The objective of the audit was to assess whether the Department of Health effectively procured services to operate a National Cancer Screening Register.

Summary and recommendations

Background

1. Screening is used to assist in the early detection and treatment of diseases such as bowel, cervical and breast cancer. The Department of Health (Health) funds screening programs including activities delivered by the Department of Human Services and state and territory departments of Health to facilitate early detection of cancer and the reduction of cancer mortality rates.1 Changes to bowel cancer screening frequency and cervical cancer screening methodology have been agreed to by Government and Health has responsibility for facilitating their implementation.

2. To achieve improvements in the design and operation of cancer screening registers, in August 2015 Health issued a Request for Tender for a National Cancer Screening Register (NCSR), with the objective of:

  • establishing a single register to support existing cervical and bowel screening programs;
  • migrating data from a number of existing registers;
  • developing and implementing data interfaces with a range of stakeholders, including Medicare, medical practitioners and individuals; and
  • facilitating ongoing compliance with data quality and privacy requirements.

3. Health received six tenders and, after evaluating the tenders, negotiated with two tenderers in order to determine which presented the best value for money outcome. On 4 May 2016, Health entered into a contract with Telstra Corporation Limited (Telstra) valued at $220 million over five years to deliver and support the NCSR.

Audit objective and criteria

4. On 13 October 2016, the legislation for the National Cancer Screening Register passed in the Senate, with an accompanying resolution requesting that the Auditor-General conduct an audit of the procurement process.2

5. The audit objective was to assess whether the Department of Health effectively procured services to operate a National Cancer Screening Register. To form a conclusion against the audit objective the ANAO adopted the following high-level audit criteria:

  • did Health appropriately manage the procurement of services for the NCSR?
  • did Health effectively consider value for money, consistent with the Commonwealth Procurement Rules (CPRs) in the procurement process?

Conclusion

6. In conducting the procurement of the National Cancer Screening Register, the Department of Health complied with the Commonwealth Procurement Rules, effectively managing an open tender process and considering value for money.

7. The effectiveness of the procurement has been reduced due to inadequate consideration of risk during planning and poor management of probity and conflicts of interest. The objectives sought by the Government have not been achieved in the agreed timeframe and additional costs have been incurred as a result.

Supporting findings

8. Health complied with the ICT Investment Approval Process when procuring the National Cancer Screening Register. However, the full extent of the project’s complexity, risk and the potential consequences of project failure or delay were not communicated to the Government at the point in time the funds were allocated. Health complied with the Commonwealth Procurement Rules, establishing a comprehensive procurement process and documentation that complied with the requirements. It consulted with key stakeholders but did not undertake a request for information stage prior to opening the procurement tender. The integrity of the procurement was weakened by Health staff acting inconsistently with the probity arrangements. To date the procurement has complied with Health’s internal procurement guidance, noting that Health’s guidance requires the contract be managed to achieve value for money.

9. Health identified risks during the procurement and the Tender Evaluation Plan established an approach for managing risks. Health did not fully implement the approach set out in the plan, as untreated risks of the tenders were compared during the evaluation rather than treated risks, potentially compromising value for money outcomes. All risks that were identified for the preferred tender were considered by Health during the contract negotiation phase and treatment strategies were proposed prior to executing the contract.

10. Health developed governance, probity and conflict of interest arrangements that were appropriate and commensurate to the scale of the procurement and retained appropriate documentation. Health established a framework to manage conflicts of interest and probity issues. While a number of key decision-makers complied with the approach by completing the relevant form, not all decision-makers declared existing conflicts. In addition, probity issues were not adequately documented. This weakened the effectiveness of the otherwise well designed governance framework.

11. Health’s approach to contracting Telstra included due diligence activities, which satisfied the department that the preferred tenderer’s proposal represented value for money and would achieve the intended outcome. While the contract included timeframes for a number of key deliverables, Health and Telstra have not yet agreed on a project schedule, as well as the timing and content of some other key deliverables. Due to delayed implementation of the project, the initial ‘Go-live’ date was not met. As a result, value for money outcomes have been compromised and the Commonwealth will incur additional costs.

Recommendation

Recommendation No.1

Paragraph 2.59

Health should ensure that:

  1. actual, potential and perceived conflicts of interest records are maintained, up-to-date and appropriately addressed; and
  2. Senior Executive Service employees declare in writing, at least annually, their own and their immediate family’s financial and other interests.

Department of Health response: Agreed.

Department of Health’s response

12. I am pleased that the ANAO has found that, in undertaking the procurement for the National Cancer Screening Register, the Department of Health has complied with Commonwealth Procurement Rules through the effective management of the open tender process to ensure value for money in the selection of a service provider. I am confident that the National Cancer Screening Register will deliver benefits for the national cervical and bowel screening programs, including to help increase participation rates and improve the effectiveness of these programs.

13. The report has confirmed the need for the Department of Health to continue to build on recent work to improve the systems and processes for the management, recording and maintenance of conflicts of interest for staff at all levels.

1. Background

Introduction

1.1 Screening is used to assist in the early detection and treatment of diseases such as bowel, cervical and breast cancer. Cancer screening involves tests designed to identify particular changes or early signs of a cancer before it has developed or before any symptoms develop. The Department of Health (Health) funds screening programs including activities delivered by the Department of Human Services and state and territory departments of Health to facilitate early detection of cancer and the reduction of cancer mortality rates.3 Over recent years, the clinical advice about the most effective screening protocols has changed, leading to a joint Commonwealth and state and territory government decision to transition to an alternative cervical screening test.

Cervical cancer screening

1.2 The National Cervical Screening Program (NCSP) commenced in 1991. The NCSP involves eight separate state and territory registers managed by seven providers.4 The program targets Australian women between the ages of 18 and 69 years and recommends that they have a routine Pap smear every two years.5 In April 2014, the Medical Services Advisory Committee6 recommended that a five-yearly primary human papillomavirus (HPV) test for women aged 25 to 74 years of age replace the current two-yearly Pap smear. Changes to the method of screening for cervical cancer (‘the Renewal’) were agreed by all states and territories and were planned to take effect on 1 May 2017. In October 2016, a report by the Senate Community Affairs Legislation Committee noted that the HPV test for cervical screening requires a much lower level of labour intensity than the previous Pap smear test. In anticipation of the Renewal, the pathology workforce has been reduced, impacting on the sector’s capacity to analyse the Pap screening test under the NCSP.7

Bowel cancer screening

1.3 The National Bowel Cancer Screening Program (NBCSP) was established in 2006 and, to date, has been managed by Health through one central register operated by the Department of Human Services. Under the NBCSP, Australians between 50 and 74 are invited to screen for bowel cancer once every five years using a test that can be completed at home—a Faecal Occult Blood Test.8 In 2005, the National Health and Medical Research Council9 recommended screening at least once every two years for Australians over 50 years of age. Subsequently, in 2014, the Australian Government committed to accelerating the implementation of a biennial bowel cancer screening interval for all Australians who will be 50 to 74 years of age between 2015 and 2020. The roll out of biennial screening commenced on 1 January 2015, with new cohorts added each year.

National Cancer Screening Register

1.4 The National Cancer Screening Register (NCSR) was announced in the 2015–16 Budget, with an allocation of $148.4 million. On 12 April 2016, the Government increased the budget allocation to $178.3 million for the period 2015–16 to 2019–20.10 On 2 May 2016, Health authorised a Forward Commitment Approval for up to $236 million, which provides for a five year contract ending June 2021.

1.5 With the implementation of the NCSR, the Commonwealth will manage a national cervical register, previously funded and managed by states and territories, and a national bowel cancer screening register, previously operated through the Department of Human Services. Through the NCSR, the Australia Government intends to deliver and maintain an ICT platform and services which are designed to improve the efficiency and effectiveness of screening registers11 and support the recommended changes to cervical and bowel screening.

1.6 The NCSR is intended to:

  • create a single electronic record for each Australian participating in cervical and bowel cancer screening;
  • be capable of supporting additional population screening programs into the future;
  • provide a single, cost-effective service that will record and report screening data in a nationally consistent manner and inform timely clinical decisions; and
  • allow participants access to their screening records from wherever they reside.12

1.7 Once established, the NCSR is expected to provide eligible Australians with invitations and reminders to screen; and support clinical decision-making by providing healthcare professionals with direct access to participants’ screening information via their practice management software or a web portal. The NCSR is also expected to provide operational services to support screening participants, healthcare professionals and other end users.

Procurement process to support the NCSR

1.8 The implementation of the NCSR was dependent on, among other things: legislation enabling the implementation, management and operations of the register13; and the engagement of a service provider to operate the register. Health opted to undertake parallel processes to progress the enabling legislation and the procurement of NCSR services. Health noted that:

(g)iven the long lead time required to ensure a service provider was able to commence the necessary work for the Register operations, the procurement process for the service provider and legislation needed to be undertaken in parallel in order to meet the NCSP renewal date of 1 May 2017.14

1.9 In late 2014 Health commenced the procurement process for the NCSR, adopting a competitive open tender process. The Request for Tender (RFT), developed in consultation with a number of stakeholders, was finalised in August 2015. An open tender process for the NCSR, published on AusTender, commenced on 10 August 2015 with a closing date of 8 October 2015. Health held an information session on 14 July 2015 prior to approaching the market and conducted an industry briefing on 17 August 2015 after the tender was open.

1.10 The RFT called for an ‘outcomes’ based arrangement for the effective supply and ongoing operation of the various NCSR components by a single supplier. The RFT required an ICT platform to support register functions, a comprehensive clinical interfacing capability, along with integrated mail house, call centre and data centre functionality. The RFT specified that the Tenderer must have completed the implementation and transition activities and commenced delivery of the on-going services on or before 1 May 2017.

1.11 Six tenderers responded to the RFT, three of which were compliant with the minimum RFT content and format requirements. Following evaluation, two were shortlisted in November 2015. Health undertook further negotiations with the two shortlisted tenderers during December 2015 to March 2016. A preferred tenderer was selected on 23 March 2016. On 4 May 2016 Health awarded Telstra Corporation Limited (Telstra) the NCSR contract, which was valued at $220 million (GST inclusive) over five years from 2015–16. Figure 1.1 describes the timeline of key NCSR procurement events.

Figure 1.1: Timeline of NCSR procurement

Source: ANAO analysis of Health documentation.

Audit approach

1.12 On 13 October 2016 the legislation for the National Cancer Screening Register (NCSR) passed in the Senate, with an accompanying resolution requesting that the Auditor-General conduct an audit of the procurement process.15

1.13 The objective of the audit was to assess whether Health effectively procured services to operate a National Cancer Screening Register. To form a conclusion against this objective the Australian National Audit Office (ANAO) adopted the following high-level audit criteria:

  • did Health appropriately manage the procurement of services for the NCSR?
  • did Health effectively consider value for money, consistent with the Commonwealth Procurement Rules (CPRs) in the procurement process?

1.14 The audit considered whether:

  • the procurement processes complied with the CPRs and other procurement requirements by reviewing the documents retained by Health relevant to each stage of the procurement process; and
  • value for money was facilitated by the procurement, by considering the approach to market; the process used to assess tenders and select a preferred supplier; and the effectiveness of negotiating and executing a contract.

1.15 The audit methodology included: examination of records held by Health; review of the administrative processes supporting the procurement; interviews with tenderers; interviews with Health staff and contractors involved in the procurement; and review of communication received through the ANAO citizens’ input facility.

1.16 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of $284 000.

1.17 The team members for this audit were Tony Varnes, Jess Scully, Kelly Williamson and Deborah Jackson.

2. Procurement of the National Cancer Screening Register

Areas examined

This chapter examines the Department of Health’s procurement processes and decisions relating to the procurement of the National Cancer Screening Register.

Conclusion

In conducting the procurement of the National Cancer Screening Register, the Department of Health complied with the Commonwealth Procurement Rules, effectively managing an open tender process and considering value for money.

The effectiveness of the procurement has been reduced due to inadequate consideration of risk during planning and poor management of probity and conflicts of interest. The objectives sought by the government have not been achieved in the agreed timeframe and additional costs have been incurred as a result.

Areas for improvement

The ANAO has recommended that Health ensure that actual, potential and perceived conflicts of interests are documented and appropriately addressed.

2.1 The Australian Government is a significant purchaser of goods and services and has in place resource management legislation and related policies that establish a framework for Government procurement and contracting. For the procurement of the NCSR the relevant procurement frameworks included:

  • the ICT Investment Approval Process (formerly known as the ICT Two Pass Review process)—part of the Budget process required of ICT enabled proposals16;
  • the Commonwealth Procurement Rules (CPRs)—establishing procurement principles that apply to all Australian Government procurement processes17; and
  • internal Health procurement guidance—additional Health guidance supporting compliance with the CPRs.18

2.2 The ANAO reviewed whether the procurement process for the NCSR contract was conducted in accordance with these procurement frameworks. In particular, the ANAO examined:

  • compliance with the administrative requirements of the ICT Investment Approval Process, the mandatory requirements of the CPRs, and internal procurement guidance;
  • risk management arrangements for the procurement;
  • governance, probity and conflict of interest arrangements; and
  • contract negotiations.

Did Health comply with the procurement requirements for the NCSR?

Health complied with the ICT Investment Approval Process when procuring the National Cancer Screening Register. However, the full extent of the project’s complexity, risk and the potential consequences of project failure or delay were not communicated to the government at the point in time the funds were allocated. Health complied with the Commonwealth Procurement Rules, establishing a comprehensive procurement process and documentation that complied with the requirements. It consulted with key stakeholders but did not undertake a request for information stage prior to opening the procurement tender. The integrity of the procurement was weakened by Health staff acting inconsistently with the probity arrangements. To date the procurement has complied with Health’s internal procurement guidance, noting that Health’s guidance requires the contract be managed to achieve value for money.

ICT Investment Approval process

2.3 The ICT Investment Approval Process involves a two staged process.

The First Pass Business Case

2.4 In late 2014, Health developed the First Pass Business Case for the NCSR, in accordance with the Department of Finance (Finance) ICT Investment Approval process. The First Pass Business Case informed the policy proposal and Request for Tender (RFT). Initially Health proposed two options. Feedback from Finance suggested that additional options which outline a range of solutions and costs should be presented. The final First Pass Business Case proposed the following four options for consideration by Government:

  1. procurement of a comprehensive ICT solution with functionality to support the changes to the bowel screening program and the cervical screening program (recommended);
  2. updates to the current state and territory based registers (not recommended);
  3. in-house development and operation of a comprehensive ICT solution by Health (not recommended); or
  4. in-house development and operation of a comprehensive ICT solution by the Department of Human Services (not recommended).

    2.5 Health costed options (a) and (b); it did not cost options (c) and (d) and indicated that these options did not have merit. In addition, the business case’s option analysis stated that there were no benefits for option (b), in effect presenting one option. At the First Pass Business Case stage Health expected interest from suppliers that could provide register capability and tender with clinical partners. The procurement was initially proposed to be finalised by 24 December 2015 and the system build and implementation to be complete by 31 March 2017.19

    2.6 Health’s recommended option was the procurement of a complex ICT solution which:

    • supports register functions (including generation of reminders and follow-up notifications);
    • integrates with health care professionals and clinical practice across all states and territories, Medicare data, MyGov, existing State Based Registers, the National HPV Vaccination Register20, the My Health Record system (formerly the Personally Controlled Electronic Health Record (PCEHR)) and Health’s Enterprise Data Warehouse;
    • involves the concurrent development of new functions to support revised clinical pathways; and
    • requires that all elements be completed and implemented by 31 March 2017 (the ‘Go-Live’ date).

    2.7 The aspiration to develop ICT platforms to support single-person-single-record in a ‘live’ data environment with access provided to multiple stakeholders has proved challenging and complex both in Australia and around the world.21 The Australian Government is attempting to do this with the establishment of the NCSR, with the additional complexity of drawing data from multiple databases held in multiple jurisdictions and across two screening pathways (cervical and bowel). The First Pass Business Case did note that complexity risk was present in the recommended option, but the complexities of combining additional screening pathways into a single national register and the number of interfaces required were not presented. Similarly, the risk of not achieving the NCSR ‘Go-Live’ date and resulting impact on the pathology sector22 and public confidence in screening was not discussed. Health proposed that complexity risk would be reduced to ‘low’ by outsourcing the register functions through an open tender process.

    2.8 The First Pass Business Case did not explore alternative viable implementation approaches, such as staging the implementation of the NCSR. Health’s recommended strategy to implement a national cervical and bowel screening register simultaneously added to the complexity of the project. A staged approach could have included establishing the national bowel screening register and demonstrating its capability, prior to the inclusion of cervical screening functions. While this approach may have required the deferral of the proposed transition to the HPV test for cervical screening, it would have reduced complexity risk.

    2.9 The First Pass Business Case estimated that the recommended option (option (a)) would cost $123 million over four years, noting that savings from the bowel screening program could be used to offset the costs of the Commonwealth expanding its role in cervical cancer screening. The recommended option was approved in–principle as part of the 2015–16 Budget process, with a budget allocation of $148.4 million over five years from 2015–16 to 2019–20.

    The Second Pass Business Case

    2.10 At the second pass, Health was required to provide a business case with sufficient detail to inform decision-makers on the implementation of the NCSR. The Second Pass Business Case was finalised and submitted to Finance on 23 March 2016. The Second Pass Business Case was consistent with the First Pass Business Case and included:

    • cost estimates based on the tenderer’s RFT submissions and tender evaluation process;
    • identified risks and treatment strategies involved in acquiring and delivering the NCSR; and
    • proposed NCSR governance arrangements, including risk management.

    2.11 At this stage Health identified that further funding would be required, based on the tenderer pricing, which was significantly higher than previously estimated. On 12 April 2016, the Government increased the budget allocation to $178.3 million for the period 2015–16 to 2019–20.23 On 2 May 2016, Health authorised a Forward Commitment Approval for up to $236 million, which provides for a five year contract ending June 2021.

    Commonwealth Procurement Rules

    2.12 The CPRs are the basic rule set for all Commonwealth procurements and govern the way in which entities undertake their procurement processes.24

    Planning the procurement

    2.13 Health undertook a range of planning activities which were commensurate with the scale, scope and risk of the procurement.25 Key activities included the development of the Bowel and Cervical Cancer Register Blueprints26, and procurement, probity and tender evaluation plans. External advisers were engaged to provide:

    • commercial, IT and project support services for the development of the RFT and Second Pass Business Case;
    • legal advice; and
    • probity advice.

    2.14 As states and territories are the administrators of the current cervical screening registers and are stakeholders in the bowel screening register, effective implementation of the NCSR is contingent on the cooperation of each of the states and territories. Health engaged with the states and territories when developing the Blueprints and hosted a workshop with state and territory representatives in January 2015.27 Health did not conduct a request for information as a part of the procurement, citing the consultation undertaken and the compressed timeframes as the primary reasons for the decision.

    2.15 Two options were considered at the workshop. Both options involved the Commonwealth procuring an ICT capability to support cancer screening registers. In one option the states and territories would retain responsibility for cervical register operator functions, in the other option responsibility for a national cervical cancer screening register was transferred to the Commonwealth. The Victorian Cytology Service (VCS) attended the workshop as a stakeholder and, along with other participants, was provided with the meeting records. Following a suggestion from Victoria, VCS participants were not included in subsequent communications.

    2.16 Prior to obtaining feedback from the states and territories on the draft RFT, Health required the states and territories to adhere to probity separation guidelines.28 These guidelines, issued via letter between 19–21 May 2015, stated that the states and territories and their subcontractors must identify any personnel who may directly or indirectly be part of a bidding team. The identified people were not to have access to any information made available by Health in relation to the procurement. Health outlined a number of information barriers which were also to be adhered to. All states and territories confirmed adherence to the guidelines.

    2.17 On 6 May 2015, prior to sending the probity separation guidelines to states and territories, Health emailed all states and territories with high level information about the proposed register. The email requested ‘input from states and territories on the National Cancer Screening Register’s functional and service requirements’. In response, South Australia advised Health that: it needed to consult with VCS in order to respond to the request; noted the prospect that doing so could compromise the procurement process; and sought advice on how to proceed. In response, an officer of Health advised South Australia to provide the information to VCS, noting that the probity arrangements would be in place once states and territories received the probity letter but until then they could make their own decisions. This approach was inconsistent with the probity arrangements Health was establishing.

    2.18 On 2 October 2015, Health emailed the states and territories requesting information on current and future register requirements. Victoria advised that it was unable to provide all of the requested information without the support of VCS. Health’s probity adviser recommended that Victoria ask VCS to gather the information using a person not involved in the tender bid team. Victoria informed Health that this advice was followed. By following the separation processes Health sought to avoid giving VCS an advantage in the tender process.

    2.19 VCS’ access to some information as an incumbent provider was beyond Health’s control. For example, VCS had access to the Participant Follow Up Function guidelines (PFUF) for the current bowel program. The PFUF guidelines are not publically available, nor were they provided in the RFT material for all potential tenderers.29 However, access to RFT documentation pre-tender was within Health’s control. While Health developed separation guidelines to manage this issue, in one identified instance Health staff facilitated VCS access to early RFT related documents (as discussed in paragraph 2.17), prior to the separation guidelines being issued in May 2015. As such the separation controls implemented by Health were only partially effective.30

    Approach to Market

    2.20 As previously noted, Health did not conduct a request for information stage as a part of the procurement. Health adopted an open tender process for the procurement, which enhances competition and value for money outcomes. The ANAO’s review of the RFT documentation found that it met the requirements of the CPRs.31

    2.21 One of the four key features of the RFT was service improvement over time, providing access to innovation, reduced cost and increased efficiency. In line with the approved Procurement Plan, the RFT emphasised that Health was seeking an outcomes based arrangement which provided flexibility to suppliers while ensuring that outcomes were achieved. One of the five outcomes of the RFT was that ‘the relationship is strategic and based on trust’. However, the RFT required specific pricing for outputs, including, for example, the requirement to price manual processing services. Some tenderers noted that this feature of the RFT constrained their ability to develop innovative approaches.

    2.22 At the time of issuing the RFT, Health anticipated that suppliers with core ICT systems capabilities would partner with clinical registry capable suppliers to respond to the tender. The three non-compliant tenderers contacted by the ANAO advised that the level of assumptions required by the RFT was a key component impacting on their ability to submit a competitive tender. These organisations asserted that, having considered the RFT, they had developed innovative technical solutions which would provide the outcomes sought, but were unable to price them competitively given the number of assumptions they perceived were required.

    2.23 The tender was open for applications for nine weeks. This was compliant with the minimum time limits of the CPRs.32 Stakeholders interviewed as part of the audit indicated that they considered this to be an acceptable timeframe for the scale, scope and complexity of the procurement. However, tenderers indicated that a stronger response from the ICT sector would have been possible if a request for information process had been undertaken by Health.

    Evaluation

    2.24 Health undertook a comprehensive Tender Evaluation process which commenced with the development of a Tender Evaluation Plan (the plan). The evaluation criteria in the plan corresponded with the evaluation criteria in the RFT documents. The plan stated that the evaluation criteria were not weighted. The RFT stated that ‘the evaluation criteria are not listed in any order of importance and Health reserves the right to attribute weightings to the criteria’.33 Health did not apply weightings as part of the evaluation processes, in accordance with their Tender Evaluation Plan. However, indicating that Health reserved the right to apply weightings during the evaluation process is not consistent with the CPRs.34 Stating in the RFT that the evaluation criteria were not weighted would have provided greater clarity and transparency to potential tenderers.

    2.25 According to the evaluation plan there were to be three stages:

    • Stage 1: Compliance Assessment—to eliminate responses that did not meet minimum conditions for participation or minimum content and format requirements.
    • Stage 2a: Interim Evaluation Process—a detailed evaluation against the evaluation criteria, providing for potential clarification with tenderers and shortlisting of tenderers.35
    • Stage 2b: Final Evaluation Process—to result in the recommendation of a preferred tenderer, and to involve further assessment, due diligence and negotiation with shortlisted tenderers.
    • Stage 3: Contract Negotiation and Finalisation—final contract negotiations with the preferred tenderer to address any outstanding issues, finalise pricing and address remaining assumptions.

    2.26 Stage 1 resulted in a compliance report which assessed tenders as compliant or non-compliant with the minimum content and format requirements of the RFT. Of the six tenders, three were assessed as compliant. The three non-compliant tenders were excluded from further evaluation.

    2.27 Figure 2.1 provides an overview of the roles and evaluation teams involved in the NCSR procurement evaluation process as outlined in the plan.

    Figure 2.1: Overview of the NCSR Tender Evaluation Structure

    Source: Department of Health, NCSR Tender Evaluation Plan, August 2015.

    2.28 The Tender Evaluation Committee scored the tenderers using an evaluation matrix, which aligned with the evaluation criteria specified in the RFT. The scores against the evaluation matrix were included in the Stage 2a Interim Evaluation Report approved by the Delegate (Deputy Secretary) on 30 November 2015. As a result of Stage 2a Interim Evaluation, two of the three compliant tenders were assessed as competitive and representing value for money and progressed to the next evaluation stage. The two tenderers were VCS, an experienced clinical registry operator which had upgraded its ICT capability in anticipation of the Renewal’s requirement for national register functionality, and Telstra, a national firm with significant ICT and call centre capability which had purchased a number of entities with health related capabilities. Both tenderers employed staff involved in, or who had visibility of, the Renewal program and/or the subsequent Blueprints.

    2.29 In December 2015 Health commenced negotiations with the two shortlisted tenderers. According to the Tender Evaluation Plan, by December 2015 the final evaluation (Stage 2b) should have been completed and a successful tenderer recommended to the Delegate. As such, the procurement was around two months behind schedule. In January 2016, the Tender Evaluation Committee was unable to determine a preferred tenderer, with key issues and risks36 remaining for both tenderers that the committee wished to address. One tenderer was assessed as having a stronger demonstrated clinical registry capability based on experience. The other tenderer was assessed as having a stronger demonstrated capability to provide scaled up national technical solutions.

    2.30 Given that the tenderers were effectively ‘tied’ and that the tendered prices exceeded the funding allocated to the NCSR in the 2015–16 Budget, on 23 December 2015 Health commenced a Tender Response Refinement process. The shortlisted tenders were each provided with a Tender Response Refinement Pack and a Cost Reduction Refined Requirements Pack. While the RFT required pricing for a transition and implementation period plus four years of operation (2017–18 to 2020–21), on 26 February 2016 Health advised both tenderers that the target price range needed to be within $131 million and $149 million for a four year period to June 2020.

    2.31 Telstra’s initial bid was lower than VCS’s and, as a result of the Tender Response Refinement and Cost Reduction Refined Requirements processes, Telstra’s price reduced by 24 per cent and VCS’s price reduced by 21 per cent. At the end of the Stage 2b Final Evaluation the Tender Evaluation Committee was unable to reach a consensus and referred the matter to the Project Board. The Board accepted the findings of the Tender Evaluation Committee that one tenderer presented higher implementation risk and the other presented higher cost and higher ICT and financial sustainability risks.

    2.32 On 18 March 2016 the Project Board recommended Telstra as the preferred tenderer. The recommendation was based on Telstra’s lower cost bid and the lower overall (untreated)37 risk profile as assessed by the Tender Evaluation Committee to achieve value for money. The Stage 3 Contract Negotiation and Finalisation Report provided to the Delegate noted that: the price submitted by Telstra was $149.2 million for a four year term; and that the proposed final contract price was $198.2 million for a five year term.38 Figure 2.2 compares Telstra’s bids, the actual contract value and the initial budget.

    Figure 2.2: Telstra’s pricing and 2015–16 Budget

    Notes: The October 2015 and February 2016 bids and the April 2016 final contract price are for five years to 2020–21; the April 2016 bid is for four years to 2019–20.

    The total maximum contract value, as published on AusTender, is $220 million (GST inclusive) which includes potential performance bonus payments.

    Source: Stage 3 Contract Negotiation and Finalisation Report.

    2.33 Figure 2.2 shows that, while Health was able to reduce tenderer prices through negotiation, it underestimated the cost of the register. On 23 March 2016 the Delegate (Deputy Secretary) approved the Project Board recommendation and, after a period of contract negotiation39, the contract was awarded to Telstra.40

    Health procurement guidance

    2.34 Health internal procurement guidance includes: Accountable Authority Instruction 3.1 Procurement; and Finance Business Rule 3.1 Procurement. This guidance reproduces the procurement obligations under the CPRs. ANAO analysis of core procurement documentation confirms that Health complied with its internal procurement guidance in relation to undertaking procurements.

    2.35 Additionally, Health’s internal guideline requires officials to actively manage all procurement contracts, including:

    • taking appropriate action consistent with the contract in circumstance of non-compliance41; and
    • managing the contract to achieve the value for money considerations that led to the supplier’s selection.42

    2.36 Health’s approach to managing the contract is outlined from paragraph 2.66.

    Did Health adequately identify and manage risks throughout the procurement?

    Health identified risks during the procurement and the Tender Evaluation Plan established an approach for managing risks. Health did not fully implement the approach set out in the plan, as untreated risks of the tenders were compared during the evaluation rather than treated risks, potentially compromising value for money outcomes. All risks that were identified for the preferred tender were considered by Health during the contract negotiation phase and treatment strategies were proposed prior to executing the contract.

    2.37 Health appropriately identified risks at all stages of the procurement process, from planning to contract negotiations, with the aim of reducing risk to Health and improving value for money outcomes.43 Throughout the procurement process Health’s tender evaluation teams identified a number of pricing issues and risks relating to the tenderers. These were considered by the Tender Evaluation Committee in forming its assessment and the Delegate was appropriately informed of the perceived strengths and weaknesses of each tenderer along with the key risks identified during the evaluation process.44

    2.38 Health developed an approach to managing risk, as required by the CPRs, which was set out in the Tender Evaluation Plan. The plan’s purpose is to minimise risks to the Commonwealth and achieve the best possible value for money outcome and required that risks and issues be identified and strategies and treatment for each identified risk be considered to arrive at a residual risk profile for each tender. However, risk treatments and strategies were not developed for all risks until Stage Three. At Stage 2b Final Evaluation the two final tenderers’ untreated risk profiles were compared, rather than their treated risk profiles.45 As such, Health did not fully implement the approach set out in its plan, which may undermine the achievement of a value for money outcome.

    2.39 At the end of Stage 2b Final Evaluation both tenderers were assessed as having a high overall risk profile. The Risk Register for this stage listed:

    1. eight risks for one tenderer, all rated high. Four of these risks did not have treatment strategies; and
    2. seven risks for the other tenderer, with five rated high and two rated extreme. Four of these risks did not have treatment strategies.

      2.40 Health identified risk treatment strategies in Stage 3 Contract Negotiation and Finalisation Report, once a preferred tenderer had been selected.

      Did Health establish effective governance, probity and conflict of interest arrangements?

      Health developed governance, probity and conflict of interest arrangements that were appropriate and commensurate to the scale of the procurement and retained appropriate documentation. Health established a framework to manage conflicts of interest and probity issues. While a number of key decision-makers complied with the approach by completing the relevant form, not all decision-makers declared existing conflicts. In addition, probity issues were not adequately documented. This weakened the effectiveness of the otherwise well designed governance framework.

      Governance structure

      2.41 As required by the ICT Investment Approval process, the Second Pass Business Case included a Governance Plan for the NCSR. The plan included a project governance phase and an ongoing governance phase.46 Figure 2.3 outlines the NCSR project governance structure.

      Figure 2.3: NCSR Project Governance, May 2015 to June 2016

      Source: NCSR Governance Structure, developed from Health’s NCSR Governance Plan.

      2.42 During the Project Governance phase, strategic governance was to be provided by the Renewal and Register Measure Control Board (Measure Control Board). Oversight of the project was to be provided by a Renewal and Register Measure Programme Office, which would coordinate the delivery of the Register, as well as the Cervical Renewal and Bowel Transition projects. Operational governance also involved the NCSR Project Board (Project Board)47, which would oversee the implementation and transition of the Register.

      2.43 The Project Board met fortnightly from May 2015, in accordance with the terms of reference, holding additional meetings as required.48 Throughout the Tender Evaluation process value for money and issues of tenderer risk were discussed regularly at the Project Board level. The Measure Control Board held its first meeting on 7 December 2015, after which meetings were held approximately every six weeks in accordance with the terms of reference.49

      2.44 On 17 June 2016, Health closed the Measure Control Board and the Project Board and replaced both Boards with a single Renewal and Register Board.50 The Renewal and Register Board was to have strategic and operational responsibilities for the Cervical Renewal and Register Measure. The first Renewal and Register Board meeting was held on 23 June 2016, with meetings continuing on a monthly basis. The Renewal and Register Board has actively monitored the progress of implementation and transition activities, with concerns raised during meetings. The Renewal and Register Board first discussed the quality of contract deliverables on 22 July 2016. Concerns regarding meeting the planned ‘Go-Live’ date were discussed on 19 August 2016. Matters discussed included: the required changes to the Medicare Benefits Schedule item associated with the new HPV test; the progress of the legislation; and data migration, noting that states and territories would not be able to provide identified data until the legislation passed.

      2.45 Along with the new Renewal and Register Board, Health established an Operational Governance Forum to assist with the day to day management and oversight of the Register. The Operational Governance Forum has generally been meeting fortnightly since June 2016, in accordance with the terms of reference. Health and Telstra representatives have been present at these meetings, with the meetings used by both parties to provide implementation updates and raise concerns about the progress of the project.

      Managing project timeframes

      2.46 Health outlined ambitious timeframes for the NCSR project at the project’s inception. Over the course of implementation, timeframes have generally not been met and key dates have been progressively rescheduled, as shown in Figure 2.4.

      Figure 2.4: Planned and actual NCSR timeframes

      Source: ANAO analysis of Health documents.

      2.47 In August 2016, three months after the contract was signed, the Board was advised of Telstra’s intention to implement the NCSR such that states and territories would not all ‘Go-Live’ by 1 May 2017. Health advised Telstra that it was concerned about this approach. Since August 2016, concerns about timeframe slippage have been regularly raised at the Project Board and Operational Governance Forum. Due to concerns about progress, in October 2016 Health commissioned a review of project status. As a result of the review, Health agreed a number of actions, including allocating additional contract management resources, reviewing the project schedule and workshopping issues with Telstra. The Secretary requested a meeting with Telstra, which was held in January 2017, and the Minister was informed in late February 2017 that the 1 May 2017 ‘Go-Live’ date would not be met.

      Documenting decisions

      2.48 Health documented all stages of the procurement and retained appropriate records, as required by the CPRs and Health’s internal guidance. The records cover each aspect of the procurement, including the process followed, how value for money was considered, relevant approvals, and key decisions.

      Probity arrangements

      2.49 An external provider was engaged to provide probity advice during the course of the procurement. The provider’s role included assisting with the establishment of probity safeguards (probity briefings, conflict of interest declarations, confidentiality deeds, attendance at evaluation discussion meetings and ad hoc probity advice) and providing sign-offs at various points in the process.

      2.50 The NCSR Probity Framework, August 2015, included a probity framework deed. The purpose of the deed was for officers involved in the procurement to acknowledge receipt and note compliance with the NCSR Probity Framework, including reporting to the Project Manager any change of circumstances in conflicts of interest since signing pre and post RFT conflict of interest forms.51 Between September 2015 and December 2016, 86 people signed the deed, including representatives from the states and territories involved in the evaluation process. The probity process and issues were discussed during training presentations for evaluation team members in September and October 2015. However, of the 11 members of the core negotiation teams, Tender Evaluation Committee and/or Project Board, only five attended probity training.

      2.51 In addition to the arrangements established to manage conflicts of interest, a probity register was maintained during the procurement, with 32 issues logged.52 Those matters that were identified and recorded on the register were appropriately addressed.

      2.52 However a number of probity issues were not adequately recorded in the register. As previously mentioned, there was evidence of provision of Health documents to VCS prior to the RFT being issued. This was raised with the Project Manager as a probity concern, but these concerns were not recorded in the register. Additionally, as discussed below, not all conflicts of interests were recorded in the register. Consequently, the probity adviser and an external provider engaged to undertake a post procurement probity review would not have had access to all the information relevant to the management of probity related issues.

      Management of conflicts of interest

      2.53 The CPRs require officials to act ethically throughout a procurement process, with officials expected to recognise and deal with actual, potential and perceived conflicts of interest.53 The CPR requirements were emphasised in the NCSR Probity Framework and officers were required to declare conflicts pre and post RFT. Fourteen per cent of officers involved in the NCSR procurement declared conflicts. Health retained all but one conflict of interest declarations made by departmental officials and external parties involved in the procurement process.54

      2.54 Where conflicts of interest were declared, the assessment of declared interests was not recorded in the probity register, or elsewhere. As such, Health was unable to demonstrate that declared conflicts were adequately considered and treated appropriately.

      2.55 The two most commonly declared potential conflicts of interest were: having a working relationship with one of the tenderers; and owning Telstra shares. Health did not provide specific guidance in relation to these potential conflicts and the declaration of conflicts was inconsistent. The ANAO identified five officers who did not declare a past or current working relationship with a tenderer, pre or post RFT. One officer, who did not declare a working relationship with a tenderer, was later identified to have an apprehended bias for one tenderer and was removed from the evaluation team.

      2.56 In relation to share ownership, one officer with a declared conflict contacted the probity adviser directly to discuss the conflict. Health did not retain a record of this discussion. The recommended probity process was not documented and the probity advisors’ advice was not communicated to all officers who declared share ownership.55 The ANAO undertook a limited review of the Telstra share registry and identified nine officers involved in the procurement who owned Telstra shares and did not disclose this fact at the time of the procurement.56 One of these conflicts related to a voting member of the NCSR Project Board. Review of the Project Board meeting minutes noted that this member voted for Telstra as the preferred tenderer.

      2.57 In addition to the specific NCSR procurement conflict of interest forms, and in accordance with section 13(7) of the Code of Conduct contained in the Public Service Act 1999, an Australian Public Service employee must: take reasonable steps to avoid any conflict of interest (real or apparent) in connection with the employee’s APS employment; and disclose details of any material personal interest of the employee in connection with the employee’s APS employment. Accountable Authorities and Senior Executive Service level employees are required to declare in writing, at least annually, their own and their immediate family’s financial and other interests that could cause a real or apparent conflict of interest.57 Seven out of 11 senior executives identified by the ANAO as being involved in the NCSR procurement activities did not complete annual conflict of interest and personal interest disclosures. Of the four disclosures reviewed, two related to the period before the procurement (2012 and 2014) and Health was not able to locate more current declarations. No annual conflict of interest and personal disclosure was provided to the ANAO regarding the Delegate.

      2.58 While the onus to identify and declare conflicts resides with individual staff members, the responsibility for maintaining the integrity of the procurement process remains with Health. The 14 undisclosed conflicts identified by the ANAO indicate that declaring conflicts of interests was not undertaken consistently. The integrity of the procurement process was weakened by the partial or incomplete application of the NCSR Probity Framework.

      Recommendation No.1

      2.59 Health should ensure that:

      1. actual, potential and perceived conflicts of interest records are maintained, up-to-date and appropriately addressed; and
      2. Senior Executive Service employees declare in writing, at least annually, their own and their immediate family’s financial and other interests.

      Department of Health’s response: Agreed.

      2.60 Health is strengthening its conflict of interest declaration and management processes. This includes a focus on the declaration and management of any actual, potential and perceived conflicts of interest that may arise in relation to significant procurement exercises. In addition, Health has recently automated the conflict of declaration and management process for SES. As at 23 May 2017, 82 per cent of SES has in place a SES conflict of interest declaration outlining their own and immediate family’s financial and other interests.

      Did Health’s approach to contracting the selected tenderer effectively support the achievement of outcomes?

      Health’s approach to contracting Telstra included due diligence activities, which satisfied the department that the preferred tenderer’s proposal represented value for money and would achieve the intended outcome. While the contract included timeframes for a number of key deliverables, Health and Telstra have not yet agreed on a project schedule, as well as the timing and content of some other key deliverables. Due to delayed implementation of the project, the initial ‘Go-live’ date was not met. As a result, value for money outcomes have been compromised and the Commonwealth will incur additional costs.

      Contract negotiations

      2.61 On 23 March 2016 the Delegate approved the Project Board’s recommendation and Telstra was informed that it was the preferred tenderer, subject to successful negotiation of a contract. Health held seven contract negotiation sessions with Telstra between 12 and 22 April 2016 to review and discuss outstanding issues, with the objective of concluding the final contract.

      2.62 Due diligence activities, such as referee checks and interviews with key personnel, were conducted at Stage 2b Final Evaluation and in the Stage 3 Contract Negotiation and Finalisation Process. At the conclusion of negotiations and Stage 3, Health was satisfied that Telstra was capable of performing the required roles and that Telstra’s offer represented value for money. On 4 May 2016 a contract was signed with Telstra. This was two months after the scheduled date recorded in the Procurement Plan, compressing an already ambitious timeframe for implementation of the register.

      2.63 The final contract referenced a gap list58 of items discussed during contract negotiations but which remained unresolved at the time the contract was executed. The contract required the gap list to be finalised within 20 days of contract commencement. Health advised that the gap list was agreed in April 2017.

      Managing privacy issues through the contract

      2.64 The management of data and privacy in relation to the NCSR has been noted as a concern to stakeholders.59 The contract with Telstra included a number of mechanisms to manage and support the privacy of data, including60:

      • a requirement that Telstra submit a draft Commonwealth Data Protection Plan within 40 days of the contract being signed. The plan is a key document to manage issues relating to privacy of data. Telstra’s initial plan was submitted in the required timeframe and was subsequently revised in response to feedback from Health. The draft plan was formally rejected by Health on 9 December 2016 on the grounds that it did not comply with the requirements of the Contract. As at March 2017, the Commonwealth Data Protection Plan has not been accepted by Health.
      • a requirement that Telstra submit its privacy policy or Security Risk Management Plan relating to data and privacy management. These documents were initially due on 11 November and 14 November 2016 respectively, but remain outstanding as at March 2017.
      • Deed of Confidentiality and Privacy to be signed by Telstra and its subcontractors.61 Health monitors Telstra’s compliance with this requirement through a register. As at March 2017, Health’s register was incomplete.
      • a requirement that Telstra staff with direct access to the register, data or a ‘Health Site’62 have the appropriate security clearance.63 In September 2016, Health indicated that it was dissatisfied with Telstra’s progress in obtaining security clearances for Telstra personnel. As at March 2017 Health’s security clearance and confidentiality register was incomplete.64

      Contract management

      2.65 The ANAO reviewed documentation held by Health and interviewed Health and Telstra staff. The ANAO has not audited Telstra’s implementation of the NCSR.

      2.66 While documentary deliverables are only one aspect of Telstra’s implementation of the project, the deliverables are a key mechanism by which Health obtains visibility of implementation progress.65 Health monitors the status of contract deliverables using a Deliverables Register. Health, in conjunction with Telstra, developed the register of 3766 deliverables by re-classifying and combining the 92 deliverables contained the NCSR contract. A delivery date is stipulated in the contract for 12 of the 37 deliverables; 25 do not have an assigned date. Deliverables were to be provided in accordance with the timeframes agreed in the Master Project Schedule. While Telstra has submitted multiple versions of the Master Project Schedule, which included varying deliverable due dates, Health is yet to approve this key contract requirement. Health’s feedback on the schedule was that inadequate timing had been provided for testing and contingencies.67 As at 17 March 2017, Telstra had submitted 19 of the 24 deliverables due at that time according to the 17 March 2017 version of the Master Project Schedule. Table 2.1 provides a summary of contract deliverable status.

      Table 2.1: Summary of deliverables status, as at 17 March 2017

      Description

      Number

      Total deliverables in the Deliverables Register

      37

      Number of deliverables due before or on 17 March 2017 (as per Telstra’s initial Master Project Schedulea, dated June 2016)

      36

      Number of deliverables due before or on 17 March 2017 (as per Telstra’s revised Master Project Schedulea, dated January 2017)

      24

      Total deliverables submitted by Telstra

      19

      Number of deliverables accepted by Health

      2 accepted

      2 conditionally accepted

      Number of deliverables rejected by Health

      12

      Number of deliverables pending acceptance or rejection

      3

      Deliverables yet to be submitted by Telstra

      18

         

      Note a: Telstra’s Master Project Schedule has not been accepted by Health.

      Source: ANAO analysis of Health documents.

      2.67 Health’s contract management involves providing informal feedback in meetings and via emails before providing formal feedback. For example, prior to the formal conditional acceptance (in November 2016) and acceptance (in December 2016) of the Due Diligence Report, updated versions of the document and Health’s comments were emailed between Health and Telstra throughout August, September and October 2016. For the 19 deliverables received, Health provided final feedback to Telstra in 104 days on average. Appendix 2 shows the status of documentary deliverables, as at 17 March 2017.

      2.68 The final contract includes milestone payments based on the delivery of outputs and achievement of outcomes, subject to a minimum base spend per year. The contract specifies eight milestone payments to Telstra prior to ‘Go-Live’, to a total of $19.95 million. To date, two milestone payments have been made:

      • Milestone 1: Execution of binding Services Agreement—$5.98 million; and
      • Milestone 2: Due Diligence Report—$997 350.

      2.69 When reviewing the contract management documentation and relevant correspondence, the ANAO identified four key issues:

      • The quality of deliverables and documents provided by Telstra. Health has provided regular feedback regarding the quality of Telstra’s deliverables through the Operational Governance Forums, deliverable reviews and email correspondence. In an effort to progress resolution on delivery issues, Health requested Telstra to take corrective action regarding the quality of deliverables. Telstra has responded formally via letter and action is ongoing.
      • The timing of Telstra’s receipt of data from states and territories. Under the contract it is Telstra’s responsibility to collaborate with the states and territories regarding data collection. In December 2016 Telstra advised Health of challenges in obtaining data from some of the states and territories and requested a time extension. All state and territory data was provided to Telstra in January 2017.
      • The timing of providing Telstra with Medicare data and information about the interface between the register and the Department of Human Services’ (DHS) systems. Under the contract Medicare data is a ‘Health Supplied Item’. The contract does not specify a delivery date for this item, but states that timing was ‘ongoing’ and ‘to be resolved in Implementation Period’. The funding agreement between Health and DHS states that the Medicare data migration was to be completed by 17 March 2017. Telstra advised the ANAO that it received the Medicare data on 15 May 2017.
      • The incompleteness and quality of Medicare data initially provided to Telstra. Telstra has advised Health that some Medicare data files previously provided could not be reviewed (because the files were corrupted), and that the completeness of some files could not be determined (because of the transfer process used) and the data that could be reviewed was incomplete.

      2.70 Telstra advised the ANAO that access to complete and reliable Medicare data is a requirement for the effective operation of NCSR and Health’s objective of ‘one-person one-record’. Further, Telstra advised that it had anticipated that Medicare data would be provided to it by 1 December 2016 and that the absence of complete and reliable Medicare data has impacted on its ability to achieve a number of key deliverables.

      2.71 In November 2016 Health commissioned a review of the implementation of the NCSR project. This review noted that the key deliverables were not provided to Health and that, in the absence of acceptable documentation being provided by Telstra, Health lacked visibility of the actual progress being made, exposing Health to unreasonable risk.68 The review observed that when deliverables were not achieved, Health staff ‘tended to help Telstra’ to achieve compliance, and were (initially) reluctant to escalate early.

      2.72 Prior to the RFT, Health estimated ongoing contract management costs of $199 365 a year, and $435 866 in 2015–16 and $635 799 in 2016–17 for Health staff to support the register build and implementation.69 The review found that Health’s project team was under-resourced. In response to the review, additional resources were allocated to the National Cancer Screening Register Implementation Branch within Health.

      2.73 Telstra advised Health on 14 December 2016 that the ‘Go-Live’ dates of 20 March 2017 for bowel and 1 May 2017 for cervical could not be met, and this advice was escalated to the Secretary. The Minister was informed in late February 2017 that the 1 May 2017 ‘Go-Live’ date would not be met.

      2.74 On 23 February 2017 Health released a public statement confirming that, due to the complexity of assimilating and migrating data from eight state and territory cancer registers into one register, the implementation of the NCSR would not meet the ‘Go-Live’ date of 1 May 2017. Current cancer screening services will be maintained until the NCSR becomes operational. On 27 February 2017 Health announced a revised implementation date for the new cervical screening test of 1 December 2017, which is contingent on the new national register being in place. To ensure the ongoing provision of cervical cancer screening services in all states and territories, Health has allocated an additional $16.5 million for pathology providers to continue to provide access to the current Pap smear testing until the new testing program begins, including $3 million for pathology workforce retention. Additionally, the savings anticipated to be achieved from the NCSR operations will be delayed.

      2.75 Ongoing monitoring of progress and strong pro-active management of the contract will be required if value for money is to be achieved in the establishment of the NCSR.

      Appendices

      Appendix 1 Entity responses

      Department of Health

      Telstra Corporation Limited

      Appendix 2 Status of contract documentary deliverables, as at 17 March 2017

      Deliverable or artefact name

      Deliverable status

      Commonwealth Data Protection Plan (CDPP)

      Rejected

      Data Migration Plan

      Rejected

      Data Migration Strategy

      Rejected

      Education and Training Plan

      Rejected

      Feedback and Complaints Management Plan

      Rejected

      Implementation and Transition Plan

      Rejected

      Master Project Management Plan

      Rejected

      Master Project Schedule

      Rejected

      Quality Management Plan

      Rejected

      Resource Management Plan

      Rejected

      Risk Management Plan

      Rejected

      Solution Architecture (Detailed)

      Rejected

      Risk Register

      Conditionally accepted

      Solution Architecture (High Level)

      Conditionally accepted

      Due Diligence Report

      Accepted

      Stakeholder Management Plan (Stakeholder Management and Communications Plan)

      Accepted

      Cutover and Rollback Plan

      Pending acceptance or rejection

      Knowledge Management Plan

      Pending acceptance or rejection

      Master Test Plan

      Pending acceptance or rejection

      Bill of Materials

      Not yet submitted

      Change Management Plan

      Not yet submitted

      Detailed Design

      Not yet submitted

      Disaster Recovery Plan

      Not yet submitted

      Disengagement Plan

      n/a#

      Feedback and Complaints Register

      Not yet submitted

      FOBKIT fulfilment and distribution BCP includes ICT BCP

      Not yet submitted

      Governance & Steering Committee Reports

      n/a##

      Key Management Plan

      Not yet submitted

      Master Test Summary Report

      Not yet submitted

      NCSR Documentation Repository

      Not yet submitted

      Operations Policy and Procedure Manual

      Not yet submitted

      Policies and Procedures Manual

      Not yet submitted

      Privacy Policy

      Not yet submitted

      Release Management Plan

      n/a##

      Security Risk Management Plan (SRMP)

      Not yet submitted

      Service Catalogue

      Not yet submitted

      Web Analytics Tool

      Not yet submitted

         

      Note:

      # deliverable is required to facilitate conclusion of the contract.

      ## deliverable is required on a regular ongoing basis.

      Source: ANAO analysis of Health documents.

      Footnotes

      1 Department of Health, Outcome 1: A reduction in the incidence of preventable mortality and morbidly, including through national public health initiatives, promotion of healthy lifestyles, and approaches covering disease prevention, health screening and immunisation, Annual Report 2015–16, p. 44.

      2 The National Cancer Screening Register Bill 2016 and the National Screening Register (Consequential and Transitional Provisions) Bill 2016 included a resolution requesting that the Auditor-General conduct a performance audit under the Auditor-General Act 1997 to assess:

      (a) whether the Department of Health appropriately managed the procurement of services relating to the register; and

      (b) whether the processes adopted for the procurement of services met the requirements of the CPRs including consideration and achievement of value for money.

      3 Department of Health, Outcome 1: A reduction in the incidence of preventable mortality and morbidly, including through national public health initiatives, promotion of healthy lifestyles, and approaches covering disease prevention, health screening and immunisation, Annual Report 2015–16, p. 44.

      4 Six of eight jurisdictions operate their registers ‘in-house’. The Victorian Cytology Service (VCS) is the contracted operator of the cervical registers in the other two jurisdictions, Victoria and South Australia.

      5 Pap smear tests detect early changes in the cervix before cervical cancer develops, and can also detect if cervical cancer is present. Source: Department of Health, Cancer Screening, available at: <http://www.cancerscreening.gov.au/> [accessed February 2017].

      6 The Medical Services Advisory Committee appraises new medical services proposed for public funding, and provides advice to the Government on whether a new medical service should be funded.

      7 The Senate, Community Affairs Legislation Committee, National Cancer Screening Register Bill 2016 [Provisions], National Cancer Screening Register (Consequential and Transitional Provisions) Bill 2016 [Provisions], October 2016, p. 12.

      8 This test is used to collect samples of bowel motions, which are then analysed to detect traces of blood. While the test cannot diagnose bowel cancer, the results indicate whether a further test is needed to rule out bowel cancer. The NBCSP is administered by the Department of Health to the point of Faecal Occult Blood Test result on the screening pathway. The department funds the states and territories to perform the Participant Follow-Up Function (PFUF) with those participants who have received a positive Faecal Occult Blood Test result, but who have not been recorded as having seen a health practitioner.

      9 The National Health and Medical Research Council operate under the National Health and Medical Research Council Act 1992 with the purpose of promoting the development and maintenance of public and individual health standards. The council reports to the Minister for Health.

      10 The additional $29.9 million was approved to reflect higher than anticipated build, maintenance and operational costs and increased postage costs.

      11 For example, the current bowel screening program is manually intensive and relies largely on paper-based reporting.

      12 Department of Health, National Cancer Screening Register, available at: <http://www.health.gov.au/internet/main/publishing.nsf/Content/National-Cancer-Screening-Register>, [accessed February 2017]> [accessed February 2017].

      13 The National Cancer Screening Register Bill 2016 and the National Screening Register (Consequential and Transitional Provisions) Bill 2016 were passed in both houses of Parliament in October 2016.

      14 Department of Health, Submission to the Senate Standing Committee on Community Affairs Legislation Committee: Inquiry into the National Cancer Screening Register Bill 2016 and National Cancer Screening Register (Consequential and Transitional Provisions) Bill 2016, September 2016, p. 8.

      15 The National Cancer Screening Register Bill 2016 and the National Screening Register (Consequential and Transitional Provisions) Bill 2016 included a resolution requesting that the Auditor-General conduct a performance audit under the Auditor-General Act 1997 to assess:

      (a) whether the Department of Health appropriately managed the procurement of services relating to the register; and

      (b) whether the processes adopted for the procurement of services met the requirements of the CPRs including consideration and achievement of value for money.

      16 The ICT Investment Approval Process is available at: <https://www.finance.gov.au/policy-guides-procurement/ict-investment-framework/ict-two-pass-review/> [accessed February 2017].

      17 The Commonwealth Procurements Rules (CPRs) are issued under the Public Governance, Performance and Accountability Act 2013 and articulate the requirements for officials performing duties in relation to procurement. The CPRs were updated on 1 March 2017. In this audit any reference to the CPRs relates to the CPRs issued in 2014, which applied at the time of the procurement.

      18 Known as Accountable Authority Instructions and Finance Business Rules.

      19 Health originally proposed to complete the systems build by September 2016. Finance feedback, provided in December 2014, noted that Health would be unlikely to achieve this timeframe due to the timing of the Second Pass Business Case review requirement.

      20 The National HPV Vaccination Register is operated for the Department of Health by the Victorian Cytology Service (VCS), available at< http://www.hpvregister.org.au/> [accessed February 2017].

      21 The National eHealth Transition Authority, Evolution of eHealth in Australia: Achievements, lessons and opportunities noted that ‘[d]ifficulties in digital health implementations have been experienced all around the world. Even the most advanced countries face challenges relating to interoperability, uniform coding of patient information, and dealing with privacy and security concerns’ and ‘[i]n short, doing eHealth is not easy and it very complex’, 2016, pp. 6 and 37.

      22 In October 2016, a report by the Senate Community Affairs Legislation Committee noted that the HPV test for cervical screening requires a much lower level of labour intensity than the previous Pap test. In anticipation of the Renewal, many cytologists previously performing Pap smear tests have moved to alternative careers, impacting on the sector’s capacity to conduct screening at current levels.

      23 The additional $29.9 million was approved to reflect higher than anticipated build, maintenance and operational costs and increased postage costs.

      24 In this audit any reference to the CPRs relates to the CPRs issued in 2014, which applied at the time of the procurement.

      25 CPR 4.2 requires entities to consider whether the procurement will deliver the best value for money, including by considering stakeholder input, the scale and scope of the business requirement, and the markets’ capacity to competitively respond to a RFT. In achieving value for money CPR 4.4 requires that procurements encourage appropriate engagement with risk.

      26 In 2013 and 2014, Health engaged with stakeholders to develop two ‘Blueprints’, which outline the high level requirements and high level design for a national bowel cancer register and a national cervical cancer register. An outcome of this process was a proposal that two registers could be facilitated through a single ICT platform.

      27 Six of eight jurisdictions operate their registers ‘in-house’. The Victorian Cytology Service (VCS) is the contracted operator of the cervical registers in the other two jurisdictions, Victoria and South Australia. VCS also provides contracted register functions to the Australian Government for the HPV vaccine and to the Victorian State Government for the National Bowel Cancer Screening Program Participant Follow Up Function (PFUF). Part of Health’s engagement with the states and territories included consultation with VCS.

      28 CPR 10.11: A relevant entity may conduct market research and other activities in developing specification for a particular procurement and allow a supplier that has been engaged to provide those services to participate in procurements related to those services. Relevant entities must ensure that such a supplier will not have an unfair advantage over other potential suppliers.

      29 The PFUF guidelines were provided to Telstra in February 2016 during the negotiation period.

      30 Probity issues are discussed further from paragraph 2.49.

      31 CPR 10.6 requires tender documentation to include a complete description of:

      a. the procurement, including the nature, scope and, when known, the quantity of the goods and services to be procured and any requirements to be fulfilled, including any technical specifications, conformity certification, plans, drawings, or instructional materials;

      b. any conditions for participation, including any financial guarantees, information and documents that potential suppliers are required to submit;

      c. any minimum content and format requirements;

      d. evaluation criteria to be considered in assessing submissions; and

      e. any other terms or conditions relevant to the evaluation of submissions.

      32 CPR 10.19 requires the time limit for potential suppliers to lodge a submission to be at least 25 days from the date and time that a relevant entity publishes an approach to market for an open tender.

      33 Department of Health, RFT Health /124/1414 Part 1 Process and Conditions, August 2015, p. 79.

      34 CPR 7.10 and CPR 10.12 require that procuring entities must not modify the evaluation criteria once the RFT has been issued without notifying all potential suppliers that are participating in the RFT.

      35 Stage 2a Interim Evaluation Process took place in two parts: Stage 2a Interim Evaluation and Stage 2a (Second Pass) Interim Evaluation.

      36 Risks are discussed in more detail from paragraph 2.37.

      37 The use of untreated risk is discussed at paragraph 2.38.

      38 These figures exclude GST.

      39 See further discussion at paragraph 2.61.

      40 The contract was published on AusTender in accordance with the CPRs.

      41 Department of Health, Accountable Authority Instruction 3.1 Procurement, section 51.

      42 Department of Health, Finance Business Rule R3.1 Procurement, section 2f(ii).

      43 CPR 8.2 requires officials to establish processes for the identification, analysis, allocation and treatment of risks when conducting procurements.

      44 Information on risks and the Tender Evaluation Committee assessment of tenderer strengths and weaknesses were included in the Stage 2a Interim Evaluation Report and the Stage 2b Final Evaluation Report approved by the Delegate.

      45 The Tender Evaluation Committee and the Project Board were aware that the ‘extreme’ financial viability risk associated with one tenderer could have been treated by Health’s application of mutually agreeable commercial arrangements. The Project Board, in ranking the tenderers, compared the untreated risks profiles for each tenderer.

      46 The project governance phase related to the planning, implementation and transition of the NCSR and the ongoing governance phase was subject to negotiations with states and territories, with a model to be agreed once the contract with the service provider was finalised.

      47 The NCSR Project Board consisted of Health officials including: four voting members at First Assistant Secretary and Assistant Secretary levels; five non-voting members in advisory and project management roles; and observers.

      48 Twenty seven meetings were held, with the final meeting taking place on 12 May 2016.

      49 A total of five Measure Control Board meetings were held, with the final meeting taking place on 3 June 2016. There was no quorum at the final meeting due to the unavailability of members and no formal decisions were taken.

      50 The Renewal and Register Board consists of Health (Deputy Secretary, Chief Medical Officer, First Assistant Secretary, Chief Information Officer, Assistant Secretary, General Manager, and National Manager), Telstra (Senior Executive Sponsor, Program Manager, and Managing Director) and state and territory subject matter experts and observers.

      51 Pre RFT conflict of interest forms were signed between July 2015 and October 2015. The purpose of the pre RFT forms was to identify any potential conflicts (without the tenderers being known). Post RFT forms were signed between October 2015 and April 2016. The purpose of the post RFT forms were to identify any perceived or actual conflicts once the final tenderers and sub-contractors were known.

      52 The first issue was logged in July 2015 and the most recent entry was recorded in March 2016. Nineteen of the issues were sent to the probity advisor and 13 probity issues were managed internally. Where a probity issue first arose, for example a request to be a referee or contact from a tenderer, the matter was referred to the probity advisor. Subsequent similar issues were then dealt with internally, consistent with the advice from the probity adviser.

      53 CPR 6.6.

      54 One conflict of interest form could not be located for an officer who acted in a voting member role at one Project Board meeting. The Stage 3 Contract Negotiation and Finalisation Report was endorsed at this meeting.

      55 The recommend process was that the probity advisor would first determine the materiality of the shares based on whether they were ordinary or preference shares, the size of the shareholding and the likely value of shares. Based on the assessment of share materiality, the probity advisor then advised the officer to not trade in the shares during the procurement process as they had access to confidential information that could provide an advantage when trading in the sharemarket.

      56 The ANAO searched the Telstra registry for all officers involved in the procurement, and where possible matched addresses to Health’s records to verify officers’ identity.

      57 Australian Public Service Commission, Declaration of interests, available at: <http://www.apsc.gov.au/working-in-the-aps/your-rights-and-responsibilities-as-an-aps-employee/declaration-of-interests> [accessed February 2017].

      58 Gap lists were developed to provide clarity on interpretation of contract terms and clauses reflecting the discussion between the parties during the negotiation period. Because the gap lists were not resolved prior to the contract execution, a clause referencing the gap list was inserted into the contract. In practice there were three gap lists, with the technical gap list finalised 4 June 2016, the business gap list finalised 12 October 2016 and the legal gap list close to finalisation in April 2017.

      59Senate Inquiry, Community Affairs Legislation Committee, National Cancer Screening Register Bill 2016 [Provisions] National Cancer Screening Register (Consequential and Transitional Provisions) Bill 2016 [Provisions], October 2016, pp. 8–11.

      60 Other data management and privacy requirements in the contract include; complying with the Commonwealth Protective Security Manual and the Information Security Manual; obligations to have in place safeguards against the unauthorised access, misuse, damage, destruction, loss, alteration or corruption of Health data; obligations to only use the data in accordance with the contract and not to commercially exploit data; restrictions on data being taken outside of or stored outside of Australia; obligations to comply with the Privacy Act and applicable regulations and codes; and obligations to notify Health in the event of a breach of privacy.

      61 The contract states that the service provider must ensure that its personnel have, if requested by Health, signed an undertaking in the form of Schedule 9 – Health Deed of Confidentiality and Privacy.

      62 ’Health Site’ is not defined in the contract.

      63 Appropriate security clearance is defined in the contract as Baseline or Negative Vetting 1, depending on level of access to data.

      64 Other data management and privacy requirements in the contract include; complying with the Commonwealth Protective Security Manual and the Information Security Manual; obligations to have in place safeguards against the unauthorised access, misuse, damage, destruction, loss, alteration or corruption of Health data; obligations to only use the data in accordance with the contract and not to commercially exploit data; restrictions on data being taken outside of or stored outside of Australia; obligations to comply with the Privacy Act and applicable regulations and codes; and obligations to notify Health in the event of a breach of privacy.

      65 Other mechanisms include access to data, fit-out of premises, and build of ICT test and production environments.

      66 Deliverables are numbered one to 36, with one deliverable split in two.

      67 Health provided Telstra with a formal Rejection Certificate for the Master Project Schedule on 12 December 2016.

      68 Tetra, Review and Recommendation regarding the implementation of the National Cancer Screening Register, November 2016, p. 5.

      69 Policy staff are also engaged outside of the register project in cervical renewal and bowel transition activities.

      Related documents: