Audit snapshot

Why did we do this audit?

  • Effective regulation of permits and compliance in the Great Barrier Reef Marine Park is critical to provide for the long-term protection and conservation of the environment, biodiversity and heritage values of the Great Barrier Reef Region.
  • This follow-up audit assessed whether the Great Barrier Reef Marine Park Authority (GBRMPA) has implemented an appropriate permissions system to manage risk and preserve the environmental, social and economic significance of the Marine Park and its World Heritage listing.

Key facts

  • The Great Barrier Reef (the Reef) makes up about 10 per cent of the world’s coral reef ecosystems. In 1981, the Reef was declared a World Heritage Area.
  • In August 2015 the ANAO made five recommendations to GBRMPA to improve the regulation of permits and approvals, and manage risks to the Reef.

What did we find?

  • GBRMPA’s regulation of permits and approvals is partially effective. GBRMPA has not fully implemented the recommendations from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals.
  • Arrangements for processing, assessing and approving permit applications are largely appropriate.
  • Arrangements for managing and monitoring permissions are partially appropriate.
  • GBRMPA has partially established an appropriate non-compliance framework.

What did we recommend?

  • The Auditor-General made seven recommendations to GBRMPA.
  • GBRMPA agreed to all seven recommendations.

1447

At 30 June 2020, there were 1447 permits being managed, covering 4674 permissions.

284

Permit decisions made in 2019–20 from 323 properly made applications.

210

Alleged permissions non-compliances identified during 2019–20.

Summary and recommendations

Background

1. The Great Barrier Reef (the Reef) extends along the east coast of Queensland from Cape York to Bundaberg (approximately 2300 kilometres) and makes up around 10 per cent of the world’s coral reef ecosystems.1 In 1981, the Reef was declared a World Heritage Area.2

2. The Great Barrier Reef Marine Park Authority (GBRMPA) estimates the Reef contributes approximately $6.4 billion each year to the Australian economy and around 64,000 full time jobs.3

3. GBRMPA has primary responsibility for applying the Great Barrier Reef Marine Park (the Marine Park) regulatory framework. This framework includes a permit system for particular activities within the Marine Park. Permits must be obtained prior to commencement of these activities.4

4. Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals identified shortcomings across GBRMPA’s assessment of permit applications, monitoring of permit holder compliance and responses to permit non-compliance.5

5. GBRMPA accepted all five audit recommendations. This included a five year plan intended to address these recommendations by the end of 2019–20. GBRMPA reported to the Joint Committee of Public Accounts and Audit (JCPAA) in October 2018 that Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals Recommendations no. 1 to 3 were ‘comprehensively addressed’ and Recommendations no. 4 and 5 were ‘achieved’.

Rationale for undertaking the audit

6. Effective regulation of permits and compliance in the Marine Park is critical to provide for the long-term protection and conservation of the environment, biodiversity and heritage values of the Great Barrier Reef Region.

7. Reports of parliamentary committees and the Auditor-General identify risks to the successful delivery of outcomes and areas where administrative or other improvements can be made. The appropriate and timely implementation of agreed recommendations is an important part of realising the full benefit of an audit or parliamentary inquiry, and for demonstrating accountability to the Parliament.

8. Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals identified shortcomings in GBRMPA’s regulatory processes and practices, which undermine the effectiveness of the permit system as a means of managing risks to the Marine Park. In its inquiry into the ANAO report, the JCPAA noted the shortcomings and recommended GBRMPA accelerate its implementation of the recommendations.

9. This follow-up audit will provide assurance that GBRMPA has implemented appropriate systems to manage risk and preserve the environmental, social and economic significance of the Marine Park and its World Heritage listing.

Audit objective and criteria

10. The audit objective was to examine the effectiveness of GBRMPA’s regulation of permits and approvals, including its implementation of recommendations from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals.

11. To form a conclusion against this objective, the ANAO adopted the following high-level criteria:

  • Are there appropriate arrangements for processing, assessing and approving permit applications?
  • Are there appropriate arrangements for managing and monitoring permissions?
  • Has an appropriate non-compliance framework been established?

Conclusion

12. GBRMPA’s regulation of permits and approvals is partially effective. Once fully implemented, changes to permissions monitoring and non-compliance management introduced in early 2021 have the potential to improve regulation of permits and approvals. GBRMPA has not fully implemented the recommendations from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals.

13. Arrangements for processing, assessing and approving permit applications are largely appropriate. However, GBRMPA has not fully implemented Recommendations no.1 and 2 from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals. GBRMPA has not established efficiency metrics that demonstrate to the public and the Parliament that it is properly managing the public resources for which it is responsible.

14. Arrangements for managing and monitoring permissions are partially appropriate. Key components of a compliance monitoring framework were not implemented until 2021. Further improvements are required to fully implement Recommendations no.3 and 4. The advice GBRMPA provided to the Joint Committee of Public Accounts and Audit (JCPAA) in relation to the implementation of Recommendations no.3, 4 and 5 from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals did not clearly articulate the status of work completed and the scope of outstanding work.

15. GBRMPA has partially implemented an appropriate non-compliance framework. GBRMPA is currently implementing information systems and procedures that have the potential to provide an improved non-compliance framework. Further planned improvements are required to fully implement these elements. Permissions non-compliance activities up to March 2021 were not supported by appropriate procedures or information systems.

Supporting findings

16. Procedures largely support the processing of permit applications in line with legislative and policy requirements. However the previous audit recommendation to review and finalise procedures has only been partially implemented. Training and communications related to permit application processing have been established, but not all staff have completed mandatory training.

17. The permit assessment process is largely effective. While timeliness of assessments has improved since the previous audit, GBRMPA does not have appropriate arrangements in place to adequately measure or monitor the efficiency of assessments.

18. Procedures largely support permit approval decisions. Application assessment report templates were revised and expanded to address all mandatory assessment criteria under the Regulations. There is scope for improved monitoring of internal procedural requirements for exercising permit-related delegations.

19. GBRMPA has reviewed some standard conditions through two processes since the previous audit. However, there is no formalised policy requiring the review of all standard conditions on a periodic basis. The first review conducted in 2016 informed the implementation of changes to the permissions system that came into effect in October 2017. GBRMPA commenced a further review of standard conditions in 2019. The second review is ongoing with no conditions yet amended as a result of this review.

20. GBRMPA has partially established a permissions monitoring framework. A five-year plan to establish this framework, developed in response to Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, was not completed within planned timeframes. Procedural and system deliverables were not implemented until March 2021.

21. GBRMPA is unable to demonstrate it has efficiently and effectively monitored permissions compliance. Performance reporting does not clearly demonstrate the effectiveness of permissions monitoring.

22. Key information system and procedural elements of the permissions non-compliance framework were not implemented until March 2021. Further improvements are required to fully establish an effective framework.

23. GBRMPA is unable to demonstrate it has managed permissions non-compliance consistently with the framework, as this was not established until March 2021.

24. GBRMPA finalised procedures and systems that support appropriate closure of investigations in March 2021. Record-keeping practices for investigations of allegations received prior to March 2021 do not provide appropriate assurance that enforcement actions have been verified prior to closure.

Recommendations

Recommendation no. 1

Paragraph 2.21

The Great Barrier Reef Marine Park Authority review and finalise internally managed business procedures, including establishing relevant documents as controlled documents, in order to fully implement Recommendation no.1 from Auditor-General Report No.3 2015–16 Regulation of the Great Barrier Reef Marine Park Permits and Approvals. External documents should also be reviewed and established as controlled documents where relevant.

Great Barrier Reef Marine Park Authority response: Agreed.

Recommendation no. 2

Paragraph 2.61

The Great Barrier Reef Marine Park Authority establish efficiency indicators to assist in monitoring its use of public resources and meet its reporting requirements under the Public Governance, Performance and Accountability Act 2013.

Great Barrier Reef Marine Park Authority response: Agreed.

Recommendation no. 3

Paragraph 2.80

The Great Barrier Reef Marine Park Authority improve monitoring, tracking and visibility of mandatory training requirements and conflict of interest declarations to provide assurance over staff capability to exercise delegations.

Great Barrier Reef Marine Park Authority response: Agreed.

Recommendation no. 4

Paragraph 3.20

The Great Barrier Reef Marine Park Authority implement agreed review recommendations as key stages of the review of standard conditions are completed in order to:

  • address the identified issues and ensure the desired improvements to regulation are achieved; and
  • fully implement Recommendation no.3 from Auditor-General Report No.3 2015–16 Regulation of the Great Barrier Reef Marine Park Permits and Approvals.

This should include developing a master list of all standard conditions and tracking of amendments, including the basis for amendments, over time.

Great Barrier Reef Marine Park Authority response: Agreed.

Recommendation no. 5

Paragraph 3.58

The Great Barrier Reef Marine Park Authority review and implement improved governance arrangements for monitoring the implementation of parliamentary committee and external audit recommendations, including ensuring the audit committee provides clear advice to the accountable authority on the closure of recommendations.

Great Barrier Reef Marine Park Authority response: Agreed.

Recommendation no. 6

Paragraph 3.85

The Great Barrier Reef Marine Park Authority establish a performance framework that includes clear external and internal performance measures, including regulator performance reporting. This framework should incorporate efficiency measures as outlined in Recommendation no.2.

Great Barrier Reef Marine Park Authority response: Agreed.

Recommendation no. 7

Paragraph 4.37

The Great Barrier Reef Marine Park Authority implement arrangements to provide assurance that legislated delegations related to management of permissions non-compliance are exercised in accordance with delegation instruments.

Great Barrier Reef Marine Park Authority response: Agreed.

Summary of Great Barrier Reef Marine Park Authority response

The Great Barrier Reef Marine Park Authority (the Authority) would like to thank the Australian National Audit Office for its work in conducting the follow-up audit into the Authority’s regulation of permits and approvals. The Authority acknowledges the audit findings and recommendations and welcomes opportunities for improvement.

Acknowledging some of the substantial improvements since the 2015–16 performance audit are yet to be fully implemented, significant achievements have been made in a dynamic and complex operating environment. The Authority continues to improve regulatory maturity, focusing resources to transform Marine Park policies and plans and streamlining our approach to the management of the permission system based on contemporary risks.

Key messages from this audit for all Australian Government entities

Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Governance and risk management

Performance and impact measurement

Records management

1. Background

Introduction

1.1 The Great Barrier Reef (the Reef) extends along the east coast of Queensland from Cape York to Bundaberg (approximately 2300 kilometres) and makes up around 10 per cent of the world’s coral reef ecosystems.6 It contains a range of unique ecological communities, habitats and animal and plant species.7

1.2 In 1981, the Reef was declared a World Heritage Area.8 GBRMPA estimates the Reef contributes approximately $6.4 billion each year to the Australian economy and around 64,000 full time jobs.9

1.3 The Great Barrier Reef Marine Park Act 1975 (GBRMP Act) establishes the Great Barrier Reef Marine Park (the Marine Park) to provide for the long-term protection and conservation of the environment, biodiversity and heritage values of the Great Barrier Reef Region. The Marine Park encompasses approximately 70 Commonwealth islands and all waters beyond the low water mark, excluding Queensland internal waters and trading ports (see Figure 1.1).10

Figure 1.1: Map of the Great Barrier Reef Region

This map outlines the area known as the Great Barrier Reef Region. It includes the Great Barrier Reef World Heritage Area; The Great Barrier Reef Marine Park and the Great Barrier Reef Catchment.

Source: Great Barrier Reef Marine Park Authority, Great Barrier Reef Outlook Report 2019, p. 4.

The role of the Great Barrier Reef Marine Park Authority

1.4 The Great Barrier Reef Marine Park Authority (GBRMPA) is established under section 6 of the GBRMP Act. It has primary responsibility for applying the Marine Park’s regulatory framework, which comprises the GBRMP Act, the Great Barrier Reef Marine Park Regulations 2019 (the Regulations), and legislative instruments made under them such as the Great Barrier Reef Marine Park Zoning Plan 2003 (the Zoning Plan).11

1.5 GBRMPA’s Corporate Plan 2020–21 states that its purpose is to:

Provide for the long-term protection, ecologically sustainable use, understanding and enjoyment of the Great Barrier Reef for all Australians and the international community through the care and development of the marine park.12

1.6 Persons13 intending to undertake particular activities within the Marine Park are required to obtain permits prior to their commencement.14 GBRMPA and Queensland Parks and Wildlife Service and Partnerships (QPWS&P) within the Queensland Department of Environment and Science operate a joint application and permit assessment process for requests for access to both the Marine Park and Queensland’s Great Barrier Reef Coast Marine Park.15

1.7 Activities requiring permits are outlined in the Zoning Plan and include:

  • most commercial activities, such as tourist programs and vessel and aircraft charter operations;
  • certain types of fishing and aquaculture operations;
  • taking of certain animals or plants;
  • installation and operation of structures, such as jetties, marinas, pontoons, and moorings;
  • any significant works, such as dredging and spoil dumping; and
  • educational and research programs.

1.8 GBRMPA must assess the relevant impact of the proposed conduct before determining whether to grant a permit.16 Approved joint permit applications are signed by delegates from both GBRMPA and QPWS&P. Each permit can include multiple permissions, and each permission may be subject to one or more conditions17, which are required to be monitored and enforced by GBRMPA.

Previous scrutiny

1.9 The ANAO undertook a performance audit of GBRMPA’s management of permits and approvals in Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals. The audit identified shortcomings across a range of GBRMPA’s regulatory activities, including its assessment of permit applications, monitoring of permit holder compliance and response to non-compliance.18

1.10 The audit made five recommendations to GBRMPA to strengthen the:

  • processing of permit applications;
  • rigour of the permit application assessment and decision-making processes;
  • effectiveness of permit conditions;
  • effectiveness of permit compliance monitoring; and
  • response to instances of non-compliance.19

1.11 GBRMPA’s response to the audit in August 2015 agreed to all five recommendations.20 This response advised GBRMPA would address the five recommendations over the following four years. The recommendations are reproduced, and the ANAO’s assessment of the progress made to address them are outlined, in Appendix 2 of this report.

1.12 In 2016, the Joint Committee of Public Accounts and Audit (JCPAA) examined Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals in an inquiry. The JCPAA noted that ‘shortcomings in regulating the permit system for the marine park may be undermining the system as a means of managing risks to the Park’, and made three recommendations to GBRMPA to:

  • appropriately accelerate its projected timeframe for the implementation of ANAO’s recommendations and report back to the Committee within six months with new timeframes and milestones for implementation;
  • implement more effective performance information; and
  • report back to the Committee within 18 months on whether it met the revised milestones for implementation with details and dates achieved.21

1.13 GBRMPA supported the first recommendation with qualifications and supported the other two recommendations. The recommendations are reproduced in Appendix 3 of this report.

1.14 A summary of the key timeframes against the implementation of recommendations and associated activities is outlined in Appendix 4.

Rationale for undertaking the audit

1.15 Effective regulation of permits and compliance in the Marine Park provides for the long-term protection and conservation of the environment, biodiversity and heritage values of the Great Barrier Reef Region.

1.16 Reports of parliamentary committees and the Auditor-General identify risks to the successful delivery of outcomes and areas where administrative or other improvements can be made. The appropriate and timely implementation of agreed recommendations is an important part of realising the full benefit of an audit or parliamentary inquiry, and for demonstrating accountability to the Parliament.22

1.17 This follow-up audit will provide assurance that GBRMPA has implemented appropriate systems to manage risk and preserve the environmental, social and economic significance of the Marine Park and its World Heritage listing.

Audit approach

Audit objective, criteria and scope

1.18 The audit objective was to examine the effectiveness of GBRMPA’s regulation of permits and approvals, including its implementation of recommendations from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals.

1.19 To form a conclusion against this objective, the ANAO adopted the following high-level criteria:

  • Are there appropriate arrangements for processing, assessing and approving permit applications?
  • Are there appropriate arrangements for managing and monitoring permissions?
  • Has an appropriate non-compliance framework been established?

1.20 The audit focused on activities related to permit assessment, approvals and compliance management, and did not examine other activities conducted by GBRMPA.23

Audit methodology

1.21 The audit methodology included:

  • examination of GBRMPA’s documentation with a focus on implementation of recommendations;
  • examination of permit assessment, monitoring and compliance related documentation and activities developed and implemented since the previous audit;
  • assessment of GBRMPA’s IT system documentation and controls, including system improvements implemented since the previous audit; and
  • interviews with relevant entity staff.

1.22 The audit was conducted in accordance with ANAO auditing standards at a cost to the ANAO of $290,500.

1.23 Team members for this audit were Jacqueline Hedditch, Joshua Francis, Se Eun Lee, Matthew Rigter, Stevan Serafimov and Michael White.

2. Processing, assessing and approving permit applications

Areas examined

This chapter examines whether the Great Barrier Reef Marine Park Authority (GBRMPA) has appropriate arrangements for processing, assessing and approving permit applications. This includes implementation of Recommendations no.1 and 2 of Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals.

Conclusion

Arrangements for processing, assessing and approving permit applications are largely appropriate. However, GBRMPA has not fully implemented Recommendations no.1 and 2 from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals.

GBRMPA has not established efficiency metrics that demonstrate to the public and the Parliament that it is properly managing the public resources for which it is responsible.

Areas for improvement

The ANAO made three recommendations aimed at finalising internal policies and procedures, developing efficiency metrics, and improving monitoring, tracking and visibility of mandatory training requirements and conflicts of interest declarations.

The ANAO also suggested that, as part of finalising internal policies and procedures, GBRMPA clarify and consolidate the contents of internal procedures, and ensure old procedures or guidelines that are no longer relevant are appropriately withdrawn and archived.

2.1 Appropriate arrangements for processing, assessing and approving permit applications facilitate GBRMPA’s achievement of legislative objectives under the Great Barrier Reef Marine Park Act 1975 (GBRMP Act). It also ensures that GBRMPA, through the permissions system, effectively manages risks to the Great Barrier Reef Marine Park (the Marine Park).

2.2 To assess whether GBRMPA has appropriate arrangements for processing, assessing and approving permit applications, the ANAO examined whether:

  • procedures support the processing of permit applications;
  • assessment of permits is efficient and effective; and
  • procedures support permit approval decisions.

Do procedures support processing of permit applications?

Procedures largely support the processing of permit applications in line with legislative and policy requirements. However the previous audit recommendation to review and finalise procedures has only been partially implemented. Training and communications related to permit application processing have been established, but not all staff have completed mandatory training.

2.3 Accurate, current and complete procedures underpin effective permit application processing. Appropriate procedures provide GBRMPA with a basis to demonstrate accountability, transparency and consistency when processing permit applications. Training and internal communication is required to ensure staff appropriately apply policy and procedure.

2.4 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals made findings relating to GBRMPA’s procedural documentation for processing of permit applications. Identified issues included: fragmented and incomplete guidance material for staff; materials in draft form or overdue for review or update; documents failed to address all key relevant assessment considerations; and a lack of training and internal communication.24

2.5 This audit assessed GBRMPA’s policies, procedures and guidance documents in place to support its permit processing under the GBRMP Act. Specifically, the ANAO examined whether:

  • the procedures for permit application processes have been reviewed and finalised;
  • the procedures cover all components of the permit application process and address all legislative and policy requirements; and
  • staff receive training and relevant communications on application processing.

Permit application, assessment and approval process

2.6 GBRMPA’s permit application, assessment and approval process is outlined in Figure 2.1. The stages in the permit application are: pre-assessment; assessment; review and quality assurance; decision; and reconsideration and appeal.

Figure 2.1: GBRMPA permit application, assessment and approval process

This figure outlines the permit application, assessment and approval process. The process commences with pre-assessment, which includes confirming all information has been received, deciding an assessment approach, and acknowledging receipt of the application.   An assessment is then undertaken which may include payment of fees, company check, request for further information, native title notification, and referral to Queensland Parks and Wildlife Service and Partnerships (QPWS&P) or GBRMPA line areas. The assessment report and permit documents are then drafted.  Once documents have been drafted these are subject to a supervisor check and endorsement by QPWS&P where relevant.  A decision to approve or refuse is then made, and the applicant is notified of the decision. Applicants may request reconsideration and appeal a decision.

Note a: Steps are undertaken if required for the relevant application.

Source: ANAO analysis of GBRMPA information.

2.7 Once approved, applicants are issued a permit document with specified permissions and conditions. If an application is not approved, applicants are advised of the outcome of the assessment. The GBRMP Act and the Great Barrier Reef Marine Park Regulations 2019 (the Regulations) provide for affected persons to request reconsideration of certain decisions.25

2.8 GBRMPA’s Environmental Impact Management – Permission System policy document defines the following key items:

  • Permit: A document issued by the managing agencies which details the permission(s) granted by the managing agencies. A permit may include one or more permissions; and
  • Permission: Written approval to enter or use the Marine Park for a specific purpose, in cases where this is required by the Great Barrier Reef Marine Park Zoning Plan 2003 and Marine Parks (Great Barrier Reef Coast) Zoning Plan 2004.26

2.9 Conditions for conducting a permitted activity are set by the managing agencies in the permit document.27

Review and finalisation of documents

2.10 Well-drafted procedural documents support consistency in regulatory decision-making. Procedures should cover all major decision points, be consistent with legislative and policy requirements, and be reviewed regularly to ensure they remain appropriate over time. Finalisation of procedural documents with clear approvals and version control reduces the risk that permit applications are processed using out-of-date or incorrect procedures.

2.11 This audit examined 120 policy, procedure or guidance documents that support the permit application process. Many of these documents were developed or revised as part of processes addressing the findings of the previous audit.28 Of these:

  • 56 documents were externally published via GBRMPA’s eLibrary database29; and
  • 64 documents were internal documents.

2.12 External documents may include:

  • guidelines for applicants;
  • checklists for information required for different types of applications;
  • example routine permits; and
  • information sheets related to specific activities and other matters relevant to the management of the Reef.

2.13 Internal documents support GBRMPA staff to use key applications related systems and address regulatory requirements.

2.14 All 56 externally published documents have been finalised. These documents are clear, well-structured and contain relevant information. However, 15 documents are overdue for review as at January 2021, with one guideline on managing research in the Marine Park more than two years overdue.

2.15 The 64 internal documents reviewed varied significantly in structure, format and content. Some were in formal internal procedure templates, while others were plain word processor documents.30 Many were undated and were presented in a variety of formats including procedural steps, user manuals or instructions for using new systems, or ‘tips and tricks’ for various permit processing steps. Several documents were labelled as standard operating procedures that consisted of emails or minutes to managers saved as records.

2.16 Of the 64 internal documents assessed:

  • 25 (39 per cent) were finalised;
  • some documents contained unaccepted edits in track-changes or unaddressed comments raising queries or issues from as far back as 2017;
  • 13 (20 per cent) of internal procedure documents specified the date for review, with six of these overdue as at January 2021; and
  • three guidelines refer to provisions in the 1983 Regulations that were repealed and replaced in April 2019.

2.17 Incomplete, outdated or unapproved procedures to process permit applications can increase the risk of staff non-compliance with legislative or policy requirements and affect consistency of decision-making processes. There is scope to clarify and consolidate the contents of internal procedures, and withdraw or archive old procedures or guidelines that are no longer relevant.

Controlled document policy

2.18 GBRMPA has a policy for the development, approval, storage, review and access of documents — referred to as controlled documents. According to the policy, controlled documents are ‘typically … instruments of delegation, policies, procedures / standard operating procedures, guidelines, templates, and forms’ and should be developed:

  • for issues affecting accountability, efficiency or consistency; that could create a liability; or that could impact compliance with regulatory requirements;
  • for processes that are lengthy or complex, routine but essential for success, or processes or activities that are consistently done incorrectly;
  • to strengthen internal controls; or
  • where required by legislation, whole-of-Government policy, Australian Standards or are better practice.

2.19 Of the 56 external documents, 26 were approved controlled documents. None of the 64 internal procedural documents on permit applications processing or permit compliance were approved controlled documents.31

2.20 The policy indicates that many of the internal procedural documents are suitable to be classified as a controlled document. Procedures that detail steps required for compliance with regulatory requirements, including those that address proper use of key systems or weaknesses in internal controls, would benefit from the centralised quality oversight applied to controlled documents. Some external documents not currently established as controlled documents may also benefit from this oversight.

Recommendation no.1

2.21 The Great Barrier Reef Marine Park Authority review and finalise internally managed business procedures, including establishing relevant documents as controlled documents, in order to fully implement Recommendation no.1 from Auditor-General Report No.3 2015–16 Regulation of the Great Barrier Reef Marine Park Permits and Approvals. External documents should also be reviewed and established as controlled documents where relevant.

Great Barrier Reef Marine Park Authority response: Agreed.

2.22 The Authority will review all permission system related business procedures for completeness and consideration as controlled documents, including where relevant finalising draft documents.

Consistency with legislative and policy requirements

2.23 GBRMPA’s procedures must be consistent with the requirements of the GBRMP Act and the Regulations, as well as its key policy documents. The ANAO examined whether GBRMPA’s procedures clearly address all relevant steps in the permit application process, including legislative and policy requirements.

2.24 Analysis of the 120 policy, procedure and guidance documents found all steps within the permit application process required by the GBRMP Act, the Regulations and key policy documents are comprehensively outlined in the procedures, with the exception of one legislative requirement.

2.25 Section 92 of the Regulations requires that the delegate consider a number of mandatory criteria before determining the assessment approach. However, evidence of this is not recorded at the time of the decision, including in the field provided for that purpose on the Reef Management System (RMS).32 Procedures state that reasons should be recorded in the RMS for deciding on assessment approach, but does not cover what form this should take to satisfy the Regulations and there is no other guidance around this requirement.33

2.26 There were two gaps in the permit application process undertaken by GBRMPA that were not sufficiently addressed by the procedures.

2.27 Procedures covering referrals of applications to Queensland Parks and Wildlife Service and Partnerships (QPWS&P) and internal GBRMPA line areas34 are not comprehensive, do not reflect current practices, and remain in draft form.

2.28 Secondly, procedures do not adequately address requirements for supervisor checks of the application assessment before it goes to the delegate for final decision. The available guidelines are not comprehensive and do not detail whether one or two checks are required for all applications.

Staff training and communications

2.29 Report No.3 2015–16 recommended that GBRMPA reinforce to its staff:

  • the need to document whether permit application assessment requirements have been addressed35; and
  • the importance of preparing assessment reports for delegates that adequately address regulatory assessment requirements.36

2.30 The ANAO examined training provided to permit processing staff that address these recommendations. Key training provided to GBRMPA’s permit processing staff include modules on: the joint permissions system; assessment criteria; risk assessment; Marine Park legislation; delegations and authorisations; decision-making; and privacy.

2.31 GBRMPA policy requires completion of these training modules37 in order for staff to exercise permit-related delegations. Some training is delivered through GBRMPA’s internal learning and development system. Other training materials are stored on GBRMPA’s electronic document records management system for staff to access and review.

2.32 Records indicate that not all staff exercising delegations have completed all mandatory modules. There is no system-based control that prevents staff who have not completed the mandatory training from exercising permit delegations.

2.33 Aspects of the permit applications process and system usage are reinforced via email communications and staff meetings. Emails communicate tips, reminders and other information relevant to permit applications for staff and are sent out on an as-needed basis. Monthly system refresher sessions are available for permissions processing staff. Attendance is not mandatory.

Is assessment of permits effective and efficient?

The permit assessment process is largely effective. While timeliness of assessments has improved since the previous audit, GBRMPA does not have appropriate arrangements in place to adequately measure or monitor the efficiency of assessments.

2.34 Effective and efficient processing of permit applications enables the achievement of the GBRMP Act’s objectives while minimising the use of public resources.

2.35 Report No.3 2015–16 made findings relating to GBRMPA’s processing of permit applications, including poor timeliness of assessments, record-keeping and documentation of evidence, non-compliance with procedures, and lack of quality assurance over completion of key procedural steps.

2.36 To assess whether GBRMPA’s assessment and processing of permit applications was efficient and effective the ANAO examined whether:

  • permit applications were assessed and processed in accordance with procedures;
  • GBRMPA has developed an efficiency framework or metrics; and
  • the timeliness of permit application assessments has improved since the previous audit.

Assessment of permit applications

2.37 Compliance with relevant assessment procedures allows GBRMPA to demonstrate the permit assessment process is consistent with the GBRMP Act. The assessment of permit applications is part of the process outlined in Figure 2.1, above.

Permit-related information systems

2.38 Since Report No.3 2015–16, GBRMPA has undertaken activities to improve the permit application assessment process. This includes the introduction of electronic workflows and record-keeping for permit assessments to replace paper-based processes. Refer to Appendix 4 for further detail.

2.39 The information systems that support permit application assessment and the broader permission system are outlined in Figure 2.2, below.

Figure 2.2: Permit-related information systems

This figure provides an overview of the key information systems related to permits. These can be categorised as publicly accessible systems, or internal systems which are accessed by GBRMPA and QPWS&P staff. Publicly accessible systems include: Permits Online for application and management of permits; EMC Online for managing environmental management charges (EMC) and payments; Bookings Online for managing bookings to Reef locations; and Permits Enquiry which is a public database of permits, application, moorings and decisions.  These systems provide information into an internal system, the Reef Management System, which is used for permit application processing, EMC management and permissions compliance.  The Reef Management System is supported internally by other internal systems, which include: the Permitted Use Query Tool, which provides detailed information related to permits and EMC; The Dock which is GBRMPA’s electronic records document management system; and Permits Enquiry which is an internal database of permits, application, moorings and decisions.

Note: Internal systems are accessed by GBRMPA and Queensland Parks and Wildlife Service and Partnerships (QPWS&P) staff.

Source: ANAO analysis of GBRMPA information.

2.40 The Reef Management System (RMS) is the primary system GBRMPA uses to manage permit applications and assessments.38 The RMS is supported by internal and publicly accessible systems. GBRMPA’s electronic document records management system (The Dock) stores the permit application and assessment documents that are linked to the relevant parts of the workflow on RMS. The publicly accessible systems allow for electronic lodgement of permit applications and searches of permit-related information.39

Compliance with assessment procedures

2.41 The ANAO assessed a sample of 70 applications received between 4 October 2017 and 31 December 2020 for compliance with GBRMPA’s procedures.40 The results of key procedural requirements tested are summarised in Table 2.1.

Table 2.1: GBRMPA’s compliance with assessment procedures

Key procedural requirements tested

Assessment

All RMS fields required by procedure are completed.

Acknowledgement letter is sent to the applicant and on file.

Assessment report is complete and on file (including risk assessment).

Assessment cover is complete, signed by the delegate(s) and on file.

Relevant permit documents are signed and on file (including permit cover letter).

Referral requests were made as required by procedure and responses are on file.

Native title notifications are sent out as requireda and on file.

Company checks are undertaken where relevant and on file.

Supervisor checks are completed as required by procedureb and on file.

Permission System Service Charter timeframes are met.

Delegation was correctly exercised according to procedure.

  

Legend: Met: >95% of cases met the test; Partly met: 75% to 94% of cases met the test; Not met: <75% of cases met the test.

Note a: Under paragraph 24HA(7)(b) of the Native Title Act 1993 GBRMPA is required to notify all registered Aboriginal or Torres Strait Islander bodies, registered native title bodies corporate and registered native title claimants, relevant to the location(s) in which a permitted activity is proposed to occur, of the description and general nature of the application prior to the grant of a permit and provide an opportunity to comment.

Note b: The ANAO assessed the supervisor checks recorded in the RMS against documentation that is marked as a guide only. GBRMPA advised that this guide is used as part of daily business practice, however workflow documents are currently being drafted.

Source: ANAO analysis.

2.42 GBRMPA’s assessment process met six of the 11 key requirements. Two requirements were partly met, and three requirements were assessed as not met.

2.43 The requirements assessed as not met were: meeting the Permission System Service Charter (service charter) timeframes (see paragraphs 2.56 to 2.57); compliance with internal criteria to exercise permit-related delegation (see paragraphs 2.76 to 2.80); and the completion of RMS fields required by procedure. These fields included:

  • the free text field where the delegate records reasons for making an assessment approach decision under section 92 of the Regulations, which is not required by the system and used at the delegate’s discretion (see paragraph 2.25); and
  • relevant date fields indicating: the date on which all information was received from the applicant; assessment completion date; and date the assessment was sent to the delegate for final decision. These dates are used by the system to calculate performance against the service charter timeframes.
Record-keeping

2.44 Failure to create and maintain accurate records of regulation impacts GBRMPA’s accountability and transparency, and creates legal risks if decisions are later scrutinised or appealed.

2.45 Not all key documents relating to the application assessment were available on GBRMPA’s electronic document records management system. Of the 70 applications examined, 10 assessment reports to the delegate and five other documents41 required by procedure were not found on file.

2.46 GBRMPA amended relevant procedures in January 2021 to reduce the record-keeping risks related to broken hyperlinks, amendments to template document names, or changes following system upgrades.

Efficiency and timeliness of assessments

2.47 The Public Governance, Performance and Accountability Act 2013 (the PGPA Act) requires entities to be governed in a way that promotes the proper use and management of public resources.42 The PGPA Act defines ‘proper’ as efficient, effective, economical and ethical.43

2.48 The Auditing and Assurance Standards Board defines efficiency as the ‘performance principle relating to the minimisation of inputs employed to deliver the intended outputs in terms of quality, quantity and timing’.44

2.49 Efficient use of public resources enables regulators to maximise outputs for government and the community, reduce demands on the Australian Government budget and promote financial sustainability. An efficient permit application process also ensures that applicants are able to access the Marine Park for planned activities in a timely manner.

2.50 Comments from stakeholders received by the ANAO as part of Report No.3 2015–16 found that permit holders and general stakeholders consistently identified the lack of timeliness as a major issue, particularly for non-routine applications.45

2.51 Analysis in Report No.3 2015–16 found that for routine applications, GBRMPA met its target timeframe (then 60 days) to complete assessments 57.4 per cent of the time during the period July 2012 to June 2014. For non-routine applications46, GBRMPA required up to 90 days to complete assessments for 13 of the 63 applications (20.6 per cent), and up to a year to assess a further 28 applications (44.4 per cent). Assessments for the remaining 22 applications required between one and nearly four years to complete (with the longest assessment for a new applicant being two years and eight months).47

2.52 In 2016, the Joint Committee of Public Accounts and Audit (JCPAA) recommended that GBRMPA implement more effective performance information, including targets for permit application processing, assessment and approval timeframes, and continue to monitor and publicly report on performance outcomes in this area.48

2.53 The ANAO examined whether GBRMPA has improved its assessment timeliness and implemented appropriate arrangements to measure and monitor efficiency of permit assessments.

Assessment timeliness

2.54 Section 112 of the Regulations requires a decision on an application for a permit to be made within a reasonable period after receiving the application. However, a reasonable period is not defined in the Regulations.

2.55 In the absence of statutory timeframes, GBRMPA adopted a service charter specific to the permission system on 4 October 2017.49 GBRMPA reports on its average performance against the service charter timeframes in its annual reports. It also provides a weekly update to its Executive Management Group (EMG)50 on the status of permit applications, including performance against service level standards.

Performance against service charter timeframes

2.56 The ANAO examined whether GBRMPA has met the timeframes specified in the service charter for all applications received between 4 October 2017 and 31 December 2020.51 Table 2.2 outlines the results of testing against the relevant timeframes.

Table 2.2: GBRMPA’s performance against service charter timeframes

Service Charter timeframes

% cases that met the timeframe

Routine

2017c

2018

2019

2020d

Overall average

Written acknowledgement of application sent within 10 business days of receiving a properly made applicationa

100%

100%

96%

93%

97%

25 business days to make a decision after receiving all information required to complete the assessment

100%

100%

96%

89%

96%

Tailored

2017c

2018

2019

2020d

Overall average

Written acknowledgement of application sent within 10 business days of receiving a properly made applicationa

100%

92%

89%

90%

91%

Further information request (if required) sent within 30 business days of receiving a properly made applicationa

72%

72%

83%

81%

77%

50 business days to make a decision after receiving all information required to complete the assessmentb

56%

74%

75%

58%

69%

      

Note a: A properly made application is one that contains enough information about the proposed activity to allow an assessment of potential impacts and determine the most appropriate risk management measures.

Note b: For tailored assessments where a further information request (FINFO) is required, the timeframe commences once this process has been completed.

Note c: From 4 October 2017.

Note d: As part of the response to COVID-19, from March 2020 GBRMPA contacted permit holders with permits approaching expiry to obtain verbal agreement to lodge and initiate continuation applications on their behalf. This was to prevent permits from expiring, and enable businesses to re-open once travel and other restrictions were lifted. GBRMPA reporting indicates that COVID-19 contributed to the decline against service charter standards in 2020.

Source: ANAO analysis of GBRMPA data.

2.57 GBRMPA met the service charter timeframes for the majority of routine applications since 4 October 2017. GBRMPA’s timeliness is less consistent for tailored assessment approaches, with around 31 per cent of tailored applications exceeding the 50-day target for decision on average. Of these: 174 applications (22 per cent) took between 51 to 75 days; 36 applications (4 per cent) took between 76 to 100 days; and 39 applications (5 per cent) took more than 100 days.

Measurement of efficiency

2.58 As outlined in paragraph 2.48, efficiency is calculated by analysing inputs employed to deliver the intended outputs. Reporting on performance against service level standards is GBRMPA’s only efficiency-related metric.52 GBRMPA has not established other arrangements to measure its use of resources in relation to its processing of permit applications.

2.59 In the absence of an existing efficiency indicator, the ANAO examined whether an efficiency indicator could be created using inputs, such as the cost of processing permit applications, and corresponding outputs, such as number of permits processed per financial year. GBRMPA was unable to provide a sufficient level of information on the costs of permit processing activities to enable the development of an efficiency indicator.

2.60 Lack of arrangements to measure efficiency in its delivery of permit processing activities limits GBRMPA’s ability to demonstrate to the Parliament, the public and itself that it is properly managing the public resources for which it is responsible. Establishing measures to monitor efficiency will enable GBRMPA and external stakeholders to understand changes in performance, target areas for improvement and monitor changes over time.

Recommendation no.2

2.61 The Great Barrier Reef Marine Park Authority establish efficiency indicators to assist in monitoring its use of public resources and meet its reporting requirements under the Public Governance, Performance and Accountability Act 2013.

Great Barrier Reef Marine Park Authority response: Agreed.

Do procedures support permit approval?

Procedures largely support permit approval decisions. Application assessment report templates were revised and expanded to address all mandatory assessment criteria under the Regulations. There is scope for improved monitoring of internal procedural requirements for exercising permit-related delegations.

2.62 A permissions system that achieves GBRMPA’s legislated objectives requires permit approval decisions to be informed by all assessment criteria and the risks relevant to the various permitted activities.

2.63 Report No.3 2015–16 found that permit application assessment reports prepared for the delegates failed to address all relevant assessment criteria to inform delegates’ decisions to issue or refuse permits, and appropriate risk assessment templates were not developed for all permitted activity types.53

2.64 As a result, the delegates’ decisions to grant or refuse applications for certain activities were not informed by all relevant considerations or a documented assessment of the risks that the activities pose to the Marine Park.

2.65 To determine whether these findings had been addressed, the ANAO examined whether:

  • assessment templates provide for all regulatory considerations to be fully addressed;
  • all assessment templates in use were accompanied by risk assessment templates; and
  • permit approval decisions are made according to procedure.

Updated assessment report templates

2.66 Prior to the amendments that came into effect on 4 October 2017, the Regulations outlined six common mandatory considerations that must be considered by the delegate when making a decision to grant or refuse all Marine Park permits, and 11 discretionary considerations that the delegate may take into account when making a decision.

2.67 The amendments of October 2017 removed the list of discretionary considerations. The Regulations now contain a consolidated list of 16 mandatory considerations the delegate must consider in deciding whether to grant a permission on an application, and whether or not to impose any conditions on the permission.54

2.68 GBRMPA’s assessment templates55 have been updated and expanded to ensure that all mandatory criteria are addressed. Examination of the 70 sampled applications confirmed that where assessment reports were available (see paragraphs 2.44 to 2.46), they addressed all 16 mandatory criteria, including noting those that were not relevant for delegate consideration.

2.69 There were two assessment templates in GBRMPA’s list of current templates that when reviewed by the ANAO were in draft and contained unaddressed comments in the document.56 GBRMPA should ensure all its templates in use are finalised and up to date. While reviewing templates GBRMPA should continue to use approved versions and keep drafts separate to ensure they are not used by staff before revision is complete.

Risk assessment templates

2.70 A documented assessment of risks associated with each permit application allows the delegate to consider the extent to which relevant risks to the Marine Park posed by the proposed activity can be effectively managed.

2.71 GBRMPA developed a new internal risk assessment procedure for permit applications following Report No.3 2015–16. This procedure outlines how the managing agencies will be evaluating risks to the values of the two marine parks posed by proposed activities.57 Changes to the risk assessment methodology included revising risk levels and consequence ratings, as well as the likelihood of the risks eventuating. The procedure came into effect on 4 October 2017 along with the amendments to the Regulations, and other policies and guidelines (see Appendix 4).

2.72 All 19 assessment templates examined by the ANAO contained a risk assessment template that aligned with the internal procedure. These risk assessment templates contain standard risks that are relevant to the particular permitted activity covered by the assessment template. The risk assessment templates include pre-filled inherent risk ratings and risk ratings after existing controls, including via proposed conditions, that have been taken into account.

2.73 The ANAO found that seven out of 19 risk assessment templates examined did not indicate the date on which the pre-filled risk assessment was undertaken and did not contain a field in which the assessment officer is to fill in the date the assessment was reviewed and applied to the individual application. As the pre-filled risk assessment templates are sometimes used without further changes, specifying the date on which the risks were considered by including a date field for assessment officers to complete during the assessment process would assist in ensuring that the risks are updated and revised where relevant.

2.74 GBRMPA began reviewing its risk assessment procedure in April 2020, ahead of the scheduled review date specified in the procedure (September 2020). The process involves ‘[r]eview and update of the Risk Assessment – Permission System internal procedure to assess fit-for-purpose with renewed risk tolerance and broader Authority review of risk assessment processes.’ As at April 2021 the risk assessment procedure remains under review.

Permit approval decisions

2.75 The instrument of delegation made under the GBRMP Act states that powers and functions relating to managing permissions, including granting and refusing permissions, under the Regulations are delegated to the Chief Executive Officer, General Manager/Senior Executive Service officer, staff at Executive Levels 1 and 2, and staff at APS Levels 2 to 6.58

2.76 GBRMPA also has an internal procedure outlining mandatory requirements for staff to exercise permit-related delegations. These requirements include the completion of six training modules (paragraph 2.30) and a conflict of interest declaration that is updated at least annually.

2.77 For the 70 sampled permit application assessments:

  • a delegate appropriately authorised under the instrument of delegation made all decisions; and
  • clear and reliable evidence could not be identified that the delegates for 47 permits of 70 sampled assessments had completed the required six training modules.59

2.78 Conflict of interest forms are required to be completed as part of the annual performance and development agreement process. All 18 staff working on permit processing and assessments in February 2021 have completed their conflict of interest declarations.

2.79 Supervisors are responsible for reviewing the employee’s conflict declaration to ensure the form has been completed properly and any declared conflicts are managed. This process does not provide clear oversight of declared conflicts where the delegate is not the direct supervisor of the staff member who completed the assessment.

Recommendation no.3

2.80 The Great Barrier Reef Marine Park Authority improve monitoring, tracking and visibility of mandatory training requirements and conflict of interest declarations to provide assurance over staff capability to exercise delegations.

Great Barrier Reef Marine Park Authority response: Agreed.

2.81 The Authority is committed to improving monitoring and tracking of mandatory training, conflicts of interest and capability to exercise delegations and has commenced a review of its performance management framework.

3. Managing and monitoring permissions

Areas examined

This chapter assesses whether the Great Barrier Reef Marine Park Authority (GBRMPA) has appropriate arrangements for managing and monitoring permissions compliance. This includes implementation of Recommendations no.3 and 4 of Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals.

Conclusion

Arrangements for managing and monitoring permissions are partially appropriate. Key components of a compliance monitoring framework were not implemented until 2021. Further improvements are required to fully implement Recommendations no.3 and 4.

The advice GBRMPA provided to the Joint Committee of Public Accounts and Audit (JCPAA) in relation to the implementation of Recommendations no.3, 4 and 5 from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals did not clearly articulate the status of work completed and the scope of outstanding work.

Areas for improvement

The ANAO made three recommendations aimed at implementing agreed recommendations from the review of standard conditions, implementing governance arrangements to provide improved oversight of the implementation of recommendations, and improving its performance framework.

The ANAO also suggested that GBRMPA improve the IT general controls over the Reef Management System to provide greater assurance over its permit-related data.

3.1 GBRMPA requires persons intending to undertake particular activities within the Great Barrier Reef Marine Park (the Marine Park) to obtain permits prior to their commencement. Each permit can include multiple permissions, and each permission may be subject to one or more conditions, which are required to be monitored and enforced by GBRMPA.

3.2 To assess whether GBRMPA has appropriate arrangements for managing and monitoring permissions, this audit examined whether:

  • standard conditions are periodically reviewed;
  • there is a framework for compliance monitoring activities; and
  • compliance monitoring activities are effective.

Are standard conditions periodically reviewed?

GBRMPA has reviewed some standard conditions through two processes since the previous audit. However, there is no formalised policy requiring the review of all standard conditions on a periodic basis. The first review conducted in 2016 informed the implementation of changes to the permissions system that came into effect in October 2017. GBRMPA commenced a further review of standard conditions in 2019. The second review is ongoing with no conditions yet amended as a result of this review.

3.3 GBRMPA permits provide written approval to enter or use the Marine Park for a specific purpose. Permits specify permission(s) subject to conditions.60 These conditions are the mechanism for reducing the risks that permitted activities pose to the Marine Park. To ensure that conditions are effective at reducing the risks associated with permitted activities they should be periodically reviewed for their ongoing appropriateness.

3.4 GBRMPA applies standard conditions in two circumstances. The first is conditions issued in routine permits.61 The second is conditions for tailored applications, which can be amended as required by the delegate approving the permission.

3.5 GBRMPA provides customised conditions as required to address risks associated with specific proposals including intended use, location within the Marine Park and individual site-specific environmental risks.

3.6 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals recommended that GBRMPA improve the effectiveness of conditions used to manage risks to the Marine Park from permitted activities, including periodic review of the adequacy of standard conditions.62

Review of standard conditions

3.7 GBRMPA has undertaken two reviews over standard conditions since Report No.3 2015–16. Reviews of some standard conditions occurred in 2016 as part of the application process changes implemented in October 2017. This included the development of routine permits and reviewing standard conditions relating to: tourism and charter activities; equipment used in activities; and indemnity and insurance.

3.8 As part of this process, 262 conditions were reviewed, resulting in recommendations to retain, modify or remove 231 of those conditions.63 GBRMPA advised the ANAO that it did not capture information on the number of individual conditions changed as a result of the review. Therefore the action taken to address these recommendations is unclear.

3.9 The second review process began in 2018 when planning commenced for the Risk-based Permission Project (the project) to improve the risk-based approach to the permissions system. The primary outcome identified in the project plan is for resources and efforts to be focussed on activities that pose a high risk to the Reef.

3.10 The project plan was approved by the Joint Streamlining Permissions Steering Committee (the Joint Steering Committee) in August 2019, with an estimated timeframe of three to five years.64 The project is intended to review approximately 1000 standard conditions in accordance with the process approved by the Joint Steering Committee.65

3.11 The conditions review aims to improve efficiency for permit compliance by:

  • consolidating and removing duplicate conditions;
  • ensuring the conditions are enforceable; and
  • improving consistency across low risk permits to reduce the need to create custom permit documents.

3.12 As at February 2021, 588 standard conditions for tourism and charter permissions have been reviewed.

3.13 Nine issues papers have been developed and presented to the Joint Steering Committee between June and December 2020 that identify issues with standard conditions for tourism and charter permissions. The themes covered by these issues papers are outlined in Table 3.1.

Table 3.1: Issues identified in tourism and charter standard conditions review

Issues identified in tourism and charter standard conditions review papers

Number of review papers the issue is raised in

Proportion of total review papers prepareda

Enforceability

8

89%

Repetition or duplication

7

78%

Risk appetite

3

33%

Not a priority for enforcement

2

22%

Permit conditions to give effect to policy

2

22%

Consistency

2

22%

Clarity

2

22%

Limited previous enforcement activity

2

22%

Effectiveness

1

11%

Definitions

1

11%

Rarely refused in tailored assessments

1

11%

Relevance

1

11%

   

Note a: A total of nine issues papers have been prepared to date. Issues papers were intended to consolidate a range of expert opinions identified during review working groups and provide a range of options for consideration by the Joint Steering Committee.

Source: ANAO analysis of GBRMPA information.

3.14 Although a number of issues have been identified that are currently impacting on the clarity and enforceability of permissions conditions, no changes have yet been made as a result of this review activity. GBRMPA expects to present recommended actions for the 588 conditions reviewed to date to the Joint Steering Committee in mid-2021.

Reporting against review of standard conditions

3.15 Reporting on project progress occurs to the Joint Steering Committee and Field Management Strategy and Operations Groups.66 Reporting provides an overview of the status of activities listed within the project plan, however does not provide a clear line of sight of the achievement of overall project outcomes. Specifically, the conditions review is intended to:

  • provide for permits that have concise, clear and enforceable conditions;
  • reduce the effort on creating customised permits through standardisation; and
  • improve business efficiencies for permit compliance.

3.16 Reporting to these committees does not include reporting against these outcomes.

3.17 Internal reporting also occurs against the annual operating plan.67 GBRMPA considers that its annual operating plan reporting provides the standard reporting framework for each business unit and key deliverables, including monitoring against the project. However, reporting against the annual operating plan does not clearly communicate the project’s progress against its milestones and deliverables and does not provide a clear overview of progress over time.68

3.18 The two examples of annual operating plan reporting reviewed by the ANAO provided limited information to support the ‘green’ status69:

  • one report makes statements about project activities but does not report against targets or baselines; and
  • the other outlines the project deliverables but does not report on the activities that have been delivered.

3.19 External reporting as part of the annual performance statements is limited to a high level statement under the annual compliance plan activities. Reporting for 2019–20 noted that GBRMPA was reviewing the enforceability of standard conditions for specific permission types and involvement in the condition review process.

Recommendation no.4

3.20 The Great Barrier Reef Marine Park Authority implement agreed review recommendations as key stages of the review of standard conditions are completed in order to:

  • address the identified issues and ensure the desired improvements to regulation are achieved; and
  • fully implement Recommendation no.3 from Auditor-General Report No.3 2015–16 Regulation of the Great Barrier Reef Marine Park Permits and Approvals.

3.21 This should include developing a master list of all standard conditions and tracking of amendments, including the basis for amendments, over time.

Great Barrier Reef Marine Park Authority response: Agreed.

3.22 The Authority reaffirms its commitment to fully review all current standard permit conditions as part of the on-going risk based solutions to permissions project including the development of procedures for on-going periodic review.

Is there a framework for permissions monitoring activities?

GBRMPA has partially established a permissions monitoring framework. A five-year plan to establish this framework, developed in response to Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, was not completed within planned timeframes. Procedural and system deliverables were not implemented until March 2021.

3.23 An appropriate framework of policies, procedures and systems for permissions monitoring is required to manage risks to the Marine Park associated with permitted activities and identify permissions non-compliance.

3.24 Report No.3 2015–16 made findings relating to GBRMPA’s framework for managing and monitoring of permissions, including:

  • a lack of risk-based plans to coordinate its permit compliance monitoring activities;
  • generally not monitoring or assessing most post-approval reporting documents submitted by permit holders;
  • the patrols used as the primary mechanism used to monitor compliance not being suited to detecting numerous types of permit non-compliance;
  • limited guidelines for staff undertaking monitoring of permissions conditions; and
  • shortcomings in the quality and completeness of some monitoring activities.70

3.25 This audit assessed whether GBRMPA has implemented the actions identified to address these issues.

Strengthening Permissions Compliance Action Plan 2015–2020

3.26 GBRMPA established the Strengthening Permissions Compliance Action Plan 2015–2020 (the compliance action plan) to address the permissions monitoring and compliance related findings of Report No.3 2015–16 and to implement Recommendations no.4 and 5.71

3.27 The compliance action plan was approved in September 2015 with a scheduled completion date of 30 June 2020. The compliance action plan sets out 14 deliverables in its implementation schedule. These deliverables and the ANAO’s assessment of whether scheduled timeframes were met and their implementation status at April 2021 are set out in Table 3.2.

Table 3.2: ANAO assessment of implementation of key deliverables from the compliance action plan at April 2021

Deliverable

Scheduled

Schedule met

ANAO assessment of implementation

Annual Permissions Compliance Plan developed and implemented

Annually

GBRMPA developed annual permissions compliance plans from 2015–16 to 2021–22. However, the implementation of these plans has not been appropriately monitored and it cannot be demonstrated that the plans’ outcomes have been achieved. See paragraphs 4.17 to 4.24.

Development and implementation of a Permissions Compliance Training Strategy

Annually

A Permissions Compliance Training Strategy was not developed.

Establishment and implementation of an annual reporting framework for permissions compliance activities

Annually

Reporting has occurred through the annual performance statements. However this reporting does not provide a clear overview of activities and outcomes. See paragraphs 3.29 to 3.31 and Table 4.2.

Annual updates to, and dispatch of, the Permits and Environmental Management Charge Guide to all permit holders

Annually

This information is presented on GBRMPA’s website annually.

Permission specific risks incorporated into the agency’s strategic risk register

2015–16

Matters related to permissions risk are included in strategic risk reporting to the GBRMPA Board.

Permissions Compliance Communication Plan developed and implemented

2015–16

The Annual Permissions Compliance Plans included the elements described for this deliverable.

Agency Compliance Policy which references permissions compliance

2015–16

GBRMPA approved an overarching permissions compliance procedure in March 2021.

Improved document management systems for managing permissions non-compliance

2015–16

 

The first stage of the RMS compliance module was implemented in February 2021. Prior to this, GBRMPA’s electronic document management did not support assurance over achievement of permissions system outcomes. See paragraphs 3.29 to 3.31.

Legislation changes identified and implemented

2016–17

GBRMPA (Permissions System) Regulations 2017 commenced on 4 October 2017.

Establish a section on the internal internet page on the permissions system and compliance requirements

2016–17

This was established on GBRMPA’s intranet.

Establishment of a quality improvement system and register

2016–17

A process for developing and implementing improvements to the RMS has been established. A quality improvement system and register for general business processes has not been developed.

Review of the enforceability of existing conditions included in permit templates

2017–18

Review activities are not yet complete. See paragraphs 3.7 to 3.14.

Permissions Compliance Guidelines developed and implemented

2015–16 to 2019–20

GBRMPA approved an overarching permissions compliance procedure in March 2021. See paragraph 3.31 and Table 4.1.

Permissions monitoring and compliance functionality for the Reef Management System (RMS) developed and implemented

2015–16 to 2019–20

The first stage of the RMS compliance module was implemented in February 2021. GBRMPA approved a permissions compliance procedure to support the use of this RMS module in March 2021. See paragraphs 3.29 to 3.31 and Table 4.1.

     

Legend: Implemented; Partly implemented; Not implemented.

Source: ANAO analysis of GBRMPA information.

3.28 Table 3.2 outlines that GBRMPA has largely completed the deliverables to establish a framework for managing and monitoring permissions. However, half of the deliverables, including key framework and system deliverables, were not completed in the planned timeframes.

Policies, procedures and systems

3.29 An appropriate framework of policies, procedures and systems supports the efficient and effective delivery of regulatory activities.72 Report No.3 2015–16 found that GBRMPA did not have appropriate policies, procedures and systems for monitoring permissions compliance.73

3.30 GBRMPA’s permissions compliance action plan contained deliverables to implement permissions monitoring policies, procedures and systems by the end of 2019–20. Outstanding actions at 30 June 2020 included the finalisation of permissions compliance policies and guidelines, and the implementation of a module in the Reef Management System (RMS) to support permissions monitoring and compliance.

3.31 Overarching permissions compliance procedural documentation was approved in March 2021. The procedure includes a section that covers monitoring and reporting against permissions (see paragraphs 3.34 to 3.36 for further detail).

IT general controls over permits systems

3.32 The ANAO examined the IT general controls related to the RMS and found that current controls do not provide adequate assurance over the data within the RMS. GBRMPA should improve the IT general controls over the RMS to provide greater assurance over permit-related data. In particular, GBRMPA is unable to provide assurance over the changes implemented. Key issues include:

  • the structure of the commencements and terminations data within RMS Permits is such that its extraction could not confirm completeness and accuracy of the data;
  • privileged user activity is not sufficiently logged and monitored;
  • there is no segregation of duties between the development and migration of changes; and
  • there is no way to determine if changes have been made that bypass the change management process.

3.33 GBRMPA has implemented robust arrangements for data back-up including periodic testing for recoverability.

Development of annual compliance plans

3.34 Report No.3 2015–16 identified a lack of risk-based plans to coordinate permit compliance monitoring activities. GBRMPA committed to developing and implementing annual permissions compliance plans to address this finding. GBRMPA has developed an annual permissions compliance plan each year from 2015–16 to 2020–21.

3.35 The annual compliance plans outline categories of activities intended to support the achievement of permissions compliance outcomes:

  • education and communication to raise permit holder awareness of how to comply;
  • monitoring and reporting to assess levels of permit holder compliance; and
  • enforcement measures aimed at adjusting permit holder behaviour towards compliance.

3.36 According to the plan, monitoring and reporting may include the following activities:

  • surveillance;
  • environmental site supervision;
  • compliance audits (including desktop; field inspections; and system based checks);
  • investigations; and
  • compliance planning where specific plans are developed for high risk permissions.

3.37 The annual compliance plans also outline the types of permissions non-compliance that may occur. GBRMPA has undertaken a risk assessment of these non-compliance types, based on the impact of non-compliance on the Marine Park and the likelihood of non-compliance occurring. For each non-compliance type, GBRMPA has identified a number of ‘treatments’ intended to reduce the risk. These treatments may include a range of education and communication, monitoring and reporting, or enforcement activities.

3.38 Each type of permissions non-compliance is assigned an initial untreated risk rating and a treated risk rating.74 The treated risk ratings are based on the assumption that all planned treatments are implemented.

3.39 The 2019–20 annual compliance plan objectives include that ‘risks are prioritised and treatments identified based on the available resources and the application of appropriate compliance tools.’ GBRMPA’s other annual permissions compliance plans contain similar statements.

3.40 However, there is no evidence of GBRMPA aligning or prioritising treatments, including monitoring and reporting activities, against identified risks. Further, the plans do not present any information on prioritisation of resource allocation, in particular against education and communication, and monitoring and reporting activities.

3.41 For example, the 2019–20 plan identifies 31 categories of non-compliance risks and 130 treatments. The plan assigns these to be completed with staffing resourcing of ‘approximately four full time equivalents’.

3.42 The first three annual compliance plans present no information on resource allocation (Table 3.3). Plans from 2018–19 to 2020–21 present information on the allocation of staffing resources to treatment categories.75 There is no allocation of any other types of resourcing in any of the annual permissions compliance plans.76

Table 3.3: Annual compliance plans resource allocation (full time equivalents — FTE)

Annual Compliance Plan

Education and communication treatments

Monitoring and reporting treatments

Enforcement treatments

Total

2015–16

These plans did not contain any type of resource allocation.

2016–17

2017–18

2018–19

0.65

1.75

0.75

3.15

2019–20

1.14

3

1.75

4.72

2020–21

1.09

3.35

0.16

4.6

     

Source: ANAO analysis of GBRMPA information.

Governance for the delivery of the compliance framework

3.43 In agreeing to recommendations made by the Parliament or the Auditor-General, GBRMPA is providing a commitment to the Parliament to improve the relevant area of administration.77 The governance arrangements in place to monitor and oversee the implementation of actions against recommendations should provide assurance that the intent of the recommendation has been met.

3.44 Audit committees provide independent advice and assurance to an entity’s accountable authority on financial and performance reporting, risk oversight management and internal controls.78 GBRMPA’s audit committee charter (the charter) states that the audit committee is responsible for ensuring GBRMPA has appropriate mechanisms in place to review relevant parliamentary committee reports, external reviews and evaluations, and implement, where appropriate, any resultant recommendations.

3.45 GBRMPA’s audit committee maintains a register of internal audit recommendations. This register includes the management commitments made to address internal audit recommendations and the status of actions to address these recommendations. GBRMPA’s audit committee does not maintain a similar register to monitor parliamentary and external audit recommendations.

Review of standard conditions

3.46 As noted in paragraph 3.6, Report No.3 2015–16 recommended that GBRMPA improve the effectiveness of conditions used to manage risks to the Marine Park from permitted activities, including periodic review of the adequacy of standard conditions (Recommendation no.3).

3.47 In meetings held in February 2016, June 2016 and November 2016, GBRMPA reported to its audit committee that work is ongoing to implement Recommendation no.3 and stated that ‘[s]tandard permit conditions will be reviewed in April–June 2017 after Regulation amendments, revised policies and new guidelines are finalised’. GBRMPA advised the audit committee in these meetings that ‘[t]he intention is to establish a rolling review schedule for standard permit assessments and conditions’.

3.48 This was also reflected in GBRMPA’s initial advice to the JCPAA as part of its submission to the inquiry. In February 2017, in its response to the JCPAA recommendations in Report 456: Defence Major Equipment Procurement and Evaluation, and Great Barrier Reef Regulation (see Appendix 3), GBRMPA referred to an ongoing review process to improve the effectiveness of conditions to address risk, and indicated that a substantial review of conditions will coincide with the implementation of the amended Regulations and guidance material.

3.49 On 8 November 2017, GBRMPA reported to its audit committee that it had implemented the first three recommendations from Report No.3 2015–16 with the first tranche of improvements to the permissions system that came into effect in October 2017. It did not mention whether standard conditions had been reviewed as planned, or a periodic review schedule for standard conditions had been established.

3.50 In August 2018, an internal audit into the framework guiding assessment of applications, including the implementation of Recommendations no.1 to 3, commissioned by GBRMPA assessed that Recommendation no.3 had been completed, noting:

The control framework embraces a ‘continuous improvement’ mindset which addresses and improves the assessment and approval systems and associated policies and procedures on an ongoing basis.

3.51 GBRMPA agreed to five management actions in response to the internal audit, all due for completion by 30 November 2018. Reporting to the audit committee in November 2018 stated that all actions were completed on 24 October 2018.

3.52 The audit committee noted the November 2018 update with Recommendation no.3 reported as being completed by internal audit. There is no subsequent record of the audit committee considering GBRMPA’s implementation of Recommendation no.3.

3.53 In October 2018, GBRMPA advised the JCPAA that Recommendation no.3 from Report No.3 2015–16 had been completed, referring again to the improvements to the permissions system implemented on 4 October 2017. There was no mention of review of standard conditions or a schedule to undertake such a review.

3.54 As noted in paragraph 3.14 the current review of conditions has not been completed.

Compliance management

3.55 GBRMPA’s reporting to the JCPAA and its audit committee on the implementation of recommendations related to compliance management (Recommendations no.4 and 5) is not consistent and committed timeframes have not been met.

  • In October 2018, GBRMPA advised the JCPAA that Recommendations no.4 and 5 were ‘Achieved’, however also stated that actions to address these recommendations were ‘in draft form’ or anticipated to ‘be largely complete by the end of the 2018–19 financial year’.
  • Reporting to GBRMPA’s audit committee in March 2020 stated progress to implement previous audit Recommendations no.4 and 5 had been made, but work to fully implement Recommendations no.4 and 5 was ongoing.

3.56 There is no subsequent record of the audit committee considering GBRMPA’s implementation of Recommendations no.4 and 5.

3.57 In relation to the audit committee considering closure of recommendations from Report No.3 2015–16 there is no evidence that the audit committee:

  • critically examined the advice provided to it in relation to the actions taken to address the ANAO recommendations;
  • clearly tracked the audit and related JCPAA recommendations over time, including documenting decisions on whether the recommendations had been addressed; or
  • provided assurance to the accountable authority on the closure of recommendations.

Recommendation no.5

3.58 The Great Barrier Reef Marine Park Authority review and implement improved governance arrangements for monitoring the implementation of parliamentary committee and external audit recommendations, including ensuring the audit committee provides clear advice to the accountable authority on the closure of recommendations.

Great Barrier Reef Marine Park Authority response: Agreed.

3.59 The Authority regularly reviews the governance arrangements involving the audit committee.

Are permissions monitoring activities effective?

GBRMPA is unable to demonstrate it has efficiently and effectively monitored permissions compliance. Performance reporting does not clearly demonstrate the effectiveness of permissions monitoring.

3.60 Effective permissions monitoring is required for GBRMPA to manage the risks posed to the Marine Park from permitted activities. Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals found that GBRMPA’s permissions monitoring was insufficient to determine permit holders’ compliance with permissions.79

Post-approval reporting requirements

3.61 Report No.3 2015–16 found GBRMPA was not effectively monitoring most types of post-approval reporting requirements.80 The report recommended that GBRMPA develop and enhance standard operating procedures for undertaking permissions compliance monitoring activities (including in relation to post-approval reporting requirements).

3.62 GBRMPA implemented measures to monitor post-approval reporting requirements in response to this recommendation, with functionality to record due dates and document the achievement of post-approval reporting requirements added to the RMS in October 2019. However, use of spreadsheets concurrently with the RMS continued until the end of 2020. Further system amendments were made in March 2021 that automatically raise an allegation of non-compliance when a reporting requirement due date becomes overdue.

3.63 Between August 2015 and February 2021, monitoring of post-approval reporting requirements was not supported by appropriate system-based record-keeping to ensure all overdue requirements were recorded and appropriately actioned as non-compliance. Parts of the process, including sending reminders to permit holders of approaching due dates for reporting and referring overdue cases for compliance action, were managed across multiple spreadsheets.

3.64 Reporting against post-approval requirements between August 2015 and February 2021 indicates that:

  • not all requirements were met or recorded as met on the RMS where the due dates had passed81;
  • not all post-approval reporting requirements have their due date and status recorded in the RMS; and
  • individual post-approval reporting requirements recorded in the RMS cannot be traced through the reminder and non-compliance allegation spreadsheets to confirm that compliance actions have been taken for all unmet post-approval reporting requirements.

3.65 The implementation of the RMS compliance module in February 2021 includes functionality designed to improve GBRMPA’s capability to provide assurance that all outstanding post-approval reporting requirements are actioned.

Performance information

3.66 A key element of regulatory governance is the establishment of an appropriate performance framework that provides information about whether the regulator is achieving intended results. This should include external performance measures to provide information about the achievement of its purpose to Parliament and other stakeholders, and internal performance measures to inform officials, including the Board, about the efficiency and effectiveness of its regulation.

3.67 As part of their annual corporate planning process Commonwealth entities are required to establish their purpose(s) and a set of performance measures that can provide an assessment of the extent to which they have succeeded in achieving that purpose. Results against these performance measures are required to be provided in the annual performance statements.82

Purpose statement

3.68 Subsection 16E(2) of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) requires entities to include the purposes of the entity in their corporate plan. The purposes of an entity include the objectives, functions or role of the entity. A clear and concise statement of the purposes of an entity underpins a robust performance reporting framework.83 GBRMPA’s purpose is stated in its corporate plan:

Provide for the long-term protection, ecologically sustainable use, understanding and enjoyment of the Great Barrier Reef for all Australians and the international community through the care and development of the Marine Park.84

3.69 GBRMPA’s purpose statement is followed by a statement of its role:

The Great Barrier Reef Marine Park Authority (the Authority) is established under the Great Barrier Reef Marine Park Act 1975 (Marine Park Act) and is the Australian Government statutory authority responsible for protecting and managing the environment, biodiversity and heritage values of the Great Barrier Reef Region (the Region).

The Authority reports to the Australian Government Minister for the Environment and advises the Minister on a range of matters relevant to the care and development of the Great Barrier Reef (the Reef). Our work includes day-to-day Marine Park management, development and implementation of policies, plans and programs to protect biodiversity, building capacity through partnerships and education, and synthesising knowledge to guide innovation and adaptive management.85

3.70 When read together, the purpose and role statements cover the required elements as they present the majority of GBRMPA’s objectives, functions and roles. They are clear and concise, although some elements of the objects of the Act under section 2A are not explicitly covered, specifically encouragement of engagement in the protection and management of the reef region by interested persons and groups, including Queensland and local governments, communities, Indigenous persons, business and industry.

Activities

3.71 Subsection 16E(2) of the PGPA Rule requires entities to identify the key activities the entity will undertake during the reporting period to achieve its purposes.86 This audit assessed GBRMPA’s identification of key activities related to Marine Park permits and approvals. GBRMPA’s 2020–21 corporate plan presents these activities in ‘Program Area 2: Enhancing Reef resilience through innovation, management and regulation of the Marine Park and our in-field presence’.87

3.72 GBRMPA’s 2020–21 corporate plan outlines ‘delivery strategies’88 against each Program Area. The delivery strategies are considered to be the key activities required by subsection 16E(2) of the PGPA Rule. The delivery strategies and an assessment of whether they are aligned to a performance criterion for Program Area 2 are set out in Table 3.4.

Table 3.4: Delivery strategies for Program Area 2

Corporate result

Delivery strategy

Is the delivery strategy linked to a performance criterion?

2.2: Rules for a resilient Reef are followed

Aboriginal and Torres Strait Islander Heritage Strategy

No

Policy and Planning Strategic Roadmap

No

Reef Joint Field Management Program

Yes — 2.2.1: Number of offences in the Marine Park per year.

   

Source: ANAO analysis of GBRMPA 2020–21 Corporate Plan p. 33.

3.73 The delivery strategies identified for Program Area 2 contribute to GBRMPA’s purpose, however they do not adequately describe all of the key activities GBRMPA plans to undertake for Program Area 2. Permissions system related activities are not clearly described in any of the delivery strategies.

Performance measures

3.74 Reporting by entities under the Commonwealth performance framework should provide a ‘clear read’ and a ‘line of sight’ between the allocation and use of public resources and the results being achieved.89

3.75 GBRMPA’s performance information relating to the permissions system was not clear, consistent and reconcilable for each annual cycle between 2017–18 and 2019–20 as:

  • reporting does not demonstrate to the Parliament and the public a clear read of performance within each cycle; and
  • annual performance statements stated performance targets were met, but did not link to supporting evidence.

3.76 The reader’s ability to assess GBRMPA’s permissions system performance across the performance cycles is limited by changes to performance criteria, targets and information from one annual performance cycle to the next.

3.77 GBRMPA redesigned and set five permissions system related performance criteria and targets for 2020–21. This is the third redesign in four annual performance cycles (see Table A.3 in Appendix 5).

3.78 The 2020–21 performance measures have been assessed against the PGPA Rule requirements that performance measures: include output, efficiency and effectiveness measures (if appropriate); are related (to key purposes or activities); and are measurable (reliable, verifiable and unbiased) (Table 3.5).90

Table 3.5: Assessment of 2020–21 permissions system performance measures

Performance measure

Measure type

Related

Measureable

2.2.1: Number of offences in the Marine Park per year.

Non-Compliance — Output

Yes

Mostly

2.2.2: Increase in uptake of online permissions and Environmental Management Charge system.

May be an efficiency proxy if stated

Yes

Yes, but not targeted

2.2.3: Planned permissions and Environmental Management Charge compliance activity completed.

Activity

Not assessed

Not assessed

2.2.4: Number of Marine Park compliance activities in each risk category.

May be an effectiveness proxy if stated

Yes

Yes, but not targeted

2.2.5: Our permission system service level standards are met.

May be an effectiveness proxy if stated

Yes

Yes

Overall assessment

    

Legend: PGPA Rule requirements — Met; Mostly met; Not met.

Source: ANAO analysis of GBRMPA information.

3.79 These five permissions system related performance measures may not meet PGPA Rule requirements as:

  • there is no specific performance measure for efficiency; and
  • they may not be measurable as two do not provide clear targets or methodologies.

3.80 The PGPA Rule also requires that performance measures relate directly to one or more purposes or key activities.91 While the performance criteria for Corporate Result 2.2 are related to GBRMPA’s purpose, the delivery strategies are not clearly aligned to permissions system’s activities.

3.81 The Regulator Performance Framework requires regulators to publish annual self-assessments on their performance against six performance indicators.92 While GBRMPA’s website acknowledges the requirement for annual reporting, GBRMPA has only published one self-assessment which was for 2015–16.93 GBRMPA commenced another self-assessment process in February 2021. In March 2021 GBRMPA advised the ANAO this work was being progressed ‘as resourcing allows’.94

Internal performance reporting

3.82 Internal reporting and monitoring of performance using well-defined measures can be a valuable source of information for a regulator on its strategies and areas for improvement.

3.83 GBRMPA’s internal reporting mechanisms for permissions compliance include:

  • weekly high level reports to the General Manager;
  • monthly reporting to the Compliance Operations Group; and
  • quarterly reporting in the Field Management Compliance Program quarterly report95 and against the annual operating plan.

3.84 Internal reporting for permissions compliance is brief, not standardised or consistent between periods, and does not align with the outcomes and targets established in the annual compliance plans. Reporting is typically focussed on permit application and decision volumes, and supporting activities such as system and policy development, rather than compliance monitoring and reporting on the realisation of risks.

Recommendation no.6

3.85 The Great Barrier Reef Marine Park Authority establish a performance framework that includes clear external and internal performance measures, including regulator performance reporting. This framework should incorporate efficiency measures as outlined in Recommendation no.2.

Great Barrier Reef Marine Park Authority response: Agreed.

4. Non-compliance framework

Areas examined

This chapter examines whether the Great Barrier Reef Marine Park Authority (GBRMPA) has established an appropriate non-compliance framework. This includes implementation of Recommendation no.5 of Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals.

Conclusion

GBRMPA has partially implemented an appropriate non-compliance framework. GBRMPA is currently implementing information systems and procedures that have the potential to provide an improved non-compliance framework. Further planned improvements are required to fully implement these elements. Permissions non-compliance activities up to March 2021 were not supported by appropriate procedures or information systems.

Areas for improvement

The ANAO made one recommendation aimed at GBRMPA implementing assurance mechanisms to ensure delegations are appropriately exercised.

The ANAO also suggested that GBRMPA review inspector training materials to provide more tailored information for staff undertaking permissions compliance roles.

4.1 Effective regulation of permissions requires GBRMPA to act on identified instances of non-compliance. An appropriate framework of policies, processes, systems and plans support effective permissions non-compliance actions.

4.2 To assess whether GBRMPA has established an appropriate non-compliance framework, the ANAO examined whether:

  • there is a framework for managing permissions non-compliance;
  • permissions non-compliance is managed consistently with this framework; and
  • enforcement actions are verified prior to the closure of investigations.

Is there a framework for managing permissions non-compliance?

Key information system and procedural elements of the permissions non-compliance framework were not implemented until March 2021. Further planned improvements are required to fully establish an effective framework.

4.3 An appropriate framework of policies, processes, systems and plans supports effective permissions non-compliance actions, including by:

  • defining and identifying instances of non-compliance;
  • aligning actions with the severity and frequency of non-compliance; and
  • establishing appropriate training and qualifications requirements for staff responsible for managing non-compliance.

4.4 Report No.3 2015–16 made findings relating to GBRMPA’s approach to managing permissions non-compliance. Specifically, an overarching compliance framework was in draft form and did not address all regulatory requirements. It recommended that GBRMPA improve processes for responding to instances of permissions non-compliance, including:

  • updating and finalising guidance documentation for managing non-compliance; and
  • reinforcing to staff the need for all instances of non-compliance by permit holders to be reported and recorded in relevant systems.96

Permissions non-compliance framework

4.5 Report No.3 2015–16 reported that the Field Management Compliance Unit (FMCU) was responsible for investigations of alleged non-compliance with permissions as well as activities not subject to permissions.97 Alleged non-compliance with permissions related to five per cent of all recorded incidents examined by the FMCU. The majority of non-compliance incidents and investigations related to breaches of state fishing permits and licence or activities not subject to permissions.98 A permissions compliance team, separate to the FMCU, was established in September 2018.

4.6 The status of implementation of actions to address key issues relating to the non-compliance framework identified in Report No.3 2015–16 are outlined in Table 4.1.

Table 4.1: Actions addressing compliance framework issues as at April 2021

Previous audit issuea

Current status of policy and procedureb

Information system statusc

Guidance available to staff on initiating responses to non-compliance.

Permissions compliance procedure approved on 30 March 2021.

N/A

Information system actions are not relevant to this issue.

Failure to meet permissions requirements to submit information to GBRMPA not recorded and actioned as non-compliance.

Permissions compliance procedure approved on 30 March 2021 recognises this as non-compliance and includes processes for monitoring and actioning.

Full automation of reporting monitoring and compliance procedures not yet implemented.

Timeliness of recording and actioning permissions non-compliance allegations.

Permissions compliance procedure approved on 30 March 2021 includes timeliness metrics.

The information system records data required to monitor timeliness. Reporting functionality not yet implemented.

No evidence of prioritisation of permissions non-compliance investigations.

This is not covered in the permissions compliance procedure approved on 30 March 2021.

No relevant functionality can be identified in the RMS compliance module’s documentation.

Key decisions and supporting information in the investigation process not appropriately documented.

Permissions compliance procedure approved on 30 March 2021 describes processes for documenting decisions.

Functionality to support documentation of key decisions implemented on 19 February 2021.

Absence of documented plans for investigations.

This is not covered in the permissions compliance procedure approved on 30 March 2021.

No relevant functionality can be identified in the RMS compliance module’s documentation.

Failure to consider compliance history in investigations.

Permissions compliance procedure approved on 30 March 2021 includes processes for considering compliance history

Functionality to support consideration of compliance history implemented on 19 February 2021.

Justifications of delays in permissions compliance investigations not documented.

This is not covered in the permissions compliance procedure approved on 30 March 2021.

Information system records data required to monitor timeliness. Reporting functionality not yet implemented.

Insufficient records of the decisions to undertake enforcement actions.

Permissions compliance procedure approved on 30 March 2021 includes processes for documenting decisions.

Information system functionality supports consideration of compliance history.

Lack of records to demonstrate enforcement actions completed and/or supporting decision to close investigation.

Permissions compliance procedure approved on 30 March 2021 describes processes for recording evidence.

Information system functionality supports consideration of compliance history.

     

Legend:  Addressed in framework; Partly addressed in framework; Not addressed in framework

Note a: Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, Chapter 7.

Note b: This assessment is based on a document review of GBRMPA’s Internal Procedure: Managing Permissions Non Compliance (Revision 0) approved 30 March 2021. This audit did not assess the effectiveness of these procedures.

Note c: This information system assessment is based on the functionality described in the system documentation for the Reef Management System’s My Case Manager Module implemented on 19 February 2021. This is an assessment of documented functionality, however the use of this functionality was not tested as it was not in use during the audit fieldwork stage.

Source: ANAO analysis of GBRMPA information.

4.7 While information system updates implemented in February 2021 are expected to address some issues, such as improved record-keeping, these outcomes have not yet been realised. Investigation planning and prioritisation of cases have not been addressed in the March 2021 updates.

Marine Park inspectors

4.8 Marine Park inspectors exercise powers under the Great Barrier Reef Marine Park Act 1975 (GBRMP Act).99 Inspector powers are wide ranging and include powers to: access premises; stop and search aircraft and vessels and persons; give directions; require a person to leave the Marine Park; require a person to produce a permit; and give an infringement notice to a person for certain contraventions.

4.9 Prior to procedural documentation being approved in March 2021, it was not clear whether staff investigating permissions non-compliance were required to be appointed as Marine Park inspectors. The qualifications required by Marine Park inspectors undertaking permissions compliance activities were also not clearly defined.

4.10 Procedures approved in March 2021 have clarified that permissions non-compliance can be investigated by staff who are not appointed as Marine Park inspectors. However, all permissions compliance staff are required to have investigations qualifications.

4.11 As at March 2021, three of the four staff within the permissions compliance team have been appointed as Marine Park inspectors. Of the three permissions compliance staff appointed as inspectors, one holds both a Certificate IV in Government (Investigation) and a Diploma of Government (Investigation); one holds a Certification IV in Government (Investigation); and one staff member does not hold either of these qualifications. The remaining member of the permissions compliance team is currently undertaking a Certificate IV in Government (Investigation) but has not yet been appointed as an inspector.

Training requirements

4.12 The Field Management Compliance Unit (FMCU) provides training to Marine Park inspectors. Content covered in the training includes:

  • an overview of roles and responsibilities of FMCU staff and Queensland Parks and Wildlife Service and Partnerships (QPWS&P) rangers;
  • inspector powers provided by the Act;
  • collection of evidence and seizures;
  • use of FMCU systems such as the Field Reporting System;
  • common offences and submitting evidence to the Commonwealth Director of Public Prosecutions; and
  • emerging issues in compliance.

4.13 The training includes a session relating to permissions compliance, however this information is pitched at FMCU inspectors and provides limited information for inspectors performing permissions compliance roles. While this addresses part of Recommendation no.5 from Report No.3 2015–16, by providing information to other business areas, it does not provide support and guidance for staff undertaking permissions compliance activities.100 The roles and responsibilities of permissions compliance staff is not covered in the training to the same extent as the FMCU and QPWS&P.

4.14 There is scope for GBRMPA to review inspector training materials to provide more tailored information for staff undertaking permissions compliance roles. As permissions compliance related policies and procedures are finalised, GBRMPA should review these documents to ensure that inspector requirements, including training and qualifications, are clearly defined.

Is permissions non-compliance managed consistently with the framework?

GBRMPA is unable to demonstrate it has managed permissions non-compliance consistently with the framework, as this was not established until March 2021.

4.15 A clear and approved framework which establishes the range of responses to non-compliance supports appropriate enforcement actions and GBRMPA to operate as an effective regulator. This includes providing for:

  • selection of appropriate responses based on the level of risk and impact;
  • escalation actions when non-compliance is not rectified; and
  • appropriately recording regulatory actions taken.

4.16 In the absence of a framework against which GBRMPA’s management of permissions non-compliance could be assessed, the audit examined the:

  • types of permissions non-compliance GBRMPA has managed and actioned; and
  • delegations exercised when managing permissions non-compliance.

Management of permissions non-compliance allegations

4.17 Report No.3 2015–16 reported that between July 2012 and June 2014 GBRMPA recorded 76 allegations of non-compliance with permissions. Investigations were undertaken for 59 of these allegations. It also identified that many allegations were not being recorded on GBRMPA’s systems. When non-compliance was investigated, generally these investigations were not timely and decision-making was poorly documented.101

4.18 Between July 2015 and February 2021, GBRMPA recorded allegations of non-compliance in spreadsheets. These spreadsheets consisted of fields for recording allegations, activities, actions and some outcomes. The final outcome for 99 records (9 per cent) is unclear.102

4.19 The format of these spreadsheets changed over time. While these spreadsheets record actions GBRMPA has taken in relation to allegations of non-compliance, there is no assurance over the completeness of information or actions taken.

4.20 GBRMPA introduced stage one of a compliance module into the Reef Management System in February 2021. The compliance module has been designed to support GBRMPA’s management of allegations and cases of permissions non-compliance. GBRMPA advised the ANAO that following the implementation of the compliance module the spreadsheets are no longer in use.

4.21 Table 4.2 outlines the number of allegations of non-compliance recorded and the number of allegations reported externally in GBRMPA’s annual reports.

Table 4.2: Recorded permissions non-compliance allegations 2015–16 to 2019–20

Data source

2015–16

2016–17

2017–18

2018–19

2019–20

Total

RMS Compliance module

135

413

135

98

83

864

Annual reportsa

281

501

133

134

210b

1259

       

Note a: Data from 2014–15 has not been included as this was during the period GBRMPA was implementing new processes. GBRMPA annual reports: 2015–16, Table 2; 2016–17, Table 4; 2017–18 Table 4; 2018–19 Figure 9; 2019–20, Figure 9.

Note b: During this audit, the ANAO identified that Figure 9 in the 2019–20 annual report incorrectly presents figures as percentages rather than plain numerals and the legend is missing three allegation types. GBRMPA has acknowledged this error on the annual report page of its website.

Source: ANAO analysis of GBRMPA information.

4.22 Table 4.2 illustrates that there are inconsistencies between:

  • the compliance module data set which includes 864 permissions non-compliance allegations with a created date between 1 July 2015 and 30 June 2020103; and
  • the annual number of the non-compliance allegations GBRMPA has reported in each annual report from 2015–16 to 2019–20, which totals 1259 permissions non-compliance allegations for the same period.

4.23 The information presented in the annual reports is based on data recorded in the permissions non-compliance spreadsheets, which have been replaced as at February 2021.

4.24 GBRMPA attributes the differences between the two sources to the data cleansing process that occurred when spreadsheet data was uploaded to the RMS compliance module. GBRMPA only uploaded historical allegations that had sufficient data to populate the RMS compliance module.104 GBRMPA also advised that the reporting functionality in RMS compliance module is not fully implemented as at March 2021 so some allegations may not have been captured in the dataset analysed in Table 4.2.

Permissions non-compliance investigation actions

4.25 Not utilising the full range of regulatory powers can limit the effectiveness of a regulator in achieving its outcomes.105 As outlined in paragraph 3.35, GBRMPA’s annual permissions compliance plans include the following categories of actions it intends to implement to achieve its permissions compliance outcomes:

  • education and communication to raise permit holder awareness of compliance;
  • monitoring and reporting actions to assess levels of permit holder compliance; and
  • enforcement actions intended to adjust permit holder behaviour towards compliance.

4.26 GBRMPA reported on the actions taken in response to permissions non-compliance allegations in its annual reports between 2015–16 and 2017–18.106 Table 4.3 presents these actions against the annual compliance plan’s outcomes and strategies.

Table 4.3: Reported permissions non-compliance action taken 2015–16 to 2017–18

Category

Action

Number of actions taken 2015–16 to 2017–18

Educate

Information

266

Education and engagement

N/A

Monitoring and reporting

Surveillance

N/A

Environmental site supervision

1

Audits

N/A

Investigations

146a

Compliance planning

N/A

Enforcement

Cautions / Advisory letters

15

Infringement Notices

0

Directions and Orders

0

Administrative Action

47

Prosecution

0

Actions that do not finalise an Annual Compliance Plan outcome

Process based action (for example time extension or request for further information)b

823

Internal or external referral

29

Intention to revoke

2

Unclear description

32

Total actions reported for 2015–16 to 2017–18

1361c

   

Note a: This is the number of investigations closed with no further action. A clear record of the number of individual investigations undertaken has not been identified.

Note b: Process based actions may result in no further action or alternative compliance action being undertaken. They do not represent a compliance outcome.

Note c: An individual allegation of non-compliance may be subject to multiple actions.

Source: ANAO from GBRMPA information.

4.27 The presentation of this information between 2015–16 and 2017–18 did not include consistent action descriptions across the reporting periods. As such it does not provide clear insights to the reader for performance over time.

4.28 Further, almost two-thirds (886 out of 1361) of the reported actions did not result in finalisation of annual compliance plan outcomes. Reporting on these process-based actions may be misleading as it is not clearly aligned to the achievement of outcomes.

4.29 This reporting also shows that while annual permissions compliance plans identify infringement notices, directions and orders, or prosecutions as possible strategies for responding to permissions non-compliance, these strategies were not used between 2015–16 and 2017–18.107

4.30 The permissions service charter was established in October 2017 and commits to reporting the number of administrative compliance actions taken for permissions and environmental management charge non-compliances.108 GBRMPA did not meet this commitment in 2018–19 or 2019–20 as this information is not reported. GBRMPA’s 2020–21 corporate plan does not include this as a reporting metric.

4.31 Based on current record-keeping and reporting practices, GBRMPA is unable to demonstrate that actions taken in response to permissions non-compliance are aligned to, and effective at, managing identified risks and issues.

Delegations

4.32 The ability to provide assurance that legislative powers are appropriately exercised requires an entity to retain records that a decision-maker held the required delegation at the time a decision is made. A regulator that cannot demonstrate that actions are consistent with legislated powers may have regulatory action overturned if subjected to external review or challenge.109

4.33 An instrument made under the GBRMP Act delegates powers for managing permissions non-compliance to GBRMPA and Queensland Parks and Wildlife Service and Partnerships (QPWS&P) employees.110 The delegation instrument includes 18 permissions non-compliance related delegations. The RMS compliance module allows for 37 actions in relation to an allegation of permissions non-compliance. It is not clear within the system which actions require a delegation.

4.34 GBRMPA’s permissions compliance documentation and RMS compliance module uses the term delegate to refer to any decision-maker. The procedure for permissions non-compliance does not clearly identify if the action requires the decision-maker to exercise a legislative delegation, or if the decision is administrative and not a specific power under the Act.

4.35 GBRMPA’s spreadsheet based management of permissions compliance allegations between 2015 and February 2021 does not provide assurance the decisions were made by appropriately authorised decision-makers as spreadsheets do not specify the decision-maker for all key actions.

4.36 The RMS compliance module implemented in February 2021 does not support system-based assurance that permissions compliance actions are consistent with GBRMPA delegation instrument as:

  • user roles are manually maintained by system administrators with no link to the human resources system that records an employee’s current ongoing or acting employment level111;
  • decisions recorded on the system do not align with the corresponding legislative powers provided through the delegation instrument; and
  • user profiles112 are mapped to position numbers, however the delegation instrument assigns legislative powers to employment levels and not a position number.

Recommendation no.7

4.37 The Great Barrier Reef Marine Park Authority implement arrangements to provide assurance that legislated delegations related to management of permissions non-compliance are exercised in accordance with delegation instruments.

Great Barrier Reef Marine Park Authority response: Agreed.

4.38 The Authority has an existing program of system enhancements that relate to the permission system.

Are enforcement actions verified prior to the closure of investigations?

GBRMPA finalised procedures and systems that support appropriate closure of investigations in March 2021. Record-keeping practices for investigations of allegations received prior to March 2021 do not provide appropriate assurance that enforcement actions have been verified prior to closure.

4.39 Verification of enforcement actions prior to investigation closure ensures that issues impacting the Marine Park are adequately addressed and provides assurance over GBRMPA’s actions as a regulator.

4.40 Report No.3 2015–16 found that documentation related to enforcement decision making was poor. In some cases, primarily related to education of permit holders, investigations were closed despite the enforcement action not having been undertaken.113

4.41 Audit assurance based on sample testing requires finalised policies and procedures supported by appropriate record-keeping and information systems.114 As GBRMPA had not finalised an appropriate permissions compliance framework that required verification of enforcement activities prior to investigation closure until March 2021, sample based analysis testing was not considered appropriate.115 Assurance cannot be provided by GBRMPA that all permissions compliance decisions are being appropriately completed.

Appendices

Appendix 1 Great Barrier Reef Marine Park Authority response

Page 1 of response from the Great Barrier Reef Marine Park Authority. You can find a summary of the response in the Summary and Recommendations chapter of this report.

Page 2 of response from the Great Barrier Reef Marine Park Authority. You can find a summary of the response in the Summary and Recommendations chapter of this report.

Appendix 2 Recommendations from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals

Table A.1: Recommendations from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals

Number and paragraph

Recommendation and response

Recommendation no.1

Paragraph 2.31

To improve the processing of Marine Park permit applications, the ANAO recommends that the Great Barrier Reef Marine Park Authority:

  1. review and finalise standard operating procedures and administrative guidance for the permit application and assessment process; and
  2. reinforce to staff the need to document whether permit application assessment requirements have been addressed.

GBRMPA’s response: Agreed

Recommendation no.2

Paragraph 3.37

To improve the rigour of permit application assessment and decision-making processes, the ANAO recommends that the Great Barrier Reef Marine Park Authority:

  1. prepare and revise permit application and risk assessment templates to better address assessment considerations and risks relevant to the various permit types; and
  2. reinforce to staff the importance of preparing assessment reports for delegates that adequately address regulatory assessment requirements.

GBRMPA’s response: Agreed

Recommendation no.3

Paragraph 4.28

To improve the effectiveness of permit conditions used to manage risks to the Marine Park from permitted activities, the ANAO recommends that the Great Barrier Reef Marine Park Authority periodically review the adequacy of standard permit conditions.

GBRMPA’s response: Agreed

Recommendation no.4

Paragraph 6.36

To improve the effectiveness of permit compliance monitoring, the ANAO recommends that the Great Barrier Reef Marine Park Authority:

  1. develop and enhance standard operating procedures for undertaking compliance monitoring activities (including in relation to post-approval reporting requirements); and
  2. implement a coordinated, risk-based program of compliance monitoring activities.

GBRMPA’s response: Agreed

Recommendation no.5

Paragraph 7.41

To improve processes for responding to instances of permit non-compliance, the ANAO recommends that the Great Barrier Reef Marine Park Authority:

  1. update and finalise guidance documentation for managing non-compliance;
  2. reinforce to staff the need for all instances of non-compliance by permit holders to be reported and recorded in the Compliance Management Information System;
  3. document the reasons for key decisions taken during permit investigations, including whether to investigate incidents and enforcement decisions; and
  4. verify that enforcement action has been undertaken prior to the closure of investigations.

GBRMPA’s response: Agreed

   

Table A.2: Assessment of implementation of previous audit recommendations

Recommendations

Assessment

  1. To improve the processing of Marine Park permit applications, the ANAO recommends that the Great Barrier Reef Marine Park Authority:

Three quarter full Harvey ball

  1. review and finalise standard operating procedures and administrative guidance for the permit application and assessment process; and

Three quarter full Harvey ball

  1. reinforce to staff the need to document whether permit application assessment requirements have been addressed.

Three quarter full Harvey ball

  1. To improve the rigour of permit application assessment and decision-making processes, the ANAO recommends that the Great Barrier Reef Marine Park Authority:

Three quarter full Harvey ball

  1. prepare and revise permit application and risk assessment templates to better address assessment considerations and risks relevant to the various permit types; and

Full Harvey ball

  1. reinforce to staff the importance of preparing assessment reports for delegates that adequately address regulatory assessment requirements

Three quarter full Harvey ball

  1. To improve the effectiveness of permit conditions used to manage risks to the Marine Park from permitted activities, the ANAO recommends that the Great Barrier Reef Marine Park Authority periodically review the adequacy of standard permit conditions.

One quarter full Harvey ball

  1. To improve the effectiveness of permit compliance monitoring, the ANAO recommends that the Great Barrier Reef Marine Park Authority:

Three quarter full Harvey balla

  1. develop and enhance standard operating procedures for undertaking compliance monitoring activities (including in relation to post-approval reporting requirements); and

Three quarter full Harvey ball

  1. implement a coordinated, risk-based program of compliance monitoring activities.

Three quarter full Harvey balla

  1. To improve processes for responding to instances of permit non-compliance, the ANAO recommends that the Great Barrier Reef Marine Park Authority:

Three quarter full Harvey balla

  1. update and finalise guidance documentation for managing non-compliance;

Three quarter full Harvey balla

  1. reinforce to staff the need for all instances of non-compliance by permit holders to be reported and recorded in the Compliance Management Information System;

Three quarter full Harvey ball

  1. document the reasons for key decisions taken during permit investigations, including whether to investigate incidents and enforcement decisions; and

One quarter full Harvey ball

  1. verify that enforcement action has been undertaken prior to the closure of investigations.

One quarter full Harvey ball

Key

Empty Harvey ball Not implemented: There is no supporting evidence that the agreed action has been undertaken, or the action taken does not address the intent of the recommendation as agreed.

One quarter full Harvey ball Partially implemented: The action taken was less extensive than the recommendation agreed as it: fell well short of the intent of the recommendation as agreed; and/or processes were initiated or implemented but outcomes not achieved.

Three quarter full Harvey ball Largely implemented: The action taken was less extensive than the recommendation agreed as it fell short of the intent of the recommendation; and/or processes were initiated or implemented and there is evidence there was also action taken to achieve the outcome.

Full Harvey ball Implemented: There is evidence that the agreed action met the intent of the recommendation as agreed.

   

Note a: Systems and procedures to address these recommendations were implemented in February and March 2021 at the end of this audit’s fieldwork stage. These assessments are based on document reviews. The effectiveness of these systems and procedures was not assessed with sample based testing.

Source: ANAO analysis of GBRMPA documentation.

Appendix 3 Recommendations from Joint Committee of Public Accounts and Audit Report 456: Defence Major Equipment Procurement and Evaluation, and Great Barrier Reef Regulation

Number and paragraph

Recommendation and response

Recommendation no.2

Paragraph 3.50

 

To improve the effectiveness of the permit system as a means of managing risks to the Great Barrier Reef Marine Park, the Committee recommends that the Great Barrier Reef Marine Park Authority (GBRMPA):

  • appropriately accelerate its projected timeframe, currently planned over two tranches in 2017 and 2020, for implementation of the audit recommendations in ANAO Report No.3 and other improvements identified by GBRMPA as part of its project to strengthen the permit system
  • report back to the Committee within six months with details of new implementation dates and milestones, and how the accelerated timeframe will be achieved.

GBRMPA’s response: Supported with qualifications

Recommendation no.3

Paragraph 3.54

To improve the effectiveness of the permit system as a means of managing risks to the Great Barrier Reef Marine Park, the Committee recommends that the Great Barrier Reef Marine Park Authority implement more effective performance information, including targets, for permit application processing, assessment and approval timeframes, and continue to monitor and publicly report on performance outcomes in this area.

GBRMPA’s response: Supported

Recommendation no.4

Paragraph 3.59

 

To improve the effectiveness of the permit system as a means of managing risks to the Great Barrier Reef Marine Park, the Committee recommends that the Great Barrier Reef Marine Park Authority report back to the Committee at 18 months from the tabling of the Committee’s report, on:

  • whether it has met the new implementation dates and milestones as previously advised to the Committee in response to recommendation 1
  • specific implementation details and dates achieved on the following:
    • for permit application processing, assessment and approval — finalisation of standard operating procedures, guidance materials, and improvements in: documentation by officials, templates, assessment reports and standard permit conditions
    • for compliance management — finalisation of standard operating procedures and implementation of a risk-based program
    • for responding to non-compliance — finalisation of guidance materials and improvements in: identification of non-compliance, records management, documentation by officials and verification of enforcement action having been undertaken prior to closure of investigation

GBRMPA’s response: Supported

   

Appendix 4 Timeline of Great Barrier Reef Marine Park Authority implementation of recommendations

Figure A.1: Timeline of actions to address previous audit recommendations

This figure provides an overview of the key actions undertaken by GBRMPA in response to recommendations from Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Permits and Approvals from January 2015 to April 2021.  The key actions taken in this time include: Early 2015 to July 2018 — the Assessment and Decision Enhancement Project; July 2015 — the Strengthening Permissions Compliance Action Plan 2016–20 was approved; October 2018 to present — the Risk-based Solutions Project;  GBRMPA has finalised an Annual Permissions Compliance Plan each year since 2015–16.  The key updates or advice to the GBRMPA audit committee and the Joint Committee of Public Accounts and Audit (JCPAA) relating to the implementation of recommendations over this time include: November 2015 — advice to the JCPAA that actions to address the recommendations were underway. Mid-2016 — JCPAA Report 456 made three recommendations including that GBRMA accelerate actions to address the Auditor-General’s recommendations. Early 2017 — GBRMPA provided an update to the JPCAA accepting the JCPAA recommendations. October 2017 — new permissions system arrangements commenced. November 2018 — GBRMPA advised the JCPAA that all Auditor-General recommendations had been implemented. However, the response also states actions addressing recommendations 4 and 5 were ongoing and would be largely complete by the end of 2018–19. April 2020 — GBRMPA advised its audit committee that implementation of recommendations 4b and 5a was ongoing and completion expected by June 2020. February 2021 — information system upgrades to address recommendations 4 and 5 were implemented. March 2021 — a compliance procedural framework to address recommendation’s 4 and 5 was implemented.

Source: ANAO based on GBRMPA information.

Appendix 5 Permissions system related outcomes, performance criteria and targets

Table A.3: GBRMPA’s permissions system outcome and performance criteria for 2017–18 to 2020–21

 

2017–18

2018–19

2019–20

2020–21

Portfolio Budget Statement outcome

The long-term protection, ecologically sustainable use, understanding and enjoyment of the Great Barrier Reef for all Australians and the international community through the care and development of the Marine Park.

Portfolio Budget Statement program area

2: Regulating, and ensuring Marine Park user compliance

2: Enhancing Reef resilience through innovation, management and regulation of the Marine Park and our in-field presence.

Performance criteria

  • The impacts of human activity on the Great Barrier Reef are reduced through effective and efficient regulation and compliance.
  • Marine Park Authority regulations and management of activities are effective and efficient in reducing risks to the Reef
  • Permissions facilitate sustainable activity in the Marine Park
  • Increased compliance with protection measures increases resilience of the Reef
  • Marine Park Authority regulations and management of activities are effective and efficient in reducing risks to the Reef
  • Permissions facilitate sustainable activity in the Marine Park
  • Increased compliance with protection measures increases resilience of the Reef
  • Number of offences in the Marine Park per year
  • Increase in uptake of online permissions and Environmental Management Charge system.
  • Planned permissions and Environmental Management Charge compliance activity completed.
  • Number of Marine Park compliance activities in each risk category.
  • Our permissions system service level standards are met.
         

Source: Portfolio budget statements and GBRMPA corporate plans 2017–18 to 2020–21.

Table A.4: Permissions compliance related performance targets 2017–18 to 2020–21

2017–18 Corporate Plan

2018–19 Corporate Plan

2019–20 Corporate Plan

2020–21 Corporate Plan

Whitsundays Plan of Management finalised and in force.

Plans, policies and regulations take account of the health of the Reef and target priority areas and issues.

Plans, policies and regulations take account of the health of the Reef and target priority areas and issues.

1100 offences in the Marine Park for 2020–21, with a decreasing trend in future years.

 

New permit guidelines finalised and existing ones reviewed to improve transparency and consistency in permit decisions.

Medium and high risk activities are appropriately managed through a risk-based planning approach.

Medium and high risk activities are appropriately managed through a risk-based planning approach.

Maintain or improve the number of Marine Park compliance activities in each risk category.

Spatial planning tools identified and priority sites determined for improved protection.

Increase in the proportion of routine permissions granted.

Increase in the proportion of routine permissions granted.

Three other performance criteria have the statement ‘Establish methodology and baseline’ listed against their target.

24% of the Marine Park coastline is managed in accordance with an accredited Traditional Use of Marine Resources Agreement or Indigenous Land Use Agreement.

Low risk permissions have a reduction in time taken to process.

Low risk permissions have a reduction in time taken to process.

 

740 compliance patrol days funded through the Joint Field Management Program.

Low risk permissions have longer operating terms.

Low risk permissions have longer operating terms.

 

New compliance tools are identified, trialled and reviewed for effectiveness to address key risks.

Increase in guidance material available for applicants.

Increase in guidance material available for applicants.

 

 

Increased awareness and engagement around obligations associated with permissions.

Increased awareness and engagement around obligations associated with permissions.

 

 

Increased monitoring and auditing of medium and high risk non-compliances.

Increased monitoring and auditing of medium and high risk non-compliances.

 

       

Source: GBRMPA corporate plans 2017–18 to 2020–21.

Footnotes

1 Great Barrier Reef Marine Park Authority, Reef facts [Internet], available at: http://www.gbrmpa.gov.au/the-reef/reef-facts [accessed 27 October 2020].

2 United Nations Educational, Scientific and Cultural Organization, World Heritage List: Great Barrier Reef [Internet], available at: https://whc.unesco.org/en/list/154/ [accessed 27 October 2020].

3 Great Barrier Reef Marine Park Authority, Reef facts [Internet], available at: http://www.gbrmpa.gov.au/the-reef/reef-facts [accessed 27 October 2020].

4 A permit is a document issued by the managing agencies which details the permission(s) granted. A permit may include one or more permissions.

5 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, paragraph 16.

6 Great Barrier Reef Marine Park Authority, Reef facts [Internet], available at: http://www.gbrmpa.gov.au/the-reef/reef-facts [accessed 27 October 2020].

7 Great Barrier Reef Marine Park Authority, Biodiversity [Internet], available at: http://www.gbrmpa.gov.au/the-reef/biodiversity [accessed 27 October 2020].

8 United Nations Educational, Scientific and Cultural Organization, World Heritage List: Great Barrier Reef [Internet], available at: https://whc.unesco.org/en/list/154/ [accessed 27 October 2020].

9 Great Barrier Reef Marine Park Authority, Reef facts [Internet], available at: http://www.gbrmpa.gov.au/the-reef/reef-facts [accessed 27 October 2020].

10 The Queensland Government is responsible for the Great Barrier Reef Coast Marine Park established under the Marine Parks Act 2004 (Qld) which covers the area between low and high water marks and the waters within the limits of the State of Queensland (which is out to the three nautical mile limit).

11 The Zoning Plan assigns protective zoning to a range of habitats such as coral reefs, sponge beds, seagrass beds and deep water areas, as well as important dugong habitats and other special or unique sites.

12 Great Barrier Reef Marine Park Authority, Corporate Plan 2020–21, p. 4.

13 Persons who may make an application for a permit include corporate bodies and government agencies.

14 A permit is a document issued by the managing agencies which details the permission(s) granted.

15 The Great Barrier Reef Coast Marine Park is a state marine park that runs the full length of the Commonwealth Great Barrier Reef Marine Park. It provides protection for Queensland tidal lands and tidal waters. The Great Barrier Reef Intergovernmental Agreement 2015 establishes the arrangements between the two governments, including their respective functions and accountabilities.

16 Great Barrier Reef Marine Park Regulations 2019, Part 3, Division 3.

17 Permissions conditions set out how an activity is to be conducted.

18 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, paragraph 16.

19 ibid., Recommendations no. 1–5.

20 ibid., Appendix 1.

21 Joint Committee of Public Accounts and Audit, Report 456: Defence Major Equipment Procurement and Evaluation, and Great Barrier Reef Regulation, 2016, p. xiii.

22 The ANAO’s work program includes a series of performance audits on the implementation of recommendations made by Parliament and the ANAO. The reports published to date are: Auditor-General Report No.6 2019–20 Implementation of ANAO and Parliamentary Committee Recommendations; Auditor-General Report No.46 2019–20 Implementation of ANAO and Parliamentary Committee Recommendations — Education and Health Portfolios; and Auditor-General Report No.34 2020–21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence. The ANAO has also drawn together audit insights on the implementation of recommendations at: www.anao.gov.au/work/audit-insights/implementation-recommendations.

23 The ANAO did not examine GBRMPA’s other regulatory activities, such as field management investigation and enforcement activities associated with: activities not subject to a permit; the state marine park; or permits and licences granted under state legislation.

24 Auditor-General Report No.3 2015–16 Regulation of the Great Barrier Reef Marine Park Permits and Approvals, paragraphs 2.4–2.5 and Recommendation no.1.

25Great Barrier Reef Marine Park Act 1975, sections 64, 64A; Great Barrier Reef Marine Park Regulations 2019, section 236.

26 GBRPMA, Environmental Impact Management - Permission System [Internet], 2019, GBRMPA e-Library Document No. 100430, available from https://elibrary.gbrmpa.gov.au/jspui/handle/11017/3224 [accessed 12 April 2021], pp. 7, 13 and 14.

27 The Commonwealth Great Barrier Reef Marine Park and the Queensland Great Barrier Reef Marine Park (collectively referred to as the marine parks) are jointly managed by the Great Barrier Reef Marine Park Authority (GBRMPA) and the Queensland Department of Environment and Science — collectively referred to as ‘the managing agencies’.

28 Externally published documents examined included 19 documents that came into effect on 4 October 2017. Since October 2017, GBRMPA has developed additional guidelines and checklists to assist applicants, and published a set of example routine permits, as well as information sheets and position statements on a variety of topics relevant to the management of the Reef.

29 The eLibrary is the online digital archive for GBRMPA publications. It can be accessed at https://elibrary.gbrmpa.gov.au/jspui/.

30 This type of document may be subject to uncontrolled edits and cannot be relied upon as current and correct.

31 Thirty internal procedures had been developed in a controlled document template but as they were not approved controlled documents, they were without an allocated document ID or a document custodian or approver. While this lack of approval data does distinguish these documents as not being controlled documents, it leaves them without assurance of the documents’ current status.

32 The Reef Management System (RMS) is the information system used for the management of permits. See paragraph 2.38 to 2.40 and Figure 2.2 for more information on the RMS and GBRMPA’s permit processing systems.

33 GBRMPA advised the ANAO that the free text field available in the RMS for recording assessment approach decisions under section 92 of the Regulations is not a mandatory field in the system, with delegates recording notes ‘at their discretion’.

34 For example, a referral may be made to the Permit Compliance team to check an applicant’s compliance history.

35 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, Recommendation no.1(b).

36 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, Recommendation no.2(b).

37 The privacy training is not mandated under this policy.

38 The RMS is also used to manage environmental management charge (EMC) requirements. The EMC is a charge associated with most commercial activities, including tourism operations, non-tourist charter operations, and facilities, operating under a permit issued by GBRMPA. See Part VA of the GBRMP Act and Part 13 of the Regulations.

39 Permit-related information includes current permits, current applications, applications open for public comment, recent decisions and archived decisions. See https://www.gbrmpa.gov.au/access-and-use/permits/current-permit-application-and-decisions.

40 This sample timeframe was chosen as amendments to the Regulations and the new online application system (Permits Online), along with a suite of updated policies, guidelines and checklists were released and came into effect on 4 October 2017. A sample was taken from a total of 1343 applications received in this period.

41 Three acknowledgement letters, one native title notification and one company check.

42Public Governance, Performance and Accountability Act 2013, paragraph 15(1)(a).

43 ibid., section 8.

44 The Auditing and Assurance Standards Board is a non-corporate Commonwealth entity of the Australian Government, responsible for developing, issuing and maintaining auditing and assurance standards; Auditing and Assurance Standards Board, Standard on Assurance Engagements ASAE 3500 Performance Engagements, 2017.

45 As part of undertaking fieldwork for Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals a stakeholder consultation process was conducted (refer to paragraphs 3.31–3.32 of Report No.3 2015–16). For this follow-up audit stakeholders were able to provide input via the citizen contribution facility available on the ANAO website. No contributions were received.

46 Following the changes implemented in October 2017, the tailored assessment process is the equivalent of a non-routine assessment.

47 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, paragraph 3.29. During this follow-up audit, an error was identified in Report No.3 2015–16. Paragraph 3.29 incorrectly referred to GBRMPA requiring up to 90 days to complete assessments of 15 of the 63 applications (23.8 per cent). The correct number of applications requiring up to 90 days to complete assessments is 13 of the 63 applications (20.6 per cent).

48 Joint Committee of Public Accounts and Audit, Report 456: Defence Major Equipment Procurement and Evaluation, and Great Barrier Reef Regulation, 2016, p. xiii.

49 This replaced the target timeframes in place during the previous audit as described in paragraph 2.51.

50 The EMG consists of the Chief Executive Officer and three Senior Executive Service Band 1 general managers from three branches: Reef Strategy; Reef Protection; and Corporate Services.

51 As noted in paragraph 2.43, the relevant date fields in the RMS were not always completed during the assessment process, leading to incomplete data for some of the timeframe targets.

52 Efficiency is a measure of the amount of resources used (inputs) over the number of applications processed (outputs). Timeliness is a measure of applications processed (outputs) over total time taken (time).

53 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, paragraphs 3.7–3.9, 3.14–3.19.

54 Some considerations may not be relevant to certain applications. For example, consideration under subsection 103(k) is relevant for applications that also require an approval under the Environment Protection and Biodiversity Conservation Act 1999.

55 GBRMPA assessment templates are the basis for developing the document provided to the delegate that assess the permit application. Assessment templates relate to the type of application (routine or tailored) and the activities covered by the application.

56 GBRMPA updated and finalised these two templates in April 2021.

57 This procedure applies to the Commonwealth Great Barrier Reef Marine Park and the Queensland Great Barrier Reef Coast Marine Park (collectively referred to as the marine parks). The marine parks are jointly managed by the Great Barrier Reef Marine Park Authority (the Authority) and the Queensland Department of Environment and Science — collectively referred to as ‘the managing agencies’. The procedure is publicly available at https://elibrary.gbrmpa.gov.au/jspui/handle/11017/3231.

58 See Part VI, Division 3 of the GBRMP Act. The delegation instrument limits the exercise of these powers or functions to staff whose section has the relevant administrative responsibility and, for APS 2 to 4 employees, ‘to the extent that the exercise of those powers or the performance of those functions involves routine administrative functions’.

59 This is due to training records being held in systems that do not support reliable reporting or in uncontrolled spreadsheets.

60 Permit: A document issued by the managing agencies which details the permission(s) granted by the managing agencies. A permit may include one or more permissions.

Permission: Written approval to enter or use the Marine Park for a specific purpose, in cases where this is required by the Great Barrier Reef Marine Park Zoning Plan 2003 and Marine Parks (Great Barrier Reef Coast) Zoning Plan 2004.

Condition: set out how an activity is to be conducted. Conditions can also require action by the permit holder, such as the submission of information to GBRMPA.

61 Routine permits are issued without change. A routine permit may be issued for certain activities assessed as low risk if they are conducted in a specified manner defined by standard conditions.

62 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, Recommendation no. 3.

63 Recommendations were not recorded for the other 31 conditions.

64 The Joint Streamlining Permissions Steering Committee is responsible for oversight of the implementation of identified risk-based permissions system improvements. Membership is at the SES Band 1 and EL2 level with representatives from both GBRMPA and the Queensland Department of Environment and Science.

65 Standard conditions are documented in assessment templates stored on GBRMPA’s electronic records system. There is no central register of standard conditions. The specific number of standard conditions in scope changes over time as standard conditions are added, removed or amended.

66 The Field Management Strategy Group and Field Management Operations Group provide oversight of and support to the Joint Field Management Program respectively. Membership of each committee is comprised of officers from both GBRMPA and QPWS&P. The Field Management Strategy Group also includes a member from Queensland Department of Premier and Cabinet.

67 The annual operating plan is a companion document to the corporate plan.

68 The reporting tool used does not enable a view of content from previous quarters as new content overrides earlier content. This means progress throughout the year cannot be tracked through the reporting tool. Record-keeping of extracts from the reporting tool stored elsewhere on GBRMPA’s systems is incomplete.

69 GBRMPA uses three colours to give an indication of the current status of the project. Green indicates that ‘output is progressing as planned’; yellow indicates that ‘output has issues or risks beyond project team’ (this requires action by a Director or General Manager); and red indicates that ‘output is in danger of not being achieved’ (this requires action by the Executive Management Group or Chief Executive Officer).

70 Auditor-General Report No.3 2015–16, Regulation of Great Barrier Reef Marine Park Permits and Approvals, Chapter 6.

71 ibid., Appendix 1: Response from the Great Barrier Reef Marine Park Authority.

72 Australian National Audit Office, Audit Insights: Administering Regulation [Internet], 14 January 2021, available from https://www.anao.gov.au/work/audit-insights/administering-regulation [accessed 1 March 2021]; Australian National Audit Office, Audit Insights: Insights from Reports Tabled October to December 2018 [Internet], 7 March 2019, available from https://www.anao.gov.au/work/audit-insights/insights-reports-tabled-october-to-december-2018 [accessed 1 March 2021].

73 Auditor-General Report No.3 2015–16, Regulation of Great Barrier Reef Marine Park Permits and Approvals, Chapters 5, 6 and 7.

74 Two of the six plans were selected for this analysis. These were the 2015–16 and 2019–20 plans.

75 This is presented as an allocation of full time equivalents (FTE) to categories of risk treatments. For example, in 2019–20, all risk treatments associated with investigations were assigned 0.43 FTE. There is no further detail on staffing allocated, such as the level or skillsets of the FTE required for the roles.

76 Other resourcing could include funding or the equipment required to deliver permission monitoring and compliance treatments or activities conducted by other business areas such as the Field Management Compliance Unit.

77 Australian National Audit Office, Audit Insights: Implementation of Recommendations [Internet], 2019, available from https://www.anao.gov.au/work/audit-insights/implementation-recommendations [accessed 25 February 2021].

78 Public Governance, Performance and Accountability Rule 2014, section 17.

79 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, Chapters 5 and 6.

80 Post-approval reporting requirements apply to permissions conditions. They may include that permit holders obtain GBRMPA approval before undertaking permitted activities; inform or submit documents to GBRMPA; provide information to GBRMPA on request; or involve third parties.

81 The ANAO examined post-approval reporting requirements against individual permissions in the RMS. The analysis identified 33 per cent of requirements (351 out of 951) were recorded as not being met as at 18 January 2021. In response, GBRMPA undertook subsequent analysis of post-approval reporting requirements against permits (which may include multiple permissions). GBRMPA’s analysis indicates that 17 per cent of requirements (54 out of 312) were recorded as not being met as at February 2021.

82 These requirements are established under the Public Governance, Performance and Accountability Act 2013, the Public Governance, Performance and Accountability Rule 2014, and accompanying guidance issued by the Department of Finance.

83 Department of Finance, Resource Management Guide No. 132: Corporate plans for Commonwealth entities, Department of Finance, Canberra, February 2020, p. 11.

84 GBRMPA Corporate Plan 2020–2021, p. 4.

85 ibid.

86 A key activity is a distinct, significant program or area of work undertaken by an entity to assist in achieving the entity’s purposes.

87 This audit did not analyse the activities and performance criterion presented for ‘Program Area 1: Enhancing Reef resilience by providing expert knowledge to advise key decision makers on managing, reducing or avoiding significant threats to the Reef’; ‘Program Area 3 Enhancing Reef resilience through partnerships, collaboration and education’; and ‘Program Area 4: Supporting a high performing organisation’ in GBRMPA’s Corporate Plan 2020–21 as they are outside the scope of the audit.

88 GBRMPA defines delivery strategies as the ‘primary, high-level strategies for achieving the corporate results, including major projects, plans, systems and programs’; GBRMPA Corporate Plan 2020–2021, p. 29.

89 Auditor-General Report No.14 2019–20 Commonwealth Resource Management Framework and the Clear Read Principle.

90 Public Governance, Performance and Accountability Rule 2014, section 16EA.

91 Public Governance, Performance and Accountability Rule 2014, subsection 16EA(a).

92 These six indicators are: reducing regulatory burden; communication; risk-based approaches; streamlined and coordinated monitoring; transparency; and continuous improvement.

Department of the Prime Minister and Cabinet, Regulator Performance Framework [Internet], October 2014, available from https://www.pmc.gov.au/resource-centre/regulation/regulator-performance-framework [accessed 26 February 2021].

93 Great Barrier Reef Marine Park Authority, Regulator Performance Framework Self-assessment 2015-16 [Internet], 2017, available from https://elibrary.gbrmpa.gov.au/jspui/handle/11017/3114 [accessed 27 February 2021].

94 In March 2021, the Department of Finance released advice that, from 1 July 2021, entities with regulatory functions will no longer be required to produce a standalone performance report under the Regulator Performance Framework. Regulator performance reporting will be incorporated into an entity’s reporting processes as required under the PGPA Act and PGPA Rule.

95 This report is compiled by the Field Management Compliance Unit and is primarily focussed on compliance issues related to non-permitted activities (such as fishing in a protected area).

96 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, Recommendation no.5(a) and (b).

97 The FMCU is funded under the Joint Field Management Program. It comprises officers from GBRMPA and Queensland Parks and Wildlife Service and Partnerships (QPWS&P) within the Queensland Department of Environment and Science. The FMCU coordinates and undertakes investigation and enforcement activities in the Great Barrier Reef World Heritage Area. The FMCU is responsible for responding to compliance issues related to non-permitted activities (such as fishing in a protected area).

98 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, paragraph 15.

99Great Barrier Reef Marine Park Act 1975, section 43.

100 As part of Recommendation no.5 of Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, the ANAO recommended that GBRMPA should reinforce to staff the need for all instances of non-compliance by permit holders to be reported and recorded in relevant systems.

101 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, paragraphs 7.14–7.15, 7.37–7.39.

102 A total of 1109 allegations were recorded in six spreadsheets. As noted in paragraph 4.24, GBRMPA has acknowledged that there are inconsistencies including completeness issues in its data relating to allegations of permissions non-compliance.

103 Between 2015 and February 2021, GBRMPA managed permissions non-compliance allegations in a series of spreadsheets. In February 2021, the data from these spreadsheets was migrated into the RMS Compliance module.

104 GBRMPA has retained the spreadsheets as its historical records of allegations investigated.

105 Australian National Audit Office, Audit Insights: Administering Regulation [Internet], 14 January 2021, available from https://www.anao.gov.au/work/audit-insights/administering-regulation [accessed 1 March 2021].

106 GBRMPA annual reports: 2015–16, Table 3; 2016–17, Table 5; and 2017–18, Table 5.

107 Reporting on infringement notices, directions, investigations and briefs of evidence submitted to the Commonwealth Director of Public Prosecutions is undertaken by the Field Management Compliance Unit. Reporting does not clearly distinguish between actions taken in response to permissions non-compliance and non-permit related activities.

108 Analysis of GBRMPA’s performance against its service charter is at paragraphs 2.56 to 2.57.

109 Australian National Audit Office, Audit Insights: Administering Regulation [Internet], 14 January 2021, available from https://www.anao.gov.au/work/audit-insights/administering-regulation [accessed 1 March 2021].

110 Under subsection 48A(3) of the GBRMP Act, the Minister for the Environment may enter into an agreement with an appropriate Minister of Queensland in relation to officers or employees of Queensland or an authority of Queensland for the purpose of allowing powers or functions to be delegated or sub-delegated under section 47 of the Act.

111 The delegation instrument assigns legislative powers to an employee’s level. Refer to paragraph 2.76.

112 User profiles determine the compliance actions that the user can approve.

113 Auditor-General Report No.3 2015–16 Regulation of Great Barrier Reef Marine Park Permits and Approvals, paragraph 39.

114 Australian National Audit Office, ANAO Audit Manual [Internet], 28 August 2020, available from https://www.anao.gov.au/work/audit-manual/pasg-specific [accessed 12 March 2021], sections 216, 217 and 220.

115 Retained records of decisions are generally free text comments in spreadsheets or emails. There is no control over what kind of comments are entered in the allegations spreadsheet.