Audit snapshot

Why did we do this audit?

  • Effective arrangements to detect and respond to non-compliance with biosecurity requirements are necessary to manage the risk of plant and animal pests and diseases entering Australia.

Key facts

  • In June 2016, the Australian Government introduced a new biosecurity legislative framework, including the Biosecurity Act 2015, to manage biosecurity risks in Australia.
  • The Act contains a number of biosecurity requirements, including: not importing prohibited goods; complying with specified conditions when importing goods or undertaking approved biosecurity risk management activities; and providing accurate information about incoming goods, people and vehicles.
  • The Australian Government has primary responsibility over biosecurity matters relating to the national border, with states and territories responsible for biosecurity within their borders.

What did we find?

  • The Department of Agriculture, Water and the Environment’s arrangements to respond to non-compliance with biosecurity requirements are largely inappropriate.
  • The department’s compliance framework is largely inappropriate.
  • There is no framework to assess risk across the entire biosecurity system and target regulatory actions accordingly.
  • Arrangements to detect non-compliance are partially appropriate, but departmental estimates indicate undetected non-compliance is increasing.
  • The use of regulatory tools in response to non-compliance is partially effective.
  • The department does not use the full suite of available regulatory tools.

What did we recommend?

  • The Auditor-General made eight recommendations to the department.
  • The department agreed to all eight recommendations, with a request to extend the timeframe for implementation of two recommendations.

67.3 million

Recorded items of cargo imported to Australia in 2020.

38,200

Estimated air travellers entering Australia with undetected high risk biosecurity material in first nine months of 2019–20.

14%

Proportion of infringement notices issued to air travellers up to April 2018 identified as invalid by the department.

Summary and recommendations

Background

1. In June 2016, the Australian Government introduced a new biosecurity legislative framework, including the Biosecurity Act 2015 (the Act), to manage biosecurity risks in Australia. Under the Act, biosecurity risk is defined as the likelihood of pests and diseases entering, establishing or spreading in Australian territory and causing harm to animal, plant and human health, the environment and the economy.

2. The Act contains a number of requirements that entities1 travelling or bringing goods to Australia must comply with. These include: entering Australia through designated areas; providing accurate information about goods or entities entering Australia; not bringing prohibited goods to Australia; and complying with specified conditions when importing goods or undertaking approved biosecurity risk management activities.

3. The Act provides a range of regulatory tools to manage non-compliance with these requirements. These tools are designed to enable efficient and effective management of non-compliance, targeted to the level of risk.2 Tools available to respond to non-compliance include monitoring and investigation powers, engagement and education, administrative actions (such as varying, suspending or revoking permissions), civil sanctions and criminal prosecution.

4. Non-compliance with biosecurity requirements must be managed across a range of routes, known as pathways, through which pests and diseases may enter Australia. These include cargo, travellers, mail, conveyances and approved arrangements.3

Rationale for undertaking the audit

5. In the face of rising biosecurity risks due to increasing global trade and travel (prior to the COVID-19 pandemic), effective arrangements to respond to non-compliance with biosecurity requirements are necessary to manage the risk of plant and animal pests and diseases entering Australia. This audit will provide assurance over the establishment of an effective risk-based approach to respond to non-compliance while minimising the impact on compliant entities, and over the effective implementation of the regulatory tools available to manage non-compliance under the Act.

6. This audit topic was identified as an audit priority for 2019–20 by the Joint Committee of Public Accounts and Audit, the House Standing Committee on Agriculture and Water Resources and the Senate Rural and Regional Affairs Committee.

Audit objective and criteria

7. The objective of the audit was to assess the Department of Agriculture, Water and the Environment’s (the department’s) effectiveness in responding to non-compliance with plant and animal biosecurity requirements.

8. To form a conclusion against the audit objective, the following criteria were adopted.

  • Has an appropriate compliance framework been established?
  • Are there appropriate arrangements to detect non-compliance?
  • Is the use of regulatory tools in response to non-compliance effective?

Conclusion

9. The department’s arrangements to respond to non-compliance with biosecurity requirements are largely inappropriate. In the absence of frameworks, plans or targets to determine the desired outcomes of its regulation, the department is unable to demonstrate that its response to non-compliance is effective at managing biosecurity risks.

10. The department’s compliance framework is largely inappropriate to support its response to non-compliance with biosecurity requirements.

11. Arrangements to detect non-compliance are partially appropriate. The targeting of detection activities is not supported by a framework to allocate resources to pathways or emerging threats proportionately to risk, but there are partially appropriate processes to target individual items and entities within pathways. Key limitations to procedures, systems and the conduct of detection activities prevent them from fully supporting the detection of non-compliance. Departmental estimates indicate that some detection activities may have become more effectively targeted, but that undetected non-compliance is increasing.

12. The use of regulatory tools in response to non-compliance is partially effective. The department does not effectively use the full suite of regulatory tools available and is not able to clearly demonstrate that the use of these tools supports the management of biosecurity risk.

Supporting findings

Compliance framework

13. Intelligence is not gathered and managed effectively. There is no strategy or procedural guidance to support the gathering and management of intelligence. Information from the department’s regulatory activities is subject to data quality issues and cannot easily be integrated between systems. Information is gathered from other agencies on individual issues, but there have been issues in collecting broader datasets. Strategic intelligence products do not use internal information and have not informed the approach to managing non-compliance.

14. There is no established framework for assessing and managing risk across the biosecurity system. While there are some processes to assess and manage risks for individual pathways, these are subject to key limitations.

15. The approach to managing biosecurity compliance is not supported by appropriate plans. There is no current plan to guide the department’s biosecurity regulation, and the department is unable to demonstrate it has effectively implemented key reform plans.

16. Partially appropriate arrangements have been established with partner agencies. Agreements are in place with all key agencies, though scheduled reviews have not been completed. Communication arrangements have been established to facilitate coordination and information sharing. There are no documented arrangements to identify shared risks or establish how they are managed between agencies.

17. An appropriate performance framework has not been established. External performance measures do not provide information on the effectiveness of the department’s regulation of biosecurity. Internal performance measures have only been established to measure the effectiveness of two out of five biosecurity pathways, and the department was unable to demonstrate their use to inform its regulatory approach.

Detection activities

18. There are no documented arrangements to ensure the resources allocated to different pathways or threats are proportionate to the risk posed. There are arrangements within each pathway to target detection activities at the level of risk of individual items, although limitations in their implementation prevent detection activities from being fully targeted at risk.

19. Procedures and systems partially support the detection of non-compliance. Instructional material has not all been reviewed and there are limitations to its accessibility. Some information systems have been identified as not meeting regulatory requirements, but have not yet been replaced or upgraded. Frameworks to determine and deliver training requirements have not been fully completed and records do not demonstrate that legislative training requirements have been met.

20. Detection activities are partially conducted in accordance with legislative and procedural guidance. Frameworks to verify and provide assurance over detection activities have not been fully implemented. There are ongoing issues with record keeping and random inspections, but these have improved for some pathways. Records indicate that travellers with declared or inspected risk material are being incorrectly released, although incorrect release rates have improved for mail.

21. The department does not have a framework to determine whether detection activities are effective. Available records indicate that some detection activities may have become more effectively targeted at non-compliance. However, departmental records indicate the amount of undetected biosecurity risk material entering Australia is increasing.

Actions taken in response to non-compliance

22. Procedures and systems partially support the use of regulatory tools. There are not procedures and systems for all available regulatory tools.

23. The timeliness and proportionality of actions taken in response to non-compliance is variable. The department does not utilise the full range of regulatory tools available, limiting its ability to tailor its actions to risk.

24. The use of regulatory tools is not fully consistent with legislative and procedural requirements. This has prevented some potential administrative actions and civil sanctions from progressing.

25. The department has not established arrangements to allow a full assessment of whether actions taken in response to non-compliance effectively manage biosecurity risk. Available records indicate that some actions taken in response to non-compliance are not effective.

26. The department has not completed intended evaluation of the benefits of new regulatory tools under the Biosecurity Act 2015. The department reviewed the enforceability of its use of regulatory tools in 2019, finding that the effectiveness of its regulatory systems was significantly impeded. Key issues from the review have not yet been fully addressed.

Recommendations

Recommendation no. 1

Paragraph 2.27

The Department of Agriculture, Water and the Environment implement a strategy and accompanying procedural guidance for its use of intelligence in regulating biosecurity by 1 July 2022. The strategy and guidance should establish how intelligence needs will be identified and prioritised, how information will be obtained to meet those needs, and how intelligence products will support the range of decisions made by the department.

Department of Agriculture, Water and the Environment response: Agreed.

Recommendation no. 2

Paragraph 2.55

The Department of Agriculture, Water and the Environment implement a framework to assess and manage risk across the entire biosecurity system by 1 July 2022. The framework should include, for all components of the biosecurity system: processes to assess both the consequences and likelihood of non-compliance; risk tolerances; review arrangements; and arrangements to escalate, communicate and prioritise risks.

Department of Agriculture, Water and the Environment response: Agreed.

Recommendation no. 3

Paragraph 2.59

The Department of Agriculture, Water, and the Environment implement and publish a planning framework by 1 July 2022 to establish its: approach to biosecurity regulation; long-term strategic goals and approach to achieving them; and regulatory focuses for each year.

Department of Agriculture, Water and the Environment response: Agreed.

Recommendation no. 4

Paragraph 2.68

The Department of Agriculture, Water and the Environment implement improved governance arrangements for information system developments by 1 July 2022, to:

  • identify and prioritise system redevelopment needs;
  • align and coordinate IT redevelopment projects occurring separately to provide the greatest collective benefit; and
  • improve project reporting to monitor projects against the intended benefits set out at project commencement.

Department of Agriculture, Water and the Environment response: Agreed.

Recommendation no. 5

Paragraph 2.93

The Department of Agriculture, Water and the Environment establish a performance framework for its biosecurity regulation by 1 July 2022. The framework should:

  • include internal and external measures of effectiveness and efficiency for each biosecurity pathway and the biosecurity system as whole;
  • identify how performance measures will be used to inform the department’s regulation;
  • ensure staff and executive training is undertaken on the requirements of the Commonwealth performance framework; and
  • establish how information management issues will be managed to ensure appropriate performance information is available.

Department of Agriculture, Water and the Environment response: Agreed.

Recommendation no. 6

Paragraph 3.43

The Department of Agriculture, Water and the Environment implement, by 1 July 2022, a framework to ensure the resources allocated to pathways and threats is proportionate to the level of risk. This should align with the risk assessment framework in Recommendation no.2, and should contain arrangements for periodic review.

Department of Agriculture, Water and the Environment response: Agreed, with request to extend timeframe implementation to 30 June 2023.

Recommendation no. 7

Paragraph 4.80

The Department of Agriculture, Water and the Environment implement a framework to support the effective use of the full suite of available regulatory tools by 1 July 2022, including:

  • policies, procedures and supporting documentation for all available regulatory tools;
  • arrangements to ensure regulatory tools are used in a way that is enforceable and consistent with procedural and legislative requirements; and
  • arrangements to evaluate, monitor and report on whether the use of regulatory tools is effectively and efficiently managing biosecurity risk (this should align with the performance measurement framework outlined in Recommendation no.5).

Department of Agriculture, Water and the Environment response: Agreed, with request to extend timeframe implementation to 30 June 2023 for point 3.

Recommendation no. 8

Paragraph 4.81

The Department of Agriculture, Water and the Environment put in place governance arrangements, by 1 July 2022, to ensure that once agreed audit recommendations are implemented, the processes that have been implemented are reviewed and updated at agreed intervals, to ensure they remain fit-for-purpose over time.

Department of Agriculture, Water and the Environment response: Agreed.

Summary of Department of Agriculture, Water and the Environment response

The Department of Agriculture, Water and the Environment (the department) welcomes the findings of the Australian National Audit Office report titled Responding to non-compliance with biosecurity requirements.

Australia’s current biosecurity system has served our country well. It has been instrumental in successfully protecting our $53 billion agriculture export industries, our unique environment, native flora and fauna, our tourism industries, and our lifestyle from threats including African Swine Fever, Foot and Mouth Disease and hitchhiker pests such as Khapra Beetle and Brown Marmorated Stink Bug.

The biosecurity system must continue to evolve to enable appropriate management of new and emerging threats both domestically and globally. In this context, the department recognises there is a need to mature our regulatory capability to meet new and emerging challenges. Substantial progress has been made to implement a suite of regulatory practice improvements, and the federal government’s 2021–22 budget biosecurity package will further support the department to enhance its biosecurity functions including its compliance program.

The department agrees with all 8 recommendations of the audit report and is already pursuing their implementation. The department notes that there are dependencies between the recommendations which may mean that it is not feasible to complete the implementation of all recommendations in line with the Auditor-General’s suggested timeline.

Key messages from this audit for all Australian Government entities

Below is a summary of key messages which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Governance and risk management

Program implementation

Performance and impact measurement

1. Background

Introduction

1.1 Australia’s pest and disease status supports healthy ecosystems, agricultural productivity and access to premium trade markets.

1.2 Biosecurity risks are, however, increasing. The volume of people, mail and cargo entering Australia was expected to nearly double from 2015 to 2030 (prior to the COVID-19 pandemic), and the rate at which pests and diseases spread between countries is increasing.4 This has resulted in an increased number of pests and diseases reaching Australia.5

1.3 In recent years, Australia has experienced a number of plant and animal pest and disease outbreaks, such as Panama disease affecting bananas, fall armyworm affecting up to 350 plant species6, and white spot disease affecting prawns.7 Current risks to Australia include the potential incursion of species such as Giant African Snails, diseases such as African swine fever, and the risk of disease outbreak through introduced species such as the Asian honeybee.8

1.4 In 2020, the Centre of Excellence for Biosecurity Risk Analysis estimated that without any biosecurity intervention, newly introduced pests and diseases would cause $672 billion in damages to Australia over the next 50 years.9 Effective biosecurity measures are important to protect Australia’s pest and disease status, and therefore prevent economic impacts as well as damage to Australian ecosystems and communities.

The Biosecurity Act 2015

1.5 In June 2016, the Australian Government introduced a new biosecurity legislative framework, including the Biosecurity Act 2015 (the Act). Under the Act, biosecurity risk is defined as the likelihood of pests and diseases entering, establishing or spreading in Australian territory and causing harm to animal, plant and human health, the environment and the economy.

1.6 To manage the risk of pests and diseases entering Australia, the Act contains a number of requirements that entities10 travelling or bringing goods to Australia must comply with. The requirements include:

  • entering Australia through designated areas;
  • providing accurate information about goods or entities entering Australia;
  • not bringing prohibited goods to Australia; and
  • complying with specified conditions when importing certain goods or undertaking approved biosecurity risk management activities.

1.7 The Department of Agriculture, Water and the Environment (the department) is responsible for administering the Act, including managing non-compliance with biosecurity requirements. The department’s focus is on matters relating to the national border, with states and territories responsible for biosecurity activities within their borders.11

1.8 The Act provides a range of regulatory tools designed to enable efficient and effective management of non-compliance with biosecurity requirements, targeted to the level of risk.12 Tools available to respond to non-compliance include monitoring and investigation powers, engagement and education, administrative actions (such as varying, suspending or revoking permissions), civil sanctions and criminal prosecution.

Biosecurity regulation

1.9 The department manages non-compliance with biosecurity requirements relating to the national border across multiple routes (known as ‘pathways’) through which pests or diseases may enter Australia. Table 1.1 provides a summary of the five primary pathways and the department’s regulatory activities in those pathways.

Table 1.1: Biosecurity pathways and their regulation

Pathway

Description

Regulatory activities

Cargo

Air and sea cargo, including containerised, bulk and break-bulk cargo.a

Imported goods are required to comply with specified conditions, and some goods are prohibited entirely. The department inspects selected import documentation and incoming cargo for biosecurity risk material.

Travellers

Air and sea travellers arriving from overseas.

Travellers are required to declare certain biosecurity risk material. The department screens selected travellers and their belongings for biosecurity risk material.

Mail

International letter and non-letter class mail.b

The department screens selected incoming international mail for biosecurity risk material.

Conveyances

Sea vessels and aircraft arriving from overseas.

The department requires conveyancesc to enter Australia through certain points and provide information about their potential biosecurity risk. The department inspects selected conveyances and their documentation for potential biosecurity risks.

Approved arrangements

Arrangements through which biosecurity industry participants are accredited to manage biosecurity risks on behalf of the department, in accordance with specified conditions. This includes unloading cargo and goods, checking documentation, and holding and disposing of biosecurity risk material.

The department requires biosecurity industry participants to carry out their activities in accordance with the terms of their arrangement. It inspects approved arrangement sites and activities for compliance with arrangements and for biosecurity risk material.

     

Note a: Containerised cargo is transported in shipping containers. Break-bulk is a commodity loaded in individual packages that are not in shipping containers, such as drums of oil or bags of coffee. Bulk cargo is an unpackaged commodity that is transported in the hold in large quantities, such as fuel, coal or iron ore.

Note b: Letter class mail includes items such as letters, postcards, brochures, books and magazines. Non-letter class is further split into parcels, express mail and other articles.

Note c: Conveyances are vehicles used to transport goods and entities to Australia.

Source: ANAO based on Department of Agriculture, Water and the Environment information.

1.10 To manage Australia’s animal and plant health status and protect it from the impact of exotic pests and diseases, the department was allocated $776.8 million (this includes funding for activities where costs are recovered from entities) and an average staffing level of 3738 in 2020–21.13 This funding and staffing includes aspects of the department’s work beyond managing biosecurity non-compliance, including responding to biosecurity outbreaks, export assistance, and research into biosecurity and plant and animal health.

Previous reviews

1.11 Australia’s approach to biosecurity management has been the subject of several major reviews, which are summarised in Table 1.2. A common theme identified across reviews is that reform and continued improvement is required to ensure biosecurity management remains effective in the future.

Table 1.2: Major reviews of Australia’s management of biosecurity

Review

Summary

One Biosecurity – A Working Partnership, 2008

Concluded that while Australia operates a good biosecurity system that had worked well in the past, the system was ‘far from perfect’ and required ‘far-reaching change’ to rectify problems and enhance positive system aspects.a

Recommended reforms to the biosecurity system, including to: adopt a risk-return approach to allocating resources across the biosecurity continuum; establish a single national biosecurity authority; sharing responsibility with states and industry; and improve system quality assurance.

The review led to the development of the Biosecurity Act 2015, the establishment of the Inspector-General of Biosecurity, and the consolidation of the Australian Quarantine and Inspection Service and Biosecurity Australia.

Auditor-General Report No.34 2016–17 Implementation of the Biosecurity Legislative Framework

Found that the department had effectively supported the early stages of the implementation of the Biosecurity Act 2015 and associated legislation, noting that there was scope to review the approach to assessing the benefits to be derived from the new legislative framework.b

Priorities for Australia’s biosecurity system, 2017

Reviewed the implementation and effectiveness of the Intergovernmental Agreement on Biosecurity 2012, finding that challenges facing the national biosecurity system were continuing to increase.c

Made 47 recommendations, including to: establish a systematic approach to determining and planning for priority pests and diseases; improve information sharing between governments; and improve performance measurement and accountability.

Auditor-General Report No.23 2018–19 Northern Australia Quarantine Strategy – Follow-on Audit

Examined the implementation of recommendations from Parliament and Auditor-General Report No. 46 2011–12 to improve the effectiveness of the administration of the Northern Australia Quarantine Strategy.d Found that recommendations had been progressed but not fully implemented, including in relation to quality assurance processes, data analysis, clearly articulating objectives, and developing and analysing performance information.

Australia’s Biosecurity Future, 2020

Concluded that while Australia has one of the strongest biosecurity systems globally, outbreaks are continuing to rise in volume and complexity.e Stated that scaling current approaches will not be enough to mitigate these growing risks, and that system transformation is required.

Inspector-General of Biosecurity reports, 2009–present

The Inspector-General of Biosecurity provides assurance to the executive government over Australia’s biosecurity risk management systems through independent evaluation and verification. The Inspector-General has recommended improvements to the biosecurity system, including in dealing with non-compliance.

   

Note a: R Beale, J Fairbrother, A Inglis and D Trebeck, One Biosecurity – A working partnership, 2008. p. ix.

Note b: Auditor-General Report No.34 2016–17 Implementation of the biosecurity legislative framework, p. 8.

Note c: W Craik, D Palmer and R Sheldrake, Priorities for Australia’s biosecurity system, 2017, p. 1.

Note d: The Northern Australia Quarantine Strategy was established to provide an early warning system for exotic pest and disease detections across northern Australia and address biosecurity risks facing the region.

Note e: Commonwealth Scientific and Industrial Research Organisation, Australia’s Biosecurity Future, 2020, pp. ii–iii.

Source: ANAO based on publically available information.

Rationale for undertaking the audit

1.12 In the face of rising biosecurity risks due to increasing global trade and travel (prior to the COVID-19 pandemic), effective arrangements to respond to non-compliance with biosecurity requirements are necessary to manage the risk of plant and animal pests and diseases entering Australia. This audit will provide assurance over the establishment of an effective risk-based approach to respond to non-compliance while minimising the impact on compliant entities, and over the effective implementation of the regulatory tools available to manage non-compliance under the Act.

1.13 This audit topic was identified as an audit priority for 2019–20 by the Joint Committee of Public Accounts and Audit, the House Standing Committee on Agriculture and Water Resources and the Senate Rural and Regional Affairs Committee.

Audit approach

Audit objective, criteria and scope

1.14 The objective of the audit was to assess the department’s effectiveness in responding to non-compliance with plant and animal biosecurity requirements.

1.15 To form a conclusion against the audit objective, the following criteria were adopted.

  • Has an appropriate compliance framework been established?
  • Are there appropriate arrangements to detect non-compliance?
  • Is the use of regulatory tools in response to non-compliance effective?

1.16 The scope of the audit focused on the department’s arrangements to identify and respond to non-compliance with plant and animal biosecurity requirements. This included: planning, intelligence, risk assessment, performance measurement, the conduct of detection activities, and the use of regulatory tools in response to identified non-compliance.

1.17 The audit scope did not include: human biosecurity activities (including in relation to the COVID-19 pandemic), or other biosecurity activities such as responding to pest and disease outbreaks, granting permits, cost recovery, and determining what can be imported to Australia.

Audit methodology

1.18 The audit methodology included examination of departmental documentation, policies and records, control testing over information systems, and interviews with departmental staff.

1.19 The audit was conducted in accordance with ANAO auditing standards at a cost to the ANAO of $613,301.

1.20 The team members for this audit were Jacqueline Hedditch, Isaac Gravolin, Sam Khaw, Ben Thomson, Corne Labuschagne and Michael White.

2. Compliance framework

Areas examined

This chapter examines whether the Department of Agriculture, Water and the Environment (the department) has established an appropriate compliance framework to support its response to non-compliance with biosecurity requirements.

Conclusion

The department’s compliance framework is largely inappropriate to support its response to non-compliance with biosecurity requirements.

Areas for improvement

The ANAO made five recommendations in relation to: establishing an intelligence strategy and procedural guidance; implementing a risk assessment framework; establishing a biosecurity planning framework; improving governance arrangements for information system development; and establishing a performance measurement framework.

The ANAO also suggested that strategic intelligence products should use a range of information sources, and that agreements with partner agencies should be reviewed and updated.

2.1 A compliance framework is a set of plans, policies or procedures that establish the approach taken to manage compliance. An appropriate compliance framework assists regulators to gather and use intelligence, target their efforts at the areas of highest risk of non-compliance, and plan for and measure their achievement of objectives.

2.2 To assess whether the department has established an appropriate compliance framework, the ANAO examined whether:

  • intelligence is gathered and managed effectively;
  • there is an appropriate framework to identify and manage risks;
  • the approach to managing compliance is supported by appropriate plans and strategies;
  • there are appropriate arrangements with partner agencies; and
  • an appropriate performance framework has been established.

Is intelligence gathered and managed effectively?

Intelligence is not gathered and managed effectively. There is no strategy or procedural guidance to support the gathering and management of intelligence. Information from the department’s regulatory activities is subject to data quality issues and cannot easily be integrated between systems. Information is gathered from other agencies on individual issues, but there have been issues in collecting broader datasets. Strategic intelligence products do not use internal information and have not informed the approach to managing non-compliance.

2.3 Regulatory intelligence involves analysing data and information to generate insights to support the approach to managing non-compliance.14 To be effective, regulatory intelligence should be supported by appropriate plans and policies, appropriate arrangements to collect and store data and information, and be analysed and distributed in a way that meets decision-makers’ needs.

Intelligence plans, policies and procedures

2.4 The department does not currently have finalised plans, policies or procedures for gathering or managing biosecurity intelligence, though some supporting documentation has been recently completed.15 This limits assurance that intelligence is gathered and managed in a way that is consistent with departmental requirements. In addition, the absence of intelligence policies means that the department is not meeting section 2.6 of the Australian Government Investigations Standards16:

Where relevant, agencies should have a policy outlining the use of intelligence in identifying conduct which allegedly, apparently or potentially breaches the law.

2.5 The department commenced or committed to developing an intelligence plan or strategy in 2011, 2013, 2016, 2017 and 2019, including in response to an agreed recommendation from the Interim Inspector-General of Biosecurity.17 This did not result in an implemented intelligence plan or strategy. The department commenced development of a new strategy in 2020, with the strategy in draft as at March 2021.

Information collection

2.6 Collecting regulatory information from a range of reliable sources assists regulators to ensure insights generated from intelligence are accurate. Relevant sources for the department’s biosecurity regulation include information from its own activities and information gathered by other government agencies and biosecurity regulators.

Internally sourced information

2.7 The department captures a range of information from its own activities, including records of identified non-compliances and regulatory actions taken against non-compliant entities. However, the value of this information for intelligence is limited by the quality and structure of data entered into the department’s systems.

2.8 While there are largely appropriate controls in place to ensure the integrity of data once entered into systems, internal documents and reviews indicate that data entered for travellers, mail and cargo is subject to data quality issues. These include missing or incorrect details for: entities18; imported cargo19; detected cargo non-compliances; the reasons, application and results of biosecurity treatments for cargo20; scanned documents21; and infringement notices.

2.9 The department undertakes monthly data reviews for the systems used for managing mail and travellers, to ensure an ‘acceptable level of data integrity and user confidence’.22 The department was unable to provide evidence of any similar approach to quantify or improve data quality for cargo systems, despite the known issues.

2.10 The issues with cargo data quality have impacted the department’s ability to provide timely and accurate intelligence to support the department’s regulation. For example, the department was unable to confirm the identity of an importer of illegal animal hides for ‘almost a month after the import’ due to incorrect information recorded in cargo systems.

2.11 Even where information is accurately entered, its value may be limited by the structure of collected data. Key information (such as reasons for non-compliance and actions taken in response, import permits, and passport numbers) is stored in free-text format, which has resulted in inconsistent formatting and contents, and has prevented analysis.

Externally sourced information

2.12 There are a range of external sources that possess information relevant to the department’s biosecurity compliance activities. In particular, the Department of Home Affairs (Home Affairs) is the primary holder of information about travellers and goods entering Australia. Other potential sources include state and territory biosecurity agencies, and Commonwealth regulatory and enforcement agencies.

Department of Home Affairs

2.13 The department has arrangements to request information from Home Affairs, to automatically transfer some cargo data from Home Affairs to departmental systems, and for officials to access Home Affairs’ systems through the Border Intelligence Fusion Centre.23

2.14 However, the department is currently unable to collect some datasets from Home Affairs, despite both parties committing to a framework for ‘bulk data sharing’.24 This includes datasets on cargo, travellers and mail that were not flagged as being of biosecurity concern or inspected by the department.25 It is also unable to collect datasets on some traveller and mail characteristics, such as country of birth, visa sub-class and mail contents and destinations.

2.15 These datasets have been identified by the department as something that would improve its regulation, including its ability to identify and target non-compliance (see paragraphs 2.44 and 2.49). However, departmental systems are unable to store the information due to its ‘protected’ classification.26 The department has commenced at least four projects since 2017 to work with Home Affairs to collect this information, but these have not yet been successful.

Other Commonwealth agencies and states and territories

2.16 The department collects information from other Commonwealth agencies on individual issues, entities or instances of non-compliance through ad hoc communication channels. This information has been used to gather a more complete intelligence picture around individual biosecurity issues. However, without structured arrangements setting out when and what information should be shared, there is a risk that information received will be reactive and dependent on personal relationships, and therefore be limited in its ability to support the identification of non-compliance trends.

2.17 The department has agreed to a protocol on data and information sharing with state and territory biosecurity agencies. The protocol requires the department to maintain a register of shared data, and states information and data sharing is ‘essential’ and ‘needed to prevent, mitigate and manage … biosecurity risks’. However, the department does not maintain a register of shared information and data, limiting its ability to understand what information is being collected from states and territories and how it is used.

Information storage

2.18 An April 2019 document identified 56 different systems used in the management of biosecurity. The majority of these systems do not communicate or have compatible data. In addition, key information is stored in isolated intranet sites27 and spreadsheets.

2.19 It is important to store collected information in a way that facilitates access and analysis if it is to effectively inform the approach to regulation.28 Without the ability to integrate data between different systems and information sources, the department’s ability to obtain a complete intelligence picture is limited.

2.20 The department has identified this issue in multiple reviews and documents, and has initiated projects to improve its systems and access to information (Table 2.1). While some projects have delivered improvements, there remain limitations to the department’s ability to access data and integrate information.

Table 2.1: Outcome of projects to improve information integration across systems

Project

Description

Outcome

Agriculture White Paper funding for systems

$3.3 million was allocated from 2016, to ‘improve the department’s biosecurity intelligence capability by investing in systems that gather, store, transfer, share, analyse, and report on biosecurity data’ and ‘create and populate a data system’.

While the deliverable was marked as complete, with $0.9 million spent, the outcomes only related to surveillance datasets for the Northern Australia Quarantine Scheme.

Biosecurity Integrated Information System

The business case for the project (2016–present), which was originally allocated $30.9 million, stated that it would deliver an integrated biosecurity import system that would remove the need to access multiple applications, and include the ability to share, extract, consolidate, manipulate, categorise and link real time data for analysis.

Aspects of the project relating to replacing existing systems with a single integrated system have not been delivered, with $56.9 million allocated to 2020–21 (paragraph 2.65). The scope of the project no longer includes the development of a single integrated biosecurity import system.

Development of data models

The project (2018–present) was intended to develop a data warehouse that stored data from a range of different systems.

Stored data was then to be incorporated into data ‘models’, to provide a single source for data analysts to access for analysis and reporting purposes.

This work was not undertaken as a formal project and so the cost was not recorded.

Data models have been implemented, which access most systemsa and convert some data into a more usable format for reporting and analysis.

The models are accessible only by data analysts or through pre-built reporting tools. Some information (such as entity details) is unable to be integrated across systems, due to data quality and structure issues (paragraph 2.11).

   

Note a: The department’s system for managing investigations into non-compliance is not accessible. Other information stored on departmental intranet sites, such as the department’s records of all non-compliance, have not yet been integrated into the models.

Source: ANAO based on Department of Agriculture, Water and the Environment information.

Intelligence products

2.21 For stored information to be useful, it should be analysed and disseminated to decision-makers in a way that meets their needs and supports decision-making. This includes tactical decisions about individual entities or instances of non-compliance, through to strategic decisions about the overall approach to biosecurity.

Identification of needs

2.22 While intelligence products29 are developed in response to requests, the department has not yet completed a process to identify and prioritise the intelligence needs of decision-makers.30 This limits its assurance that it is producing the intelligence products that will most effectively support key decisions. This is reflected in internal documents that indicate some decision-makers do not feel they receive intelligence that meets their needs. For example:

  • an August 2019 minute stated that ‘…information and intelligence that can assist with the prioritisation of activities is not readily available’; and
  • a December 2019 report stated that risk owners ‘…are not informed by a comprehensive intelligence picture or profile in the way that would be of significant benefit’.
Intelligence products coverage

2.23 To determine whether the department’s intelligence products effectively support the range of biosecurity regulatory decisions being made, the ANAO examined all 34 completed intelligence products that commenced between 1 July 2019 and 30 June 2020.31

2.24 While the department produced a range of intelligence products to support tactical and operational decision-making, it did not use collected information to develop intelligence products that support strategic decision-making. Of the 34 products examined by the ANAO, three provided strategic-level intelligence. These three products were based on publicly available information and did not use information collected from other agencies or the department’s own regulation. Themes from the strategic products have been reflected in high-level strategic discussions but have not yet resulted in changes to the department’s approach to regulating biosecurity.32

2.25 The department had commenced work on an additional 14 strategic intelligence products at the time of audit fieldwork. This reflects the ongoing development of the department’s strategic intelligence capability, after it commenced strategic intelligence work in 2019.

2.26 While producing an increased number of strategic intelligence products will better support strategic decision-making in future, they should make use of information from the department’s regulation, as well as open source information.

Recommendation no.1

2.27 The Department of Agriculture, Water and the Environment implement a strategy and accompanying procedural guidance for its use of intelligence in regulating biosecurity by 1 July 2022. The strategy and guidance should establish how intelligence needs will be identified and prioritised, how information will be obtained to meet those needs, and how intelligence products will support the range of decisions made by the department.

Department of Agriculture, Water and the Environment response: Agreed.

Is there an appropriate framework to identify and manage risks?

There is no established framework for assessing and managing risk across the biosecurity system. While there are some processes to assess and manage risks for individual pathways, these are subject to key limitations.

2.28 Regulators with clear and comprehensive processes to assess risk are positioned to allocate their resources towards those areas of greatest impact. Appropriate risk assessment processes support the department to: compare risk across the biosecurity system and target efforts accordingly; identify and respond to emerging and priority risks; and understand which entities within a pathway to focus on.

2.29 The Australian Government has committed to a risk-managed approach to biosecurity regulation.33 Effective implementation of such an approach will be important to manage increasing biosecurity risk in the future — the department predicted in 2017 that, under current regulatory strategies, unmitigated risks will increase 70 per cent and costs 50 per cent by 2025.34

System-wide risk framework

2.30 While the department has adopted risk-based approaches to some individual components of biosecurity regulation (see paragraphs 2.35–2.54), it does not have a framework to assess and manage risk across the entire biosecurity system. There is no established process to assess the level of risk posed by each biosecurity pathway and target activities at those pathways accordingly.

2.31 The absence of a framework to manage risk across the biosecurity system has been identified internally and externally. This includes once in 2008, twice in 2015 and twice in 2020. There have been multiple attempts or commitments to implement such a framework, including in 2009, 2010, 2012, 2016, 2017, and ongoing at the time of audit fieldwork in March 2021. These did not result in an implemented framework, despite some producing tools that could be used to assess risk across the biosecurity system, including comparing the risk of different pathways (see Appendix 2).35

Identifying emerging and priority risks

2.32 Without a framework to manage risk across the biosecurity system, there is no established process to determine risk tolerances or departmental priorities. This has resulted in internally identified issues, with 2019 departmental documents noting that priorities ‘changed rapidly over time’ and varied between working areas.

2.33 The department identified 12 priority biosecurity risks in August 2020.36 No structured or documented process was used for this risk assessment. In addition, it lacked several elements of better practice risk assessment37, including: defined criteria for evaluating risks and establishing tolerances; analysis of risks before treatments are applied; and arrangements for monitoring and review. This limits the department’s assurance that the assessment accurately captured key risks.

2.34 A departmental review stated in November 2020 that ‘biosecurity risk governance is currently ineffective’, noting this results in communication breakdowns between operational and policy areas and decreases the ability to proactively manage risks.

Pathway risk assessments

2.35 As outlined in Table 1.1, the department manages non-compliance with biosecurity requirements across multiple pathways through which pests and diseases may enter Australia, including cargo, travellers, mail, conveyances and approved arrangements.

2.36 The department’s approach to assessing risk varies across each pathway. It agreed to establish a ‘standard approach to risk pathway mapping and decision-making’ in response to a July 2020 Inspector-General of Biosecurity recommendation38, but this had not commenced as at February 2021.

2.37 The ANAO examined the department’s approach to each of these pathways, with the results detailed below. The department does not assess the likelihood of non-compliance in the cargo pathway, with only the consequences of non-compliance assessed. The processes for travellers, mail, conveyances and approved arrangements were partially appropriate but had key limitations to their ability to accurately identify risks.

Cargo

2.38 The department’s process for assessing risk in the cargo pathway does not consider the likelihood of non-compliance by different entities. The department does, however, assess whether correctly declared cargo may be associated with a higher risk of pests and diseases, by examining whether import declarations specify goods of potential biosecurity concern.39

2.39 The absence of a process to assess the likelihood of non-compliance for cargo is despite a departmental intelligence report noting in 2020 that non-compliance such as product substitution and fraudulent documentation ‘are enduring vulnerabilities of the cargo import pathway’. Without such a process, Australia is vulnerable to the entry of pests or diseases through non-compliant cargo.

2.40 The department has commenced projects to better assess risk in the cargo pathway. These projects have either not yet been completed or apply only to specific areas of the cargo pathway.

  • Two initiatives have been implemented to identify importers with a history of compliance.40 These initiatives do not apply to all goods41 and only apply where cargo would otherwise be subject to mandatory intervention.
  • A project was commenced in 2018 to quantify the level of risk associated with 16 different types of goods, and to address ‘critical policy application issues’ including the absence of a ‘defined risk tolerance policy or approach’. This project ceased after assessing the risk associated with one good. No actions were taken in response to that assessment.
  • A pilot of machine learning algorithms in 2020 indicated that they could more accurately predict non-compliance than current techniques.42 The department is planning to implement this approach more broadly across the cargo pathway.
  • A project is underway to identify cargo types with a low risk of non-compliance, allowing activities to be better targeted at risk. However, the progress of this project has been hindered by data quality issues preventing accurate risk identification.
Travellers

2.41 There is no established process to assess risk for sea travellers.43

2.42 Air traveller risk assessment is conducted through statistical analysis of the frequency that air travellers have been found to have undeclared high-risk goods against four characteristics (citizenship, age, gender, flight number). Risk assessment is used to compare travellers within each individual flight, and to compare the risk of different flights within each airport.

2.43 The department does not analyse the comparative risk posed by travellers at different airports, to enable it to target efforts at airports associated with higher risk travellers. In addition, while traveller risk assessments have been reviewed periodically, the department has not yet completed a policy for when risk assessments should be reviewed to ensure they remain current.

2.44 The accuracy of the risk assessment is limited by the department’s inability to access additional data held by Home Affairs (paragraph 2.14).44 Departmental documentation notes that ‘due to limited data sets, [risk assessments] are broad and a large number of compliant travellers are intervened with unnecessarily whilst high risk travellers may be missed’, and that prioritising inspection according to the assessment will perform ‘slightly better than random selection’.

Mail

2.45 The department assesses risk in the mail pathway by analysing data on the frequency that mail has been found to contain high risk goods against three characteristics (gateway, country of origin, mail class). This analysis is used to identify which groups of individual mail items are higher risk. It can also provide information on which mail centres pose a higher level of risk.

2.46 The department plans to review its mail risk assessments annually, with reviews having been completed in 2016, 2017, twice in 201945, and 2020. These risk assessments do not include letter-class mail, with separate reviews in 2011, 2015, and 2020 finding that letters posed a lower risk compared to other mail classes.

2.47 The accuracy of mail risk assessment is impacted by variations in mail volume estimates. Information from Australia Post on total mail volumes is used to calculate the expected probability of non-compliance. Large variations between the department’s and Australia Post’s mail volume estimates46 in 2016–17 and 2017–18 resulted in a number of groups with high rates of undeclared biosecurity risk material not being assessed.47

2.48 The department took action to improve mail volume data in 2017, but variations have since increased. Departmental mail volume estimates were 16.5 million (21.2 per cent) greater than Australia Post’s in 2020.48

2.49 The department’s inability to use data from customs declarations held by Home Affairs (see paragraph 2.14) further limits the accuracy of the assessment.49 A 2017 document noted that the inability to use customs data to enable informed and precise risk assessment places the department ‘…behind most developed nations’. While the impacts of not using this data have been identified, the department has not yet been able to use it for risk assessment.50

Conveyances

2.50 The risk of commercial sea vessels is assessed using an automated risk assessment program. The assessment is based on a range of inputs, including the pre-arrival reporting of the vessel, vessel characteristics, and the vessel’s history (including compliance history). This program generates a risk rating and ranks each vessel in a port. It does not allow the department to identify the level of risk posed by different ports.

2.51 The department has not reviewed the risk assessment program to ensure it is still targeted at areas of highest risk since implementation in 2016, despite agreeing to do so in response to an internal audit recommendation in 2018. The department closed this recommendation without completing the review, noting that it considers a review should be undertaken in 2021.51

2.52 There is no process to assess, review or target biosecurity risk for non-commercial vessels and commercial or non-commercial aircraft. The department agreed to a recommendation to establish such a process for non-commercial vessels in response to a 2018 internal audit. The department also closed this recommendation, despite it not being completed.

Approved arrangements

2.53 Once arrangements52 are approved, the department assesses them to be one of two risk levels53, based on the compliance history of the arrangement and whether the arrangement has been recently established or changed. Other factors, such as the potential consequences of non-compliance or the compliance history of the arrangement’s industry, are not considered.54

2.54 The department committed to considering additional risk factors as part of a review of its risk framework for approved arrangements, in response to a recommendation from the Inspector-General of Biosecurity in 2019.55 The department was unable to provide evidence that this work has been undertaken, despite closing the recommendation.

Recommendation no.2

2.55 The Department of Agriculture, Water and the Environment implement a framework to assess and manage risk across the entire biosecurity system by 1 July 2022. The framework should include, for all components of the biosecurity system: processes to assess both the likelihood and consequences of non-compliance; risk tolerances; review arrangements; and arrangements to escalate, communicate and prioritise risks.

Department of Agriculture, Water and the Environment response: Agreed.

Is compliance management supported by appropriate plans?

The approach to managing biosecurity compliance is not supported by appropriate plans. There is no current plan to guide the department’s biosecurity regulation, and the department is unable to demonstrate it has effectively implemented key reform plans.

2.56 Establishing and implementing appropriate plans supports regulators to deliver a regulatory approach that achieves desired outcomes. Effective planning and implementation is particularly important to guide the biosecurity reforms that have been identified as necessary to maintain Australia’s pest and disease status into the future (see paragraph 1.10). This includes plans to establish the general approach to regulating biosecurity, as well as specific project plans to reform individual elements of the biosecurity system.

Planning framework

2.57 Following the commencement of the Biosecurity Act 2015 (the Act), the department began developing a planning framework to guide its regulation. This included a policy statement (the Biosecurity Compliance Statement 2016) to outline its regulatory approach, a strategy to establish its long-term direction, and an annual biosecurity plan to establish yearly focuses. The current status of each is included below (Table 2.2).

Table 2.2: Implementation of biosecurity planning and strategy framework

Element of framework

Work completed

Issues and ongoing work

Policy statement to outline regulatory approach

Established a Biosecurity Compliance Statement in 2016, outlining how the department will use different tools to manage compliance.a

Following a 2018 departmental report which found ‘clear gaps’ in policy coverage, the department commenced work on an updated compliance statement, which was not finalised.

The department has also commenced work on a departmental regulatory practice statement and compliance policy, to establish a department-wide approach and principles for regulation and managing compliance. As at March 2021, these have not been completed.

Biosecurity strategy

The biosecurity strategy was not completed.

The department recommenced work on strategic planning and coordination of activities in 2019. However, as at March 2021, no strategy has been finalised.b

Annual biosecurity plan

The Biosecurity Compliance Plan 2016–17 was established to outline focuses for that financial year.c

The plan has not been updated. While the department informed the ANAO that the plan remains current, much of the content in the plan is specific to 2016–17 and the department’s regulatory approach has been subject to change.d The department was unable to provide evidence of review of the plan to ensure it remains contemporary.

    

Legend:  Implemented and updated; Implemented but not updated; Not implemented

Note a: Department of Agriculture and Water Resources, Biosecurity Compliance Statement [internet], 2016, available from https://www.agriculture.gov.au/biosecurity/legislation/compliance/biosecurity-compliance-statement [accessed 12 January 2021].

Note b: The department published Commonwealth Biosecurity 2030 on 26 May 2021, which is intended to establish a strategic roadmap for biosecurity. As this occurred after the conclusion of audit fieldwork, it was not examined as part of the audit; Department of Agriculture, Water and the Environment, Commonwealth Biosecurity 2030 [internet], 2021, available from https://www.agriculture.gov.au/sites/default/files/documents/commonwealth-biosecurity-2030.pdf [accessed 1 June 2021].

Note c: Department of Agriculture and Water Resources, Biosecurity Compliance Plan 2016–17 [internet], 2017, available from https://www.agriculture.gov.au/biosecurity/legislation/compliance/biosecurity-compliance-plan [accessed 12 January 2021].

Note d: For example, since the publication of the plan, the department has implemented a new reporting system for non-commercial sea vessels, implemented a system to reduce inspections for highly compliant cargo importers, and increased penalties for non-compliant entities, including visa cancellations. In addition, international trade and travel patterns have altered significantly following the outbreak of COVID-19.

Source: ANAO based on Department of Agriculture, Water and the Environment documents.

2.58 Without a current plan or strategy to guide its biosecurity regulation, there is a risk that the department’s activities are not coordinated in way that will achieve agreed biosecurity outcomes. This has been noted by the department, with internal documents stating that the absence of a biosecurity strategy inhibits the ‘realisation of a stronger biosecurity system’.

Recommendation no.3

2.59 The Department of Agriculture, Water, and the Environment implement and publish a planning framework by 1 July 2022, to establish its: approach to biosecurity regulation; long-term strategic goals and approach to achieving them; and regulatory focuses for each year.

Department of Agriculture, Water and the Environment response: Agreed.

Individual reform plans

Implementation of the biosecurity legislative framework

2.60 The ANAO previously examined the early implementation of the Biosecurity Act 2015 and found that the arrangements established up to that point effectively supported the implementation of the legislative framework in accordance with legislative timeframes.56 However, the department is unable to demonstrate that some subsequent activities necessary to ‘achieve the benefits of implementing the Biosecurity Act’ have been completed.

2.61 The final stage of the biosecurity legislation implementation program57, intended to complete the remaining deliverables, was not formally undertaken. Instead, four projects of uncompleted work were transitioned to business as usual58, despite the final program overview report noting that the status of the program was ‘at risk’ and ‘close monitoring of the risks and issues highlighted in the report [is] required’. The ANAO identified the following issues with the oversight of these activities under business as usual.

  • A review that was intended to verify that all deliverables had been accepted by business-as-usual owners did not verify the acceptance of the deliverables.
  • Departmental documents do not demonstrate whether intended activities have been fully completed for three of the four projects transitioned to business-as-usual.59

2.62 In addition, planned reporting was not completed. From a framework of seven performance measures designed to assess whether the benefits of the legislation had been realised, five were determined to require ongoing reporting following the transition to business-as-usual as their benefits were yet to be realised.60 The department was unable to provide evidence of this reporting, despite agreeing to the recommendation to implement the framework in the previous ANAO audit.61 Specific measures relating to the use of regulatory tools are discussed further in paragraphs 4.71–4.72.

System developments

2.63 The department has commenced a range of information system developments to address identified issues that prevented systems from supporting a risk-based operating environment. These include: inefficient business processes; poor quality data and unlinked systems limiting the ability to extract and analyse information; inability to share and aggregate data with states and territories to confirm pest and disease statuses; and an inability to manage some critical biosecurity functions (such as monitoring off-shore threats). See paragraphs 2.18–2.20, 3.50–3.51 and 4.10–4.14 for more information on identified system deficiencies.

2.64 The primary system development project was the Biosecurity Integrated Information System (BIIS) program. The program commenced in 2016 and received $30.9 million in funding. It included the development of a single integrated workflow solution to replace a range of existing biosecurity import systems and allow staff to operate through a single interface when conducting biosecurity activities, such as scheduling, undertaking, and recording results of inspections and audits of travellers, mail, cargo and approved arrangements.

2.65 The BIIS program, which was scheduled to be completed by January 2020, has been allocated $26 million more than the original funding amount to 2020–21 and is not yet completed, with only partial delivery of intended benefits (see paragraphs 3.51 and 4.12). Deliverables have been changed and no longer meet some identified needs from the business case, including development of a single integrated biosecurity import system with a single interface (described as ‘imperative’ in the business case), with key systems no longer included.62 Departmental reporting does not clearly demonstrate when these changes were documented or approved by senior officials, or clearly outline what business requirements had changed.

2.66 The department has commenced a range of other system development projects, some of which include deliverables originally in-scope for the BIIS program. The ANAO identified a range of issues with reporting and documentation for the BIIS program and other system development projects that may limit their ability to deliver intended benefits, including:

  • regular changes in scope, time, and cost;
  • deficiencies in reporting against scope, time and cost63;
  • a lack of reporting on alignment and achievement of originally intended benefits, including potential impacts on original benefits due to changes in scope; and
  • limited evidence of action in response to risks with high ratings or requiring urgent action.

2.67 In addition, there is no overarching development strategy or system architecture. Without this, there is a lack of evidence of coordination and prioritisation to target projects at areas of greatest need, avoid duplication, leverage off other projects, and maximise collective benefits.

Recommendation no.4

2.68 The Department of Agriculture, Water and the Environment implement improved governance arrangements for information system developments by 1 July 2022, to:

  • identify and prioritise system development needs;
  • align and coordinate IT development projects occurring separately to provide the greatest collective benefit; and
  • improve project reporting to monitor projects against the intended benefits set out at project commencement.

Department of Agriculture, Water and the Environment response: Agreed.

Have appropriate arrangements been established with partner agencies?

Partially appropriate arrangements have been established with partner agencies. Agreements are in place with all key agencies, though scheduled reviews have not been completed. Communication arrangements have been established to facilitate coordination and information sharing. There are no documented arrangements to identify shared risks or establish how they are managed between agencies.

2.69 The department’s management of biosecurity interacts with and relies on a number of other agencies. Key agencies for the regulation of biosecurity are outlined below.

  • Home Affairs — responsible for international goods and entities entering Australia.
  • Department of Health (Health) — responsible for human biosecurity policy.
  • Australia Post — responsible for international mail.
  • State and territory biosecurity agencies — responsible for biosecurity within their borders.

2.70 Establishing formal agreements, communication arrangements, and arrangements for managing shared risks will support the maximisation of benefits with other agencies.

Formal agreements

2.71 Formal agreements with other agencies, such as memoranda of understanding, play a key role in establishing and clarifying how agencies work together. The department has established agreements with all key agencies.

2.72 Agreements with partner agencies appropriately specify the roles and responsibilities of each agency. Some agreements have not been reviewed within specified timeframes, or do not include a schedule for review.64 Notably, an agreement between Australia Post, Home Affairs and the department regarding international mail has not been updated since 2009, despite substantial change in the mail pathway65 and the commencement of the Biosecurity Act 2015.

2.73 Reviewing and updating arrangements would provide greater assurance that agreements with partner agencies remain current and effectively support biosecurity interactions.

Communication arrangements

2.74 Effective communication arrangements support agencies to receive relevant information, and coordinate with and benefit from activities undertaken by each other.

2.75 The department commits to the sharing of information in all agreements with key agencies. Information is shared on request with Commonwealth agencies about individual issues (see paragraphs 2.13–2.17). While the department informed the ANAO it shares information with states and territories, it was unable to provide evidence.

2.76 The department has established ongoing arrangements to meet with all key agencies. Records of these meetings document: collaboration on issues and initiatives; information sharing and updates on work that may affect other agencies; the resolution of issues between agencies; and planning to align future work and deliver mutual benefits.

Shared risks

2.77 Shared risks are risks that are common to multiple agencies, which must be mitigated to enable each agency to discharge its responsibilities. The Commonwealth Risk Management Policy requires agencies to implement arrangements to understand and contribute to the management of shared risks.66

2.78 Shared risks may arise through entities or goods that pose a plant or animal biosecurity risk (shared with the states and territories) as well as a human biosecurity risk (shared with Health) or a risk to border security (shared with Home Affairs).

2.79 The department does not have established arrangements to assess or manage shared risks relating to its regulation of biosecurity. Agreements with other agencies do not identify shared risks or specify how they are to be managed.

2.80 Understanding and managing shared risk is important for effective program design and implementation.67 The framework to assess and manage risk across the biosecurity system outlined in Recommendation no.2 (paragraph 2.55) should include arrangements to assess and document risks shared with other agencies and the controls in place for those risks.

Has an appropriate performance framework been established?

An appropriate performance framework has not been established. External performance measures do not provide information on the effectiveness of the department’s regulation of biosecurity. Internal performance measures have only been established to measure the effectiveness of two out of five biosecurity pathways, and the department was unable to demonstrate their use to inform its regulatory approach.

2.81 A key element of regulatory governance is the establishment of an appropriate performance framework that provides information about whether the regulator is achieving its intended results. This should include external performance measures to provide information about the achievement of its purpose to Parliament and other stakeholders, and internal performance measures to inform officials about the effectiveness of their regulatory approach.

External performance information

Commonwealth performance framework

2.82 The Commonwealth performance framework requires entities to establish, as part of their annual corporate plans, their purpose and performance measures to measure their performance in achieving that purpose.68 Results against these measures are required to be provided in their annual performance statements, to provide accountability to the Parliament and public.

2.83 The department’s 2020–21 corporate plan separates its purpose69 into five different objectives, one of which focuses on biosecurity (manage biosecurity risks to Australian agriculture, the environment and our way of life).70 Three performance measures are established under this objective, relating to meeting regulatory timeframes, compliance rates, and the development of further performance measures.71 The ANAO assessed these measures against the requirements established in the Commonwealth performance framework and accompanying guidance.72

2.84 While one measure provided information about compliance rates for two of the five biosecurity pathways, the measures do not facilitate a full assessment of the department’s effectiveness in managing biosecurity risk. The measures do not provide efficiency information. These limitations prevent the performance measures from accomplishing their aim of providing information about the achievement of the department’s purposes73 or about the achievement of the objectives of the Biosecurity Act 2015.

2.85 In addition, the measures only partially met the requirements of relating to the department’s objective, or being reliable, verifiable, and unbiased. The primary limitations were a lack of information about what would be measured and the inclusion of activities not related to the biosecurity objective (such as export activities, logging, and water efficiency). The measures also did not meet the requirement of containing qualitative as well as quantitative information, but did meet the requirement of enabling an assessment of performance over time.

2.86 The department is aware of the absence of information on the effectiveness of its biosecurity regulation, with a 2019 report noting that there is ‘no broader assessment of whether the regulatory systems are delivering the outcomes intended’. To address this issue, the department has committed to develop a performance framework to assess the outcomes of the national biosecurity system.74 In June 2020, a Centre of Excellence for Biosecurity Risk Analysis (CEBRA) report delivered a set of potential measures for the national biosecurity performance framework.75 A full national biosecurity performance framework based on these measures is intended to be developed by mid-2021.76

Regulator performance framework

2.87 The regulator performance framework, released in October 2014, requires Commonwealth regulators to publish annual self-assessments on their performance against six performance indicators.77 These indicators are designed to encourage regulators to take a risk-based approach that minimises impact on regulated entities, and do not assess the achievement of regulatory outcomes (as per the Commonwealth performance framework, above). As at March 2021, the department has released self-assessments for each year from 2015–16 to 2018–19.

2.88 The ANAO examined the department’s 2018–19 self-assessment of its biosecurity regulation, and found it did not enable a reliable assessment of regulatory performance. Performance targets used vague language that did not enable an objective assessment of their achievement, and it was unclear how achievement against the targets was to be measured.78 Reporting against the targets was not reliable, as it only involved descriptions of activities taken by the department. The Inspector-General of Biosecurity has discussed the reliability of the assessment, stating it was ‘substantially inconsistent with … industry feedback’.79

Internal performance information

2.89 Internal monitoring of performance using well-defined measures can be a valuable source of information for a regulator on its strategies and areas for improvement.

2.90 The department does not have formalised internal performance measures on the effectiveness or efficiency of its overall regulation of biosecurity. While there are measures or management-level reporting for individual pathways (discussed below), these are often incomplete or disjointed. This limits their ability to facilitate a view of the effectiveness or efficiency of the regulation of biosecurity as a whole.

2.91 For the individual pathways of cargo, conveyances and approved arrangements, there are no performance measures, despite CEBRA developing potential measures for those pathways in 2016.80 There are reporting arrangements for management-level information, such as the number of inspections undertaken and non-compliance rates. This reporting, while potentially a useful input for decision-makers, does not facilitate a full assessment of the department’s effectiveness in managing the risk of pests and diseases entering Australia through those pathways.

2.92 Performance measures have been established for the traveller and mail pathways (including compliance levels before and after passing through biosecurity control). However, the measures lack targets, and departmental documents indicate that they are not used to inform the department’s regulation. For example, a 2018 internal audit found that mail performance measures ‘do not support the assessment or improvement of operations’. The department was unable to demonstrate any use of the measures to inform changes to its regulatory approach.

Recommendation no.5

2.93 The Department of Agriculture, Water and the Environment establish a performance framework for its biosecurity regulation by 1 July 2022. The framework should:

  • include internal and external measures of effectiveness and efficiency for each biosecurity pathway and the biosecurity system as whole;
  • identify how performance measures will be used to inform the department’s regulation;
  • ensure staff and executive training is undertaken on the requirements of the Commonwealth performance framework; and
  • establish how information management issues will be managed to ensure appropriate performance information is available.

Department of Agriculture, Water and the Environment response: Agreed.

3. Detecting non-compliance

Areas examined

This chapter examines whether the Department of Agriculture, Water and the Environment (the department) has appropriate arrangements to detect non-compliance with biosecurity requirements.

Conclusion

Arrangements to detect non-compliance are partially appropriate. The targeting of detection activities is not supported by a framework to allocate resources to pathways or emerging threats proportionately to risk, but there are partially appropriate processes to target individual items and entities within pathways. Key limitations to procedures, systems and the conduct of detection activities prevent them from fully supporting the detection of non-compliance. Departmental estimates indicate that some detection activities may have become more effectively targeted, but that undetected non-compliance is increasing.

Areas for improvement

The ANAO made a recommendation aimed at establishing a framework to allocate resources to pathways and threats proportionately to their risk.

The ANAO also suggested that the department: examine whether the distribution of targeted operations across pathways is aligned with risk; maintain accurate records of staff training; and estimate rates of incorrect release following inspections in pathways other than travellers and mail.

3.1 The department undertakes activities to detect non-compliance with biosecurity requirements across multiple pathways through which pests or diseases may enter Australia (Table 1.1). These pathways include cargo, travellers, mail, conveyances and approved arrangements.

3.2 Establishing appropriate arrangements to detect non-compliance in each pathway allows the department to identify and prevent the entry of biosecurity risks to Australia. It also supports further regulatory action in response to identified non-compliance.

3.3 To assess whether there are appropriate arrangements to detect non-compliance, the ANAO examined whether detection activities are: appropriately targeted; supported by appropriate procedures and systems; conducted in accordance with legislative and procedural requirements; and effective at identifying non-compliance.

Are detection activities appropriately targeted?

There are no documented arrangements to ensure the resources allocated to different pathways or threats are proportionate to the risk posed. There are arrangements within each pathway to target detection activities at the level of risk of individual items, although limitations in their implementation prevent detection activities from being fully targeted at risk.

3.4 Targeting activities towards identified areas of high risk allows regulators to maximise impact and reduce intervention with compliant entities.81 To effectively target biosecurity detection activities at areas of high risk, the department should have arrangements to ensure its resources: are allocated to each pathway in proportion to their level of risk; are targeted at high-risk items82 or entities within pathways; and can be effectively targeted at emerging and priority risks.

Allocation of resources to pathways

3.5 As noted in paragraph 2.30, there are no arrangements to assess the level of risk associated with each pathway. In the absence of such an assessment, there is no framework to ensure the level of resources allocated to each pathway is proportionate to risk. In addition, desired levels of detection have not been established (see paragraph 3.82) to support the targeting of detection activities to pathways.

3.6 Similarly, there is no documented framework to align the resources allocated to different areas within pathways (such as different airports, seaports or mail centres) to their level of risk. Risk is considered when establishing new ports, and resourcing may be allocated to support specific activities associated with biosecurity risk (such as specific funding to respond to African swine fever). However, resourcing within pathways does not, by default, include a consideration of risk.

3.7 This leaves the department unable to demonstrate that it is targeting its resources at the areas where they are most effective at managing the risk of a pest or disease entering Australia. As noted in a 2019 review of potential vulnerabilities to the biosecurity system, the department has adopted a ‘low intervention’ approach for some areas of pathways, despite ‘unknown risks’.83

Targeting of items and entities within pathways

3.8 The ANAO examined the department’s arrangements to target its detection activities at individual items and entities within pathways. Each pathway has established mechanisms to target some detection activities at individual items or entities identified as higher risk (however, as discussed in paragraph 2.37, the effectiveness of these risk assessments is limited).

3.9 The most common way that activities are targeted is through the application of ‘profiles’. Profiles flag items based on whether they match criteria identified as representing higher risk. Profiles may be applied manually by staff or automatically by departmental and partner agency systems. Flagged items and entities are referred to biosecurity officers for further intervention.

3.10 Some components of pathways do not have arrangements to target detection activities at risk. In addition, even where profiles or other mechanisms are in place, there are limitations in their implementation that prevent them from being fully targeted at risk, as discussed below.

Cargo

3.11 The department targets its cargo detection activities primarily through the use of automated profiles.84 Profiles assess the nature of imported goods and refer those that may be a biosecurity risk for inspection. As per the risk assessment (paragraph 2.38), these profiles principally target the risk of pests and diseases associated with specific types of goods, and not entities with a higher likelihood of non-compliance. Supplementary targeting methods are described in paragraph 3.14.

3.12 Profiles operate differently depending on the value of the goods.

  • For goods over $1000, profiles identify biosecurity risk material by requiring importers to answer automated questions based on the tariff85 declared (for example, ‘do the goods contain any bark?’).86
  • For goods under $1000, profiles search a free-text goods description entered by importers for words that may indicate biosecurity risk (for example, ‘pork’ or ‘raw’).87 As noted by the Inspector-General of Biosecurity in 202088, free-text descriptions limit the effectiveness of this process, as descriptions may not be accurate or recorded in a useful format.89

3.13 Departmental records indicate its target of reviewing 1200 profiles90 per financial year since 2015–16 has been met. However, there is no current schedule for when and which profiles should be reviewed, despite a 2016 policy requiring a review schedule to maintain ‘a contemporary and integrated approach to cargo profiling’. Attempts to establish a schedule have been limited by departmental staff who were responsible for the associated risk indicating ‘they did not have full oversight of their profiles so it was difficult to determine which profiles required review’.

3.14 Additional targeting mechanisms have been established to supplement profiles. There are established processes to automatically refer cargo associated with specific entities, such as those with a history of known or suspected non-compliance. Importers with a history of compliance will be referred at a lower rate for certain types of goods (see paragraph 2.40). The department also automatically refers cargo for inspection from countries at a higher risk of certain pests and diseases, and cargo that is to be transported to rural locations within Australia.

3.15 Once cargo is referred, the department undertakes procedures based on the import conditions for the goods in question91, as well as any additional biosecurity risks identified. These procedures include document assessment92, and may include physical inspection of the goods and shipping container depending on the import conditions or results of the document assessment.

Travellers
Sea travellers

3.16 In the absence of a departmental risk assessment process (paragraph 2.41), sea travellers are inspected based on the judgement of individual officers. Procedural guidance states officers should assess and verify the level of risk posed by cruise ship travellers, but does not clearly specify how this should be done.93 The determination of whether vessel crew members are inspected is based on the goods declared by the operator of the incoming sea vessel.

Air travellers

3.17 Detection activities are targeted at individual air travellers through a combination of manual procedures and the application of automated profiles or other alerts.

3.18 Manual risk identification procedures are undertaken at airports to target high risk travellers. Travellers are referred for screening if the biosecurity officer considers that their incoming passenger card94, response to questioning, or other characteristics95 indicate they may be carrying biosecurity risk material. Screening may occur through detector dog, x-ray or full baggage inspection, at the judgement of the biosecurity officer. The department has implemented guidance to support these decisions.

3.19 Automated profiles, implemented in 2018, automatically refer travellers who match identified risk characteristics (paragraph 2.42) for full baggage inspection. Previous manual processes limited the complexity of profiling options and the number of travellers that could be profiled. While automated profiling represents an opportunity for improvement on manual systems, the limitations outlined in Table 3.1 restrict its ability to effectively target detection activities.

Table 3.1: Automated traveller profiling limitations

Limitation

Description

Not all identified risk travellers are referred for intervention

Each flight has a cap on the number of travellers that can be referred, with travellers who match profile criteria randomly chosen until the cap is reached. While the cap varies depending on the risk rating of the flighta, large proportions of travellers in identified risk groups are not referred. For example, 2019 records indicate that 67.2 per cent of identified risk travellers were not referred for intervention on high risk flights from two countries.

Travellers with different risk levels are not prioritised

While the risk assessment process ranks different groups of travellers by their expected likelihood of non-compliance (paragraph 2.42), all travellers matching profiles are referred at the same rate.

For example, the risk assessment process for one Adelaide flight identified two groups with expected 69.5 and 2 per cent likelihoods of high-risk biosecurity material, which were both referred at the same rate.

Benefits reporting and evaluation not completed

The plan for the implementation of automated profiles included a number of success measures to demonstrate it had achieved intended benefits. The department was unable to provide evidence of reporting against the measures. In addition, an intended post-implementation review was not completed.

  

Note a: Flights assessed as high risk have a cap of 20, while flights assessed as low risk have a cap of five. Since 2018, caps have been increased for flights identified as having a high risk of carrying African swine fever.

Source: ANAO based on Department of Agriculture, Water and the Environment documents.

3.20 To supplement the use of profiles, the department has established automated processes to automatically refer travellers with a history of non-compliance for inspection, and to exclude travellers with a history of compliance.

3.21 The department has not yet implemented changes to allow it to continue using current automated profiling and referral processes following planned changes to the Department of Home Affairs’ (Home Affairs’) processes and systems.96 These changes to Home Affairs’ systems were initially due for delivery in 2020, but have not been finalised as at January 2021.

Mail

3.22 The department targets its detection activities at individual items of mail through the use of profiles. Items that match profile criteria (assessed as representing higher risk; paragraph 2.45) are referred to the department by Australia Post to be screened. Letter class mail is not profiled or screened, in accordance with its assessed lower level of risk (paragraph 2.46).

3.23 The effectiveness of mail profiles is reduced by some identified risk groups not being fully screened.97 In addition, while profiles were updated in 2020, they had not previously been updated since 2016, despite risk assessments having been conducted in 2017 and twice in 2019 (paragraph 2.46).

3.24 Mail referred to the department is screened using detector dog, x-ray or physical inspection with biosecurity officers manually assessing the risk of different mail items to determine the method of screening. Procedural guidance advises biosecurity officers to consider country of origin, seasonal and cultural events98, visual assessment99, and departmental alerts, as well as providing a list of considerations for each screening method. Past attempts to analyse the effectiveness and efficiency of different screening methods for different groups of mail were unable to be completed due to insufficient data.

3.25 As noted in a 2017 document, the department’s heavy reliance on manual processing to target its mail detection activities ‘poses challenges for timely and effective management of risks’. It relies on individual officer experience, capability and ability to remember the details of items of interest, and is limited in its ability to scale or keep up with increasing volumes.

3.26 The department has commenced projects to reduce its reliance on manual processing and increase its ability to target risk, including through the introduction of a 3D x-ray scanner and automated detection algorithms in Melbourne from 2019. A trial of these technologies found that they resulted in 6.8 times more seizures of risk material than previous scanners. An additional 3D x-ray scanner was installed in the Sydney mail facility in October 2020.

Conveyances
Aircraft and non-commercial sea vessels

3.27 For aircraft and non-commercial sea vessels, the department does not target its activities at risk. It inspects all aircraft and all non-commercial vessels. Without a documented risk assessment of aircraft and non-commercial vessels (paragraph 2.52), there is no assurance that this is an appropriate level of intervention. Departmental documents have stated that assessing the risk of non-commercial vessels and targeting inspection activities accordingly would improve its ‘…capacity to efficiently deploy staff’.

Commercial sea vessels

3.28 For commercial sea vessels, the department’s systems automatically target detection activities at risk in accordance with the results of its automated risk assessment program (see paragraph 2.50). Based on the results of the risk assessment, the system schedules different types of inspections to address the specific risks and requirements of each vessel. Scheduled inspections are prioritised between vessels in accordance with the level of risk.

3.29 The department has also established a scheme through which commercial vessels with a history of compliance that have not reported any biosecurity concerns are subject to a reduced inspection rate (60 per cent). This program was based on a project led by the Centre of Excellence for Biosecurity Risk Analysis (CEBRA), which showed that the likelihood of biosecurity risk material present on a commercial vessel can be predicted by the results of past inspections.100

3.30 For the conduct of inspections, procedural guidance specifies minimum areas that must be inspected, suggests areas that should be inspected for vessels with past or current poor sanitation, and indicates where certain pests or diseases may be present. Follow-up inspections may be scheduled to ensure treatments in response to a previous inspection were effective in managing the risk.

Approved arrangements

3.31 The department’s primary approach to detecting non-compliance in approved arrangements101 is through departmental compliance audits.102 Audits are conducted at one of two frequencies — a ‘probationary’ audit rate (two audits per 180 days; for approved arrangements that were recently approved, changed, or found to be non-compliant) and a ‘low’ audit rate (one audit per year; for approved arrangements that have passed two probationary audits and all subsequent audits).103

3.32 This process, as per the risk assessment process (paragraph 2.53), does not consider the potential consequences of non-compliance or other factors that may indicate an increased likelihood of non-compliance. A 2020 review noted that some departmental officials viewed the audit process as a ‘blunt instrument’ because they were ‘not risk-based’.

3.33 In addition, while the department can (and does) conduct both announced and unannounced audits, there is no policy for when each option should be used. As noted by the Inspector-General of Biosecurity in 2019104, unannounced audits are more likely to provide an accurate representation of compliance.

3.34 Without an established policy for when unannounced audits should be used, there is limited assurance that they are used in a way that is effectively targeted at risk.

Responding to emerging threats

3.35 Where threats arise that are not adequately covered by existing controls, the department should have arrangements in place to enable it to identify and respond to them. The ANAO examined the department’s activities to identify and respond to threats not covered by existing controls, and its arrangements to reallocate resources to confirmed threats.

Targeted operations

3.36 The department undertakes desktop analysis and physical interventions known as targeted operations to support it to identify, understand and respond to potential emerging threats. Targeted operations disrupt or confirm known or suspected non-compliance of specific entities and areas, and also verify whether controls are effective in dealing with threats.

3.37 Targeted operations have been undertaken in accordance with plans established in 2018 and 2020, as well as in response to emerging issues and requests. The plans were informed by assessments of threats and vulnerabilities in 2016 and 2019. A policy for the use of targeted operations was finalised in December 2020, with procedural guidance not finalised.

3.38 Completed operations have primarily focused on the cargo pathway. Of the 35 operations completed between July 2016 and February 2021, 28 examined the cargo pathway, five examined air travellers, two examined approved arrangements, and two examined mail. None examined the conveyances pathway.105

3.39 Of these 35 operations, 57 per cent identified non-compliance.106 Non-compliance was found for 14 of 28 (50 per cent) operations examining the cargo pathway, four of five (80 per cent) examining travellers, one of two examining mail (50 per cent) and one of two (50 per cent) examining approved arrangements. For the 10 operations since 2019 that identified non-compliance, departmental documents indicate that action has commenced or been taken in response to the non-compliance.

3.40 Following the establishment of a framework to assess the level of risk across each biosecurity pathway (Recommendation no.2; paragraph 2.55), the department should examine whether the current distribution of targeted operations across pathways (including the current high focus on cargo) is aligned with the identified risks.

Reallocation of resources

3.41 The department has demonstrated an ability to reallocate its resources in response to identified threats. For example, the department put in place measures to address the risk posed by the Brown Marmorated Stink Bug, increasing activities and requirements such as mandatory documentation, inspection and treatment. It has also put in place measures to respond to African swine fever, by increasing intervention with travellers and mail from affected countries.

3.42 However, as noted in paragraph 2.32, there is no framework to determine when an emerging risk should be escalated or intervened with. The department was unable to demonstrate any documented process to ensure its reallocation of resources to emerging threats is proportionate to the risk posed. Departmental documentation indicates that officials are not aware of how resourcing decisions are made to focus on priority risks, including whether the impact to other pathways is considered when resources are reallocated.

Recommendation no.6

3.43 The Department of Agriculture, Water and the Environment implement, by 1 July 2022, a framework to ensure the resources allocated to pathways and threats is proportionate to the level of risk. This should align with the risk assessment framework in Recommendation no.2, and should contain arrangements for periodic review.

Department of Agriculture, Water and the Environment response: Agreed, with request to extend timeframe implementation to 30 June 2023.

Are appropriate procedures and systems in place to support the detection of non-compliance?

Procedures and systems partially support the detection of non-compliance. Instructional material has not all been reviewed and there are limitations to its accessibility. Some information systems have been identified as not meeting regulatory requirements, but have not yet been replaced or upgraded. Frameworks to determine and deliver training requirements have not been fully completed and records do not demonstrate that legislative training requirements have been met.

3.44 Establishing appropriate procedures and systems supports regulators by providing staff with the information and resources necessary for regulatory decision-making. Key procedures and systems to support the detection of biosecurity non-compliance include procedural guidance, information systems, and training arrangements.

Policies, procedures and supporting documentation

Development of instructional material for the commencement of the legislation

3.45 As noted in Auditor-General Report No. 34 2016–17 Implementation of the Biosecurity Legislative Framework, the department developed a plan and strategy to amend and develop instructional material for the Biosecurity Act 2015 (the Act). However, only 160 of the 1000 documents identified as requiring amendment or development were finalised prior to the commencement of the Act in June 2016.107

3.46 A project for developing and finalising the remaining instructional material was transitioned to business as usual (see paragraph 2.61) before completion. Departmental reporting indicates that six out of eight streams of instructional material were uncompleted at this time, including material for approved arrangements and the management of first points of entry.108

3.47 While additional instructional material has been periodically updated and completed, the department was unable to provide evidence of reporting demonstrating the completion of all required instructional material. This limits the assurance that all material has been updated.

Quality of current instructional material

3.48 Nineteen pieces of instructional material covering the department’s key detection activities were examined.109 Each document adequately specified roles and responsibilities and covered the key activities to be undertaken. However, some documents reference non-existent instructional material, and 10 of the 16 documents with hyperlinks to other documents had at least one broken link. Similar issues with accessibility were noted by the Inspector-General of Biosecurity in 2021.110

3.49 In addition, the effectiveness of the instructional material is limited by a lack of review to ensure it remains appropriate. Nine of the 19 examined documents had not been reviewed within the three-year period required by departmental policy. One document, relating to inspecting aircraft cargo holds, had not been updated since the commencement of the Biosecurity Act 2015. This is despite it having been identified as requiring amendment as part of the implementation of the Act (paragraph 3.45).

Information systems

3.50 Since 2008, multiple reviews have identified issues with the systems supporting non-compliance detection activities. For example, the 2008 review of Australia’s quarantine and biosecurity arrangements recommended the prompt redevelopment of systems111, and the Inspector-General of Biosecurity stated in 2019 that information systems were inadequate for identifying changing biosecurity risks.112

3.51 While some progress has been made, a number of key systems used to support detection activities have not been updated (Table 3.2). These systems were included in the business case for the Biosecurity Integrated Information System program (BIIS; paragraph 2.64–2.65). The BIIS business case proposed replacement with a new system that provided workflow and automation capability to streamline current processes, reduce processing times, provide extra information to support decisions, and better apply risk-based monitoring. It noted that current systems:

  • did not allow for the allocation of resources to address biosecurity risk in a timely, efficient and effective manner; and
  • resulted in ‘highly inefficient business processes and poor quality data’ due to the manual processes adopted to compensate for system limitations.

Table 3.2: Progress made on system developments

Pathway

ANAO assessment of development progress

Cargo

The system for commercial cargo (implemented in 1992) has not been replaced, despite being included in the original scope of BIIS. The existing system provides limited workflow and automation capability, and was described by the department as ‘grossly inefficient’ in 2018.a System redevelopment has not yet commenced.

The system for non-commercial cargo is currently being replaced as part of BIIS. August 2020 project reporting stated that 87% of non-commercial cargo system functionality had been replaced, with the new system in use for some aspects of non-commercial cargo detection activities.

Travellers and Mail

The system for travellers and mail (implemented in 2002) has not been replaced, despite being included in the original scope of BIIS. The existing system does not support workflow or automation capability, and has been described as ‘dated and difficult to use’.

A subsequent project commenced in 2019 to replace its functionality, but new systems have not yet been implemented as at February 2021.

Conveyances

The system for commercial sea vessels was replaced in 2016 with a new product that provides workflow functionality and automatically assesses the risk of incoming vessels (see paragraphs 2.50 and 3.28). The system for non-commercial vessels was not replaced.b

Approved arrangements

The systems used for approved arrangements are currently being replaced as part of BIIS, with some functionality of the new system now in use.

   

Legend:  System functionality updated; Partially updated; Not yet updated

Note a: Department of Agriculture and Water Resources, Submission to the Independent Review of the APS [online], 2018, available from https://www.apsreview.gov.au/your-ideas/submissions/department-agriculture-water-resources [accessed 9 February 2021].

Note b: As part of the 2021–22 budget, $28.7 million was announced to expand the system for commercial vessels to include reporting on international aircraft and non-commercial sea vessels; S Morrison (Prime Minister) and D Littleproud (Minister for Agriculture, Drought and Emergency Management), Biosecurity for a safe Australia and thriving farming sector, media release, Parliament House, Canberra, 4 May 2021.

Source: ANAO based on Department of Agriculture, Water and the Environment documents.

Detection training and qualifications

Mandatory biosecurity officer training

3.52 The Biosecurity Act 2015 requires the Director of Biosecurity113 to determine the training and qualification requirements for biosecurity and biosecurity enforcement officers.114 The Director of Biosecurity issued a determination in June 2016 requiring biosecurity and biosecurity enforcement officers to complete two training modules (or equivalent training delivered by another government agency) relating to the Biosecurity Act 2015 and administrative decision-making.

3.53 The department requires that evidence of completion of the mandatory training be provided to approve the appointment of a biosecurity or biosecurity enforcement officer. However, records in the department’s training systems do not clearly indicate that all officers have completed both units of training. Of the 2230 officers recorded by the department, 457 were not recorded as having completed the decision-making training, and 90 were not recorded as having completed the Biosecurity Act 2015 training. Fifty-two had not completed either training.

3.54 The department informed the ANAO that as part of the required five-year renewal of identification cards issued to biosecurity officers at the commencement of the Act (due in 2021), staff without training records in the system will be required to provide evidence of completion. The department should ensure that records of training completion are accurately captured for all biosecurity officers as part of this process.

Other training

3.55 The department has begun developing competency frameworks for biosecurity detection activities to: determine what competencies are required for staff; develop training to support staff to obtain those competencies; and track which staff have obtained competencies. This includes competencies for audits of approved arrangements, assessment of biosecurity documentation (such as import documents), and inspections of travellers, mail and cargo.

3.56 The competency frameworks for audit, document assessment and inspection activities are at varying stages of completion (Table 3.3). Without completed frameworks, there is limited assurance that staff have the training necessary to support effective detection activities.

Table 3.3: Status of detection activity competency frameworksa

Detection activity

Competencies identified

Training requirements identified and developed

Records maintained of staff competencies

Audit

18 competencies relating to biosecurity detection activities have been identified.

Required training and performance standards have been identified for all competencies, but have not been fully developed.b

Records are maintained of which staff have obtained each audit competency.

Document assessment

Not completed.

Not completed. The department informed the ANAO that ‘known gaps have been identified’.

Not completed.

Inspections

50 competencies relevant to biosecurity inspection activities have been identified.

Training requirements have been identified for all but one competency.c 41 of 172 items of training identified for those competencies have not been completed.

The department was unable to provide records demonstrating which staff have obtained competencies.

       

Legend:  Completed; Partially completed; Not completed

Note a: Competency frameworks also include non-biosecurity activities.

Note b: Performance standards have been developed for 12 out of 18 competencies for biosecurity audit activities. Online learning modules have not yet been developed for any competency. Job cards (which establish and demonstrate achievement of requirements for undertaking an activity) have been completed for 2 out of 7 competencies requiring job cards. Training content has been developed for 15 out of 18 competencies.

Note c: Verifications, a ‘core’ competency from the framework, is not included in the inspection training pathways.

Source: ANAO based on Department of Agriculture, Water and the Environment documentation.

Are detection activities conducted in accordance with legislative and procedural requirements?

Detection activities are partially conducted in accordance with legislative and procedural guidance. Frameworks to verify and provide assurance over detection activities have not been fully implemented. There are ongoing issues with record keeping and random inspections, but these have improved for some pathways. Records indicate that air travellers with declared or inspected risk material are being incorrectly released, although incorrect release rates have improved for mail.

3.57 Conducting detection activities in accordance with procedural guidance and relevant legislation is necessary to ensure activities: are legally valid; achieve the aims of the guidance and legislation; and support subsequent regulatory action.

3.58 To determine whether detection activities are conducted in accordance with procedural and legislative requirements, the ANAO examined the department’s assurance arrangements over detection activities and whether records indicate it is meeting requirements.

Assurance framework

3.59 To provide assurance over the conduct of detection activities, verification frameworks have been established for audits of approved arrangements, assessment of biosecurity documentation, and inspection of goods, mail, travellers and conveyances.115 These are designed to provide evidence that staff follow procedural and legislative requirements.

3.60 The department’s assurance over the conduct of detection activities is reduced by a failure to undertake all verifications required by the frameworks. Table 3.4 provides further information about the requirements of each framework, whether records indicate all required verifications were completed, and the results of verifications.

Table 3.4: Verification framework requirements and results

Framework

Requirements

Required verifications completed?

Results

Audits

Requires an annual verification schedule.

Each auditor must be verified at least once per year, and within six months of attaining a competency.a

Records indicate 60% of scheduled verifications were not completed in 2019–20.b

In 2019–20, 35% of verifications recorded a result other than ‘competent’.

Document assessment

Requires a specified sample of random verifications and a target number of monthly verifications by supervisors.c

Records indicate 24 of 60 monthly targets for supervisory verifications were not met in 2019–20.d

All intended random verifications were completed.

In 2019–20, 6% of random verifications recorded that the activity was not conducted in accordance with requirements.

Inspections

Each official undertaking inspection activities must be verified at least once every three months.e

Where ‘gaps’ are identified, re-verification is required within 3 days.

Records are not maintained of whether all required verifications have been undertaken.

On average, 712 officials were verified each quarter in 2019–20, compared to a reported total of 800 officials at 30 December 2019.

138 re-verifications were recorded in 2019–20, compared to 528 verifications which recorded gaps (which require re-verification under the framework).

In 2019–20, 14% of verifications recorded ‘gaps’ in the verified activity.

     

Legend:  Completed; Partially completed; Not completed

Note a: The framework specifies that this may be within 6 months ‘or as soon as operationally possible thereafter’.

Note b: Verifications were cancelled from April 2020 to September 2020 due to COVID-19.

Note c: There is also a schedule of targeted verifications for document assessment, to address areas of concern, changes to requirements and areas not examined through other forms of verification.

Note d: Supervisory verification targets not met mainly related to two types of non-commercial cargo document assessment, with 19 of 24 targets not met. Of the other targets (relating to commercial cargo, pig meat, and treatments applied to goods), five of 36 monthly targets were not met.

Note e: The framework notes that the preferred approach is for verifications to be conducted as many times as practicable across each quarter, across the different inspection types undertaken.

Source: ANAO based on Department of Agriculture, Water and the Environment documentation.

Identified issues

3.61 Departmental records indicate there are areas in which detection activities are not being conducted in accordance with procedural or legislative requirements. These areas include random inspections, record keeping and evidence collection, and the release of biosecurity risk material.

Random inspections

3.62 Records indicate that random inspections of cargo, air travellers, and mail have not all been conducted in accordance with procedures. Random inspections are intended to provide information on undetected non-compliance and the effectiveness of detection activities (see paragraph 3.80). However, the below issues limit their ability to provide accurate information.

  • Scheduled random cargo inspections were not conducted in prior years. In 2018–19, only 42 per cent were conducted. Draft reporting indicates that targets for cargo inspections were met in 2019–20 for the first time since 2015–16. The department has also identified that non-compliances identified by random inspection are not being properly recorded in the relevant system.
  • A 2015 CEBRA review of mail and traveller random inspections found that: ‘…sample selections are biased’ and ‘…data are sometimes fabricated or censored’. The department was unable to provide evidence that recommendations to address this have been completed.
Record keeping

3.63 The department has identified a range of issues with detection activity records not meeting procedural requirements (see paragraph 2.8).

3.64 Automated data reviews in 2019–20116 indicate that 1.5 per cent of air traveller records had probable errors, which is relatively consistent with past years.117 The proportion of mail records identified as having probable errors improved from 4.6 per cent in 2015–16 to 1.9 per cent in 2019–20.

3.65 These numbers are likely to be underestimated, as the reviews only identify records outside expected ranges.118 As noted in paragraph 2.9, the department has not quantified the extent of record keeping problems for other pathways, despite known issues.

3.66 The department’s ability to respond to detected non-compliance has been impacted by record keeping and evidence collection issues (paragraphs 4.47 and 4.49–4.50). For example:

  • records of traveller non-compliance were unable to support regulatory action as they were incomplete, insufficient, inconsistent or not timely119; and
  • action was not taken against approved arrangement holders with systemic non-compliance as collected evidence did not relate to the conditions of the arrangement.

3.67 Departmental documents indicate that it has commenced work to improve record keeping and evidence collection when non-compliance is detected, to avoid these issues in future. Reporting indicates this has improved the quality of traveller non-compliance records.

Incorrectly released biosecurity risk material

3.68 Random inspections of air travellers and mail after they have been inspected or have declared risk material provides an estimate of the amount of biosecurity risk material incorrectly released by staff. This indicates whether detection activities are being conducted in accordance with procedural requirements.

3.69 While issues with the conduct and records of random inspections impact the accuracy of these estimates (paragraph 3.62), departmental estimates indicate that 16.7 per cent of inspected air travellers carrying risk material were incorrectly released between July 2015 and March 2020.120 This proportion has not improved over time.121 The estimated number of compliant travellers (travellers who correctly declared their risk material) subsequently released with risk material increased from 34,335 in 2015–16 to 88,146 in the first nine months of 2019–20.122

3.70 For mail, reporting indicates the estimated number of inspected items incorrectly released with risk material has improved. Departmental records and estimates indicate that 5.6 per cent of inspected mail with risk material was incorrectly released in 2015–16. This was reported to have improved to 0.6 per cent in 2019–20.

3.71 The department does not have arrangements to estimate the proportion of biosecurity risks incorrectly released for conveyances, cargo or approved arrangements. There would be merit in implementing measures to estimate rates of incorrect release in other pathways.

Are detection activities effective at identifying non-compliance?

The department does not have a framework to determine whether detection activities are effective. Available records indicate that some detection activities may have become more effectively targeted at non-compliance. However, departmental records indicate the amount of undetected biosecurity risk material entering Australia is increasing.

3.72 Effectively identifying non-compliance supports identification and prevention of biosecurity risk material entering Australia, and identification of non-compliant entities for further action. The ANAO examined departmental records to determine whether detection activities are effectively targeted at non-compliant entities, and to determine the level of undetected non-compliance.

Targeting of inspection activities

3.73 Risk-based detection activities that are effectively targeted at non-compliant entities increase the impact of the department’s resources and reduce the burden on compliant entities.

3.74 In 2013, the department and CEBRA developed a methodology to assess how well mail and traveller detection activities were targeted.123 This methodology estimated the proportion of mail or travellers referred for inspection that were non-compliant. The department ceased reporting against these measures in 2017, leaving it with no reporting on the effectiveness of its targeting.

3.75 Records of detection activities for commercial vessels, air travellers, mail, commercial cargo and approved arrangements indicate that the proportion of inspections that found non-compliance has increased since July 2015 for commercial vessels, mail and commercial cargo (Figure 3.1). This could indicate that detection activities have become more effectively targeted at risk over time, or that non-compliance rates are increasing.

Figure 3.1: Proportion of monthly inspected items recorded as non-complianta

Five scatter graphs that show the proportion of inspected items that were recorded as non-compliant in each of the commercial vessels, air travellers, mail, commercial cargo, and approved arrangements pathways for each month between July 2015 and December 2020. Each graph includes a trend line. The proportion of inspected items recorded as non-compliant in the commercial vessels pathway increased from around 2.5 to 10 per cent between January 2017 and December 2020. The air traveller pathway decreased from around 17.5 per cent to 12.5 per cent between July 2015 and March 2020. The mail pathway increased from around 20 per cent in July 2015 to 50 per cent in December 2020. The commercial cargo pathway increased from around 30 per cent in July 2015 to 40 per cent in December 2020. The approved arrangement pathway remained at around 25 per cent throughout the analysis period. Table notes ‘a’ to ‘d’ provide detail about how the analysis was undertaken.

Note a: Sea travellers were not analysed as required records were unavailable. Non-commercial cargo was not analysed as the relevant system ‘cannot accurately report on intervention and compliance rates’. Aircraft and non-commercial sea-vessels were not analysed, as they are not inspected on a risk basis.

Note b: Non-compliance was defined as vessels that received 10 or more demerit points under the vessel compliance scheme. Data was only available from January 2017, due to a change in systems (Table 3.2).

Note c: Inspections included only physical inspections. Non-compliance was defined as undeclared goods listed as ‘high risk’ by the department. Data was only available until March 2020, as reporting ceased due to a fall in traveller numbers due to COVID-19.

Note d: Inspections included only physical inspections. Non-compliance was defined as detection of goods listed as ‘high risk’ by the department. The ANAO excluded results from May–August 2020 (grey datapoints) from trend analysis due to the department undertaking 100 per cent screening of profiled groups during this period.

Source: ANAO based on Department of Agriculture, Water and the Environment reporting.

3.76 While it has improved, the rate that inspections reported non-compliance for commercial vessels remains low overall. Most inspections (greater than 90 per cent) have not recorded non-compliance. Without a structured risk assessment framework, the department is unable to demonstrate whether this level of intervention is appropriate.

3.77 Departmental estimates indicate the likelihood of non-compliance of travellers more than doubled from 1.2 to 2.6 per cent from 2015–16 to 2019–20. However, the rate that inspections recorded non-compliance decreased from 15.4 per cent to 12 per cent during this period. This indicates the department may have become less effective at targeting non-compliant travellers.

3.78 The proportion of physical inspections of mail that recorded non-compliance increased from 14 per cent in 2015–16 to 45 per cent in 2019–20. This indicates that mail screening processes (x-ray, detector dog, manual decision-making; paragraph 3.24) have become more effective at identifying non-compliance for physical inspection. The proportion of mail selected for screening (using profiles; paragraph 3.22) that were recorded as non-compliant remains low, with 0.32 per cent of screened mail identified as non-compliant in 2019–20.

Undetected biosecurity risks entering Australia

3.79 Non-compliance detection activities help identify potential biosecurity risks in incoming items and entities. This assists in preventing the entry of plant and animal pests and diseases into Australia.

Departmental monitoring

3.80 The department estimates the total amount of undetected biosecurity risk material entering Australia through air travellers and non-letter class mail124 using random sampling, based on methods developed by CEBRA.125 It also monitors the proportion of undetected biosecurity risks in commercial full-container-load (FCL) sea cargo126 and, as at February 2021, non-commercial air cargo handled by some express air carriers.127

3.81 The department does not currently monitor undetected biosecurity risks for other pathways or cargo types, despite commencing a project to monitor commercial air cargo in 2015 and committing to expand its cargo monitoring in response to an Interim Inspector-General of Biosecurity recommendation in 2016.128 This prevents a full understanding of its effectiveness in detecting biosecurity risks entering Australia.

Undetected biosecurity risks

3.82 The Biosecurity Act 2015 states that the appropriate level of protection against biosecurity risks for Australia is one aimed at reducing biosecurity risks to ‘very low, but not zero’.129 This is used in determining what goods can be imported and any conditions on their import. However, the department has not used it to determine a tolerance for undetected biosecurity risks or defined it in relation to non-compliance.

3.83 While no overall tolerance has been established for undetected biosecurity risks, the department’s 2019–20 performance framework stated that its target is to decrease the proportion of undetected non-compliance for air travellers and mail.130 No targets have been established for other pathways.

3.84 The ANAO examined the estimated number of undetected biosecurity risks entering Australia each month through air travellers, non-letter class mail, and commercial sea cargo (Figure 3.2). While issues with data quality and the conduct of sampling (paragraphs 2.8 and 3.62) reduce the accuracy of these estimates, they indicate the number of undetected biosecurity risks entering Australia has increased.

Figure 3.2: Number of monthly estimated undetected biosecurity risks by pathway

Three scatter graphs that show the estimated number of risks that went undetected in the commercial sea cargo, air traveller, and mail (non-letter class) pathways each month from July 2015 to December 2020. Each graph includes a trend line. The estimated number of undetected risks in commercial sea cargo increased from around 2000 in July 2015 to 20,000 in December 2020. The estimated number of undetected risks for air travellers increased from around 10,000 in July 2015 to 40,000 in February 2020. The estimated number of undetected risks for non-letter mail remained relatively consistent at around 20,000, with the trend line showing a slight increase between July 2015 and December 2020. Table notes ‘a’ to ‘c’ provide detail about how the analysis was undertaken.

Note a: The number of commercial cargo consignments was estimated by multiplying the proportion of non-compliance identified in the department’s random sampling of FCL sea cargo by the total number of uninspected commercial cargo consignments. This number of uninspected commercial consignments also includes bulk, break-bulk, and less-than-container-load cargo (14.5 per cent of commercial sea cargo referred to the department). The department was only able to provide total commercial cargo numbers, and not separate numbers for different commercial sea cargo types. From February 2019, records of random sampling included additional types of non-compliances that were not previously reported, increasing non-compliance rates.

Note b: Undetected biosecurity risks were defined as travellers carrying undeclared goods listed as ‘high risk’ by the department. Travellers estimates ceased after March 2020 due to a decrease in traveller volumes resulting from COVID-19. The ANAO excluded results from March 2020 (grey datapoint) from analysis due to decreased traveller volumes resulting from COVID-19.

Note c: Undetected biosecurity risks for mail were defined as mail containing goods listed as ‘high risk’ by the department. The ANAO excluded results from May–August 2020 (grey datapoints) from analysis due to the department undertaking 100 per cent screening of profiled groups during this period.

Source: ANAO based on Department of Agriculture, Water and the Environment reporting.

3.85 The proportion of undetected risks in commercial sea cargo appear to have increased. Reporting indicates that the proportion of uninspected FCL sea cargo consignments that were non-compliant increased from 1.8 to 9.6 per cent between 2015–16 and 2019–20.

3.86 The estimated proportion of travellers entering Australia with biosecurity risk material that were not detected increased from 84 per cent in 2015–16 to 95 per cent in 2019–20. The total estimated number of undetected biosecurity risks entering Australia more than doubled from 18,800 in 2015–16 to 38,200 in the first nine months of 2019–20. This indicates that detection activities for air travellers have become less effective in terms of both proportion and volume of undetected biosecurity risks.

3.87 The estimated proportion of all risk material detected by the department for non-letter class mail has improved from 13 per cent in 2015–16 to 20 per cent in 2019–20. However, increasing mail volumes and amounts of risk material being sent meant that this was not enough to prevent an increase in the estimated overall volume of biosecurity risks entering Australia.

4. Actions taken in response to non-compliance

Areas examined

This chapter examines whether the Department of Agriculture, Water and the Environment’s (the department’s) use of regulatory tools in response to non-compliance with biosecurity requirements is effective.

Conclusion

The use of regulatory tools in response to non-compliance is partially effective. The department does not effectively use the full suite of regulatory tools available and is not able to clearly demonstrate that the use of these tools supports the management of biosecurity risk.

Areas for improvement

The ANAO made two recommendations aimed at implementing a framework to support the effective use of the full suite of regulatory tools available under the Act, and establishing arrangements to review and update the processes that will be implemented in response to audit recommendations.

The ANAO also suggested that the department ensure staff are supported and trained to appropriately issue infringement notices so that less resource intensive quality assurance processes are required; and that it continue to emphasise the importance of robust record keeping, including ongoing and regular conduct of quality assurance activities, to ensure appropriate records are maintained in relation to the conduct of investigations.

4.1 As outlined in Table 1.1, the department responds to non-compliance with biosecurity requirements across multiple pathways through which pests and diseases may enter Australia. This includes cargo, travellers, mail, conveyances and approved arrangements.

4.2 The Biosecurity Act 2015 (the Act) provided an expanded range of regulatory tools for responding to non-compliance. Effective use of these tools is necessary to deter non-compliant behaviour and maintain Australia’s biosecurity status.

4.3 The regulatory tools available to respond to non-compliance131 include monitoring and investigation powers, engagement and education (letters of warning and advice), administrative actions (varying, suspending or revoking permissions and approvals)132, civil sanctions (infringement notices, civil penalty proceedings, enforceable undertakings, and injunctions), and criminal sanctions via referral to the Commonwealth Director of Public Prosecutions133 (CDPP).

4.4 To assess whether the department’s use of regulatory tools in response to non-compliance with biosecurity requirements is effective, the ANAO examined whether:

  • appropriate systems and procedures are in place to support the use of regulatory tools;
  • actions taken in response to non-compliance are timely and proportionate to risk;
  • the use of regulatory tools is consistent with legislative and procedural requirements;
  • actions in response to non-compliance are effective at managing biosecurity risks; and
  • the use of regulatory tools has been evaluated.

Are appropriate procedures and systems in place to support the use of regulatory tools?

Procedures and systems partially support the use of regulatory tools. There are not procedures and systems for all available regulatory tools.

4.5 Establishing appropriate procedures and systems helps ensure regulatory tools: are able to be used as intended; achieve desired outcomes; and are used in a legally sound and defensible manner. This includes implementing policies, procedures and supporting documentation, establishing appropriate information systems, ensuring staff are appropriately trained and qualified, and ensuring regulatory powers have been legally delegated to officials.

Policies, procedures and supporting documentation

4.6 Where policies, procedures and supporting documentation have been developed, they are largely clear in defining roles and responsibilities, and provide largely sufficient guidance to support staff in the use of regulatory tools under the Act.

4.7 However, the department has not established policies, procedures and supporting documentation to support the use of all of the regulatory tools available (Table 4.1). Finalised documentation relates primarily to the use of infringement notices with air travellers and the conduct of investigations. This limits the ability to effectively apply other regulatory tools.

Table 4.1: Policies, procedures and supporting documentation for regulatory tools

Category

Tools available

ANAO assessment of the implementation of policies, procedures and supporting documentation

Engagement and education

Letters of warning and advice

Policies, procedures and supporting documentation for the use of letters of advice and warnings as part of investigations have been implemented.

A policy is in place for written notices for air travellers, but there are no procedures or supporting documentation.

There are no policies, procedures or supporting documentation for other pathways.

Administrative actions

Varying, suspending and revoking approved arrangements

Policy finalised, but procedures or supporting documentation have not been developed or finalised.

Varying, suspending and revoking import permits

While there are procedures covering the administrative actions required to be taken to vary, suspend and revoke import permits, there are no policies, procedures or supporting documentation for how or when these administrative actions should be used to manage non-compliance.

Civil sanctions

Infringement notices

Finalised for use with non-compliant travellers in airports.

There are no policies and procedures for other pathways, although some supporting documentation has been developed.a

Civil penalty proceedings

A policy for using civil penalties in response to unpaid airport infringement notices and a civil sanctions response guide have been finalised. Some supporting documentation has been developed, including a template for a brief to the decision-maker, process map, and checklist for when civil sanctions may be applicable.

Enforceable undertakings

Policy finalised in March 2021. No procedures or supporting documentation have been finalised.

Injunctions

Policy finalised in March 2021. No procedures have been finalised, however a template for briefing the decision-maker has been developed.

Criminal sanctions

Criminal prosecutions via referral to the Commonwealth Director of Public Prosecutions (CDPP)

The department was unable to provide evidence of policies, procedures and supporting documentation for the use of criminal sanctions.

Investigations

Investigations can be used to support the use of all regulatory tools under the Act.

Policies, procedures and supporting documentation to support the conduct of investigations have been implemented.

    

Legend:  Fully implemented; Partially implemented; Not implemented

Note a: Completed supporting documentation includes matrices for determining what evidence is required to support an infringement notice under different provisions of the Act.

Source: ANAO based on Department of Agriculture, Water and the Environment documents.

4.8 Similar gaps in policies, procedures and supporting documentation for the use of regulatory tools have been identified by the Inspector-General of Biosecurity. The Inspector-General has made a number of recommendations, including:

  • in August 2019 — to develop more effective policies, processes and instructional material to manage critical non-compliance at an approved arrangement, including clarifying processes for suspension or revocation of its approval, contingency response plans for such eventualities, and timely sanctions for less serious non-compliance134; and
  • in July 2020 — to develop an operational policy framework to issue infringement notices and civil penalties for non-compliance relating to imported goods.135

4.9 As at March 2021, implementation of these recommendations has not been completed.

Information systems

4.10 The department utilises a range of information systems to support the use of regulatory tools.

4.11 Many of the systems used to support the use of regulatory tools are the same as those used in detection activities. As noted in paragraph 3.50, multiple reviews and documents have identified shortcomings in these systems, which also extend to their ability to support the use of regulatory tools. For example, the business case for the Biosecurity Integrated Information System (BIIS; paragraphs 2.64–2.65) noted that current systems do not ‘reliably document decisions and regulatory roles exercised by officers’.

4.12 The management of approved arrangements currently uses a number of systems that do not integrate. This prevents a clear view of all details of an approved arrangement, including past legislative and administrative decisions, limiting staff’s ability to understand the behaviour of non-compliant entities. This was intended to be addressed by the BIIS program through the development of an end-to-end workflow system by October 2019.136 As at March 2021 these enhancements are not yet complete.

4.13 The department has identified that staff are not appropriately trained and supported to effectively use its investigation management system. A 2019 survey found that it is ‘not an understood system and only a small part of its functionality is used’, and that ‘the lack of formal training falls short of the requirements set out in the [Australian Government Investigations Standards]’.137 The survey report recommended the development of instructional material and training. Instructional material has been completed, while training modules remain in development.

4.14 In addition, appropriate systems have not yet been implemented for some key activities. For example, the department uses intranet sites138 to record and triage identified non-compliance, manage corrective action requests for approved arrangements, and to manage infringement notices issued to travellers. These sites do not integrate with other systems, require manual re-entry of data stored elsewhere (this has resulted in some information not being entered in the site that records identified non-compliance), and do not have appropriate controls to ensure data accuracy.

Training and qualifications for the use of regulatory tools

4.15 The department has established and documented training and qualification requirements to support staff to effectively use regulatory tools under the Act.

Qualifications

4.16 The department has determined that all staff involved in undertaking investigation and enforcement activities in response to non-compliance are required to meet the qualification requirements established in the Australian Government Investigations Standards.139 It also requires additional qualifications for other roles, including a Certificate IV or Diploma of Intelligence for staff who use intelligence to support investigation activities.

4.17 Departmental documentation indicates that all investigators hold required qualifications or appropriate equivalents. However, only one of six officers involved in using intelligence to support investigation activities could provide evidence of an intelligence-related qualification.

Training

4.18 Biosecurity and biosecurity enforcement officers are required under the Act to complete two training modules (or their equivalent). Identified issues with records of completion of this training are discussed in paragraph 3.53.

4.19 As actions taken in response to non-compliance for travellers are typically delivered on the spot by operational staff outside of the central investigation and enforcement area of the department, the department has established specific training for these activities. This includes training for issuing infringement notices and managing non-compliance.

4.20 The department also delivered a series of training sessions in 2019 and 2020 to support the introduction of new visa cancellation grounds for contravention of the Act (paragraph 4.37). It included example scenarios and guidance to support staff in referring non-compliant travellers who met specified criteria to the Department of Home Affairs (Home Affairs) for visa cancellation.140

Delegations

4.21 Under the Biosecurity Act 2015 and Regulatory Powers (Standard Provisions) Act 2014141, some powers given to the Minister or the Director of Biosecurity to manage biosecurity non-compliance can be delegated to other officials. Establishing effective arrangements to manage delegations helps ensure officials do not exercise powers they have not been delegated.

4.22 From the introduction of the Biosecurity Act 2015 until February 2020, internal records indicate the department did not effectively manage delegations for biosecurity officers and biosecurity enforcement officers. This resulted in powers being exercised without the correct delegation, with records indicating 12 per cent of infringement notices were issued by staff without the correct delegation. Key issues included that:

  • delegations under the Biosecurity Act 2015 were assigned to departmental positions142, while delegations under the Regulatory Powers (Standard Provisions) Act 2014 were assigned to individual officers143 — this often resulted in staff in an acting role or who had moved between positions not possessing the correct delegations for their role; and
  • the system used to record delegations was subject to a time lag, resulting in staff being presented with out-of-date information.

4.23 Following a 2019 review that found the delegations system did not adequately manage the risk of powers being exercised without a valid delegation, a new delegations framework was implemented in February 2020. This framework aligned delegations under the Biosecurity Act 2015 with individual officers rather than positions and removed the need for a specialised system.

Are actions taken in response to non-compliance timely and proportionate to risk?

The timeliness and proportionality of actions taken in response to non-compliance is variable. The department does not utilise the full range of regulatory tools available, limiting its ability to tailor its actions to risk.

4.24 Responses to identified non-compliance should be timely to deter future non-compliance and proportionate to risk to ensure resources are expended on the highest risks and act as a sufficient deterrent. This can be facilitated by establishing an appropriate process to triage and prioritise actions and applying different regulatory tools based on the nature of the non-compliance.

4.25 The department’s biosecurity compliance statement states that its compliance posture is dependent on entity behaviour. This ranges from supporting clients who voluntarily comply, to using the full force of the law to deal with deliberate non-compliance.144

Triage and prioritisation

4.26 Documented processes to prioritise and establish when regulatory tools should be used support a response to non-compliance that is consistent, timely and proportionate to risk.

4.27 The department has established a process to assess each reported non-compliance and allocate it to an appropriate area for further action. Each reported non-compliance is assigned a priority, which determines how quickly it will be processed. It is also assigned a ‘harm’ score, but procedural guidance does not specify how this should inform the regulatory response. The department has identified scope for further improvement in this triage process, commencing work on a triage and escalation framework in 2020.

4.28 Where non-compliance is referred for further investigation, there is an additional process for its assessment and prioritisation. This process identifies and categorises the level of risk, determines whether further investigation is required, assigns a priority rating, and determines what response may be appropriate.

Use of the range of available regulatory tools

4.29 There are a range of regulatory tools available under the Act to respond to non-compliance. These tools were intended to provide options to ensure that penalties are in proportion to the offence.145 However, the department has not used all available tools (Table 4.2), limiting its ability to tailor its responses to the level of risk.

Table 4.2: Use of available regulatory tools in relation to non-compliance

Category

Tool

Departmental use of tool

Engagement and education

Letters of warning and advice, and notices (for air travellers)

Letters of warning and advice, and notices (for air travellers) are issued to inform and educate or encourage compliant behaviour. They are used as part of investigations across all pathways, and operationally for travellers, mail and conveyances.

Administrative actions

Varying, suspending and revoking approved arrangements

The department has recorded suspending 12 and revoking 14 approved arrangements due to non-compliance from the commencement of the Act to February 2021.a

Varying, suspending and revoking import permits

From July 2018 to March 2021, the department has recorded suspending 470 import permits (associated with 23 separate actions) and revoking 161 permits (26 actions).b

Civil sanctions

Infringement notices

From the commencement of the Act to February 2021, 20,689 infringement notices have been recorded for air travellers. None have been issued in other pathways.

Civil penalty proceedings

Not used.

The department began identifying potential cases relating to unpaid infringement notices in 2019. Of 93 unpaid notices as at August 2020, 4 were provided to the general counsel to determine whether to commence legal proceedings.

The remaining cases were not progressed as they were assessed as low risk, or there was limited evidence of intentional non-compliance.c Incorrect or incomplete evidence or delegations also prevented cases proceeding (paragraph 4.50).

Enforceable undertakings

Not used.

Injunctions

Not used.

Criminal sanctions

Criminal prosecutions via referral to the Commonwealth Director of Public Prosecutions (CDPP)

As at March 2021, the department has recorded submitting 49 cases to the CDPP for criminal prosecution (40 cases have been finalised; see paragraph 4.68).

    

Legend:  Used; Used in some pathways; Not used

Note a: The department’s policy for approved arrangements allows for an approved arrangement holder to request a suspension or revocation of an approved arrangement. These have not been considered as part of this audit as they do not typically apply to instances of non-compliance.

Note b: Not all permit suspensions and revocations are associated with non-compliance.

Note c: Biosecurity officers must demonstrate (that the officer formed the belief on reasonable grounds) that a traveller knowingly provided false or misleading information when an infringement notice is issued for alleged contravention of subsection 532(1) or subsection 533(1) of the Biosecurity Act 2015.

Source: ANAO based on Department of Agriculture, Water and the Environment documents.

Funding to expand the use of regulatory tools

4.30 The department received $28 million over four years from 2018–19 to invest in targeted assurance, verification and enforcement activities. Amongst other things, major deliverables of the funding included expanding the use of infringement notices, and exploring the use of civil penalty proceedings, enforceable undertakings and injunctions. The department was unable to confirm how much funding was allocated to these specific deliverables.

4.31 The department provided regular reporting on its progress to the Minister for Agriculture and Water Resources between January 2018 and March 2019. In the first update to the Minister, the department stated it had commenced development of an enterprise wide policy to govern the use of civil penalties, enforceable undertakings and injunctions. No further progress was noted in the reporting. This policy was finalised in March 2021.

4.32 In October 2018, the department advised the Minister that infringement notices had been made operational in the cargo environment and would be expanded into the mail environment. As at January 2021, no infringement notices have been issued for cargo and mail.

Actions in air traveller and approved arrangement pathways

4.33 While most regulatory responses are determined by a central non-compliance and enforcement area, the traveller and approved arrangement pathways have separate arrangements. The ANAO examined the timeliness and proportionality of actions in those pathways.

Air travellers

4.34 The department has established an infringement notice scheme for air travellers, where biosecurity officers may issue infringement notices on the spot.

4.35 Actions taken in response to non-compliance by travellers are mostly timely, as infringement notices are required to be paid prior to leaving the airport, unless an extension is granted. Approximately eight per cent of infringement notices are not paid prior to leaving the airport.146 Paragraph 4.50 provides more information on the department’s approach to managing unpaid infringement notices.

4.36 The proportionality of actions in response to traveller non-compliance has been supported by an amendment to the Act that allows for different penalty amounts to be specified in infringement notices for goods that pose a high level of risk.147 Prior to 1 January 2021, all infringement notices were set at two penalty units (the equivalent of $444), but may now be up to 12 penalty units ($2664).148 In January and February 2021, the department reported 11 infringement notices using the increased penalty unit provision.

4.37 In addition, the department has begun referring air travellers to Home Affairs for visa cancellation from October 2019, as noted in paragraph 4.20. The department intends to use this option in response to serious non-compliance, supporting its ability to take actions in proportion to risk. As at March 2021, 33 travellers have been referred, with 14 visas cancelled.

Approved arrangements

4.38 The primary tool for managing biosecurity risks associated with non-compliance at approved arrangements is the corrective action request (CAR).149 CARs are issued to approved arrangement holders to notify them of non-compliance and provide them with a timeframe for rectification. CARs may be classified as minor, major, critical or non-rated.

4.39 The ANAO examined the timeliness of 39 critical CARs. Under the policy, a critical CAR should be closed within seven days (or 21 days total when the CAR is reissued twice — the maximum allowed under the policy). While the department’s register of CARs is not complete and accurate150, available records indicate that the CARs were not finalised in a timely manner. For example:

  • one case was marked as closed after 284 days — the ANAO was unable to identify documentation to verify this case was appropriately closed; and
  • of the 25 cases the ANAO was able to verify were appropriately closed, the longest time taken to close out a request was 69 days, and the average time was 23 days.

4.40 If there is a critical non-compliance, or more than a specified amount of minor or major non-compliances, the arrangement is to be audited at an increased rate (paragraph 3.31).151 Where a critical non-compliance is assessed, the department may request an arrangement holder to show cause152 why the arrangement should not be suspended or revoked. This may also occur where three successive CARs are issued for the same non-compliance.

4.41 As the department does not currently have a system which provides for end-to-end management of approved arrangements, the ANAO was unable to determine the extent to which show cause processes have been pursued. The Inspector-General of Biosecurity has commented on delays in issuing show-cause notices for non-compliance to approved arrangement sites.

Fit and proper person test

4.42 Under the Act, the department must consider whether a person or entity is a fit and proper person when considering whether to approve or vary an arrangement. This requires a specific test under the Act. The department also has the ability to cancel or suspend approved arrangements if satisfied the arrangement holder is no longer a fit and proper person.153

4.43 While fit and proper person tests have been used in response to some instances of non-compliance by existing arrangements, the department informed the ANAO that they are primarily conducted when considering applications for new or varied arrangements. There is no policy for how and when fit and proper person tests should be used in response to non-compliance, limiting the assurance that they are used in a way that is effective and proportionate to risk.

Is the use of regulatory tools consistent with legislative and procedural requirements?

The use of regulatory tools is not fully consistent with legislative and procedural requirements. This has prevented some potential administrative actions and civil sanctions from progressing.

4.44 The department must ensure that its use of regulatory tools is consistent with legislative and procedural requirements. Failure to use regulatory tools in accordance with legislative and procedural requirements may result in legally invalid sanctions and weaken the department’s reputation as a regulator.

4.45 The ANAO examined whether administrative actions, civil sanctions and criminal sanctions under the Act have been issued in accordance with legislative and procedural requirements.

Administrative actions

4.46 Use of administrative actions (such as varying, suspending or revoking approved arrangements and permits) is limited by a lack of compliance with procedural and legislative requirements leading up to a potential administrative action, including when collecting evidence.

4.47 In March 2020, the department reviewed all show cause processes undertaken for approved arrangements since the introduction of the Act. Of the 100 cases, 47 resulted in a notice of intention or notice of decision to suspend or revoke an approved arrangement being issued. Of those 53 cases that did not progress to a notice of intention or decision, the department reported issues with supporting documentation, including lack of evidence and ambiguous conditions. The department has not undertaken any work in response to this review.

Civil sanctions

4.48 As noted in Table 4.2, the only civil sanctions that have been used are infringement notices for air travellers.

4.49 In 2017 and 2018, the department undertook a review of infringement notices issued in airports, identifying a number of infringement notices that were issued incorrectly. Identified issues included notices issued without the correct delegation (see paragraph 4.22) and with insufficient supporting evidence on file. The department identified 917 notices that were unable to be rectified, which represented 14 per cent of infringement notices issued to date.154 This resulted in refunds for 865 paid notices to the value of $322,000.

4.50 These issues have also been identified by the department when attempting to identify unpaid infringement notices for potential civil penalty proceedings (see Table 4.2). Several issues with the notices such as not having demonstrated intentional non-compliance155, incorrect or incomplete evidence and incorrect delegations have been noted as preventing these cases from progressing to litigation.

4.51 The department has commenced a process to manually check each infringement notice for administrative errors, such as incomplete notes or incorrect delegations, and to rectify these errors where possible. The proportion of errors identified following the introduction of the checking process has been reported to have reduced.

4.52 While the number of issued infringement notices has reduced since the Australian border closed in response to the COVID-19 pandemic, the department has identified that this approach to validating each issued infringement notice will not be sustainable as traveller volumes increase in the future. The department could ensure staff are supported and trained to appropriately issue infringement notices so that a less resource intensive quality assurance process is required.

Criminal sanctions

4.53 To determine whether investigations supporting criminal sanctions are conducted in compliance with procedural guidance and the Australian Government Investigations Standards, the department has established an annual audit and verification process.156 Audits were not completed during 2015–16 and 2016–17. The department has since completed the outstanding audits for the 2015–16 and 2016–17 periods, as well as those for 2017–18 and 2018–19.

4.54 The audit and verification process identified ‘minor issues’ relating to compliance with procedural requirements, such as record keeping not consistent with procedures.157 In most instances, records and relevant information could be identified in supplementary documentation or email records.

4.55 Accurate and complete record keeping is necessary to ensure that the department can effectively use its available regulatory tools. The department should continue to reinforce the importance of robust record keeping relating to investigations, and ensure quality assurance activities are regularly conducted.

Are actions taken in response to non-compliance effective at managing biosecurity risks?

The department has not established arrangements to allow a full assessment of whether actions taken in response to non-compliance effectively manage biosecurity risk. Available records indicate that some actions taken in response to non-compliance are not effective.

4.56 Regulatory tools should support the management of biosecurity risks by minimising impacts from non-compliance and preventing future non-compliance.

Education

4.57 The department utilises letters of warning and advice, and notices (for air travellers) as part of its education activities. In 2017, the department reviewed the use of warning letters in the cargo pathway for non-compliance issues assessed as inadvertent or opportunistic.

4.58 Departmental documentation indicates that the review was unable to form a clear picture of the effectiveness of warning letters at changing recipients’ compliance behaviour. This was primarily due to a lack of inspections to determine ongoing compliance after warning letters had been issued.

4.59 The review found two cargo supply chains with a greater proportion of non-compliant than compliant inspection findings after a warning letter was issued. As such, in these two cases the warning letters were found to be not effective at influencing behaviour change.

4.60 The effectiveness of educational tools in other pathways has not been reviewed.

Administrative actions

4.61 As noted in paragraphs 4.39 and 4.46–4.47, issues have been identified with the department’s timeliness and ability to progress administrative actions in response to non-compliance at approved arrangements (including show cause, revocation, and suspension of arrangements). As approved arrangements continue to operate until administrative action is finalised, this limits the department’s ability to manage the risk of non-compliance.

4.62 Similarly, the Inspector-General of Biosecurity noted in 2019 that the processes for applying administrative sanctions appear time consuming and weighted to the management of legal risks to the department rather than biosecurity risks.158

4.63 Issues with departmental systems (paragraph 4.12) prevent a complete analysis of the impact of administrative actions on non-compliance rates in approved arrangements. However, there is evidence of approved arrangements not complying with requirements for extended periods, despite departmental action. Case study 1 examines an approved arrangement where a number of critical and other non-compliance risks were identified over a 20-month period.

Case study 1. Repeated non-compliance at an approved arrangement

In May 2018, the department conducted an audit of a Queensland approved arrangement. The audit made two major corrective action requests (CARs). An August 2018 audit found that while one CAR had been completed, there were two additional potential critical non-compliances. The department did not issue CARs for these, with internal emails noting that the arrangement conditions made it difficult to clearly assess non-compliance.

An unannounced audit in October 2018 found three major CARs and two critical CARs. The arrangement holder contested four, stating that ‘there has been a number of inconsistency [sic] raised by auditors across the country’ and ‘what we are being advised in one state is different to other states’. The department determined that all CARs remained valid, but two were re-categorised as ‘non-rated CARs’, which do not contribute to audit findings. A ‘show cause’ process was commenced.

An audit in December 2018 raised one additional critical CAR and one major CAR. In January 2019, the department began to consider the suspension of the arrangement, but also approved a variation of the arrangement to allow a new type of fumigation. A subsequent audit in January 2019 raised an additional three critical CARs, four major CARs, and two minor CARs.

In March 2019, the department decided not to suspend the arrangement, with departmental documents noting there was ‘insufficient evidence’. Similar issues were identified in progressing action against two other approved arrangements held by the entity. However, an unannounced June 2019 audit found three major and five critical non-compliances, with a second show cause process commencing in July 2019.

Following an unannounced December 2019 audit that found no non-compliance, the department determined not to take further action, noting that the approved arrangement holder had completed several administrative and operational changes and it was ‘open to consider that [the arrangement holder has] reached a compliant status’. The arrangement was moved to a ‘low’ audit rate after an announced audit in February 2020 that issued a minor CAR.

4.64 In respect of administrative actions taken to vary, suspend or revoke import permits, there is limited evidence regarding their effectiveness. Without policies or procedures to establish how these actions should be used in response to non-compliance (Table 4.1), there is limited assurance they are being used in a way that effectively manages biosecurity risk.

Civil sanctions

4.65 The number of infringement notices reported as issued to air travellers has increased each year since the introduction of the Act (Figure 4.1). In July 2020, the department stated that it was on track to issue more than double the number of infringement notices in 2019–20 compared to 2018–19, prior to the introduction of travel restrictions in response to COVID-19.159

Figure 4.1: Number of infringement notices issued in airports

A bar chart that shows the number of infringement notices recorded in airports per financial year from 2015–16 to 2019–20. The number of notices issued increases over time, with the smallest number of notices (less than 100) issued in 2015–16 after the commencement of the Biosecurity Act 2015, and the highest number of notices (around 8000) issued in 2019–20.

Note a: The Biosecurity Act 2015 commenced on 16 June 2016.

Source: ANAO based on Department of Agriculture, Water and the Environment documents.

4.66 The department was not able to provide any evidence that demonstrates the impact of infringement notices on overall traveller compliance rates. This is despite the department having noted that traveller behaviour is shifting from inadvertent to deliberate non-compliance. Departmental estimates also indicate that overall non-compliance rates for air travellers have about doubled from 1.2 to 2.6 per cent from 2015–16 to 2019–20.160

4.67 As the department has not utilised enforceable undertakings, injunctions and civil penalty proceedings, or infringement notices outside of the traveller pathway (Table 4.2), their use has not had an impact on the management of biosecurity risk.

Criminal sanctions

4.68 Since the introduction of the Act, 40 cases referred for prosecution by the department have been finalised. Of those cases, 12 have been withdrawn161, with the remaining 28 reaching a guilty outcome. This indicates that the department is acting consistently with the Prosecution Policy of the Commonwealth, which states that ‘a prosecution should not proceed if there is no reasonable prospect of a conviction being secured’.162

4.69 Departmental records indicate that it is not always effective at using criminal sanctions to manage non-compliance. Case study 2 examines an individual who has been prosecuted multiple times and continues to not comply with biosecurity requirements.

Case study 2. Unsuccessful prosecutions in response to repeat non-compliance

One individual described as a ‘persistent recidivist offender’ has been the subject of multiple criminal cases for importing plants, seeds and other goods that were prohibited except under certain conditions. However, the individual continues to offend ‘… irrespective of having been charged and convicted multiple times of illegal importation’.

The individual was convicted in 2008 under the Quarantine Act 1908 in response to non-compliance. In 2015, 20 packages containing prohibited goods were seized, but only one charge was laid ‘due to issues with handling of evidence’. Four additional charges were added in 2016, with the individual being convicted of five counts of illegal importation and fined $4000.

The department submitted an additional seven briefs to the CDPP against the individual in 2019 and 2020. Six briefs were commenced between June 2018 and June 2019 but were submitted on the same date in November 2019. A seventh brief commenced in January 2020 and was submitted in March 2020. Records indicate the individual has continued to contravene biosecurity requirements during this period — 12 instances of non-compliance are recorded in the department’s systems for this individual between October 2018 and June 2020.

The department withdrew all seven cases against the individual in February 2021, due to issues identified with the original determination that the goods could not be imported, including that it was made without having regard to a risk assessment as required by the Act.a With these prosecutions withdrawn, there is an opportunity for the individual to continue importing goods that pose a threat to Australia’s biosecurity.

Note a: Biosecurity Act 2015, subsection 174(4); An amendment to the Act to address this issue was introduced and passed in March 2021.

Has the use of regulatory tools been evaluated?

The department has not completed intended evaluation of the benefits of new regulatory tools under the Biosecurity Act 2015. The department reviewed the enforceability of its use of regulatory tools in 2019, finding that the effectiveness of its regulatory systems was significantly impeded. Key issues from the review have not yet been fully addressed.

4.70 Evaluation is a critical element in establishing accountability for program performance and ensuring ongoing improvement. The ANAO examined the department’s arrangements to monitor and evaluate its use of new regulatory tools under the Act, and the enforceability of its use of regulatory tools.

Use of new regulatory tools under the Act

4.71 As outlined in paragraph 2.62, the department developed a benefit measures framework to outline the intended benefits to be achieved by the implementation of the Act and support evaluation of the effectiveness of the legislation and its implementation.

4.72 The framework included benefit measures relating to the effectiveness of new regulatory tools in supporting the department to deal with biosecurity risks. While these measures were reported against in April 2018, subsequent reporting was not completed. Table 4.3 provides a summary of the measures, their 2018 reported results, and final status.

Table 4.3: Benefit measures relating to the effectiveness of regulatory tools

Benefit

Measure

April 2018 reporting

Final status

Application of compliance and enforcement tools across biosecurity import pathways.

Number of enforcement actions undertaken annually by type per pathway.

Noted that compliance and enforcement tools had not yet been implemented across all pathways, and so did not report on that benefit measure.

No further reporting, despite documents noting that the benefit had not been realised and would require further reporting.

Staff confidence to apply the legislation.

Percentage of staff responding positively to survey questions regarding their confidence and ability to undertake biosecurity roles.

Closed the measure, with 2017 survey results indicating the proportion of staff confident in performing their duties under the Act had increased to 93 per cent, achieving the target.

Measure closed.

Access to merits review under the Biosecurity Act 2015.

Number and outcome of applications for merits reviewa of decisions.

Reported that a total of 17 merits review applications had been received in August 2017 and five had been set aside or varied.

No further reporting, despite documents noting that the benefit had not been realised and would require further reporting.

    

Note a: A merits review is a process where a new decision-maker undertakes a review of a decision on its merits and make a new decision affirming, varying or setting aside the original decision.

Source: ANAO summary of departmental documentation.

4.73 While the implementation of regulatory tools under the Act was intended to reduce the costs and regulatory burden on government and entities, the framework did not include any measures to assess this. This is despite the department agreeing to a recommendation in Auditor-General Report No.34 2016–17 Implementation of the Biosecurity Legislative Framework to ensure the framework was effective in assessing the value of the reduction in costs and regulatory burden.163

4.74 In 2017, the department commissioned a review that forecast the implementation of the Act to reduce annual compliance costs by $5.5 million — 20 per cent lower than originally estimated.164

4.75 No other evaluation of the implementation of regulatory tools under the Act has been conducted. As the department has not conducted any other evaluation, or completed all intended reporting of benefits, it is unable to demonstrate that the implementation of new regulatory tools under the Act has been effective in achieving its intended benefits.

Enforceability of regulatory tools

4.76 The department established a taskforce in July 2019 to deliver a capability to utilise the full suite of administrative actions and civil law sanctions available to it. As part of this work, the taskforce reviewed the department’s current use of regulatory tools, focusing on enforceability.

4.77 A report from the review was produced in November 2019. It found that ‘enforceability impediments have prevented the use of desired regulatory responses, including being unable to effectively manage known biosecurity risks, take administrative action or achieve successful criminal prosecutions’. The report made eight recommendations.

4.78 An update was provided to the department’s executive board in September 2020.165 It included a condensed set of five recommendations made by the taskforce. These were to: develop a departmental policy to support the utilisation of civil sanctions; establish a governance structure with clear roles and responsibilities; develop material to guide the use of civil sanctions; develop an implementation strategy, including education for staff, external messaging and industry engagement; and establish a capability to build future regulatory system enforceability assurance.

4.79 As at March 2021, these recommendations have not been fully implemented. Full implementation of these recommendations, as well as addressing the gaps identified throughout this chapter, is necessary to ensure the department is able to effectively manage biosecurity non-compliance using the full suite of regulatory tools available under the Act.

Recommendation no.7

4.80 The Department of Agriculture, Water and the Environment implement a framework to support the effective use of the full suite of available regulatory tools by 1 July 2022, including:

  • policies, procedures and supporting documentation for all available regulatory tools;
  • arrangements to ensure regulatory tools are used in a way that is enforceable and consistent with procedural and legislative requirements; and
  • arrangements to evaluate, monitor and report on whether the use of regulatory tools is effectively and efficiently managing biosecurity risk (this should align with the performance measurement framework outlined in Recommendation no.5).

Department of Agriculture, Water and the Environment response: Agreed, with request to extend timeframe implementation to 30 June 2023 for point 3.

Recommendation no.8

4.81 The Department of Agriculture, Water and the Environment put in place governance arrangements, by 1 July 2022, to ensure that once agreed audit recommendations are implemented, the processes that have been implemented are reviewed and updated at agreed intervals, to ensure they remain fit-for-purpose over time.

Department of Agriculture, Water and the Environment response: Agreed.

Appendices

Appendix 1 Department of Agriculture, Water and the Environment response

The first page of the response from the Department of Agriculture, Water and the Environment. You can find a summary of the response in the summary and recommendations chapter of this report.

The second page of the response from the Department of Agriculture, Water and the Environment. You can find a summary of the response in the summary and recommendations chapter of this report.

Appendix 2 Risk framework reviews and activities

Table A.1: Identification of and attempts to address the lack of a system-wide biosecurity risk framework

Year

Initiative

Outcome

2008

Independent review of Australia’s quarantine and biosecurity arrangements

Recommended the adoption of a risk-based approach to biosecurity regulation, where the balance and level of biosecurity resources is determined by a ‘consistent analysis of risks and returns across programs’.a

In response, the Australian Government provided $20 million to progress the reform of the biosecurity system, including the development of a risk-based approach to biosecurity operations.b

2009

Australian Centre of Excellence for Risk Analysis project

Proposed an integrated risk framework and analytical strategy to identify high risk import pathways and to prescribe monitoring regimes based on the estimated risk.c

2010

Risk-return resource allocation model

Developed a model that would estimate the level of biosecurity risk presented by different biosecurity pathways, as well as the cost and effectiveness of the department’s regulation in reducing biosecurity risk in those pathways.

The model was launched in 2017. It has been used for individual issues but not to inform an approach to assessing and managing risk across the entire biosecurity system.

2012

Update on biosecurity reform progress

As part of an update on its progress towards biosecurity reform, the department committed to the development and implementation of a risk-based approach to its biosecurity operations as a central component of the biosecurity system reform program.d

2015

Departmental taskforce to reassess the status of biosecurity reform program

Found that there were multiple individual processes relating to risk-return but that these were not coordinated effectively, restricting the department’s ability to make evidence-based decisions about targeting resources to risk. Recommended the development of an integrated biosecurity risk operating model and strategy.

2015

Functional and Efficiency Review

Found that the department ‘lacked both a cohesive articulation of a risk management policy and a biosecurity risk operating model’ leading to uncertainty about which risks should be focused on. Stated that a ‘risk-based approach needs to be implemented’.

2016

Biosecurity risk management operating model

The department commenced development of a biosecurity risk management operating model to support the prioritisation of risk across the department’s biosecurity regulatory activities. A draft operating model, alongside a draft strategic biosecurity risk analysis and biosecurity risk management assessment, were developed in 2017 but not implemented.

2017

Biosecurity risk management group

Established a departmental biosecurity risk management committee to help develop a system-wide view of the biosecurity risk management system. The committee developed a draft risk identification and analysis framework in 2018, which was not approved.

2020

Inspector-General of Biosecurity review

Stated that ‘there is no known standard framework and methodology for annual regular review of the trends, risks, processes and adjustment options for each biosecurity risk pathway’. Noted this ‘results in the department being unable to justifiably reallocate resources consistent with the risk-return (resource-to-risk) principle, and lower overall residual biosecurity risk to Australia’.e

2019–current

Centre of Excellence for Biosecurity Risk Analysis project

Commenced a project to develop a whole-of-department approach to the prioritisation of biosecurity risk and the setting of regulatory intervention levels, as ‘current arrangements are unsustainable and not sufficiently responsive in a dynamic risk environment’.f

2020–current

Review of biosecurity risk management

Found there was not a clear, succinct framework for managing biosecurity risks, which ‘can result in a fragmented approach, with different approaches used in each branch or division’ and a ‘lack of awareness and common understanding of current biosecurity risk management activities’. Recommended the development of a biosecurity risk management framework.

The department informed the ANAO that the framework was being developed as at March 2021.

     

Note a: R Beale, F Fairbrother, A Inglis, D Trebeck, One Biosecurity: A Working Partnership — The Independent Review of Australia’s Quarantine and Biosecurity Arrangements, 2008, pp. 157–159.

Note b: Australian Government, Budget Paper No. 2, Budget Measures 2010–11, 2010, p. 90

Note c: A Robinson, M Burgman, W Atkinson, R Cannon, C Miller, H Immonen, AQIS Import Clearance Review [internet], Australian Centre of Excellence for Risk Analysis, 2009, available from https://cebra.unimelb.edu.au/__data/assets/pdf_file/0016/2220244/0804.pdf;

A Robinson, M Burgman, R Langlands, R Cannon, F Clarke, AQIS Import Clearance Risk Framework [internet], Australian Centre of Excellence for Risk Analysis, 2009, available from https://cebra.unimelb.edu.au/__data/assets/pdf_file/0018/2220246/0804a-final-report.pdf

Note d: Department of Agriculture and Water Resources, Reform of Australia’s Biosecurity System — An Update since the Publication of One Biosecurity: A Working Partnership, 2012, pp. 11–12.

Note e: Inspector-General of Biosecurity Review Report No. 2019–20/03, Biosecurity risk management of international express airfreight pathway for non-commercial assignments, p. 5.

Note f: Centre of Excellence for Biosecurity Risk Analysis, Annual Report 2019–20 [internet], p. 12, available from https://cebra.unimelb.edu.au/__data/assets/pdf_file/0005/3517097/CEBRA-Annual-Report-2020-Final.pdf

Source: ANAO based on Department of Agriculture, Water and the Environment and publically available documents.

Footnotes

1 The term entity may be used to describe a traveller or person or organisation conducting business.

2 Auditor-General Report No.34 2016–17 Implementation of the Biosecurity Legislative Framework, p. 14.

3 Conveyances are vehicles used to transport goods and entities to Australia. Approved arrangements involve industry participants being accredited to manage biosecurity risks in accordance with specified conditions.

4 Department of Agriculture, Water and the Environment, Annual Report 2018–19, p. 12.

5 Commonwealth Scientific and Industrial Research Organisation, Australia’s Biosecurity Future [internet], 2020 p. iii; W Craik, D Palmer and S Sheldrake, Priorities for Australia’s biosecurity system, 2017, pp. 12–13.

6 Department of Agriculture, Water and the Environment, Plant pests and diseases [internet], available from https://www.agriculture.gov.au/pests-diseases-weeds/plant [accessed 11 January 2021].

7 Department of Agriculture, Water and the Environment and National Biosecurity Communication and Engagement Network, White spot disease [internet], available from https://www.outbreak.gov.au/current-responses-to-outbreaks/white-spot-disease [accessed 11 January 2021].

8 Department of Agriculture, Water and the Environment, Plant pests and diseases [internet]; Department of Agriculture, Water and the Environment, Pests, diseases and weeds [internet], available from https://www.agriculture.gov.au/pests-diseases-weeds [accessed 11 January 2021].

9 The Centre of Excellence for Biosecurity Risk Analysis is a research organisation that aims to provide solutions and advice for assessing and managing biosecurity risks for the department and New Zealand Ministry for Primary Industries. The centre receives funding from the Australian Government; A Dodd, N Stoeckl, J Baumgartner and T Kompas, Key Result Summary: Valuing Australia’s Biosecurity System, Centre of Excellence for Biosecurity Risk Analysis, 2020, p. v.

10 The term entity describes a traveller or person or organisation conducting business.

11Intergovernmental Agreement on Biosecurity, 2019, pp. 6–7.

12 Auditor-General Report No.34 2016–17 Implementation of the Biosecurity Legislative Framework, p. 14.

13 Department of Agriculture, Water and the Environment, Portfolio Budget Statements 2020–21, p. 86.

14 Data is made up of individual, unprocessed facts. Information is produced when data is joined together and processed to be useful for a specific purpose. Intelligence is the product that results from collecting and analysing all available data and information relevant to a topic, to inform decision-making on that topic.

15 This includes templates for summarising what information has been collected and for requesting information.

16 Australian Government, Australian Government Investigations Standards, 2011, p. 8; The ANAO has examined regulators’ consistency with the Australian Government Investigations Standards in past audits including Auditor-General Report No.18 2018–19 Administration of the Renewable Energy Target.

17 Interim Inspector-General of Biosecurity, Undeclared importation of food from the Republic of Korea detected in December 2010, 2013, p. 12.

18 The term entity describes a person or organisation; entity details missing include importer details, cargo broker codes and ABNs, and traveller names, birth years and passport numbers.

19 Cargo details missing include customs value and destination state and country.

20 SE Lane, T Arthur, S Zhao, W Atkinson, C Aston, R McGahy, and AP Robinson, Risk-mapping import pathways for risk return opportunities [internet], pp. 2, 4, 5, 7, Centre of Excellence for Biosecurity Risk Analysis, 2018, available from https://cebra.unimelb.edu.au/__data/assets/pdf_file/0004/2918506/1606C-Final-Report-for-web.pdf [accessed 1 December 2019].

21 ibid., p. 3.

22 These reviews flag any records where entered values are outside of what would normally be feasible (see paragraph 3.65).

23 The Border Intelligence Fusion Centre aims to bring together the intelligence collection and analysis capabilities of seven federal agencies, and formalise operational links with key international partners. Its function is to identify and assess immediate threats to the Australian border through targeted analysis, and provide immediate tactical intelligence on time-sensitive events.

24 The department is able to request extracts from these datasets, but this is inherently reactive and does not enable some broader analysis — for example, it is not able to be used in risk assessments (paragraphs 2.44 and 2.49).

25 The department only receives data on cargo that has been flagged as being of potential biosecurity concern, and only records information on travellers and mail that have been inspected. Collecting information on other cargo, travellers and mail would better support the department to understand the regulated population and therefore determine what characteristics are more likely to be associated with non-compliance.

26 The classification level of information is determined under the Australian Government’s protective security policy framework. ‘Protected’ level information is defined as information that would be expected to cause damage to the national interest, organisations or individuals if its confidentiality was compromised. Protected information must be stored and communicated on networks that meet specified security requirements.

27 The department has established Microsoft Sharepoint sites to record information, including for all detected non-compliances, corrective actions required to be undertaken at approved arrangements, and managing fit and proper person tests. These sites do not communicate with other systems or each other.

28 Auditor-General Report No.5 2020–21 Regulation of the National Energy Market, p. 12; Auditor-General Report No.47 2019–20 Referrals, Assessments and Approvals of Controlled Actions under the Environment Protection and Biodiversity Conservation Act 1999, pp. 22–23.

29 Intelligence products are any outputs designed to disseminate intelligence to decision-makers.

30 The department established a committee in 2019 whose draft terms of reference includes preparing a list of intelligence priorities. The department informed the ANAO that this work is underway.

31 The department has two intelligence teams. One produces tactical intelligence to support individual investigations and enforcement activities, while the other produces intelligence to support all other aspects of biosecurity regulation. The ANAO examined all products produced by the latter.

32 These themes include the importance of developing a capacity to detect and respond to changes in the global biosecurity environment, such as those predicted by the strategic intelligence products.

33 The Australian Government commits to maintaining an appropriate level of protection based on risk under the Biosecurity Act 2015; this is also reflected in the 2019 Intergovernmental Agreement on Biosecurity.

34 This prediction was made in 2017 (prior to the COVID-19 pandemic) based on departmental interventions increasing proportionally with the increase in the number of incoming travellers and goods.

35 For example, the risk-return resource allocation model (RRRA) can be used to estimate the level of biosecurity risk presented by different biosecurity pathways, as well as the cost and effectiveness of the department’s regulation in reducing biosecurity risk in those pathways. The RRRA model was launched in 2017 but has not been used to inform an approach to assessing and managing risk across the entire biosecurity system.

36 This assessment assessed the residual risk for each risk as ‘tolerable’, ‘moderate’, or ‘high’, as well as documenting actions being taken for each risks. Risks included specific pests and diseases such as African swine fever, as well as operational constraints, the effectiveness of key biosecurity controls and potential changes in the regulatory environment.

37 Standards Australia, AS ISO 31000:2018, Risk management — Guidelines, 2018.

38 Inspector-General of Biosecurity, Review Report No. 2019–20/03, Biosecurity risk management of international express airfreight pathway for non-commercial consignments.

39 The department assesses the biosecurity risk posed by different types of goods before it allows them to be imported to Australia. This process establishes what conditions, if any, must be met before goods can be imported. However, the department’s assessment of the risk posed by goods does not consider non-compliance and was therefore not included in the scope of this audit.

40 The aim of the scheme is to reward importers who demonstrate consistent compliance with Australia’s biosecurity requirements with reduced inspection rates (see paragraph 3.14).

41 Different types of goods have been selected based on the risk posed by the goods, compliance rates for past imports of those goods, and the costs involved with inspecting those goods.

42 Machine learning algorithms are programs that can learn from data without human intervention. The pilot indicated that the algorithm could predict 90 per cent of identified non-compliance for commercial cargo while reducing inspection amounts by 60 per cent, and 92 per cent of identified non-compliance for non-commercial cargo with 42 per cent fewer inspections.

43 Individual biosecurity officers are required to use their judgement to manually assess the risk of sea travellers carrying plant and animal biosecurity risk material (see paragraph 3.16). There are other processes to assess human biosecurity risks, which are not within the scope of this audit.

44 This includes information on additional traveller characteristics, passengers who were not screened, and passengers who were screened but not found to have biosecurity risk material.

45 A second risk assessment process was undertaken following the identification of new high risk groups.

46 For example, the department has records of interceptions of high risk biosecurity material for groups that Australia Post have not recorded any mail.

47 Between October 2017 and October 2018, 143 groups with records in the department’s data (18.9% of all groups) were not present in the Australia Post data and therefore were not included in the risk assessment by the department.

48 This limits the department’s ability to accurately assess the amount to be cost recovered from Australia Post for biosecurity services, which has been set at $15.3 million since 2018–19.

49 Members of the Universal Postal Union have committed to electronically share customs declarations data in advance of the mail arriving at its destination. This includes data about contents, value, and country of origin.

50 The department informed the ANAO it obtained an extract of this data in January 2021, to explore how it may be used to inform its regulatory approach (including risk assessment).

51 The recommendation included both ‘obtain Senior Executive endorsement of the current … intervention targeting and risk engine’, and ‘develop and implement a process to confirm the … risk engine is effectively targeting the areas of highest risk’. The former part was completed when the recommendation was closed.

52 Approved arrangements are where biosecurity industry participants are accredited to manage biosecurity risks on behalf of the department (see Table 1.1).

53 Department of Agriculture, Water and the Environment, Approved Arrangements General Policies Version 7.1 [internet], 2018, available from https://www.agriculture.gov.au/sites/default/files/sitecollectiondocuments/biosecurity/import/arrival/approved-arrangements/general-policies-version-7.pdf [accessed 15 December 2020]

54 The department has noted that ‘some industry sectors that carry out certain classes of biosecurity activity have historically been associated with higher levels of risk’.

55 The department stated that it is ‘currently reviewing its risk-based framework for audit scheduling in order to ensure that compliance monitoring is commensurate with risk. The review will include consideration of additional risk factors … ’; Inspector-General of Biosecurity Review Report No. 2019–20/01, Effectiveness of approved arrangements in managing biosecurity risks in Australia, 2019, p. 14.

56 Auditor-General Report No. 34 2016–17 Implementation of the Biosecurity Legislative Framework, page 7.

57 The program was intended to be undertaken in three stages. Stage one of the program (the period leading up to commencement of the Act on 15 June 2016) focused on priority changes to enable core biosecurity operations to continue following the commencement of the Act. Stage two of the program (17 June 2016 to 15 June 2018) focused on the implementation of delayed, transitional and phased provisions of the Act as well as stage one activities that were not deemed mandatory for the commencement of the legislation. Stage three (July 2018 to June 2021) was intended to complete the remaining deliverables from stage two.

58 These include: the implementation of emergency and on-shore powers under the Act; certifying that designated first points of entry into Australia meet new legislative requirements; fully implementing infringement notices as a compliance action; and reviewing the gathering and sharing of protected information. There were also non-project streams of work, which included: establishing training material; and communicating about the implementation of the Act.

59 The completed project related to the management of protected information.

60 These benefits were: application of compliance and enforcement tools across biosecurity import pathways; levels of domestic ballast water compliance identified through audits and inspections; Commonwealth biosecurity legislation is used appropriately to assist in the management of a biosecurity incident; access to merits review under the Act; and client feedback on level of confidence.

61 Auditor-General Report No. 34 2016–17 Implementation of the Biosecurity Legislative Framework, p. 28.

62 As noted in Table 3.2, the system used for mail and travellers is no longer within BIIS scope.

63 For example, Department of Finance gateway reviews of the BIIS program noted that: the program was reported as being on schedule for achieving milestones despite having missed them, ‘achievement against scope is not being reported’, and ‘the financial status of the program is unclear’ in 2018; and ‘high-level dependencies are not necessarily identified and reported … in a systematic way’ in 2020. The gateway review process, managed by the Department of Finance, aims to strengthen governance and assurance practices and to assist entities to successfully deliver major projects and programs; Department of Finance, Gateway Reviews Process, https://www.finance.gov.au/government/assurance-reviews-risk-assessment/... [accessed 8 September 2020].

64 Agreements that have not been reviewed within specified timeframes include those with Health, the Australian Federal Police, and the Australian Maritime Safety Authority. Agreements that did not include arrangements for review include those with the New Zealand Ministry for Primary Industries (responsible for biosecurity regulation), and with Home Affairs in relation to functions in the Torres Strait.

65 A 2017 joint document by agencies involved in the clearance of international mail notes that there have been ‘significant changes in the international mail environment over the past few years’, including the ‘boom in eCommerce, with huge growth in the number of low value ($1000 or less) parcels’.

66 Department of Finance, Commonwealth Risk Management Policy, 2014, p. 16.

67 Auditor-General Report No. 6 2017–18 The Management of Risk by Public Sector Entities, p. 43.

68 The Commonwealth performance framework consists of the Public Governance, Performance and Accountability Act 2013, the Public Governance, Performance and Accountability Rule 2014 and accompanying guidance issued by the Department of Finance.

69 The department’s purpose in the 2020–21 corporate plan is ‘partnering and regulating to enhance Australia’s agriculture, unique environment and heritage, and water resources’.

70 Department of Agriculture, Water and the Environment, Corporate Plan 2020–21, 2020, p. 27

71 The full measures are: ‘agreed regulatory performance timeframes are met’, ‘rates of compliance with regulations administered by the department are maintained or improved’, and ‘performance measures are developed to assess the effectiveness of the national biosecurity system’; Department of Agriculture, Water and the Environment, Corporate Plan 2020–21, 2020, p. 39.

72 Department of Finance, Developing good performance information — Resource Management Guide No. 131, 2020.

73Public Governance, Performance and Accountability Act 2013, paragraph 39(2)(a).

74 The ‘national biosecurity system’ includes states and territories as well as the Commonwealth; Department of Agriculture, Water and the Environment, Intergovernmental Agreement on Biosecurity (IGAB) [online], available from https://www.agriculture.gov.au/ [accessed 14 January 2021].

75 Centre of Excellence for Biosecurity Risk Analysis, Evaluating the health of Australia’s biosecurity system, June 2020, available from https://cebra.unimelb.edu.au/__data/assets/pdf_file/0010/3453058/Endorsed-CEBRA-170714-Final-Report-June2020_new-cover.pdf [accessed 12 October 2020].

76 National Biosecurity Committee, National Biosecurity Committee Meeting 33 and Strategic Workshop 20 Communique [online], available from https://www.agriculture.gov.au/biosecurity/partnerships/nbc/meeting-33 [accessed 9 April 2021].

77 The performance indicators relate to: reducing regulatory burden, communication, risk-based approaches, streamlined and coordinated monitoring, transparency, and continuous improvement. From July 2021, reporting under the regulator performance framework should be incorporated into agencies’ annual performance statements; Department of the Prime Minister and Cabinet, Regulator Performance Framework [internet], October 2014, available from https://www.pmc.gov.au/resource-centre/regulation/regulator-performance-framework [accessed 01 December 2020].

78 For example, one target was ‘we consider the operating environment impacting the Department and regulated entities’. It is unclear what ‘consider’ entails or how it could be measured.

79 Inspector-General of Biosecurity, 2021, Adequacy of department’s operational model to effectively mitigate biosecurity risks in evolving risk and business environments, p. 30

80 The report proposed a methodology for applying the performance measures that already existed for air travellers and mail to the other pathways. This included for determining the proportion of non-compliant entities before and after biosecurity controls, the proportion of entities referred for inspection that were non-compliant, and the effectiveness of screening methods at detecting non-compliance; M Hoffman, A Robinson, J Holliday, Performance Indicators for Border Compliance [online], Centre of Excellence for Biosecurity Risk Analysis, 2016, available from https://cebra.unimelb.edu.au/__data/assets/pdf_file/0009/2615085/1501F_-final.pdf [accessed 1 December 2020].

81 The term entity describes a traveller or person or organisation conducting business.

82 Items includes different cargo consignments, articles of mail, ships or aircraft.

83 Identified low intervention areas of pathways included commercial air cargo, sea travellers, sea crew, and non-commercial sea cargo.

84 Automated profiles are where departmental systems automatically flag selected items for intervention; see paragraph 3.9.

85 Goods imported into Australia are required to be classified into different categories, each of which has an import tariff associated with it.

86 Goods of over $1000 in value require a full import declaration, which involves a detailed declaration process.

87 Goods under $1000 in value require a self-assessed clearance declaration, a shorter form of import declaration. Declarants can also provide a long form self-assessed clearance declaration, which includes more information and is processed in the same manner as a full import declaration.

88 Inspector-General of Biosecurity, Review Report No. 2019–20/03, Biosecurity risk management of international express airfreight pathway for non-commercial consignments, pp. 39–40.

89 Examples include misspelt item descriptions (‘ZOOOM BBEGINNER PEDAL FREE KIDS BIK’) and descriptions that do not provide useful information for profiles (‘FLYING SWORDS OF DRAGON’, and ‘ZQ-MP2050 1CTN’).

90 Records indicate the total number of active cargo profiles was between 5000 and 6000 during this period.

91 Import conditions can be established either for all goods of a certain type, or for specific importers through import permits. The establishment of these conditions was not part of the scope of this audit.

92 This includes assessment of permits, manufacturer and packing declarations, and treatment certificates.

93 Procedural guidance lists factors to be considered when assessing vessel risk, including: origin; voyage itinerary; compliance history; high risk food stores; controls in place to prevent high risk items being removed; and the nature of travellers’ departures. For verification, it states that procedures ‘can include’: random inspection of possessions; obtaining a list of food provisions; and inspecting buffets.

94 Incoming passenger cards are a declaration completed by all international passengers permanently disembarking an aircraft into Australian territory.

95 These include visual (such as visible food items), auditory (noise from a concealed animal) or olfactory (food or animal odour from baggage) cues.

96 The department uses incoming passenger cards to mark which travellers are to be referred for inspection. Home Affairs has commenced a project to cease the use of incoming passenger cards. To address this, the department plans to implement a digital passenger declaration process.

97 A 2016 document indicated that the identified risk group of Other Article class mail from China arriving at the Sydney Gateway Facility would only be expected to be screened at a 40 per cent rate, due to its large volume.

98 Procedural guidance provides a list of seasonal and cultural events, when they occur, what countries they are likely to apply to, and what types of goods may be associated with them.

99 This includes factors such as packaging, declaration details, consignee details, sender details, and other factors such as stains, smells, and biosecurity warning signs.

100 Australian Centre of Excellence for Risk Analysis, Seaports Report 3 [internet], 2010, available from https://cebra.unimelb.edu.au/__data/assets/pdf_file/0014/2220251/1001d_Report_03.pdf

101 Approved arrangements are where biosecurity industry participants are accredited to manage biosecurity risks on behalf of the department (see Table 1.1).

102 These audits entail departmental staff visiting approved arrangement sites and assessing them against the requirements of their arrangement.

103 Approved arrangements that allow brokers to assess cargo documentation or assign biosecurity directions to cargo on behalf of the department are monitored by reviewing a sample of work undertaken by the broker, with the proportion of work reviewed depending on the broker’s compliance history; Department of Agriculture, Water and the Environment, Approved Arrangements General Policies Version 7.1 [internet], 2018, available from https://www.agriculture.gov.au/sites/default/files/sitecollectiondocuments/biosecurity/import/arrival/approved-arrangements/general-policies-version-7.pdf [accessed 27 January 2021].

104 Inspector-General of Biosecurity, Review Report No. 2019–20/01, Effectiveness of Approved Arrangements in managing biosecurity risks in Australia, p. 27.

105 Some targeted operations examined more than one pathway.

106 One cargo operation was not able to confirm either way.

107 Auditor-General Report No. 34 2016–17 Implementation of the Biosecurity Legislative Framework, p. 38.

108 Vessels and aircraft are required to enter Australia through designated locations known as first points of entry, unless given specific permission.

109 The department has a large amount of additional instructional material that provide supplementary information (such as how to use information systems), cover activities not directly related to detecting non-compliance (these include sampling specific types of goods for potential pests or diseases), or were not determined to cover key activities (these include managing abandoned goods). These documents were not examined as part of this audit.

110 Inspector-General of Biosecurity, Adequacy of department’s operational model to effectively mitigate biosecurity risks in evolving risk and business environments, 2021, pp. 30, 79.

111 R Beale, J Fairbrother, A Inglis and D Trebeck, One Biosecurity – A working partnership, 2008, p. 220–221.

112 Inspector-General of Biosecurity, Review Report No. 2018–19/05, Pest and disease interceptions and incursions in Australia, p. 64.

113 The Director of Biosecurity is a statutory position established under the Biosecurity Act 2015. The Director of Biosecurity is the Secretary of the Department of Agriculture, Water and the Environment, who is responsible for the administration of the Biosecurity Act 2015.

114 Subsection 545(5) of the Biosecurity Act 2015.

115 Verifications are activities, including desktop review of documentation and real-time observation, undertaken to confirm whether staff are competent and acting in accordance with procedural requirements.

116 The department conducts monthly automated data reviews that flag any records where entered values are outside of what would normally be feasible (see paragraph 2.9).

117 In 2015–16, 1.3 per cent of records were found to have probable errors.

118 For example, 500 grams of cheese mistakenly recorded as 500 kilograms of cheese would be flagged by the audit, as that weight is unlikely to be correct. However, 2.1 kilograms of cheese mistakenly recorded as 1.2 kilograms would not be identified by the analysis.

119 The department has been unable to take regulatory action for some cases due to incorrect names and inspection dates, and records entered a significant period after the inspection occurred.

120 This may occur due to staff not detecting, or applying the correct import conditions to a risk item.

121 Proportions fluctuate from year to year with no clear increasing or decreasing trend. Records indicate that an estimated 13.6 per cent of travellers with risk material were incorrectly released following inspection in 2015–16, compared to 22.1 per cent in the first nine months of 2019–20.

122 Estimates ceased from March 2020 due to the decline in traveller volume following the COVID-19 pandemic.

123 CEBRA was formerly known as the Australian Centre of Excellence for Risk Analysis; A Robinson, R Mudford, K Quan, P Sorbello, M Chisholm, Adoption of meaningful performance indicators for quarantine inspection performance, Australian Centre of Excellence for Risk Analysis, 2013.

124 The department does not collect data that would allow it to accurately estimate probabilities of biosecurity risk material for letter class mail.

125 A Robinson, R Mudford, K Quan, P Sorbello, M Chisholm, Adoption of meaningful performance indicators for quarantine inspection performance, Australian Centre of Excellence for Risk Analysis, 2013.

126 Full-container-load cargo refers to containerised cargo where the goods occupy the full shipping container. Other cargo types include less-than-container-load (containerised cargo where the goods do not occupy a full container), bulk (unpackaged commodities transported in the hold in large quantities, such as coal) and break-bulk (commodities loaded in individual packages that are not in shipping containers, such as drums of oil).

127 The department currently undertakes monitoring for non-commercial air cargo handled by the Conference of Asia Pacific Express Carriers, but does not yet monitor other types of non-commercial air cargo.

128 Interim Inspector-General of Biosecurity Report No. 2015–16/02, Management of biosecurity risks associated with timber packaging and dunnage, p. 43.

129 Section 5 of the Biosecurity Act 2015.

130 Department of Agriculture, Water and the Environment, Performance Framework 2019–20, pp. 7–8.

131 To manage unacceptable biosecurity risks, the Act also provides powers including the ability to secure, move, treat, export and destroy goods and conveyances, and treat and destroy premises. While unacceptable biosecurity risks may be associated with non-compliance, they may also occur in other situations. For this reason, the use of these powers was not examined as part of this audit.

132 The department is also able to refer travellers to the Department of Home Affairs to make a decision to cancel certain types of temporary visas.

133 The Commonwealth Director of Public Prosecutions is an independent prosecution service established by Parliament to prosecute alleged offences against Commonwealth law.

134 Inspector-General of Biosecurity, Effectiveness of approved arrangements in managing biosecurity risks in Australia, August 2019, p. 13.

135 Inspector-General of Biosecurity, Biosecurity risk management of international express airfreight pathways for non-commercial consignments, July 2020, p. 10.

136 Inspector-General of Biosecurity, Effectiveness of approved arrangements in managing biosecurity risks in Australia, August 2019, p. 69.

137 The Australian Government Investigations Standards establish the minimum standards for Australian Government agencies conducting investigations. The standards are mandatory for all agencies required to comply with the Public Governance, Performance and Accountability Act 2013.

138 The department uses Microsoft Sharepoint intranet lists for these purposes.

139 The minimum level of qualification recommended for investigators is a Certificate IV in Government (Investigations) or equivalent, and a Diploma of Government (Investigation) or equivalent for staff engaged in the coordination and supervision of investigations; Australian Government, Australian Government Investigations Standards, 2011, p. 9.

140 Home Affairs is responsible for administering the Migration Act 1958 and therefore any visa cancellations made under the Act or regulations.

141 The Regulatory Powers (Standard Provisions) Act 2014 provides for a standard suite of monitoring and investigation powers, as well as enforcement provisions through the use of civil penalties, infringement notices, enforceable undertakings and injunctions.

142 Delegations were aligned to position numbers, which represent a unique position within the department. The specific role associated with that position, as well as the person associated with that position, can change.

143 Delegations under the Regulatory Powers (Standard Provisions) Act 2014 were aligned to an Australian Government Staffing (AGS) number which is a unique identifier for persons employed within the Australian Public Service.

144 Department of Agriculture, Water and the Environment, Biosecurity Compliance Statement [internet], DAWE, available from https://www.agriculture.gov.au/sites/default/files/sitecollectiondocuments/biosecurity-compliance-statement.pdf [accessed 22 January 2021].

145 Biosecurity Bill 2014, Explanatory Memorandum, p. 10.

146 This includes where an extension of the payment period is provided and instances where a traveller elects not to pay the infringement notice.

147 The amendment allows for the Director of Biosecurity to determine goods or classes of goods that pose a high level of biosecurity risk and determine a higher infringement notice amount.

148 Biosecurity Regulation 2016, paragraph 88.

149 Corrective action requests may be issued to a physical handling or disinsection (insect removal) class approved arrangement holder following detected non-compliance as part of an audit (as discussed in paragraph 3.31) or outside of an audit such as when a departmental officer visits an approved arrangements site for other reasons. Broker class approved arrangements are not subject to corrective action requests.

150 Issues identified by the ANAO include incomplete information recorded in the register, and incomplete record keeping of key decisions and communications, limiting the ANAO’s ability to verify the actions taken and closure of CARs. In addition, the date of issue and due date may be amended if a CAR is reissued, preventing the register from providing an accurate view of the time taken for non-compliance to be rectified.

151 This applies for physical handling and broker class arrangements. Disinsection (insect removal) class approved arrangements can be suspended following a critical non-compliance or a certain amount of major and minor non-compliances.

152 Following serious non-compliance, the department may request the arrangement holder to show cause as to why their arrangement should not be suspended or revoked.

153Biosecurity Act 2015, section 530.

154 Some infringement notices were able to be reissued where the alleged contravention occurred less than 12 months prior to the notice being reissued, and where the delegate was able to rely on the evidence recorded by the issuing biosecurity officer.

155 Biosecurity officers must demonstrate (that the officer formed the belief on reasonable grounds) that a traveller knowingly provided false or misleading information when an infringement notice is issued for alleged contravention of section 532(1) or section 533(1) of the Biosecurity Act 2015.

156 This process was in place prior to the introduction of the Biosecurity Act 2015 and applied to investigations conducted under the Quarantine Act 1908 as well as other departmental investigations.

157 Departmental audit and verification activities identified instances where records and evidence were not appropriately linked and easily accessible from the case management system.

158 Inspector-General of Biosecurity Review Report No. 2019–20/01, Effectiveness of approved arrangements in managing biosecurity risks in Australia, 2019, p. 4

159 Senate Rural and Regional Affairs and Transport Legislation Committee Inquiry, Biosecurity Amendment (Traveller Declarations and Other Measures) Bill 2020, Department of Agriculture, Water and the Environment submission, p. 5.

160 Estimates for 2019–20 include only the period from July to March, as reporting ceased after that point due to the decrease in international air travel resulting from the COVID-19 pandemic.

161 The reasons for withdrawal of a case included: insufficient evidence; advice from the CDPP that there was no reasonable prospect of securing a conviction; and two cases against individuals being withdrawn as the company plead guilty. The remaining seven are examined in Case study 2.

162 Commonwealth Director of Public Prosecutions, Prosecution Policy of the Commonwealth – Guidelines for the making of decisions in the prosecution process, p. 4.

163 Auditor-General Report No.34 2016–17 Implementation of the Biosecurity Legislative Framework, p. 9

164 The reduction in costs and regulatory burden for external stakeholders and government was originally estimated by the department at $6.9 million a year averaged over ten years; Department of Agriculture, Biosecurity Legislation Regulation Impact Statement, July 2014, p. 6.

165 The Executive Board comprises the Secretary and deputy secretaries of the department.