Background

1. The Australian Public Service Commission (APSC) has reported that as at 31 December 2021, the Australian Public Service (APS) employed 155,796 people across 97 APS agencies.¹ APS employees are employed under the Public Service Act 1999 (the PS Act), which establishes the APS and is the basis of the regulatory framework applying to it.²

2. APS agencies can, and do, utilise a mixed workforce of APS and non-APS personnel to deliver their purposes. Non-APS personnel include contractors and consultants. Department of Finance (Finance) guidance indicates that the difference between a contract for services and a contract for consultancy services ‘generally depends on the nature of the services and the level of direction and control over the work that is performed to develop the output.’³

3. Workforce planning and management is the responsibility of each APS agency head. In the APS Workforce Strategy 2025, the APSC has stated that:

Ensuring agencies take a structured approach to the use of non-APS employees—including considering where work would be best delivered by an APS employee—and knowledge transfer and capability uplift arrangements is a key element of successful mixed workforce models, which are already being used by agencies across the APS.⁴

4. Additionally, the APSC has published guidance in the form of Guiding principles for agencies when considering the use of SES contractors⁵ relating to the use of contractors in APS Senior Executive Service (SES) roles.⁶ Similar guidance has not been issued for entities when considering the use of contractors for non-SES level roles.

5. The engagement and management of non-APS personnel occurs through procurement action by entities and their contract management processes, rather than the PS Act. These decisions must consider:

• the Commonwealth Procurement Rules (CPRs), which establish the whole-of-government procurement framework, including mandatory rules with which officials must comply when performing duties related to procurement;
• the Protective Security Policy Framework (PSPF), which sets out government protective security policy across the following outcomes: security governance, information security, physical security and personnel security⁷; and
• entity-specific procurement and contract management arrangements which may be contained in Accountable Authority Instructions (AAIs) made under section 20A of the Public Governance, Performance and Accountability Act 2013 (the PGPA Act, which is the basis of the Australian Government’s finance law) and in entity policies and guidelines.

6. Defence has advised the Parliament that its contractor full-time equivalent (FTE) component — as reported in its March 2021 external workforce census of consultants, contractors and outsourced service providers — was 6810 FTE or 6.2 per cent of the total Defence workforce.⁸ Defence’s contractor workforce performs work in most parts of the entity. The March 2022 external workforce census recorded 8311 FTE or 7.4 per cent of the total Defence workforce.

Rationale for undertaking the audit

7. The APS workforce strategy states that the APS will continue to deploy a flexible approach to resourcing that strikes a balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers are used to deliver outcomes within agencies. In this context, the strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS employees. The approach adopted by the APS and its agencies has been the subject of ongoing parliamentary interest, with a number of reviews and parliamentary committee inquiries undertaken in recent years.⁹

8. This audit is one of a series of three performance audits undertaken to provide independent assurance to the Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. Defence was selected as one of the APS agencies in this audit series as it is a large and regular user of non-APS personnel. The other audits in this series review the management of contractors by the Department of Veterans’ Affairs and Services Australia.

Audit objective and criteria

9. The objective of the audit was to examine the effectiveness of Defence’s arrangements for the management of contractors.

10. To form a conclusion against the audit objective, the following high-level criteria were adopted.

• Has Defence established a fit-for-purpose framework for the use of contractors?
• Does Defence have fit-for-purpose arrangements for the engagement of contractors?
• Has Defence established fit-for-purpose arrangements for the management of contractors?

Conclusion

11. Defence has established fit-for-purpose policies and processes for the management of contractors. However, Defence cannot demonstrate the effectiveness of its arrangements, in the absence of entity-level assurance based on a systematic approach to monitoring and reporting on implementation.

12. Defence has established a fit-for-purpose framework for the use of contractors. Enterprise-level guidance sets out the different personnel types, including contractors, and provides instructions for determining whether there is an operational requirement for the use of contractors on a case-by-case basis.

13. Defence has largely fit-for-purpose arrangements for the engagement of contractors. Defence has established standing offer arrangements for engaging contractors, and a contracting suite has also been developed and tailored for their engagement. Defence has established arrangements to support incoming contractors to understand their obligations and to support compliance with the majority of Protective Security Policy Framework (PSPF) Policy 12: Eligibility and suitability of personnel requirements, but is not well-placed to provide assurance, at the enterprise level, that these arrangements are being consistently implemented when contractors are engaged.

14. Defence’s arrangements for the management of contractors are partly fit-for-purpose. Defence has documented its requirements and expectations regarding the management and oversight (supervision) of contractors. The Defence Security Principles Framework (DSPF) establishes arrangements that support compliance with the requirements of Protective Security Policy Framework (PSPF) Policy 13: Ongoing assessment of personnel and PSPF Policy 14: Separating personnel. Defence reporting on compliance with PSPF Policy 13 and Policy 14 indicates that implementation of Defence’s arrangements has been inconsistent across the department. Internal audits and assessments also indicate that implementation of Defence’s PSPF Policy 14 arrangements is not fully effective across the department.

Supporting findings

Framework for using contractors

15. Defence guidance provides clarity regarding the different personnel types, including contractors. (See paragraphs 2.3–2.16)

16. Defence provides guidance, principally through the Contractor Engagement Governance Framework, on the process for engaging a contractor. The framework applies to all Defence personnel and aids compliance with the Secretary’s Accountable Authority Instructions (AAIs). The framework requires officials to undertake a structured assessment of operational requirements, on a case-by-case basis, when deciding to use a contractor. (See paragraphs 2.17– 2.30)

Arrangements for engaging contractors

17. Defence has established standing offer arrangements and a contracting suite that is tailored for engaging contractors for a range of services. To aid the selection and tailoring of contract templates Defence has established a Contract Template Selection and Tailoring Guide. The eight standing offer arrangements and contracting templates reviewed by the ANAO included clauses addressing, as necessary, the mandatory workplace requirements highlighted in Defence’s fact sheet titled Obligations of Contractors, Consultants and Outsourced Service Providers working in Defence. (See paragraphs 3.3–3.25)

18. Defence has fit-for-purpose arrangements for inducting contractors. However, the department’s ability to determine the effectiveness of these arrangements is impacted by the lack of systematic monitoring and reporting on compliance with the arrangements, and inconsistent practice across the Defence Groups and Services. Defence has established induction requirements for contractors and there is mandatory training covering all policies and processes that contractors, other than those designated as prescribed officials, are obliged to comply with according to the contractor specific guidance. The guidance does not refer to record-keeping training which, according to Defence policy docu ments, is mandatory for users of Defence’s record keeping system. An e-learning platform has been established to support personnel to obtain and maintain their training requirements, and contract managers are responsible for monitoring contractors’ completion of mandatory training. Some Defence Groups and Services have established additional processes at the Division level or below for monitoring the completion and maintenance of mandatory training requirements. Defence does not review data on completion rates for mandatory induction training for Other Defence Support (ODS) personnel, which is a workforce category that includes contracted personnel. (See paragraphs 3.26–3.44)

19. Defence has established arrangements to support compliance with the majority of requirements in PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors. The arrangements include policies and processes to conduct pre-employment screening of contractors and to undertake standardised vetting as required by PSPF Policy 12. Defence has decided to not use the Document Verification Service as required by the PSPF, and has not mandated its use in the Defence Security Principles Framework. (See paragraphs 3.45–3.51)

20. Defence has established arrangements for reporting on its compliance with the requirements of PSPF Policy 12 for all personnel. Reporting is focused on security clearances as all Defence employees (APS/ADF) are required to have, at a minimum, a baseline clearance. However, not all contractors require a security clearance and Defence is not well placed to provide assurance, at the enterprise level, that PSPF Policy 12 has been met in respect to contractors having been pre-screened appropriately if a security clearance is not required. Defence was unable to provide the ANAO with figures for Designated Security Assessment Position numbers at each clearance level and how many were filled by contractors. Defence advised that these positions were managed within the Group or Service and were not centrally reported. (See paragraphs 3.52–3.56)

Arrangements for managing contractors

21. Defence has documented its requirements and expectations regarding the management and oversight of contractors. Much of Defence’s guidance is framed for officials managing contracts that are valued above $200,000, and which are complex and/or of long duration. It is not apparent which parts of this guidance should be applied specifically when managing contractors as defined in Defence’s Accountable Authority Instructions (AAIs), particularly where the contract value is below $200,000. Training is available for officials who manage contracts and contractors, however it is not mandatory and is not monitored or reported on systematically. (See paragraphs 4.4–4.16)

22. Defence has established arrangements to support compliance with the requirements of PSPF Policy 13: Ongoing assessment of personnel, in the DSPF. Defence’s policies address all aspects of the core PSPF requirement and apply to all Defence personnel, including contractors. Defence has also included clauses in contracting templates requiring ongoing compliance with the DSPF. However, these arrangements are compromised by inconsistent implementation. Defence reporting on compliance with PSPF Policy 13 indicates that implementation of the arrangements has been inconsistent across the department, with scope identified to improve the awareness of security officers of the need to conduct annual security checks. (See paragraphs 4.17–4.27)

23. Defence has established arrangements to support compliance with the requirements of PSPF Policy 14: Separating personnel, in the DSPF. Defence reporting on compliance with PSPF Policy 14, and internal audits and assessments, indicate that implementation of Defence’s arrangements has been inconsistent and is not yet effective across the department. Internal audits finalised in May 2021 and March 2022 identified weaknesses in how the security policies had been disseminated to the operational level. There is also scope for the Defence Contract Management Handbook to better support contract managers at the end of a contract, by including processes to address the PSPF Policy 14 requirements in the relevant checklist. (See paragraphs 4.28–4.45)

Recommendations

Summary of entity responses

24. Defence’s summary response is provided below and its full response is included at Appendix 1. An extract of this report was sent to the APSC. The APSC’s summary response is provided below and its full response is included at Appendix 1.

Defence’s summary response

Defence welcomes the ANAO Audit Report into the Effectiveness of the Management of Contractors and agrees to the recommendation which relates to Defence establishing arrangements relating to contractors, which would better support compliance with Protective Security Policy Framework (PSPF) Policy 14: Separating personnel.

Defence is committed to strengthening and standardising the processes and controls for the management of contractors, particularly regarding adherence to PSPF Policy 14: Separating personnel. Defence is currently reviewing the Defence Contract Management Framework, and will include necessary references to security policies and guidance, to ensure a more consistent and standardised delivery at the operational level of these security policies, and also support better assurance and reporting capabilities.

APSC’s summary response

The Australian Public Service Commission (APSC) acknowledges the extract of the Proposed Audit Report on the ‘Effectiveness of the Management of Contractors’ provided for comment.

The APSC recognises the importance of robust workforce planning through implementation of the APS Workforce Strategy 2025. This includes strengthening APS capability, and the strategic use of mixed models of employment, to ensure agencies achieve their outcomes.

Whilst no recommendations are directed toward the APSC, the Commission will consider any relevant findings following the audit’s completion.

25. At Appendix 2, there is a summary of improvements that were observed by the ANAO during the course of the audit.

Key messages and observations

26. This is one of a series of three performance audits undertaken to provide independent assurance to Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. As well as Defence, the ANAO has examined the effectiveness of the management of contractors by Services Australia¹⁰ and the Department of Veterans’ Affairs.¹¹

27. Chapter 5 of this audit report sets out high-level observations and key messages for all Australian Public Service agencies following the ANAO’s examination of the three selected agencies’ management of contractors. The observations focus on: data availability and transparency issues relating to the contractor workforce; and the application of ethical and personnel security requirements to the contractor workforce.

Introduction

1.1 The Australian Public Service Commission (APSC) has reported that as at 31 December 2021, the Australian Public Service (APS) employed 155,796 people across 97 APS agencies.¹² APS employees are employed under the Public Service Act 1999 (the PS Act), which establishes the APS and is the basis of the regulatory framework applying to it.¹³

1.2 APS agencies can, and do, utilise a mixed workforce of APS and non-APS personnel to deliver their purposes. Non-APS personnel include contractors and consultants. Department of Finance (Finance) guidance indicates that the difference between a contract for services and a contract for consultancy services ‘generally depends on the nature of the services and the level of direction and control over the work that is performed to develop the output.’¹⁴

1.3 In summary, Finance’s guidance states that services performed by a contractor are under the supervision of the entity, which specifies how the work is to be undertaken and has control over the final form of any resulting output. The output of a contractor is produced on behalf of the entity and the output is generally regarded as an entity product. In contrast, performance of consultancy services is left largely up to the discretion and professional expertise of the consultant, performance is without the entity’s direct supervision, and the output reflects the independent views or findings of the consultant. While the output of a consultant is produced for the entity, the output may not belong to the entity. Box 1 below sets out the contract characteristics, identified in Finance guidance, that help entities distinguish between contractors and consultants.

Source: Department of Finance, Contract Characteristics, available from https://www.finance.gov.au/government/procurement/buying-australian-government/contract-characteristics [accessed 20 January 2022].

1.4 Workforce planning and management is the responsibility of each APS agency head. In the APS Workforce Strategy 2025, in respect to the mix between APS and non-APS personnel, the APSC has stated that:

The APS continues to deploy a flexible approach to resourcing that strikes the balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers collaborate to deliver outcomes within agencies.

A mixed workforce approach will continue to be a feature of APS workforce planning. Non-APS workers, when used effectively in appropriate circumstances, can provide significant benefits to agencies and help them achieve their outcomes. Non-APS workers can also provide access to specialist and in-demand skills to supplement the APS workforce in peak times in business cycles. There will be a need for APS agencies to access skills, capability or capacity differently, including through contractors and consultants, or through external partnerships with academia or industry. There may also be a need to engage with industry to develop skills and capabilities to drive delivery of programs across the service. The use of non-APS employees, including labour hire, contractors and consultants, brings different opportunities and risks for APS agencies to manage. Agencies relying on mixed workforce arrangements need to take an integrated approach to workforce planning that includes and best utilises their non-APS workers. This is particularly important where key deliverables are specifically reliant on this non-APS workforce.

Ensuring agencies take a structured approach to the use of non-APS employees—including considering where work would be best delivered by an APS employee—and knowledge transfer and capability uplift arrangements is a key element of successful mixed workforce models, which are already being used by agencies across the APS.

A professional public service harnesses skills, expertise and capacity from a variety of sources to deliver services as priorities arise. We must focus on understanding and removing barriers to external mobility and encouraging the mobilisation of skills from both across and outside the APS.¹⁵

1.5 In addition, the APSC has published guidance relating to the use of contractors in APS Senior Executive Service (SES) roles.¹⁶ In its Guiding principles for agencies when considering the use of SES contractors¹⁷, the APSC states that:

To meet their business needs, agency heads have the flexibility to engage individuals by the most appropriate means to ensure their agency is best placed to deliver for the Australian public. These guiding principles are designed to assist agencies when considering the appropriateness of using a contractor for a Senior Executive Service (SES) equivalent role and to ensure that appropriate governance arrangements are in place.

…

For the purposes of these principles, an ‘SES contractor’ is an SES-equivalent (e.g. equivalent work value, duties, responsibility, and accountability), contracted by an APS agency via a recruitment agency or third party as an integrated part of the agency’s senior leadership workforce. That is, the agency will have no direct employment relationship under the PS Act with the SES contractor.

1.6 The APSC has stated that the purpose of the principles is ‘to provide APS agencies with considerations when seeking to go beyond the APS employment framework for senior executive capabilities’.¹⁸ Box 2 below sets out the considerations identified in the APSC guidance.

Source: Australian Public Service Commission, Guiding principles for agencies when considering the use of SES contractors, 14 May 2021, paragraphs 5–7, available from https://www.apsc.gov.au/working-aps/aps-employees-and-managers/senior-executive-service-ses/senior-executive-service-ses/contractors-senior-executive-service [accessed 3 December 2021].

1.7 The APSC guidance states that the APSC will collect data on SES contractors, and that for the purposes of reporting, an SES contractor is a person undertaking SES equivalent work who is not engaged under the PS Act or an agency’s enabling legislation.¹⁹ As at 8 March 2022 the APSC had not published data on SES contractors. The APSC advised the ANAO on 3 March 2022 that there were 40 SES contractors in the APS as at 31 October 2021.

1.8 The APSC has not issued guiding principles for the use of non-SES contractors in APS agencies.²⁰

1.9 The APSC and Finance guidance may be supplemented at the entity-level by internal guidance on the different personnel types and how to decide whether there is an operational requirement for the use of non-APS personnel such as contractors.

1.10 The engagement and management of non-APS personnel occurs through procurement action by entities and their contract management processes, rather than the PS Act. The Commonwealth Procurement Rules (CPRs) establish the whole-of-government procurement framework, including mandatory rules with which officials must comply when performing duties related to procurement. Entity-specific procurement and contract management arrangements may also be contained in Accountable Authority Instructions (AAIs) made under section 20A of the Public Governance, Performance and Accountability Act 2013 (the PGPA Act, which is the basis of the Australian Government’s finance law) and in entity policies and guidelines. Contract managers must implement applicable internal requirements and the CPRs and associated requirements set by the Department of Finance. Non-APS personnel must comply with their contractual obligations and any applicable management, oversight and behavioural requirements.

1.11 Non-APS personnel may be ‘officials’ under section 13 of the PGPA Act, in which case they must comply with the finance law in addition to their contractual obligations and applicable entity requirements.²¹ The finance law includes the PGPA Act, the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), entity AAIs, and other legal and policy frameworks — including the whole-of-government procurement, grants, advertising and risk management frameworks. All personnel exercising delegated power under the PGPA Act or other legislation must also comply with the requirements attached to those delegations.

1.12 Entities’ management of their non-APS personnel is subject to the Protective Security Policy Framework (PSPF), which sets out government protective security policy across the following outcomes: security governance, information security, physical security and personnel security.²² The PSPF policies under the ‘personnel security’ outcome outline how to screen and vet personnel and contractors to assess their eligibility and suitability. They also cover how to assess the ongoing suitability of entity personnel to access government resources and how to manage personnel separation.²³ Entity compliance with the three personnel security policies under the PSPF ‘ensures its employees and contractors are suitable to access Australian Government resources, and meet an appropriate standard of integrity and honesty’²⁴. The policies and their core requirements are outlined in Figure 1.1 below.

Figure 1.1: PSPF personnel policies and core requirements

Source: Protective Policy Security Framework, Personnel Security, available from https://www.protectivesecurity.gov.au/policies/personnel-security [accessed 3 December 2021].

1.13 Under the PSPF, all agencies must develop their own protective security policies and processes. Defence has developed the Defence Security Principles Framework (DSPF).²⁵ The DSPF is principles-based and forms part of Defence’s administrative policy framework. It applies to all Defence personnel. In respect to contractors, Defence advised the ANAO that the DSPF applies ‘to person/s engaged under a contract where it is a term of that contract or they are employed by, or through, a Defence Industry Security Program (DISP) member’.

Reviews and inquiries into the APS’s use of contractors

2015 report of the Independent Review of Whole-of-Government Internal Regulation

1.14 The 2015 Independent Review of Whole-of-Government Internal Regulation (the Belcher Review)²⁶ observed the impact of a number of APS legislative and reporting requirements²⁷, which the review considered to have:

created a recruiting environment where entities tend to engage staff through a particular employment category that may not align with their business needs. For example: … contractors hired individually, or through firms, are excluded from ASL [average staffing level] and headcount reporting. While a valid engagement option, it may present longer term issues regarding organisational capacity and knowledge management, and may be a more expensive option in the longer run.²⁸

1.15 Box 3 below contains an excerpt from a Parliamentary Library research paper on public sector staffing and resourcing, which addresses the ASL concept and related issues.²⁹

Note a: ANAO comment: the APSC has stated that ‘ASL counts staff for the time they work. For example, a full-time employee is counted as one ASL, while a part time employee who works three full days per week contributes 0.6 of an ASL. The ASL averages staffing over an annual period. It is not a point in time calculation.’ See Appendix 3 of this audit.

Source: Philip Hamilton, Public sector staffing and resourcing (Staffing, contractors and consultancies), Parliamentary Library Research Publications, October 2020. Available from https://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/rp/BudgetReview202021/PublicSectorStaffingResourcing [accessed 27 January 2022].

2019 report of the Independent Review of the APS

1.16 The 2019 Our Public Service, Our Future: Independent Review of the Australian Public Service (the Thodey Review) also considered the non-APS workforce.³⁰ The Thodey Review commented that:

Labour contractors and consultants are increasingly being used to perform work that has previously been core in-house capability, such as program management. Over the past five years, spending on contractors and consultants has significantly increased while spending on APS employee expenses has remained steady.³¹

1.17 The Thodey Review published data (see Figure 1.2 below) based on submissions to the Joint Committee of Public Accounts and Audit (JCPAA) Inquiry into Australian Government Contract Reporting – Inquiry based on Auditor-General’s report No. 19 (2017–18).³² The Thodey Review stated that submissions to the JCPAA inquiry ‘revealed that [the] spend on contractors more than doubled across a sample of 24 agencies between 2012–13 and 2016–17.’³³

Figure 1.2: Thodey Review — percentage change in spend on employees, labour contractors and consultancy contract notices

Source: Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service, p. 186.

1.18 The Thodey Review further observed that:

The use of labour contractors and consultancy services warrants specific discussion. About a quarter of the submissions [to the review] commented on their use. Most expressed concern about the growing size of the APS’s external workforce and the negative effect on in-house capability. Data on this topic, as is the case with many APS-wide workforce matters, are not gathered or analysed centrally and are often inadequate. For example, the number of contractors and consultants working for the APS is not counted and data on expenditure are inconsistently collected across the service. Data insights that would shed light on whether contractors or consultants met objectives are not routinely aggregated. This makes it difficult to assess the value of external providers relative to in-house employees or to infer the effect on APS capability.³⁴

…

There is clearly benefit in the APS leveraging the best external capability. It is not possible to have expertise in everything in-house and external providers can be the most efficient way of delivering the best advice, services or support. But the use of external capability needs to be strategic and well-informed, meaning that the APS:

• makes decisions on the use of external capability by reference to a whole-of-service workforce strategy that identifies the core capabilities the APS should invest in building in-house — with external capability used to perform non-core or variable work activity;
• manages use of external capability closely, from the contract design stage through to performance of the prescribed tasks; and
• ensures that all arrangements lead to a transfer of knowledge to the APS.

At all stages the APS should be focused on achieving value for money and better outcomes.

The APS needs to find the right balance between retaining and developing core in-house capability and leveraging external capability to ensure a sustainable and efficient operating model for the decades ahead. To do this effectively, two traditionally autonomous parts of agencies — HR and procurement — must work closely together.³⁵

October 2021 second interim report of the Senate Select Committee on Job Security

1.19 In October 2021, the Senate Select Committee on Job Security released its second interim report, Insecurity in publicly-funded jobs.³⁶ The report examined employment arrangements across the public sector. Drawing on the Thodey Review and JCPAA inquiry, the committee stated that:

the utilisation of labour contractors and consultants has increased markedly in recent years. Across a sample of 24 agencies, spending on contractors has more than doubled over the period between 2012–13 and 2016–17. Furthermore, information sourced from AusTender indicated that the total value of consultant contracts across the APS increased from $386 million to $545 million during the same four year period.³⁷

1.20 In common with the Thodey Review³⁸, the committee was critical of data collection relating to the non-APS workforce:

Neither the Australian Public Service Commission (APSC), nor the Department of Finance, was able to confirm how many people engaged through labour hire or other external contracting arrangements are working within the Australian Public Service. This data is not collected, and neither agency provided an explanation for why this is the case.³⁹

1.21 The committee made the following recommendation on this matter:

The committee recommends that the Australian Government requires:

• the Australian Public Service Commission to collect and publish agency and service-wide data on the Government’s utilisation of contractors, consultants, and labour hire workers;
• the Department of Finance to regularly collect and publish service-wide expenditure data on contractors, consultants, and labour hire workers, including the cost differential between direct employment and external employment; and
• labour-hire firms to disclose disaggregated pay rates and employee conditions.⁴⁰

November 2021 report on the Senate Finance and Public Administration References Committee Inquiry into the Current Capability of the APS

1.22 In November 2021 the Senate Finance and Public Administration References Committee reported on its Inquiry into the Current Capability of the Australian Public Service.⁴¹ The matter referred to the committee for inquiry and report was as follows⁴²:

The current capability of the Australian Public Service (APS) with particular reference to:

(a) the APS’ digital and data capability, including co-ordination, infrastructure and workforce;

(b) whether APS transformation and modernisation projects initiated since the 2014 Budget have achieved their objectives;

(c) the APS workforce; and

(d) any other related matters.

1.23 The committee drew on data in the Thodey Review⁴³ and JCPAA inquiry⁴⁴, and in an effort to ascertain the scale of labour hire usage across the APS⁴⁵, requested staffing profile information from agencies across all portfolios.⁴⁶ The committee observed that:

The responses received indicated that agencies had differing methods of collecting data, and that many agencies did not collect data that allowed them to disaggregate the numbers of labour hire workers from other contractors.

For example, some agencies advised that their recordkeeping systems did not or could not differentiate between contractors directly procured by the agency (e.g. independent contractors), and workers procured through labour hire firms.⁴⁷

1.24 The committee made 13 recommendations, including the following recommendations on data collection and reporting:

• the annual employee census conducted by the APSC ahead of the State of the Service report be expanded to include all labour hire staff who have been engaged on behalf of the APS in that calendar year (recommendation 5);
• the APSC collect and publish standardised agency and service-wide data on the Australian Government’s utilisation of contractors, consultants, and labour hire workers (recommendation 6); and
• the Department of Finance regularly collect and publish annually service-wide expenditure data on contractors, consultants, and labour hire workers, including the cost differential between direct employment and external employment for each role (recommendation 8).

Defence’s workforce

1.25 The Department of Defence (Defence) is a non-corporate Commonwealth entity.⁴⁸ The department’s purpose is to ‘defend and protect Australia and advance its strategic interests.’ Defence’s performance statements framework lists two outcomes and 21 key activities that contribute to the successful delivery of the department’s purpose.⁴⁹

1.26 Defence’s Strategic Workforce Plan (2016–2026) stated that the ‘integrated Defence workforce’ comprises:

• members of the Australian Defence Force (ADF), including the Permanent and Reserve Forces;
• employees of the APS;
• contractors engaged by Defence for specific roles; and
• Defence industry contractors who are engaged to deliver outsourced services.

1.27 To deliver its key activities, Defence has an approved workforce allocation for APS and ADF resources in the Portfolio Budget Statements (PBS). The actual APS and ADF workforce is reported on in the Defence annual report each year. Table 1.1 below sets out Defence’s workforce allocation and utilisation over three years.

Table 1.1: Defence’s budgeted^a and actual^b APS and ADF workforce

Note a: Budget Estimate data is sourced from Defence Portfolio Budget Statements. All numbers for the full-time workforce elements represent average full-time equivalents (FTE) at the government approved strength for each year.

Note b: Actual workforce data is sourced from Defence annual reports, reported as average FTE over the financial year.

Source: Department of Defence Portfolio Budget Statements and annual reports for 2018–19, 2019–20 and 2020–21.

1.28 The 2016–2026 strategic workforce plan also stated that ‘Defence’s strategic objectives are enabled by a sufficient supply of appropriately skilled and highly performing people.’

1.29 Defence advised the ANAO in March 2022 that a new Defence Strategic Workforce Plan 2021–2040 was approved by the Secretary and Chief of the Defence Force on 2 March 2022 and a text only version was released within Defence on 1 April 2022. It states that:

Defence’s integrated workforce includes military members working in a wide range of service patterns through the Total Workforce System (TWS), ongoing and non-ongoing civilian employees working both full-time and part-time, and an external workforce working under a wide variety of arrangements.

1.30 Box 4 below sets out Defence’s definitions that have the characteristics of a ‘contractor’ discussed in paragraphs 1.2–1.3 and Box 1.

Source: Department of Defence, Accountable Authority Instructions (AAI) Glossary, 15 July 2020.

The Glossary also states that ‘Consultants are individuals, partnerships or corporations engaged to provide professional, independent and expert advice or services. It involves the engagement of expert professional skills to investigate or diagnose a defined issue or problem, to carry out defined research, reviews or evaluations or provide independent advice, information or creative solutions to assist in management decision making. Performance of the services is at the discretion and professional expertise of the consultant, with Defence providing oversight. The consultant’s output reflects the independent views or findings of the individual or organisation and generally belongs to Defence.

Contractor numbers in Defence

1.31 Defence undertakes an External Workforce Census of consultants, contractors and outsourced service providers (OSP). The census was first undertaken in July 2019 and has subsequently been undertaken in March 2020, September 2020, March 2021 and March 2022.⁵⁰ A decision was made by the department’s Defence Committee in May 2021 to undertake the census annually rather than biannually. Defence has stated that:

The Census is an opportunity for Defence to collate a reasonable estimate of the resources engaged through external service providers to support delivery of Defence outcomes.⁵¹

1.32 Noting that the external workforce census is considered to provide only a ‘reasonable estimate,’ the ANAO asked Defence to confirm whether other Defence data sets might help identify, with greater precision, the number of contractors working within Defence.⁵² Defence was unable to direct the ANAO to any system(s) or dataset(s) that might provide further accuracy. Defence advised the ANAO that the Defence ICT system, for example, is not able to generate a report that specifically separates ‘contractor’ network access from all other users.⁵³ Further, data held on finance systems is by contract, with each contract relating to one or more contractors. The impacts of these data limitations are discussed further in the relevant sections of this audit report.

1.33 The 2021 census results indicated that at the time of the census (March 2021) Defence had total resourcing of 109,626 full-time equivalent (FTE) personnel⁵⁴, which comprised 16,313 APS, 60,826 permanent ADF and 32,487 external workforce personnel, including 6810 contractors.⁵⁵ These figures indicate that the external workforce (see Box 4 above and Table 1.2 below) represented approximately 30 per cent of Defence’s human resourcing on an FTE basis, with contractors comprising 6.2 per cent of the total Defence workforce.

1.34 The most recent census results indicate that at the time of the census (March 2022) Defence had total resourcing of 112,943 FTE personnel, which comprised 16,595 APS, 61,468 permanent ADF and 34,880 external workforce personnel, including 8311 contractors.⁵⁶ These figures indicate that the external workforce represented approximately 31 per cent of Defence’s human resourcing on an FTE basis, with contractors comprising 7.4 per cent of the total Defence workforce.

1.35 Defence budgets for its ADF workforce on an average funded strength (AFS) basis and for the APS workforce on an average staffing level (ASL) basis.⁵⁷ Workforce planning is based on average funded strength for the ADF and average staffing level for the APS for the financial year.⁵⁸ Defence uses actual FTE, which is paid strength on a particular date, to provide the most accurate indicator of current staffing levels.

1.36 Defence has advised the Parliament that the contractor FTE component, as reported in the March 2021 census, was 6810 FTE or 6.2 per cent of the total Defence workforce (permanent and reserve ADF and APS).⁵⁹ Table 1.2 below sets out Defence’s publicly reported APS, ADF and external workforce by category at the time of each census.

Table 1.2: Defence’s workforce as reported in censuses of the external workforce

Note: The external census reports from which these figures are drawn state that these figures are FTE based. Defence advised the ANAO in March 2022 that: ‘July 2019 to Sept 2020, ADF and APS data is AFS and ASL at a point in time comparable to the time of the Census. From March 2021, the ADF and APS figures are Guidance figures sourced from 2020–21 PBS to ensure alignment with publicly available information.’ March 2022 ADF and APS figures are planned workforce allocation figures sourced from the 2021–22 PBS.

Source: Defence documentation.

1.37 Defence’s contractor workforce performs work in most parts of the entity.

• Defence’s March 2021 external workforce census identified the top five primary activities conducted by contractors (accounting for approximately 83 per cent of Defence’s contractor workforce) as ‘Project Management’ (25 per cent), ‘Information Technology’ (18 per cent), ‘Platform or Fleet Sustainment and Maintenance’ (17 per cent), ‘Other’ (16 per cent), and ‘Administration’ (7 per cent).⁶⁰
• The most recent (March 2022) external workforce census identified the top five primary activities conducted by contractors (accounting for approximately 82 per cent of Defence’s contractor workforce) as ‘Project Management’ (27 per cent), ‘Information Technology’ (18 per cent), ‘Other’ (16 per cent), ‘Platform or Fleet Sustainment and Maintenance’ (12 per cent), and ‘Administration’ (9 per cent).⁶¹

Previous audits and reports

1.38 Agencies’ management of their contracted workforce is considered when necessary in the conduct of ANAO audit and assurance work. Examples of ANAO performance audits which have considered the management of a contracted workforce include:

• Auditor-General Report No.2 2017–18 Defence’s Management of Materiel Sustainment⁶²;
• Auditor-General Report No.38 2017–18 Mitigating Insider Threats through Personnel Security⁶³;
• Auditor-General Report No.28 2018–19 Management of Smart Centres’ Centrelink Telephone Services — Follow-up⁶⁴;
• Auditor-General Report No.1 2021–22 Defence’s Administration of Enabling Services — Enterprise Resource Planning Program: Tranche 1 (see Box 5 below)⁶⁵;
• Auditor-General Report No.4 2021–22 Defence’s Contract Administration — Defence Industry Security Program⁶⁶; and
• Auditor-General Report No.6 2021–22 Management of the Civil Maritime Surveillance Services Contract.⁶⁷

1.39 Examples of the issues identified in Auditor-General Report No.1 2021–22 Defence’s Administration of Enabling Services — Enterprise Resource Planning Program: Tranche 1, are set out in Box 5 below.

1.40 The ANAO has prepared two information reports on procurement activity in the Australian public sector, which have included publicly available information on consultants:

• Auditor-General Report No.19 2017–18 Australian Government Procurement Contract Reporting; and
• Auditor-General Report No.27 2019–20 Australian Government Procurement Contract Reporting Update.

1.41 These information reports presented publicly available data from public sector procurement activity in a number of ways.⁶⁸ The publicly available data includes entity reporting on contracts relating to consultancies, including consultancy contract value.

Rationale for undertaking the audit

1.42 The APS workforce strategy states that the APS will continue to deploy a flexible approach to resourcing that strikes a balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers are used to deliver outcomes within agencies. In this context, the strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS employees. The approach adopted by the APS and its agencies has been the subject of ongoing parliamentary interest, with a number of reviews and parliamentary committee inquiries undertaken in recent years, discussed above at paragraphs 1.14–1.24.

1.43 This audit is one of a series of three performance audits undertaken to provide independent assurance to the Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. Defence was selected as one of the APS agencies in this audit series as it is a large and regular user of non-APS personnel. The other audits in this series review the management of contractors by the Department of Veterans’ Affairs and Services Australia.

Audit objective, criteria and scope

1.44 The objective of the audit was to examine the effectiveness of Defence’s arrangements for the management of contractors.

1.45 To form a conclusion against the audit objective, the following high-level criteria were adopted.

• Has Defence established a fit-for-purpose framework for the use of contractors?
• Does Defence have fit-for-purpose arrangements for the engagement of contractors?
• Has Defence established fit-for-purpose arrangements for the management of contractors?

1.46 The audit examined Defence’s framework of policies, plans, processes and guidance that apply to its use, engagement and day-to-day management of contractors.

1.47 The audit did not examine:

• the specific procurement arrangements through which particular contractors or outsourced service providers are engaged, or the assessment of the value-for-money aspect of specific decisions to engage such personnel instead of APS personnel;
• performance management in terms of specific contracted deliverables as this is part of the management of a contract; or
• the vetting process undertaken by the Australian Government Security Vetting Agency (AGSVA).⁶⁹

Audit methodology

1.48 Audit procedures included discussions with relevant Defence officials and an examination of the following Defence documentation.

• Plans/forecasts/management decisions about workforce use.
• Guidance available to assist officials’ decision-making on whether to engage a contractor instead of an APS resource, including the information to be provided to delegates regarding such choices.
• The whole-of-Defence contracting mechanisms that are available for the engagement of contractors.
• Documentation that sets out mandatory training requirements and processes.
• Policies, processes and reporting that supports Defence’s compliance with PSPF policies 12–14 that relate to the onboarding, ongoing management (including where staff move within the entity) and offboarding of contracted staff.
• Management reports as evidence of the application of the Defence framework for the management of contractors.

1.49 The audit was open to contributions from the public. No submissions were received.

1.50 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $517,860.

1.51 The team members for this audit were Simon Gregor, James Woodward, James Wright, Michael Brown, Georgia Johnston, Natalie Whiteley, Kim Murray and Sally Ramsey.

2.1 As discussed in paragraph 1.4, the APS Workforce Strategy 2025 released by the Australian Public Service Commission (APSC) identifies that an important element of successful mixed workforce models is a ‘structured approach to the use of non-APS employees’, which includes Australian Public Service (APS) agencies ‘considering where work would be best delivered by an APS employee.’ The strategy also states that:

The use of non-APS employees, including labour hire, contractors and consultants, brings different opportunities and risks for APS agencies to manage. Agencies relying on mixed workforce arrangements need to take an integrated approach to workforce planning that includes and best utilises their non-APS workers. This is particularly important where key deliverables are specifically reliant on this non-APS workforce.⁷⁰

2.2 This chapter considers the framework established by Defence to guide decisions to use contractors. The ANAO examined whether guidance had been developed and issued by Defence, that:

• provided clarity about the different personnel types that are utilised as Defence’s external workforce, including the definition of ‘contractor’, so the most appropriate option is selected for a particular role; and
• assisted officials to determine whether there is an operational requirement for the use of contractors to support the efficient and effective use of resources.

Does Defence guidance provide clarity regarding the different personnel types, including contractors?

2.3 Defence has provided guidance regarding the different personnel types in:

• a glossary of terms underpinning the Accountable Authority Instructions (AAIs); and
• the Defence Strategic Workforce Plan 2016–2026.

2.4 These documents are accessible through the Defence intranet and are referenced in related documents authorised by Defence’s senior leaders.

Glossary of terms underpinning the Accountable Authority Instructions

2.5 The Chief Finance Officer issued a glossary of terms on 15 July 2020 to support compliance with the Secretary’s Accountable Authority Instructions (AAIs). The glossary includes the definition of a contractor set out in Box 4 (Chapter 1).

Defence Strategic Workforce Plan 2016–2026

2.6 The purpose of the Defence Strategic Workforce Plan (2016–2026) was to identify ‘how Defence will deliver the workforce that is required now and in the future’. The plan outlined a need to ‘Optimise the workforce mix of ADF, APS, contractors and Defence industry to achieve highest value’ and identifies contractors and Defence industry as ‘Fundamental Inputs to Capability’. In outlining Fundamental Inputs to Capability planning considerations, the plan noted workforce resource considerations include contractor funding. The plan referred to Defence having an ‘integrated workforce’ which consists of ‘military (Permanent and Reserve Forces) and civilian (APS and contractor) workforces.’

2.7 The plan outlined an intended ‘future state’ for the integrated workforce in which ‘Contractors are used to supplement permanent workforces to provide expertise and skill where the workforce mix is required to deliver capability.’ In the ‘future state’, contractors are described as providing: ‘strategic advisory partnerships’; ‘specialist advice in areas where Defence does not have expertise’; and ‘specialist functions where Defence is unable to find internal resources.’

2.8 One of the risks to successful workforce management identified in the plan was:

Failure to effectively plan and manage the integrated workforce (ADF, APS and contractors). A short term, highly segregated view of this workforce will no longer suffice.

2.9 The plan included the following definition of a contractor:

A person who is engaged by Defence and represents a business resource and is subject to direct management by Defence and excludes contracts for outsourced services.

2.10 At the time the plan was published (2016), the use of contractors was concentrated in Estate and Infrastructure Group⁷¹, Capability Acquisition and Sustainment Group (CASG), and the Chief Information Officer Group.

2.11 Defence advised the ANAO in February 2022 that a new strategic workforce plan was being finalised during the course of this audit:

The Defence Strategic Workforce Plan 2021–2040 is an update to the extant Defence Strategic Workforce Plan 2016–2020, prepared in concert with the 2020 Force Structure Plan. The update details objectives for building the Defence workforce capacity to support more complex capabilities, new platforms, and emerging capabilities, such as those identified under AUKUS … the plan emphasises the importance of better integrating Defence’s internal and external workforces through a range of actions. Defence is finalising the Defence Strategic Workforce Plan 2021–2040 and its release will be aligned with any Government announcements related to workforce requirements associated with the 2020 Force Structure Plan.⁷²

2.12 The new Defence Strategic Workforce Plan 2021–2040 sets out that it:

establishes enterprise level workforce objectives that must be met to support DSU20 [2020 Defence Strategic Update]

…

[and] details specific workforce challenges and enterprise-level objectives required to secure Defence’s workforce needs.⁷³

2.13 The new plan does not define the term ‘contractor’ or refer to the AAI definition. This approach departs from that adopted in the previous plan (discussed in paragraph 2.9).

2.14 The new plan also sets out that:

Defence must continue to rebalance and redefine employment methods to expand its workforce pool while remaining within financial allocations. Defence will adjust its workforce mix of APS, ADF, contractors, consultants and academia through workforce planning and management initiatives that ensure the Defence workforce is cost effective and sustainable. This will require changes to the mix of workforce types and numbers, across Defence and within Domains, to meet the capability priorities and schedule outlined in FSP20 [2020 Force Structure Plan].

…

The contractor workforce, and the competition both with it and for its services, is not wholly within Defence’s influence. Aggregate demand for contracted labour from public sector agencies and Defence industry makes it complex to assure contractor supply.

The contracted workforce is an important resource for supplementing Defence’s internal workforce, although in some cases it is an unsustainable capability solution. In these cases, successfully balancing short term workforce needs with long term capability requirements requires careful management.

2.15 The enterprise level objectives referred to in the new strategic workforce plan are discussed below at paragraphs 2.23–2.24.

2.16 In summary, Defence has provided clear, accessible guidance regarding the different personnel types, including contractors, in the glossary to the AAIs. While the previous version of the strategic workforce plan also defined the different personnel types, the updated plan does not include a definition or a reference to the AAI definition, which reduces clarity.

Does Defence provide guidance on determining whether there is an operational requirement for the use of contractors?

2.17 Defence has provided the following guidance to its officials about the operational requirements for the use of contractors, to inform their decision-making.

Accountable Authority Instructions (AAIs)

2.18 Defence’s AAI 2: Spending Defence Money — Procurement states that:

Contractors, Consultants and Outsourced Service Providers (CCOSPs)

37. The need to engage a CCOSP occurs because Defence does not have internal staff resources to fulfil a business need. CCOSP engagements are often linked to workforce planning considerations, particularly when the need is likely to be ongoing. SES Band 1/1 Star level or above officials are in the best position to make workforce planning decisions.

Strategic workforce planning and forecasting of operational requirements

2.19 The Defence Strategic Workforce Plan (2016–2026) sets out that:

The Defence workforce is large, complex and dynamic. The internal workforce comprises around 100,000 military and Australian Public Service personnel whose skills are categorised into hundreds of occupational groupings. This workforce is supported by contractors and Defence Industry, and all are recognised as components of Fundamental Inputs to Capability. The mix of military, Australian Public Service and contractor workforce is continually adjusted in response to preparedness requirements, force design reviews and emerging capability requirements identified in the Defence White Paper.

Planning and managing this workforce requires an integrated, enterprise approach to recruiting, career and talent management, workforce mobility, education and training, learning and development, transition and re-engagement, and partnering with external organisations.

2.20 The plan did not step through a structured approach to the use of non-APS employees at an entity level, as suggested by the APSC in the APS Workforce Strategy 2025, but did identify a need for such an approach.

2.21 Defence does not forecast the proportion of its workforce that will be comprised of an external workforce, including contractors, across its forward plans. The ANAO asked if Defence’s workforce planning and forecasting incorporates the external workforce, including the use of staff and services obtained using contracts. Defence advised the ANAO in October 2021 that:

the Enterprise Business Committee⁷⁴ required Defence People Group to develop an enhanced workforce planning and forecasting process including external workforce as part of Defence’s contractor governance framework.⁷⁵ Confirmation could be done with each Group and Service, if they have their own contractor workforce forecasting program.

2.22 Defence People Group further advised the ANAO in October 2021 that:

Defence workforce planning and forecasting considers two separate resourcing allocations, (1) workforce allocations approved by Government for both Australian Defence Force and Defence Australian Public Service personnel that equate to an average funded number of people, with Defence maintaining workforce guidance trails that track all decisions made by Government and (2) monetary allocations managed in the same way as any budgeted amount that may be utilised for workforce, including for external workforce. For example, a monetary allocation could be for payment of reserve force personnel, for engagement of different types of contracted personnel, or allocated to a capability program via the Integrated Investment Portfolio and then ultimately distributed to workforce.

For both types of resourcing allocations, management, including workforce planning and forecasting, is conducted at several different levels that are related to the management delegation of the allocation. Forecasting occurs at those same levels, and may be short term (current financial year) or long term (against different future scenarios looking up to 40-50 years ahead). Budgetary provision for external workforce is included in Suppliers expenses, not Employee Expenses budgets or workforce guidance trails.

Workforce Planning Branch in Defence People Group regularly forecasts anticipated achievement against the Government approved workforce allocations⁷⁶ … utilising discrete event simulation … While these forecasts do not specifically include external workforce they do provide an indication of whether supplementation in the form of external workforce may be required in the future.

2.23 Defence’s Strategic Workforce Plan 2021–2040 sets out the following objectives, to be achieved by Quarter 4 2022, in relation to implementing a more structured approach to planning and managing the internal and external workforces:

1.3 Implement a research approach that produces a more sophisticated and granular understanding of the labour market and workforce mix options, to enhance workforce planning capabilities across the enterprise.

1.4 Deliver and sustain an Enterprise Resource Planning system (and associated systems) that enables sophisticated workforce planning for internal and external workforces.⁷⁷

2.24 Defence advised the ANAO in March 2022 that Objectives 1.3 and 1.4 in the Strategic Workforce Plan 2021–2040 were identified as:

the two key actions required to enable a more structured approach to planning and managing the internal/external workforce mix.

Contractor Engagement Governance Framework

2.25 In November 2018, Defence released the Contractor Engagement Governance Framework.⁷⁸ The accompanying announcement stated that the framework ‘implements an Enterprise Business Committee directive to strengthen workforce planning governance when considering the engagement of Contractors, Consultants and Outsourced Service Providers’.

2.26 The framework sets out that:

This Framework applies to all Defence officials and requires officials to undertake structured and careful assessments of workforce requirements when deciding whether engaging a Contractor is the soundest strategy.

2.27 The framework is to support structured decision-making about the use of contractors at the local level, on a case-by-case basis. The key features of the framework are set out in Box 6 below.

Note a: Defence provided the ANAO with an example of how this could be done. An electronic form had been introduced for this purpose in August 2020 (‘AF043 - SES or Star Approval to Engage a Contractor, Consultant or Outsourced Service Provider (CCOSP)’). Use of the form is not mandatory.

Source: Defence documentation.

2.28 The process for deciding whether to engage a contractor is set out in a fact sheet — titled Engaging Contractors, Consultants and Outsourced Service Providers–Decision Making Governance — which includes a series of steps with guiding questions, and a decision tree to support Defence officials in their decision-making and in documenting the decision. The guidance is summarised in Appendix 4.

2.29 The announcement mentioned in paragraph 2.25 stated that framework requirements had been reflected in updates to the Defence Procurement Policy Manual (DPPM), the complex procurement guide, the simple procurement process tool and the AE643 Defence Purchasing Form. For example, the DPPM, which documented Defence’s procurement framework until mid–2021, stated that:

It is best practice to seek approval to undertake a process to procure a Contractor, Consultant, or Outsourced Service Provider prior to approaching the market. Should approval be sought as part of the commitment of relevant money, and the approval is not given, this may be a breach of CPR 10.35, which limits the ability of Defence officials to cancel a procurement once the process has been undertaken.

Defence officials should refer to the Glossary – Accountable Authority Instructions and Defence Financial Delegations for the definition of Contractors, Consultants and Outsourced Service Providers. Defence officials should refer to the Engaging Contractors, Consultants and Outsourced Service Providers – Decision Making Governance Fact Sheet for further guidance on the evidence required to justify the procurement of Contractors, Consultants or Outsourced Service Providers.⁷⁹

2.30 The Defence Procurement Manual (DPM), issued on 1 July 2021, superseded the DPPM. It incorporates much of the guidance in the DPPM, including the AAI requirement that at a minimum, SES Band 1 / 1 Star approval is required if engaging a CCOSP. Defence Procurement Policy Directives previously set out in the DPPM have been largely incorporated into Defence’s Procurement and Contracting Requirements issued on 1 July 2021, which are to be read in conjunction with the DPM.

3.1 Defence’s contracting templates, standing offer arrangements, induction arrangements and arrangements to support compliance with PSPF Policy 12: Eligibility and suitability of personnel are the primary mechanisms through which the department ensures that contractors are obliged to comply with Defence policies and Commonwealth legislation, understand their obligations and are suitable to access Defence information.

3.2 This chapter considers the arrangements established by Defence for engaging contractors. To form a view on the fitness-for-purpose of Defence’s arrangements for engaging contractors, the ANAO examined the standing offer arrangements and contracting templates used for engaging contractors. Well-designed arrangements, contracting templates and clauses help operationalise requirements and assist officials to consistently apply them at the point of engagement. They also document the expectations placed on contractors and provide a basis for managing performance and non-compliance. In addition, the ANAO examined:

• the induction arrangements established to help contractors understand what their responsibilities are and how to meet their obligations when working for Defence; and
• the policies and processes in place to ensure that the eligibility and suitability of contractors to access Australian Government resources has been established at engagement, as required by PSPF Policy 12: Eligibility and suitability of personnel.⁸⁰ Monitoring and reporting on compliance with the policy was also examined.

Does Defence have a contracting suite that is tailored for the use of contractors?

3.3 The engagement of a contractor is a procurement process and requires the establishment of a contract between Defence and the contractor or the contractor’s employer. As discussed in Chapter 2 at paragraphs 2.29–2.30, the Defence Procurement Policy Manual (DPPM) and its replacement, the Defence Procurement Manual (DPM), have included high-level guidance and directions relating to decision-making by Defence officials to procure a contractor, consultant or outsourced service provider. The DPPM stated that:

the endorsed Defence contracting templates have been drafted and are regularly updated to give effect to applicable Commonwealth legislation and policy (including the CPRs), and applicable Defence policy. These templates have been developed to assist Defence officials to comply with applicable legislation and policy requirements if used for the purposes for which they are intended.⁸¹

3.4 Similarly, the DPM states that the templates:

are regularly updated to ensure that they comply with all applicable legislation and policy requirements. If used for the purposes for which they intended, these templates can assist Defence officials with compliance with these requirements.

Guidance on the selection of contracting mechanisms to engage contractors

3.5 Defence’s Accountable Authority Instruction (AAI) 2: Spending Defence Money—Procurement states that⁸²:

18. You must:

(a) ensure a proposed arrangement is a procurement;

(b) comply with the CPRs;

(c) use an endorsed Defence contracting template. Where an endorsed Defence contracting template would normally be used but is not used, or is modified in a material respect, you must engage with Defence Legal consistent with Defence Instruction Administrative Policy;

…

21. Where the goods and services you are procuring are covered by a mandated whole of government arrangement you must use that arrangement. Exemptions can only be granted jointly by the Minister for Defence and the Finance Minister where a special need for an alternative process can be demonstrated or the coordinated procurement allows for an alternative approach.

22. You must consider opportunities for Indigenous suppliers and comply with all mandatory requirements within the Indigenous Procurement Policy.

…

31. You must use panels⁸³/standing offer arrangements established by Defence unless:

(a) you are using a whole of government arrangement;

(b) you are using an Indigenous supplier in accordance with the Indigenous Procurement Policy; or

(c) a Group Head or Service Chief has approved otherwise or paragraphs 21 and 22 of this AAI apply to your procurement.

3.6 Defence has approved work order templates for procurement (which includes engaging contractors) undertaken using an existing panel arrangement. Defence advised the ANAO in October 2021 that:

Defence engages contractors through whole of government mandated panels … other agencies’ panels that allow ‘piggybacking’, and internal Defence panels such as the Major Service Provider (MSP) Panel, the Defence Services Support (DSS) Panel, the Eminent Persons Panel and the Negotiation Services Standing Offer Panel.

3.7 Defence further advised the ANAO in March 2022 that it engages contractors through the Information and Communications Technology Panel Arrangement, and that this panel and those referred to in its October 2021 advice were ‘the primary mechanism for engaging contractors.’ In May 2022 Defence clarified its March 2022 advice as follows:

AAI 2, para 31 requires ‘…You must use panels/standing offer arrangements established by Defence unless…’. Given Defence panels exist, such as the Major Service provider, Defence Support Services and Information and Communications Technology Provider Arrangement, these are the primary mechanisms for engaging contractors.

3.8 Endorsed Defence contracting templates such as the Australian Standard for Defence Contracts (ASDEFCON) suite are generally only used to engage contractors if:

• a mandated Whole-of-Government arrangement does not exist;
• an internal Defence panel is not available or appropriate; and
• an exemption for using the Commonwealth Contracting Suite (CCS) does not apply or the procurement is above the threshold.⁸⁴

3.9 Defence has issued a Contract Template Selection and Tailoring Guide.⁸⁵ The stated purpose of the guide is ‘to provide guidance to personnel conducting procurements. The guide is aimed at assisting with the selection of an appropriate contracting template and outlining the process for tailoring the selected template’. The intended user group of the guide is stated to be ‘Defence staff and external agencies intending to use the associated Australian Standard for Defence Contracts (ASDEFCON) templates’.⁸⁶

3.10 The guide includes decision trees to aid selection of an appropriate contract template. The contract templates that the decision trees identify as relevant for engaging contractors are discussed below.

Engagements valued at less than $200,000

3.11 Consistent with Defence’s Accountable Authority Instructions, the guide instructs officials to use a suitable standing offer or panel arrangement that covers the identified need (which would include a Whole-of-Government Arrangement) if one exists.

3.12 If a suitable standing offer panel is not available, the guide states that officials must use the Commonwealth Contracting Suite (CCS) for procurements valued at less than $200,000, unless the procurement has been assessed as exempt from this requirement by applying the Defence specific Commonwealth Contracting Suite Decision Tree.⁸⁷

Engagements valued at more than $200,000

3.13 If a suitable standing offer panel is not available and the procurement is valued at greater than $200,000 in value, the guide instructs officials to use a service based ASDEFCON template.⁸⁸

3.14 The Defence Procurement and Contracting Requirements⁸⁹ state that officials must do the following.

• Consider using the CCS for procurements valued between $200,000 and $1 million (GST inclusive).
• Use ‘an endorsed Defence contracting template if one exists for the type of procurement being undertaken’ if the CCS is unsuitable, or the procurement is valued at or above $1 million (GST inclusive).

3.15 Defence has developed and maintains two main approved suites of contracting templates for contracts valued at $200,000 or greater. These are:

• Australian Standard for Defence Contracting (ASDEFCON) suite of contract templates, administered within CASG⁹⁰; and
• Defence Facilities and Infrastructure suite of contract templates, administered within Defence’s Security and Estate Group.⁹¹

3.16 In summary, Defence has established a range of contracting arrangements and templates that can be used to engage contractors. Selection of the most appropriate contract is guided by whether an appropriate existing panel arrangement exists, the value of the procurement and the nature of the services being provided. Defence has a range of procurement policy and guidance documents which assist in selecting the most appropriate arrangement.

Contracts establish obligations of contractors when working with Defence

3.17 Defence has prepared a fact sheet — titled Obligations of Contractors, Consultants and Outsourced Service Providers working in Defence — which ‘provides guidance for Contractors, Consultants and Outsourced Service Providers (“CCOSPs”) and the Defence personnel managing them, on their mandatory obligations when working in Defence.’

3.18 The fact sheet, last updated in July 2021, states that:

In the Defence environment, CCOSPs and Defence Officials must comply with obligations prescribed in Commonwealth legislation, Defence policy and its associated controls. CCOSPs’ contracts of engagement are generally the basis for Defence’s control and oversight of outsourced functions, and should contain all relevant obligations.

3.19 The fact sheet further states that:

These obligations include the requirements for CCOSPs to comply with:

• Accountable Authority Instructions (AAIs) and Financial Delegations policy (FINMAN)⁹²;
• Procurement policy;
• Security policy;
• Work Health and Safety (WHS) policy;
• Public Interest Disclosure scheme;
• managing and reporting of fraud, unacceptable behaviour, Notifiable Incidents and incident reporting policies; and
• probity controls and integrity policies, including those prescribing management of conflicts of interest, post separation employment, and gifts, hospitality and sponsorship.⁹³

3.20 In relation to these obligations, Defence advised the ANAO in March 2022 that the fact sheet:

identifies a number of obligations for CCOSPs to comply with based on their contract, role, status (for example, Prescribed Official⁹⁴) and law. The list does not mean that all obligations apply to each CCOSP, which is why they are not included in all templates.

3.21 The ANAO reviewed the clauses in eight Defence standing offer arrangements and contracting templates used to engage contractors, for their alignment with the obligations Defence has highlighted in the fact sheet.⁹⁵ The ANAO did not test whether relevant clauses have been included in actual contracts or work orders established by Defence.⁹⁶

3.22 Each standing offer arrangement and contract template reviewed by the ANAO contained clauses covering all or most of the mandatory requirements highlighted in the fact sheet relevant to the type of engagement. There were three documents which did not include a reference to the Public Interest Disclosure scheme.

3.23 Defence advised the ANAO in March 2022 that:

the Factsheet is not intended to create any obligations that do not already exist in AAI 2 (if the contractor is a prescribed official), Defence templates and under legislation. A service provider under a Commonwealth contract can make a PID [Public Interest Disclosure] under the legislation and this requirement does not need to be in their contract to do so. The general drafting principle in Defence is that legislative requirements are generally only referenced in Defence templates if the legislation requires the contractor to perform work and this work may have a cost associated with it.

3.24 Defence further advised the ANAO in April 2022 that:

Defence originally promulgated PID requirements as an internal policy instruction (interim Defence Instruction (General) 45-8). This DI(G) was cancelled as it repeated the legislation. When the DI(G) was cancelled, the templates that referenced this policy were updated to refer to the PID legislation instead, which as advised, may not have been necessary as a service provider under a Commonwealth contract can make a PID under the legislation without this reference being in their contract. While the exclusion of references to PID in some templates and standing offer arrangements does not create any risk for Defence, for consistency Defence may update our templates in the future to remove all references to PID.

3.25 The standing offer arrangements and contract templates reviewed by the ANAO also included performance management frameworks, including specific termination clauses to manage non-compliance with required performance standards and mandatory policies referred to in the contract.

Does Defence have fit-for-purpose arrangements for inducting contractors?

Induction requirements and training for contractors

3.26 In terms of whole-of-Defence induction requirements, Defence advised the ANAO in December 2021 that:

a number of resources, policies and training are available on the Defence Protected Environment for all Defence personnel, including Contracted staff, to undertake and/or review to ensure that they are complying with the standards and key expected behaviours of Defence.

3.27 Defence has established an online learning platform accessible to all Defence personnel (including contractors) named ‘Campus’. Defence advised the ANAO in December 2021 that mandatory annual/biannual courses covering the following aspects of key expected behaviours and standards were available on Campus: Annual Security Awareness; Workplace Behaviour; Fraud and Integrity; and Work Health and Safety for Defence. The enterprise-level policies that these courses relate to, the induction training requirements and the timeframes for completion are set out in Appendix 5.

3.28 In addition, Defence advised that courses covering the following matters were also available to contractors on ‘Campus’: Conflict Resolution for Managers; Procurement Essentials and Contract Management; Introduction to Finance in Defence; Objective User Training⁹⁷; and Responsible Record Keeping.

3.29 The ANAO reviewed the content of the mandatory annual courses and additional courses referred to in Defence’s December 2021 advice to the ANAO on contractor induction, to assess the extent to which the obligations referred to in the fact sheet (see paragraphs 3.17–3.25) have been covered. The results of the analysis are summarised below in Table 3.1.

3.30 The ANAO’s review of the courses referred to in Defence’s December 2021 advice (discussed in paragraph 3.26) found that the contractor obligations referred to in the CCOSP fact sheet were covered by mandatory and additional training courses available on the ‘Campus’ learning platform.

3.31 ANAO review of the Defence intranet and the relevant Campus course description found that the Responsible Recordkeeping course, which covers ‘essential Records Management Principles’ and ‘key Records Management legislation’ was mandatory for all new Objective users.⁹⁸ There would be benefit in updating the CCOSP fact sheet, which provides guidance on the engagement of contractors, to include a reference to record-keeping expectations.

Monitoring the completion of training

3.32 In respect to monitoring the completion of mandatory training requirements, Defence People Group advised the ANAO in December 2021 that:

Campus courses are available to all Defence Personnel and Contractors. Learning is recorded on Campus where the training has been conducted on Campus.

…

Training completion is recorded within Campus and the Contractor can provide a print screen of their completion records to their supervisor via email or the supervisor can request a report from Campus.’⁹⁹

3.33 The ANAO examined Defence’s ability to obtain high-level data of contractor compliance with induction requirements. Defence advised the ANAO in March 2022 that:

Defence’s Campus’ system identifies individuals from a ‘person number’, reflected as either an Other Defence Support (ODS) or a PMKeyS (Personnel Management Key Solution) number. These numbers are obtained directly from the Everybody Database (EBDB) or PMKeyS respectively.

3.34 Defence does not use this data to inform itself of the completion of mandatory training by personnel with ODS numbers. Doing so may provide insight as to effectiveness of the current control (checking by the supervisor) that underpins assurance that mandatory training is completed by contractors as expected.

3.35 Defence advised the ANAO in February 2022 that:

the ODS database purpose is specifically to record all external personnel (contractors, consultants, external service providers) with network account access. [emphasis in original]

Defence Learning Branch can provide records for learning completed on Campus via the Digital Learning Solutions Hosting Platforms team. Any training in progress is recorded as either ‘registered’ or ‘completed’ and include both start and finish dates.

Self-generated completion print screen reports/certificates are available to contractors on Campus.

Contract managers are able to submit a request for manual reporting of mandatory training for contractors they supervise.

3.36 Defence advised the ANAO in March 2022 that:

an automated capability to disaggregate contractors from all other ODS users is not available … Defence is exploring options to disaggregate contactor data in the implementation of the Enterprise Resource Planning program. Defence may be in a position to implement this activity following ERP implementation.¹⁰⁰

3.37 In March 2022, Defence finalised an internal audit titled Enterprise Resource Planning (ERP) Program.¹⁰¹ The objective of the audit was to assess the Chief Information Officer Group’s management of the ERP Program. The audit also considered the planned activities to address issues raised by Auditor-General Report No.1 2021–22 Defence’s Administration of Enabling Services – Enterprise Resource Planning Program: Tranche 1. The audit concluded that:

while the ERP Program has designed a number of key controls in support of governance, security and procurement processes, there is limited operating effectiveness and non-conformance with these controls.

3.38 In relation to the implementation of Recommendation 2 of Auditor-General Report No. 1 2021–22, the audit stated that:

Audit confirmed that for contractor on-boarding arrangements, training templates have been updated meeting the requirements for Recommendation 2.b. However, whilst the processes have been updated, compliance and monitoring of these processes remains low with ongoing issues of completion of mandatory training courses including a 66% completion rate for Annual Security Awareness and 11% completion of the Awareness of Probity in Defence Procurement.¹⁰²

3.39 More broadly, the internal audit observed ‘significant non-conformance with training requirements of contracted and ERP Commercial staff working on the ERP Program’:

Only 13 out of 57 individuals in the selected sample were fully compliant with the training required for their respective role in the Program.¹⁰³ Sample testing found that only 33% of contractors had completed the Introduction to Finance in Defence course. Course completion for the ERP Commercial team was performed on a population basis and identified that only 2 of the 7 ERP Commercial staff were fully compliant with training requirements. Notably, within the ERP Commercial team, only 43% had completed the Introduction to Finance in Defence course and 29% had completed the Awareness of Probity in Defence Procurement course.

3.40 Relevant to the engagement and induction of contractors, the internal audit recommended that:

The ERP Program:

(a) ensure that all existing Program team members complete the Defence mandatory training requirements and the training specific to their role; and

(b) develop ongoing monitoring of Campus course completion for new starters.

3.41 Induction supports contractors to understand their obligations, both in terms of policy and behavioural expectations, when working with Defence. To support a common understanding of these obligations across Defence, there would be merit in Defence establishing a mechanism to provide enterprise-level assurance that contractors have addressed mandatory induction requirements.

Group/Service specific induction arrangements

3.42 Defence Groups and Services¹⁰⁴ may establish induction requirements for contracted personnel that are in addition to the requirements established at the enterprise level. The Groups and Services that responded¹⁰⁵ to an ANAO information request on contractor induction requirements advised the ANAO that any additional role and/or location-specific training required of contractors as part of their onboarding was to be set out in the contract under which they were engaged.

3.43 The ANAO also sought information from each of the Groups and Services on monitoring and reporting in place in relation to contractor completion of induction and training requirements. Five of the eight Groups which responded, and all three Services, advised that they did not conduct monitoring and reporting of contractor completion of mandatory induction and training requirements and referred to Campus learning records, with contract managers identified as responsible for ensuring completion.¹⁰⁶

3.44 Those Groups and Services which did report conducting monitoring and reporting provided examples of arrangements at the Division level or below to ensure contractors were completing induction and training requirements (see Box 7).

Source: Defence advice.

Has Defence established arrangements for the engagement of contractors that support compliance with PSPF Policy 12: Eligibility and suitability of personnel?

3.45 Protective Security Policy Framework (PSPF) Policy 12: Eligibility and suitability of personnel¹⁰⁷ sets out ‘the pre-employment screening processes and standardised vetting practices to be undertaken when employing personnel and contractors.’ Policy 12 has the following core requirements:

Each entity must ensure the eligibility and suitability of its personnel who have access to Australian Government resources (people, information and assets).

Entities must use the Australian Government Security Vetting Agency (AGSVA) to conduct vetting, or where authorised, conduct security vetting in a manner consistent with the Personnel Security Vetting Standards.

3.46 The policy states that pre-employment screening is the primary activity used to mitigate an entity’s personnel security risks. Entities may use security clearances where they need additional assurance of the suitability and integrity of personnel. This could be for access to security classified information, or to provide greater assurance for designated positions. Under the policy:

Entities must undertake pre-employment screening, including:

• verifying a person’s identity using the Document Verification Service¹⁰⁸;
• confirming a person’s eligibility to work in Australia; and
• obtaining assurance of a person’s suitability to access Australian Government resources, including their agreement to comply with the government’s policies, standards, protocols and guidelines that safeguard resources from harm.

3.47 In its mandatory annual report to the Attorney-General’s Department (AGD) in 2018–19, 2019–20 and 2020–21, Defence self-assessed its security maturity against PSPF Policy 12 requirements as ‘developing’. Defence also reported that it was taking steps to lift its security maturity to ‘managing’.¹⁰⁹

Arrangement for conducting pre-employment screening and standardised vetting

3.48 The relevant parts of the Defence Security Principles Framework (DSPF) implementing PSPF Policy 12 are DSPF Principle 40 and associated Control 40.1. The Principle and the Control set out requirements in relation to: security clearances including pre-employment screening, citizenship requirements, and eligibility waivers; and identified positions and recording security clearance requirements for these positions. DSPF Control 40.1 states that there is ‘no minimum level of security clearance for Defence industry and contractors. Clearance requirements for Defence industry and contractors are determined on the basis of their need to access classified information, networks, assets or secure areas’.

3.49 Defence advised the ANAO in February 2022 that:

A security clearance is not required to access information that does not have a security classification, including Official or Official: Sensitive information. For this type of information, routine employment screening is sufficient. Because of this there may be examples of staff on Defence premises who do not require a clearance due to the nature or location of their employment. For example, these could include hospitality services, or scribing services where information is unclassified and the engagement is very short.

3.50 Table 3.2 below outlines the requirements of PSPF Policy 12 that are to be established by Defence and the arrangements Defence has established for pre-employment screening processes and standardised vetting practices when engaging contractors.

3.51 In summary, while Defence has established policies and processes to support compliance with PSPF Policy 12 when engaging contractors, it does not use the Document Verification Service as required by the PSPF for pre-screening processes and neither do the employers of its contractors. As noted in Table 3.2, there is no DSPF requirement to use the service.

Table 3.2: Defence policies and processes that apply to contractors and support compliance with the core requirements of PSPF Policy 12: Eligibility and suitability of personnel

Note a: DSPF Control 16.1 and its associated annexes is available publicly at: https://www.defence.gov.au/ [accessed 25 March 2022].

Note b: Auditor-General Report No. 4 2021–22 Defence’s Contract Administration – Defence Industry Security Program (DISP) found that ‘Defence contract managers do not have visibility of Defence’s DISP membership data, and must request this information from the DISP administration team’. Defence advised the ANAO in March 2022 that it had developed a membership profile template to enable this, and expected to share the template and a document titled Principles for Considering Vendor Security Risks with contracting authorities shortly. Defence further advised in March 2022 that the profile advises a contracting authority that an entity has met the required DISP standard, which includes employment screening.

Note c: The document titled Principles for Considering Vendor Security Risks outlines five security risk principles intended to assist Defence to make informed decisions and support the development of robust security risk assessments.

Note d: Defence advised the ANAO in March 2022 that there were currently 116 active citizenship waivers sponsored by Defence, of which 68 waivers are for Defence contractors, and that AGSVA reports on all active citizenship waivers on a quarterly basis to the Defence Security Committee. Defence’s advice noted that AGSVA’s reporting to this committee is by waiver sponsorship and does not indicate whether the waiver is for contractor or other type of employee. Defence further advised that all active citizenship waivers are reviewed and approved annually by AGSVA.

Note e: The DSPF defined a DSAP as follows: A DSAP is defined in the Crimes Act 1914 as ‘a position in a Commonwealth Authority which the head of the authority has determined to be a designated security position whose duties are likely to involve access to national security information classified as secret or top secret’. Defence did not hold records that supported reporting to the ANAO on the number of contractors who are DSAPs at each level at a point in time.

Source: ANAO analysis of Defence documentation.

Arrangements for monitoring and reporting that requirements of PSPF Policy 12 have been addressed when contractors have been engaged

3.52 Box 8 below sets out Defence’s current approach to compiling its annual self-assessment of compliance with PSPF Policy 12. Defence’s assessment is approved by the Secretary and Chief of the Defence Force (CDF) and submitted to AGD.

Note a: The Defence Security Committee provides the primary oversight of the DSPF.

Note b: For DSPF Principle 40 the Control Owner Report for 2019–2020 set out that assurance activities included AGSVA performing data reviews on the eVetting system, conducting a positive vetting (PV) cease batch procedure to cease clearances that met set criteria, and analysis of security incident data. The 2020–2021 Control Owner Report for DSPF Principle 40 noted ongoing certification under the ISO9001 Quality Management System, a review of Defence Industry Security Program policy, and support to the broader Defence Security Strategy development as other measures implemented within the broader Defence security environment to assure the effectiveness of Principle 40. Defence advised the ANAO in March 2022 that ‘AGSVA cease batch procedures [currently] covered all clearance levels’.

Note c: Defence advised the ANAO in March 2022 that: ‘At the time of the 2020/21 reporting there were 14 ESAs appointed (each Group or Service is responsible for appointing their own ESA under the DSPF) and 11 ESA responses were received. Additional ESA input was provided directly into the Defence response by (then) DS&VS [Defence Security and Vetting Service], but was not formally recorded as an ‘ESA response’ as DS&VS was producing the Defence response. ESA reporting was not mandatory, and two Defence ESAs did not respond to the request for input or follow-up requests. These ESAs were considered to have provided a NIL response.’

3.53 Defence has established a framework and processes for monitoring and reporting on its level of maturity against PSPF Policy 12. Internal reporting does not differentiate between contractors, APS and ADF personnel. Defence advised the ANAO in March 2022 that:

It is the responsibility of the Contract Manager to ensure contractor compliance with contract security requirements, this information is not centrally recorded. If the contractor is a Defence Industry Security Program member the contractor security officer is obligated to report any security non-compliance as are any Defence Security Officers involved in the delivery/management of the project to Defence Security.

3.54 The ANAO sought data on the number of Designated Security Assessed Positions (DSAPs) that were filled by contractors. Defence was unable to provide the ANAO with figures for DSAP numbers at each clearance level and how many DSAPs were filled by contractors. Defence advised that DSAPs are managed within the Group or Service and are not centrally reported.

3.55 In respect to the requirement set out in DSPF Control 40.1 (discussed in Table 3.2 above) to manage Defence positions requiring a security clearance above the BASELINE level as DSAPs, Defence advised the ANAO in March 2022 that:

The Defence Security Policy Framework does not require the use of DSAPs. Position clearance requirements are flexibly managed by Departmental clearance sponsors based on operational requirements and risk levels. Some Groups and Services have designed DSAPs in specific areas, primarily for the management of TSPV [Top Secret Positive Vetting] positions, but these DSAPs are managed within the Group or Service and are not centrally reported.

3.56 In summary, there are arrangements in place across Defence to support compliance with most aspects of PSPF Policy 12. However, Defence is not well placed to assure itself at an enterprise level that PSPF Policy 12 has been met, as Designated Security Assessed Positions (DSAPs) are managed at the Group or Service level and are not centrally reported.

4.1 Once engaged by Defence, the ongoing management of contractors involves:

• day-to-day oversight of the contractor and management of the contract to ensure that contracted outcomes are being delivered as required;
• assessment and management of the ongoing suitability of the contractor to access Australian Government resources; and
• withdrawing access and managing any ongoing risks at the end of the contract.

4.2 The effective management of contractors supports both the achievement of contracted outcomes and Defence’s ability to address the national security challenges outlined in the 2020 Defence Strategic Update¹¹⁰ through the management of personnel security risks.

4.3 The ANAO examined the following to form a view on the fitness-for-purpose of Defence’s arrangements for the management of contractors.

• Documentation promulgated to officials to inform them of Defence’s requirements and expectations for the management of contractors and the training that was available to support implementation of the guidance.
• Policies and processes for ensuring the ongoing suitability of contracted personnel to access Australian Government resources, as required by PSPF Policy 13: Ongoing assessment of personnel, and monitoring and reporting on compliance.
• Policies and processes for contracted personnel to have their access withdrawn and to be informed of any ongoing security obligations, as required under PSPF Policy 14: Separating personnel, and monitoring and reporting on compliance.

Has Defence clearly documented its requirements and expectations regarding the management and oversight of contractors?

4.4 The Defence Contract Management Handbook states that:

Defence is the Commonwealth’s largest procurer of goods and services. Defence procurements comprise thousands of transactions and involve billions of dollars annually. For instance, in 2016/17, Defence spent over $32 billion (or around 70% of the Commonwealth’s total annual procurement expenditure).¹¹¹

As such, contracting is an integral part of the way Defence conducts business. Contracting activities range from straightforward procurements that can be made, for example, using a government credit card or purchase order, through to highly complex, innovative long-term projects involving a number of interdependent contractual arrangements.

Therefore, it is important that contract management personnel have the necessary capabilities, supported by standardised tools, templates and systems, to assist in effectively managing the contracts for which they are responsible. It is also important that industry should be able to deal with Defence in a consistent way across all sectors of Defence business activity.¹¹²

4.5 Depending on the specific contracting arrangements adopted, the management of a contractor may involve multiple people with differing responsibilities — such as managing the contract and supervising the contractor’s work on a day-to-day basis. Clarity regarding the roles and responsibilities of each party helps officials to understand what is expected of them.

4.6 To assess whether Defence has clearly documented its requirements and expectations regarding the management and oversight of contractors, the ANAO:

• reviewed the framework that documents the requirements and expectations for managers; and
• reviewed the training available to managers.

Framework documenting the requirements and expectations of managers

4.7 Defence has documented its requirements and expectations regarding the management and oversight of contractors in policies, processes and guidance for contract managers that are available on Defence’s intranet. These documents set out:

• the roles and responsibilities of contract managers¹¹³;
• standardised policies and processes for managing contracts in the agency;
• standardised tools to assist contract managers to fulfil their responsibilities including contract administration, division of responsibility and risk management; and
• a range of policies, processes and guidance for supervisors, including the day-to-day management of induction, performance, security, financial delegations, conduct and behaviour, onboarding and offboarding.¹¹⁴

4.8 Defence has also established procurement and contracting support functions. These include:

• Procurement and Contracting Support Officers who can be contacted via telephone or email (contact details are listed on the ‘Contract Management Advice and Support’ page on Defence’s intranet); and
• a Commercial Division Helpdesk which is part of the Commercial Centre of Expertise operated by Defence’s Capability Acquisition and Sustainment Group (CASG).

4.9 Defence guidance on procurement support, including contract management, also outlines a number of helpdesks and mailboxes available to support contract managers.¹¹⁵

4.10 Much of Defence’s guidance is framed for officials managing contracts that are valued above $200,000, and which are complex and/or of long duration. While this guidance can also be useful for smaller procurement activities, it is not apparent which parts should be applied specifically when managing contractors as defined in Defence’s AAIs, particularly where the contract value is below $200,000. Defence advised the ANAO in April 2022 that:

Defence does not have specific guidance for managing “contractors” below $200,000 … Defence has contract management guidance that applies broadly to contract management.

4.11 There would be merit in Defence establishing guidance to support the managers and supervisors of contractors across the broad range of arrangements Defence uses to engage non-APS personnel.

Training for contract managers about managing and oversighting contractors

4.12 The Defence Contract Management Handbook states that it:

has been designed for a broad range of contract management personnel with varied contract management capabilities. It is important to complement the knowledge and guidance provided in this Handbook with relevant training and, where necessary, a professionalisation program.’

4.13 In relation to training requirements for contract managers, Defence (CASG) advised the ANAO on 30 November 2021 that:

Defence does not require mandatory minimum training or refresher training specifically for contract managers. However, Defence does offer the following contract management training as a part of the Commercial Function training offering for Defence. Awareness of contract manager training and requirements are regularly communicated across Defence (including across related job families) through the Defence Commercial training service offer and related communications. This is a Defence-wide offering:

• Certification IV in Procurement and Contracting especially Stream 3 – Contract Management
• Certification IV in Procurement and Contracting Refresher
• Effective Contract Management – Two day training
• Performance Based Contracting Awareness
• Performance Based Contracting (PBC) for Practitioners
• Contract Risk Training (CRT) Module 2: ASDEFCON Technical Data/Intellectual Property
• Contract Risk Training (CRT) Module 5: ASDEFCON Liability
• Contract Law Essentials.

4.14 Defence further advised the ANAO on 30 November 2021 that:

Defence does not mandate contract management training for contract related positions, however, the completion of contract related training and experiential requirements are managed through the individual position requirements and included and reviewed in individual staff performance agreements.

Defence has no central monitoring or reporting for the completion of contract management training.

4.15 As noted in paragraph 3.28 there is a training course — Procurement Essentials and Contract Management — available on Defence’s online learning platform, ‘Campus’. In relation to oversight of completion of this training, as stated at paragraph 3.32, Defence advised the ANAO that training completion is recorded within Campus and that reports on completion records can be requested from Campus.

4.16 Defence further advised the ANAO in March 2022 that it offers an Effective Contract Management Course. While targeted to Defence officials at the APS 6 and EL1 level, other APS levels and EL2s can attend. The course:

provides practical contract management program to assist the learning and development of officers involved in the management of complex contracts, but can be applied to all levels of contract management for Defence officials. A component of the course material deals with the day to day management of contractors including … planning and managing contracts and covers general principles of contract management including planning, key contractual obligations and identifying and managing stakeholder’s relationships including contractor performance.

Has Defence established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel?

4.17 When personnel (including contractors) are engaged, entities must ensure that the eligibility and suitability requirements that were established prior to commencement continue to be met. This entity responsibility is set out in PSPF Policy 13: Ongoing assessment of personnel. The purpose of the policy is to describe how entities maintain confidence in the suitability of their personnel to access Australian Government resources and manage the risk of malicious or unwitting insiders. The core requirement of PSPF Policy 13 is that ‘each entity must assess and manage the ongoing suitability of its personnel and share relevant information of security concern, where appropriate.’

4.18 In its 2018–19, 2019–20, and 2020–21 self-assessments of its maturity against PSPF Policy 13 requirements, submitted to the Attorney-General’s Department (AGD), Defence rated its maturity level as ‘developing’. Each year, Defence has reported that it is taking steps to move its maturity level to ‘managing’.¹¹⁶

4.19 To examine whether Defence has established arrangements for the management of contractors that support compliance with PSPF Policy 13, the ANAO reviewed arrangements for assessing and managing the ongoing suitability of contractors and for sharing relevant information of security concern.

Arrangements for assessing and managing the ongoing suitability of contractors and sharing relevant information

4.20 DSPF Principle 40 and associated Control 40.1 set out requirements for the ongoing management of security clearances. Table 4.1 below outlines the results of the ANAO’s review of Defence policies and processes that support compliance with relevant DSPF requirements in the context of the engagement of contractors in Defence.

4.21 In summary, Defence has established policies to support compliance with the requirements of PSPF Policy 13, in the DSPF. Defence’s policies address all aspects of the core PSPF requirement and apply to all Defence personnel, including contractors. Defence has also included clauses in contracting templates requiring ongoing compliance with the DSPF.

Table 4.1: Defence policies and processes that apply to contractors and support compliance with the core requirements of PSPF Policy 13: Ongoing assessment of personnel^a

Note a: Compliance reporting to AGD on PSPF Policy 13: Ongoing Assessment relates to the whole of Defence. Defence is not expected to provide specific information relating to PSPF compliance for contractors.

Note b: The development of the framework was discussed in Auditor-General Report No. 21 2020–21 Delivery of Security Vetting Services Follow-up. See paragraphs 3.28–3.35 of that report. The report noted that the framework was being implemented in phases and that implementation was in progress in relation to Negative Vetting 2 and Positive Vetting clearances, with Baseline and Negative Vetting 1 clearances to be considered in future phases. Defence’s 2019–2020 PSPF self-assessment reported that implementation in Defence as part of Phase Two of framework rollout had commenced in July 2020 with the inclusion of one Service and one Group. Defence advised the ANAO in March 2022 that: ‘AGSVA continues to implement the Personnel Security Risk Information Sharing Framework within Defence and the wider Government. Entities, including Defence Groups and Services, are briefed into the Framework when AGSVA identifies a potential risk to be shared. AGSVA is now sharing risks identified at all clearance levels.’

Source: ANAO assessment of Defence documentation.

Arrangements for monitoring and reporting that the ongoing suitability of contractors has been assessed and managed

4.22 In its 2018–19, 2019–20 and 2020–21 PSPF compliance self-assessment reports to AGD, Defence stated that AGSVA had policies and processes in place to receive information on, assess, respond and manage the ongoing suitability of clearance holders, including continued suitability to retain existing security clearances. As discussed in Chapter 3 at Box 8, Defence’s annual PSPF assessments are supported by annual reports from DSPF Control Owners on the effectiveness of their control. Effectiveness is determined through a combination of assurance activity and security incident data¹¹⁷, supplemented by reporting from Defence Executive Security Advisers (ESAs).

4.23 Defence’s ESA Security Maturity Questionnaire responses for 2020–21 reported that Groups and Services conducted a range of assurance activities in relation to PSPF Policy 13. For example: active maintenance and review at regular intervals of Defence Security Assessed Position lists; Protective Security Self Assessments¹¹⁸; centralised management within the Groups or Services of eligibility waivers and regular reassessment of waivers; regular security clearance reviews; and audits.

4.24 ESA responses also identified a number of weaknesses, including: ‘no Group-wide approach to annual security reviews’; ‘limited oversight at the Group level’; and ‘not having received returns on compliance from a number of areas within the Group’. Further, ESAs identified that Security Officers at various levels had differing levels of understanding of their responsibilities under the DSPF and PSPF. The implications of Security Officers not understanding their responsibilities, as noted by ESAs, included: ‘a lack of reporting around changes in circumstances for clearance holders’. Defence reported in its 2020–21 PSPF compliance report to AGD that ‘the requirement for Security Officers to conduct annual security checks with their personnel is not widely known nor enforced.’

4.25 In addition to the above, in its 2020–21 PSPF self-assessment Defence reported substantial compliance with the obligations pertaining to sharing relevant information of security concern. ESA responses, consistent with the self-assessment, reported advising AGSVA of changes of circumstances for security cleared personnel.

4.26 In summary, Defence has identified weaknesses in its arrangements for monitoring compliance with PSPF Policy 13. There would be merit in Defence reviewing whether adequate assurance is obtained regarding implementation of the policies and processes.

4.27 Defence’s reporting to management and associated assurance activities in relation to compliance with PSPF Policy 13 does not differentiate between the personnel types that make up Defence’s workforce, including contractors. Defence therefore cannot assess, for risk management purposes, trends by personnel type.

Has Defence established arrangements for the separation of contractors that support compliance with PSPF Policy 14: Separating personnel?

4.28 When individuals (including contractors) permanently or temporarily leave their employment with an entity, entities are required to take steps to mitigate risks that Australian Government resources will be accessed by individuals without permission or that ongoing security obligations are not met. These requirements are set out in PSPF Policy 14: Separating personnel. Policy 14 states that:

Each entity must ensure that separating personnel:

(a) have their access to Australian Government resources withdrawn;

(b) are informed of any ongoing security obligations.

4.29 In its 2018–19, 2019–20, and 2020–21 self-assessment of maturity against PSPF Policy 14 requirements, submitted to AGD, Defence rated its maturity level as ‘developing’.¹¹⁹

4.30 To examine whether Defence had established arrangements for the management of contractors that support compliance with PSPF Policy 14, the ANAO reviewed Defence’s arrangements for:

• withdrawing access and informing separating contractors of any ongoing security obligations; and
• obtaining assurance that access has been withdrawn and briefings provided to separating contractors.

Arrangements for managing access and ongoing security obligations of separating contractors

4.31 DSPF Principle 40 and associated Control 40.1 set out requirements for the separation of personnel, transfer of clearance sponsorship, and cancellation of clearances. Table 4.2 below outlines the results of the ANAO’s review of Defence policies and processes that support compliance with the relevant DSPF requirements in the context of the engagement of contractors in Defence.

4.32 In summary, Defence has established policies and processes to support compliance with the requirements of PSPF Policy 14, in the DSPF. Defence has also included clauses in contracting templates requiring ongoing compliance with the DSPF. An internal audit published in May 2021 identified weaknesses in how the security policies had been disseminated to the operational level. There is scope for the Contract Management Handbook to better support contract managers at the end of the contract, by including processes to address the PSPF Policy 14 requirements in the relevant checklist.

Table 4.2: Defence policies and processes that apply to contractors and support compliance with the core requirements of PSPF Policy 14: Separating Personnel for separating contractors

Note a: Objective is Defence’s electronic document and records management system.

Source: ANAO analysis of Defence documentation.

Arrangements for monitoring and reporting that the requirements of PSPF Policy 14 have been met when contractors are separating

4.33 Defence noted in its 2020–21 PSPF self-assessment report to AGD that:

the majority of security off-boarding procedures occur at the local level with limited integrated oversight across Defence to confirm these processes are being followed fully. Internal assessments and Defence Audit Branch Audits indicate that Security Officers, supervisors and managers may not be familiar with security off-boarding processes and hence are not ensuring these occur, or conducting a risk assessment if a member leaves before security debriefing can occur.

4.34 Defence ESA Security Maturity Questionnaire responses for 2020–21 reported that assurance activities in relation to Policy 14 that were in place in the Groups and Services included: recording of separation of clearance holders in security registers, and regular system access audits. ESA’s responses also identified the following weaknesses around the effective management of separating contracted personnel.

• There were deficiencies in governance of departure processes, attributed to security resourcing challenges. For example, the implications of Security Officers not understanding their responsibilities noted by ESAs (discussed in paragraph 4.24) included a ‘lack of debriefs for exiting personnel’.
• There was a lack of awareness of how many personnel with clearances sponsored by Defence had ceased engagement and re-engaged with another entity without a change in clearance sponsor, or been re-engaged within Defence in another capacity. This lack of awareness creates the potential for instances where a clearance might be retained and continue to be sponsored by the individual’s previous Group or Service.
• AGSVA may not be contacted regarding separation/discharge.
• There was limited visibility of processes at the Group or Service level.
• There had been a lack of process regarding the need for security risk assessments where no debriefing is conducted, and no current means of assuring this.

4.35 Of the 11 Groups and three Services in Defence (at the time of 2020–21 reporting), three Groups reported ‘full’ implementation of debriefing and removal of access¹²⁰, and two Groups and two Services reported ‘substantial’ implementation.¹²¹

4.36 The ANAO analysed users’ access to ROMAN¹²² for the period 1 July 2021 to 30 November 2021 to assess whether user accounts remained active subsequent to the user departing from Defence. The ANAO identified that 1447 user accounts were not removed or suspended subsequent to the user’s departure from Defence. Of the active accounts identified, 1357 related to users who terminated prior to 2020–21. The ANAO performed further audit procedures to confirm whether any of the users accessed the system subsequent to departure from Defence. It was confirmed that no users had accessed their ROMAN account subsequent to departure.

Internal audits

4.37 In May 2021, Defence finalised an internal audit titled ‘Managing the risk of theft of Information by staff / contractors leaving Defence.’¹²³ The objective of the audit was to assess the appropriateness of preventative, detective and corrective controls mitigating the risk of staff and/or contractors in the process of leaving Defence inappropriately using Defence systems to access and/or transfer information out of the Defence environment. The audit concluded that:

Defence does not have sufficient controls in place to prevent, detect and mitigate the risk that staff and/or contractors leaving Defence inappropriately use Defence systems. There are different processes in place across Defence for ADF, APS and contractors, with the audit finding that the processes for the removal of systems access are ineffective, increasing the opportunity for theft of information.

4.38 The audit identified a lack of consistency in how off-boarding occurred for ADF members, APS staff and contractors. Both system-based processes and manual processes were used. The report noted that:

Access management for contractors is impacted by contractors working across multiple areas within Defence, potentially at the same time. Processes in place for the management of contractor access changes and removal are not governed by a single policy or process. While guidance material exists, these materials differ in content and expectations across Groups within Defence. Each contract manager is required to maintain processes to manage the provision, change or removal of access for contract staff.

A Defence wide contractor off-boarding checklist has been created by CIOG [Chief Information Officer Group] and shared with CASG [Capability Acquisition and Sustainment Group] and Defence Legal for review. This however remains in draft and has not been shared more broadly within Defence. Further, this had not been shared with the [internal] audit team as at 29 March 2021.

4.39 The audit recommended that ‘CIOG continue with the development and implementation of an enterprise-wide Contractor off-boarding checklist, including standardisations of the contractor off-boarding process.’ The Management Action Plan for the audit presented to the Defence Audit and Risk Committee along with the audit outlined that the contractor off-boarding checklist was scheduled for completion by 30 June 2021 and that ‘CASG will be responsible for implementation of the product at the enterprise-wide level.’ The recommendation was closed on 6 August 2021. Defence advised the ANAO in March 2022 that:

Audit Branch closed this recommendation on the basis that CIOG has developed a contractor off-boarding checklist which has been implemented within CIOG. This contractor off-boarding checklist was not rolled out at the enterprise level as it was not deemed fit-for-purpose for all Groups/Services.

The checklist was not going to address the risk at the enterprise level. The risk associated with the off-boarding of APS, ADF and contractors goes beyond separation, and requires the consideration of the full lifecycle of a contractor, inclusive of on-boarding and throughout their contractual arrangements. As a result, the portion of the recommendation to develop an enterprise contractor off-boarding checklist has been superseded by Audit Task 22-010- Management of Post Separation Employment Risks and Issues which is currently underway. This audit will identify off-boarding policy and process improvements which will be implemented at the enterprise level.

4.40 The May 2021 internal audit surveyed 858 contract managers within CASG in October 2020. The majority of the 324 respondents were not aware of a policy or procedure relating to the off-boarding of contractors. The audit found that of the contract managers who responded: 43.7 per cent reported following a checklist; 32.5 per cent reported following other guidance local to their team; and 23.8 per cent reported they were not aware of any guidance on this issue.

4.41 Defence advised the ANAO in May 2022 that it responded to the internal audit with ‘a series of control measures’, including ‘the implementation of a monthly network access audit.’

4.42 Further, the March 2022 Defence internal audit titled Enterprise Resource Planning (ERP) Program, discussed at paragraphs 3.37–3.39, found examples of system access not being revoked when individuals departed from Defence. The audit examined a sample of 22 off-boarded team members and identified six individuals (27 per cent), with no indication that they were still engaged by Defence, who had not had their Defence Protected Network (DPN, also known as Defence Protected Environment) access removed in a timely manner. Departure dates for these individuals occurred in March 2021 (two instances), May 2021 (two instances), June 2021 (one instance) and August 2021 (one instance). A request to remove these individuals’ access to the Defence Protected Environment was submitted in September 2021, following audit queries.

4.43 The internal audit on the ERP Program recommended that:

The ERP Program (in consultation with Defence’s ICT Security Branch) take steps to revoke all access to Defence systems for all ERP Program team members who have left the Program and are no longer engaged by Defence.

4.44 Relevant to off-boarding, the internal audit also examined how the ERP Program managed assets issued to program staff, particularly in relation to early 2020, when a number of assets including laptops, DREAMS tokens¹²⁴, internet routers and mobile phones were acquired and issued by the program. Defence identified that the approach to asset management within the program was ‘not appropriate’. Defence advised the ANAO in May 2022 that it responded to this internal audit with ‘a series of control measures’, including ‘a stocktake of mobile devices provided to personnel as a result of the initial COVID pandemic response.’

4.45 The Department is required to take steps to mitigate risks that Australian Government resources will be accessed without permission or that ongoing security obligations are not met, including when it utilises contractors. Defence has identified weaknesses in its current arrangements for managing separating personnel through its internal audit activity and reporting from Groups and Services that informs its mandatory PSPF self-assessment.

Appendix 1 Entity responses

Appendix 2 Performance improvements observed by the ANAO

1. The fact that independent external audit exists, and the accompanying potential for scrutiny, improves performance. Program-level improvements usually occur: in anticipation of ANAO audit activity; during an audit engagement as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

• strengthening governance arrangements;
• initiating reviews or investigations; and
• introducing or revising policies or guidelines.

4. In this context, the below improvements were observed by the ANAO during the course of the audit. It is not clear if these actions and/or the timing of these actions were already planned before this audit commenced. The ANAO has not sought to obtain reasonable assurance over the source of these improvements or whether they have been appropriately implemented.

5. The following performance improvements were observed by the ANAO during the course of this audit.

• Defence issued a new version of Accountable Authority Instruction (AAI) 2: Spending Defence Money — Procurement on 1 February 2022, discussed at paragraph 3.5. The new version made clearer that Defence officials must use panels/standing offer arrangements established by Defence unless one of the exceptions documented in AAI 2 is applicable.
• Defence issued a new version of the fact sheet titled Engaging Contractors, Consultants and Outsourced Service Providers – Decision Making Governance on 7 February 2022, discussed at paragraph 2.28. The new version updated the fact sheet to align with the requirements of the version of Accountable Authority Instruction AAI 2 – Spending Defence Money – Procurement that was published on 1 February 2022.
• Defence released the Defence Strategic Workforce Plan 2021–2040 internally on 1 April 2022, which identified key objectives to be undertaken to develop a more structured approach to integrated workforce planning within Defence.
• Updates to the Defence Security Principles Framework, specifically to Control 16.1, were published on 17 February 2022, and a new Annex A to Control 16.1 was published on 4 March 2022. The new Annex A requires DISP members to provide to Defence a copy of employment screening and management processes for personnel working with or on Defence-related work.

Appendix 3 Measures for reporting on workforce size

1. The Australian Public Service Commission (APSC) provides the following information on measures used to report on workforce size.¹²⁹

2. Each year a ‘snapshot’ of data concerning all Australian Public Service (APS) employees as at 30 June and 31 December is released by the APSC. The data is provided by agencies and is drawn from the Australian Public Service Employment Database. APS employment data includes:

• demographic variables including age, gender and work location;
• classification level of APS employees, from trainee to Senior Executive Service;
• diversity data including voluntary items self-reported by APS staff such as disability status, Indigenous status, and cultural diversity; and
• staff movements including engagements, separations and transfers between agencies.

3. The reported size of the APS workforce is a headcount of all people employed at the time of the snapshot. This figure does not adjust for hours worked and it includes any employees who are on extended leave (for 3 months or more), including those on maternity leave and leave without pay.

4. This figure is different to Average Staffing Level (ASL) data provided in the Federal Budget papers. The ASL counts staff for the time they work. For example, a full-time employee is counted as one ASL, while a part time employee who works three full days per week contributes 0.6 of an ASL. The ASL averages staffing over an annual period. It is not a point in time calculation.

5. The Government places a cap on ASL. This is applied across the General Government Sector (which incorporates all of the APS and a range of other government agencies). ASL caps are published in the Federal Budget Papers each year.

6. Another measure of employee numbers used by both private and public sector organisations is Full-Time Equivalent (FTE). This is a count of all hours worked at a point in time and then converted to the number of full-time staff. For example, two staff each working 0.6 days per week would be counted as 1.2 FTE.

Appendix 4 Defence’s decision-making process for the engagement of contractors

Figure A.1: Defence’s decision-making process for the engagement of contractors

 

 

Source: ANAO analysis of Department of Defence documents.

Appendix 5 Training requirements for contractors

Table A.1: Training requirements for contractors in Defence enterprise-level policy

Note a: The policy sets out that it applies to all Defence workers, including ADF members, APS employees, ADF cadets, contractors and other persons.

Note b: The Mandatory WHS Training page on the Defence intranet notes that completing the ‘Work Health and Safety for Defence’ program on Campus meets the annual work health and safety training requirement.

Source: ANAO analysis of Department of Defence documentation.