and Welfare Service Contracts

1.5 The department has engaged four contractors to deliver garrison support and welfare services in Nauru and on Manus Island. The total combined value of the contracts, as reported on AusTender, was $3386 million at 6 December 2016 (Table 1.1).

Table 1.1: Garrison support and welfare services contracts since 2012, Nauru and Manus Island

Organisation

Time period

Services provided

Total AusTender value ($ millions)a

Total Paid as at 31 October 2016 ($millions)

Transfield

September 2012–March 2014

Nauru—Garrison support (and staff accommodation from July 2013)b

$351

$307

March 2014–October 2017

Nauru and Manus Island—Garrison support and welfare services

$2531c

$1848d

G4S

October 2012–March 2014

Manus Island—Garrison supporte

$245

$169

Save the Children

October 2012–June 2013

Manus Island—Care and support servicesf

$8

$34

August 2013–August 2014

Nauru—Provision of services to minorsf

$37

May 2014–January 2015

Nauru—Refugee settlement services

$15

$42

September 2014–October 2015

Nauru—Welfare and education services

$100

The Salvation Army

September 2012–January 2014

Nauru and Manus Island—Welfare support for single men

$99

$49

TOTAL

$3386

$2449

         

Note a: AusTender is the Australian Government’s procurement information system. Relevant entities must report contracts and amendments on AusTender within 42 days of entering into (or amending) a contract if they are valued at or above the reporting threshold. For each contract reported, the entity must report the total value of the contract (including GST where applicable).

Note b: Transfield’s 2013 contract provided for accommodation of up to 600 asylum seekers in temporary facilities and 1500 in permanent facilities. The number of asylum seekers on Nauru has not exceeded 1353, although following destruction of permanent facilities in July 2013, asylum seekers have been housed in temporary facilities.

Note c: The 2014 Transfield contract was initially valued at $2.1 billion, for a period of 25 months (which included an option to extend for 6 months), and to accommodate up to 5600 asylum seekers, as well as 600 asylum seekers (who have received a negative refugee status determination) in a high security facility in Lombrum (on Manus Island), 1700 staff and 1350 refugees in settlement sites. The contract has been extended beyond the initial terms of the contract (including options to extend) by 18 months to October 2017. On average, 1725 asylum seekers have been housed at the centres.

Note d: Payments based on DIBP‘s finance system payment reports provided by DIBP on 6 December 2016, representing payments made to Transfield for the March 2014 contract between 1 July 2012 and 31 October 2016.

Note e: G4S’s 2013 contract provided for accommodation of up to 500 asylum seekers in temporary facilities and 600 in permanent facilities. Following the destruction of permanent facilities in Nauru in July 2013, DIBP varied the G4S contract to provide for a significant increase in asylum seekers. Between June and October 2013 the number of asylum seekers housed went from 253 to 1137.

Note f: Save the Children was initially contracted to provide services primarily to minors and their families on Manus Island. When children were moved to Nauru in August 2013, Save the Children’s operations shifted to Nauru.

Source: ANAO analysis of AusTender, DIBP financial information and detention statistics.

1.6 For the purposes of this report the contracts are discussed in two groups:

  • initial contracts signed in 2013 (referred to as the initial or 2013 contracts) with The Salvation Army, Save the Children, Transfield Services (Transfield)24 and G4S. As discussed in a previous ANAO audit25, the department was required to establish the offshore processing arrangements immediately and adopted limited tender arrangements. The initial contracts with garrison and welfare service providers took up to 43 weeks to be signed and providers operated under letters of intent and heads of agreement, prior to contract signing. Figure 1.2 shows key dates relating to the initial contracts; and
  • contracts signed in 2014 with Transfield and Save the Children to consolidate service provision (referred to as the consolidated or 2014 contracts). As noted in the ANAO’s previous audit, contract consolidation was intended to achieve innovation and savings in the delivery of garrison and welfare services. Figure 1.3 shows key dates relating to the consolidated contracts.

1.7 In October 2015, Transfield became the sole provider of all garrison support and welfare services in Nauru and on Manus Island, and in July 2016 these arrangements were further extended to October 2017.26 Since entering into the contract in March 2014, Transfield’s contract has been varied three times and extended four times.

Figure 1.2: 2013 Contracts with The Salvation Army, Save the Children, Transfield and G4S—key dates

2013 Contracts with The Salvation Army, Save the Children, Transfield and G4S—key dates

Source: ANAO summary of DIBP contract information.

Figure 1.3: 2014 Contracts with Transfield and Save the Children—key dates

2014 Contracts with Transfield and Save the Children—key dates

Source: ANAO summary of DIBP contract information.

Commonwealth procurement and contracting

1.8 The Australian Government is a significant purchaser of goods and services and has in place resource management legislation and related policies that establish the framework for procurement. The Commonwealth Procurement Rules (CPRs) state that:

Procurement encompasses the whole process of procuring goods and services. It begins when a need has been identified and a decision has been made on the procurement requirement. Procurement continues through the processes of risk assessment, seeking and evaluating alternative solutions, the awarding of a contract, the delivery of and payment for the goods and services and, where relevant, the ongoing management of the contract and consideration of disposal of goods.27

1.9 Achieving value for money is the core rule of the CPRs.28 Effective contract management requires a focus, in all contracting decisions and actions, on the outcomes that entities are seeking to achieve and cost-effective delivery approaches. In practical terms, value for money is achieved where contractors deliver all goods and services procured to the standard required and at the agreed price. Effective contract management also requires an active focus on the management of risks throughout the life of a contract. The CPRs:

… enable entities to design procurement processes that are robust and transparent while permitting innovative solutions that reflect the scale, scope and risk of the desired outcome.29

1.10 The Public Governance, Performance and Accountability Act 2013 (PGPA Act)30 requires entities to promote the proper use and management of public resources.31 Entities determine their own contract management practices, consistent with the PGPA Act, through Accountable Authority Instructions (AAIs)32 and, if appropriate, supporting operational guidelines. Central procurement units (CPUs)33 and other advisers may also provide specific expertise and advice to entity officials undertaking procurement processes, including contract management.

1.11 During the period covered by this audit, DIBP’s Secretary issued a number of AAIs and supplementary guidance updating departmental requirements on matters such as delegations, contract management and making payments. The department’s CPU also issued several updates to the contract management manual.34 The manual identified a range of key issues to be addressed in contract management including: provisions, terms and conditions which address legal and policy requirements; a clear statement of work; establishing a performance management regime; and planning for transition in and transition out. The manual also identified key tasks such as reviewing and updating risks, agreeing roles and responsibilities, arranging appropriate delegations and approvals, and setting up record keeping arrangements.

Previous ANAO audits

1.12 The ANAO has conducted six audits35 since 2004 that have focused on the department’s management of detention centre contracts. Each of these audits identified shortcomings in the department’s contract management and/or procurement of detention services. Taken together, the audit findings point to serious and persistent deficiencies in the department’s administration. The early audits found that DIBP had not established clear expectations of the level and quality of services to be delivered. These audits also found that DIBP’s ability to monitor the performance of contractors was compromised by: lack of clarity in standards and performance measures; reliance on the reporting of incidents to determine when standards were not being met; and limited control over subcontracting arrangements. More recently:

  • ANAO Report No.13 2016–17 Delivery of Health Services in Onshore Immigration Detention found that the department could strengthen: arrangements for monitoring the quality of services delivered; and the management of key areas of service delivery risk; and
  • ANAO Report No.16 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Procurement of Garrison Support and Welfare Services found that DIBP’s procurement activities fell well short of the standards expected under the procurement framework. The deficiencies in these procurements resulted in higher than necessary expense for taxpayers and significant reputational risks for the Australian Government and the department.

1.13 The quality of the department’s record keeping has also been an area identified for improvement in the recent procurement audit, as well as in ANAO Audit Report No.53 2011–12, Records Management in the Australian Public Service, which concluded there was scope to improve the use and performance of the department’s core record keeping system.

Audit approach

1.14 The objective of the audit was to assess whether DIBP had appropriately established and managed the contracts for garrison support and welfare services at offshore processing centres in Nauru and Papua New Guinea (Manus Island); and whether the processes adopted met the requirements of the Commonwealth Procurement Rules (CPRs) including consideration and achievement of value for money.

1.15 The audit examined contracts entered into in 2012, when the arrangements were first put into place, through to the current contract which is due to expire in October 2017.

1.16 To form a conclusion against the audit objective, the ANAO adopted the following high level criteria:

  • DIBP included key elements in the contract to support the achievement of the outcomes sought in acquiring the goods and services;
  • DIBP has arrangements in place to maximise the overall value for money of the contracting activity and to meet all management and reporting responsibilities; and
  • DIBP is satisfied that contract deliverables were provided to the required standard, within the agreed timeframe and achieved value for money results.

Audit methodology

1.17 The ANAO reviewed DIBP and service provider records; and interviewed relevant DIBP officers and stakeholders including service providers, tenderers and government officials from Nauru and Papua New Guinea. The audit team also visited the centres in Nauru and on Manus Island during August and September 2015. Fieldwork was conducted between March 2015 and October 2016.

1.18 The ANAO’s review of departmental records was, due to shortcomings in DIBP’s record keeping system, based on the available records. In particular, departmental records often took the form of e-mail correspondence. DIBP was not able to provide the ANAO with assurance that it provided all departmental records relevant to the audit. These issues also arose in the course of the ANAO’s companion performance audit tabled in September 2016, ANAO Audit Report No.16 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Procurement of Garrison Support and Welfare Services.36

1.19 The audit was conducted in accordance with the ANAO auditing standards at a cost to the ANAO of approximately $1.5 million.

2. Establishing the contracts

Areas examined

This chapter examines the Department of Immigration and Border Protection’s (DIBP) establishment of the initial garrison support and welfare services contracts in 2013, and consolidated contracts in 2014, including whether the services and goods to be acquired under the contracts were adequately defined and supported the achievement of a value for money outcome.

Conclusion

The garrison support and welfare contracts were established in circumstances of great haste to give effect to government policy decisionsa and the department did not have a detailed view of what it wanted to purchase or the standards to apply. These are key considerations in achieving value for money. While the department took between 20 to 43 weeks (depending on the contract) to enter into final 2013 contracts, there remained significant shortcomings in the contractual framework. Many of the shortcomings persisted in the 2014 contracts, indicating that the 2014 contract consolidation process was not informed by lessons learned from the department’s management and operation of the 2013 contracts.

Areas for improvement

The ANAO has made a recommendation on the development of any future contracting framework relating to the centres, focusing on the clear specification of expected standards and timeframes in relevant contracts.

Note a: The circumstances under which the offshore processing centres were established are described in Chapter 2 of ANAO Report No.16 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Procurement of Garrison Support and Welfare Services.

2.1 The DIBP Contract Management Manual (Version 1.3, July 2014)37 sets out the department’s general approach to contracting:

A carefully drafted contract spells out the “entire deal” between the parties, for example, between DIBP and a supplier. It spells out the details such as what is to be done or delivered, deadlines to be met, fees incurred, covered expenses, payment dates, milestones, reporting, and so on.

… DIBP officials should always express the terms of the contract as clearly and explicitly as possible so that the potential for dispute is reduced.

2.2 For each of the initial contracts (referred to in this audit report as the 2013 contracts) and the consolidated contracts (referred to in this report as the 2014 contracts)—which the department entered into for the purposes of operating the offshore processing centres—the ANAO examined:

  • the development of the contracts, contract objectives, terms and statement of work38;
  • supporting policies, procedures and guidelines;
  • management plans;
  • roles and responsibilities; and
  • contract governance.

Did the contracts clearly set out the goods and services to be delivered and were these in keeping with expectations?

The 2013 and 2014 garrison support and welfare contracts described only in general terms the goods and services to be delivered with the expectation that further detail would be contained in supporting documents. While the department had advised Government on a number of occasions that the contracts would be underpinned by service standards, these were not articulated and delivery timeframes were not clearly established in the resulting contracts.

Developing the contracts

2.3 In deciding to establish the offshore processing centres in August 2012, the Australian Government sought to achieve immediate outcomes. The Government considered that the effectiveness of the arrangements in deterring boat arrivals would be determined by the speed with which the processing centres could be agreed with Nauru and Papua New Guinea (PNG), and established. The first asylum seekers arrived in Nauru some three weeks after the Australian Government’s decision.

2.4 The department entered into contract negotiations with Transfield, The Salvation Army, G4S and Save the Children after each provider was on the ground and operating. Finalising the contracts took between 20 and 43 weeks depending on the contract. Services and price were not agreed until contracts were signed.39 In early 2014, as the initial contracts were expiring, the department consolidated garrison and welfare services under two service providers—Transfield and Save the Children—with the intention of achieving contract innovations and savings (referred to in this report as the 2014 contracts).40

2.5 When developing a contract, it would be expected that a department would draw on both its own relevant experience and that of its service providers. There was no departmental record to indicate whether officials developing the 2013 contracts considered drawing on the department’s broader experience in operating detention centres. Departmental officials generally relied on service providers to assist defining the services to be delivered. For example, during September 2012, a departmental official advised Transfield in relation to furniture, fittings and equipment to be supplied:

I have not set-up a site from scratch before, I have always had the assistance of a service provider. It is likely that I have missed things that will be required. I am very happy for you to suggest things to be added …

2.6 As noted in ANAO Audit Report No.16 of 2016–1741, the Minister sought government authority to consolidate the contract arrangements in December 2013. The Minister advised that service contracts would need to be varied to ensure appropriate services could be delivered to a higher number of asylum seekers. The Minister also advised that his department would ensure that:

  • controls were in place including governance structures and that appropriate risk assessments were completed and regularly updated;
  • services which were defined and in place met agreed and budgeted requirements in accordance with defined standards;
  • service provision was supported by endorsed business processes;
  • services were able to scale up and down in a timely manner to meet forecast requirements; and
  • all contracted services had endorsed service standards.

2.7 The Government has considered the scope and level of services required on a number of occasions. DIBP has also been required to review and/or audit the service levels with a view to reducing costs, including within the context of re-tendering the services in 2015 (see Figure 2.1). An audit of offshore service levels did not occur.

Figure 2.1: Consideration of service standards

Consideration of service standards

Source: ANAO analysis of documentation.

The contract objectives and basic contract terms

2.8 Each of the 2013 and 2014 contracts included the same primary objectives. The contract objectives were to:

a. provide open, accountable and transparent Services (identified in Schedule 1 [Statement of Work] to this Contract) to transferees and Personnel at the Sites on the RPCs42; and

b. provide Services that is [sic] the best available in the circumstances, and utilising facilities and Personnel on the Sites and that as far as possible (but recognising any unavoidable limitations deriving from the circumstances of the Sites) is broadly comparable with services available within the Australian community.

2.9 Basic contract clauses were the same or very similar for each of the 2013 and 2014 contracts and included clauses aimed at promoting transparency and openness such as: standard audit and access provisions; access to documents provisions; performance reporting; and management and governance arrangements. The contracts also included provisions aimed at protecting the interests of the department and the Commonwealth, as well as offering protections to service providers.

Statement of Work

2.10 The department’s Contract Management Manual (Version 1.3, July 2014) emphasises the need for contracts to include a clear statement of work that sets out what goods or services are required to be delivered under the contract, to what standard and in what timeframes. The manual also provided that the statement of work be measureable and verifiable. Each of the 2013 and 2014 contracts set out the statement of work at Schedule 1. The schedules were specific to the services to be delivered by each provider. The schedules described the goods and services required in general terms with limited reference to the standards, timeframes or frequency of work required. For example, Transfield’s statement of work required the management of individual persons (part of the 2013 contracts), however, detail of the type or frequency of service was not specified.

2.11 Industry standards were specified in only two cases—risk management and emergency control. Standards were not specified for a range of other deliverables, including where recognised industry standards exist, such as maintaining food safety. No additional service standards were referenced in the 2014 contracts. Many deliverables in the 2013 and 2014 contracts did not have a delivery timeframe.

2.12 The department’s records indicate that from June 2012—at the time the 2013 contracts were being negotiated—DIBP was developing a set of detention standards.43 This process was ongoing at the time the contracts were signed.44 Officials responsible for specifying the deliverables for the 2013 contracts did not draw on the proposed standards. Email records between the Contract Administrator and his staff in March 2013 (a month after three of the four 2013 contracts were signed), indicated that the Contract Administrator had recognised the benefits of establishing detention standards:

In June 2012, the department indicated that it would examine developing a set of internal immigration detention standards. Benefits for DIAC from having its own standards would inform the contract procurement process, guide departmental officers and services providers when exercising duties and set a framework for the overall operation of the detention network.

2.13 Where a standard or timeframe is not specified in a contract, it is more difficult for the parties (in this case DIBP and the relevant service provider) to establish a common understanding of what is to be delivered, to what standard and when it should be delivered.45 Clear specification of the goods and services to be delivered under a contract, including through the articulation of applicable standards and timeframes, is fundamental to effective contract formation and management, and the achievement of value for money. The ANAO has made a recommendation on the development of any future contracting framework relating to the centres (see paragraph 2.50).

Were the procedures, policies and guidelines required under the contracts developed and reviewed?

It took some time to reach agreement on the supporting guidelines for the 2013 contracts, and 14 guidelines (22 per cent) were never settled. The department rolled over the majority of guidelines already established into the 2014 contracts, despite significant changes to the size and risk profile of the centres. In particular, a Joint Agency Taskforce Review conducted in October and November 2013 had identified a number of security concerns requiring attention as a matter of priority, and this should have been reflected in the relevant guidelines and plans. Where there is an absence of an approved guideline, service providers (including the current provider Transfield), operated under its own procedures.

DIBP does not hold a complete set of current guidelines in its record keeping system. In the absence of a complete and current set of guidelines, DIBP cannot confidently assess contract compliance and the achievement of value for money under the contract.

2.14 The effective delivery and monitoring of many deliverables included in the contracts required the development of further policy, procedures, guidelines and plans after the contract was in operation. This follow-up work included the development of a performance framework. The department could draw on a long history of managing detention services contracts to inform this work. Notwithstanding this experience, when it issued the garrison and welfare services contracts in 2013, it did not issue the necessary suite of guidelines, plans and the performance framework.

Offshore Processing Centre Guidelines

2013 contracts

2.15 Transfield’s, G4S’ and The Salvation Army’s 2013 contracts all required the development and approval of plans, arrangements and procedures no later than six weeks from the date of execution (or commencement).46 Each contract included the following clause (in the statement of work) referring to either a commencement date or an execution date:

Where this Statement of Work refers to the development of a plan, arrangement or procedure, unless otherwise stated here or agreed by the parties, it is to be developed, approved and then implemented as soon as possible, and implementation should start no later than 6 weeks from the Execution Date.

2.16 Following the commencement of services in Nauru and on Manus Island, the department provided service providers with: a Service Provider and Staff Code of Conduct in accordance with the contract on 5 February 2013; and draft policy and procedure manuals (PPMs) for comment on 8 February 2013. At a Garrison and Welfare committee meeting with The Salvation Army in April 2013, the department noted the timeframes for provision and comment on the PPMs—that they would be issued within a month and should be implemented at this time by The Salvation Army. The meeting notes recorded that the PPMs would be reviewed six monthly, or as required to ensure continual business improvement:

PPMs are an important tool that supplement and further develop the guidance provided in the contracts to enable Service Providers to meet the department’s expectations with regards to service delivery provisions and best practice.

2.17 The PPMs formed the basis of what came to be known as offshore processing centre guidelines.47 The guidelines largely aligned with onshore operations and policy, with expansion and customisation to address unique offshore operational considerations. The guidelines specified the department’s expectations in relation to service delivery48 for a range of deliverables, including communications, incident management, security, codes of conduct, digital audio-visual records, other records, governance and committee meetings, roles and responsibilities, staff meals, individual management plans, programs and activities, complaints and child safeguarding procedures.

2.18 A single suite of 58 guidelines was intended to be issued for the offshore processing centres in Nauru and on Manus Island.49 The first 44 guidelines (one of which was a guideline template) were in place by mid-June 2013, some nine months after the commencement of services and four and a half months after the commencement of contracts. Two more guidelines were approved under the first contract.

2.19 On 17 June 2013 the department’s Contract Administrator wrote to service providers and enclosed the 44 approved guidelines for immediate implementation. At this time the department identified a further 14 guidelines that were to be developed.50 The department also determined that a review of existing guidelines would occur every 12 months to ensure they remained current. The Contract Administrator also advised that:

The aim of these guidelines is to facilitate the seamless operation of all Regional Processing Centres (RPCs), by outlining expected procedures for service provider staff, transferees, Department and other stakeholders in relation to operational and procedural requirements. These guidelines should be used as a guide for service providers when developing their own operational procedures.

… Should there be a need to update any of these guidelines, or the need arises for a new guideline, this should be drafted, in consultation with other Service Providers, and forwarded to the Offshore Service Delivery Section for endorsement and Contract Administrator approval.

2.20 Guidelines that were not approved under the 2013 contracts related to matters such as Transport and Escort (and an Escort Checklist), Use of Force/Use of Restraints, Death at a Centre, procurement matters (including Petty Cash and Value for Money), Screening and Searching, Safety and Security Management Plan, and a Visitor Management Procedure.

2.21 Only one guideline was reviewed and reissued under the 2013 contracts: Guideline 37—Transferee—Individual Management Plans was updated in July 2013.

2.22 A number of events and incidents occurring in 2013 (see below) signalled the need to develop or review guidelines to ensure that they remained appropriate and relevant. No reviews of guidelines occurred in responses to those events, which included:

  • a fire that destroyed infrastructure in Nauru in July 2013—a review by Mr Keith Hamburger AM51 observed that the most appropriate operational and governance arrangements, including those relating to safety and security, may not have been in place due to the absence of holistic risk assessment.52 Hamburger recommended development or documentation of guidelines (or protocols) for communications with asylum seekers and use of force, as well as reviewing current arrangements for intelligence gathering53, synthesising data and for implementing informed, timely and decisive responses:
    • at the time of finalising this audit DIBP had not developed Security guidelines for the Safety and Security Management Plan, and Use of Force. Guidelines relating to communications54 with asylum seekers were reviewed and updated in early 2015; and
  • security risk assessments conducted by the Joint Agency Taskforce55 in October and November 2013—the assessments56 relating to the Nauru and Manus Island centres identified a range of security concerns including:
    • simplifying and improving access procedures so that no unauthorised access is possible and personnel movements are able to be quickly deduced in the event of an emergency. The department had not developed Guideline 50—Visitor Management Procedure, although Guideline 16—Service Provider—Code of Conduct [Employee] included visitor access requirements. This guideline was not reviewed. There were also no procedures for staff access; and
    • DIBP coordinate an immediate update of incident management practices to establish a Quick Reaction Force (QRF) and provide contingency and emergency management plans that are sufficiently robust, understood and practised. The Guideline 52—Security—Safety and Security Management Plan would have addressed this requirement. This guideline was not developed.
2014 contracts

2.23 The 2014 Transfield contract (which commenced on 24 March 2014) also required the development and annual review of guidelines. Consistent with the 2013 contracts, the contract stated that the implementation of guidelines should not occur without the department’s approval. Transfield’s 2014 contract noted that:

1.5.1 The Service Provider must, in collaboration with other relevant service providers, develop Offshore Processing Centre Guidelines (OPC Guidelines). The Service Provider’s contribution to the OPC Guidelines shall be limited to only such matters as are relevant to the scope of services being provided by the Service Provider under this Agreement.

1.5.2. The Service Provider must provide a draft version of its contribution to the OPC Guidelines to the Department for review/approval.

1.5.3. The Service Provider must amend its draft section of the draft OPC Guidelines (as directed by the Department) and provide the amended/updated draft version to the Department for review/approval…

1.5.6 The Service Provider must (in conjunction with other relevant service providers) complete a review of the OPC Guidelines upon each 12-month anniversary of the Execution Date of this Contract.

2.24 Forty six guidelines were in place at the beginning of the 2014 contracts. They were rolled over from the 2013 contracts. Five (11 per cent of the guidelines that were developed) were reviewed57 and reissued between the time the 2014 contract commenced and October 2015, when the contracts were initially due to expire. The department commenced a review process in July 2014, more than 12 months after most of the guidelines were first issued under the 2013 contracts. Transfield proposed changes to the guidelines to reflect its operations as at August 201458, but there is no record of the department providing feedback on the proposed changes. This was some four months after the commencement of the contract and 14 months after most guidelines were originally approved.

2.25 Transfield’s 2014 contract included additional security responsibilities which stemmed from the recommendations of the Joint Agency Taskforce (see paragraph 2.22); however the contract did not specify a timeframe for the development of new guidelines and six guidelines relating to security remained outstanding at the time of finalising this audit report.

2.26 Guidelines relating to the performance management framework also required development. Performance measures (see paragraph 4.27) were agreed by the Contract Administrator and Transfield on 31 July 2014, and the parties identified that: two guidelines59 required amendment to reflect a change in timeframes for services; and one new guideline was required.60 The Contract Administrator was to approve all guidelines, and operational implementation of guidelines would only occur for approved guidelines. DIBP did not approve changes made to the guidelines at that time, and the review process was not completed (see paragraph 2.24). The delays introduced a risk of conflicting service delivery expectations in the performance framework.

2.27 In the absence of a complete set of guidelines, service providers (as had occurred under the 2013 contracts) conducted their service delivery under their own set of documented operating procedures and instructions. For example, DIBP documentation indicates that the delays in progressing the use of force guideline resulted from the need for legal advice. In particular, DIBP considered that the guideline required legal clearance as it was instructing service providers to act in accordance with Australian legal boundaries in an overseas setting. In the absence of an approved guideline, Transfield operated under its own procedures. While the department requested copies of Transfield’s procedures for the use of force in March 2016, it did not subsequently endorse or provide feedback to ensure that the procedures met the department’s requirements. DIBP advised that as at 1 December 2016 this guideline had not been approved. There was no guideline for use of force at the time of finalising this audit report.

2.28 The ANAO’s review found that the department did not hold a complete set of current guidelines in its record keeping system and the status of some guidelines were unclear. As a result, DIBP cannot confidently assess contract compliance and the achievement of value for money under the contract. In October 2015 the department advised the ANAO that it had appointed an officer to review all guidelines. This review was suspended due to staffing changes, but recommenced in September 2016. The department now expects to complete the review by March 2017.

Were the management plans required under the contract developed and approved by DIBP?

There was limited evidence of the department agreeing to or approving any of the management plans required for the 2013 contracts. Seven of the 27 plans required under the 2014 contract have been approved. The failure to agree management plans introduced a risk that the Commonwealth’s expectations under the contracts may not be met. It is not evident that the department established a framework to monitor the timely settlement of management plans, and there were also shortcomings in the department’s record keeping in this respect. DIBP advised the ANAO in October 2016, in a response to emerging findings of this audit, that it would require Transfield to provide all plans by 31 October 2016. On 5 December 2016, DIBP advised that Transfield had provided 22 of a total of 35 management plans. Of the 22 plans, ten had been approved by DIBP.a

Note a: DIBP did not provide the ANAO with these plans or the department’s approvals.

Management Plans

2.29 Management plans were used to specify how a range of deliverables under the garrison and welfare contracts would be delivered. Most plans addressed the particular circumstances of the centres. Service providers were required to develop the plans and provide these to DIBP for agreement and approval within the timeframes set out within the contract. The delivery timeframe of management plans differed. The majority of plans had to be developed within six to eight weeks of contract execution. In the case of four plans, interim drafts were expected within seven, 14 or 21 days of the contract execution date, while Transition Out plans were not due until six months after contract execution.

2.30 The 2013 contracts provided that if a due date for plans, policies and procedures was not specified elsewhere in the contract, a six week due date would apply. In the case of the 2014 contracts, a default clause was not included. No due date was specified for six plans, or for the development of guidelines and an asylum seeker induction booklet.

2013 contracts

2.31 G4S supplied the department with a number of draft plans for services to be delivered on Manus Island, before the execution of its 2013 contract.61 On 2 May 2013 the department wrote to G4S providing a list of 11 expected management plans and due dates. The department sought copies of these documents and details of progress.62 Between May and November 2013 the department provided feedback on the plans and sought regular updates to improve them. There was also a focus on addressing the Australian Standards for emergency management and incorporating changes resulting from the policy changes relating to regional resettlement arrangements. G4S supplied regular (monthly) updates to the plans. In October 2013, the Contract Administrator wrote to G4S seeking a comprehensive review of all plans to improve the level of detail63, structure, consistency and quality of the plans. Updated plans continued to be provided from November 2013 through to January 2014.

2.32 From the department’s records it is not clear whether the department approved any of the plans put forward by G4S. The absence of approved plans posed the risk that the DIBP Service Delivery Manager on location would not have enough information to manage the delivery of services to the required standard. In January 2014, the Service Delivery Manager on Manus Island emailed G4S outlining a number of observations following a compound walk-through, including the following:

2. Cleaning standards — it is evident that cleaning is being done however it is difficult to ascertain the standard of cleaning …

i. Does G4S have a way of addressing or identifying this and are the different levels of cleanliness addressed i.e. — Medical, kitchen, toilets accommodation blocks?

2.33 G4S advised DIBP in January 2014—in response to queries arising from the Chief Medical Officer Report—that cleaning standards were included in the cleaning plan.

2.34 Following the commencement of Transfield’s 2013 contract, a number of management plans were provided by Transfield to the department for services on Nauru. The department sought changes to Transfield’s plans from April 2013, and there is evidence of DIBP providing feedback on a number of occasions and Transfield providing updated plans until the end of August 2013. There is no record of the Contract Administrator approving any of these plans.

2.35 The failure to agree management plans introduced a risk that the Commonwealth’s expectations under the contracts may not be met. It is not evident that the department established a framework to monitor the timely settlement of management plans.

2014 contracts

2.36 After the commencement of the 2014 contracts, DIBP wrote to Transfield advising of 27 management plans that needed to be submitted under the contract and their due dates.64 While a date for delivery of ten plans had not been specified in the contract, DIBP advised Transfield that they should be supplied within six weeks of contract execution. In response, Transfield provided drafts for almost half of the plans requested, and DIBP entered into a protracted review process. Transfield also noted that there had been no agreement that plans without a due date under the contract would be provided within six weeks. Plans that did not have a due date in the Transfield 2014 contract included the interim safety and security plan, the safety and security plan, environmental management principles, pest and vermin plan and the transferee induction booklets. Seven of the 27 plans were approved for the 2014 contract by September 201565, some 18 months after the contract commenced and with only one month remaining until the contract was originally expected to end.66 As at October 2016, seven plans were approved and 20 plans were outstanding.

2.37 DIBP advised the ANAO in October 2016, in a response to emerging findings of this audit, that it would require Transfield to provide all plans by 31 October 2016. This was expected to occur in conjunction with DIBP reviewing provisions around the approval of plans for consideration in the next deed of variation. On 5 December 2016, DIBP advised that Transfield had provided 22 of a total of 35 management plans. Of the 22 plans, ten had been approved by DIBP. DIBP did not provide the ANAO with these plans or the department’s approvals.

Were key contract roles and responsibilities clearly outlined in the contracts?

The roles and responsibilities of key DIBP officers were outlined in the contracts. While the Contract Authority and Contract Administrator are responsible for contract management, on island operations are led by the Operations Team Leader who does not report to either of these positions. This has led to a lack of clarity in contract roles and responsibilities.

2.38 The department’s Contract Management Manual (Version 1.3, July 2014) identified key officers responsible for contract management in DIBP, including the delegate, a delegate appointed administrator and a contract manager. In respect of the contract manager, the manual noted that this person should be experienced in the subject matter, or have access to training and independent expert advice on the subject matter.

2.39 The garrison support and welfare contracts identified the positions of Contract Authority67, Contract Administrator68 and Operation Team Leader. Ultimately, approvals and decisions under the contracts were made by the Contract Administrator. The Contract Authority only became involved when there was a dispute that could not be resolved by the Contract Administrator. At an operational level the Contract Administrator was supported by a contract manager.69 The contract manager was located in DIBP National Office and had support staff located in National Office and at the regional processing centres.70

2.40 An Operations Team Leader was appointed for each centre. Under the contract, service providers were required to keep team leaders informed of certain matters including emergency control, transferee safety, well-being and security, operations logs, excusable performance failure events, transferee loss or damage to property, and any concerns regarding access and use of facilities. This position reported to the detention compliance and removals area in National Office not the Contract Administrator or Contract Authority.

2.41 The division in responsibility between contract management and operations has led to a lack of clarity in contract roles and responsibilities. For example, consistent with the contract, the Contract Administrator is responsible for approving guidelines. The Administrator’s staff are responsible for coordinating the development and review of guidelines with service providers and other areas of DIBP, as well as, monitoring compliance with guidelines on location. During the audit, the department advised that staff who reported to the Commander Offshore Operational Branch were responsible for the guidelines and had directed Transfield to undertake particular actions. The ANAO observed in relation to incident reporting, that Transfield had advised the department’s Operations Lead that Transfield was required to act in accordance with approved guidelines.

2.42 The department also identified roles and responsibilities for contract management staff at the centres and in National Office, in its draft contract management plans and position descriptions. DIBP’s Programme Management Office71 mapped end-to-end responsibilities within the department for the Programme. Figure 2.2 illustrates the relationships and reporting lines between DIBP staff.

Figure 2.2: DIBP’s key internal administrative arrangements for the garrison support and welfare services contracts

DIBP’s key internal administrative arrangements for the garrison support and welfare services contracts

Note a: This is a simplified representation of arrangements and does not include interactions with other areas of the department including: Detention Estate Management Branch; Children, Community and Settlement Services Division; and Health Services and Policy Division.

Source: ANAO summary of arrangements from the contract, other key contract management documents, fieldwork and DIBP organisational chart as at 1 August 2016.

Did the governance framework operate in accordance with the contract?

The 2013 contracts specified a governance framework with two layers: senior management meetings (comprising individual service provider and joint service provider meetings) to address strategic matters; and a suite of meetings on location to deal with day-to-day operations. In the 2014 contracts, the requirement changed and there was no specific requirement for senior management meetings between the parties. Following recommendations from the Moss Review, the department re-introduced the requirement for senior management meetings from June 2015.

In practice, senior management meetings between the parties were held less frequently than required under the 2013 contracts. For Transfield, there were no DIBP records of individual service provider meetings in 2013. In addition, the department held one senior management meeting with Save the Children throughout 2014. This approach made it difficult for issues arising under the contract to be escalated and resolved.

2.43 The department’s contract management manual documents expectations regarding contractor engagement and governance arrangements. These include:

  • regular management meetings between the contractor and DIBP to provide day-to-day feedback. The contract should provide for a regular schedule of management meetings;
  • review meetings, generally held on a quarterly basis, to provide: management overview of contract performance and outcomes, and an opportunity for the parties to focus on any important issues and trends. These meetings will often involve senior management from the respective organisations as well as contract managers;
  • minutes and records of all contract management meetings, including a record of all agreements reached and persons responsible for any required actions; and
  • committee arrangements for the management of complex contracts with multiple stakeholders. The manual notes that it can be useful to establish committees with membership that is representative of stakeholders and end-users. These committees should meet at key points in the contracting cycle, and should be supported and maintained for the agreed period of time.

2.44 The contract management manual also notes that in relation to providing feedback to contractors:

  • regular meetings and reviews are the norm for more complex contracts; and
  • contract managers should document the outcomes of all discussions with contractors.

The governance framework

2.45 The 2013 and 2014 contracts specified a governance framework with two layers:

The Department’s governance framework has been developed to support the effective delivery of services under this Contract. A key feature of the governance framework is two distinct layers of governance to provide clear pathways to raise, discuss, respond to and resolve issues:

a. senior management — to address issues at the strategic/tactical level; and

b. local management — to address issues at the delivery levels.

2.46 In late October 2012, some months before the contract signing, the department wrote to the garrison and welfare service providers to provide an overview of the governance framework for the offshore processing centre contracts. DIBP also provided a diagram for offshore governance arrangements (see Figure 2.3 below).

Figure 2.3: Initial governance arrangements to support service delivery: onshore and offshore detention services contracts

Initial governance arrangements to support service delivery: onshore and offshore detention services contracts

Source: Extract of DIBP 2012 governance arrangements to support service delivery, excluding DIBP internal arrangements. As provided to offshore service providers in October 2012.

2.47 The 2013 contract required senior management meetings every two to three months with individual service providers and every six months with all service providers (referred to as joint service provider meetings). In practice:

  • between November 2012 and March 2014 across the four contracts a total of four individual service provider meetings were held—two with G4S and one with The Salvation Army and Save the Children. A further individual service provider meeting was held with Save the Children in May 2014. There were no DIBP records of meetings with Transfield72; and
  • between November 2012 and March 2014 two joint service provider meetings were held.73

2.48 The 2014 contracts specified a governance framework that required additional local level meetings, but did not specify the nature or frequency of senior management meetings, instead noting that meetings were to be held as required. All other meetings were to be held as required. In June 2015 the Contract and Services Management Branch wrote to service providers about introducing joint service provider forums and monthly individual service provider meetings.74 DIBP has maintained few records of these meetings. In practice:

  • four individual service provider meetings were held with Save the Children throughout 2015 and 15 individual meetings were held with Transfield between July 2014 and August 2016; and
  • between July and December 2015, three joint service provider meetings were held.75

2.49 The contract specified that a range of meetings were to be held at a local management level, for example, weekly departmental review meetings, involving DIBP and the service providers, were held to review performance and service delivery at the centres. DIBP has maintained few records of the required meetings.

Recommendation No.1

2.50 The Department of Immigration and Border Protection ensure that contracts and supporting documentation clearly specify—including through articulating applicable standards and timeframes—the goods and services to be delivered.

Entity response: Agreed.

2.51 The Department’s Procurement Manual clearly stipulates the need for contracts to contain well-defined requirements. The Department acknowledges more work is required in ensuring these requirements are translated into our contracts and supporting documentation, including the need for staff to receive additional training and the establishment of a compliance and assurance programme that incorporates this issue within its scope.

2.52 A programme has commenced to increase the professionalisation of staff involved in procurement and contract management across the department. Training includes the need to clearly specify the goods and services required and the measures by which the service provider(s) will be measured.

2.53 An enhanced intranet suite of pages will provide improved guidance to officers undertaking procurement, which will free up Procurement and Contracts Branch staff from low risk/value procurements and allow them to focus on complex and strategic procurements. This will provide the opportunity to enhance the level of support to officers involved in these procurements, including providing guidance on clearly specifying requirements and managing contracts.

2.54 The procurement reform programme will see the inclusion of a programme of compliance and assurance activities across the broad range of the department’s procurements. These assurance activities will include Management Initiated reviews and Internal Audits and will provide the department’s executive with increased assurance that procurement across the department is delivering value for money and meeting legislative and policy requirements, including that deliverables are clearly articulated in contracts.

3. Managing the contracts

Areas examined

This chapter examines the Department of Immigration and Border Protection’s (DIBP) management of the garrison support and welfare services contracts, including whether DIBP has arrangements in place to maximise the overall value for money of the contracting activity and to meet all management and reporting responsibilities.

Conclusion

The department did not put in place effective mechanisms to manage the contracts. Other than the contracts, there was no documentation of the means by which the contract objectives would be achieved. In the absence of a plan, assurance processes such as the inspection and audit of services delivered, has not occurred in a systematic way and risks were not effectively managed. In addition, the department has not maintained appropriate records of decisions and actions taken in the course of its contract management. As a consequence, the department has not been well placed to assess whether its service strategies were adequate or fully met government objectives.

Areas for improvement

The ANAO has made a recommendation for the improvement of the current contract management framework relating to the centres, focusing on the development of an approved contract management plan.

3.1 A contract management framework can support the implementation and management of a complex contract, and help ensure that what is negotiated as value for money is actually delivered. Contract management strategies include the development of a contract management plan—which typically contains a summary of key contract details and is an aid to managing risks to the success of contracts and ensuring that important obligations are not overlooked—and assurance mechanisms such as a quality inspection and audit program.

Were the contracts managed effectively?

The department did not develop an effective framework and strategies to manage the contracts and is not well placed to determine if the contract objectives have been fully met. Some four years into managing the contracts, a contract management plan was not fully in place, despite the complexity, risk and value of the contracts.

  • At the time the ANAO was finalising this performance audit (in October 2016), DIBP provided a contract management plan which was approved by the Contract Administrator on 13 October 2016. DIBP advised it was implementing this plan.

DIBP did not adopt a systematic approach to monitoring the large number and variety of goods and services delivered under the contracts. A structured quality inspection program was not implemented and only three of the monthly scheduled audits for the period December 2014 to October 2015, were conducted.a From April 2015 no audits occurred.b

While services have been delivered day-to-day, the absence of standards and a systematic approach to monitoring delivery have reduced the ability of the department to verify that:

  • key welfare services have been delivered in accordance with contracted requirements;
  • facilities have been appropriately maintained;
  • asset registers were adequately maintained in accordance with the contract; and
  • responsibilities for work, health and safety are clear and requirements were being met.

Note a: The audits occurred in December 2014 and in February and March 2015. No audit was planned for January 2015.

Note b: The contract management plan signed on 13 October 2016 requires the development of an annual audit program. At the time the ANAO was finalising this performance audit, DIBP had not developed an annual audit program.

Contract management plan

3.2 DIBP’s Contract Management Manual identified a contract management plan as a key tool for managing contracts to ensure that deliverables are provided to the required standard, within the agreed time frame, and ‘value for money’ outcomes are achieved. The contract management plan must include a process to ensure regular review and management of contract risk. DIBP guidance indicates that the contract management plan should be developed at the same time as the contract:

To support the contract start up and effective contract management, most of the work required for developing a contract management plan should be done at the time the contract is being developed.

3.3 The Contract Authority (and the Contract Administrator) for the garrison support and welfare contracts did not finalise contract management plans for the 2013 and 2014 garrison support and welfare services contracts. The lack of a documented plan to manage the contracts means that it would be difficult for DIBP to assess the extent to which the contract activities were achieving the desired results. This is a significant omission from DIBP’s contract management framework.

3.4 The department was aware of the omission. An internal audit report had highlighted key lessons from the 2013 contracts and recommended that DIBP:

  • ensure there was a process in place to develop and maintain documented risk assessments throughout the term of contracts;
  • develop, maintain and implement a detailed Contract Management Plan and associated documentation, supported by appropriate assurance activities; and
  • develop an appropriate performance management framework and associated performance standards, metrics and key performance indicators.76

3.5 In responding to the internal audit report, the area responsible for managing the contracts (Contracts and Services Branch) advised that structures were in place to manage the 2014 contracts. The department did commence the development of a contract management plan for the 2014 contracts, but the plan was not completed or approved by the Contract Authority or Contract Administrator. While individual contract management staff sought to implement aspects of the draft plan, there was no evidence that the plan was used as the basis for managing the 2014 contracts. DIBP was unable to provide records to demonstrate that it had systematically measured whether the services provided were in keeping with the contract objectives—services broadly comparable, but not exceeding those available in the Australian environment.

3.6 At the time the ANAO was finalising this performance audit (in October 2016), DIBP provided a contract management plan which was approved by the Contract Administrator on 13 October 2016.77 DIBP advised that it had implemented the plan and was also developing a contract management framework to assist in managing all detention contracts in Australia and offshore. The department further advised that it expected to fully implement the framework within 12 to 18 months (between October 2017 and April 2018).

Quality inspections and audit

3.7 The department did not implement a structured quality inspection and audit program in Nauru and on Manus Island.

3.8 For the 2013 contracts, DIBP developed inspection checklists to assist its service delivery staff in Nauru and on Manus Island perform their contract management roles. Used effectively, the checklists could have helped on island departmental staff to determine if contracted goods and services were delivered to an acceptable level, and more effectively manage the handover to new staff commencing their rotation on Manus Island or in Nauru. While the department held no records of completed checklists for the 2013 contracts, there were email records to suggest that some staff had used or reported using the checklists. There was also limited email evidence of service delivery staff providing feedback to service providers following a site inspection. Inspection checklists were not developed for the 2014 contracts.

3.9 For the 2013 contracts, there was some evidence that individual contract management staff in National Office developed and maintained checklists to help monitor some deliverables (including the development of policies, procedures and guidelines, and management plans). These checklists were not always complete. There was no evidence that the checklists were used in a systematic way as part of the contract management process, or that the lists were consistently used by members of the contract management team. In respect to the 2014 contracts, a checklist of some contract deliverables (primarily focusing on the development and review of management plans and OPC Guidelines) was again developed for National Office, but not used in a systematic or consistent manner.

3.10 The department developed an audit schedule for the 2014 Transfield and Save the Children contracts. Transfield was advised that:

Through undertaking audits we are able to identify if the right measures are in place to ensure and address fundamental issues in organisational performance such as strategy execution and operational efficiency.

Upon completion of the audit a report will be collated which will provide an accurate tracking of Transfield’s performance, stimulates action on emerging issues and supplies a rich backdrop of relevant information against which to make strategic decisions.

3.11 The department planned to commence audits each month between December 2014 and October 2015 (excluding January 2015) focusing on different aspects of the contracts. It was also intended that these audits could be undertaken for more than one provider. For example, audits of staff qualifications were undertaken for Transfield and Save the Children in February 2015. The department did not conduct any audits between April and October 2015. No further audits were planned or occurred.

3.12 The contracts provided for the delivery of a broad range of services essential to the operation of the offshore processing centres. While many services have been delivered day-to-day the absence of standards within the contracts and a systematic approach to monitoring delivery—such as quality inspections and audits—has resulted in the department being unable to verify through its contract management activities that services were delivered in accordance with contract requirements and to an acceptable standard. In particular, the department is unable to verify that:

  • key welfare services have been delivered in accordance with contracted requirements;
  • facilities have been appropriately maintained;
  • asset registers were adequately maintained in accordance with the contract; and
  • responsibilities for work, health and safety are clear and requirements are being met.
Monitoring by the Chief Medical Officer

3.13 DIBP’s Chief Medical Officer (CMO) has undertaken periodic reviews of the conditions in the offshore processing centres and these reviews form part of DIBP’s control environment.78 The CMO’s reviews have drawn attention to work, health and safety issues relating to the garrison support and welfare services contracts, including: increased risk of infections and disease due to vermin and pests; water pooling; extensive mould79 and inadequate cleaning of wet areas; inadequate food hygiene; and overcrowded accommodation. DIBP has often been slow to respond to issues raised by the CMO or service providers. Where the Contract Authority or Contract Administrator has required service providers to address issues, there is limited evidence of DIBP following-up to ensure that works have been undertaken to an acceptable standard (see Case study 1 for an example relating to the remediation of mould).

Case study 1. Remediation of mould in accordance with contract arrangements

The department had not agreed maintenance management plans or cleaning plans. Mould management was not specified in Transfield’s 2013 or 2014 contracts.

In February 2015 the department received a contractor (Transfield) commissioned report (also referred to in footnote 83), that concluded:

… air quality testing and associated microbiology has found that all accommodation tent environments [in the facility in Nauru] fail to meet the Australian Mould Guideline by each having >10m2 of visible mould growth. Therefore, all the accommodation tents require disposal and replacement with new or decontamination …

In July 2015 (5 months after the mould report was provided to DIBP) the department entered into an arrangement with Transfield to remediate the mould, comprising a steam cleaner and six additional cleaning staff. It was anticipated that over a period of months the tents would be cleaned inside and out such that the Australian mould guideline would be met.

A site walk report prepared by a DIBP officer in Nauru dated 23 August 2016, noted that there had been no progress on mould remediation in the single adult males’ compound and DIBP requested that Transfield commence mould remediation in the families and single adult females’ compound. DIBP advised the ANAO that as at 1 December 2016, mould remediation works had been completed for four of the 13 marquees in the single adult males’ compound and that mould remediation continues in the families and single adult females’ compound.

The department further advised the ANAO in December 2016 that:

Mould is a persistent issue at the Nauru RPC due to the high humidity conditions. Mould remediation work is required to be performed to a high standard and for work, health and safety reasons requires specialist cleaners and relocation of affected residents within the accommodation tent. Difficulties have been encountered in residents refusing to vacate the compounds to allow the mould remediation to take place.

Did the department manage contract risks?

An Offshore Processing Programme Risk Management Plan was developed by DIBP’s program management office. The plan identified program and fraud risks associated with the offshore processing centres. However, the risk management strategy relied on controls that were not always in place or operating effectively, and the risk assessment was not reviewed or updated when risks materialised.

3.14 DIBP’s Contract Management Manual (version 1.3 August 2014) provides that:

Under DIBP policy, a risk assessment must be undertaken and a risk management plan developed, commensurate with the value, complexity and perceived risk of the contract, for every contract.

In particular, risks must be assessed where a contract affects, or may affect, the workplace health and safety of the department’s work environment. This includes reviewing the need for safety equipment or training which is appropriate to the operational circumstances of using the goods or services acquired …

The risk assessment and risk management plan associated with a contract must be reviewed periodically… A process to ensure the regular review of contract risk must be built into the Contract Management Plan.

3.15 In addition, the Manual provides that risk management plans should consider:

  • contract risks—are the risks associated with the delivery of the goods or service, or expenditure of the funding by the contractor—such as, the contractor does not deliver what is required [DIBP’s process for managing this risk through the performance framework are addressed in Chapter Four of this report]; and
  • contract management risk—is the risk associated with the management of the contract—such as DIBP does not meet or comply with accountability requirements.80

3.16 Following the commencement of Operation Sovereign Borders in September 2013, a draft Offshore Processing Programme Risk Management Plan was developed by DIBP’s program management office.81 The draft plan identified program and fraud risks associated with the offshore processing centres and was last updated in mid-November 2013. Risks identified in the plan included: death or serious injury (including sexual assault); significant loss of infrastructure; loss of essential services; failure to maintain infrastructure; failure to deliver contracted services efficiently or effectively; ineffective financial management; and fraudulent activity by staff or service providers. DIBP’s offshore contract management section also developed a draft risk management plan which was last updated in July 2014 and included a number of risks and contracts which were similar to the Offshore Processing Program Draft Risk Management Plan.

3.17 The program management office documented controls which would be relied on to manage the risks. The controls relied on the Contract Authority and Contract Administrator putting in place appropriate arrangements to support the contract. The ANAO’s review indicated that documented controls relied on to mitigate risk were often not in place, or not fully implemented at the time of this audit, see Table 3.1.

Table 3.1: Risk controls documented by the project management office

Risk controls

Evidence of the control’s implementation

Governance arrangements are in place and meetings are regularly held.

Governance meetings were not always held in accordance with the contract requirements and records of many meetings were not maintained.

Processes and procedures are in place, and staff are trained in end-to-end processes.

No available evidence.

Performance framework in place.

See Chapter 4.

The Department conducts assurance activities to ensure the service providers are meeting their obligations.

No available evidence.

Continuous improvement processes are in place.

No available evidence.

Contingency plans are in place.

No available evidence.

Targeted contract management training of DIBP staff.

No available evidence.

A dedicated finance team processes all invoices.

The finance team did not conduct its activities in line with the Accountable Authority Instructions.

All service providers have undergone due diligence investigations through the procurement process.

Due diligence did not occur during procurement activities.

   

Source: ANAO analysis of DIBP documentation.

Were contract management records captured and managed in accordance with departmental guidelines?

The department did not develop a systematic approach to establishing and maintaining records in support of the contracts. Key records were not created, could not be found or were incomplete. Poor record keeping has affected DIBP’s capacity to satisfy accountability requirements and protect the Commonwealth’s interests. For example, the department:

  • did not update its asset register and advise Comcover of new facilities in Nauru valued at $75 million. As a consequence the facility was not insured when it burnt down in a riot in 2013, shortly after being commissioned; and
  • was unable to respond to many ANAO requests relating to evidence of contract deliverables.

The ANAO’s review identified shortcomings in record keeping relating to incidents at the centres. There was a significant variance in the records of incidents held by DIBP and service providers. While DIBP’s records of incidents started to improve from late 2014, there remained differences between it and Transfield’s records. As a result, the department cannot be entirely confident that it is reporting accurately on incidents to internal and external stakeholders.

In respect to the retention of digital (audio-visual) records, available evidence indicates that relevant contract guidelines were not always complied with. The department advised the ANAO that all digital (audio-visual) records of incidents were maintained by Transfield’s sub­contractor Wilson Security, on its behalf. DIBP did not have in place any arrangements to ensure that these digital records were being appropriately maintained. DIBP has no assurance that the visual records retained by the subcontractor are in keeping with the centre guidelines which prevent the capture of visual records of the centres and of asylum seekers, with the exception of incidents and CCTV footage. In addition, the department could not make available any records to demonstrate that the privacy of individuals, including in relation to filming children without parental consent, had been considered in respect of filming, handling or storage of these digital records.

3.18 DIBP’s contract management manual provides that adequate records must be maintained throughout the life of a contract, relating to: the contract and any variations; performance management under the contract; meetings; contract management activities such as risk assessments, transition out plans and checklists; evaluation plans; lessons learned and feedback; key decisions and actions relating to the contract; key communications with the contractor; and materials generated as part of delivering contracted services.

Record keeping

3.19 The department’s Contract Administrator and contract managers did not establish records management arrangements for the 2013 and 2014 contracts. The ANAO’s review indicates that DIBP contract management records were held by a variety of parties, across a variety of systems, in both paper and electronic format. Some records were only held in paper form or in shared electronic folders in Nauru and on Manus Island, by DIBP or contractor staff. DIBP (National Office) staff maintained records in shared folders in National Office, in individual and group email records, as loose papers, and as paper or electronic files in the department’s record keeping system. In addition, there was no systematic approach or minimum expectations applied by the Contract Authority or Administrator or contract management staff, in relation to records creation and maintenance, including the systems in which they were to be maintained. This ad hoc approach meant that key records could not be found, were duplicated or were incomplete.82 Deficiencies in record keeping extended to briefings to Ministers—to locate such briefings, the ANAO searched a variety of corporate records, emails and records held in the Parliamentary Workflow System.

3.20 In late 2014 an internal audit noted that it was important for DIBP to consider and incorporate the lessons learned from expired contracts in the new arrangements at the offshore processing centres. Thirteen lessons learned were identified to be incorporated in future offshore processing centre contract development and management, including a record keeping lesson:

Internal Audit’s discussions have highlighted that documentation regarding DIBP’s previous experience on Manus Island was unable to be located. As a result, previous learnings from the experiences on Manus Island have not been explicitly incorporated into the G4S contract and arrangements.

3.21 Poor record keeping can affect an entity’s capacity to learn from past experience83, satisfy accountability requirements and protect the Commonwealth’s interests. DIBP did not update its asset register and advise Comcover84 of new facilities in Nauru. The value of these facilities was $75 million. As a consequence, the facility was not insured when it burnt down in a riot in 2013, within weeks of it being commissioned.

Accessing records

3.22 The department often experienced difficulty gaining timely access to records generated under the contract, or was unable to access certain records held by service providers. For example, DIBP experienced delays of up to 18 months in accessing contractor records relating to policy and guidance material, incident records and un-redacted individual management plans. In a number of cases the department did not retain its own record of service provider responses to requests.

3.23 The department was unable to respond to many ANAO requests relating to evidence of contract deliverables. For example, in respect to contract requirements to maintain digital records of incidents, the ANAO requested relevant digital (audio and visual) records from the department. DIBP advised that it did not hold any digital records and that Transfield’s subcontractor (Wilson Security) held these records (see paragraph 3.30).

Records of incidents

3.24 The 2013 and 2014 contracts required the reporting of all incidents to DIBP. For the duration of the 2013 contracts the department (National Office) adopted the practice of filing situation records in DIBP’s record keeping system.85 DIBP did not maintain a data base of incidents and follow up actions, making it difficult for it to identify trends or put in place appropriate risk mitigations. Under the 2013 contracts, G4S maintained incident reporting on Manus Island in respect of its 2013 contract. Wilson Security (a Transfield subcontractor) performed this role on Transfield’s behalf in Nauru for the 2013 contracts, and in Nauru and on Manus Island for the 2014 contracts.86

3.25 In mid-2014 the department introduced its own data base system for recording incident records. Known as POMS87, this data base uses the same software as Wilson Security’s incident reporting system. DIBP (National Office) receives an incident report and re-enters it into POMS. There is no record of DIBP requesting direct access to Wilson Security records from Transfield to avoid duplication of effort.

Differences in incident record holdings

3.26 There was a significant variance in the records of incidents (occurring in Nauru and on Manus Island between 2013 and 2016) held by DIBP and service providers. Overall DIBP held 8009 records of incidents, Transfield held 12 104 records.88 While DIBP’s records improved following the introduction of POMS in October 2014, there remained differences between it and Transfield’s records. Transfield’s and Wilsons records also differed. The highest difference between DIBP’s and Transfield’s records was in the second quarter of 2014 where the difference was 980 records. Wilson Security’s records differed from Transfield’s by 64 records. At the lowest point, the second quarter of 2015, the difference between DIBP and Transfield’s record was 13. As a result of the differences the department cannot be entirely confident that it is reporting accurately on incidents to internal and external stakeholders. Incomplete records also make it more difficult for DIBP to monitor trends and the effect of any corrective action.89 The department did not hold records of it conducting incident analysis, analysis of trends or post incident reviews.90

3.27 There was also some inconsistency in the categorisation of incidents within and between critical, major, minor categories across the department’s and service provider records. For example throughout the 2014 contract a total of 76 incidents were categorised as critical by Transfield, the department’s records show only 27 critical incidents. In the second quarter of 2016, Transfield records show ten critical incidents while the records held by DIBP show six critical incidents.

Incident data recordings

3.28 Consistent with the contract, the offshore processing centre guidelines provide for the collection of digital records (audio-visual). Digital records are to be made on a continuous (24 hour/7 day) basis, where CCTV (closed circuit television) has been installed and the department has provided written approval.

3.29 Footage which captures evidence that may be relevant to an incident is required to be provided to DIBP within 24 hours, as are any other recordings deemed to be of interest. Footage not related to incidents must only be retained for 28 days. The circumstances in which a service provider may make (and keep) a digital record using a camcorder or other recording device during work in the centre are limited to certain situations such as the use of force, where an asylum seeker or staff are searched (accommodation and/or bags) or where the service provider knows that evidence may be required of the actions of service provider personnel. 91 Other than in these specific circumstances recordings and photos must not be taken in the offshore processing centre or of asylum seekers.92

3.30 The department advised the ANAO that Transfield’s subcontractor Wilson Security held digital records on its behalf, but it was not able to provide any details about those records including the extent and nature of the records. The ANAO reviewed digital records of incidents held by Wilson Security. The ANAO’s review indicated that:

  • video and incident records did not always reconcile. There were records of incidents which noted that video existed of an incident, but no corresponding video; and
  • during incidents there were gaps in the recording of incidents.

3.31 The ANAO was initially advised by DIBP that almost eight terabytes of digital records were stored.93 Two terabytes of data was made available by Wilson Security to the ANAO on 7 December 2015. Wilson Security advised the ANAO (on 8 December 2015) that the difference in data volume (six terabytes) was accounted for as follows:

… the original amount of footage that we originally estimated was greatly reduced for the following reasons:

  • We originally sized up our entire video footage on the servers, however on further inspection we realized the majority of the footage was unrelated to incidents or investigations within the centre. The data provided to you was all the footage related to incidents or investigations in the centre/s. Videos including community events, training videos, assessment videos and other such unrelated video data was not provided.
  • ABF installed CCTV systems in Manus in May 2015. The footage stored on these CCTV systems in Manus is stored on island on a HDD that is the property of ABF [Australian Border Force]. This is in accordance with the RPC Guidelines for handling video (i.e. When an incident occurs, Wilson Security store the video on an ABF supplied HDD). Please note: all CCTV footage in Manus relating to incidents and investigations prior to May 2015 has been provided in the hard drives you picked up yesterday (in the folder titled ‘Old Maa’ in the Manus Harddrive).

3.32 Wilson Security further advised the ANAO in December 2016 that:

Wilson Security has provided all relevant stored video data to the audit. Additional data is held regarding community events, training videos, assessment videos and other unrelated events. I have instructed that these data be audited to confirm their compliance with the RPC Guidelines. I am confident that this audit will demonstrate a high level of compliance. I am advised that the guidelines are well understood, that compliance with them is mandatory in the business.

3.33 DIBP did not have in place any arrangements for monitoring the creation, access or maintenance of the digital records collected. As a result DIBP has no assurance that the visual records are being maintained appropriately or that they are in keeping with the centre guidelines which prevent the capture of visual records of the centres and of asylum seekers, with the exception of incidents and CCTV footage.

3.34 There are privacy implications associated with the filming, handling and storage of digital records, including in respect to securing parental asylum seekers’ permission to record minors. The department could not make available any records to demonstrate that relevant permissions for filming had been sought. Issues related to filming children without parental consent and the storage of footage, were raised by the CEO of Save the Children in correspondence to the department as early as October 2014.

3.35 The ANAO has made a recommendation (see paragraph 4.54) for the improvement of the current contract management framework relating to the provision of garrison and welfare services at the centres.

4. Performance management

Areas examined

This chapter examines the development and implementation of the performance management framework for the garrison support and welfare contracts.

Conclusion

The department developed a comprehensive and risk based performance framework for the contracts to help it assess provider performance. However, development of the framework was delayed and in applying the framework the department was not consistent in its treatment of different providers. Performance measurement under the framework relied heavily on self-assessments by providers and the department performed limited independent checks. Delays in the department’s review of self-assessments and the provision of feedback on contractor performance eroded the link between actual performance and contract payments. Risk assessment was a key component of the performance reporting processes and while risk assessments were conducted, DIBP did not review risk ratings or determine if controls and mitigations were in place and working. In the event, risks materialised in both the 2013 and 2014 contracts.

Areas for improvement

The ANAO has made a recommendation aimed at improving DIBP’s implementation of the performance management framework.

4.1 The DIBP Contract Management Manual (Version 1.3, July 2014) states that:

Performance management is a vital element of successful contract management. It must be undertaken at regular intervals throughout the life of the contract, and in accordance with any Service Level Agreement or Key Performance Indicators included in the contract …

Was a performance management framework developed and implemented for the 2013 contracts?

DIBP developed a performance framework to manage the 2013 contracts. The framework was comprehensive, adopting a risk based approach and was intended to drive service provider behaviour. However, the contracts were for durations of up to 12 months, and the new approach was not implemented until July 2013. This meant that two-thirds of the G4S contract period and half of the Transfield and The Salvation Army contract periods had elapsed before the framework was implemented. No systematic monitoring of performance occurred prior to implementation of the framework.

The DIBP Contract Administrator awarded Transfield and The Salvation Army an excusable performance failure from all performance reporting (including performance monitoring and assessment) in Nauru for the period July 2013 to March 2014. The excusable performance failure was awarded due to the loss of facilities following the riot and fire in Nauru in July 2013. The combined effect of the excusable performance failure and delay in the framework’s development was that performance monitoring or assessment was not undertaken in Nauru for the duration of the 2013 contracts.

On Manus Island, The Salvation Army and G4S provided the department with individual and joint service provider reports on their performance. However, there is limited evidence that the department reviewed the reports submitted. The individual service provider reports were often incomplete and/or unsigned, and the process did not provide a solid basis for managing risk. Risk ratings and mitigations were not reviewed over the period despite a range of risks eventuating.

DIBP did not develop a transition plan to manage the changeover between the 2013 and 2014 contracts, nor did it conduct a risk assessment to identify and mitigate risk. Significant risks materialised in the transition period, such as major riots which occurred on 16–18 February 2014.

Key features of the performance framework—2013 contracts

4.2 Services commenced in Nauru in September and on Manus Island in November 2012, under Letters of Intent and Heads of Agreement arrangements pending contract signature. In December 2012, the department gave service providers a Regional Processing Centre Performance Management Framework which linked performance under the contract to the program’s vision, outcomes, key deliverables and measures.94 It was expected that Key Performance Indicators (KPIs) and Key Risk Indicators would be developed for administrative performance, the statement of work, and relationships and challenges.

4.3 The performance management framework for the 2013 contracts was to be agreed within eight weeks of contract commencement, and performance monitoring and assessment was to be undertaken on a monthly basis. This timeframe reflected that the contracts were for 12 months or less in duration and that the department would need to consider provider performance for any future procurement activities. The framework took six months to finalise, by which time two-thirds of the G4S contract period and half of the Transfield and The Salvation Army contract periods had elapsed. No systematic monitoring of performance occurred in the interim.95

4.4 In the 2013 contracts, the department focused the performance framework towards a risk-based model (rather than abatement, as used onshore) to drive service provider behaviour:

… the intention is to move away from something that puts abatement as the primary focus as we are aiming to drive continuous improvement and better practice.

… incentive/abatement is a by-product (or the result) of performance and performance measures rather than the driver of performance — we don’t want to use them as tools to drive a behaviour.96

4.5 A set of performance measures was agreed with G4S by 5 March 2013, and with Transfield and The Salvation Army by 28 March 2013. The performance measures are set out in Table 4.1. The development of a performance reporting framework for Save the Children was not completed for the 2013 contract.

Table 4.1: Key performance indicators, 2013 contracts.

Key Performance Indicator

KPI Outcomes

The Salvation Army 2013: Number of Performance Measures by Indicator

G4S 2013: Number of Performance Measures by Indicator

Transfield 2013: Number of Performance Measures by Indicator

1. Welfare

The cultural, spiritual, social, mental and emotional wellbeing of asylum seekers and asylum seeker community is maintained and positively influenced by service provider involvement where practical.

11 measures, key responsibility

3 measures, key responsibility

3 measures, key responsibility

2. Care

The physical wellbeing of asylum seekers and the overall asylum seeker community is maintained and positively influenced by service provider involvement.

8 measures, key contract responsibility

9 measures, key responsibility

9 measures, key responsibility

3. Security

The safety, integrity and good order of the facility, its people and its operations are maintained.

Not applicable

6 measures, key responsibility

6 measures, key responsibility

4. Education services, and recreation

Asylum seekers are given the opportunity to access education achieving reasonable education and training outcomes to accepted professional standards.

No measure, measures key responsibility

No measure

No measure

5. Counselling

Asylum seekers are given the opportunity to access counselling services to accepted professional standards.

Not applicable

Not applicable

Not applicable

6. Logistics, Reporting and Support

The efficient, effective and economical operation of the centre is maintained. Performance reports are completed accurately and submitted in a timely manner.

2 measures, key responsibility for reporting

6 measures, key responsibility

6 measures, key responsibility

7. Strategic and Relationships

The Service Provider takes a collaborative and integrated approach to the provision of services, will be effective in managing complex stakeholder and governance issues, and builds long term relationships with the Department and other service providers.

managed through joint service provider report

managed through joint service provider report

managed through joint service provider report

Total

 

21

24

24

         

Note a: Save the Children measures for the 2013 contracts have not been included as a performance framework was not agreed with Save the Children for the 2013 contract.

Source: Summary of 2013 contract KPIs and ANAO analysis of agreed measures for individual service provider reports for 2013 contracts.

4.6 Following the development of performance measures, the department decided to adopt a staged implementation, as the arrangements were different from other contract management performance frameworks in the department (including those applying to onshore detention centres). This resulted in a bedding down period, with the first performance report due in mid-August 2013 for the reporting period July 2013.

4.7 Performance measurement relied on the service providers conducting self-assessments (individual service provider reports, known as ISPRs) and providing those assessments to DIBP on a monthly basis. The department did not establish minimum expectations regarding the reports or supporting documentation. In addition, DIBP did not consistently apply audit or other review processes to gain independent assurance over providers’ self-assessments.97 To support departmental review of service provider self-assessments, DIBP developed checklists and observations sheets for service delivery managers on Manus Island, but not in Nauru.

4.8 The performance framework also included a three tiered abatement regime to be implemented once the sites were operating in a business-as-usual mode. The abatement regime applied across all contracts. A decision was made in August 2013 to defer the application of the financial incentive and abatement regime, on the basis that policy changes had impacted on all service providers. The then Director Finance and Performance (DIBP) agreed to and notified service providers of the deferral. However, that position had no delegations or responsibilities in respect of the contract, and the matter was not approved by the delegate, the Contract Authority or the Contract Administrator.

4.9 The performance management framework enabled the service providers to develop an excusable performance failure process to excuse instances where a provider failed a performance measure due to circumstances or events beyond the service provider’s reasonable control. It was envisaged that an excusable performance failure would only be requested in the event of a second or third failure of the abatement regime.98 Under the process, only specified measures were suspended and other measures had to be met or abatements would apply. All service providers submitted excusable performance failure submissions under each of their contracts, with the exception of Save the Children under its 2013 contract. The department’s records of the process were incomplete. In some cases the department did not provide timely feedback on the outcome. The department’s records of action plans were also incomplete.

4.10 DIBP intended that contract risks be managed through the ISPRs and joint service provider reports. The process would require DIBP to assign a risk rating to each performance measure in ISPRs. This rating was to be agreed with the provider and reviewed monthly for the 2013 contracts and quarterly for the 2014 contracts. The risk rating would inform the value of abatement should performance failures arise without an agreed action plan or excusable performance failure. As part of its implementation, DIBP did not maintain records of the risk assessments or monthly reviews.

Nauru—Transfield and The Salvation Army—2013 contracts

4.11 Transfield and The Salvation Army did not undertake individual service provider reporting for the services they provided in Nauru under the 2013 contracts. As a result, no risk ratings were determined for Nauru. The reason for this was that the DIBP Contract Administrator had awarded (on 29 August 2013) an excusable performance failure from all performance reporting (including performance monitoring and assessment), commencing with the reporting period July 2013 and concluding in March 2014.99 The excusable performance failure was awarded due to the loss of facilities following the riot and fire in Nauru in July 2013.

4.12 In November 2013, DIBP’s Service Delivery Lead in Nauru advised the department’s National Office that nine of the 24 performance metrics were:

  • still significantly affected by events outside Transfield’s control—principally the extensive damage caused by the riot and significant changes in scope due to rapid expansion of the number of asylum seekers that were accommodated (from 500100 to 750, including the introduction of families) in Nauru; or
  • were reliant on the implementation of changed administrative arrangements by the Australian Government. These changes provided for the settlement of asylum seekers outside Australia.

4.13 DIBP’s service delivery manager recommended that due to these factors, these items should not be measured until business as usual returned. In December 2013 the department advised Transfield and The Salvation Army that the excusable performance failure relief for providing the department with monthly individual service provider reports had ended, with the exception of three performance measures where Transfield101 could not meet expectations due to infrastructure issues:

From 1 January 2013, Transfield and The Salvation Army are to submit monthly ISPRs and monthly JSPRs [joint service provider reports], and will be subject to the abatement regime for underperformance. Transfield and The Salvation Army’s first ISPRs will be due 15 January 2014.

… three ISPR contract responsibilities that Transfield are exempted from measuring and abatements until further notice …

4.14 In response, Transfield noted that with contract expiry imminent, and a possible early transition of the welfare scope and other concurrent activities, the end of relief had come rather suddenly. DIBP could not provide the ANAO with records of individual service provider reports for January or February 2014.

4.15 No joint service provider reporting occurred for operations in Nauru for the 2013 contracts.

Manus Island—The Salvation Army and G4S—2013 contracts

4.16 The Salvation Army and G4S were required to submit ISPRs and joint service provider reports for the duration of the 2013 contract. These reports were required monthly and it was intended that the department would review these reports as part of the performance management process.

4.17 The department maintained some service provider reports in its records management system102 which indicate that reports were submitted by:

  • The Salvation Army, relating to services provided on Manus Island for the period July 2013 to December 2013.103 A performance failure was recorded during this period. These records were not signed by the DIBP service delivery manager as required.
  • G4S for eight months (for the periods July 2013 to February 2014). For the 24 performance measures developed for G4S, reporting over this period indicated that G4S generally met or exceeded expectations. For one measure (timely resolution of complaints) there were three consecutive performance failures which could have led to abatement but did not.

4.18 G4S sought relief from the Performance Management Framework for a period, due to significant policy and administrative change in early August 2013.104 DIBP acknowledged the pressure G4S was under, but did not grant an excusable performance failure. In responding to G4S, DIBP noted that it expected G4S to continue to communicate with the department about performance and risk management as required by the contract, through the individual and joint service provider reports. On 23 December 2013, after G4S and The Salvation Army were advised that their contracts would cease, the performance officer in DIBP’s National Office reported to the Contract Administrator that:

Moving into the transition period, I recommend that service providers continue to provide their reporting … however we will cease to provide our feedback on these reports. It will be incumbent on [the Service Delivery Manager] to provide feedback on underperformance matters … This would allow the service providers to use the performance framework as a tool to manage risk that might arise during the transition period … It is my view that it would be difficult to enforce the abatement regime during this time if we are providing a less concerted performance monitoring effort …

4.19 The department has maintained (in DIBP’s records management system) some draft joint service provider reports submitted by The Salvation Army and G4S for the period August 2013 to December 2013 for services on Manus Island.105 For the four months where a joint report was available, the providers met expectations for all but one measure in the performance report. These reports were incomplete and unsigned by DIBP, G4S or The Salvation Army. Each of the reports indicated that G4S and The Salvation Army met expectations in relation to all performance measures.

4.20 While the department’s records indicate that it reviewed joint service provider reports106, there were no records indicating that it had reviewed the individual reports submitted by The Salvation Army or G4S for services delivered on Manus Island. The individual service provider reports were often incomplete and/or unsigned. Risk ratings and risk mitigations did not change over the period despite a range of risks eventuating. For example, G4S’s reports had the same risk rating—‘minor’—for all metrics, except for weekly departmental review meetings which had a rating of ‘low’, for the period August to February 2014. The ‘minor’ risk rating was retained despite the following events:

  • July 2013—a riot resulting in the destruction of facilities in Nauru;
  • August to September 2013—contract variation and significant increase in detainee numbers, as well as a change in detainee cohort resulting in a change from the centre moving from ‘low’ risk to ‘high’ risk;
  • October 2013—Border Force Review/Joint Agency Taskforce identified security risks to be addressed at the Manus Regional Processing Centre; and
  • February 2014—a riot involving detainees, a breach of entry security107, and a detainee death.

4.21 Email searches conducted by the ANAO of DIBP systems identified an offshore processing centre service delivery risk assessment for the 2013 contracts, which was last modified on 12 August 2013. The assessment identified five risks relating to service provider failure to deliver services.108 These risks were rated as ‘high’ or ‘medium’, and the assessment documented that the contract management team was relying on a number of controls to manage risk. While the risk assessment documented that the controls were considered to be effective, at the time of the risk assessment the controls were not in place.109 The risk assessment also documented that future controls to be implemented included: expansion and better targeting of performance measures; review and adjustment of performance measures; (in relation to incidents) trend monitoring and action plan to deal with emerging issues; increased auditing of contract compliance; improved invoice processing; and financial reporting and oversight. There was no record of these controls being implemented by the Contact Administrator.

4.22 From March 2014, The Salvation Army and G4S ceased service delivery on Manus Island and handed service delivery to Transfield. A six week period was allowed for the transition between contracts. During the transition period, The Salvation Army and G4S reported difficulty retaining and attracting staff. G4S wrote to DIBP and expressed concern that the transition posed operational risks, particularly given the short time provided for handing over services to Transfield (less than six weeks). G4S also noted that no matter how smoothly the transition went there would inevitably be a period of significant operational instability.

4.23 There is no record of the department responding to G4S. While the department required G4S to develop and implement a transition plan in the lead up to their contact ending, there is no departmental record that this plan was reviewed or approved by the department.110 DIBP did not develop its own broader plan to manage the contract changes, nor did it conduct a risk assessment to identify and mitigate risk. Two serious incidents occurred during the transition period (16 and 18 February 2014)111, which were reviewed by Mr Robert Cornall AO. The review made a number of recommendations including that the department review risks in the conduct of the Manus Island centre and to strengthen its risk management procedures.

4.24 An internal DIBP audit (August 2014) of the G4S contract identified that no formal processes were in place to ensure that a comprehensive, documented risk assessment of the offshore processing centre was: developed prior to the development of the contracts; and maintained over the period of the contracts.

4.25 Figure 4.1 shows the implementation of the performance framework in Nauru and on Manus Island relating to the 2013 contracts.

Figure 4.1: Implementation of performance framework for services in Nauru and on Manus Island—2013 contracts

Implementation of performance framework for services in Nauru and on Manus Island—2013 contracts

Source: ANAO summary of DIBP documentation.

Was a performance management framework developed and implemented for the 2014 contracts?

The department considered the performance management framework to be critical to its management of contractors. Notwithstanding the importance of the framework:

  • the framework was implemented after the 2014 contracts were in operation;
  • reporting relied on self-assessment by individual service providers, with limited independent checks to provide DIBP with additional assurance; and
  • reporting for each period for the 2014 contracts was not finalised in accordance with the established timeframes. Departmental delays in reviewing reports and providing feedback to contractors eroded the link between the performance framework, actual performance and contract payments. For example, the department advised Transfield of its March 2015 performance outcome in April 2016.

As with the 2013 contracts, DIBP needed to establish a risk rating for each performance measure. This process was planned to be directly linked to the timing and extent of any financial abatement for service failure. For Transfield and Save the Children, the first risk assessments were not agreed until late August 2014 and December 2014, respectively. This was five months after Transfield’s 2014 contract was signed.

The department did not hold any records to demonstrate that the risk assessment it developed for performance management purposes was used as part of the individual service provider reporting process for Transfield. In addition, risks were not reviewed when they materialised and there was inconsistency in the department’s management of risk. For example, DIBP’s response to allegations raised in the Moss Review relating to staff behaviour for Transfield differed from its response to Save the Children. DIBP required Save the Children to remove named staff in July and October 2014, when it had concerns regarding staff behaviour. In contrast, Transfield was permitted to conduct its own investigations into staff behaviour and only one staff member had their employment terminated due to alleged illegal behaviour. In two further instances, Transfield removed staff from working in the families’ compound, but they remained employed in the centre.

Save the Children was the only service provider to be abated over the course of the 2013 and 2014 contracts. It was abated for various failures identified as part of the individual service provider reporting process, including a number of information security breaches.

4.26 As they did not participate in performance reporting for their 2013 contracts, Transfield and Save the Children entered into the 2014 contracts without experience of DIBP’s performance framework.112 There were delays in finalising the performance framework applying to Transfield’s 2014 contract. It was implemented three months after the contract commenced.

4.27 Many of the contract responsibilities which formed the basis of the performance measures in the 2014 contracts were rolled over from the 2013 contracts. In some cases the measures were narrower, measuring through-put but not quality (see Appendices 2, 3 and 4). For example, in respect of the 2013 contract responsibility to carry out all routine and non-routine113 cleaning services of the site, the measure was 90 per cent compliance with all routine cleaning tasks conducted in line with the cleaning schedule and 100 per cent compliance with non-routine cleaning tasks within appropriate time frames. In 2014 the measure changed, focusing on the number of cleaning activities completed (as per the plan or as agreed through the weekly departmental review meetings) divided by the number of cleaning activities required to be completed (as per the plan or as agreed at meetings). The measure did not include non-routine cleaning tasks.

4.28 The performance measures were not applied consistently to different contractors. For example, both Transfield and Save the Children had welfare responsibilities, but the latter did not have a performance measure for the indicator relating to Care. Table 4.2 provides an overview of the key performance indicators applying to service providers for the 2014 contracts.

Table 4.2: Key performance indicators and performance measures applying to service providers, 2014 contracts.

Key Performance Indicator

KPI Outcomes

Transfield 2014a: Number of Performance Measures by Indicator and ANAO assessment of links to contract responsibility

Save the Children 2014a: Number of Performance Measures by Indicator and ANAO assessment of links to contract responsibility

1. Welfare

The cultural, spiritual, social, mental and emotional wellbeing of transferees and transferee community is maintained and positively influenced by service provider involvement where practical.

9 measures, key responsibility

9 measures, key responsibility

2. Care

The physical wellbeing of transferees and the overall transferee community is maintained and positively influenced by service provider involvement.

7 measures, key responsibility for males only

No measures, but key responsibilities for families, single women and children.

3. Security

The safety, integrity and good order of the facility, its people and its operations are maintained.

6 measures, key responsibility

6 measures, but not a primary responsibility

4. Education services, and recreation

Transferees are given the opportunity to access education achieving reasonable education and training outcomes to accepted professional standards.

No measures, but key responsibility

No measures, but key responsibility

5. Counselling

Transferees are given the opportunity to access counselling services to accepted professional standards.

No measures, but key responsibility

No measures, but key responsibility

6. Logistics, Reporting and Support (Other)

The efficient, effective and economical operation of the centre is maintained. Performance reports are completed accurately and submitted in a timely manner.

11 measures, key responsibility

3 measures, responsibility for reporting only

7. Strategic and Relationships

The Service Provider takes a collaborative and integrated approach to the provision of services, will be effective in managing complex stakeholder and governance issues, and builds long term relationships with the Department and other service providers.

3 measures, important for operation of the contract

3 measures, important for smooth operation of the contract

Total measures by service provider

 

36

21

       

Source: Summary of 2014 Contract KPIs and ANAO analysis of agreed measures for Individual Service Provider Reports.

Performance reporting—2014 contracts

4.29 Performance reporting commenced for Transfield in August 2014, and in September 2014 for Save the Children. In March 2015 the department’s National Office wrote to its on island service delivery staff noting delays in the timely completion of ISPRs and highlighting that:

… the performance framework and the ISPRs were critical to managing contractors, demonstrating value for money, its link to potential abatements and the risk that creep in the deadlines would make the framework useless.

4.30 For each reporting period for the 2014 contracts, the reporting process was not finalised in accordance with the timeframes established in the performance framework:

  • lags of up to two and a half months were initially experienced, for Transfield and Save the Children114 for the period August 2014 to February 2015. The framework required that unless in dispute, performance matters would be resolved within 15 days of the end of the reporting period. The delay eroded the link between the performance framework, actual performance and contract payments115; and
  • for the period March 2015 to October 2015, National Office advised Transfield of the outcome in April 2016. The department also accepted that there were a number of measures where no evidence had been provided.

4.31 As part of the individual service provider reporting process, DIBP’s on-site Service Delivery Team assessed Transfield’s self-assessment ratings included in its reports. For the August 2014 to February 2015 reports, DIBP National Office accepted Transfield’s ratings over the ratings of its service delivery staff on island. The reason for the revision in ratings was that National Office determined that it would accept Transfield’s rating without supporting evidence.

4.32 Checklists and observation sheets were not developed or implemented for the 2014 contracts to assist in conducting audit activities, and limited audit activity occurred. Not all performance measures were monitored or audited and the department had not determined what evidence it required to support the service providers’ individual assessment reports.

4.33 During the life of the 2014 contracts, the department audited four out of 36 measures for Transfield and none of the 21 measures for Save the Children. For one measure—the quality of individual management plans—departmental access to those plans was an issue for DIBP across all of its welfare services contracts116 and was not resolved until November 2015. Transfield (by then the only remaining garrison support and welfare service provider in Nauru and on Manus Island) agreed to provide access to individual management plans going forward.117

4.34 For the period November 2015 to February 2016, Transfield was advised of its performance outcome in April 2016. National Office only partly applied the performance framework during this period and advised Transfield that it would not be applying abatements during this period. At the time of finalising this audit report, DIBP advised the ANAO that it had finalised ISPRs for June (on 22 September) and July 2016 (on 2 December), and was in the process of resolving disputes for August and September 2016.

Assessing risk—2014 contracts

4.35 At the commencement of the 2014 contract (April 2014) the department conducted a management initiated review to consider the management of the contracts and contract deliverables. The draft review report found that:

At a strategic level, there is an absence of whole-of-centre risk analysis and management, considering both on island and National Office risks and incorporating the inputs from all key stakeholders.118

4.36 In respect to the risk management of incidents, the review indicated that the department’s National Office had:

  • not maintained strategic oversight or systematically conducted analysis of incidents to identify avoidable incidents or potential gaps in procedures for handling incidents, which under the contracts could result in immediate abatement under the performance framework;
  • maintained incomplete records of incidents and had sought further information on a case by case basis; and
  • not conducted any post incident reviews, whereas the guidelines for offshore processing centres required that: post incident reviews be conducted after a critical or major incident had been resolved; and a written report be prepared within one week of the resolution of the incident, focusing on actionable information to the DIBP operation team leader.119

4.37 As noted in paragraph 4.10, DIBP needed to establish a risk rating for each performance measure. This required the department to undertake a risk assessment and to update the assessment on a quarterly basis as part of the implementation of the performance framework.120 This process was planned to be directly linked to the timing and extent of any financial abatement for service failure. For Transfield and Save the Children, the first risk assessments were not agreed until late August 2014 and December 2014, respectively. This was five months after Transfield’s contract was signed and more than two years after both service providers commenced service delivery.121

Transfield

4.38 The department could not provide any records to demonstrate that it had undertaken periodic risk assessments between August 2014 and March 2015 and that the results of these assessments were used as part of the individual service provider reporting process for Transfield. Transfield was advised of one performance failure prior to the risk assessment being put into place. In addition, risk ratings were not reviewed or risks adjusted when risks materialised.

4.39 For example, as part of the performance framework both of the 2014 service providers had a key contract responsibility and performance measure related to staff behaviour. The measure was: all Transfield Services personnel incident reports are addressed or closed in the required timeframes as per the Transfield Services Human Resources requirements. Allegations of inappropriate behaviour against Transfield’s subcontractor (Wilson Security) staff were raised with the Minister in September 2014. The risk assessment that was subsequently developed (December 2014) identified staff behaviour as a high risk before treatment and a medium risk after treatment, with the treatment being that DIBP’s audit scheme would ensure that incidents were managed.122 The likelihood of the risk eventuating was assessed as unlikely. Further allegations were identified as part of the Moss Review, but DIBP did not reconsider the risk ratings or likelihood. The department did not consider whether there was an appropriate action plan that addressed staff behaviour, so that relevant performance issues did not remain outstanding in future performance periods.

4.40 Moss identified 42 incidents, 35 of which alleged illegal behaviour by Transfield or its subcontractor’s staff. As at June 2015, 25 of these matters remained open.123 Moss considered that these matters required individual follow up action. Transfield’s contract states that the department is responsible for involving the police or other authorities as required, except where reporting is mandatory under the law.

4.41 For some matters there is evidence that allegations of illegal behaviour were referred to the Nauruan Police. In other cases, the action required (as noted in briefings to DIBP’s Secretary) was referral of illegal behaviour to the Nauruan Police, but DIBP determined (based on internal legal advice) to instead refer the matter to the Australian Federal Police (AFP). When the AFP advised that it could not investigate the matters, they were referred to Transfield for investigation and subsequently referred to the Nauruan Police. Due to a range of circumstances, including individuals withdrawing complaints, this did not occur. In one instance a complaint was referred by Transfield to Save the Children on DIBP’s direction, with Save the Children advised (by Transfield) to refer the matter to the Nauruan Police. A Transfield staff member had their employment terminated. The matter was not referred to the Nauruan Police. In two further instances, Transfield removed staff from the families’ compound but they remained employed. The department observed (in a report by the department’s Child Protection Panel) that Transfield was slow to respond to the complaints; its response was iterative (that this occurred over a number of months) and its investigation was limited.

4.42 In comparison, subsequent to the commencement of Save the Children’s 2014 contract, DIBP assessed the likelihood of inappropriate staff behaviour as ‘possible’ and the associated residual risk rating as ‘high’, as part of the risk rating process for the individual service provider reports. While Save the Children disputed this likelihood assessment, DIBP’s Contract Authority made a final decision on the likelihood and risk rating for this measure on 19 December 2014:

In this situation where Save the Children is not in the process of addressing the staff conduct within the month, a financial withholding applies for the first performance failure of this measure.

4.43 The department promptly had Save the Children remove staff in July and October 2014, when it had concerns regarding staff behaviour. DIBP did not apply abatement.124

4.44 Figure 4.2 shows DIBP’s implementation of the performance framework for Transfield.

Figure 4.2: DIBP implementation of the performance framework for Transfield’s 2014 contract

DIBP implementation of the performance framework for Transfield’s 2014 contract

Source: ANAO summary of DIBP documentation.

Save the Children

4.45 In 2014 Save the Children had reported multiple security breaches to the department relating to asylum seekers accessing information that its case managers had stored on computers and portable storage devices.125 Other potential privacy breaches involving Save the Children related to the loss of IT storage devices, such as USB thumb drives. The devices were not encrypted despite their use to store the personal information of asylum seekers.

4.46 In accordance with the contract, the department asked Save the Children to investigate these breaches. Investigation reports identified that the breaches relating to information accessed on computers which had been provided to Save the Children through Transfield on DIBP’s behalf. These computers were in operation in a dedicated Save the Children office in September 2013. This area was re-purposed for asylum seeker use in October 2013.126

4.47 Save the Children employees were advised by Transfield that the computers in the internet room would automatically cleanse data from the hard drive and reload the operating system daily. The arrangement was contingent on computers being shut down and rebooted. In May 2014, an intelligence report identified that one computer contained asylum seeker records.127 For this to have occurred the computer was not shut down between September 2013 and May 2014 by Save the Children staff or by Transfield when the room and computers were re-purposed. This and other events led to the risk rating for information security breaches (for Save the Children) to be assessed as ‘high’ after mitigation action, which included potential audit of compliance with IT security procedures. These audits did not occur.

4.48 The department referred the matters to the Office of the Australian Information Commissioner (OAIC) in 2014. In 2015 the Australian Information Commissioner queried the adequacy of DIBP’s IT security arrangements for contractors and the department was asked to provide information to assist the Commissioner with his enquiries.

4.49 An internal minute to the departmental Contract Authority from DIBP’s Integrity Division, dated 23 June 2015, observed that:

It is unclear whether the Department has considered the adequacy of the information technology infrastructure available to contractors on Nauru in light of these incidents and comments that appeared in the report of the Philip Moss Review.

  • It is unclear whether the Department has conducted risk assessments or reviews to address the issue of information technology infrastructure.
  • It is unclear whether Transfield’s security risk assessment will address the issues raised in the Philip Moss Review.

4.50 Save the Children was the only service provider to be abated over the course of the 2013 and 2014 contracts. The total value of the abatements, which were applied in its 2014 contract, was $65 983 over the life of the contract ($48 508 in October 2014 and $17 475 in November 2014). Save the Children was abated for various failures relating to information security, as part of the individual service provider reporting process. Save the Children raised concerns about the abatement process, including the length of time it took for DIBP to determine performance outcomes which would lead to abatement. For example, on:

  • 5 May 2015 the department wrote to Save the Children about the October 2014 ISPR process which had been finalised in a letter from the Contract Administrator on 23 January 2015.
  • 5 May 2015 the Contract Administrator also wrote to Save the Children regarding the November 2014 ISPR performance failure and financial abatement.
  • 13 May 2015 Save the Children wrote to the Contract Administrator noting that the delays in finalising the ISPR process impacted Save the Children’s ability to develop and implement a corrective action plan for the November 2014 ISPR which was not finalised until 29 January 2015. On 9 July 2015 Save the Children wrote to the Contract Authority seeking a warning rather than an abatement for the November 2014 ISPR.
  • 9 June 2015 the Contract Administrator denied Save the Children’s request to provide an official warning rather than abate the service provider, noting that it took Save the Children more than one month to report an incident despite the service provider being aware of the need to comply with guidelines.

4.51 Figure 4.3 shows DIBP’s implementation of the performance framework for Save the Children’s 2014 contract.

Figure 4.3: DIBP implementation of the performance framework for Save the Children’s 2014 contract

DIBP implementation of the performance framework for Save the Children’s 2014 contract

Source: ANAO summary of DIBP documentation.

Application of the incentive regime—2014 contracts

4.52 The performance framework for the 2014 contracts included a cost reduction incentive to encourage the service provider to seek continuous improvements in cost efficiency, to be shared by the parties. While this was an important aspect of the 2014 contracts—which were intended to result in contract savings for the Commonwealth—there was no available documentation indicating whether the department had considered the incentive’s likely effectiveness in influencing provider behaviour.

4.53 In practice, the service provider would receive:

  • 50 per cent of any reduction in overhead and service delivery fees resulting from the service provider successfully identifying and implementing new or changed processes that improve performance and lead to cost savings for DIBP—referred to as an innovation bonus in the contracts. While the regime provided a material incentive for service providers (Transfield and Save the Children), there were no cost reduction incentive payments for overhead and service delivery fees for the 2014 contracts; and
  • 15 per cent of any reduction128 in pass through costs where the service provider undertakes continuous improvements that achieve cost efficiencies for the benefit of the department. This incentive could be claimed for three periods specified in the contract. Two incentive payments were made to Transfield, valued at over $6 million, comprising $3.85 million and $2.21 million for a reduction in pass through costs for periods 1 and 2, respectively. Transfield calculated that the actual pass through costs for period 1 and 2 were $37.7 million less than estimated in the contract.129 Incentive payments to Save the Children were never finalised as Save the Children did not provide the department with relevant calculations.

Recommendation No.2

4.54 The Department of Immigration and Border Protection introduce and implement a risk-based contract management plan, approved by the Contract Authority, and commensurate with the value, complexity and risks associated with the garrison support and welfare contracts. The plan should address: roles and responsibilities; the management of contractor performance; key timeframes and deliverables; risk management and mitigation strategies; the retention of key records; and the department’s approach to quality inspection and audit.

Entity response: Agreed.

4.55 The Department acknowledges the requirement for a risk based contract management plan for the garrison support and welfare contract. As at 13 October 2016, the Contract Authority approved the Broadspectrum Garrison and Welfare Contract Management Plan which addresses:

  • Roles and responsibilities;
  • Management of contracted performance;
  • Risk management and mitigation strategies;
  • Retention of key records; and
  • Approach to quality inspection and audit.

4.56 The key timeframes and deliverables have been defined in the Broadspectrum Garrison and Welfare Services Contract Schedule of Obligations which was developed in conjunction with the Contract Management Plan and implemented on 13 October 2016.

5. Managing payments and contract changes

Areas examined

This chapter examines DIBP’s financial management for the garrison and welfare support contracts. Variations, extensions and additional service requests are also considered.

Conclusion

An appropriate framework of controls was in place for payments under the contracts, including the authorisation of actual payments by a delegate. This control was intended to provide additional assurance over payments under the contractsa but did not always operate as intended. In respect to $2.3 billion in payments made between September 2012 and April 2016, delegate authorisations were not always secured or recorded: an appropriate delegate provided an authorisation for payments totalling $80 million; $1.1 billion was approved by a DIBP officer who did not have the required authorisation; and for the remaining $1.1 billion there was no departmental record of who authorised the payment.

In addition, this audit highlighted further weaknesses in the department’s management of procurement. Substantial contract variations totalling over $1 billion were made without a documented assessment of value for money.

Areas for improvement

The ANAO has recommended that DIBP take immediate steps to strengthen its control framework and its application of the Commonwealth procurement framework by assessing contract variations for value for money and ensuring these are supported by available Government funding.

Note a: In terms of providing an opinion on the department’s 2015–16 financial statements, and based on substantive analytical procedures, the ANAO found that in the aggregate, payments in 2015–16 were made for the purposes of the contracts. In the course of this performance audit, the ANAO also reviewed whether approved payments under the contracts were authorised by an appropriate delegate. This was an internal DIBP compliance requirement.

5.1 While an initial procurement establishes and provides a basis for value for money, ongoing contract management is necessary to ensure that an entity is obtaining the goods and services it is paying for. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) provides for an entity’s accountable authority130 to delegate powers131 to entity officials, or authorise officials to enter into, vary or administer an arrangement132 such as a contract. Within this context administering the arrangement includes making payments.133 DIBP’s Financial Delegations Instruments and Schedules (2012 to 2016) established the delegation structure and financial limits for delegates. 134

5.2 In respect to the garrison support and welfare contracts, the department’s offshore processing centre (OPC) guidelines set out financial approval arrangements that for operational and capital expenditure, including for additional service requests:

Unless approved by National Office Director Service Delivery–Garrison Support and Welfare Section, Nauru Infrastructure Section or Manus Infrastructure Section, or the relevant Assistant Secretary or First Assistant Secretary, expenditure is not approved and INVOICES WILL NOT BE PAID.

On Island staff … do not have delegation to approve expenditure by service providers contracted to deliver services at OPCs.135

5.3 The Secretary issued new Accountable Authority Instructions which came into effect on 1 July 2015. These instructions changed delegations by providing for ‘persons identified as contract managers’ to be delegated the power to administer arrangements. The delegation schedules at this time referred to an ‘arrangement administrator’.136 The Secretary issued new Accountable Authority Instructions which came into effect from 1 July 2016. These instructions changed delegations and provided for an ‘arrangement administrator’ to be appointed by the delegate.137 The arrangement administrator has responsibility for decision-making (including taking corrective action) and making payments under the arrangement.138

5.4 For the 2013 and 2014 contracts the ‘arrangement administrator’ role was specified as, and undertaken by, the Assistant Secretary, Contracts and Services Branch, who reports to the delegate. The delegate was the First Assistant Secretary, Detention Services Division—the Contract Authority.139

5.5 DIBP’s financial delegations Schedules provided the following directions to financial delegates:

A person who holds a PGPAAs23(1) — Enter or vary and arrangement delegation, automatically holds a PGPAAs23(1) — Administer arrangement delegation. Commensurate with the scale, scope and risk associated with the arrangement, another official may be made responsible for the day-to-day management of that arrangement (contract manager). By virtue of being responsible for that arrangement, the official may approve and manage that arrangement in accordance with the limits in the terms and conditions of that arrangement. The arrangement administrator must ensure that contract variations or extensions are approved by the relevant PGPAAs23(3) delegate and entered into by a relevant PGPAAs23(1) delegate.

Did financial delegates approve contract payments as required?

An appropriate framework of controls was in place for payments under the contracts and was documented in the department’s Accountable Authority Instructions.a

In terms of providing an opinion on the department’s 2015–16 financial statements, and based on substantive analytical procedures, the ANAO found that in the aggregate, payments in 2015–16 were made for the purposes of the contracts.

In the course of this performance audit, the ANAO also reviewed whether approved payments under the contracts were authorised by an appropriate delegate, as provided for in DIBP’s Accountable Authority Instructions. In respect to $2.3 billion in payments made between September 2012 and April 2016, delegate authorisations were not always secured or recorded: an appropriate delegate provided an authorisation for payments totalling $80 million; $1.1 billion was approved by DIBP officers who did not have the required authorisation; and for the remaining $1.1 billion there was no departmental record of who authorised the payments. There was limited evidence of the finance team confirming with the contract manager (or the service delivery team) that invoiced services were actually obtained and correct, in accordance with the contract, prior to payment. There was no monitoring of goods receipting on location.

While it was contractually required to provide full substantiation for all pass through costs, Transfield did not provide it and DIBP generally did not seek it. In mid-2014, DIBP agreed to a Transfield proposal to provide substantiation for a sample of pass through cost expenditure, but could not provide documentation of the revised arrangement. DIBP advised the ANAO on 14 October 2016, in response to emerging audit findings, that it had requested full substantiation of pass through costs from Transfield from 1 November 2016.

Note a: The Accountable Authority is authorised under the PGPA Act to issue internal instructions relating to the department’s administration.

5.6 In terms of providing an opinion on the department’s 2015–16 financial statements, and based on substantive analytical procedures, the ANAO found that in the aggregate, payments in 2015–16 were made for the purposes of the contracts. In the course of this performance audit, the ANAO also reviewed whether approved payments under the contracts were authorised by an appropriate delegate.

5.7 The department has long had in place a requirement that a delegate must authorise actual payments under an arrangement such as a contract.140 For example, the Secretary’s July 2014 Accountable Authority Instructions141 required a delegate’s involvement in making such payments:

You must ensure that payments under the arrangement (which are part of the administration of the arrangement) are made or authorised by a relevant delegate.142

5.8 In addition, the department has long required that all invoices and associated documentation must be treated as official records and kept on a TRIM file.143

5.9 The ANAO’s review of these departmental compliance requirements indicated that between September 2012 and April 2016, the department approved payments totalling $2.3 billion to service providers144 for the purposes of the contracts (as documented in DIBP’s invoice registers). However, delegate authorisations were not always secured or recorded. Specifically:

  • an appropriate delegate provided authorisation for payments totalling $80 million;
  • $1.1 billion in payments was approved by DIBP officers who did not have the required authorisation; and
  • for the remaining $1.1 billion in payments there was no departmental record of who authorised the payments.

Payment checks and invoice verification

5.10 DIBP’s Finance Guidance 2012 required that payment checks be completed by the goods receipting officer. The checks included that: the expenditure was approved by an appropriate financial delegate; the goods or services were received; and the conditions of the arrangement had been satisfied (this required verification by the contract manager). Unreceipted expenditure had to be agreed by a financial delegate (for example, unsubstantiated pass through costs). For the period 2012 to 2016, there was evidence that the finance team had created processes for receiving and checking invoices. However the processes were not consistently applied.

5.11 At the time of the audit, DIBP did not have in place a documented process for invoice verification for these contracts. Most of the registers reviewed by the ANAO recorded a total cost, but did not provide a means for monitoring expenditure against fee types by also recording amounts for overhead, service delivery, pass through costs145 and other fees when an invoice covered more than one fee type. The lack of available data meant that the department did not have an understanding of costs by fee type. In the May 2016 version of the invoice register for Transfield’s 2014 contract, the invoice register distinguished between fixed fees, pass through costs and additional service requests. This register also retrospectively tracked expenditure against the pass through cost pick list146 for the period July 2014 to June 2015. While this was an improvement, tracking pass through costs could have been more timely.

Invoice and purchase order tracking

5.12 DIBP has used invoice registers to track financial information (including invoices and payments) against the contracts. The information maintained in these registers has varied by contract and over time. The registers were developed to record links to invoices, approvals and other supporting documentation in the department’s record keeping system.147 Over the period of the 2013 and 2014 contracts, Finance staff did not consistently save records to the record keeping system including payment approvals, supporting document and documents demonstrating invoice verification or sample testing.

5.13 Financial information tracking and the maintenance of records for the Transfield contract using the invoice registers improved in mid-to-late 2015. The improved arrangements provided more information to assist in: differentiating between fixed fees, pass through costs and additional service requests; recording total purchase order values; and retrospectively tracking rolling totals for the periods July 2014 to June 2015. However, DIBP was unable to provide assurance regarding total expenditure under the contracts, due to a combination of: lack of monitoring; incomplete documentation; and differences in the information maintained in the invoice registers.

5.14 DIBP’s internal financial reporting has changed over time but generally has not focused on expenditure by contract and against approved purchase orders, fee types or asylum seekers housed on a monthly basis in accordance with the draft contract management plan (2014). Monitoring by the finance team against purchase orders occurred on an ad hoc basis.

Invoices consistent with terms of the contract, including goods received

5.15 Under the 2013 and 2014 contracts there were three main fee types (referred to as service fees148 under both contracts): corporate overhead, service delivery and pass through cost fees. Each fee type is paid on a different basis and frequency. For the 2014 contracts, certain fees were linked to the number of asylum seekers on island, calculated daily.149

5.16 There was very limited evidence of the finance team confirming with the contract manager (or the service delivery team) that invoiced services were actually obtained and correct, in accordance with the contract. For example, there was no monitoring of capacity bands150 or goods receipting on location.

5.17 The department publishes monthly statistics, including numbers in detention in Nauru and on Manus Island, for immigration detention on its website.151 These statistics represent the population of each centre at a point in time each month, rather than a monthly average. The ANAO requested nominal roll information and daily asylum seeker numbers (which form the basis of overhead and service delivery payments for the 2014 contracts) from the department on a number of occasions. In response to the ANAO’s first request DIBP advised that it did not capture daily headcount for the purpose of monitoring the contract or making payments.

5.18 The department also advised that transferee numbers were not provided for weekends and public holidays. The contract requirement is for the roll to be taken twice a day, seven days a week. Service providers advised the ANAO that attendance records were linked to asylum seeker identification cards and collected when scanned at every meal.152

5.19 There was also limited evidence that details in the supporting documentation provided by service providers were checked by DIBP in a timely manner and prior to payment. For example:

  • in the 2013 contract DIBP queried charges that had been included in three consecutive invoices from The Salvation Army, further DIBP paid the queried charges for a fourth invoice period as a result DIBP estimated overpayment of $1.7 million, and was invoiced a further $4.9 million for the queried charges.
  • for G4S, the department’s failure to approve the final price schedule in the contract resulted in overpayments of some $212 637 for service delivery. These amounts were subsequently repaid. In addition, while concluding the G4S contract the department identified that invoices had contained a currency conversion rate which was inconsistent with the contract.
  • for Transfield’s 2014 contract, DIBP’s finance team advised that there was often limited opportunity to undertake payment checks for pass through costs prior to payment and the priority was to pay invoices. Where errors were identified, credit notes would be issued later. The reason for this was the 14 day payment period.

5.20 The department conducted more consistent and timely review of invoices for Save the Children’s 2014 contract. As a result Save the Children issued a number of credit notes in the first few months of the contract. These credit notes reflected errors in invoices as well as withholdings or abatements under the performance framework.

Verifying pass through costs

5.21 The contracts required all service providers to provide full substantiation for any pass through costs claimed by the service provider.153 These claims were generally substantiated by submitting supporting invoices.

5.22 Some of the supporting documentation submitted to DIBP by providers was illegible, and in other cases contained insufficient information such as details of the goods purchased or the supplier. There was limited evidence of DIBP consistently seeking additional or more legible supporting documentation when this occurred.154 In January 2015, DIBP raised concerns with the quality of invoices with Save the Children.

5.23 While it was required to provide full substantiation for all pass through costs, Transfield did not provide it and DIBP generally did not seek it.155 In December 2016 Transfield advised the ANAO that it had provided substantiation of pass through costs in the manner agreed with DIBP, and that full substantiation was provided from 2012 until a revised agreement was reached with DIBP in mid-2014.156 DIBP could not provide documentation of the revised arrangement.157 There was also no evidence of the delegate endorsing the unreceipted expenditure. The department’s Finance Manager confirmed, in November 2015, that DIBP adopted a sampling approach for the pass through costs in the Transfield contract involving a review of all invoices over $10 000 and a five per cent sample of invoices under $10 000. If errors were found in the five per cent sample, DIBP would sample further. The department’s agreement with Transfield to only provide a sample of invoices for pass through costs was at odds with DIBP Finance Guidance. In particular, the June 2012 DIBP Finance Guidance required unreceipted expenditure to be approved by the delegate. DIBP advised the ANAO on 14 October 2016, in response to emerging findings of this audit, that it had requested full substantiation of pass through costs from Transfield from 1 November 2016.

5.24 In practice, each month Transfield provided an excel list of items purchased, aligning this information to the pick list (see paragraphs 5.26 to 5.32 where pick list is explained). This list was not prepared in a manner which reflected the contents of an invoice. The items could reflect one of a number of line items on an invoice, a number of line items on an invoice, all line items on an invoice, or part of a line item on an invoice, or a combination of invoices. As a result, DIBP was unable to substantiate the pass through costs for any given month. In addition, DIBP did not consistently maintain records of the supporting documentation provided by Transfield.158

5.25 DIBP did not always retain the results of sample testing, including details of who performed the test and when, or complete records of any follow-up with Transfield. Records maintained in the shared folders of pass through cost sampling for the 2014 contract included:

  • for nine of 46 billing periods, DIBP did not maintain evidence of its sample testing; and
  • for eight of the 46 billing periods, DIBP maintained some evidence of checking the rolling total of pass through costs against the pick lists, to test whether the three month rolling total was exceeded.

Was value for money demonstrated through the use of a pick list for pass through costs?

DIBP and Transfield established pick listsa for pass through costs. For an item to be placed on the pick list, DIBP guidelines required value for money to be established by obtaining three quotes. The delegate’s approval was also required when expenditure limits for individual items on the list changed. This approach was not implemented in practice. One pick list included pre-approved monthly limits of $4.4 million for Nauru and $5 million for Manus Island for pass through costs. The effect of these limits was that potential expenditures of up to $112 million per year would not be directly assessed for value for money by the department.

Note a: A pick list was a list of pass through costs for particular items which set expenditure limits for a month.

5.26 All pass through costs (or other additional expenditure for the purposes of the contracts) required written departmental approval in advance of the procurement. For example, the 2013 and 2014 Transfield contracts provided that DIBP and Transfield would:

… develop a joint procedure for the management, approval and reporting of all procurement and Pass-Through Costs …

5.27 In June 2013 Transfield wrote to the department proposing significant increases in the pre-approval of expenditure up to a maximum monthly value of $1 882 850, as part of a pick list approach for pass through costs.159 Pre-approval arrangements were intended to ensure that there was no delay in purchasing, but did not remove the need for substantiation of expenditure under the contract. In mid-2015 the department approved a pick list for Save the Children when the contract was nearly over.

5.28 The department was not involved in estimating the costs or reviewing the value for money assessments involved in developing the proposed pre-approved limits for Transfield. The department relied on these calculations and review processes being performed by Transfield. The department’s Acting Contract Administrator approved the June 2013 pick list. In correspondence with Transfield, the Acting Contract Administrator advised that: while the pick list was approved, the department expected that Transfield would continually review suppliers to ensure value for money; and that the list not be viewed as a spending ceiling to be reached each month.

5.29 In August 2013 the Contract Administrator approved Guideline 56—Procurement—General Supplies and Assets which included a section on the identification of ongoing operational expenses and pass through costs. As part of the standard procurement process, garrison service providers could identify operational expenses that they considered would be ongoing and submit a request to the department to add these items to an approved pick list. As part of this process there was a requirement to conduct a value for money assessment which involved obtaining three quotes. Once an item was added to the list, the service provider had pre-approval to purchase the item without the need for further departmental approvals or value for money assessments.

5.30 For Transfield’s 2014 contract, the OPC Guidelines of July 2014 reiterated the contract requirement that DIBP and Transfield develop a joint procedure and pick list. A copy of the 2014 joint procedure and pick list was not maintained in DIBP’s records management system. DIBP’s Finance Director provided a copy of the pick list to the ANAO in June 2015. The list included pre-approved monthly limits of $4.4 million for Nauru and $5 million for Manus Island pass through costs. The limits meant that potential expenditures of up to $9.4 million per month or $112 million per year had not been directly assessed for value for money by the department.160 DIBP could not provide the ANAO with the agreed pass through cost procedure and the delegate’s approval of the 2014 pick list and procedure.

5.31 Transfield revised the pick list in March 2015. It proposed a reduction in some pre-approved limits and an increase in other pre-approved limits, resulting in an overall decrease of $900 000 per month across the two islands. The combined pre-approval limit was up to $8.5 million per month. Transfield provided a further review of the pick list in July 2015.

5.32 As discussed, DIBP advised the ANAO on 14 October 2016, in response to emerging findings of this audit, that it had requested full substantiation of pass through costs from Transfield from 1 November 2016. In particular, the department advised that it would require 100 per cent documentation from Transfield despite the pick-list and would maintain these records in its electronic records management system (TRIM).

Have additional service requests represented value for money?

When entering into additional service requests, DIBP was entering into additional commitments for the expenditure of public money. DIBP agreed to additional service requests for Transfield’s 2014 contract to a value of $105 million. Service providers were expected to demonstrate value for money for additional service requests by providing three quotes to the department, but this did not always occur.

5.33 The 2014 contract between DIBP and Transfield provided for additional service requests (Statement of Work, Schedule 2, Section 7) and required:

… No additional fees will apply to additional or out-of-scope services unless approved by the Department prior to commencement of the particular services.

… Additional fees may include reimbursement for pass through costs such as materials, consumables, equipment and any specialist subcontractors, which will be invoiced at cost plus 15 per cent mark-up …

5.34 The department’s July 2014 Guideline 56—Procurement—General Supplies and Assets outlined requirements for procurement processes including additional service requests. The guidelines stated that the fundamental tenet of government procurement is value for money. In support of the guideline DIBP developed forms for proposing expenditure that needed to be approved by the department, which included value for money requirements. DIBP required service providers to submit a completed Proposal for Expenditure form in support of each additional service request.161

5.35 In the course of the 2013 and 2014 contracts a number of additional services were identified for delivery. Some of these additional services (at least three) were agreed through contract variations (reflected in Figure 1.2 and Figure 1.3), while a number involved the department entering into additional service requests. In some cases the additional services request was proposed by service providers to resolve outstanding issues which had arisen in the contract and were not agreed by the department. In other cases DIBP anticipated addressing the requests in a variation, but they could not be agreed due to timing.

5.36 The department also approved, as additional service requests, services already paid for and delivered under the contract. For example, on 1 August 2014 Transfield wrote to the department proposing expenditure to cover expatriate cleaners162 at a cost of $253 000 for four weeks (from 26 July to 26 August 2014).163 On 1 October 2014, the contract administrator agreed to the ongoing engagement of the five expatriate cleaners (deployed in late July) as well as a further 12 expatriate cleaners (for a minimum of 12 weeks) at a cost of $2.2 million.164 The value for money description was that Transfield Services had applied its approved rates for the labour proposed. In January 2015, a further $2.5 million was approved by the Contract Administrator for three months (17 December 2014 to 17 March 2015), for the 17 expatriate cleaners. At this time, the Contract Administrator advised Transfield:

If the issue remains unable to be resolved within the approved extension period, the department will not consider further extension without an offset offered against the fees already paid under the Service Delivery Fee.

5.37 In response to emerging audit findings the department provided additional information demonstrating that while the additional service request for cleaning had lapsed at the end of February 2016, Transfield advised the department that it would continue to provide services until the department advised they were no longer required. In response DIBP advised Transfield on 6 October 2016 that it endorsed an extension from March to October 2016. At this time, DIBP also requested that Transfield provide a business case for the services, the terms of the services and review offsets included in invoices since April 2016 due to errors identified.

5.38 In preparing the 2015–16 budget the department estimated that it had incurred additional service requests to the value of $24 million on Manus Island for the nine months from April to December 2014, and $5.5 million in Nauru over the seven months from June 2014 to February 2015. In each case, new contracts were entered into, or additional service requests were put in place. There is no available documentation to demonstrate that in entering into the additional service requests, DIBP considered: if the new or revised arrangement would provide value for money; if alternate suppliers were available in the market; or whether the request was already within the scope of the service provider’s contract. In addition:

  • the total value of additional services requests could not be determined;165 and
  • the department could not provide documentation to demonstrate that in approving additional service requests, it had sought quotes from alternative suppliers166 to enable the determination of value for money.

Were contract extensions and variations consistent with contractual and other requirements?

Contract extensions were not always consistent with contractual requirements. On seven occasions DIBP did not provide sufficient notice of its intention to extend and had to waive or vary clauses when seeking an extension. In addition, one agreement was signed after it had expired, and two agreements were signed after services commenced.

  • Save the Children’s 2013 contract was varied to increase the number of extensions that could be agreed, resulting in four extensions. These short extensions, of between one to three months, resulted in additional administration for DIBP and the contractor, and increased uncertainty for the contractor. This approach also introduced risk for the Commonwealth. Had Save the Children refused an extension, DIBP would have had little time to put in place alternative service delivery arrangements.
  • DIBP’s Contract Management Manual provided that contract variations be justified on value for money grounds. A variation to Transfield’s 2014 contract, with a combined whole-of-life value of $1 billion, was made in 2016 without documented consideration of value for money.

5.39 The DIBP Contract Management Manual (Version 1.3, July 2014) states that:

… processes for variations, extensions, and novations, are usually dictated by the terms of the contract and justified on ‘value for money’ grounds.

Provisions to allow and regulate contract variations should be a standard feature of all DIBP contracts. The ability to vary the contract should be directed or controlled by DIBP and should only occur in defined circumstances.

Contract extensions

5.40 There were 13 extensions to the garrison support and welfare services Heads of Agreement, and the 2013 and 2014 contracts.167 Contract extensions for The Salvation Army and G4S 2013 contracts were undertaken in compliance with contract provisions. The Salvation Army declined a further offer of extension, but termination clauses meant that the period of the contract extended beyond the initial term of the contract (which was due to expire on 31 January 2014). The contract expired 21 days later, on 21 February 2014. Other extensions were not undertaken in accordance with the original contract requirements, for example:

  • three of the four extensions for one contract exceeded the maximum duration for the contract—in total Transfield’s 2014 contract was extended for 24 months, when the maximum period for extensions specified in the initial contract was six months;
  • in respect to three contracts, DIBP had to ask the contractors to waive or vary the extension notice period when the department did not provide sufficient notice.

5.41 Save the Children’s 2013 contract was varied to increase the number of extensions that could be agreed. The four short extensions which ensued (of between one to three months), resulted in additional administration for DIBP and the contractor, and increased uncertainty for the contractor, for no apparent benefit. This approach also introduced risk for the Commonwealth, should the provider decide not to continue. In the event that Save the Children refused an extension, DIBP would have had little time to put in place alternative service delivery arrangements.

Contract variations

5.42 As noted above, DIBP’s Contract Management Manual stated that the processes for variations, extensions, and novations, are usually dictated by the terms of the contract and justified on value for money grounds.

5.43 A variation for Transfield’s 2014 contract, with a whole-of-life cost of $1 billion, was approved without a demonstrated value for money assessment. More specifically:

  • variation 3 (dated 1 March 2016) extended services to 28 February 2017 with options to further extend through to 31 October 2017;
    • the variation to extend services to February 2016 had a cost of $689 million;
    • the costs associated with the options to extend to October 2017, were not estimated; and
  • value for money was not demonstrated.168 The delegate was advised that savings had been obtained through negotiating the variation. The details of these savings were not specified.

5.44 The delegate exercised the options to extend services under the Transfield contract to 31 October 2017, on 22 July 2016. The delegate approved $340 million verbally on 20 July 2016 and Transfield was notified in writing on 22 July 2016. Written approval for the options (with a total cost of $340 million) was provided on 29 July 2016.

Recommendation No.3

5.45 The Department of Immigration and Border Protection take immediate steps to:

  1. strengthen the control framework for the garrison and welfare services contracts, by:
    • complying with the Secretary’s Accountable Authority Instructions relating to the authorisation by a delegate of all payments made under the contracts;
    • confirming goods or services are received prior to payment; and
    • retaining relevant documentation; and
  2. strengthen its application of the Commonwealth procurement framework by assessing all contract variations for value for money.

Entity response: Agreed.

5.46 In response to (a), the Department complies with the Secretary’s Accountable Authority Instructions in relation to appropriate delegate authorisation for payments. As part of the Broadspectrum Garrison and Welfare Services Contract Management Plan, all goods and services are confirmed received prior to payment. All delegate considerations, are now appropriately recorded and retained in the Department’s records management system.

5.47 In response to (b) and (c)a, the Department currently states these requirements clearly in its Accountable Authority Instructions and will review its internal processes to ensure they give effect to the implementation of this requirement.

Note a: ANAO comment: Following consideration of additional advice provided by the department, part c of the recommendation has not been included in the report (see footnote 16).

Appendices

Appendix 1 Entity responses

Department of Immigration and Border Protection

ANAO comments
Authorisation of payments

Paragraph 5.6 of this audit report states that in the aggregate, payments in 2015–16 were made for the purposes of the contracts.

Paragraphs 5.7 to 5.9 of this audit report address compliance with DIBP’s internal requirements that a delegate of the Secretary authorise actual payments made under the contracts. Delegate authorisations were not always secured or recorded.

Contract variations and available funds

Following consideration of additional advice provided by the department, comment regarding funding availability has not been included in the audit report.

Developing the contracts

The audit report does not state that the delay in signing the 2013 contracts represented loose contract management. Paragraph 9 and page 30 of the report observe that while the department took between 20 to 43 weeks (depending on the contract) to enter into the final 2013 contracts, there remained significant shortcomings in the contractual framework. Many of the shortcomings persisted in the 2014 contracts, indicating that the 2014 contract consolidation process was not informed by lessons learned from the department’s management and operation of the 2013 contracts.

Mould remediation

Case study 1 of this audit report includes the department’s advice on steps taken to date to remediate mould in Nauru in asylum seeker compounds for single adult males, families and single adult females.

Broadspectrum

Broadspectrum response

Broadspectrum response

Broadspectrum response

Broadspectrum response

Broadspectrum response

Broadspectrum response

Broadspectrum response

Broadspectrum response

ANAO comments

Some paragraph and footnote numbers have changed in finalising the report. Unless otherwise stated there is no change to the referenced paragraph and footnote numbers. Paragraph 2.46 is now paragraph 2.47, footnote 80 is now footnote 92, paragraph 5.24 is now paragraph 5.23, paragraph 5.25 is now paragraph 5.24, paragraph 5.28 is now paragraph 5.27, paragraph 5.29 is now paragraph 5.28, and paragraph 5.35 is now paragraph 5.36.

Management plans

This audit focuses on the department’s contract management. Paragraphs 2.29 to 2.37 of the audit address DIBP’s review and approval of management plans to be delivered under the contracts, including actions taken by the department to collect those plans. The audit observes that it is not evident that the department established a framework to monitor the timely settlement of management plans, and there were also shortcomings in DIBP’s record keeping in this respect.

Substantiation of pass-through costs

Paragraphs 5.21 to 5.23 of this audit report address processes for substantiating pass through costs. The Transfield contracts required full substantiation for all pass through costs. DIBP did not maintain a record of arrangements which effectively varied this requirement. Transfield provided the ANAO with an email (dated 24 June 2014) from DIBP’s Contract Finance Manager indicating departmental agreement to a revised arrangement.

On 19 December 2016, Broadspectrum (Australia) Pty Ltd, advised the ANAO that item 6 (a) of its response should refer to mid-2014, not mid-2015.

The Salvation Army

The Salvation Army response

The Salvation Army response

The Salvation Army response

The Salvation Army response

The Salvation Army response

ANAO comments

Some paragraph and footnote numbers have changed in finalising the report. Unless otherwise stated there is no change to the referenced paragraph and footnote numbers. Paragraph 5.20 is now paragraph 5.19.

Wilson Security

Wilson Security response

Wilson Security response

Wilson Security response

Wilson Security response

ANAO comments

Some paragraph and footnote numbers have changed in finalising the report. Unless otherwise stated there is no change to the referenced paragraph and footnote numbers. Footnote 80 is now footnote 92. The issues raised in paragraph 3.32 are now addressed in paragraph 3.33.

Appendix 2 Case Study—Incident management performance measures

The following case provides an overview of the performance measurement arrangements across the 2013 and 2014 contracts for incident management. It includes requirements from the incident reporting guidelines. The case study provides an observation regarding the focus and coverage of the measures with respect to the contract responsibilities.

Case study 2. Incident reporting and management performance measures

Measures—Timeliness

In 2013, G4S’s contract responsibility was to provide timely and accurate information and reflect all incidents to best enable service provider staff to make decisions and instigate further action. The performance measure required incident reporting within required timeframes for: critical (within 30 minutes), major (within 1 hour) and minor (within 24 hours for 90 per cent of incidents) incidents—Measure 2.4.

In 2014, Transfield had three incident reporting measures:

  • 100 per cent of critical and major incidents are reported within the timeframes of the guidelines—Measures 2.5 and 2.6; and
  • 90 per cent of minor incidents are reported within the timeframes of the guidelines—Measure 2.7.
  • In 2014, Transfield also had an incident management measure relating to closing critical post incident reviews and action items within required timeframes—Measure 2.4

In 2014, Save the Children needed to accurately report incidents within required timeframes—100 per cent of the time for critical and major incidents and 90 per cent of the time for minor incidents.

Guidelines 6 to 10—Incident Management—Debriefing, Incident Management, Post Incident Review, Preservation of Evidence and Reporting

The Incident Management guidelines that have performance measures are the Guidelines 8 and 10—Post Incident Review and Reporting; the other three incident guidelines are not subject to performance measurement.

Timeframes for Reporting Incidents to the Department

Category

Verbal Report

Written Report

Critical

Immediate up to 30 minutes

Within 3 hours

Major

As soon as possible – no later than 1 hour

Within 6 hours or by the end of the shift

Minor

Not required

Within 24 hours

     

When reporting an incident, a check will be made to ensure that the report contains, as a minimum, details of:

  • the incident;
  • the background of, and sequence of events leading to the incident;
  • participants in, and witnesses to the incident;
  • the resolution of the incident; and
  • any follow up action that has been undertaken following the incident.

All appropriate incidents must be reported to the Police. Details of police action/attendance must be included in the incident report.

A written report must be provided following the post incident debrief, in accordance with contract requirements and instruction in the Guideline 6—Incident Management—Debriefing.

After a critical or major incident has been resolved, all service providers’ Facility Managers will conduct a joint post-incident review within 7 days and provide a written report that focuses on providing actionable information to DIBP Programme Coordinator [Operations Team Lead] within one week of the resolution of the incident. This report should include quality, actionable findings and, where relevant, suggested changes to the relevant guidelines to prevent further occurrences of similar incidences. The Post incident Review must be tabled at the Weekly Departmental Review and recommendations arising from the Post Incident Review must be implemented within the timeframe agreed at the Weekly Departmental Review.

Observation

Only two of five incident management guidelines have performance measures.

Appendix 3 Case Study—Individual management plan performance measures

The following case provides an overview of the performance measurement arrangements across the 2013 and 2014 contracts for individual management plans. It includes requirements from the individual management plans guidelines. The case study provides an observation regarding the focus and coverage of the measures with respect to the contract responsibilities.

Case study 3. Individual management plan performance measures

Measure 1Timeliness of creation and review

In 2013, The Salvation Army needed to (80 per cent of the time) create these plans within the guideline’s required timeframes and review the plans fortnightly—Measure 1.5 and 1.8.

In 2014, Transfield and Save the Children needed to create and review these plans within the guideline’s required timeframes (80 per cent of the time)—where the guidelines needed to change to reflect one review per month—Measure 1.1.

Measure 2Quality

  • In 2014, Transfield and Save the Children needed the quality of individual management plans to be in line with the guideline—Measure 1.2. To measure this:
  • the Transfield performance framework calculated the actual number of reviews of individual management plans by a senior manager from the service provider divided by the same number; and in comparison,
  • the Save the Children performance framework noted that an audit tool needed to be agreed, until its development the measure will be the number of internal audits of individual management plans conducted by the service provider divided by the number of transferees.

Guideline 37—Transferee—Individual Management Plans

The Individual Management Plan guideline recognises that the objective of the individual management plan review process is to ensure the assessed needs and risks presented by each transferee are addressed in a timely and comprehensive manner and to ensure that the quality of IMPs are consistently high. Review is to occur fortnightly, with:

  • the first review involving the welfare service provider officer and the transferee;
  • the second review is to involve a multi-disciplinary committee with the department, health service manager and relevant service provider staff, and chaired by the responsible welfare service provider senior manager. The committee will review those plans which have been identified as vulnerable, needing input from service providers, or change in management strategies; and
  • additional reviews which can be triggered by an event that relates to the transferee’s pathway, health or security.

The guideline also refers to an audit program where the welfare service provider will establish an audit program which will include the auditing of plans to ensure contractual compliance. DIBP Directors will conduct checks of plans to complement the audit program. All plan documentation is to be provided to the DIBP Director on request.

In addition the guideline lists a range of other requirements including the required contents and documentation standards for individual management plans.

Observation

For the 2014 contracts with Transfield and Save the Children, Measure 1 required a change to the guidelines that did not occur, thus the measure was inconsistent with the guidelines it was seeking to implement.

Appendix 4 Case Study—Complaints management performance measures

The following case provides an overview of the performance measurement arrangements across the 2013 and 2014 contracts for incident complaints management. It includes requirements from the complaints management guideline. The case study provides an observation regarding the focus and coverage of the measures with respect to the contract responsibilities.

Case study 4. Complaints management performance measures

In the 2013 and 2014 contracts there are one or two performance measures focusing on complaints and that require some degree of compliance with a guideline.

MeasureTimeliness

In 2013, The Salvation Army needed to collate all complaints on a daily basis, acknowledge all complaints within 24 hours, and respond to or update all complaints within 3 days—Measure 2.8.

In 2013, G4S needed to record, investigate and resolve issues within agreed timeframes (no reference is made to the complaints guideline)—Measure 1.3.

In 2014, Transfield had two measures, one to refer all and another to respond to 70 per cent of complaints within required timeframes. This measure requires a change to required timeframes in guidelines and to take account of the time taken to receive translations—Measures 1.3 and 1.4.

In 2014, Save the Children needed to close 80 per cent of complaints within the required timeframes.

Guideline 34Transferee—Complaints Management

Each centre will have a complaint box in which to place any confidential complaints. The guideline includes a number of timeframes for collating, acknowledging and responding to complaints.

The guideline notes that the complaints management procedure will be:

  • instrumental in fostering good staff/transferee communications by reducing tensions and reassuring transferees that their welfare is of high priority.
  • a contributory factor in highlighting and improving the centre’s operation. It is important therefore, that the confidentiality and integrity of the complaints management procedure is upheld at all times.

All responses to a transferee must sufficiently address their concerns and must provide clear reasons for the decision. In addition it is extremely important that the transferee’s complaint remains confidential and is treated with integrity and professionalism. Not to do so discredits the complaints procedure and undermines its purpose.

The DIBP Director must be notified within 48 hours when a transferee is dissatisfied with the outcome of a complaint or seeks a higher level review.

Where a complaint is not resolved within seven days, or is escalated to an external third party, the complaint is then escalated to the Weekly Departmental Review Meeting for monitoring.

Observation

The focus of the complaints measure is to be timely in collating, referring, and responding to complaints. The purpose of the complaints system is to reduce tensions and reassure transferees that their welfare is of a high priority. The timeliness measures do not consider whether (in accordance with the guidelines):

  • there is appropriate access to complaints;
  • responses are adequate, that is the response provided to the transferee sufficiently addresses the concerns of transferees and provide reasons for the decision or the number of transferees that expressed dissatisfaction with the response;
  • there has been appropriate monitoring of complaints that have not been resolved; or
  • if complaints have not been adequately addressed because there are recurring complaints of the same nature or issue.

In addition, for Transfield’s 2014 performance measures the guidelines needed to be updated; no update was completed (see paragraph 2.26).

Footnotes

1 Offshore processing centres are also referred to as regional processing centres.

2 To give effect to the arrangements legislation was required to provide for the processing of arrivals in locations outside Australia.

3 On Manus Island asylum seekers are referred to as transferees.

4 Department of Immigration and Citizenship, Department of Immigration and Citizenship Annual Report 2012–2013 p. 9. [Internet], available from <https://www.border.gov.au/ReportsandPublications/ Documents/annual-reports/2012-13-diac-annual-report.pdf> [accessed June 2016].

5 The department was known as the Department of Immigration and Citizenship when the centres were established.

6 Transfield Services Group was rebranded on 30 October 2015 and Transfield Services (Australia) Pty Ltd’s name changed to Broadspectrum (Australia) Pty Ltd on 30 November 2015. For consistency, the ANAO will use the name Transfield throughout this report for Broadspectrum (Australia) Pty Ltd. On 27 June 2016, it was announced that a Spanish company Ferrovial had completed its acquisition of Transfield. [Internet], available from <http://www.broadspectrum.com/news/completion-of-compulsory-acquisition> [accessed December 2016].

7 Transfield also provides limited services to refugees within the community in Nauru and in the settlement centre on Manus Island.

8 The circumstances under which the offshore processing centres were established are described in Chapter 2 of ANAO Report No.16 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Procurement of Garrison Support and Welfare Services.

9 In terms of providing an opinion on the department’s 2015–16 financial statements, and based on substantive analytical procedures, the ANAO found that in the aggregate, payments in 2015–16 were made for the purposes of the contracts. In the course of this performance audit, the ANAO also reviewed whether approved payments under the contracts were authorised by an appropriate delegate. Paragraph 12 of this audit report relates to compliance with this internal DIBP requirement.

10 DIBP did not provide the ANAO with these plans or the department’s approvals.

11 The Moss Review was a review initiated by the Secretary of DIBP into allegations relating to conditions and circumstances at the offshore processing centre in Nauru. [Internet], available from <https://www.border.gov.au/ReportsandPublications/Documents/reviews-and-inquiries/review-conditions-circumstances-nauru.pdf> [accessed December 2016].

12 The audits occurred in December 2014 and in February and March 2015. No audit was planned for January 2015.

13 The contract management plan signed on 13 October 2016 requires the development of an annual audit program. At the time the ANAO was finalising this performance audit, DIBP had not developed an annual audit program.

14 The Accountable Authority of a Commonwealth Department of State is the Secretary. The Accountable Authority is authorised under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) to issue internal instructions relating to the department’s administration.

15 A pick list was a list of pass through costs for particular items which set expenditure limits for a month.

16 ANAO comment: Following consideration of additional advice provided by the department, comment regarding funding availability has not been included in the audit report.

18 Joint press conference with Prime Minister Julia Gillard: 28 June 2012: Asylum seeker legislation, Expert advisory panel [Internet], available from <http://parlinfo.aph.gov.au/parlInfo/search/display/ display.w3p;query=Id%3A%22media%2Fpressrel%2F2048153%22> [accessed June 2016].

19 Offshore processing centres are also referred to as regional processing centres.

20 To give effect to the arrangements legislation was required to provide for the processing of arrivals in locations outside Australia.

21 On Manus Island asylum seekers are referred to as transferees.

22 Department of Immigration and Citizenship, Department of Immigration and Citizenship Annual Report 2012–2013, p. 9. [Internet], available from <https://www.border.gov.au/ReportsandPublications/Documents /annual-reports/2012-13-diac-annual-report.pdf> [accessed December 2016].

23 DIBP will be used in this report for consistency. DIBP was previously known as the Department of Immigration and Citizenship.

24 Transfield Services Group was rebranded on 30 October 2015 and Transfield Services (Australia) Pty Ltd’s name changed to Broadspectrum (Australia) Pty Ltd on 30 November 2015. For consistency, the ANAO will use the name Transfield throughout this report for Broadspectrum (Australia) Pty Ltd.

25 ANAO Performance Audit Report No.16 of 2016–17 was tabled on 13 September 2016 and reviewed DIBP’s procurement of garrison support and welfare services for offshore processing centres in Nauru and PNG. [Internet], available from <https://www.anao.gov.au/work/performance-audit/offshore-processing-centres-nauru-and-papua-new-guinea-procurement> [accessed December 2016].

26 The extension followed DIBP’s cancellation of an open tender process, as discussed in the ANAO’s earlier audit.

27Commonwealth Procurement Rules: Achieving value for money, July 2014, p. 8. The CPRs are revised from time to time. The CPRs that apply to this audit are the version of July 2012 and the current CPRs issued in July 2014.

28 ibid, p. 13.

29 ibid, p. 3. As noted, procurement includes contracting and contract management (CPRs, paragraph 2.7, p. 8).

30 The PGPA Act came into effect from 1 July 2014. Prior to this the use of public resources by Australian Government departments was governed by the Financial Management and Accountability Act 1997, the Financial Management and Accountability Regulations 1997 and supporting policies.

31 Proper use means efficient, effective, economical and ethical use of public resources. Section 15 of the PGPA Act establishes a duty to promote proper use.

32 Prior to the introduction of the PGPA Act internal requirements equivalent to Accountable Authority Instructions (AAIs) were known as Chief Executive Instructions. The Accountable Authority of a department of state is the Secretary.

33 The responsibilities of such units may include: strategic procurement planning; oversight or management of procurement processes; provision of procurement and contract management advice and support; development and maintenance of procurement and contract management policy and guidance; provision of procurement and contract management training; monitoring of entity procurement activity; and management of contract data and reporting.

34 DIBP did not provide a copy of the 2012 Contract Manual.

35 Audit Report No.54 2003–04 Performance Audit Management of the Detention Centre Contracts—Part A; Audit Report No.1 2005–06 Management of the Detention Centre Contracts—Part B; Audit Report No.32 2005–06 Management of the Tender Process for the Detention Services Contract; Audit Report No.21 2012–13 Individual Management Services Provided to People in Immigration; ANAO Report No.13 2016–17 Delivery of Health Services in Onshore Immigration Detention; and ANAO Report No.16 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Procurement of Garrison Support and Welfare Services.

36 See paragraphs 7 and 1.19 of the previous audit.

37 DIBP’s email records show that a contract management manual was available in January 2012. A copy of this manual was not available to the ANAO.

38 The department also refers to the statement of work as the statement of deliverables or requirements. For the purposes of this audit it will be referred to as the statement of work.

39 In the absence of a contract, providers operated under a letter of intent or heads of agreement. In the case of G4S these arrangements were in place for four months after the commencement of operations, for Transfield and The Salvation Army for almost five months, and for Save the Children for over nine and a half months. Each of the contracts established had durations of twelve months or less and all initially expired in January 2014, except for G4S’ and Save the Children’s contracts.

40 The department’s processes for procuring garrison support and welfare services for offshore processing centres in Nauru and PNG were reviewed by the ANAO in a companion performance audit report tabled in September 2016. See paragraph 1.18.

41 See paragraph 1.18.

42 ANAO comment: RPCs are Regional Processing Centres.

43 ANAO Audit Report No.1 2005–06 Management of the Detention Centre Contracts—Part B identified lessons learned in the department’s contract administration, including that: the relevant contract did not establish clear expectations for the level and quality of services to be delivered, the mechanisms to protect the Commonwealth interests were not clear, and there was insufficient information about the quality of services to be delivered and their cost. In response to the audit the department advised that it had taken steps to improve clarity around the performance expectations and services to be delivered under the contract. The department’s records indicate that it was not until June 2012 that the department commenced developing a set of detention standards.

44 A final copy of detention standards was not available to the ANAO in October 2016.

45 Examples of this included DIBP Service Delivery managers querying whether the contractors had standards for cleaning different areas (see paragraph 2.32), and the extent to which contract requirements for cleaning extended to cleaning mould from the ceiling and walls of marquees used for accommodation. While there is no specific requirement in the contract to clean mould, unapproved cleaning plans developed under the contract identified the need to clean mould in shower blocks, air vents, air conditioner vents, exhaust fans and ceiling fans.

46 The contract commencement date for Transfield and The Salvation Army was 1 February 2013 and 10 October 2012 for G4S. These contracts were executed in February 2013.

47 Advice from the department’s Detention Policy area queried the appropriateness of referring to ‘policy’, as the centres were operating outside of Australia. This resulted in a name change from PPMs to guidelines.

48 Some guidelines were high-level and dealt with the broad approach to apply in the centres, while other guidelines were specific and procedural in nature and articulated expectations for aspects of contract deliverables.

49 Two of the guidelines related specifically to operations in Nauru. These were ‘Guideline 53—Service Provider—Child Safeguarding Protocol and Code of Conduct’ and ‘Guideline 58—Nauru Visitor’. There were no visitor guidelines for Manus Island.

50 Guidelines to be developed were:

  • three Health Services guidelines related to Medication Management;
  • Transferee – PSP – SAFE Keeper Offshore;
  • six Security guidelines including Transport and Escort – Escort Checklist, Visitor Management Procedure, Safety and Security Management Plan, Screening and Searching, Transport and Escort, and Use of Force;
  • one guideline on Incident Management – Death at a Centre; and
  • three Procurement guidelines for General Supplies and Assets, Petty Cash and Value for Money.

51Nauru Review 2013, Executive Report of the Review into the 19 July 2013 Incident at The Nauru Regional Processing Centre, 8 November 2013.

52 The review concluded (page 10) that:

The speed involved to get the Nauru RPC operational within a short period of time compromised the proper assessment and planning required for the safety and security of the facility …

… The criticism in this review of the approach around infrastructure and operational protocols should not be read in terms of failings by individual officers. It also needs to be considered in the context of a complex and rapidly developing policy challenge requiring an urgent operational response …

53 Intelligence gathering arrangements are addressed in a number of guidelines including Guideline 22—Service Provider—Interactions with Transferees; and Guideline 27— Service Provider—Staff Relationships with Transferees. These guidelines were reviewed and updated in early 2015.

54 Guidelines which affect communications with asylum seekers include Guideline 22—Service Provider—Interactions with Transferees, Guideline 27—Service Provider—Staff Relationships with Transferees, and Guideline 39—Transferee—Reception, Induction, Accommodation, Transfer and Discharge. Guidelines 22 and 27 were reviewed and updated in early 2015.

55 On 18 September 2013 the Operation Sovereign Borders Joint Agency Task Force commenced as a military-led, border security operation to ensure a whole-of-government effort to combat maritime people smuggling. The department’s primary contribution to this has been as the head of the Offshore Detention and Returns Task Group. The Joint Agency Taskforce conducted security risk reviews of both the Manus Island and Nauru offshore processing centres in late 2013.

56 As discussed in the ANAO’s companion audit, the risk assessment conducted on Manus Island was identified by DIBP as the reason for removing The Salvation Army and G4S from service delivery.

57 Through the 2014 contract the department chose to adopt a due date for the review of guidelines of 24 March 2015. Adoption of this date meant that most guidelines would not have been reviewed for a period of 21 months. When they were issued the Contract Administrator indicated that they should be reviewed every 12 months.

58 Transfield advised the ANAO in December 2016 that full submission of revised guidelines by Transfield to DIBP occurred in August 2014, including incorporating DIBP’s feedback.

59 The two guidelines related to complaints management and individual management plans.

60 This guideline, which was for implementing action items arising from reviews, was not developed.

61 G4S did so as early as November 2012.

62 In response, G4S noted that seven of these documents had been provided. It provided further copies of the documents previously supplied and three new documents. G4S confirmed that one document was outstanding.

63 Detail included service levels or standards to be achieved.

64 Included in this list were: Records Management System (for transferee records), Procedures for Managed Accommodation, Procedures for the Equitable Use of the Gym, Cleaning and Laundry Services Plan, Clothing and Toiletries Plan, Food and Beverage Satisfaction Questionnaire, Display Signage, and a Nutrition Report. The list also separated the Programmes and Activities Plan from the Education, Religious, Recreation, Sporting and Excursion Plans.

65 Plans were approved on the following dates: on 12 December 2014—Work Health and Safety (Nauru and Manus Island); 17 February 2015—Behaviour Management Strategy (Nauru and Manus Island); 6 March 2015—Maintenance Management Plans (Nauru and Manus Island); and 15 March 2015—Emergency Management Plan (Manus Island only).

66 The contract was extended in October 2015.

67 The Contract Authority was specified in the contract as the First Assistant Secretary Detention Services. The occupant of this position was also the delegate who entered into the contracts. There was one Contract Authority position for the garrison support and welfare services contracts. Over time the individual officer appointed to this position has changed at least ten times.

68 The Contract Administrator was specified in the contract as the Assistant Secretary Detention Services Branch. This is a delegated ‘appointed administrator’ (also referred to as contract managers, see DIBP contract management manual paragraph 2.38) who has day-to-day responsibility for the management of the contract. There was one Contract Administrator position for garrison support and welfare services contracts. Over time the individual officer appointed to this position has changed at least twelve times.

69 For a three to six month period from July 2015 two contract managers were appointed—one for Nauru and one for Manus Island garrison support and welfare services. For the remainder of the offshore garrison support and welfare services contracts there was a single contract manager position.

70 These staff were a Service Delivery Manager and one or two support staff members for each centre.

71 The Programme Management Office was established in September 2013 to implement the Offshore Processing Programme.

72 Transfield advised the ANAO that it met with DIBP quarterly during this time and provided some supporting documentation for these meetings. The Salvation Army advised that it met twice with the department during this time.

73 The Salvation Army also advised that a third joint service provider meeting occurred during this period. DIBP holds no records of these meetings.

74 The system of joint meetings was proposed following findings in the Moss Review: (see paragraph 5.19, page 75).

The Department needs to provide effective coordination and adopt a lead role in ensuring that contract service providers work effectively together. This role needs to be played not only at the Centre in Nauru, but also at the head office level. The Review notes the Department’s intention to hold joint service provider governance meetings with its offshore contract service providers. This initiative would replicate well established arrangements in place with its onshore contract service providers.

75 Transfield advised the ANAO that three joint service provider meetings were held in 2016, with a fourth meeting planned for December 2016.

76 Internal audit, 8 August 2014, p. 2.

77 While the Contract Administrator signed and noted his approval for the management plan, the Contract Authority signed but did not note his approval for the plan.

78 The CMO reported on reviews conducted in Manus Island in December 2013 and July 2015; and in Nauru in May 2014 and January 2015. A copy of the May 2014 review was not available to the ANAO.

79 The CMO observed in January 2015 that:

… Mould build up continues to be a significant issue and current strategies are not enough. TSL [Transfield] need to put in a more robust and comprehensive programme to address this. They also need to share the mould review they have undertaken with DIBP … There is also still the issue of mould in many of the tents and while TSL have a programme to manage this, it does not appear adequate with many areas still having significant mould build up. This is a health risk and needs a much more concerted effort. TSL have had someone review it and in fact have a report finalised but they were unwilling to share this with myself or DIBP at this visit. Further details of the recommendations entailed in this report would be beneficial to review …

80 Contract management risks include privacy, security and record keeping, key outputs are not identified and/or cannot be measured, performance targets and outputs are not aligned with fee payment, appropriate data collection and analysis systems for collection and review of performance information are inadequate, or the contract manager has a skills/knowledge gap.

81 The Offshore Processing Centre contracts form part of Operation Sovereign Borders.

82 By way of example, the ANAO observed that: correspondence for one provider was filed in the correspondence file of another provider; available correspondence relating to the 2013 Transfield contract was extremely limited; a number of files in the record keeping system were empty; many files held duplicate records (for example, of Individual Service Provider reports); some files contained inaccessible records, as the email archive stub had been filed rather than the restored email; there were incomplete or no records of key contract management activities or deliverables; loose paper copies were kept of approvals by the Contract Administrator; there was an absence of internal management reporting; and many records of approvals did not include the attachments supporting the approval (such as the documents being approved).

83 See paragraphs 1.12 and 1.13 of this audit report.

84 Comcover is the Australian Government’s self-managed insurance fund.

85 DIBP held no incidents records for 2012 when the service providers operated under Letters of Intent or Heads of Agreement arrangements.

86 The 2013 and 2014 contracts required garrison service providers to gather and record safety and security information, which includes incident reports, to inform the development of the centre/compound and asylum seeker security risk assessments and maintain the safety and security of the centre/compound.

  • In addition, OPC Guidelines recognised that each service provider had incident reporting responsibilities (Guideline 10—Incident Management—Reporting). These responsibilities included:
  • the internal reporting of the incident within each service provider; and
  • the prescribed external reporting of the incident to the department. When an incident occurs, the witnessing service provider staff member (first on scene) will report it immediately to the Control Room or designated area within the facility by sounding a duress alarm, by radio or by telephone.

87 The Planning and Operational Management System.

88 Transfield’s subcontractor, Wilson Security held 5081 records of incidents relating to the 2013 and 2014 contracts, Wilson’s incident records did not always align with Transfield’s records.

89 The Department’s Child Protection Panel expressed concerns about the department’s records in relation to incidents involving children in the detention network, including children in regional processing centres. The Panel noted that: the department cannot have full confidence in the data that identify the number and type of incidents relating to child abuse in held detention, community detention or at an RPC [Regional processing centre]. Specific issues with incident records included concerns regarding the accuracy of incident categorisation including the department and service providers using different classification systems, inadequate details in incident reports (of the event and behaviours) and overstating the number of incidents (through reclassification of an incident leading to duplicate records).

90 Post incident reviews are required to be completed and documented within a week of critical and major incidents. Post incident reviews assist in establishing whether incidents are avoidable, under the performance management framework avoidable incidents are subject to immediate abatement.

91 The Department’s Guideline 19—Service Provider—Digital Audio-Visual Records limits the circumstances in which a service provider may make (and keep) a digital record using a camcorder or other recording device during work in the centre.

92 This requirement is set out in Guideline 4—Communications—Information Management. Certain operational exceptions are described in the security guidelines.

93 On 9 November 2015, DIBP advised the ANAO in response to a request for access to digital records (audio and visual records) specified in the contract that:

… We have received advice from Transfield regarding the video evidence from Manus and Nauru which amounts to 8 Terabytes of data. Currently, the 8TB of footage is stored on a Direct-attached Storage (DAS) in Brisbane …

94 This approach was used in the 2013 contracts but not in the 2014 contracts.

95 For the 2013 contracts, the framework was due on 29 March 2013, but was not finalised until July 2013.

96 Internal DIBP email from the Director Finance and Performance (responsible for the development of the performance framework) to the Service Delivery Manager on Manus Island.

97 Self-assessment can be a useful and appropriate tool when supported by independent observations focusing on key risks and exposures.

98 Requests had to be made to the DIBP contracts team at the centres in the first instance, and the contracts team had 30 days to approve or not approve the request. If the matter was unresolved, the request could be sent to DIBP’s national office finance and performance team for final determination. The finance and performance team had 20 days to communicate a decision to the contract management team at the centre.

99 The Salvation Army ceased service delivery in February 2014.

100 The initial contract allowed for up to 1500 asylum seekers to be accommodated in permanent facilities in Nauru. The riot (and fire) destroyed the permanent facilities. Under the contract a maximum of 600 asylum seekers could be accommodated in temporary facilities.

101 At this point the department had already advised The Salvation Army that its contract would not be renewed and The Salvation Army had declined a contract extension to March 2014.

102 Reports maintained in the records management system for The Salvation Army’s individual service provider reports were in Microsoft Excel format and were not signed. Some reports were not dated. In some reports, a few of the details on the coversheet were not completed such as those relating to excusable performance failures and action plans. In some reports the performance rating section of the report was incomplete, for example:

  • one report did not record a rating for a performance measure, this report also did not record the reasons for some ratings;
  • several reports did not complete sections related to failure type, excusable performance failure granted and abatement notes or indicate that these considerations were not applicable; and
  • one report did not record the names of the service provider and DIBP officers who agreed the ratings.

103 A copy of the October 2013 report was not maintained in DIBP’s records management system. There were two versions of reports for December and August 2013. There is no report for September 2013.

104 The changes included revised administrative arrangements, and a significant increase in the number of asylum seekers on Manus Island, from a maximum of 600 persons to 3000 persons. In addition, the centre would house only single adult males, which was assessed as increasing the centre’s security risk level.

105 A copy of the November 2013 joint service provider performance report was not available for ANAO review. Reports maintained in DIBP’s records management system were in Microsoft Word format and were not signed, and some were not dated. These reports did not contain contributions from all service providers which meant that some key performance indicators and their measures have not been reported against, or that reporting had not been documented. Some documents included comments.

106 There was evidence of changes to some risks, risk ratings and risk mitigation strategies.

107 Two contract performance metrics relate to entry control.

108 The five identified risks were: death or serious injury; provider failure to manage security of the centre during a significant incident; provider failure to provide sufficient welfare services to the vulnerable; services are not delivered in line with government expectations; and provider failure to deliver effective and efficient services.

109 There was no contract management plan in place, the performance framework had not yet been implemented (and would not be implemented in Nauru), there was no evidence of an audit program in place or reviews of performance measures, and there was no monitoring of incidents and emerging trends.

110 Transfield as a transitioning-in provider was not required to have a transition plan.

111 These incidents included a major riot which resulted in the death of an asylum seeker and the injury of several others.

112 Transfield had been granted an excusable performance failure (as discussed in paragraph 4.11) and there was no agreed performance framework in place for Save the Children.

113 Non-routine cleaning may include out of scope and unscheduled clearing tasks, for example where a spill might occur unexpectedly.

114 For the period September and October 2015, the department provided a single performance outcome.

115 Payments were to be made within 14 days of a correctly rendered invoice, and invoices were to be issued monthly.

116 Specifically, The Salvation Army’s 2013 contract, Save the Children’s 2014 contract, and Transfield’s 2014 contract.

117 The importance of accessing the plans was first raised by DIBP in May 2013—the department considered limited access was detrimental to ensuring care and created significant liability for the parties as the appropriate duty of care could not be monitored and, where necessary, improved. The department considered that case management was compromised because of limited qualified staff and procedures, as well as a perception of the potential for advocacy over case management.

118 The management initiated review was conducted by an external reviewer. The review considered: the management of the contracts and contract deliverables; the role played by DIBP’s Operation Team Leader in overseeing incident reporting and maintaining close liaison with National Office; and the department’s release of documentation such as guidelines.

119 The report was expected to include quality actionable findings and, where relevant, suggest changes to the relevant guidelines to prevent further occurrences of similar incidences. The post incident review was to be tabled at the weekly departmental review with contractors. Recommendations arising from the post incident review were expected to be implemented within the timeframe agreed at the weekly departmental review.

120 Email correspondence between DIBP and Save the Children in December 2014 indicated that the service provider disputed a DIBP decision to increase the risk rating associated with one performance measure. The Contract Administrator advised Save the Children that it had exhausted the review process and the department’s decision was final.

121 DIBP’s Contract Administrator approved a risk assessment linked to performance measures for key contract responsibilities in December 2014. The assessment was last updated in March 2015. No further assessments or updates have been made. DIBP advised that it has flagged for discussion and update the individual service provider report risk assessment template in November 2016.

122 An audit of post incident reviews of incidents was scheduled to occur in May 2015, this audit was not conducted.

123 DIBP advised the ANAO that as at 1 December 2016, 11 of the 35 allegations remain open from the Moss Review.

124 In July 2014, DIBP required the removal of five staff who were subsequently reinstated, and in October ten staff were required to be removed, some of which were no longer employed by Save the Children and others were not in Nauru at the time.

125 Save the Children’s performance failures related to Information security. Departmental and service provider records indicate that a number of privacy breaches occurred over the course of the 2013 and 2014 garrison support and welfare contracts. Service providers were required to notify the department immediately where they became aware of a breach or possible breach of any privacy obligations under the contract. DIBP has also experienced difficulties in ensuring that its own information systems prevent unauthorised distribution and disclosure of asylum seeker and refugee private information, including the biodata of individuals. For example, in June 2015 as part of a regular email to relevant officers in relation to the nominal rolls for Nauru and Manus Island offshore processing centres, a DIBP officer emailed the nominal rolls to an ex-officer of the department who had recently moved to the Department of Social Services.

126 This included providing computers and portable storage devices.

127 Transfield provided Save the Children with four desktop computers from the internet room. These computers were located in a dedicated Save the Children office in the recreation building.

128 These cost reductions represented 15 per cent of: the difference between the estimated pass-through costs (based on the relevant bands in the contract for the number of asylum seekers), less the actual cost for the period.

129 This comprised actual pass through costs being less than estimated costs by:

  • $27 million for Manus Island; and
  • $10.7 million for Nauru.

130 Under the PGPA Act the Secretary is the accountable authority of a Department of State. Under the earlier Financial Management and Accountability Act 1997, which operated until 30 June 2014, the accountable authority was known as the agency Chief Executive.

131 PGPA Act, Section 110(1)(a). Delegation occurs by written instrument.

132 PGPA Act, Section 23(1).

133 Finance, Resource Management Guide No. 400—Approving commitments of relevant money (page 13):

43. ‘Administering’ an arrangement in this context includes making payments pursuant to that arrangement. A person who undertakes decision-making functions in relation to an arrangement, would be administering the arrangement. This person should have a delegation or an authorisation of the power in section 23(1). For example, a contract manager might make decisions that a milestone has been reached by the contractor and that payment is to be made to the contractor for reaching the milestone. A person performing processing tasks in relation to an arrangement, without making any decisions about the arrangement, is not administering the arrangement for the purposes of section 23(1).

134 From September 2012 until 30 June 2016, the delegations provided for officials in the following positions to enter, vary and administer an arrangement up to the following dollar values: First Assistant Secretary (Contract Authority)—Limit of funds available; Assistant Secretary (Contract Administrator)—up to $10 million; Executive Level 2 (Contract Manager, Finance Manager, Director)—up to $500 000; and Executive Level 1 (Assistant Director)—up to $10 000. The department’s March 2015 consolidated delegations also provided for an Arrangement Administrator to administer an arrangement to the limit of the terms of the arrangement. The Transfield 2014 contract identifies the Contract Administrator as the Assistant Secretary Detention Services Branch (see footnote 70).

135 Guideline 56—Procurement—General supplies and assets, 30 July 2014.

136 Consistent with the March 2015 consolidated delegations, the 2014 contracts specified that the arrangement administrator is the Contract Administrator—the Assistant Secretary Detention Services Branch (see footnotes 70 and 139). At an operational level the Contract Administrator was supported by a contract manager (see paragraph 2.39 and footnote 71). The 2014 contract does not refer to a contract manager.

137 From 1 July 2016 delegations were amended as follows: Executive Level 1 delegations were increased to $100,000; APS 6 officials were given a delegation to a limit of $10,000; and the delegate was empowered to appoint an ‘arrangement administrator’ to manage the financial arrangements such as contracts. The arrangement administrator’s delegation was for the approved value of the arrangement.

138 Responsibility for administering an arrangement (such as a contract) must be commensurate with the scale, scope and risk of the contract, and the degree of public interest in the arrangement, that is, where appropriate, the arrangement or contract management process should be clearly articulated, formalised and documented. The arrangement administrator assigned responsibility must have the necessary skills and experience to manage that arrangement.

139 All Assistant Secretaries in the Detention Services Division were given a role specific financial delegation of $10 million to enter into and vary an arrangement under Schedule 2 of the Financial Delegations Schedules. General Financial Delegations set out in Schedule 1 of the Financial Delegations Schedules set the limit for Assistant Secretaries of $5 million.

140 These requirements were outlined in all relevant DIBP Chief Executive Instructions, Accountable Authority Instructions and/or Finance Guidance for the duration of the contracts examined and were supplemented on:

  • 6 March 2015 when an ‘arrangement administrator’ concept was introduced. The Accountable Authority Instructions issued on 1 July 2015 did not refer to an arrangement administrator, instead it referred to a ‘person identified as a contract manager’; and
  • 1 July 2016 when delegations changed to allow for an ‘arrangement administrator’. Changes to the delegations gave effect to changes made in the Accountable Authority Instructions on 4 April 2016.

141 DIBP Accountable Authority Instructions, July 2014, p. 26.

142 An identical requirement was included in the July 2015 AAIs. The 2016 AAIs stated that ‘all payments must be authorised’. The Finance Rules for Managing Payments issued in 2012 provided that ‘a payment must only be made once a FMAA [Financial Management and Accountability Act 1997] s44(1a) & s32b delegate has authorised the payment of the invoice’.

143 DIBP’s Finance Rules for Making Payments issued in 2012 establish the need to keep records on a TRIM file, and the July 2014, 2015 and 2016 AAIs require the department to maintain appropriate records. In addition, the contract management manual requires records to be kept of ‘any approvals sought and gained during the management of the contract’ including payment details, and recognises TRIM as the department’s core record keeping system.

144 The $2.3 billion does not include payments made under The Salvation Army Contract, payments made after July 2015 to Save the Children, and payments made after April 2016 to Transfield.

145 Pass through costs are additional operational expenditure and include food, fuel, clothing and other consumables.

146 A pick list was a list of pass through costs for particular items which set expenditure limits for a month.

147 The Accountable Authority Instructions and supporting finance guidance required invoice and approval records to be maintained in the record keeping system.

148 In the 2014 contracts, service fees also included personnel accommodation fees, transition-in and transition-out fees, incentive payments, and other amounts payable.

149 The Transfield 2014 contract included other fee types such as personnel accommodation services fees and transition-in and transition-out fees. The contract also provided for DIBP to make additional service requests of the service provider. Expenditure associated with additional service requests required approval by DIBP prior to incurring the expenditure.

150 Transfield’s contract included capacity band pricing. Each capacity band represented a number of asylum seekers held. Different capacity bands were included for Nauru and Manus Island.

152 Some asylum seekers did not attend meals, and in these circumstances the service provider advised that it would send a case manager to check on the individual’s welfare.

153 The contracts also required that invoices for pass through costs ‘include confirmation that the Pass-Through Costs are properly recoverable…’ To be properly recoverable these had to be approved in advance and in writing by the department.

154 In January 2015, DIBP raised concerns with the quality of invoices with Save the Children, noting that:

Issues of particular concern are:

- Invoices are often missing or contain inaccurate information that is mandatory under the ATO’s requirements: the supplier’s identity, Australian Business Number (ABN) and transaction dates and locations; An invoice supporting documentation is sometimes not supplied or is illegible …

155 There were few examples of email correspondence from DIBP to Transfield seeking all relevant invoices.

156 DIBP did not have records of full substantiation for all pass through costs for this period, and the department’s records indicate that invoices were often sought and/or provided on a sample basis.

157 In December 2016, Transfield provided the ANAO with an email (dated 24 June 2014) from the DIBP Contract Finance Manager indicating DIBP agreement to revised arrangements. Instead of Transfield providing all documentation for pass through cost claims, the department agreed to Transfield providing all documentation for transactions over $10,000, plus documentation to support 5 per cent of transactions from each category of spend (on the pick lists, see paragraphs 5.26 to 5.32). The DIBP Finance Manager reserved the right to request additional sample documentation if required.

158 DIBP invoice registers did not record supporting documentation of pass through cost samples for 15 invoice periods for the 2013 contract (where Transfield invoiced the department twice a month). For the 2014 contract (between March 2014 and March 2015) records supporting the sampling approach were not maintained for 11 invoice periods.

159 In September 2013 the department, as part of the Commonwealth budget process, estimated the actual and average total cost of fee types including pass through costs for Transfield in Nauru and G4S on Manus Island, noting that pass through costs were more expensive for Nauru for a number of reasons, including the remoteness of Nauru and the use of direct source procurement to engage Transfield. The analysis showed the actual average costs per month per transferee were:

  • G4S on Manus Island: Overhead—$475; Service Delivery—$5825; and Pass through—$7500. Total $13 800.
  • Transfield in Nauru: Overhead—$1704; Service Delivery—$10 777; and Pass through—$10 256. Total $22 737.

160 In July 2014 DIBP’s finance team noted that if the department agreed to the pick list it would be exceeding the budget forecast for the overall level of additional costs under the contract.

161 This form provided the business case and details of the additional service request and included a requirement to undertake a value for money assessment which included:

8. Value for Money Assessment—A minimum of three quotes to be provided. Please attach quotes to this proposal before forwarding to DIBP for approval. All quotes must be provided in AUD [Australian Dollars].

162 Transfield advised the ANAO in December 2016 that the cleaning deliverable was twofold: the outcomes as outlined in the statement of work; and the requirement for Transfield to employ local cleaning personnel at a minimum of 75 per cent. Transfield further advised that systematic absenteeism in Nauru of local personnel resulted in it needing to seek the employment of expatriate cleaners. This arrangement developed overtime, with a credit being provided to DIBP for local wages that were not expended.

163 The additional service request costed on the basis of Expatriate Cleaning Supervisor rates (as there were no expatriate rates for cleaners) which were almost 11 times the rate for the highest level of local cleaners established in the contract. In addition, the expenditure included travel costs (which were covered by fixed monthly overhead fees, based on the number of transferees) and mark-up costs (which were provided for under the contract in respect of additional service requests). Including the cost of travel, the proposal was almost 13 times the cost of local staff. No discount was offered for non-performance of a contracted requirement, and there was no proposal to meet required ratios under the contract for local and expatriate cleaning staff.

164 At this time the DIBP contract administrator disputed the mark-up applied to travel and accommodation costs.

165 For the G4S contracts there were more than $7 million in additional service requests and for Transfield more than $105 million in additional service requests.

166 In the 2013 contracts there were alternate suppliers and these were accessed for service delivery on Manus Island.

167 Three arrangements were not extended: The Salvation Army and Transfield Heads of Agreement, and the Save the Children 2014 contract. Two contracts did not include extension provisions.

168 The variation relied on Transfield being the preferred tenderer in the 2015 open tender process (that process was reviewed in the ANAO’s companion performance audit tabled in September 2016). The delegate had determined, prior to signing the variation, that value for money could not be demonstrated through the open tender process. DIBP did not establish that the services to be provided under the variation were like for like with the open tender request for tender and negotiated outcome.

Related documents: