Introduction

1.1 As a department of state and a material entity, the Department of Defence (Defence) regularly receives recommendations as part of parliamentary committee inquiries and external audit activity by the Australian National Audit Office (ANAO).

1.2 Parliamentary committee inquiries and ANAO performance audits identify risks to the successful delivery of outcomes and generally provide recommendations to address them. Successful implementation of agreed recommendations requires strong senior management oversight and monitoring, with timely implementation approaches, which set clear responsibilities and timelines for addressing the required actions.¹²

1.3 Committees of the Australian Parliament, including the Joint Committee of Public Accounts and Audit (JCPAA), consist of members from either or both Houses of Parliament. Parliamentary inquiries are used by committees to ‘investigate specific matters of policy or government administration or performance’.¹³

1.4 The purpose of the ANAO is to support accountability and transparency in the Australian Government sector through independent reporting to the Parliament, and thereby contribute to improved public sector performance.¹⁴ The ANAO identifies areas where improvements can be made to aspects of public administration and makes specific recommendations to assist public sector entities to improve their program management.¹⁵ The primary role of the Auditor-General for Australia is to assist the Parliament in its role of scrutinising the exercise of authority and the expenditure of public funds by the Executive arm of the Commonwealth.¹⁶

Previous audits

1.5 This is the third in a series of recent audits that examine the effectiveness of Australian Government entities’ governance arrangements to manage the implementation of agreed recommendations from parliamentary committee inquiry reports and ANAO performance audits, and the extent to which agreed recommendations have been implemented.¹⁷

1.6 The first audit in this series outlined the processes for developing and issuing recommendations by parliamentary committee inquiries and by the ANAO, and how entities respond to such recommendations (see paragraphs 1.11 to 1.28 of Auditor-General Report No.6 2019–20). The audit examined the implementation of parliamentary inquiry recommendations and ANAO performance audit recommendations by four entities in the Agriculture and Infrastructure portfolios. The audit concluded that none of the four selected entities demonstrated that they had effectively implemented all agreed recommendations within the scope of the audit.¹⁸

1.7 On 7 August 2019, in response to the audit findings in the first report, the Secretary of the Department of the Prime Minister and Cabinet (PM&C) wrote to departmental secretaries encouraging all departments and agencies to:

… finalise government responses to parliamentary committee reports in a timely manner so the Government can table its response to a committee report within the timeframes established through the respective resolutions of the House of Representatives and the Senate … [and] have processes in place to monitor the implementation of recommendations accepted by the Government. This includes Secretaries providing regular updates to their Minister(s) on implementation progress.

1.8 The second report in this audit series examined the implementation parliamentary inquiry recommendations and of ANAO performance audit recommendations by four entities in the Education and Health portfolios. The audit conclusion was that:

Nothing came to the ANAO’s attention that the entities had not implemented applicable parliamentary committee and ANAO recommendations. Entities had implemented all parliamentary committee inquiry recommendations agreed in the period 1 July 2016 to 30 June 2017, but general arrangements for responding to, monitoring and managing recommendations from parliamentary committee inquiries require improvement.¹⁹

1.9 In addition to the two previous audits in this current series, a follow-up ANAO audit of Defence’s security vetting services examined the department’s implementation of six agreed recommendations (two parliamentary committee recommendations and four ANAO recommendations).²⁰ The results of the follow-up audit are included in the figures for this broader audit of Defence’s implementation of recommendations.

1.10 The ANAO previously conducted a broad audit of the effectiveness of Defence’s monitoring of the implementation of ANAO and internal audit recommendations in 2012–13.²¹ That report included two recommendations agreed by Defence. Their implementation is examined in this audit.

1.11 ANAO reports of the implementation of audit recommendations have highlighted the importance of having enterprise governance arrangements and a systematic approach to effectively manage implementation.

Timeliness of responses to parliamentary committees

1.12 Parliamentary committees publish information on their Australian Parliament House webpages relating to the government responses that are received.

1.13 On a six monthly basis, the President of the Senate provides a report to the Senate on the status of government responses to Senate and joint committee reports.²² Similarly, the Speaker of the House of Representatives presents a report to the House about every six months. Tabled reports and government responses to House and joint committee reports are listed, as well as reports for which the House has not received a government response.²³ Reports remain on this schedule until a response is received, the relevant committee agrees that a response is no longer expected, or a request to remove an inquiry from the list is received. The listing can be removed following consideration of the reasons put forward for removal and the issuance of a formal resolution by the relevant committee.²⁴

1.14 The reports of the President of the Senate and the Speaker of the House of Representatives also provide information on the number of committee reports and the timeliness of government responses.²⁵

1.15 Table 1.1 outlines the key results from the President of the Senate report as at 30 September 2019 and 30 June 2020.²⁶ Responses to these reports are required within three months of the presentation of the report in the Senate and lateness is measured as the months that have passed from the date of report tabling to the reference date (30 September 2019 and 30 June 2020 respectively), minus three months (the period allowed for responding to Senate committee reports).

Table 1.1: Senate — outstanding responses as at 30 September 2019 and 30 June 2020^a

Note a: Table 1.1 shows responses across Australian Government entities.

Note b: Total numbers include five partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities.

Note c: The time allowed for responding had not yet expired for 25 of the 207 reports with no response.

Note d: There were four responses in this report schedule referring to 11 reports of the JCPAA. All responses reported were late.

Note e: Total numbers include eight partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities.

Note f: The time allowed for responding had already expired for all of the 222 reports with no response.

Note g: There were six responses in this report schedule referring to 11 reports of the JCPAA (five partial responses). All responses reported were late.

Source: ANAO analysis of Australian Senate reporting.

1.16 Table 1.2 outlines the key results from the Speaker of the House of Representatives report as at 4 December 2019 and 17 June 2020.²⁷ Responses to these reports are required within six months from the presentation of the report in the House and lateness is measured as the months that have passed from the date of report tabling to the reference date (4 December 2019 and 17 June 2020 respectively), minus six months (the period allowed for responding to House of Representatives Committee reports).

Table 1.2: House of Representatives — outstanding responses as at 4 December 2019 and 17 June 2020^a

Note a: Table 1.2 shows responses across Australian Government entities.

Note b: Total numbers include four partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities.

Note c: The time allowed for responding had not yet expired for 41 of the 103 reports with no response.

Note d: Six of the responses in this report schedule referred to 12 reports of the JCPAA. Five responses, and an additional three partial responses were reported, of which six were late. Four reports have had no response, all of which were late.

Note e: Total numbers include six partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities.

Note f: The time allowed for responding had not yet expired for 12 of the 108 reports with no response.

Note g: There were eight responses in this report schedule referring to 11 reports of the JCPAA (including partial responses). Three responses, and an additional five partial responses were reported, of which seven were late. Three reports have had no response, two of which are late.

Source: ANAO analysis of Australian House of Representatives reporting.

1.17 In summary, very few responses were received within the required timeframe. In particular:

• of the 269 Senate committee inquiry reports with a response received within the most recent reporting period, two per cent had received a response within the required time frame of three months; and
• of the 143 House of Representative committee inquiry reports within the most recent reporting period, six per cent had received a response within the required time frame of six months.

Rationale for undertaking the audit

1.18 Reports of parliamentary committees and the ANAO identify risks to the successful delivery of outcomes and areas where administrative or other improvements can be made. The appropriate and timely implementation of agreed recommendations is an important part of realising the full benefit of a parliamentary inquiry or an audit and for demonstrating accountability to the Parliament.²⁸

1.19 This is the third in a recent series of audits that highlight whether entities have implemented recommendations in line with commitments made to the Parliament.²⁹

Audit approach

Audit objective, criteria and scope

1.20 The audit objective was to examine whether the Department of Defence (Defence) implemented a selection of agreed parliamentary committee recommendations and ANAO performance audit recommendations.

1.21 To form a conclusion against the audit objective, the following high level audit criteria were used:

• Does Defence have appropriate governance arrangements in place to respond to, monitor and implement recommendations?
• Were agreed recommendations effectively implemented?

1.22 The ANAO reviewed Defence’s implementation of 32 agreed recommendations, comprising 18 parliamentary committee recommendations and 14 ANAO performance audit recommendations. The approach used to select the audit sample is outlined below.

Methodology for selecting the audit sample — key features

Parliamentary committee recommendations

• The recommendations were limited to reports published from 2018 onwards made by the three committees most likely to have recommendations relevant to Defence. These were the:
  • Joint Committee of Public Accounts and Audit;
  • Joint Standing Committee on Foreign Affairs, Defence and Trade; and
  • Senate Standing Committee on Foreign Affairs, Defence and Trade.
• Implementation of the recommendation must have been the responsibility of the Department of Defence.
• There must have been a government response that agreed (or agreed in principle/agreed in part) to the recommendation(s). Only responses provided by 31 December 2019 were included.
• Recommendations relating to the parliamentary review of annual reports were excluded as there was already an established process to address such recommendations.
• Recommendations were excluded if they were likely to be examined by the ANAO as part of a separate performance audit, as part of the ANAO’s annual Defence Major Projects Report, or as part of a parliamentary inquiry.
• JCPAA recommendations relating to Auditor-General Report No.21 2020–21 Delivery of Security Vetting Services Follow-up were included in this audit.

ANAO recommendations

• The recommendations were limited to reports tabled from 2018 onwards.
• Defence must have agreed (or agreed in principle/agreed in part) to the recommendation.
• The tabling of the report must have occurred approximately 12 months (or more) prior to the commencement of this audit.³⁰
• Recommendations were excluded if they were likely to be examined by the ANAO as part of a separate performance audit or as part of the ANAO’s annual Defence Major Projects Report.

1.23 The two recommendations from Auditor-General Report No. 25 2012–13 Defence’s Implementation of Audit Recommendations were included in the audit sample as that was the last ANAO audit that specifically assessed the effectiveness of Defence’s monitoring of the implementation of ANAO and internal audit recommendations.

1.24 ANAO recommendations relating to Auditor-General Report No.21 2020–21 Delivery of Security Vetting Services Follow-up were included in the audit sample (consistent with the approach to JCPAA recommendations).

1.25 In addition to the above general approach, specific consideration was given to individual recommendations having regard to:

• the total number of recommendations to include in the audit sample;
• the spread of recommendations across reports in the sample period;
• the scope of individual recommendations; and
• the benefit of ensuring a spread of recommendations across different parts of Defence.

1.26 For details of the rationale for the selection of individual recommendations in the audit sample refer to Appendix 2. For details of the individual recommendations refer to Appendix 3.

1.27 Table 1.3 lists the number of ANAO and parliamentary committee recommendations examined in this audit.³¹

Table 1.3: Number of ANAO and parliamentary committee recommendations examined

Note a: This includes ‘agreed’, ‘agreed in principle’, ‘supported’ and ‘supports intent’.

Source: ANAO.

Audit methodology

1.28 The audit involved:

• the review of entity documentation such as guidelines, procedures, management reports, audit committee papers, meeting minutes, briefing materials, implementation plans, closure packs and other supporting evidence relating to monitoring progress and reporting against agreed recommendations;
• discussions with relevant entity staff, including internal audit and representatives from the business areas responsible for the implementation of recommendations;
• examining IT system controls and supporting documentation for those systems used by Defence to manage recommendations; and
• engaging with the secretariat from each of the selected parliamentary committees.

1.29 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $466,039.

1.30 The team members for this audit were Grace Guilfoyle, Elizabeth Wedgwood, James Sheeran and Michelle Page.

2.1 The tabling in Parliament of an agreed response to a parliamentary committee or ANAO audit recommendation is a formal commitment by the government or an entity to implement the recommended action. ANAO audits have previously observed that entities with effective guidance and strong governance arrangements were those that successfully reported implementation of the recommendation.

2.2 This chapter considers whether Defence has appropriate governance arrangements in place to respond to, monitor and implement recommendations, by examining Defence’s internal guidance and governance arrangements for the management of parliamentary committee and ANAO performance audit recommendations.

Did Defence have established processes and responsibilities for responding to recommendations?

2.3 Two divisions within Defence are responsible for receiving and allocating recommendations, and coordinating responses to ANAO performance audit and parliamentary committee recommendations. These are the:

• Audit and Fraud Control Division (AFCD) for ANAO recommendations; and
• Ministerial and Executive Coordination and Communication (MECC) Division for parliamentary committee recommendations.

2.4 Each division devolves responsibility for responding to recommendations to relevant business areas.

2.5 Defence has processes in place to coordinate responses to ANAO recommendations but not all processes and responsibilities were documented and some documentation lacked clarity and consistency. For example, guidance documents either individually or collectively did not clearly detail all the processes to be followed or the interaction of key personnel and business areas in the management of ANAO audit recommendations.

2.6 Defence documentation relating to its processes to coordinate responses to parliamentary committee recommendations was in draft form.

2.7 At the September 2020 meeting of the Defence Audit and Risk Committee (DARC), MECC advised the committee that, in relation to parliamentary committee recommendations, previous responses submitted by Defence ranged from ‘agreed’, ‘agreed in principle’, ‘agreed in part’, ‘noted’ to ‘disagreed’ and there was no set definition of what each variation meant. MECC committed to developing standard response types and definitions to support effective responses to committee recommendations. MECC developed guidance which was in draft form at the time the ANAO completed audit fieldwork in December 2020. The draft guidance did not reference, and was inconsistent with, Joint Committee of Public Accounts and Audit (JCPAA) guidance for responding to JCPAA recommendations. For example, the proposed Defence responses of ‘supported’, ‘not supported’ or ‘partially supported’³² did not align with JCPAA guidance that responses state whether a recommendation is ‘agreed’, ‘agreed with qualification’ or ‘not agreed’.³³

2.8 Defence advised the ANAO in January 2021 that:

MECC have reconsidered our approach and have decided to retire the previous advice and adopt the JCPAA guidance. All relevant documentation will be updated, and guidance material will be developed for stakeholders. This will also be reported to the DARC in the next update.³⁴

Did Defence have systems in place to track the implementation of recommendations?

Note a: The PDMS is operated by the Department of Finance and offers a whole-of-government parliamentary workflow. It is a digital platform that supports: Ministerial level correspondence, briefings and submissions; Parliamentary Questions on Notice; Senate Estimates Briefings and Questions on Notice; Executive level communications; and general communications and media.

Note b: Defence provided the ANAO with its full suite of updated PDMS guidance on 23 February 2021.

2.9 Defence records ANAO audit and parliamentary committee recommendations in standalone data management systems. AFCD uses the Audit Recommendations Management System (ARMS)³⁵ to record ANAO audit recommendations and MECC uses the Whole of Government Parliamentary Document Management System (PDMS) to record parliamentary committee recommendations. AFCD records the implementation status and closure of recommendations in ARMS. Until November 2020, MECC had recorded responses to recommendations but not implementation. MECC is implementing a parliamentary committee module in PDMS to track implementation of recommendations. Defence advised the ANAO in February 2021 that the module was installed and the review of guidance documentation would be finalised by the end of February 2021, with the completed guidance to be presented to the DARC at its March 2021 meeting.³⁶

ANAO recommendations

Arrangements to track the implementation of ANAO audit recommendations

2.10 Defence has arrangements and guidance to track the implementation status and closure of ANAO recommendations, although as discussed in paragraph 2.5 the guidance is not always clear, consistent or complete.³⁷ AFCD records the status and closure of recommendations in ARMS. Responsibility for entering data and updating information on the implementation of ANAO audit recommendations is not clear. AFCD advised the ANAO that Group Audit Coordinators (GACs) and ARMS Contact Officers (ACOs) in business areas play a role in tracking ANAO recommendations. None of the AFCD governance documents provided to the ANAO refer to these activities in respect to ANAO audit recommendations, but they are clearly described for tracking internal audit recommendations. If GACs and ACOs are required to track the implementation of ANAO audit recommendations, Defence can better support them in these roles by providing relevant guidance.

Arrangements for reporting the status of ANAO recommendations

2.11 AFCD reports on the status of recommendations to the Secretary of Defence and Chief of the Defence Force via the DARC. AFCD provides three reports to the DARC:

• a summary report of active and overdue ANAO and internal audit recommendations by Group/Service³⁸;
• ANAO and internal audit recommendations closed during the period; and
• a report on all active ANAO and internal audit recommendations.

2.12 AFCD prepares the first two reports for each DARC meeting³⁹ and, as agreed at the April 2020 meeting of the DARC, the report of all active ANAO and internal audit recommendations is to be presented quarterly. This reporting commenced in July 2020. AFCD governance documents do not explicitly refer to reporting requirements for ANAO audit recommendations or specify a format.

2.13 AFCD reports ‘outstanding’ or overdue recommendations by group to each meeting of the DARC. Recommendations are classified as overdue if the recommendation is past the ‘original agreed closure date’ and does not have an extension in place. The use of the ‘original agreed closure date’ is inconsistent with the directive issued by the Secretary of Defence requiring a 90 day default implementation period for all ANAO recommendations.⁴⁰ Further, the use of the ‘original agreed closure date’ in combination with an approved extension, extends the timeline for the implementation of recommendations and effectively reduces the number of recommendations categorised as overdue. This has the potential to be misleading to DARC members.

Completeness of Defence’s recording of ANAO audit recommendations

2.14 The ANAO identified that two recommendations from the sample examined as part of this audit were not recorded in ARMS.⁴¹ As a consequence Defence has not provided any records of the tracking or implementation of these recommendations to the DARC.

2.15 AFCD commissioned an internal review which examined the effectiveness of Defence’s management of internal and ANAO audit recommendations. The final report issued in March 2020 stated that:

ANAO reports were publicly obtained and reviewed for all audits relating to Defence for the period 1 January 2014 to 30 June 2019. Seven recommendations (1.4 per cent of total recommendations) across three ANAO audits were identified that were not included in ARMS.

2.16 In response to recommendations made as part of the internal review, AFCD advised the July 2020 meeting of the DARC that AFCD had:

• reviewed procedures and developed updated guidance documents for the audit process and for recommendations management. These contain guidance on management directed tasks and disagreed recommendations⁴²; and
• reviewed and updated procedures to ensure that all closed recommendations are quality assured (QA) to ensure closure evidence is sufficient and appropriate. The DARC recommendations process requires all closed recommendations to be identified including showing QA is complete and the action taken.

2.17 Auditor-General Report No.21 2020–21 Delivery of Security Vetting Services Follow-up identified that non-public ANAO reports and recommendations are not recorded in ARMS as ARMS cannot store information classified above the ‘protected’ level. No AFCD governance document provides guidance on the management of highly classified material.

Approving extensions to ANAO recommendation implementation timeframes

2.18 AFCD has a documented process for, and the option to approve, extensions to the implementation date for an ANAO audit recommendation.⁴³ The ANAO identified that not all extensions are approved in accordance with Defence requirements (refer to paragraph 3.24 for further details).

2.19 AFCD reporting on the implementation of audit recommendations to the DARC includes details of recommendations closed since the previous DARC meeting. For each recommendation this includes the agreed closure date⁴⁴; any revised agreed closure dates⁴⁵; and the date closed.⁴⁶ There is also reporting on the number of times, excluding the original extension, that an extension has been approved.

As discussed in paragraph 2.13, the development of an agreed closure date as a substitute for the 90 day default requirement for implementation, and subsequent extensions, is inconsistent with the Secretary of Defence’s 2013 directive.⁴⁷

Assessing risk

2.20 Of the three reports AFCD provides to the DARC, two reports (the summary of active/overdue audit recommendations by group, and ANAO and internal audit recommendations closed during the period) include a grading level. The grading level is reported as either:

• Level 1: Significant operational/management deficiencies which have a high materiality or financial/performance risk that requires urgent action, or opportunities to obtain significant performance/resource benefits which should be addressed as a matter of urgency; or
• Level 2: Operational/management deficiencies having medium materiality or financial/performance risk which should be rectified by management in the short term, or an opportunity to obtain performance/resource benefits which should be implemented in the short term.

2.21 The report states that all ANAO audit recommendations are classified as Level 1. Defence’s Audit Branch Recommendations Management (2020) guidance should be amended to include the requirement to assign a grading level to audit recommendations. In addition, there is scope for Defence to review whether all ANAO recommendations should be automatically assigned a Level 1 rating.⁴⁸

2.22 Defence should ensure its guidance reflects requirements relating to assigning risk to recommendations and review whether automatically assigning a rating of Level 1 to all ANAO recommendations is appropriate.

Closing ANAO recommendations

2.23 Arrangements for closing ANAO recommendations are described in Defence’s Audit Branch Recommendations Management (2020) guidance as follows:

When the necessary actions have been completed, the area responsible submits documentary evidence supporting the closure, through the ANAO Liaison Officer, which is reviewed by Audit and Fraud Control Division (AFCD). If closure is approved by FAS [First Assistant Secretary] AFC, the recommendation is closed on ARMS.

2.24 Defence’s ANAO Recommendation closure fact sheet states:

Why is closure evidence so important?

Audit Branch stores this evidence in a central location (Audit Recommendation Management System) so that when the ANAO returns to examine the closure of recommendations it is clear what has been done to close each recommendation. This includes the formal closure minute signed by the Assistant Secretary Audit.

Will the ANAO really re-examine these recommendations?

Yes. For each audit they perform, the ANAO will always examine any previous, related ANAO or internal Audits. As part of this work, they will question the implementation of any recommendations identified in the audits found.

2.25 The focus in this Defence guidance on future ANAO review misses the principal benefit from preparing and retaining closure evidence, which is to provide a documented basis for Defence decision-makers to decide whether agreed recommendations have been implemented and closure is warranted. There is a further, consequential benefit which flows naturally from good record keeping. It provides a basis for internal review and assurance activity (by the DARC and internal audit), external review by the ANAO, and parliamentary scrutiny.

2.26 AFCD advised the July 2020 meeting of the DARC that a closure pack of evidence will be required from business areas seeking to close ANAO audit recommendations. To provide a level of quality assurance, the closure pack will be reviewed by FAS AFC and, if appropriate, authorised for closure. The intention is that recommendations will continue to appear in reports to DARC until the outcome of the quality assurance process is advised. AFCD governance documents do not include specific reference to closure packs.

2.27 The review commissioned by AFCD (referred to in paragraph 2.15) recommended that AFCD should review closed recommendations in ARMS which did not have appropriate documentation to support their closure. In response, AFCD reported to the July 2020 DARC meeting that:

AFCD will ensure standard processes include the review of all closed recommendations for appropriate documentation to support their closure. AFCD does not intend to review historical recommendations, which pre-date the current policy of 100% quality assurance … Audit Branch has reviewed and updated procedures to ensure that all closed recommendations are Quality assured to ensure closure evidence is sufficient and appropriate. The DARC recommendations reporting process requires all closed recommendations to be identified, including showing QA [quality assurance] is complete and the action taken. The revised procedures for audit process and recommendations management, and a sample DARC report are in the closure pack.

2.28 For eight of the 12 ANAO recommendations that were subject to AFCD’s closure process, the evidence relied on by AFCD to close the recommendation was insufficient. This is discussed further in paragraphs 3.33 and 3.34.

Parliamentary committee recommendations

Arrangements to track the implementation of parliamentary committee recommendations and report on their status

2.29 Defence advised the ANAO in July 2020 that:

… there is no formal whole of Defence process for monitoring implementation of agreed parliamentary committee recommendations beyond the initial response to recommendations approved by the Prime Minister for Tabling. Responsibility for action of agreed or specified recommendations sits with the relevant line area.

2.30 An amendment to the DARC Committee Charter in August 2020 required the DARC to review and provide written advice to the Defence Secretary and Chief of the Defence Force on the appropriateness of Defence’s system of internal control by reviewing, in addition to established requirements, parliamentary committee reports and external reviews. To fulfil the committee’s charter, the DARC sought advice from MECC on the tracking of parliamentary committee recommendations.

2.31 At the September 2020 meeting of the DARC, MECC advised that all parliamentary committee responses were tracked in PDMS but this did not extend to monitoring the action(s) taken to implement agreed recommendations. At the November 2020 meeting of the DARC, MECC proposed:

• reporting to the DARC twice each year in April and November; and
• applying a traffic light system to advise the DARC on how progress towards implementation of the recommendations is tracking.

2.32 At the November 2020 meeting of the DARC, MECC also provided the first report on the status (as at 23 October 2020) of parliamentary committee recommendations. The format was structured as follows: Subject; Report Date; Agency Responsibility; Recommendation; Agency Position; Agreed Action; Responsible Area; Implementation Status; Implementation Update and Critical Date. Implementation status for all recommendations was listed as No action required. Defence advised the ANAO that this was because Defence was not the lead entity for any committee recommendation in 2020 and the recommendations listed required no further action by Defence. The report did not include any of the recommendations examined in this audit.

2.33 At the time of audit fieldwork (July–December 2020), guidance documents to support the implementation of the PDMS module and the tracking required under the DARC charter of August 2020 were in draft form. Defence advised the ANAO in early February 2021 that the procedural documentation to support the implementation of the parliamentary committee module would be completed prior to the end of February 2021.⁴⁹

2.34 Defence advised the ANAO that the Defence Secretary and Chief of the Defence Force provide clearance of the proposed government response and sign the covering submission to the Minister for Defence. This process is described in Defence’s Standard Operating Procedures for Parliamentary Committee Recommendations — which provides guidance for the preparation of submissions to committee inquiries, appearances before committees, and schedules for committee inquiries — but no guidance for responding to committee recommendations or monitoring implementation of recommendations. Defence advised the ANAO in January 2021 that this document was under review with completion scheduled for the end of February 2021.⁵⁰

Completeness of Defence records of parliamentary committee recommendations

2.35 Defence held records in PDMS of all parliamentary committee recommendations included in the ANAO’s sample of recommendations reviewed in this audit.

Documentation of processes for approving extensions to parliamentary committee recommendations

2.36 As discussed in paragraphs 2.13 and 2.18, Defence established a 90 day default implementation period for ANAO recommendations, and a process for seeking extensions to this timeframe. There is no comparable requirement for the implementation of parliamentary committee recommendations, and there were no documented processes for approving extensions for the implementation of parliamentary committee recommendations.

Arrangements for closing parliamentary committee recommendations

2.37 As discussed in this chapter, Defence was developing a number of guidance documents in the course of this audit. Prior to this time there were no requirements for closing parliamentary committee recommendations on the basis of completed implementation action. MECC provided the following advice to the DARC in September 2020 regarding Defence’s approach to closing parliamentary committee recommendations:

Unless recommendations specifically request an action by the department, such as report back in 6 months, the summary statement offered in support of the overarching response (Agreed or Disagreed) is the departmental response, thereby closing out the recommendation. Evidence of the decision making process has been requested where ANAO interpretation of the intent of committee recommendation differs to that of Defence. This divergence is likely to remain. It is worth noting that Defence has not received a request for further information or clarity from the committees on any of the recommendations being examined as part of the [current ANAO] audit.

2.38 Defence provided the ANAO with a draft Committee Recommendation Template which required business areas to detail the action required to meet the agreed response, a schedule of activities and expected timeframes for delivery. It also asked business areas to provide a status update, explanation and proposed new timeframe for action as necessary if timeframes could not be met. It did not include guidance on its completion or reference other sources of guidance. The draft template required approval by the relevant Group Head for activities, estimated schedules and potential extensions. Defence advised the ANAO in January 2021 that the draft template remained under review.⁵¹

System controls to maintain complete and accurate data for ANAO and parliamentary committee recommendations

2.39 The ANAO assessed system controls intended to maintain complete and accurate data in ARMS and PDMS. The processes for entering, tracking and closing ANAO audit and parliamentary committee recommendations in ARMS and PDMS are highly manual in nature. There are sufficient manual controls provided regular monitoring of user groups is maintained. Limited system enforced controls (IT controls) are in place to maintain the completeness and accuracy of data in ARMS and PDMS. For further details refer to Appendix 4.

Summary

2.40 In summary, Defence has a system in place to track the implementation of ANAO recommendations but Defence guidance is not always clear, consistent or complete. Defence did not have a system in place to track the implementation of parliamentary committee recommendations and has added a new module to PDMS to do so. It is also in the process of preparing related guidance. Defence advised the ANAO in early February 2021 that the procedural documentation to support the PDMS module will be finalised prior to the end of February 2021.⁵²

2.41 Given these findings there is scope for Defence to review and update its guidance suite to support a clear ‘line of sight’ in Defence processes and responsibilities for managing ANAO and parliamentary committee recommendations. A clear ‘line of sight’ would extend from the receipt of an ANAO or parliamentary committee recommendation, through the preparation of the response, the development of an implementation plan to address the recommendation, monitoring the implementation of necessary aspects of the recommendation, the closure of the recommendation once implemented, and related reporting to the DARC and its advice to the accountable authority. Guidance should also be consistent with any parliamentary committee guidance, and Defence responses and implementation activity should address the substance and intent of each recommendation and related report content.

Has Defence established entity-level arrangements to provide the accountable authority with advice and assurance on the implementation of agreed recommendations?

2.44 The DARC charter (August 2020) requires the committee to review and provide written advice to the Defence Secretary and Chief of the Defence Force (CDF) on the appropriateness of Defence’s system of internal control and provide advice on any specific areas of concern or suggestions for improvement, by reviewing, amongst other things:

… audit arrangements including: …

• … audit reports: reviewing internal audit reports and ANAO performance audits that relate to Defence and providing advice to the Secretary and the CDF on major concerns identified; …
• … audit recommendations: reviewing the implementation of agreed actions relating to recommendations from internal audits and ANAO performance audits that relate to Defence; …[and]

… parliamentary committee reports and external reviews: the mechanisms for reviewing relevant parliamentary committee reports, external reviews and evaluations of Defence, and reviewing the implementation of any resultant recommendations.

2.45 The DARC charter also requires the chair to report to the Secretary and CDF:

• after each meeting⁵³; and
• as often as necessary but at least once each year, on the operation of the DARC and activities against its responsibilities.

ANAO recommendations

2.46 As indicated in paragraph 2.11, AFCD provides the Secretary, CDF and the DARC with three reports:

• a summary report of active and overdue ANAO and internal audit recommendations by Group/Service;
• ANAO and internal audit recommendations closed during the period; and
• a full report on all active ANAO and internal audit recommendations.⁵⁴

2.47 Additionally, the Chief Audit Executive (the First Assistant Secretary, Audit and Fraud Control) has direct and unrestricted access to the Secretary, the CDF, senior management and the DARC. For the DARC this includes access both in and out of session, and with the chair and/or individual members.⁵⁵

2.48 These arrangements, together with the reporting arrangements between the DARC chair, the Secretary and CDF mentioned above, are intended to provide the accountable authority with advice and assurance on the implementation of agreed ANAO recommendations.

Parliamentary committee recommendations

2.49 Following the August 2020 amendment to its charter, the DARC instituted a requirement that a report from MECC be included as a standing item in future committee agendas. As discussed in paragraphs 2.7 and 2.31 to 2.33:

• At the September 2020 DARC meeting, MECC:
  • advised the DARC that all parliamentary committee responses were tracked in PDMS but this did not extend to monitoring the action taken to implement agreed recommendations; and
  • committed to developing standard response types and definitions to support effective responses to committee recommendations.
• At the November 2020 DARC meeting, MECC:
  • proposed: submitting reports twice each year and a traffic light system to be applied to recommendations to advise the DARC on how progress towards implementation of the recommendations is tracking; and
  • provided a status report on the implementation of parliamentary committee recommendations for 2020.

2.50 MECC also agreed to provide a report to the DARC following the release of this ANAO performance audit report.

2.51 These new arrangements, together with the reporting arrangements between the DARC chair, the Secretary and CDF mentioned above, are intended to support the future provision of advice and assurance to the accountable authority on the implementation of agreed parliamentary committee recommendations.

3.1 Successful implementation of agreed recommendations requires strong senior management oversight and monitoring, along with timely implementation approaches, with clear responsibilities and timelines for addressing the required actions.⁵⁶

3.2 This chapter considers whether Defence effectively implemented agreed recommendations within established timeframes, by examining Defence’s planning and monitoring arrangements for a sample of agreed recommendations comprising 14 ANAO and 18 parliamentary committee recommendations.

3.3 The number of ANAO and parliamentary committee recommendations examined in this audit is outlined in Table 3.1. For details of the individual recommendations refer to Appendix 3.

Table 3.1: Number of ANAO and parliamentary committee recommendations examined in this audit

Source: ANAO.

Did Defence develop an implementation plan for each of the selected recommendations?

3.4 The ANAO Audit Insights product, Implementation of Recommendations, published in November 2019, identified that previous ANAO audits had found that effective implementation of recommendations:

… requires fit-for-purpose implementation plans setting clear responsibilities and timeframes for addressing required actions. Implementation plans should involve key stakeholders. Where implementation plans are not prepared, evidence shows that actions are not always implemented to address the identified issue, or not implemented in a timely way, or not implemented at all.⁵⁷

ANAO recommendations

3.5 Defence had implementation plans, called Management Action Plans (MAPs), for 12 of the 14 ANAO recommendations examined in this audit. The two recommendations that did not have MAPs were not recorded in Defence’s Audit Recommendation Management System (ARMS) and were not reported to the Defence Audit and Risk Committee (DARC) as would normally occur for recommendations made to Defence by the ANAO.⁵⁸ Where MAPs were in place they contained high level information on who was responsible for implementing the recommendation, the activities that would take place in order to implement the recommendation and an implementation date.⁵⁹

3.6 Defence requires MAPs to be endorsed by a senior officer from the business area responsible for implementation and, starting in 2018, required them to be accepted by the First Assistant Secretary, Audit and Fraud Control (FAS AFC), who is the head of the business area responsible for ANAO audit recommendations governance. All MAPs in the ANAO’s sample were endorsed by the relevant business area, but for five recommendations there was no evidence of the MAPs being accepted by the FAS AFC.⁶⁰

Parliamentary committee recommendations

3.7 At the time of audit fieldwork (July to December 2020) Defence did not require implementation plans for parliamentary committee recommendations.

3.8 Defence had developed a draft template for managing parliamentary committee recommendations that, if used, would capture detail similar to that captured in the MAPs and closure reports used in Defence’s management of ANAO recommendations. This draft template requests information on: the recommendation; Defence’s response; action required to implement; status update (on track / at risk / requires rescheduling); statement and documentation supporting closure; departmental approval; contact officer; and details of consultation. Defence advised the ANAO in January 2021 that:

… there is a body of work underway to operationalise the [Parliamentary Committee] PC Module within PDMS, and this will include incorporation of a range of new, prepopulated templates into the system to ensure the platform is as efficient and user friendly as possible. A new Parliamentary Inquiry Recommendations Template is being produced … which will now be one component of a broader committee recommendation implementation tracking process, via the module. The process will also include provision of guidance material, to support groups and services throughout the actions required during the life cycle of a parliamentary inquiry.

Suggestions for improvement

3.9 Including details of the officials responsible for implementing specific recommendations (as required in the MAPs for ANAO recommendations) would further strengthen Defence arrangements for the implementation of parliamentary committee recommendations.

3.10 There would also be benefit in Defence periodically reviewing whether any measures introduced work as intended.

3.11 As noted in Table 3.14 later in this chapter, three parliamentary committee recommendations in the ANAO’s sample were assessed by the ANAO as partially implemented and five were assessed as not implemented. Effective implementation planning, combined with effective monitoring arrangements (discussed below), increases the likelihood of recommendations being effectively implemented.

Was implementation monitored for each of the selected recommendations?

Note a: This reporting did not include any of the parliamentary committee recommendations in the ANAO’s sample. Defence did not consider that any of the recommendations in the ANAO sample required further action.

3.12 The ANAO Audit Insights product, Implementation of Recommendations, published in November 2019, identified that previous ANAO audits had found that:

Effective monitoring requires an approach that accurately tracks progress and records the actions of the business area or individual responsible for implementation. The goal is that those with entity accountability can have a clear line of sight to the implementation of agreed recommendations … Systems should be fit for-purpose, reflecting the size of the entity, the nature of its business and its governance structure.⁶¹

ANAO recommendations

3.13 Twelve of the 14 ANAO recommendations selected for review were monitored by Defence’s Audit and Fraud Control Division (AFCD).⁶² Prior to December 2019 reporting to DARC was largely limited to high level summary information or information on recommendations that were closed during the period between DARC meetings or classed as overdue.⁶³ From December 2019, AFCD reports to the DARC have included a status report on all active ANAO and internal audit recommendations. However these reports often included only brief statements on the status of recommendations (such as ‘work commenced’ on a nominated date or implementation ‘80 per cent complete’), with limited information about what elements had been implemented or any risks stemming from elements not yet implemented. While brief statements of this sort may facilitate the tracking of activity at a high level, it is less useful as an aid to monitoring implementation. There was evidence of reporting to DARC relating to eight recommendations in the ANAO’s sample that had not been closed prior to December 2019.⁶⁴

3.14 There is no requirement for business areas implementing ANAO recommendations to undertake periodic risk reviews and report these to AFCD or DARC. Given that recommendations are made to improve public administration and the implementation of recommendations can take years, there is merit in recommendations being subject to periodic risk review to ensure that risks relating to implementation or risks identified by the recommendations themselves are monitored and reported on. There was evidence of ongoing consideration of risk for one recommendation in the ANAO sample.⁶⁵

Parliamentary committee recommendations

3.15 As discussed in chapter 2, at the time of audit fieldwork (July to December 2020) Defence did not have a coordinated enterprise-level process for monitoring implementation of parliamentary committee recommendations. Defence activity was focussed on the provision of government responses to recommendations to the relevant parliamentary committee. DARC received a briefing from MECC in September 2020 and a report on the implementation of parliamentary committee recommendations in November 2020.⁶⁶

3.16 As discussed in paragraph 3.14, there is no requirement for business areas implementing ANAO recommendations to undertake periodic risk reviews and report these to AFCD or DARC. This is also the case for parliamentary committee recommendations. There is merit in recommendations being subject to periodic risk review, and this risk review activity being monitored at an enterprise-level by the DARC.

Was implementation of the selected recommendations completed in the agreed timeframe?

3.19 Establishing timeframes for implementing recommendations, and meeting them, is an important way entities can ensure recommendations are ultimately implemented and any risks or issues that have led to the recommendations being made are addressed in a timely fashion. As outlined in paragraph 1.7, in August 2019, following the tabling of the first report in this recent series of ANAO audits⁶⁷, the Secretary of the Department of the Prime Minister and Cabinet wrote to all departmental secretaries encouraging them to respond to parliamentary committee reports in a timely manner.

3.20 For the ANAO recommendations examined in this audit, this section refers to ‘closure’⁶⁸ rather than ‘implementation’ because, as discussed in paragraphs 3.27 to 3.35, the ANAO considers that a number of closed recommendations have not been fully implemented.⁶⁹

3.21 For parliamentary committee recommendations, Defence does not have a default implementation period and timeframes applied only when they were set by parliamentary committees.⁷⁰ For the selected recommendations, these were the due dates for Defence to report back to a committee with certain information. The ANAO assessed whether Defence reported back within the timeframes set by committees.

ANAO recommendations

3.22 Defence had documented implementation dates for 13 of the 14 ANAO recommendations examined in this audit.⁷¹ Where the MAPs outlined multiple actions involved in implementing a recommendation, these dates were typically broken down into separate dates for each action. The ANAO considered that a recommendation could only be considered closed when all actions had been completed. In assessing the timeliness of implementation the ANAO took the latest date in a MAP (or the updated implementation date established if an extension was granted) to be the deadline for implementing the recommendation in its entirety. Defence has a formal process for closing recommendations that requires FAS AFC to approve closure. For the purposes of determining whether a recommendation was closed on time, the ANAO compared the implementation date to the date when closure approval was granted by FAS AFC.

3.23 Of the 13 ANAO recommendations that had documented implementation timeframes, nine were closed after: the original estimated implementation date appearing in the MAP; or the revised implementation date established after an extension had been granted.⁷² These nine recommendations were closed an average of 61 days after the implementation date.

3.24 As discussed in paragraph 2.18, Defence has documented processes for seeking and granting extensions to estimated completion dates for the implementation of ANAO recommendations. Extension requests were submitted for seven of the recommendations in the ANAO’s sample. At the time that extension requests were submitted for five of the recommendations, there was a requirement to submit extension requests one month prior to the implementation date. This requirement was not met for any of the five extension requests.⁷³

Parliamentary committee recommendations

3.25 When making a recommendation, parliamentary committees will sometimes include a timeframe for implementation. This is common for recommendations involving the provision of additional information or reports to a committee. Where a parliamentary committee has not set a due date for implementation, Defence does not establish its own implementation timeframes for committee recommendations, and there is no default timeframe.⁷⁴

3.26 Eight of the 18 parliamentary committee recommendations examined in this audit included an implementation timeframe and in all instances this was a timeframe in which Defence was required to report back to the committee with certain information. The specified timeframe was met for three of the eight parliamentary committee recommendations.⁷⁵

Were the selected ANAO recommendations implemented in full and closed in accordance with requirements?

3.27 The approach used by the ANAO to assess the implementation status of the 14 selected ANAO recommendations is set out in Table 3.2.⁷⁶

Table 3.2: ANAO categorisation of implementation status

Source: ANAO.

3.28 The ANAO reviewed Defence’s implementation of 14 recommendations. Seven of the recommendations in the audit sample were assessed as ‘implemented’, four as ‘largely implemented’, one as ‘partially implemented’ and two as ‘not implemented’.

3.29 Defence considers that all 14 ANAO recommendations examined in this audit have been implemented. Twelve of the 14 recommendations were recorded as implemented in Defence internal systems.⁷⁷

3.30 Table 3.3 provides a summary of Defence’s and the ANAO’s assessment of the implementation status of the 14 selected ANAO recommendations.

Table 3.3: Summary of Defence and ANAO assessment of implementation status of selected ANAO recommendations

Source: ANAO analysis.

3.31 For the two ANAO recommendations assessed by the ANAO as not implemented, the evidence provided to support implementation did not demonstrate that the recommendation had been implemented.⁷⁸ For the recommendation assessed as partially implemented, there was evidence showing some of the actions to implement the recommendation had been undertaken but there were elements that had not been implemented.⁷⁹

3.32 The four recommendations assessed by the ANAO as largely implemented were either: not completed in full⁸⁰; or the changes brought about by implementation of the recommendation were not maintained and there was not clear evidence of a management decision to move on.⁸¹

3.33 As outlined in paragraph 2.23, before recommendations can be closed, evidence supporting the closure is reviewed by AFCD and closure is approved by the FAS AFC. For eight of the 12 ANAO recommendations that were subject to AFCD’s closure process⁸², the evidence relied on by AFCD to close the recommendation was insufficient and the ANAO required more detailed information from business areas to determine whether a recommendation had been implemented.⁸³ AFCD advised the DARC, at the committee’s July 2020 meeting, that:

AFCD will ensure standard processes include the review of all closed recommendations for appropriate documentation to support their closure. AFCD does not intend to review historical recommendations, which pre-date the current policy of 100% quality assurance. Audit Branch has reviewed and updated procedures to ensure that all closed recommendations are Quality assured to ensure closure evidence is sufficient and appropriate.

3.34 In respect to the eight recommendations that the ANAO considered to have insufficient evidence to determine whether the recommendation had been implemented, all had been subject to the AFCD closure process.

Opportunity for improvement

3.35 There would be merit in Defence assessing the operation of its recommendation closure processes. This should include ensuring commitments outlined in implementation plans have been met and sufficient evidence is provided to support the statements made. Where there are variances from the implementation plan, explanations for the variance should be provided. AFCD should ensure there is clarity in its guidance as to the extent of review undertaken by AFCD.

3.36 More detailed information on the Defence and ANAO assessments of the implementation status of the selected ANAO recommendations is presented in Table 3.4 to Table 3.13.

Table 3.4: Auditor-General Report No. 2 2019–20 Defence’s Administration of Allowances and Entitlements Paid to APS Employees

Source: Auditor-General Report No. 2 2019–20 Defence’s Administration of Allowances and Entitlements Paid to APS Employees, p.11, available from https://www.anao.gov.au/work/performance-audit/defence-administration-travel-allowances-paid-to-aps-employees; and ANAO analysis.

Table 3.5: Auditor-General Report No.3 2019–20 Defence’s Quarterly Performance Report on Acquisition and Sustainment

Source: Auditor-General Report No.3 2019–20 Defence’s Quarterly Performance Report on Acquisition and Sustainment, p.11, available from https://www.anao.gov.au/work/performance-audit/defence-quarterly-performance-report-acquisition-and-sustainment; and ANAO analysis.

Table 3.6: Auditor-General Report No.40 2018–19 Modernising Army Command and Control — the Land 200 Program

Source: Auditor-General Report No.40 2018–19 Modernising Army Command and Control — the Land 200 Program, p.10, available from https://www.anao.gov.au/work/performance-audit/modernising-army-command-and-control-the-land-200-program; and ANAO analysis.

Table 3.8: Auditor-General Report No.30 2018–19 ANZAC Class Frigates—Sustainment

Source: Auditor-General Report No.30 2018–19 ANZAC Class Frigates — Sustainment, p.11, available from https://www.anao.gov.au/work/performance-audit/anzac-class-frigates-sustainment; and ANAO analysis.

Table 3.9: Auditor-General Report No.34 2017–18 Defence’s implementation of the First Principles Review

Source: Auditor-General Report No.34 2017–18 Defence’s implementation of the First Principles Review, p.13, available from https://www.anao.gov.au/work/performance-audit/defence-implementation-first-principles-review; and ANAO analysis.

Table 3.10: Auditor-General Report No.28 2017–18 Defence’s Procurement of Fuels, Petroleum, Oils, Lubricants, and Card Services

Note a: While this recommendation has been assessed as implemented, the ANAO has identified data integrity issues and inconsistencies in reporting and the investigation of variances as part of its financial statement audit of Defence’s fuel inventories. The ANAO continues to review these matters through the financial statement audit process.

Source: Auditor-General Report No.28 2017–18 Defence’s Procurement of Fuels, Petroleum, Oils, Lubricants, and Card Services, p.10, available from https://www.anao.gov.au/work/performance-audit/defence-procurement-fuels-petroleum-oils-lubricants-and-card-services; and ANAO analysis.

Table 3.12: Auditor-General Report No.38 2017–18 Mitigating Insider Threats through Personnel Security

Source: Auditor-General Report No.38 2017–18 Mitigating Insider Threats through Personnel Security p.10, available from https://www.anao.gov.au/work/performance-audit/mitigating-insider-threats-through-personnel-security; and ANAO analysis in Auditor-General Report No.21 2020–21 Delivery of Security Vetting Services Follow-up, available from https://www.anao.gov.au/work/performance-audit/delivery-security-vetting-services-follow-up.

Table 3.13: 2017–18 non-public Auditor-General report on mitigating insider threats through personnel security

Source: 2017–18 non-public Auditor-General report and ANAO analysis in Auditor-General Report No.21 2020–21 Delivery of Security Vetting Services Follow-up, available from https://www.anao.gov.au/work/performance-audit/delivery-security-vetting-services-follow-up.

Were the selected parliamentary committee recommendations implemented in full and closed in accordance with requirements?

3.37 The ratings used by the ANAO when assessing the implementation status of the 18 selected parliamentary committee recommendations were set out in Table 3.2.

3.38 For the 18 recommendations examined in this audit, a formal closure process was initiated for one recommendation.⁸⁴ The closure process was undertaken as part of new Defence procedures relating to the implementation of parliamentary committee recommendations, however this process was not completed in full.⁸⁵ The other 17 recommendations were not subject to a formal closure process.

3.39 The ANAO assessed eight of the 18 selected recommendations as ‘implemented’, two as ‘largely implemented’, three as ‘partially implemented’ and five as ‘not implemented’.

3.40 Defence advised the ANAO during the audit that its assessment was that 12 recommendations were implemented, three were largely implemented, one was not implemented, and that it had not assessed the implementation status of two recommendations.

3.41 Table 3.14 provides a summary of Defence’s and the ANAO’s assessment of the implementation status of the 18 selected parliamentary committee recommendations.

Table 3.14: Summary of Defence and ANAO assessment of implementation status of selected parliamentary committee recommendations

Note a: Defence advised the ANAO that the Human Research Ethics Committee (DDVA HREC) located in the Defence portfolio is a non-statutory committee independent from both Defence and the Department of Veterans’ Affairs (DVA). Defence further advised that due to the committee’s independence, Defence and DVA cannot direct it to implement these recommendations and that is why Defence agreed in principle to the recommendation. Defence considers that it has implemented what it committed to do in the response to the parliamentary committee’s recommendation.

Source: ANAO analysis.

3.42 In respect to the four parliamentary committee recommendations assessed by the ANAO as partially implemented:

• three recommendations required Defence to provide a report back to the relevant committee, however the information provided in Defence’s responses was incomplete, not sufficiently detailed or a combination of both⁸⁶; and
• one response involved implementation measures that were only partly concluded.⁸⁷

3.43 In respect to the five parliamentary committee recommendations assessed by the ANAO as not implemented:

• Defence decided to not go ahead with implementing two recommendations but the relevant parliamentary committee was not informed of this decision⁸⁸; and
• for three recommendations⁸⁹, Defence considered the government response to have constituted implementation of the recommendation and that no further action was required. The ANAO’s assessment was that in each of the three cases the recommendation clearly called for action beyond the government response and that by agreeing or agreeing in principle to the recommendations, but not clearly stating that the action asked for in the recommendation would not be undertaken, Defence did not clearly convey its intentions to the relevant parliamentary committee. In responding to parliamentary committee recommendations, care is required to avoid the risk of ambiguity.

3.44 More detailed information on the Defence and ANAO assessments of the implementation status of the selected parliamentary committee recommendations is presented in Table 3.15 to Table 3.20.

Were report back requirements to parliamentary committees satisfied?

3.45 Ten of the parliamentary committee recommendations included in this audit required Defence to report back to the relevant committee. The ANAO assessed that in respect to these recommendations, Defence:

• met the report back requirements in full for three recommendations⁹⁰;
• did not address all elements of the recommendation, or did not provide a sufficiently detailed response for four recommendations⁹¹; and
• did not meet the report back requirements for three recommendations.⁹²

3.46 Eight of the parliamentary committee recommendations set timeframes for Defence to report back to the relevant committee. Defence reported back within the set timeframe for three of these recommendations.⁹³

Appendix 1 Department of Defence response

Appendix 2 Methodology for selecting the audit sample

The ANAO adopted the following principles in determining the sample of agreed recommendations to include in the audit.

Parliamentary committee recommendations

General approach

• The recommendations were limited to reports published from 2018 onwards made by the three committees most likely to have recommendations relevant to Defence. These were the:
  • Joint Committee of Public Accounts and Audit;
  • Joint Standing Committee on Foreign Affairs, Defence and Trade; and
  • Senate Standing Committee on Foreign Affairs, Defence and Trade.
• Implementation of the recommendation must have been the responsibility of the Department of Defence.
• There must have been a government response that agreed (or agreed in principle/agreed in part) to the recommendation(s). Only responses provided by 31 December 2019 were included.
• Recommendations relating to the parliamentary review of annual reports were excluded as there was already an established process to address such recommendations.
• Recommendations were excluded if they were likely to be examined by the ANAO as part of a separate performance audit, as part of the ANAO’s annual Defence Major Projects Report, or as part of a parliamentary inquiry.

JCPAA recommendations relating to Auditor-General Report No.21 2020–21 Delivery of Security Vetting Services Follow-up were included in this audit.

Specific considerations

A list of parliamentary committee reports (prepared by the committees mentioned above) for the period January 2018 to June 2019⁹⁴ is presented in Table A.1. The table outlines the total number of recommendations from each report that were included in the audit sample and the rationale for why some recommendations were excluded.

ANAO recommendations

General approach

• The recommendations were limited to reports tabled from 2018 onwards.
• Defence must have agreed (or agreed in principle/agreed in part) to the recommendation.
• The tabling of the report must have occurred approximately 12 months (or more) prior to the commencement of this audit.⁹⁵
• Recommendations were excluded if they were likely to be examined by the ANAO as part of a separate performance audit or as part of the ANAO’s annual Defence Major Projects Report.

The two recommendations from Auditor-General Report No.25 2012–13 Defence’s Implementation of Audit Recommendations were included in the audit as that was the last ANAO audit that specifically assessed the effectiveness of Defence’s monitoring of the implementation of ANAO and internal audit recommendations.

ANAO recommendations relating to Auditor-General Report No.21 2020–21 Delivery of Security Vetting Services Follow-up were included in the audit sample (consistent with the approach to JCPAA recommendations discussed above).

Specific considerations

A list of ANAO performance audit reports tabled during the period January 2018 to July 2019 is presented in the table below. The table outlines the total number of recommendation from each audit that were included in the audit sample and the rationale for why some recommendations were excluded.

Table A.2: ANAO audit recommendations included in the audit sample

Source: ANAO analysis of ANAO audit reports in the sample period.

Appendix 3 ANAO and parliamentary committee recommendations examined in this audit

Table A.3: ANAO audit reports

Table A.4: Senate Standing Committee on Foreign Affairs, Defence and Trade

Table A.5: Joint Standing Committee on Foreign Affairs, Defence and Trade

Table A.6: Joint Committee of Public Accounts and Audit

Appendix 4 System controls to maintain complete and accurate data

ARMS and PDMS

AFCD advised the ANAO in October 2020 that ANAO audit recommendations are entered into ARMS by different user groups. While access to the system is available to user groups, Defence does not monitor user groups to ensure access is restricted to those officials who require ongoing access. AFCD provided the ANAO with a document, How to Give Access to AMIS and ARMS, which provides technical guidance for providing access to each system. The document provides no guidance on procedural requirements for approving or removing access.

In contrast, the Defence MECC team enters parliamentary committee recommendations into PDMS. PDMS, managed by the Department of Finance, uses role-based access to allow users to perform specific tasks during a ministerial or parliamentary workflow process. Within Defence, the Director of PDMS Training and Support is responsible for managing access to PDMS user groups. PDMS guidance applicable to the parliamentary committee recommendations examined in this audit was being revised and in draft form.

In practice, input to each system is logged with a date, time and username stamp. For each system a version history and data backup is maintained to enable the restoration of earlier versions of recommendations and, in ARMS, Management Action Plans (MAPS). Deletions are possible on ARMS but restricted to the deletion of supporting documents only. For ARMS no manual or guide exists and training to a new team member is delivered on an ad-hoc basis. For PDMS, documentation such as manuals were provided to the ANAO during the audit however these were not endorsed and were in draft form.

A parliamentary committee module was added to PDMS during the audit. The module is intended to enable Defence to track the implementation of parliamentary committee recommendations. Guidance to support the module’s operation — Defence Process Steps for PC Module PDMS; and PDMS Training Handbook — was in draft form in the course of this audit. Defence advised the ANAO in early February 2021 that the procedural documentation to support the implementation of the parliamentary committee module would be completed prior to the end of February 2021.⁹⁶