Introduction

1.1 The purpose of the Department of Foreign Affairs and Trade (DFAT) is to make Australia stronger, safer and more prosperous, to provide timely and responsive consular and passport services, and to ensure a secure Australian Government presence overseas.² In 115 posts across 86 countries³, DFAT is responsible for ensuring a consistent and efficient use of government resources overseas, including managing properties, staff and conditions of service, health and safety, security, information and communications technology, and finance.

1.2 An overseas Australian Government presence has been identified as fundamental to Australia’s ability to meet strategic challenges, protect Australians overseas and advance Australia’s interests abroad.⁴ Reflecting this, managing the Australian Government’s overseas network is one of six key activity areas for the department.

1.3 In its 2023–24⁵ and 2024–25⁶ Annual Reports, DFAT assessed that it had ‘achieved’ both performance measures relating to that activity:

• ‘Australian Government staff, information and assets overseas are protected through appropriate risk-focused security measures’; and
• ‘The overseas property estate is effectively maintained and fit for purpose’.

Previous Auditor-General reports and reviews

1.4 The Auditor-General has previously examined the protection of missions and staff overseas in two audits.⁷ The audits recommended that DFAT improve security guidance and training, security risk management, the implementation and effectiveness of security measures in mitigating risk and the monitoring of security at overseas posts. The findings and conclusions of the 2017 Auditor-General report were considered by a 2018 inquiry of the Joint Committee of Public Accounts and Audit (JCPAA). The JCPAA inquiry report made eight recommendations focussed on security governance, cyber security and security training.⁸

1.5 DFAT engaged a former departmental official in April 2018 to undertake a review of the Chief Security Officer’s obligations under the Work Health and Safety Act 2011 and under the department’s Officer Due Diligence Manual. In addition, Comcare wrote to DFAT in May 2018 setting out that, should a work health and safety issue occur, Comcare would investigate whether due diligence was exercised and may verify if DFAT actions to the ANAO recommendations were implemented. The review was presented to the Department Security Committee in July 2018 and made 39 recommendations. Thirty two recommendations were accepted by the department.

The Security Enhancement Program

1.6 Successive reviews from 2005 to 2017 (including two ANAO performance audits) identified deficiencies in the effectiveness of DFAT’s security arrangements. Since November 2018, the Australian Government has provided additional funding on three occasions to improve security at overseas posts.

1.7 DFAT received $394.3 million ($338.8 million in 2018–19 and $55.5 million in 2020–21) to deliver the Security Enhancement Program (SEP). DFAT received an additional $81.2 million in the 2024–25 Federal Budget to strengthen security at DFAT’s overseas posts including increased inspections and continuation of implementation of security assets (delivered under a separate program).

1.8 The program objectives were to satisfy the government’s duty of care to provide a safe and secure environment for staff and visitors to Australia’s overseas missions. The SEP was described by DFAT as the ‘vehicle’ through which DFAT implemented the ANAO’s recommendations.

1.9 The governance arrangements for delivery of the SEP were approved by DFAT in February 2019 and are set out in Figure 1.1.

Figure 1.1: Security Enhancement Program governance arrangements

Source: ANAO analysis of DFAT documents.

1.10 The SEP was comprised of nine projects (see Appendix 3). The largest projects in terms of cost were: post relocations (in two countries); and an upgrade to security assets and infrastructure capability. The other projects addressed matters such as improvements to armoured vehicle management and vehicle upgrades; delivering a database and workflow capability to manage DFAT’s security information and security requests; and establishing a Global Security Operations Centre (GSOC) to monitor and respond to cyber and physical security incidents.

1.11 DFAT contracted an assurance adviser to SEP, who provided ten reports to the department between June 2019 and May 2023.⁹ In its December 2023 program closure report, DFAT assessed that:

• The program had ‘fundamentally transformed security across Australia’s diplomatic network. Five years since the program’s inception, critical safety issues and security concerns have been addressed and Australia’s missions and staff overseas are better protected.’
• The program budget ‘was tightly managed and remained within tolerances throughout the program’s lifecycle’.
• ‘Benefits will be harvested long after the program’s closure, supporting DFAT to deliver a secure and effective Australian Government global presence for years to come.’

1.12 In a September 2024 benefits realisation report on SEP, DFAT concluded that:

The SEP was an overall success achieving at least partial realisation of all identified benefits.

Due to the length of the program there were revisions to the original benefits realisation approach. However, the final report measures 45 metrics across 10 benefits. While all benefits were over 75 per cent realised, half were realised to 100 per cent or over.

Rationale for undertaking the audit

1.13 The audit was undertaken because of the importance of the Australian Government’s overseas network. Implementation of the SEP involved significant procurement and contract management activity.

1.14 The audit provides independent assurance to the Parliament about whether DFAT obtained value for money in its procurement and contract management activities associated with the Security Enhancement Program, including by conducting procurement processes consistent with the principles and requirements set out in the Commonwealth Procurement Rules (CPRs).

Audit approach

Audit objective, criteria and scope

1.15 The objective of the audit was whether DFAT effectively conducted procurements for the SEP, including achieving value for money and complying with the CPRs.

1.16 To form a conclusion against this objective, the following high-level criteria were applied.

• Were open and competitive procurement processes employed?
• Did the procurement processes demonstrate the achievement of value for money?
• Were the contracts managed appropriately to achieve the objectives of the procurement?

1.17 The audit focused on procurements relating to contracts and contract variations that had a start date of between 1 January 2019 and 31 December 2024. Detailed testing was undertaken of 13 contracted SEP engagements as well as the procurement of an assurance adviser to SEP. Where the engagement was through a staged procurement, the ANAO examined each stage. Where an initial engagement was followed by a further engagement (or engagements) the ANAO examined each engagement. The ANAO also examined the processes employed for any contract variations and decisions to exercise contractual options.

Audit methodology

1.18 The audit methodology included: examination of DFAT records; testing of a sample of 14 contracted engagements; analysis of DFAT’s SAP contract database; analysis of AusTender data; and engagement with DFAT including through detailed requests for further information to fill gaps in departmental records and seek early views from the department on emerging audit findings.

1.19 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $465,000.

2.1 To achieve value for money, competition is a key element of the Australian Government’s procurement framework, with the Commonwealth Procurement Rules (CPRs) supporting open and fair competition.¹⁰ Effective competition requires non-discrimination and the use of competitive procurement processes. The ANAO examined whether DFAT’s procurement processes were open and competitive.

To what extent were open approaches used?

2.2 Australian Government procurement is conducted by open tender or by limited tender.

• Open tender ‘involves publishing an open approach to market and inviting submissions’.
• Limited tender ‘involves a relevant entity approaching one or more potential suppliers to make submissions, when the process does not meet the rules for open tender’.¹¹

2.3 Department of Finance guidance notes that open tender ‘is the “default” for all procurements valued above the relevant thresholds’.¹² The relevant threshold for procurement by DFAT at the time of the SEP was $80,000 for non-construction projects and $7.5 million for procurements of construction services.¹³

2.4 Procurement with an estimated value at or above the relevant threshold can only be conducted by limited tender in accordance with paragraph 10.3 of the CPRs, or when the procurement is exempt as detailed in Appendix A of the CPRs.

2.5 The 65 contracts included in the audit sample involved 14 different original engagements for goods and/or services. For five of those 14 arrangements, DFAT’s procurement process was open. This involved four open tenders and one instance where there was a competitive approach to a panel let by an open tender.

To what extent were competitive approaches used?

2.6 Generally, the more competitive the procurement process, the better placed an entity is to demonstrate that it has achieved value for money. Competition encourages respondents to submit more efficient, effective and economical proposals. It also ensures that the purchasing entity has access to comparative services and rates, placing it in an informed position when evaluating the responses. Openness in procurement involves giving suppliers fair and equitable access to opportunities to compete for work while maintaining transparency and integrity of process.

2.7 In addition to the five arrangements that involved an open approach to the market, for a further four engagements the procurement process involved some competition, at least for the initial contract.

2.8 The remaining five engagements, summarised in Table 2.1, did not involve competition.

Table 2.1: Engagements with no competition

Source: ANAO analysis of DFAT records.

2.9 The ANAO’s analysis was that the department’s procurement approach on occasion evidenced a predisposition for non-competitive procurement of a known/preferred supplier. Each of the five non-competitive procurements involved the department awarding a contract to a supplier previously used by the department. Procurement records did not demonstrate that departmental officials making decisions about whether to approve the proposed procurement approach had a practice of questioning approaches that envisaged little or no competition.

3.1 Achieving value for money is the core rule of the Commonwealth Procurement Rules (CPRs). Officials responsible for a procurement must be satisfied, after reasonable enquiries, that the procurement achieves a value for money outcome. This requires the consideration of the relevant financial and non-financial costs and benefits of each submission.¹⁴

3.2 The ANAO examined DFAT’s procurements in terms of whether the records demonstrated that successful candidates were assessed as providing the best value for money. The ANAO factored the scale, scope and risk of the procurements into its examination.

Were evaluation criteria included in request documentation and used to assess submissions?

3.3 The CPRs require relevant evaluation criteria to be included in request documentation to enable the proper identification, assessment and comparison of submissions on a fair, common and appropriately transparent basis.¹⁵ Request documentation must include a complete description of evaluation criteria to be considered in assessing submissions and, if applicable to the evaluation, the relative importance of those criteria.

3.4 As illustrated by Table 3.1, the department consistently included evaluation criteria when conducting open procurements. Performance was mixed when limited tenders (including those where there was no competition as a result of a direct source procurement being conducted) were conducted.

Table 3.1: Inclusion of evaluation criteria in approach to market documentation

Source: ANAO analysis of DFAT records.

3.5 For some procurements, while candidates were advised of the evaluation criteria, they were not provided with all relevant information (such as any weighting of the criteria). In this respect, for a perimeter security upgrade project, DFAT advised the ANAO in November 2025 that:

DFAT acknowledges that the evaluation process and weightings should have been clearly specified in the Request for Quote. The omission was due to an administrative oversight.

Pricing was requested from [contractor] and considered as part of the procurement process, but the Request for Quote did not explicitly state that price would be assessed independently of the technical evaluation to determine overall value for money. This omission was an oversight.

In practice, DFAT assessed value for money by reviewing the quoted price alongside the technical assessment of [contractor’s] capability and capacity to deliver the [location removed] Project.

3.6 Where evaluation criteria were included by DFAT in the approach to market documentation, with one exception, those criteria were then applied by DFAT to evaluate the response(s) received. The exception related to the perimeter security upgrade project where:

• the request for quote identified four criteria (‘Previous Experience’, ‘Task Appreciation and Methodology’, ‘Key Personnel, Resourcing, and Subcontractors’ and ‘Program’);
• the evaluation plan identified three weighted criteria (‘Task Appreciation and Methodology’, ‘Tenderer’s Previous Experience/capacity’ and ‘Construction Program’); and
• the evaluation approval record stated that four criteria had been applied, addressing the first and third criterion together (‘Previous experience and Key Personnel, Resourcing and Sub-contractor’s Capacity’) and separately addressing the other two criteria (‘Task Appreciation and Methodology’ and ‘Construction Program’).

Were contracts awarded to the candidates assessed as providing the best value for money?

3.8 Under the CPRs, unless the entity determines that it is not in the public interest to award a contract, it must award a contract to the tenderer that the entity has determined:

• satisfies the conditions for participation;
• is fully capable of undertaking the contract; and
• will provide the best value for money, in accordance with the essential requirements and evaluation criteria specified in the approach to market and request documentation.

3.9 DFAT documented that it was satisfied the successful candidate offered value for money for 13 of the 14 engagements examined in detail (93 per cent). The exception was a procurement for locksmith for SEP security installations where there was no competition. DFAT’s records of this procurement did not include any evaluation criteria (see Table 3.1) and there was also no documented assessment of the basis on which it was concluded that the single quote obtained represented value for money

3.10 Where evaluation criteria had been identified, the department’s value for money analysis typically addressed the specified technical criteria, price and risk considerations. These factors are relevant to value for money.

3.11 There were four procurements where, notwithstanding that evaluation criteria had not been identified (see Table 3.1), DFAT recorded that it was satisfied the procurement had achieved value for money. The documented rationale for the department reaching this view was not soundly based given the intended function of evaluation criteria under the CPR framework.

3.12 For two separate, unrelated procurement processes where evaluation criteria had not been specified DFAT recorded the same value for money rationale that ‘The costings provided are reasonable and the company has an extensive regional presence and capability to take on this project’.

Were appropriate procurement records maintained?

3.14 The CPRs state that officials must maintain, and retain in accordance with the Archives Act 1983, for each procurement a level of documentation commensurate with the scale, scope and risk of the procurement. Documentation should provide accurate and concise information on:

• the requirement for the procurement;
• the process that was followed;
• how value for money was considered and achieved;
• relevant approvals; and
• relevant decisions and the basis of those decisions.

3.15 Additionally, entities must have access to evidence of agreements with suppliers, in the form of one or a combination of the following documents: a written contract, a purchase order, an invoice or a receipt.

3.16 The maintenance of appropriate documentation is a fundamental element of accountability and transparency in procurement. It ensures that officials are responsible for the actions and decisions they have taken, and for the resulting outcomes. It also facilitates scrutiny of government activity, including by the Parliament. Risks associated with an absence of appropriate and consistent record keeping practices include that: legislative obligations are not met; internal policy requirements are not adhered to; records are not readily accessible; value for money is not demonstrably achieved; and procurements do not deliver the desired outcomes at the expected costs.

Procurement planning documentation

3.17 Planning documentation existed for 12 of the 14 engagements (86 per cent). This was typically in the form of a procurement plan and/or a recorded approval of how the department intended to approach the procurement process.

Request documentation

3.18 Of the 14 engagements examined in detail, there was one where the request documentation was not on file. Where it was located on file, the standard of request documentation issued to candidates was variable, with:

• content and format requirements not set out for a further nine engagements (64 per cent);
• conditions for participation not identified for a further 10 engagements (71 per cent); and
• evaluation criteria not identified for a further four engagements (29 per cent).

Evaluation records

3.19 DFAT’s procurement records included an evaluation plan for six of the engagements (43 per cent). These six engagements also had an evaluation report prepared and filed. Another engagement had an evaluation report (scoring sheet) prepared and filed, albeit without there having been an evaluation plan prepared.

3.20 There was no evaluation plan and no evaluation report documented for the remaining seven engagements (50 per cent). The value of these engagements ranged from $153,951 to $6.7 million.

Approval of procurement outcomes

3.21 The accountable authority has a duty under section 15 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) to promote the proper use (that is, the efficient, effective, economical and ethical use) and management of public resources for which the authority is responsible. This duty applies when approving commitments of relevant money. Under section 23 of the PGPA Act the accountable authority may enter into, vary and administer arrangements and approve commitments of relevant money. The Secretary of DFAT has delegated these powers to certain DFAT officials and imposed conditions on their use. In accordance with section 18 of the PGPA Rule, the delegate approving a commitment of relevant money must record in writing their approval as soon as practicable after giving it.

3.22 DFAT’s procurement templates include email-based and minute-based requests for ‘s23 approval’ to commit relevant money and enter into an arrangement. The procurement records for 12 of the 14 engagements (86 per cent) included a documented section 23 approval.

Contracts

3.23 Documentation of the contract was evident for all 14 engagements. This was most often in the form of a work order under a standing arrangement such as a panel (eight engagements) or a written contract (six engagements).

Were procurement activities conducted ethically?

3.25 Section 15 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires the accountable authority to govern the entity in a way that promotes the proper use and management of public resources for which the authority is responsible. The PGPA Act defines ‘proper’ as efficient, effective, economical and ethical.

3.26 Officials must also act ethically in accordance with the Australian Public Service (APS) Values and Code of Conduct, as set out in sections 10 and 13 of the Public Service Act 1999. The Code of Conduct includes the requirement that an APS employee, when acting in connection with APS employment, must comply with all applicable Australian laws. The Australian Public Service Commission states that integrity in the APS is:

The pursuit of high standards of professionalism, which in turn means doing the right thing at the right time to deliver the best outcomes for Australia sought by the government of the day.¹⁶

3.27 Under the CPRs, officials undertaking procurement must act ethically throughout the procurement. This includes recognising and dealing with conflicts of interest, dealing with potential suppliers equitably, considering the use of public resources and complying with all relevant entity requirements and directions.

3.28 In March 2019, DFAT approved a probity framework for SEP. This framework:

• recognised that probity protocols and/or plans specific to individual procurements also needed to be complied with;
• set out a tiered (based on risk) approach for the key tasks and required actions to be undertaken from a probity perspective in relation to individual procurements; and
• included requirements relating to the completion of conflict of interest declarations and the management of any declared conflicts.

Probity plans and probity advisers

3.29 Procurement guidance from the Department of Finance is that a probity plan can be a useful tool to ensure that probity issues are considered prior to the start of a procurement.

3.30 A probity plan was documented for one of the procurements. This was for the procurement of the service provider for the global fleet management capability.

3.31 There was no probity plan documented, or consideration of the merits of having a probity plan documented, for the remaining 13 engagements. This included a number of procurements where the ANAO’s analysis identified probity risks that were not well managed by DFAT. One example related to the security upgrades to an embassy where:

• probity advice was sought after (rather than before) the clarification questions were provided to the selected tenderer; and
• the evaluation process and weightings allocated to specific criteria were not specified in the Request for Quote.

3.32 The department’s procurement processes would have benefited from a planned approach to managing probity risks for those engagements where there was little or no competition.

3.33 A probity adviser may be appointed where justified by the nature of the procurement. Finance guidance states that ‘The decision on whether to engage an external probity specialist should weigh the benefits of receiving advice independent of the process against the additional cost involved and include consideration of whether or not skills exist within the entity to fulfil the role.’

3.34 There was an identified probity adviser for five of the 14 engagements (36 per cent), including the procurement discussed at paragraph 3.30 where a probity plan had been documented.¹⁷

3.35 In four instances, the probity adviser was from the Australian Government Solicitor. In the fifth instance, the probity adviser was an official from another area of the department.

3.36 The department did not document its reasons for not engaging a probity adviser for the other nine engagements, which included a number of high risk and/or high value procurements.

Conflicts of interest

3.37 Effective management of conflicts of interest should be a central component of an entity’s integrity framework. Poor practice, or the perception of poor practice, in the management of conflicts of interest will undermine trust and confidence in an entity’s activities. Entity accountable authorities must promote the ethical management of public resources and establish and maintain appropriate systems relating to risk management and oversight and internal controls. This includes policies and procedures regarding the management of conflicts of interest.

3.38 Department of Finance guidance to entities on ethics and probity in procurement states that ‘Persons involved in the tender process, including contractors such as legal, commercial or probity experts, should make a written declaration of any actual, potential or perceived conflicts of interests prior to taking part in the process.’ The guidance also sets out that:

agencies should in the first instance seek to eliminate actual, potential and perceived conflicts of interest. When this is not possible (such as where it would exclude needed expertise or the conflict is so widespread as to be impossible to avoid completely), effective management strategies should be implemented.

3.39 Conflict of interest declarations were not available in all fourteen procurements examined by the ANAO. For eight of the 14 engagements (57 per cent), conflict of interest declarations were completed by all evaluation members.

3.40 For one of the 14 engagements examined Conflict of Interest declarations were completed by all persons involved with tender evaluation. This was the procurement process to engage a service provider to provide global fleet management services for the department’s fleet of armoured vehicles across the Australian Government’s network of overseas Posts. Out of some 60 Conflict of Interest and Deed of Confidentiality forms provided, the ANAO noted four that had declared a conflict of interest. For three of those (one external adviser and two evaluation members), there was no corresponding plan in place as to how these conflicts were to be managed.

3.41 There was evidence of management for two declared conflicts of interest in two procurements examined. In at least five procurements examined by the ANAO, no strategies were disclosed for the management of declared conflicts of interest.

3.42 Conflicts of interest were commonly declared and not managed in relation to DFAT employees or contractors participating as evaluation committee members with existing dealings with potential suppliers or pre-existing employment relationships.

3.43 DFAT advised the ANAO in November 2025 that ‘DSD procurement now ensure that all conflict-of-interest declarations are assessed and panel members that have a personal or professional relationship with a candidate is removed from assessing that candidate.’

Fair treatment

3.44 Under the CPRs, entities must ensure that potential suppliers and tenderers are dealt with fairly and in a non-discriminatory manner. This includes avoiding a potential supplier gaining an unfair advantage in a competitive procurement process. It also means a preference for open and effective competition, rather than limited tenders (including direct sourcing).¹⁸

3.45 DFAT did not maintain a level playing field in its procurement of the armoured vehicles following its pre-engagement of two industry participants to develop background materials prior to the release of the Request for Expression of Interest in October 2020. In November 2025, DFAT advised the ANAO:

When conducting the procurement process that resulted in contract … for CAV global fleet management services DFAT put in place several controls to level the playing field. These included:

• Procurement process was managed by DFAT’s procurement specialists in FND, rather than the program
• DFAT ran a competitive procurement process using an open tender procurement method.
• DFAT ensured all suppliers were provided with the same information throughout the process
• DFAT engaged with an independent probity and insurance advisor to support the procurement process
• All officers involved in the procurement process received a probity briefing and signed COI declarations and confidentiality forms
• The Evaluation Plan was finalised prior to receiving responses from potential suppliers
• The Evaluation Committee included an independent external subject expert
• The rationale for decisions were documented and procurement records filed
• External lawyers led contract negotiations

3.46 DFAT did not seek advice from its external probity adviser relating to how to level the play field during the civilian armoured vehicles procurement prior to approaching the market. The ANAO’s assessment was that the controls listed above did not effectively mitigate the potential unfair advantage gained by two tenderers in the pre-approach to market phase. One of those tenderers was awarded the contract, after its scores against the criteria relating to capability, capacity and experience were increased by DFAT significantly between the Expression of Interest and full tender stages of the procurement. The scores awarded to the successful tenderer in the tender evaluation against the capacity and experience criteria were not borne out by the department’s experience once the contract was awarded. In March 2025, DFAT decided that it would not exercise extension options available to it under the contract, such that outsourced fleet management ended on 30 June 2025, at the conclusion of the initial three-year contract term.

3.47 Another example of where DFAT failed to level the playing field and thereby potentially afforded beneficial treatment to a supplier was in its engagement of its external assurance service provider. Procurement records that illustrate potential beneficial treatment were that the delegate:

• met with the preferred supplier prior to the Request for Quote (RFQ) being released;
• advised the preferred supplier when the RFQ would be published, how long it would be open for, and the first meeting date of its Program Board; and
• further advised the preferred supplier of when the RFQ was published through the Digital Market Place.

3.48 No meetings were held with other suppliers.

3.49 This delegate was also the chair of the evaluation committee (there were a total of two evaluation committee members). The other evaluation committee member was a subordinate of the delegate/evaluation committee chair. Neither committee member declared a conflict of interest in relation to this procurement nor did the delegate document interactions with the supplier outlined in paragraph 3.47.

3.50 DFAT did not maintain an appropriate separation of duties between the evaluation committee and procurement delegate as the evaluation committee chair also signed the section 23 approval and the contract.

3.51 There were two other examples in the 14 procurements examined by the ANAO where the department identified its preferred supplier or labour hire personnel before commencing a procurement process.

4.1 Following the awarding of a contract, the delivery of and payment for the goods and services and, where relevant, the ongoing management of the contract, are important elements in achieving the objectives of the procurement. The Department of Finance’s (Finance) Contract Management Guide states that it is ‘important that contracts are managed consistently and actively throughout their life in accordance with their terms [as this] will ensure that supplier performance is satisfactory, stakeholders are well informed, and all contract requirements are met thereby ensuring that the contract delivers the anticipated value for money outcomes.’

4.2 DFAT has a range of documents to guide contract management by officials. This includes a contract management guide which identifies the key objectives as ensuring the contracted goods and/or services are provided on time, to the agreed standard, at the agreed location and for the agreed price. It emphasises the importance of active and consistent contract management so that the contract achieves a value for money outcome, consistent with value for money being the core rule of the CPRs.

Was the delivery of contracted goods and/or services effectively managed?

4.3 Part of achieving value for money is to effectively manage contracts to ensure that the objectives of the procurement are met without a substantial increase in cost. The ANAO examined 14 contracted engagements across the SEP.

Project A: security assets and infrastructure capability upgrade

4.4 This project was to replace, upgrade and modernise critical security assets and infrastructure at numerous posts. DFAT’s December 2023 program closure report stated that the outcome had been delivered and that, ‘due to the project’s success, the Government agreed to re-baseline the project’s budget phasing and extend the schedule to 30 June 2025’. The department’s September 2024 benefits realised report stated that benefits for this project had been ‘Realised beyond 100 per cent’.¹⁹

4.5 The ANAO’s audit sample included six contracts related to Project A in relation to the effectiveness of DFAT’s management of the contracts.

• The full scope of works/services was demonstrably delivered to DFAT’s satisfaction for two contracts. In paying invoices for one contract, the department did not consistently require that the location was specified in the invoice or that the post confirmed services had been provided. Shortcomings in the delivery of works/services was evident in the other three contracts, including instances where the security equipment that was installed was not operating effectively.
• Costs were unchanged for two contracts, and increased for the other four contracts. Increases related to the exercise of extension options as well as additional services being provided or adjustments to rates (in three instances, those increases were in addition to the exercise of the extension options).
• Extension options existed for four contracts, and have been exercised in each case. Two contracts, each of which involved the supply and installation of security installation, were not delivered in full during the contracted timeframe.

Project B: Regional Security Officers

4.6 Project B involved an increase to the number of Regional Security Officers (RSOs). The department’s December 2023 project closure report described the project as delivered with the September 2024 benefits realisation report stating that benefits had been realised ‘beyond 100 per cent’ with each post now having access to a RSO.

4.7 An important element of the project was a deed of standing offer the department entered into in February 2020 to fill additional security officer positions. This was to initially involve two positions in two locations, and potentially additional positions in other countries if required by the department. The contract term was three years with two options of 12 months each. The estimated contract value was $3.5 million, increasing to $6.0 million if both options were exercised.

4.8 The procurement examined by the ANAO in relation to this project involved one of a number of work orders contracted under the 2020 deed of standing offer and two variations under the initial work order. Two extension options were exercised under this work order to adjust the locations, cost and engagement dates for the contractor personnel.

4.9 A Contract Management Plan was developed under the deed of standing offer and contractor performance was assessed on a monthly basis against the performance measures outlined in the Plan. These performance measures served to define the standards the Service Provider was expected to comply with in delivering the Services and to specify quantitative and qualitative assessment mechanisms. These were assessed against the monthly reports and scorecards generated by the contractor.

Project D: Security Equipment and Measures System (SEMS)

4.10 Project D was to deliver a database and workflow capability to manage security information and security requests. The department’s assurance provider concluded in the May 2023 report for this project that it represented the ‘greatest concern’.

4.11 DFAT’s December 2023 program closure report identified this as ‘one of SEP’s most complex’ projects. It identified that a technical solution had been launched in May 2023 and that, while some benefits had been realised, the project remained ‘ongoing’ at program closure. The September 2024 benefits realisation report stated that the project had ‘partially realised’ its intended benefits.

4.12 The ANAO examined the procurement of the service provider selected to deliver the database following an extended procurement process (the engagement of a contractor occurred 15 months later than initially planned). The contract has increased from $2,520,151 in September 2021 to $8,355,857 as of December 2025. One of two extension options has been exercised as at December 2025.

4.13 As set out in paragraph 4.10, there were schedule delays associated with key deliverables for the database. For example:

• the initial project plan for SEMS anticipated that the minimum viable product would be completed by 30 December 2020.
• The contract signed in September 2021 anticipated that ‘The timeframe for set up of the Service and minimum viable product (MVP) is 3–6 months from contract signature.’ (December 2021 to March 2022).
• The minimum viable product was accepted by the department in February 2023 (26 months later than initially planned). The acceptance certificate listed nine defects or non-conformances to be resolved prior to Diplomatic Security Division (DSD)²⁰ launch and an additional twelve defects or non-conformances to be resolved prior to global launch.

4.14 These delays affected the realisation of system capability. The date for SEMS full rollout was anticipated by the department in its initial project plan as 30 June 2021. The system was launched globally over two years later than planned in November 2023.

4.15 Not all contracted requirements were incorporated into the database. For example, one of the ‘desirable’ requirements listed in the Request for Tender was integration with SAP asset management including: asset serial numbers, SAP asset numbers, asset makes and models, location information and financial end of life.²¹ This requirement was reflected as part of the contract signed in September 2021. As of January 2026, there was no integration between SAP and the database.

4.16 Another procurement examined by the ANAO in relation to this project involved one of a number of business analysts contracted by the department.

• The contract was initially for 12 months (July 2021 to June 2022) with two extension options of 12 months each. Both extension options were exercised.
• There were no other variations relating to project scope, hours of work to be delivered or fee rates.
• There were no shortcomings identified in relation to the effectiveness of the department’s management of the contract for business analysts.

Project E: Global Security Operations Centre (GSOC)

4.17 The GSOC was established to monitor and respond to cyber security events and physical security incidents at overseas posts, from a centralised location in Canberra. The GSOC became operational in the first half of 2022 with DFAT’s December 2023 program closure report identifying that some ‘nice to have’ functions were not delivered and were descoped, and that more work and funding was required for the facility to meet its full potential. The department’s September 2024 benefits realisation report stated that the benefits had been ‘partially realised’.

4.18 The ANAO examined the management of a contract for suitably skilled and cleared resources to staff the GSOC and provide ongoing operational expertise. In February 2020, DFAT had approved entering into a 12 month arrangement, with two extension options of one year each, at an estimated cost of $767,800 for the first year. Unlike other arrangements that involved extension options, the department did not, in its approval record, set out the estimated full cost in the event both options were exercised.

4.19 Departmental contract management records outlined that the department identified shortcomings in the quality of the services being received, as well as delays. The department’s closure report for the first phase of the contract did not reflect these shortcomings.

4.20 The invoice for the fourth and fifth milestones was not consistent with the terms of the contract. This matter was not identified and addressed by DFAT in its contract management.

4.21 The approach to payment for travel expenses was also inconsistent with the contract, as it required that approval be provided in writing by the department before the travel occurred, and this was not evident from the department’s records.

4.22 Having regard to the contractor’s performance, DFAT decided not to exercise the extension options under the contract.

Project G: permanent relocation of two posts

4.23 The department’s December 2023 program closure report identified this project as ‘ongoing’ with the September 2024 benefits realisation report stating the benefits had been ‘partially realised’. Permanent relocations have not yet occurred, instead temporary relocations have been undertaken.

4.24 The ANAO sample included a contract related to the one of the relocations. This was a contract to operate from April 2019 to December 2020 at an estimated cost of up to $6.7 million (including an allowance for contingencies) for a temporary relocation of one of the posts.

4.25 The contract was managed by an Australian head contractor overseeing local delivery. The scope included design, project management and construction. Considering the associated value and risk of the procurement, the work order lacked specific details such as details of services, including list of deliverables and key performance indicators, instead referring to the initial Request for Quote.

4.26 DFAT reported that the project was successfully delivered within accelerated timelines despite significant challenges and that life safety systems, emergency management and structurally sound property were established to a high standard. Handover of the project occurred when DFAT signed the ‘take over certificate’ from the local builder on 25 January 2020, three months later than initially scheduled.

4.27 A visit to the temporary facility by the Diplomatic Security Division in July 2020 identified further defects and quality issues with the building that had not been detected or resolved by the department prior to take over by department. These issues were rectified by the contractor and local builder during the Defects Liability Period.

4.28 Two contract variations were reported on AusTender that resulted in changes to contract period and value, with the cost increasing to $6.9 million (including an allowance for contingencies).

Project H: armoured vehicle lifecycle management and upgrade

4.29 The department’s December 2023 program closure report stated that the ‘project had delivered to date, with further work funded till mid 2024’. It cited the independent assurance review as concluding that the project was ‘undoubtedly a success’.²² Similarly, the department’s September 2024 benefits realisation report stated that the project had ‘realised beyond 100 per cent’ of the intended benefits.

4.30 An important piece of work under this project was the outsourcing of management of the department’s fleet of civilian armoured vehicles. A number of procurements were undertaken to plan and scope the main procurement, which involved an open approach to the market procurement for global fleet management services.

4.31 In conducting the procurement for global fleet management services, DFAT approved an approach that had a maximum contract term of seven years (three years initially with two options each of an additional two years). Inconsistent with the SEP closure report, benefits realisation report and report of the assurance provider, DFAT had recorded concerns with the performance of the fleet manager’s performance from the commencement of the $20.1 million contract in June 2022.²³

4.32 In March 2025, DFAT decided that it would not exercise extension options available to it under the contract, such that outsourced fleet management would end on 30 June 2025, at the conclusion of the initial three-year contract term. In response to ANAO inquiries of DFAT about the procurement process for the fleet management contract and the management of the resulting contract, the department advised the ANAO in November 2025 that:

DFAT increased the governance to performance manage [contractor], in the form of routine Contract Management Group (CMG) meetings to actively contract manage [contractor]. Performance Framework Reviews were completed to ensure that reviews and actions were documented accordingly.

DFAT did not deploy any service rebate provisions. DFAT continued to contract manage [contractor] in good faith and acknowledges with the perspective of hindsight that it should have deployed the service rebates.

Project I: perimeter security upgrade

4.33 The department’s December 2023 program closure report stated that the project was ‘ongoing’. Similarly, the department’s September 2024 benefits realisation report stated that the project had ‘partially realised’ the intended benefits.

4.34 DFAT procured a contract manager for this project (see paragraphs 2.8, 3.5 and 3.6). In terms of managing the contract, the ANAO’s analysis was that:

• The original contract period was November 2022 to June 2024. DFAT records of contract variations attribute the ‘significant delays’ to ‘a combination of latent conditions and poor contractor performance’. Stage 1 (of 2) was not completed on time. There is no timeline for Stage 2 works, and no forecast of when the full package of works will be completed.
• The scope of works was reduced. As of November 2025, DFAT was withholding fees for the Stage 1 practical completion milestone until major defects with existing works are resolved.
• DFAT has separately engaged, at additional cost to the department, an onsite stakeholder manager.

Contract for assurance over the realisation of program benefits

4.35 DFAT contracted an ‘independent assurance provider’ for SEP, under two consecutive contracts (see further at paragraph 2.7). The scope of the assurance provider’s work excluded the largest value SEP project, which was for permanent relocations at two overseas posts (permanent relocations have not occurred at either location). DFAT advised ANAO in October 2025 that:

it was articulated that the Department had a requirement for an independent assurance specialist to provide independent assurance oversight of the Security Enhancement Program (SEP). Post relocations have external oversight through the Public Works Committee.

4.36 The May 2023 final report from the assurance provider concluded that:

SEP funding was for a set of initiatives – delivered through projects – that each contributed to the enhancing of diplomatic security. There is no question that overall, the program has increased diplomatic security as the benefits realisation work demonstrates.

4.37 It was not evident that the department’s reliance on the work it contracted was consistently well founded. For some projects, heavy reliance was placed by the assurance provider on advice from the department, rather than independent investigation and analysis.

Were AusTender reporting requirements met?

4.40 Under the Commonwealth Procurement Rules (CPRs), non-corporate Commonwealth entities must report contracts on AusTender within 42 days of entering into a contract if they are valued at or above $10,000.

4.41 Amendments must be reported on AusTender within 42 days where:

• a previously unreported contract is amended to be valued at or above $10,000;
• an amendment increases or decreases the reported contract value by $10,000 or more; or
• accumulated unreported amendments will vary the reported contract value by $10,000 or more.²⁴

4.42 Reporting entities are responsible for the quality and content of the data that they publish and report on AusTender. In order to effectively meet their publishing and reporting obligations, entities should implement appropriate measures to quality assure any data published on AusTender for completeness and accuracy. Accurate AusTender reporting achieves two important objectives: transparency to suppliers that the awarded contract is consistent with the representations that were made to the market in the approach to market; and meeting Australia’s reporting obligations under various free trade agreements.

4.43 DFAT’s procurement policy sets out that it is the responsibility of agreement managers to ensure the information entered into SAP contracts is accurate and provided in a timely manner. To ensure DFAT meets mandatory reporting obligations in the CPRs, agreement managers must:

• confirm work does not commence before the agreement is entered into; and
• enter departmental and administered agreement information into SAP contracts within seven calendar days of when the agreement or the amendment is entered into.²⁵

4.44 ANAO analysis was that the department met its AusTender reporting requirements (both in terms of accuracy and timeliness) in 39 of 62 instances (63 per cent). Multiple errors were also observed for single AusTender records. The more significant deficiencies included:

• one instance where a contract notice was not published on AusTender and two instances where contract variations were not published on AusTender;
• five instances where the contract or contract variation notice was published more than 42 days after the reported start date;
• one instance where the contract was published before the variation was signed;
• in two instances contract start date and date reported on AusTender do not align.

4.45 DFAT also reported two variations prior to the commencement date of the variations. These variations were under a deed of standing offer for backfill for a Regional Security Officer (RSO).

Appendix 1 Entity response

Appendix 2 Improvements observed by the ANAO

1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of Australian National Audit Office (ANAO) audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s corporate plan states that the ANAO’s annual performance statements will provide a narrative that will consider, amongst other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

• strengthening governance arrangements;
• introducing or revising policies, strategies, guidelines or administrative processes; and
• initiating reviews or investigations.

4. During the course of the audit, the ANAO did not observe changes in DFAT’s approach to procurement and contract management. Following previous ANAO procurement audits, and consistent with advice it has provided to the Parliament, DFAT has sought to uplift its procurement activities.

Appendix 3 Security Enhancements Program projects

Note a: Regional Security Advisers or Officers are responsible for working with posts to ensure security is up to standard. They report back to one of two section heads within Canberra, one oversees the Middle East, Africa & Eurasia. The other head oversees the Pacific, SE Asia, Americas and domestic. At the time of the 2017 audit ‘Protecting Australia’s Missions and staff overseas: Follow-on’, DFAT had 15 Regional Security Advisers. After completion of Project B, DFAT’s network comprised of 30 Regional Security Officers (DSD advised the audit team this is currently 31). DFAT now note that each post has access to a Regional Security Officer.

Source: ANAO analysis of DFAT records.