Background

1. The Australian Human Rights Commission (AHRC or the Commission) was established in December 1986 by the Australian Human Rights Commission Act 1986 (AHRC Act). The AHRC is a corporate Commonwealth entity under the Public Governance, Performance and Accountability Act 2013.

2. The Commission’s key goal related to complaint handling set out in its Corporate Plan is ‘improving enjoyment of human rights by all, supporting access to justice and remedies for people and communities whose rights are breached.’¹

3. AHRC’s Investigation and Conciliation service (ICS) is responsible for delivery of complaint investigation and conciliation. ICS also operates two information services (the National Information Service and Respect@Work National Information Service) to provide information about AHRC’s complaint handling function and respond to enquiries from the general public.

Rationale for undertaking the audit

4. AHRC is Australia’s national human rights institution. The handling of complaints is central to its purpose, which is to ensure that Australians have access to effective, independent complaints handling and public inquiry processes on human rights and discrimination matters, and benefit from human rights education, advocacy, monitoring and compliance activities. The AHRC has reported that, in 2023–24, it received 2,708 complaints. This performance audit was conducted to provide independent assurance to the Parliament that AHRC’s handling of complaints is efficient and effective.

Audit objective and criteria

5. The objective of this audit was to assess the efficiency and effectiveness of AHRC’s handling of complaints.

6. To form a conclusion against the audit objective, the following high-level criteria were adopted:

• Are AHRC’s complaint handling arrangements designed in a way to support the effective management of complaints?
• Is AHRC’s handling of complaints efficient?
• Is AHRC’s handling of complaints effective?

Conclusion

7. The AHRC’s handling of complaints is partly efficient and partly effective.

8. The AHRC has designed its complaint handling arrangements to support effective management of complaints with two exceptions. The two key shortcomings relate to it not having conducted a recent procurement for, or having a contract in place for, an information technology system to assist with the management of complaints, and not having developed a formal approach to obtaining assurance over the handling of individual complaints.

9. The timeliness of complaints handling has been declining, with the Commission not meeting its performance indicator (consistent with its enabling legislation) to finalise 85 per cent of complaints within 12 months in 2023–24. A significant backlog has developed and, although the backlog has stabilised, it remains high. Resource efficiency improved over the four years up to and including 2021–22, a trend that did not continue in 2022–23 and 2023–24.

10. A lower proportion of complaints are being conciliated by the Commission, with the Commission not meeting its related performance indicator for the last three years. A greater proportion of complaints are being terminated or discontinued. Data on complainant and respondent satisfaction with the AHRC’s complaint handling is not reliable.

Supporting findings

Complaint handling arrangements

11. Complaints mechanisms and processes are clear and accessible. (See paragraphs 2.2 to 2.13)

12. Suitable systems and processes are, in most respects, in place for complaints handling. From a random sample of 137 complaints examined by the ANAO, no systemic deviations from legislation or existing procedural guidance were identified. The main shortcomings relate to the AHRC not having appropriate contractual arrangements in place for its electronic complaints management system and the absence of a formalised quality assurance process. Since 2021, multiple reviews initiated at the request of the Australian Government to achieve savings have recommended changes to the complaints management system to improve operational efficiency. The recommended changes have not been made. (See paragraphs 2.14 to 2.52)

Complaint handling efficiency

13. AHRC has implemented systems and processes to capture input and output data which can be used to calculate basic measures of efficiency. There are issues with the reliability of complaints data that adversely affects the Commission’s management of complaints handling and its performance reporting. (See paragraphs 3.2 to 3.15)

14. Complaints handling by AHRC is not timely.

• A significant backlog in complaints developed between the first quarter of 2019–20 and quarter 3 2021–22. With fewer complaints received in 2023–24 and some additional resources, the backlog has stabilised. It remains around double what it was prior to 2019–20.
• The proportion of complaints being finalised within 12 months (one of AHRC’s performance measures, consistent with the Commission’s enabling legislation) has been declining, with AHRC not achieving its target for 2023–24. Further, this performance measure is not focused on measuring performance from the perspective of parties to the complaint.
• Complaints identified as a priority by the AHRC are typically finalised more quickly than those not prioritised. Notwithstanding this, the duration of both standard and priority complaints has increased.
• Complaint handling delays are primarily a result of delays in an accepted complaint being allocated to a case officer (rather than delays in the first stage, between complaint receipt and acceptance, or in the final stage, progressing the complaint to finalisation). The increasing time taken to allocate matters to case officers has coincided with a decrease in the number of complaints conciliated and increase in the number of discontinued complaints. (See paragraphs 3.16 to 3.41)

15. AHRC has not established a target and does not measure the resource efficiency of its Investigation and Conciliation service. The efficiency of the Investigation and Conciliation service, measured both in terms of the direct cost per finalised complaint and ratio of complaints finalised per staff member, improved over the four years up to and including 2021–22. That trend did not continue in 2022–23 and 2023–24 as a result of fewer complaints being finalised and, for 2023–24, some additional resources being provided to stabilise the backlog in complaints.

16. AHRC has not prioritised resourcing ICS in line with demand for its complaints handling services. AHRC has not developed an activity-based costing model to demonstrate the effect of the demand driven complaints workload or inform its internal allocation of resources despite an earlier recommendation from consultants in August 2021. (See paragraphs 3.42 to 3.60)

Complaint handling effectiveness

17. It has become less likely for complaints to be conciliated and more likely for complaints to be discontinued, terminated or declined by the AHRC.

• An increasing number of complaints have been assessed as suitable for conciliation and an increasing number of conciliations have been held over the last seven financial years (reflecting the higher complaint numbers overall). The proportion of complaints recorded as resolved through conciliation has decreased from 46 per cent of complaints in 2017-18 to 33 per cent in 2023-24. The Commission did not meet its target of conciliating 40 per cent of complaints in 2021-22, 2022-23 or 2023-24, notwithstanding the additional resources provided through the October 2022 Budget.
• The proportion of complaints terminated, declined or discontinued has grown, increasing from 40 per cent of complaints finalised in 2017–18 to 58 per cent of complaints finalised in 2023–24. (See paragraphs 4.4 to 4.34)

18. The AHRC is not obtaining reliable data on the extent to which complainants and respondents are satisfied with its complaint handling process.

• Parties’ measured level of satisfaction with Commission’s complaint handling processes has been decreasing over time. Overall satisfaction decreased from 91 per cent in 2017–18 to 85 per cent in 2023–24.
• Respondents and their representatives report higher levels of overall satisfaction than complainants do with AHRC complaint handling processes. Respondents also report higher levels of agreement that Commission processes are timely and fair.
• The results of the surveys reported by the Commission are not demonstrably reliable and unbiased. Of note is that 61 per cent of participants were not sent the satisfaction survey over the seven years examined. Satisfaction surveys were most often sent to participants with conciliated (53 per cent of complainants and 51 per cent of respondents) and terminated or declined outcomes (53 per cent of complainants and 52 per cent of respondents). Complainants who withdraw their complaints or complainants whose complaints are discontinued by the AHRC were less likely to be surveyed. (See paragraphs 4.35 to 4.51)

Recommendations

Summary of entity response

19. The proposed audit report was provided to AHRC. The AHRC’s summary response is reproduced below. The full response from the AHRC is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.

Providing people and organisations across Australia with a free, accessible and effective dispute resolution process for discrimination and human rights complaints is one of the Australian Human Rights Commission’s key statutory functions. It is also a core component of the Commission’s vision of an Australian society in which people’s human rights are respected, promoted and protected.

The Commission welcomes the ANAO’s report and agrees or agrees in principle with its five recommendations to improve our complaint handling function.

The Commission acknowledges that currently our complaint handling function is not timely. The COVID-19 pandemic generated an unprecedented rise in complaints. Complaint numbers have remained around 30% higher than pre-pandemic levels. This continues to adversely impact timeframes. Reducing these timeframes by ensuring the Commission’s complaint function is appropriately resourced is a key priority.

Implementing the recommendations will also strengthen the Commission’s collection and analysis of complaint performance information and public reporting.

The Commission acknowledges the professionalism, integrity and empathy of our staff who deliver our information and complaint handling services. They have supported thousands of Australians over the 7-year audit period to access justice on discrimination and the human rights issues affecting them.

Background

1. The Murray–Darling Basin (the Basin) is a system of interconnected rivers and lakes in the south-east of Australia with significant environmental, cultural and economic value.

2. The Murray–Darling Basin Plan (the Basin Plan) was developed in 2012 in response to a significant period of drought in the Basin in the early 2000s (the Millennium Drought), which resulted in a recognition across the governments that a plan was needed to manage the Basin’s water resources carefully and protect the Basin for future generations. The Basin Plan sets limits on the amount of water that can be taken from the Basin for consumptive purposes by communities, farmers and businesses, while maintaining environmental sustainability, known as the Sustainable Diversion Limits (SDLs).

3. The establishment of the SDLs was accompanied by a water recovery target to ‘bridge the gap’ between the SDLs and how much water was taken from the Basin before the introduction of the Basin Plan. At the time the Basin Plan was agreed in 2012, the ‘Bridging the Gap’ target was set at 2,750 gigalitres. This was amended in 2018 to 2,075 gigalitres. As at 31 December 2022, the Murray–Darling Basin Authority (MDBA) estimated that a gap of 49.2 gigalitres of water remained in seven catchments to reach the ‘Bridging the Gap’ target.

4. The Department of Climate Change, Energy, the Environment and Water (the department) is the Australian Government entity responsible for recovering water to bridge the gap through: monitoring water recovery programs; funding, implementing and managing water infrastructure projects and efficiency measures; and undertaking purchases of water entitlements.

5. In March 2023, the department commenced an open tender process to purchase water entitlements to recover 44.3 gigalitres of water against the remaining gap of 49.2 gigalitres. The 4.9 gigalitres of surface water located in the ACT that also needed to be recovered to achieve the Bridging the Gap target was not included in the procurement process as water rights in the ACT are held and owned by a government entity. Separate arrangements were established with the ACT Government to bridge the gap in the territory.

6. The procurement process was finalised in January 2024. As at 17 January 2025, approximately 21.62 gigalitres of water has been recovered, fully bridging the gap in two of the six target catchments, with a gap of approximately 23.07 gigalitres remaining in the other four catchments.

Rationale for undertaking the audit

7. This audit examined the effectiveness of the department’s strategic procurement of water entitlements to meet the Bridging the Gap target under the Basin Plan. It followed on from Auditor-General Report No. 2 2020–21 Procurement of Strategic Water Entitlements to provide assurance to Parliament over the arrangements in place to support the procurement process, and the conduct of the procurement process to achieve value for money.

8. Water recovery is a topic of parliamentary and public interest. The Joint Committee of Public Accounts and Audit (JCPAA) identified the audit as a priority of the Parliament for 2023–24.

Audit objective and criteria

9. The audit objective was to assess the effectiveness of the department’s strategic procurement of water entitlements to meet the Bridging the Gap target under the Basin Plan.

10. To form a conclusion against the objective, the following high-level criteria were adopted.

• Did the department establish appropriate arrangements to support strategic water procurement?
• Did the department conduct an effective procurement process to achieve value for money?

11. The audit focused on the 2023 Bridging the Gap procurement process, including arrangements to support the procurement and whether value for money was achieved. It also examined whether the recommendations from Auditor-General Report No. 2 2020–21 and the JCPAA Report 492 were implemented.

12. The audit did not examine: water recovery initiatives for targets other than the 2,075 GL/y Bridging the Gap target; compliance with water trading rules in the Basin Plan; activities of related bodies such as the MDBA or state water regulatory authorities; or the socioeconomic impacts of water recovery on local communities, except to the extent considered by the department as part of the procurement process.

Conclusion

13. The department’s strategic procurement of water entitlements to meet the Bridging the Gap target under the Murray–Darling Basin Plan was largely effective. While the department conducted an effective procurement process and demonstrated how it assessed value for money in accordance with its value for money framework, it was not able to meet the intended policy objective of fully bridging the gap through the procurement process. The current evaluation framework requires revision to enable an accurate measurement of the program’s impact on intended policy objectives, including in the context of broader evaluation activities planned for the Basin Plan. Further improvements are being made for subsequent tender processes to incorporate lessons learned, increase efficiency, and ensure better management of probity risks.

14. The department has established largely appropriate arrangements to support strategic water procurement. There are appropriate procurement frameworks in place, including a Strategic Water Purchasing Framework developed specifically for the water purchasing program outlining the scope of the program and the investment principles that would underpin water purchasing. The department has established appropriate oversight mechanisms to oversee the program and is managing program and procurement risks. An evaluation framework to monitor, report on and evaluate the strategic water purchasing program has been established. The evaluation framework does not enable an accurate measurement of the program’s impact on intended policy objectives, and requires revision to ensure that outcomes are appropriately defined, including in the context of other evaluation activities planned for the Basin Plan.

15. The department established a value for money framework for the procurement, specifying the key factors that would inform its purchasing decisions. The department documented and demonstrated how it assessed value for money in each of the six SDL resource units in accordance with its value for money framework. The procurement was compliant with the Commonwealth Procurement Rules (CPRs), except in relation to minor errors in reporting contracts on AusTender. Negotiations were undertaken to maximise value for money outcomes, and revised value for money assessments were undertaken where negotiated prices differed from the delegate’s original approved figure. Relevant information and clear recommendations were provided to the delegate to enable them to make an informed procurement decision. The department provided sound advice to the minister on options to bridge the gap in the ACT and in SDL resource units with remaining gaps to bridge.

Supporting findings

Arrangements to support procurement

16. The department has established a procurement framework that aligns with the PGPA Act and the CPRs. This framework includes Accountable Authority Instructions providing guidance on the duties of officials when conducting a procurement, and departmental policies and guidance on key aspects of procurement. The department developed a Strategic Water Purchasing Framework specific to the water purchasing program, outlining the scope of the program and the investment principles that would underpin water purchasing. (See paragraphs 2.3 to 2.14)

17. The department has established appropriate oversight mechanisms for the water purchasing program, with clearly documented roles and responsibilities. The department is managing risks to the program and there is an appropriate level of oversight over program and procurement risks. (See paragraphs 2.15 to 2.52)

18. The department has established an evaluation framework to monitor, report on and evaluate the strategic water purchasing program. The evaluation framework is focussed on short- and medium-term program outputs and does not enable an accurate measurement of the program’s impact on intended policy objectives or link the program to evaluation activities planned for the Basin Plan. Monitoring and reporting arrangements have been established, and process improvements are being made following a lessons learned review of the 2023 Bridging the Gap procurement process. (See paragraphs 2.53 to 2.85)

Procurement process and value for money

19. The procurement process was compliant with the Commonwealth Procurement Rules (CPRs), except in relation to minor errors in reporting contracts on AusTender. The department complied with the requirements relating to procurement planning and approach to market, and the tender evaluation process was conducted in accordance with the tender evaluation plan. Management of conflicts of interest was impacted by deficiencies in the declaration process. Manual tender screening and assessment processes resulted in some process inefficiencies and errors that were later discovered and corrected. (See paragraphs 3.3 to 3.46)

20. The department established a value for money framework for the strategic water purchasing program, specifying the relevant financial and non-financial factors it would consider in assessing value for money. The Tender Evaluation Panel’s value for money assessments were conducted in accordance with the approved value for money framework, and its discussions and recommendations were clearly documented in the tender evaluation reports and briefs to the delegate. Of 57 tenders approved for negotiation, the department negotiated reduced prices for 33 tenders. Revised value for money assessments were undertaken where negotiated prices differed from the delegate’s original approved figure. All tenders that were accepted or counteroffered were those recommended to the delegate as representing value for money. (See paragraphs 3.47 to 3.82)

21. The advice provided to the delegate contained relevant information to enable them to make an informed procurement decision. The department provided sound advice to the minister on options to bridge the gap in the ACT, including on whether the ACT’s proposal would contribute to bridging the gap and achieve value for money, and on strategies to bridge the remaining gap following the conclusion of 2023 Bridging the Gap procurement process. (See paragraphs 3.83 to 3.107)

Recommendations

Summary of entity response

22. The proposed audit report was provided to the department. The department’s summary response to the audit is provided below and its full response is at Appendix 1.

The Department of Climate Change, Energy, the Environment and Water (the department) welcomes the ANAO’s audit report on the Strategic Water Purchasing – Bridging the Gap 2023 procurement. The department appreciates ANAO’s recognition that administration of the Strategic Water Purchasing program for the 2023 procurement process was largely effective, with appropriate procurement frameworks and oversight mechanisms in place to support an effective procurement process, undertaken in accordance with the value for money framework.

The department agrees with the ANAO’s two recommendations identified in the audit report. Implementation of the recommendations has already commenced. The department is committed to providing meaningful evaluation of the program outcomes and has commenced a review of the evaluation framework. The department has also implemented strengthened arrangements to improve the oversight of conflict-of-interest requirements for its water purchasing programs.

Background

1. The Bureau of Meteorology (the Bureau) is responsible for providing weather, water, climate, and ocean services for Australia. The Bureau’s weather forecasts, warnings, and analyses support decision-making by governments, industry, and the community. Australian sectors that are supported by timely and accurate weather services include emergency management, agriculture, aviation, land and marine transport, energy and resources operations, climate policy, water management, defence and foreign affairs.¹

2. The Bureau is established by the Meteorology Act 1955 (Meteorology Act). Since 2002, it is an Executive Agency under the Public Service Act 1999. The Director of Meteorology has the powers and responsibilities of an accountable authority under the Public Governance, Performance and Accountability Act 2013. The Bureau’s accountable authority reports to the minister or ministers responsible for administering the Meteorology Act and the Water Act 2007 (Water Act). Since June 2022, the Director of Meteorology has reported to the Minister for the Environment and Water.

3. The Meteorology Act and the Water Act define the Bureau’s functions and the powers of the Director of Meteorology. Broadly, these are to:

• take and record meteorological observations and supply information such as forecasts, warnings, and advice on meteorological matters²; and
• collect, hold, manage, interpret, and disseminate Australia’s water information.³

Rationale for undertaking the audit

4. The Bureau manages more than $1.3 billion in non-financial assets. The Bureau estimates that observing network assets including observing network instruments and other items and systems that support the instruments’ proper functioning make up approximately 28 per cent of the Bureau’s total asset base.

5. Effective management of assets in the observing network is fundamental to the Bureau’s ability to provide services to the community. Meteorological instruments are highly specialised, geographically dispersed, and can require significant levels of investment to purchase, maintain, and repair to effectively support weather and climate forecasting, warnings, and research.

6. The audit was conducted to provide assurance to the Parliament over the Bureau’s management of assets in its observing network.

Audit objective and criteria

7. The objective of the audit was to assess whether the Bureau of Meteorology is effectively managing assets in its observing network.

8. To form a conclusion against the objective, the following high-level criteria were applied.

• Does the Bureau of Meteorology have effective frameworks and systems governing assets in its observing network?
• Does the Bureau of Meteorology have appropriate arrangements to manage the lifecycle of assets in its observing network?
• Does the Bureau of Meteorology effectively monitor, measure, and report on its management of assets in its observing network?

9. This audit focused on the Bureau’s assets in its observing network including operational maintenance practices and records, and relevant plans, policies, and frameworks for managing assets that take observations. The ANAO reviewed the Bureau’s activities from 2018 to October 2024.

10. This audit did not assess:

• the accuracy or security of the measurements taken by the Bureau’s observing network meteorological instruments;
• the quality or accuracy of the Bureau’s forecasting in the delivery of general and extreme weather services, including the ‘downstream’ processing of data and the models used to develop and inform forecasting;
• the quality or accuracy of the Bureau’s maintenance of the climate record;
• supporting infrastructure systems and items, such as air-conditioners, fencing, and small buildings;
• the procurement of observing network assets where the procurement represented expenditure other than operational maintenance; or
• the Bureau’s provision of services to the Department of Defence and related stakeholders for civil defence exercises and operations.

Conclusion

11. The Bureau is partly effective in managing assets in its observing network. The Bureau has been implementing an asset management framework and supporting elements since 2020 however the asset management framework is not fully implemented. While the Bureau has continued to deliver weather services, key areas for further improvement include reviewing asset management planning documents, establishing medium to long term financial planning arrangements to support long term strategic planning, and establishing and embedding more extensive monitoring and reporting arrangements.

12. The frameworks and systems governing the Bureau’s management of assets in its observing network are partly effective. Not all policies and plans have been completed, reviewed, and embedded as planned. The Bureau has not reviewed or updated the Strategic Asset Management Plan to reflect its current practices and does not have a financial forecast for asset intensive areas to enable long term strategic planning. Roles and responsibilities are clearly identified. The Bureau’s Enterprise Asset Management System is in place and largely being used as planned. Development of asset management processes and training pathways is not complete.

13. The Bureau’s arrangements to manage the lifecycle of assets in its observing network are partly appropriate. The Bureau’s asset management plans include lifecycle management activities and related cost estimates. The Bureau’s budget planning process for 2024–25 did not incorporate the predicted costs presented in the asset management plans. All types of maintenance are recorded in the Bureau’s Enterprise Asset Management System and triaged based on priority. The Bureau’s asset management plans include outcomes to report against, however target and actual performance levels are not complete. The Bureau’s guidance surrounding disposals is not complete. The Bureau’s Fixed Asset Register and Enterprise Asset Management System each record assets and disposals differently and the Bureau does not have guidance to ensure records are aligned.

14. The Bureau’s monitoring, measuring, and reporting on assets in its observing network is partly effective. Information on observing network asset data availability is being recorded in Bureau systems and reported to established governance bodies. The Bureau is not reporting against the achievement of sustainability funding commitments. Three of the Bureau’s newly developed observing network performance measures report whether risks have eventuated and two report whether risk controls are being implemented. Since November 2020, the Bureau has been reporting against out-of-tolerance risks relating to ‘unviable’ asset capabilities. Monitoring and reporting is not being undertaken to regularly review asset management maturity, as proposed in the Strategic Asset Management Plan.

Supporting findings

Governance and planning

15. The Bureau has developed an Enterprise Asset Management Policy and a Strategic Asset Management Plan. The Bureau has not reviewed or updated the Strategic Asset Management Plan in the required timeframes. The Enterprise Asset Financial Overview has not been implemented, and the Bureau does not have a financial forecast for ongoing and capital funding requirements for asset intensive areas to enable long term strategic planning. (See paragraphs 2.3 to 2.30)

16. The Bureau has established governance bodies that support asset management. The Bureau has established asset management roles identified as needed in the Strategic Asset Management Plan. Responsibility and accountability for asset lifecycle management is defined. Maintenance and operations responsibilities of each observing network sub-network are documented in asset management plans. (See paragraphs 2.31 to 2.45)

17. The Bureau’s procedures and systems to support the management of assets are incomplete. The Bureau’s Enterprise Asset Management System is in place and largely being used as originally planned. The Bureau does not have a plan to develop all asset management processes identified as necessary in 2022. Development is not complete for training and competency frameworks for three sub-networks and two asset classes. (See paragraphs 2.46 to 2.84)

Asset lifecycle

18. The Bureau’s asset management plans include a section on lifecycle strategies, which describes the types of activities to be undertaken within each sub-network across the lifecycle, and a five- or ten-year investment profile that includes cost estimates and key activities. The Bureau’s budget planning process for 2024–25 did not incorporate the predicted costs presented in the asset management plans. Planning for renewal and disposal is not complete for all asset management plans. (See paragraphs 3.3 to 3.37)

19. All types of maintenance are structured through work orders in the Bureau’s Enterprise Asset Management System. Maintenance tasks are assigned priorities and triaged in accordance with these. For each sub-network, between 52 per cent and 79 per cent of target preventative maintenance work orders were achieved in 2023–24. The outcomes to measure performance throughout the 11 sub-networks are not complete. (See paragraphs 3.38 to 3.69)

20. The Bureau has established policies and procedural guidance that acknowledge the necessity of disposal. This guidance is not complete as there is no guidance to support operational decision-making about when disposal is appropriate. The Bureau’s Fixed Asset Register and Enterprise Asset Management System each record assets and disposals differently. The Bureau does not have a process or guidance to ensure records are aligned between the two systems. (See paragraphs 3.70 to 3.83)

Monitoring and reporting

21. The Bureau’s performance measurement strategy measures the output of the observing network through information on observing network asset data availability. This supports reporting on the achievement of corporate outcomes identified in the Bureau Strategy 2022–2027 and Data and Digital Group Plan. The Bureau is not reporting against the achievement of sustainability funding commitments. Without a strategy for investment in asset maintenance and monitoring and reporting of the impacts of investment, the Bureau cannot know whether investment is effective. (See paragraphs 4.2 to 4.23)

22. The key performance indicator for observing network assets is data availability which is based on the risk of weather information not being available to stakeholders. Three of the Bureau’s newly developed observing network performance measures report whether risks have eventuated and two provide insight into whether risk controls are available and being implemented. Since November 2020, the Bureau has been reporting against out-of-tolerance risks relating to ‘unviable’ asset capabilities. The addition and completion of treatment plans and controls has not reduced the reported risk level. (See paragraphs 4.24 to 4.58)

23. The Bureau has identified corrective actions to take against assets or the asset management approach when observing network asset performance monitoring targets are not met. Monitoring and reporting is not being undertaken to regularly review asset management maturity, as proposed in the Strategic Asset Management Plan. The Bureau has not addressed the risks identified within internal audit recommendations. (See paragraphs 4.59 to 4.76)

Recommendations

Summary of entity response

24. The proposed audit report was provided to the Bureau. The Bureau’s summary response is reproduced below. The full response from the Bureau is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Thank you for providing the Australian National Audit Office’s report on the Bureau of Meteorology’s Management of Assets in its Observing Network.

The observing network, consisting of almost 15,000 individual assets, distributed across Australia and its territories, is one of the nation’s largest and most complex data gathering endeavours. The meteorological information gathered by the observing assets, 24 hours a day every day of the year, consists of observations of the atmosphere, space weather, terrestrial waterways and oceans.

Together, they form the information base which is vital for the provision of public weather services, the specialist needs of industry and national security, the integrity of the national climate record, and Australia’s contribution to international meteorological data and science.

I recognise the Bureau’s significant reforms and investment in the observing capabilities over the last decade, including improvements to logistics and maintenance practices through automation of manual observations and new observations maintenance hubs, the introduction of consistent asset management and technology competency and training frameworks, and the recent implementation of a new enterprise asset management system.

The Bureau agrees with the ANAO’s recommendations as further contributions to the maturity of its observing network asset management and operations, and commits to relevant actions.

Background

1. The Pharmaceutical Benefits Scheme (PBS) is an Australian Government scheme that subsidises the cost of a wide range of medicines for Australian residents and eligible overseas visitors. The PBS is enabled by the National Health Act 1953 (NHA) which regulates the listing, prescribing, pricing, charging and payment of subsidies for the supply of medicines and medicinal preparations as pharmaceutical benefits. The PBS Schedule, made under the National Health (Listing of Pharmaceutical Benefits) Instrument 2024, lists medicines subsidised under the PBS and outlines requirements for the provision of these medicines.

2. The objective of the PBS is to provide Australians with timely, reliable and affordable access to necessary and cost-effective medicines. The Department of Health and Aged Care (Health) is responsible for PBS policy and has a bilateral agreement with Services Australia to deliver PBS-related services and payments.

Rationale for undertaking the audit

3. The PBS is intended to ensure that Australians have timely, reliable and affordable access to medicines. The budgeted expenditure for the PBS for the 2024–25 financial year is $19.5 billion. This performance audit was conducted to provide assurance to Parliament that the PBS is being administered effectively.

Audit objective and criteria

4. The objective of the audit was to assess the effectiveness of the administration of the PBS.

5. To form a conclusion against the audit objective, the following high-level criteria were adopted:

• Has Health established appropriate governance and oversight arrangements for the PBS?
• Has Health established appropriate arrangements to manage the cost of the PBS?
• Have Health and Services Australia established effective arrangements to manage the delivery of PBS services and payments?

Conclusion

6. Health’s and Services Australia’s administration of the PBS is partly effective. While arrangements for managing the cost of the PBS are largely effective, there were deficiencies in arrangements for whole-of-program management and administering the delivery of PBS services and payments.

7. Health’s governance and oversight arrangements for the PBS are partly appropriate. Instruments for delegating statutory powers for administering the PBS have irregularities and anomalies. Health’s PBS Program Management Plan could be improved by including more detail on Health’s management arrangements for the PBS. Health has a largely appropriate bilateral arrangement with Services Australia to oversee its delivery of PBS services and payments. Health’s performance measurement framework for the PBS does not adequately measure and report on program outcomes. Health’s risk management focuses on shared administration risks with Services Australia and has not considered broader strategic risks to the PBS. While mechanisms are in place for stakeholder engagement on the PBS, Health has not conducted an analysis of stakeholder engagement needs or developed an overarching stakeholder engagement plan.

8. Health’s arrangements to manage the cost of the PBS are largely appropriate. Arrangements were in place to assess the cost-effectiveness of individual PBS medicines and manage the cost of listed medicines. Arrangements have been established to manage pharmacy remuneration through successive Community Pharmacy Agreements (CPAs), negotiated with the pharmacy industry, which Health supported through impact analysis for the eighth CPA signed in June 2024. Health has established processes for managing patient out-of-pocket costs and monitoring and forecasting the overall cost of the PBS. Health has not established arrangements to automate patient access to the Safety Net or engaged in horizon scanning analysis to anticipate potential future costs of new and novel medicines.

9. Health and Services Australia’s arrangements to manage the delivery of PBS services and payments are partly effective. Processes and systems for PBS claims processing are not fully effective at ensuring that legislative requirements for PBS claims are met, as Services Australia is not ensuring that PBS suppliers certify claims in accordance with legislative timeframes. While payment integrity is reviewed, it is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly met. The results are not included in Services Australia’s Annual Performance Statement. The provision of authority approvals is based on an automated system. There were differences in approval rates between authority applications made online and by phone, and Services Australia’s performance target for reporting on answering authority calls in its Annual Performance Statements does not align with the performance target agreed with Health in bilateral agreements. PBS Safety Net card claims and patient refunds are reliant on manual processes and timeliness performance measures have not been consistently met.

Supporting findings

Governance and oversight

10. Instruments that delegate powers and functions for administering the PBS have irregularities and anomalies. While Health has developed a Program Management Plan for the PBS, it does not adequately cover arrangements for managing PBS costs, stakeholder engagement and whole-of-program performance measurement. Health’s support to independent statutory bodies with responsibilities for the PBS could be improved by developing governance documentation for the Pharmaceutical Benefits Advisory Committee. (See paragraphs 2.3 to 2.24)

11. Health and Services Australia have established a Bilateral Management Arrangement, which includes bilateral agreements and bilateral governance arrangements that relate to the delivery of PBS services and payments.

• PBS-related program agreements were fit for purpose, with clear objectives and defined roles and responsibilities. All protocols supporting the bilateral arrangement were reviewed and updated between November 2023 and September 2024.
• While bilateral governance meetings have not occurred at the most senior levels, there has been regular engagement between the two entities at lower levels. Governance committees relevant to the PBS began considering risk, performance reporting, and updates to bilateral agreements in late 2023. (See paragraphs 2.25 to 2.35)

12. Health has one external performance measure for the PBS, which is not outcome focused and does not provide meaningful performance information to the Parliament or the public. Health receives monthly reporting from Services Australia on bilateral performance measures. It has not used this data to oversee Services Australia’s service delivery. Health does not provide any regular performance reporting on the PBS to the minister or its executive committee. (See paragraphs 2.36 to 2.54)

13. Health has not undertaken appropriate risk assessments or developed appropriate risk management plans for the PBS at the divisional or program level. Its risk assessments and plans do not adequately cover key program activities for which Health is responsible. Health’s shared risk management plan with Services Australia covers risks relating to the services and payments Services Australia delivers for the PBS. From late 2023, bilateral governance bodies began discussing operational risks relevant to the PBS. (See paragraphs 2.55 to 2.69)

14. Health’s arrangements for stakeholder engagement for the PBS include the provision of information through websites, invitation of written submissions from stakeholders on specific PBS issues, agreement-making with industry bodies, and hosting regular stakeholder engagement forums. These arrangements have not been informed by a systematic analysis of stakeholder engagement needs or an overarching stakeholder engagement plan or strategy. (See paragraphs 2.70 to 2.83)

Managing the cost of the PBS

15. Arrangements for assessing medicine cost-effectiveness outlined in the Guidelines for preparing submissions to the Pharmaceutical Benefits Advisory Committee have been followed. Health has complied with administrative procedures for listing medicines on the Schedule and agreeing medicine prices with sponsors. Health has negotiated deeds of agreement with medicine sponsors (covering special pricing arrangements and risk-sharing agreements) to minimise the cost of PBS medicines to government. Statutory price reductions are in place to decrease the cost of listed medicines. Medicines are delisted from the Schedule by medicine sponsors with no regular delisting process performed by Health. (See paragraphs 3.3 to 3.53)

16. The Australian Government has negotiated Community Pharmacy Agreements (CPAs) with the pharmacy sector to determine pharmacy remuneration for dispensing PBS medicines since 1990. CPAs offer flexibility to include terms such as the remuneration adjustment mechanism to mitigate unexpected expenditure for the Australian Government. The choice to negotiate a CPA rather than allowing remuneration to be set by an independent tribunal was not supported by adequate impact analysis for the seventh CPA. Health prepared an Impact Analysis for the eighth CPA, signed in June 2024, which supported continuation of pharmacy remuneration setting through a CPA. (See paragraphs 3.54 to 3.74)

17. Health has used monitoring data to model the impact of proposed changes to patient co-payment amounts and Safety Net thresholds on patient out-of-pocket costs. Based on this modelling, Health has provided advice to government on proposals to help patients achieve greater cost-savings through these mechanisms. Health has not established arrangements to automatically determine eligibility for the Safety Net. Health has estimated that 640,000 patients become eligible for the Safety Net each year but do not apply, foregoing $100 million in medicine subsidies. (See paragraphs 3.75 to 3.95)

18. Health has established arrangements for modelling the overall cost of the PBS and the impact of new medicine listings, and it provides advice to the government and Parliament through the annual Budget processes.

• Health has established a system to model PBS expenditure based on the current legislative requirements, which it uses to model the impact of new and amended medicine listings.
• Reporting on PBS expenditure is available through an annual report and reporting on Services Australia’s website.
• Health has not performed horizon scanning analysis to forecast PBS expenditure and identify potential policy changes. (See paragraphs 3.96 to 3.113)

Delivery of services and payments

19. Almost all claims (99.9 per cent) made by PBS suppliers are submitted through Services Australia’s Online Claiming for PBS system, which automatically assesses claims against legislative rules before processing advance payments. Due to an absence of controls to ensure advance payments to PBS suppliers are certified within statutory timeframes, over one-third of approved PBS suppliers have uncertified claims totalling $1.514 billion (as at 30 June 2024). Payment integrity is reviewed but is not subject to performance monitoring or reporting. Payment timeliness is monitored, and targets are regularly reported as met, but it is not included in public reporting. (See paragraphs 4.3 to 4.30)

20. A system to manage authority-required approvals has been established that is consistent with Health and Services Australia’s respective responsibilities under the PBS bilateral agreement. There are differences in approval rates depending on the method used by an applicant to apply for an authority. Reported results for the timeliness of authority approvals against performance measures set out in bilateral arrangements have largely not met targets. Services Australia reports in its Annual Performance Statement on the achievement of a performance measure target of answering authority calls within 15 minutes. This does not align with the target of answering authority calls, on average, in less than 30 seconds. (See paragraphs 4.31 to 4.52)

21. Services Australia has established processes and systems to manage PBS Safety Net and patient refunds. Both systems are reliant on paper-based application forms which are submitted by post and manually processed by Services Australia. The reliance on manual processing means that performance is sensitive to staffing numbers, which has meant timeliness performance measures have not been consistently met. Services Australia’s quality checking process for Safety Net claims does not provide accurate data on the reasons for rejecting Safety Net card applications to inform education or compliance activities. (See paragraphs 4.55 to 4.78)

Recommendations

Summary of entity responses

22. The proposed audit report was provided to Health and Services Australia. The entities’ summary responses are provided below, and their full responses are included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Department of Health and Aged Care

The Department of Health and Aged Care (the Department) welcomes the findings in the report. The Department notes the overall finding by the ANAO that the Department’s and Services Australia’s administration of the Pharmaceutical Benefits Scheme (PBS) is partly effective. The Department is committed to working towards implementing the recommendations in the report as a priority and is already taking steps to address key findings identified in the audit. The Department has also commenced engagement with its partner agency, Services Australia, to address key recommendations in relation to the delivery of the PBS payment arrangement.

The ANAO found that the department has largely appropriate arrangements to manage the cost of the PBS. The Department welcomes the finding that appropriate arrangements have been established for managing patient out-of-pocket costs for Australians and monitoring the overall cost of the PBS. The Department acknowledges the findings that arrangements have been implemented to assess and manage the cost of listed medicines and to manage pharmacy remuneration through successive Community Pharmacy Agreements, and that the bilateral arrangements with Services Australia to oversee delivery of Pharmaceutical Benefits Scheme services and payments are also largely appropriate.

Services Australia

Services Australia (the Agency) notes the findings of the report that the Agency’s arrangements to manage the delivery of the PBS services and payments are partly effective, having regard to certification of claims, reporting differences at the bilateral level compared to Annual Performance Statements, delegation instruments and PBS Safety Net.

The Agency welcomes the findings of the report and is committed to delivering the payments and services related to the PBS, which subsidises the cost of medicines for Australian residents and eligible overseas visitors. The Agency administers the PBS in accordance with the policy and legislation for which the Department of Health and Aged Care (Health) has responsibility. The Agency continues to work with Health to address the issue of uncertified claims and changes to delegation instruments in addition to expanding the work types to include PBS in its Annual Performance Statements for 2024-25.

The Agency agrees with the finding that the performance targets for answering authority calls is different for bilateral agreement and Annual Performance Statement purposes. Due to the expansive nature of the services it provides, reporting is done on a tiered basis for different purposes. The Agency continues to focus on reducing reliance on the PBS Authorities telephone line and increasing digital PBS authorities.

Background

1. Tourism Australia (TA) was established in 2004 under the Tourism Australia Act 2004 (TA Act). Its corporate plan states that its purpose is to ‘grow demand to enable a competitive and sustainable Australian tourism industry’.¹ The accountable authority for TA is the Board of Directors. TA reports having around 220 staff.

2. TA is a corporate Commonwealth entity within the Foreign Affairs and Trade portfolio. It is subject to the Commonwealth Procurement Rules (CPRs) issued by the Minister for Finance under section 105B of the Public Governance, Performance and Accountability Act 2013.

3. According to its audited financial statements, payments to suppliers represented 74 per cent of TA’s total expenses in 2023–24. Of its total budgeted expenses for 2024–25, 73 per cent were attributable to supplier expenses. As at 30 June 2024, TA had reported 55 contracts on AusTender with a start date falling within the last three financial years, valued at $265.6 million (including contract amendments).

Rationale for undertaking the audit

4. Noting that nearly three-quarters of organisational expenses relate to contracting suppliers, this audit provides assurance to the Parliament over the effectiveness of TA’s procurement and contract management activities.

Audit objective and criteria

5. The audit objective was to assess whether TA’s procurement and contract management activities are complying with the CPRs and demonstrating the achievement of value for money.

6. To form a conclusion against the objective, the following high-level criteria were applied:

• Do the procurement processes demonstrate the achievement of value for money?
• Are the contracts being managed appropriately to achieve the objectives of the procurement?

Conclusion

7. TA’s procurement and contract management activities are not effective in complying with the CPRs and demonstrating the achievement of value for money.

8. TA’s procurement processes have not demonstrated the achievement of value for money. TA makes insufficient use of open and competitive procurement processes, with 70 per cent of the 33 procurements examined in detail by the ANAO not involving open competition. An appropriate procurement policy framework is not in place and TA’s conduct of procurement activities regularly fails to adhere to requirements under the CPRs such as:

• including evaluation criteria in request documentation and using those criteria to select the candidate that represents the best value for money;
• acting ethically including fair treatment of suppliers and through the declaration and management of any conflicts of interest²; and
• maintaining appropriate records commensurate with the scale, scope and risk of the procurement.

9. TA has not effectively managed contracts to achieve the objectives of the procurement. In relation to the 33 contracts examined in detail by the ANAO:

• none had a contract management plan, including some high-risk and high-value arrangements;
• for more than half (55 per cent), TA had not included clear performance requirements in the contract. There were also shortcomings in TA’s monitoring of contractor performance across the sample examined by the ANAO;
• contract variations are common, with 33 per cent of contracts examined by the ANAO being varied. None of the variations had records created and retained by TA that demonstrated that the variation represented value for money; and
• invoicing and payments for 64 per cent did not adhere to the contracts and/or requirements under TA’s policies.

10. TA has also not been meeting its AusTender reporting requirements.

Supporting findings

Procurement processes

11. An appropriate procurement policy framework is not in place. The two versions of the Procurement Policy in place for the period covered by this ANAO performance audit do not fully reflect, or address, the principles, prescriptive requirements and mandatory rules set out in the CPRs. (See paragraphs 2.2 to 2.19)

12. Based on TA’s AusTender reporting, the majority (62 per cent) of procurements valued at or above the $400,000 threshold set by the CPRs did not involve open approaches to the market. (See paragraphs 2.23 to 2.39)

13. A competitive procurement approach was evident in the establishment of 55 per cent of the contracts examined by the ANAO. For 36 per cent of the contracts, a non-competitive approach was taken and in nine per cent there were insufficient records maintained to evidence the procurement approach taken by TA. For 10 of the procurements (30 per cent) examined by the ANAO, it was evident from the evaluation records that TA had favoured existing or previous suppliers when evaluating competing offers through panel procurement or when deciding which potential provider(s) should be invited to participate in a limited tender. Favouring existing or previous suppliers in the conduct of procurement processes is inconsistent with the CPRs. (See paragraphs 2.40 to 2.63)

14. Relevant evaluation criteria were included in request documentation for 52 per cent of the contracts examined in detail by the ANAO. For the remaining 48 per cent, either the request documentation did not include any evaluation criteria (12 per cent) or there were no records of the request documentation on file (36 per cent). This situation is not consistent with the CPRs which require evaluation criteria to be included in the request documentation. (See paragraphs 2.67 to 2.69)

15. Just over half of the contracts examined by the ANAO were awarded to the candidate where records demonstrated that it had been assessed by TA to offer the best value for money. For the remaining 48 per cent of contracts where value for money outcomes had not been demonstrated, this was primarily the result of insufficient analysis being presented commensurate with the scale of the procurement, or insufficient documentation being maintained. (See paragraphs 2.72 to 2.83)

16. TA had not conducted procurements to a consistent ethical standard as required under the CPRs. Of note was that:

• conflict of interest declarations were not completed by all evaluation team members in four per cent of the contracts examined where there was sufficient documentation on file;
• for eight per cent of the contracts where advisers were appointed to assist with the procurement process, TA’s records did not include a complete list of the individuals involved; and
• the procurements of external probity advisers were deficient in relation to how those advisers were engaged as well as the limited scope of probity services obtained by TA. (See paragraphs 2.86 to 2.110)

17. TA did not maintain appropriate records commensurate with the scale, scope and risk of the procurement (which is what the CPRs require). Forty-eight per cent of contracts examined by the ANAO were missing one or more important documents. In addition, for those contracts where adequate records were available, more than half of the contracts involved work commencing before a contract was in place. (See paragraphs 2.113 to 2.132)

Contract management

18. TA’s reporting of contracts on AusTender was not compliant with the CPRs. TA accurately reported 19 per cent of the relevant contracts examined in detail by the ANAO within the required timeframe. Key information on contract values and contract start and end dates have been reported inaccurately with contract amendments usually not reported at all. (See paragraphs 3.2 to 3.17)

19. An appropriate contract management framework is not in place. None of the 33 contracts examined by the ANAO had a contract management plan and none had a risk management plan. This included a five-year $311.3 million contract that relates to a key element of TA’s marketing efforts. (See paragraphs 3.18 to 3.32)

20. Less than half (45 per cent) of the contracts examined by the ANAO included clear performance requirements. Methods for monitoring performance were included for 79 per cent of contracts examined, including a number of contracts where performance requirements had not been specified (that is the monitoring arrangements, such as reporting and/or progress meetings, were not against a clear performance requirement). Further, TA has not consistently adhered to the performance framework set out in the contracts and it was common for there to be gaps in the records to evidence the contract management activities undertaken that TA was paying for. (See paragraphs 3.33 to 3.40)

21. For the procurements examined by the ANAO, TA has not consistently managed contracts effectively to deliver against the objectives of the procurements and to achieve value for money.

• Of the 33 contracts examined by the ANAO, 11 (33 per cent) had records of at least one variation being executed. None of the variations had supporting evidence of records to the delegate documenting the decision-making process and demonstrating that the variation represented value for money. Some variations have significantly increased the value of the contract (by up to 105 per cent) and retrospectively added additional services already delivered and/or paid for. There have also been instances of contracts continuing to operate past their stated completion date without being varied.
• Invoicing and payments under 21 of the 33 contracts examined by the ANAO did not adhere to the contracts and/or requirements under TA’s policies. This has included instances of full payments being made before final deliverables under the contract are received and payments exceeding the contracted amount. (See paragraphs 3.41 to 3.51)

Recommendations

Summary of entity response

22. The proposed audit report was provided to TA. The letter of response that was received for inclusion in the audit report is at Appendix 1. TA’s summary response is provided below.

Tourism Australia acknowledges the ANAO’s report and is fully committed to implementing its nine recommendations to improve the agency’s procurement and contract management practices.

Tourism Australia had already begun to make improvements to its procurement and contract management systems ahead of the audit, and the agency is in the process of implementing remedial actions relating to the recommendations. This includes enhancing the agency’s records management framework and processes, implementing a new procurement and contract management system and adding resources to its corporate services teams. Additional training will also be provided to all staff to improve capability to ensure that decisions are compliant, defensible, and clearly demonstrate value for money.

Some of the report’s findings relate to work undertaken during the unprecedented events of the Covid-19 pandemic, when Tourism Australia’s primary focus was on the emergency response to support an industry in crisis. Nevertheless, Tourism Australia accepts the recommendations for improvement to ensure that it can better demonstrate that the agency’s procurement and contract management activities comply with Commonwealth Procurement Rules and achieve value for money.

Background

1. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:

Conflicts of interest are also a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar of integrity architectures.¹

2. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires an official of a corporate Commonwealth entity (CCE) to:

• not improperly use their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth or others²; and
• disclose the details of any material personal interests that relate to the affairs of the entity.³

3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further guidance for CCE officials, including that material personal interests must be disclosed as soon as practicable after becoming aware of them or when there are changes in the interests. The disclosure must include details of the nature and extent of the interest and how the interest relates to the affairs of the entity.⁴

4. The Corporations Act 2001 (Corporations Act) sets out comparable requirements for Commonwealth companies, including a ‘Director’s duty to notify other directors of [a] material personal interest when [a] conflict arises’, including outlining details of the nature and extent of the interest and how it relates to the affairs of the company. The notice must be given at a directors’ meeting as soon as practicable after the director becomes aware of their interest in the matter and details must be recorded in the minutes of the meeting.⁵

Rationale for undertaking the audit

5. Public confidence in Commonwealth entities and Commonwealth companies can be damaged when conflicts of interest are not appropriately identified and managed. The public is entitled to have confidence in the integrity of public officials, and to know that officials’ personal interests do not conflict with their public duties.

6. Specialist skills and expertise may be required to provide a suitable composition for Commonwealth boards. The board members that are appointed to boards in respect of their specialist skills or expertise can have inherent interests that exist as a consequence of their specialist experience. For example, they may be involved in industry associations or have duties to other organisations. These interests can conflict with their duties as a board member.

7. The NACC and the Australian Public Service Commission (APSC) have highlighted functions commonly undertaken by Australian Government entities that have a heightened risk of conflicts of interest, including procurement, recruitment and grant activities.⁶

8. This audit was conducted to provide assurance to the Parliament that the selected entities are ensuring the integrity of their functions by appropriately managing conflicts of interest.

9. The selected entities represent a cross section of Indigenous portfolio agencies in the Prime Minister and Cabinet portfolio, each with a board as its accountable authority under the PGPA Act:

• Aboriginal Hostels Limited (AHL) is a Commonwealth company which employs staff under the Public Service Act 1999;
• Aboriginal Investment NT (known prior to August 2024 as the Northern Territory Aboriginal Investment Corporation) is a CCE; and
• Outback Stores Pty Ltd (Outback Stores) is a Commonwealth company.

Audit objective and criteria

10. The objective of the audit was to assess the effectiveness of the management of conflicts of interest by AHL, Aboriginal Investment NT and Outback Stores.

11. To form a conclusion against the objective, the ANAO adopted the following two high-level audit criteria:

• Have the entities developed appropriate arrangements to manage conflicts of interest?
• Are the entities effectively managing conflicts of interest consistent with their own policies?

12. The audit examined the entities’ management of conflicts of interest over the period 1 July 2021 to 30 June 2024, including in the areas of board governance, recruitment, procurement, annual Senior Executive Service declarations (AHL) and grant management (Aboriginal Investment NT).

Conclusion

13. AHL, Aboriginal Investment NT and Outback Stores were partly effective in the management of conflicts of interest. While there were frameworks in place to manage conflicts of interest, there were shortcomings with the implementation of those frameworks. There were deficiencies with the documentation of board consideration of conflicts and documentation of conflicts of interest declarations and management actions for procurement, recruitment and grant activity.

14. AHL, Aboriginal Investment NT and Outback Stores have developed largely appropriate arrangements to manage conflict of interest consistent with legislative requirements of corporate Commonwealth entities (Aboriginal Investment NT) and Commonwealth companies (AHL and Outback Stores). Each entity has assessed conflict of interest risks, developed a conflict of interest policy and implemented arrangements to support the declaration of interests by board members. AHL and Aboriginal Investment NT require activity specific conflict of interest declarations for staff involved in procurement and recruitment. Aboriginal Investment NT and Outback Stores implemented conflict of interest training for their boards and employees in 2024. AHL requires employees to undertake integrity training but has not implemented training for board members. All entities have implemented some form of assurance arrangement. AHL did not address alleged conflict of interest matters that were identified in three complaints, and Outback Stores did not have a complaints system or undertake controls assessment.

15. The entities were partly effective in implementing arrangements for managing conflicts of interest. Board assessments of declarations of interest were not sufficient to record whether the board had determined declarations to be material personal interests. Aboriginal Investment NT’s board did not include declarations of interests in three out of session meetings and a workshop and did not always record the nature and extent of declared conflicts. There were instances of Aboriginal Investment NT Grants Committee members with declared conflicts of interest recommending grant applications for board approval. AHL did not adequately document conflict of interest management for recruitment as required by its policy. Aboriginal Investment NT did not adequately document conflict of interest management for procurement as required by its policy. The Outback Stores board recorded board members’ interests as conflicts of interest without documenting its assessment of the interests. AHL did not monitor training completion rates.

Supporting findings

Arrangements to manage conflicts of interest

16. All entities assessed conflict of interest risks within their enterprise risk management frameworks. Aboriginal Investment NT’s and Outback Stores’ conflict of interest risk assessments occurred between April and June 2024.

• AHL had a conflict of interest related risk factor and control for recruitment in its enterprise risk register until March 2023. AHL assessed conflict of interest risks relating to ‘leakage’ of hostel accommodation revenue, procurement, and acceptance of gifts and benefits in its fraud risk register. Not all existing controls for conflict of interest were identified in these assessments.
• From April to June 2024 Aboriginal Investment NT assessed conflict of interest risks relating to procurement, recruitment and grant assessment. These assessments were undertaken after conflict of interest risks had been realised with its first grant round, which ran from May 2023 to February 2024.
• Outback Stores included an entity-wide conflict of interest risk in its risk register in May 2024 with mitigation strategies including development of a conflict of interest policy, declaration processes, and training and education arrangements. (see paragraphs 2.3 to 2.17)

17. All entities have developed arrangements for declaring, managing and overseeing conflicts of interest, including establishing gifts, benefits and hospitality policies and registers. All entities refreshed conflict of interest-related policies and procedures during 2024.

• AHL had a conflict of interest policy and specific arrangements for managing conflict of interest for recruitment. AHL’s procurement policy was updated in April 2024 to include a requirement for activity specific conflict of interest declarations.
• In May 2024 Aboriginal Investment NT implemented a conflict of interest policy and introduced declaration requirements for recruitment. After conflict of interest issues were identified with its first grant round, which ran from May 2023 to February 2024, it updated its policies, guidelines and forms to strengthen declaration and management requirements.
• Outback Stores implemented a conflict of interest policy in June 2024. Its Board Charter does not fully align with provisions of the Corporations Act relating to declaration of interests. (see paragraphs 2.18 to 2.81)

18. All entities have developed training and education arrangements to promote compliance with conflict of interest requirements. Board members for all entities are provided with induction packs that outline conflict of interest requirements. Aboriginal Investment NT and Outback Stores developed online conflict of interest training for employees and board members in 2024. New and existing AHL employees undertake mandatory APS integrity training. The National Indigenous Australians Agency provides support to Indigenous portfolio agencies in the Prime Minister and Cabinet portfolio. (see paragraphs 2.82 to 2.104)

19. All entities implemented some form of arrangement to obtain assurance over the management of conflicts of interest.

• AHL undertook internal audits which detected deficiencies in its conflicts of interest arrangements for recruitment and complaints management. AHL has a complaints system, but it did not consider conflict of interest-related aspects of three complaints in accordance with its Conflict of Interest Policy.
• Aboriginal Investment NT has implemented a complaints system and undertook an internal audit in 2024 which detected deficiencies in its conflicts of interest arrangements for grants assessment.
• Outback Stores undertook an internal audit in 2024 that assessed compliance with its June 2024 Conflict of Interest Policy. It did not have a complaints system or undertake controls assessment. (see paragraphs 2.105 to 2.127)

Effectiveness of conflict of interest arrangements

20. Each entities’ board had processes for members to declare interests and conflicts of interests. All of the boards were deficient in recording their assessment of board members’ declared interests and whether they were considered to be material personal interests. Deficiencies were also identified with activity-specific processes for declaring and managing conflicts of interest relating to recruitment (all entities), procurement (all entities), SES declarations (AHL), and grant assessment (Aboriginal Investment NT).

• AHL did not record its assessment of whether a board member’s declared interest as a conflict and no management plan was put in place. AHL complied with the requirement for annual declaration of SES interests, but record keeping was deficient. While conflicts of interest for AHL’s recruitment activities were generally declared consistent with its policy, management of conflicts were not always documented. AHL’s procurement processes were largely consistent with policy requirements.
• Aboriginal Investment NT had three out of session board meetings and one board workshop where the standard declaration of interests agenda item did not occur. Aboriginal Investment NT did not always document the nature and extent of conflicts of interest declared by board members and grants committee members, and in some instances grants committee members with declared conflicts voted to recommend board approval of grant applications. Aboriginal Investment NT did not follow its procurement policy requirements for activity-specific conflict of interest declarations.
• Outback Stores recorded board member’s declared interests as ‘conflicts of interest’ without documenting how it related to the affairs of the entity or management plans. It did not have any declared conflicts of interest for procurement and recruitment activity. (see paragraphs 3.3 to 3.50)

21. Aboriginal Investment NT and Outback Stores established monitoring arrangements for their conflict of interest training, which was implemented in 2024, and achieved employee completion rates of over 90 per cent. AHL does not monitor employee completion rates for mandatory integrity training or conflicts of interest components of induction training. (see paragraphs 3.51 to 3.59)

Recommendations

Summary of entity responses

22. The proposed audit report was provided to AHL, Aboriginal Investment NT and Outback Stores. An extract was provided to the National Indigenous Australians Agency (NIAA). The summary responses are reproduced below. The full responses from each entity are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Aboriginal Hostels Limited

AHL acknowledges the findings in the report, gratefully accepts its recommendations and will take appropriate action to strengthen areas relating to the implementation of our established frameworks for managing conflicts of interest.

I would like to thank the ANAO audit team for their professional and collaborative approach throughout this process.

Aboriginal Investment NT

We welcome the report and accept its recommendations. As a newly established corporate Commonwealth entity, ensuring trust and confidence in our arrangements through the highest integrity standards is vital. We are committed to ensuring that appropriate control and procedural arrangements are implemented as our organisation continues to grow and mature. We have already undertaken steps to implement the recommendations and have planned for an internal audit to follow up on their implementation. This internal audit has been scheduled in our 2024–25 Strategic Internal Audit Program.

Outback Stores Pty Ltd

Thank you for your correspondence of 28 October 2024 regarding the proposed report under s.19 of the Auditor–General Act 1997 on the management of conflicts of interest.

Outback Stores acknowledges the importance of the audit in providing assurance to the Parliament over the effectiveness of the management of conflicts of interest. Further, the broader public are entitled to have confidence in officials of all Indigenous portfolio bodies in the integrity of these agencies.

Outback Stores accept the key findings, recommendations and opportunities for improvement outlined in the report, with alignment to the sole recommendation complete.

Background

1. In September 2022 the Australian Energy Regulator reported that over the course of 2022, the war in Ukraine resulted in price volatility and price hikes for energy on international markets.¹ Due to the links between domestic and export markets this affected domestic customers and the wider economy. Simultaneously, domestic factors contributed to wholesale energy price increases.

2. The Department of the Treasury (Treasury) and the Department of Climate Change, Energy, the Environment and Water (DCCEEW) were lead entities in the development of policy options to seek to address energy price increases. On 9 December 2022, the Prime Minister, the Treasurer, and the Minister for Climate Change and Energy announced the Energy Price Relief Plan (the plan) — a package of measures designed to ‘shield Australian families and businesses from the worst impacts of predicted energy price spikes.’

Rationale for undertaking the audit

3. The budget for the package of measures under the Energy Price Relief Plan was estimated between $3 billion and $3.5 billion over five years. The government sought urgent advice on options to seek to address energy price increases.

4. The audit provides assurance to Parliament on whether the Energy Price Relief Plan was effectively designed and the effectiveness of planned frameworks for implementation and evaluation.

Audit objective and criteria

5. The objective of this audit was to assess the effectiveness of the design process for the Energy Price Relief Plan.

6. To form a conclusion against the objective, the following criteria were adopted.

• Was the development of the plan informed by sound policy advice?
• Was implementation effectively planned?
• Are the arrangements to assess the achievement of outcomes of the plan effective?

7. The audit did not assess:

• the design or implementation of the Capacity Investment Scheme which was also included in the 9 December 2022 announcement;
• the design of the Australian Domestic Gas Security Mechanism reforms agreed to by government in September 2022; or
• the implementation of the extension of the energy bill rebates announced in May 2024.

Conclusion

8. The design process for the Energy Price Relief Plan was largely effective. The design process could have been improved with earlier engagement with delivery agencies. The Energy Price Relief Plan would benefit from a plan to assess the achievement of outcomes.

9. The development of the Energy Price Relief Plan was informed by sound policy advice. Roles and responsibilities, relevant guidance and risk management processes were in place to support the development of the Energy Price Relief Plan. Benefits of policy options were assessed and were supported by evidence. During the design process industry stakeholders were consulted on the gas market interventions. Stakeholders within the APS were consulted in the development of policy options, except for: Services Australia; the Department of Infrastructure, Transport, Regional Development, Communications and the Arts (DITRDCA); and the Department of Veterans’ Affairs (DVA). Earlier engagement with APS delivery agencies would have improved the consideration of implementation within the policy advice provided to government. Treasury and DCCEEW did not document risks associated with rapid policy development and risk mitigation strategies. Activities that can assist in reducing risks were undertaken, including seeking expert advice, engaging industry stakeholders, and establishing fit-for-purpose governance and coordination arrangements.

10. Arrangements established to support implementation of the Energy Price Relief Plan were largely effective. Policy advice to government identified risks for all measures. Risks related to the Australian Domestic Gas Security Mechanism reforms were considered when the reforms were initially developed in 2022, however risks specific to bringing forward the commencement of the reforms were not incorporated with other risks included in policy advice. Treasury and DCCEEW monitored risks for three of the five measures — targeted electricity bill rebate, mandatory gas code of conduct, and coal price cap. The department responsible for the implementation of the targeted electricity bill rebate was not identified in policy advice provided to government in December 2022 and was not confirmed by government until August 2023. Treasury had not established a risk assessment and an implementation plan for the targeted electricity bill rebate and the gas price cap. Treasury’s progress reports to government on the targeted electricity bill relief included elements of implementation planning.

11. Arrangements to assess the achievement of outcomes for the Energy Price Relief Plan were largely effective. While activities to assess the achievement of outcomes for individual measures have been planned or undertaken, plans to assess the collective impacts of the five measures under the Energy Price Relief Plan were not established. Monitoring arrangements have been established for four of five measures and implemented — the Australian Domestic Gas Security Mechanism has not been activated. Treasury and DCCEEW have produced reporting on the collective impacts of select measures. DCCEEW has conducted a review of the coal price cap. Planning has commenced for reviews of the targeted electricity bill rebate, mandatory gas code of conduct and Australian Domestic Gas Security Mechanism.

Supporting findings

Development of the plan

12. Roles and responsibilities were defined for the development of policy options. Treasury and DCCEEW have largely relevant guidance on developing policy advice available for staff. The departments did not document risks, and associated mitigation strategies, related to policy development. Activities that may reduce risks were undertaken: Treasury and DCCEEW sought expert advice; the Australian Competition and Consumer Commission (ACCC) engaged with select industry stakeholders; and the Department of the Prime Minister and Cabinet (PM&C) established fit-for-purpose governance and coordination arrangements. (See paragraphs 2.3 to 2.19)

13. During the development of policy advice, APS stakeholders — except for Services Australia, DITRDCA and DVA — were engaged in the design of all measures. Select industry stakeholders were engaged on the gas market interventions prior to policy advice being provided to government. (See paragraphs 2.20 to 2.81)

14. Market modelling and data and advice from relevant government entities was used to support advice to government on policy options. Potential impacts of the proposed policy options included in policy advice were supported by evidence. Treasury and DCCEEW’s impact analysis included an assessment of regulatory burden costs and benefits for three measures — gas price cap, mandatory gas code of conduct and bringing forward the commencement of the Australian Domestic Gas Security Mechanism reforms. While DCCEEW had undertaken a preliminary assessment, an impact analysis was not undertaken for the remaining two measures — targeted electricity bill rebate and coal price cap. (See paragraphs 2.82 to 2.94)

Planning for implementation

15. Advice to government identified risks for four of the five measures. Risks related to the Australian Domestic Gas Security Mechanism reforms were considered as part of an earlier impact assessment process and specific risks related to bringing forward the commencement of the reforms were not highlighted in policy advice. Advice did not document the risk that payments may be made to ineligible recipients under the targeted electricity bill rebate measure. DCCEEW undertook risk assessments for two of the five measures — the mandatory gas code of conduct and the coal price cap. Risks were monitored for three of the four measures led by Treasury and DCCEEW — the targeted electricity bill rebate, mandatory gas code of conduct, and coal price cap. Risk reporting was undertaken by Treasury for the targeted electricity bill rebate and by DCCEEW for the mandatory gas code of conduct. Risks related to the gas price cap and coal price cap measures were not reported. (See paragraphs 3.3 to 3.16)

16. Advice to government included information on implementation of all five measures under the plan. Policy advice on the targeted electricity bill rebate and the coal price cap measures did not identify which department would be responsible for implementation. Implementation plans were established for three measures — mandatory gas code of conduct, coal price cap and bringing forward the commencement of the Australian Domestic Gas Security Mechanism reforms. Implementation planning activities were undertaken for the remaining two measures. For the targeted electricity bill rebate, Treasury had not established an implementation plan. Elements of implementation planning were included within progress reports provided to government. Implementation planning was discussed in governance meetings co-chaired by Treasury and Services Australia. (See paragraphs 3.17 to 3.38)

Monitoring and assessing the achievement of outcomes

17. Subsequent to the announcement of the Energy Price Relief Plan in December 2022, oversight and monitoring frameworks have been established and implemented for four of five measures — the Australian Domestic Gas Security Mechanism has not been activated and therefore monitoring arrangements have not been implemented. Monitoring activities are being undertaken in accordance with the frameworks which have been established. (See paragraphs 4.3 to 4.29)

18. Treasury and DCCEEW outlined the objectives and estimated impacts of the Energy Price Relief Plan. Plans to assess the collective impacts of the five measures under the plan were not established. Entities have developed plans to assess the achievement of outcomes for the individual measures, except for the gas price cap. Treasury and DCCEEW have reported collective impacts of the Energy Price Relief Plan and DCCEEW has conducted a review of the New South Wales coal price cap. Statutory reviews of the mandatory gas code of conduct and the Australian Domestic Gas Security Mechanism reforms are due to be undertaken during 2025. (See paragraphs 4.30 to 4.70)

Recommendations

Summary of entity responses

19. The proposed report was provided to the Department of the Treasury and the Department of Climate Change, Energy, the Environment and Water. Extracts of the proposed report were provided to the ACCC, AER, DVA, Services Australia, DITRDCA, DISR, and PM&C.

20. Treasury, DCCEEW, the AER and DISR provided summary responses and these are below. Full responses from these entities are included at Appendix 1.

Department of the Treasury

Treasury welcomes the report, in particular the reflection that the policy was based on sound advice and that both policy and implementation development were largely effective to achieve the desired policy outcomes. Treasury also welcomes the report’s key messages, especially regarding the need to adapt risk appetite to short timeframes and urgent delivery. This aligns with Treasury’s risk management policy, noting our higher appetite for risk in these circumstances while still balancing potential consequences.

Treasury agrees with the recommendation presented in the report. Treasury accepts the ANAO’s evidence regarding the risk assessments and implementation planning during the development of the Energy Price Relief Plan. Treasury considers the recommendation recognises the ANAO’s findings and Treasury acknowledges it could develop guidance on how the risk management framework should be applied in situations where timeframes are short and delivery is urgent.

Treasury has engaged an external review of the implementation of the first round of the Energy Bill Relief Fund and will leverage findings from this review in drafting further risk management guidance.

Department of Climate Change, Energy, the Environment and Water

The Department of Climate Change, Energy, the Environment and Water (the department) welcomes the ANAO report and the conclusion that the design process for the Energy Price Relief Plan was largely effective, with no recommendations made for the department.

The Government’s Energy Price Relief Plan was a package of measures developed to shield Australian families and businesses from the worst impacts of predicted energy price spikes. This rapid policy development occurred within complex electricity and gas markets and required engagement across multiple agencies and other parties during its development and implementation.

The ANAO’s observations including areas of improvement applicable in the unique setting of rapid policy development are valuable insights that will inform and influence the department’s continual improvement practices in stakeholder engagement and program governance.

Australian Energy Regulator

The AER was provided with extracts from the proposed report.

The AER notes that there are no findings or recommendations relating to the AER.

The AER notes the contents of the report, including the key messages. The key messages reflect the experience and approach of the AER.

Department of Industry, Science and Resources

The Department of Industry, Science, and Resources (the department) acknowledges the Australian National Audit Office’s proposed audit report on the Design of the Energy Price Relief Plan.

The department acknowledges the report’s key findings on policy design, governance and risk management. The department strives to achieve meaningful stakeholder engagement to ensure feedback is accounted for in policy design. In the design and implementation of the Australian Domestic Gas Security Mechanism (ADGSM) reforms, two public consultation processes were conducted – on the design of policy and on the draft guidelines – to inform the development of effective policy that contributes to the delivery of positive outcomes for our stakeholders.

The department is committed to establishing and improving robust governance and risk management practices, and notes these principles are particularly important when designing and implementing policy initiatives in constrained timeframes.

Background

1. The Public Service Act 1999 (PS Act) requires that Australian Public Service (APS) employees, agency heads and statutory office holders abide by the APS Code of Conduct.¹ The APS Code of Conduct, consistent with duties under the Public Governance, Performance and Accountability Act 2013 (PGPA Act), require officials to declare the receipt of gifts, benefits and hospitality. Collectively, these requirements establish obligations for officials and Commonwealth entities in relation to how they manage the provision and receipt of gifts, benefits and hospitality.

2. Section 27 of the PGPA Act states that an official must not improperly use their position to gain, or seek to gain, a benefit for themselves or another person, or to cause, or seek to cause, detriment to the entity, the Commonwealth, or any other person.² The National Anti-Corruption Commission Act 2022 also contains provisions against conduct that adversely affects (or could adversely affect) the honest and impartial exercise of any public official’s powers, functions or duties.³

3. The Australian Public Service Commission (APSC) publishes Guidance for Agency Heads – Gifts and Benefits. The principles underpinning this guidance are that:

• agency heads are meeting public expectations of integrity, accountability, independence, transparency and professionalism in relation to gifts and benefits; and
• there is consistency in relation to agency heads’ management of gifts and benefits across APS agencies and Commonwealth entities and companies.⁴

4. The Murray–Darling Basin Authority (MDBA) is a corporate Commonwealth entity established under the Water Act 2007 (the Water Act) and comprises:

• an eight-member Authority (the Authority) with functions and responsibilities defined under the Water Act and conditions set by the Remuneration Tribunal⁵; and
• a statutory agency of staff engaged under the Public Service Act, with an average staffing level of 367 for 2024–25.⁶

5. The MDBA is responsible for coordinating how water resources are managed in the Murray–Darling Basin.⁷

Rationale for undertaking the audit

6. Section 27 of the PGPA Act states that an official must not improperly use their position to gain, or seek to gain, a benefit for themselves or another person, or to cause, or seek to cause, detriment to the entity, the Commonwealth, or any other person. Public service entities must meet public expectations of integrity, accountability, independence, transparency, and professionalism. Acceptance of a gift or benefit that relates to an official’s employment can create a real or apparent conflict of interest that should be avoided.⁸

7. Public confidence in Commonwealth entities and the APS can be damaged when gifts and benefits that create a conflict of interest are accepted or not properly declared. The APSC states in its publication, APS Values and Code of Conduct in practice, that the risk of the appearance of a conflict can damaging to public confidence:

The appearance of a conflict can be just as damaging to public confidence in public administration as a conflict which gives rise to a concern based on objective facts.⁹

8. This audit was conducted to provide assurance to the Parliament that the MDBA has complied with gifts, benefits and hospitality requirements.

Audit objective and criteria

9. The objective of the audit was to assess whether the MDBA had complied with gifts, benefits and hospitality requirements.

10. To form a conclusion against the objective, the ANAO adopted the following two high-level audit criteria.

• Did the MDBA have effective arrangements in place to manage gifts, benefits and hospitality?
• Were the MDBA’s controls and processes for gifts, benefits and hospitality operating effectively in accordance with its policies and procedures?

11. The audit examined the management of gifts, benefits and hospitality within the MDBA over the period 1 July 2021 to 31 March 2024.

Conclusion

12. The MDBA has been partly effective in complying with gifts, benefits and hospitality requirements. While the MDBA has policies and procedures for managing gifts, benefits and hospitality, the implementation of its controls and processes for ensuring compliance with gift, benefit and hospitality requirements have not been effectively operationalised.

13. The MDBA has established largely effective arrangements for managing gifts, benefits and hospitality. The MDBA has not considered conflict of interest risks associated with gifts, benefits and hospitality within its risk management framework. While the MDBA has developed policies and procedures for the acceptance and provision of gifts, benefits and hospitality, there are opportunities to improve the consistency between policies and procedures. Whole of government training on integrity and fraud and corruption is mandatory for MDBA staff. Limited guidance is provided to Authority members. The MDBA maintains an internal register of gifts and benefits accepted by MDBA officials, and has published a register of gifts and benefits received by the Chief Executive.

14. The MDBA’s controls and processes are partly effective in supporting its compliance with gift, benefit and hospitality requirements. Deficiencies were identified with preventative controls relating to reporting on mandatory training completion and the compliance with policy and procedural requirements for the acceptance and provision of gifts, benefits and hospitality. While the MDBA does not have specific detective controls relating to acceptance of gifts, benefits and hospitality, since 2022–23 it has included a question on provision of hospitality in its biannual financial compliance survey. The MDBA has not established processes for managing non-compliance or assurance activities for gifts, benefits and hospitality.

Supporting findings

Arrangements for managing gifts, benefits and hospitality

15. The MDBA has articulated risks and controls related to bribery and corruption in a 2024 fraud and corruption risk assessment. Existing controls related to acceptance or provision of gifts, benefits and hospitality were not referenced in the 2024 assessment. Two integrity-related risks were identified in the MDBA’s November 2021 Enterprise Risk Management Plan. The MDBA developed a revised suite of enterprise risks in August 2023, which no longer includes integrity-related risks. (See paragraphs 2.6 to 2.21)

16. The MDBA has developed policies and procedures for the acceptance of gifts, benefits and hospitality through its Accountable Authority Instructions, Instrument of Delegation, Official Hospitality, Gifts and Benefits Guidelines and Declaration of Interests Policy. There were inconsistencies between these documents in relation to instructions for accepting ‘token gifts, benefits or hospitality’ (valued at $50 or below). In addition, the guidelines do not specify timeframes for obtaining delegate approval and reporting on acceptance of gifts, benefits or hospitality or sanctions associated with failure to comply with the requirements. (See paragraphs 2.22 to 2.37)

17. The MDBA has developed policies and procedures for the provision of gifts, benefits and hospitality through its Accountable Authority Instructions, Instrument of Delegation, Official Hospitality, Gifts and Benefits Guidelines and other policy documents. There were inconsistencies between these documents in relation to the distinction between official hospitality and business catering. (See paragraphs 2.38 to 2.56)

18. The MDBA has a mandatory training package which includes responsibilities and expectations for officials relating to gifts, benefits and hospitality. The relevant modules are whole of government modules on integrity and fraud and corruption. Members of the Authority have not been provided specific guidance on policy and procedural requirements for gifts, benefits and hospitality. ( See paragraphs 2.57 to 2.67)

19. The MDBA has published a register of gifts and benefits received by the Chief Executive. It updated the register in October 2024 to comply with the requirement to annually report gifted airline lounge memberships. In August 2024 the MDBA decided to commence publishing gifts and benefits received by MDBA officials, including Authority members. The MDBA maintains an internal register of gifts, benefits and hospitality accepted by officials from external parties. It expanded the register in August 2024 to cover provision of official hospitality. There were no internal reporting mechanisms in place for the Chief Executive or management committees to have oversight of gifts, benefits and hospitality accepted or provided by MDBA officials. As a result of the inconsistencies in the treatment of official hospitality and business catering events by the MDBA, and the absence of a register, the MDBA has not been well placed to accurately report to Parliament on instances of official hospitality. (See paragraphs 2.68 to 2.80)

Controls and processes for managing gifts, benefits and hospitality

20. The MDBA has implemented preventative controls for the receipt or provision of gifts, benefits and hospitality through its policies and procedures, mandatory staff training, delegations and approval requirements. The MDBA does not provide reporting on the completion of mandatory training to the Chief Executive or relevant governance committees. Requirements set out in policies and procedures prohibiting the acceptance of gifts, benefits and hospitality from contractors were not adhered to. There was inconsistent treatment of business catering and official hospitality events, and instances of non-compliance with controls for official hospitality. (See paragraphs 3.6 to 3.50)

21. The MDBA has not implemented detective controls specifically for the purpose of identifying non-compliance with requirements for the receipt and provision of gifts, benefits and hospitality. The MDBA’s biannual financial compliance survey is a detective control than can support the identification of non-compliance with requirements. Officials responding to the survey identified one instance of non-compliance with business catering or official hospitality guidelines in 2023–24, which was included in summary reporting provided to the Chief Executive. (See paragraphs 3.51 to 3.57)

22. The MDBA has not documented or implemented processes for managing identified instances of non-compliance relating to management of gifts, benefits and hospitality. The ANAO identified instances of non-compliance that had not been identified or reported by the MDBA. (See paragraphs 3.58 to 3.62)

23. The MDBA has not developed an evidence-based assurance framework that considers management of gifts, benefits and hospitality. (See paragraphs 3.63 to 3.68)

Recommendations

Summary of entity responses

24. The proposed report was provided to the MDBA. Extracts of the proposed report were also provided to Callida Indigenous Consulting, Chartertech, eWater, Hudson, Paxus, Scyne Advisory and Xaana.ai. Summary responses to the report, where provided, are below and the MDBA’s full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Murray–Darling Basin Authority

The MDBA welcomes the ANAO’s findings and agrees with the three recommendations in the Report. We are pleased that no non-compliance with our legislative obligations (including PGPA Act) were identified.

We are committed to upholding the highest standards of integrity. Currently, we are working to improve consistency in policy requirements and control operating effectiveness over the management of gifts, benefits, and official hospitality.

Our actions in response to the ANAO audit include frequent reporting and increased oversight on our internal gifts, benefits, and hospitality register to identify potential conflicts of interest. We are also embedding processes to ensure compliance with mandatory staff training and internal procedures, and reviewing internal policies for consistent treatment of gifts and benefits.

The MDBA also has progressed significant work in relation to improving its risk management practices over the past 18 months and is currently focused on integrity related risks and appropriate controls, including in relation to gifts, benefits and hospitality.

The MDBA appreciates the ANAO’s approach in conducting the audit, including regular engagement, progress updates, and efforts to understand our agency’s policy and practices.

Chartertech

Chartertech’s Conflict of Interest Policy and Declaration outlines the policy for receiving gifts and benefits. This policy requires declaration of any gifts, benefits or hospitality received valued at over $100, this threshold is applied to the Chartertech Gifting Register, which was referenced in the ANAO response. Chartertech can confirm that there are no records of gifts, benefits or hospitality provided for any MDBA personnel in accordance with this policy.

Background

1. Indigenous Business Australia (IBA) is a corporate Commonwealth entity established under the Aboriginal and Torres Strait Islander Act 2005. IBA’s purpose includes to enhance Aboriginal and Torres Strait Islander self-management and economic self-sufficiency.¹ The National Indigenous Australians Agency (NIAA) is a non-corporate Commonwealth entity established as an executive agency in 2019. It is the lead Australian Government agency for Aboriginal and Torres Strait Islander policies and programs. NIAA’s purpose includes advancing a whole-of-government approach to improving the lives of Aboriginal and Torres Strait Islander people.²

2. Parliamentary committee and Auditor-General reports identify risks to the successful delivery of government outcomes and provide recommendations to address them. Where a parliamentary committee has made policy recommendations, the responsible minister is required to prepare and table a government response in the Parliament. The Auditor-General provides independent assurance as to whether the Executive government is operating and accounting for its performance in accordance with the Parliament’s intent. Auditor-General reports, which include audited entities’ responses to recommendations, are tabled in the Parliament. The tabling in the Parliament of an agreed response to parliamentary committee or Auditor-General recommendations is a formal commitment by the government or an entity to implement the recommended actions.

3. Successful implementation of agreed³ recommendations by Australian government entities requires effective governance arrangements to respond to, monitor and implement recommendations, with fit-for-purpose and proportionate implementation planning that sets clear responsibilities and timeframes for delivering the agreed actions.

4. The ANAO undertakes audits of implementation of recommendations made by parliamentary committees and the Auditor-General.⁴

Rationale for undertaking the audit

5. Parliamentary committee and Auditor-General reports have identified risks to and shortcomings in the successful delivery of outcomes in the Indigenous affairs portfolio. Recommendations have specified actions aimed at addressing those risks and identified opportunities for improving public administration. Implementation of agreed recommendations delivers on a formal commitment to the Parliament and is an important part of realising the full benefit of a parliamentary inquiry or audit. Appropriate and timely implementation of agreed recommendations demonstrates accountability to the Parliament and a commitment to improving public administration.

6. This audit provides assurance to the Parliament about whether recommendations directed to IBA and NIAA are being implemented as agreed.

Audit objective and criteria

7. The audit objective was to examine whether the selected entities have implemented a selection of agreed parliamentary committee and Auditor-General recommendations.

8. To form a conclusion against the objective, the following high-level criteria were adopted.

• Do IBA and NIAA have fit-for-purpose arrangements to respond to, monitor and implement agreed recommendations?
• Did IBA and NIAA respond to and implement agreed recommendations effectively?

9. To allow sufficient time for implementation, the ANAO examined implementation of agreed recommendations made between January 2020 and December 2022. The 25 recommendations examined comprised 10 recommendations from three parliamentary committee reports, and 15 recommendations from four Auditor-General reports.

Conclusion

10. As at August 2024, IBA had largely implemented the agreed recommendations examined in this audit, and NIAA had partly implemented the agreed recommendations. Implementation was not supported by robust governance arrangements in either entity, although arrangements matured during the course of the audit.

11. IBA’s arrangements to respond to, implement and monitor agreed parliamentary committee and Auditor-General recommendations are largely fit for purpose. IBA documented practices for managing recommendations in 2024. As at August 2024, these practices were not fully implemented as IBA was not subject to any parliamentary committee recommendations. NIAA’s arrangements to respond to parliamentary committee and Auditor-General recommendations are partly fit for purpose. NIAA documented practices for managing recommendations in 2024. These included new practices for managing parliamentary committee recommendations. As at August 2024, these practices were not fully implemented. The practices have the potential to be fit for purpose.

12. NIAA’s advice to government on how to respond to parliamentary committee recommendations was partly effective. IBA fully implemented three of the four agreed Auditor-General recommendations and largely implemented the remaining one. NIAA fully implemented six of 21 agreed parliamentary committee and Auditor-General recommendations and largely implemented one. Implementation of the remaining 14 NIAA recommendations was either partial (seven) or ongoing as at August 2024 (seven).

Supporting findings

Arrangements for managing agreed recommendations

13. IBA documented practices to respond to, implement, monitor and close agreed parliamentary committee recommendations in April 2024. These practices include implementation planning that covers roles and responsibilities, timeframes and risk. As at August 2024, these practices had not been implemented as IBA had no active parliamentary recommendations. NIAA documented practices to identify and respond to parliamentary committee recommendations in September 2023. NIAA does not monitor compliance with required timeframes for responding to parliamentary committee recommendations, and practices could be improved to promote better timeliness. NIAA documented practices to implement, monitor and close agreed parliamentary committee recommendations in August 2024. This followed commitments made to the Executive Board, Audit and Risk Committee and the Parliament to clarify and improve practices. As at August 2024, NIAA’s practices documented in August 2024 have not been implemented. (See paragraphs 2.4 to 2.39)

14. IBA and NIAA have established practices to respond to, implement, monitor and close agreed Auditor-General recommendations, including reporting to audit and risk committees and providing implementation updates to accountable authorities. IBA’s management practices for Auditor-General recommendations were documented and strengthened to include implementation planning in April 2024. IBA’s practices could be improved to clarify the role of the IBA Board in approving responses to recommendations. NIAA’s practices were documented in August 2024. This included formalising practices for implementation planning established in October 2023, requiring reporting to the Executive Board on implementation and closure, and improving closure practices to support the Audit and Risk Committee to fulfil its assurance function. (See paragraphs 2.40 to 2.63)

Implementation of agreed recommendations

15. IBA was not the subject of parliamentary committee recommendations in the timeframe examined in this audit. NIAA was responsible for coordinating the government response to two parliamentary committee reports examined in this audit. NIAA did not provide draft responses and associated advice in sufficient time to enable government to table responses in the timeframes set by the Parliament. Draft responses prepared by NIAA were consistent with relevant Australian Government guidelines, except that responses to disagreed recommendations did not always clearly state why the recommendation was not accepted. Advice to the Minister for Indigenous Australians (the minister) for recommendations that were accepted did not always include implementation details; risks or sensitivities; or a timeframe. In October 2022, the minister requested more information on outstanding responses to parliamentary committee reports, which was not provided. In April 2024, NIAA recommended to the minister that a ‘standard response’ be made to 39 recommendations in 10 outstanding parliamentary reports dating back to 2010. The response ‘noted’ the recommendations and stated that, given the passage of time, a substantive response was no longer appropriate. This was in line with correspondence from the government, except that NIAA did not advise the minister on whether or why a different response might be warranted. (See paragraphs 3.5 to 3.21)

16. Implementation planning for the examined recommendations was limited in both entities.

• IBA assigned responsibility and identified implementation actions for all four recommendations. It did not establish timeframes or assign risk ratings.
• NIAA’s implementation planning for 10 parliamentary committee recommendations was partial or not undertaken. NIAA assigned responsibility for all 11 Auditor-General recommendations examined. Other elements of implementation planning were not consistently undertaken. (See paragraphs 3.22 to 3.26)

17. IBA’s monitoring, assurance and closure of the four recommendations improved over the time period examined by the audit. IBA monitored implementation progress for all Auditor-General recommendations. Reporting on some recommendations to the Audit, Risk and Performance Committee was not timely nor complete until the committee requested evidence of implementation in September 2022. After September 2022, IBA prepared closure reports and effectively closed all recommendations.

18. NIAA did not consistently monitor implementation progress for the parliamentary committee recommendations examined in this audit, or report on progress to an oversight or assurance body. NIAA did not formally close the three (of 10) recommendations it considered implemented. NIAA monitored implementation progress for all 11 Auditor-General recommendations examined in this audit, and reported progress to the Audit and Risk Committee. Reporting on some recommendations was not timely. While closure reports were prepared for all 11 recommendations (which NIAA considered implemented), one closure report had no supporting evidence, senior official approval was inconsistently recorded and evidenced, and 10 closure reports were not shared with the Audit and Risk Committee. The committee noted closure of all 11 recommendations. (See paragraphs 3.27 to 3.42)

19. IBA and NIAA’s implementation of the 25 agreed recommendations examined in this audit, as at August 2024, was as follows.

• Of four Auditor-General recommendations to IBA, IBA considered all four to have been implemented. The ANAO assessed that three recommendations were fully implemented and one was largely implemented.
• Of 10 parliamentary committee recommendations relevant to NIAA, NIAA considered two were fully implemented and one was partly implemented. The ANAO assessment agreed with NIAA’s.
• Of 11 Auditor-General recommendations to NIAA, NIAA considered all 11 to be fully implemented. The ANAO assessed that four recommendations were fully implemented, one was largely implemented, and six were partly implemented.
• Of the 21 recommendations relevant to NIAA, responses to 11 included commitments that were additional to the recommendation. The ANAO assessed that additional commitments were fully implemented for three; partly implemented for five; and that implementation was still ongoing for three. (See paragraphs 3.43 to 3.54)

Recommendations

20. The Auditor-General did not make any recommendations. Eight opportunities for improvement were identified, relating to:

• IBA’s practices for responding to parliamentary committee and Auditor-General recommendations;
• NIAA’s practices for monitoring parliamentary activity, assisting government to responding to parliamentary committee recommendations, and closing Auditor-General recommendations; and
• the Department of the Prime Minister and Cabinet’s guidance to Australian Government entities on responding to parliamentary committee recommendations.

Summary of entity responses

21. The proposed audit report was provided to IBA and NIAA. An extract of the proposed audit report was provided to the Department of the Prime Minister and Cabinet. Entities’ summary responses are provided below. Entities’ full responses are provided at Appendix 1.

Indigenous Business Australia

Indigenous Business Australia (IBA) wishes to thank the ANAO for their professional and collaborative engagement with IBA throughout this audit.

The performance audit process has been useful for IBA in driving further improvements in internal processes relating to the implementation and management of ANAO and parliamentary committee recommendations and IBA will consider the further opportunities for improvement as part of its continual improvement processes.

National Indigenous Australians Agency

The National Indigenous Australians Agency (NIAA) welcomes the findings of the audit, including that it has established practices to respond to, implement, monitor and close parliamentary committee and Auditor-General recommendations. The NIAA acknowledges the opportunities for improvement identified in the report and has already made significant progress to strengthen processes for managing and implementing parliamentary committee and Auditor-General recommendations.

Department of the Prime Minister and Cabinet

The Department of the Prime Minister and Cabinet (the department) regularly reviews processes to ensure the robust provision of support to parliamentary committees and guidance to entities. This includes providing advice to entities on parliamentary committee reports with substantive recommendations that require responses from the Government. As part of this process, the department ensures entities are aware of the timeframes under Senate resolution 44 for responding to committee reports.

The department’s Tabling Guidelines provide advice on the preparation of government responses, including that all recommendations must be addressed and reasons provided for not accepting a recommendation, and timeframes for responses as set by Parliament.

Background

1. The Growing Regions Program was announced in May 2023 as an open, competitive grants program that provides grants to local government entities and eligible incorporated not-for-profit organisations for capital works projects that aim to deliver community and economic benefits across regional and rural Australia.¹ The Australian Government committed $600 million to the program over two rounds with $300 million available in each round.

2. Grants between $500,000 and $15 million were available to eligible applicants to deliver priority community and economic infrastructure projects. The objectives of Round 1 of the program are:

• constructing or upgrading community infrastructure that fills an identified gap or need for community infrastructure.
• contributing to achieving a wide range of community socio-economic outcomes; and
• is strategically aligned with regional priorities.

3. The Department of Infrastructure, Transport, Regional Development, Communications and the Arts (Infrastructure) is responsible for the Growing Regions Program. Infrastructure engaged the Department of Industry, Science and Resources, through the Business Grants Hub, to administer the program.

4. The program used a two-stage application process. Applicants were required to submit an Expression of Interest (EOI) application which would first be assessed by the Business Grants Hub to ensure projects met eligibility, project readiness and program suitability requirements before a multi-party parliamentary panel (the panel) assessed how closely all eligible projects aligned with regional priorities. The panel then recommended to Infrastructure which projects should be invited to submit a full application. EOI applications that were assessed as meeting requirements and approved to proceed were invited to submit a full application in stage two. Infrastructure made the final decision on which applicants would be invited to progress to stage two and submit a full application.

5. Round 1 of the Growing Regions Program opened on 5 July 2023 and received 650 EOI applications seeking a total of $2.7 billion in grant funding, of which 443 applications ($1.81 billion) were found suitable by the panel to progress to stage two.

6. Full applications opened on 27 November 2023 and closed on 15 January 2024. The Business Grants Hub assessed 311 projects for funding worth $1.5 billion. Of these projects, Infrastructure recommended 54 projects for funding up to the value of $300 million. On 16 May 2024 the Minister for Infrastructure, Transport, Regional Development and Local Government announced funding for 40 successful projects to the value of $207 million.²

7. This audit is the second of two reports on the effectiveness of the Growing Regions Program. The first audit, Auditor-General Report No. 31 2023–24 Design of the Growing Regions Program, was presented to the Parliament on 29 May 2024 and examined the effectiveness of Infrastructure’s design and planning for the Round 1 of the Growing Regions Program.

Rationale for undertaking the audit

8. The Growing Regions Program was a new grants program and one of the largest programs administered by Infrastructure. The program also contained a new design feature — a two-stage assessment process with an EOI stage assessed by a multi-party parliamentary panel.

9. Previous ANAO performance audits have identified deficiencies in Infrastructure’s implementation of regional grants programs including program design, providing information to the delegate, and transparency of decision-making.³

10. This audit provides assurance to the Parliament on the implementation and award of funding for Round 1 of the Growing Regions Program and whether Infrastructure implemented lessons learned from previous grants programs.

Audit objective and criteria

11. The objective of the audit was to assess the effectiveness of the implementation and award of funding for Round 1 of the Growing Regions Program.

12. To form a conclusion against the objective, the following high-level audit criteria were applied.

• Were applications assessed in accordance with the grant opportunity guidelines?
• Were funding recommendations and decisions made in accordance with the Commonwealth Grants Rules and Guidelines?

Conclusion

13. The implementation and award of funding for Round 1 of the Growing Regions Program was largely effective. Effectiveness was diminished by Infrastructure undertaking an additional assessment process which was not specified in the grant opportunity guidelines.

14. Assessment of applications for the Growing Regions Program was partly in accordance with the grant opportunity guidelines. The Business Grants Hub assessed EOI applications against the grant opportunity guidelines despite eligibility requirements for projects not being clearly defined in the guidelines. After the Business Grants Hub had completed its eligibility assessment, the minister through their office, advised Infrastructure of their preference for all 163 applicants found ineligible to be given the opportunity to correct any administrative errors or omissions with their applications. While the panel scored and ranked applications as required under the grant opportunity guidelines, panel members noted difficulty with the definition of what constituted ‘regional priorities’. Infrastructure did not consider in its development of the panel assessment process, the implications on a project’s average score by having a different number of panel members scoring applications.

15. Full applications were assessed partly in line with the grant opportunity guidelines. In its assessment of full applications, the Business Grants Hub correctly applied the three merit criteria from the grant opportunity guidelines. Infrastructure then completed a further geographical assessment of projects which was not set out in the grant opportunity guidelines. This resulted in Infrastructure removing three projects from the merit list and adding seven. By altering the results of the Business Grants Hub’s merit assessment, Infrastructure recommended projects to the minister which were not assessed as the most meritorious under the grant opportunity guidelines.

16. Infrastructure’s advice to the minister outlined the assessment process and risks relating to the approval of applications for the Growing Regions Program. The advice did not state how value for money was determined following Infrastructure’s additional analysis of the results of the Business Grants Hub’s merit assessment. Based on an initial, high-level assessment from the Australian Government Solicitor, Infrastructure advised that there was no lawful authority for the proposed expenditure under the program and proposed that to address that, funding could be awarded under a Federation Funding Agreement rather than as grants. Funding decisions were appropriately documented by the minister and the minister did not approve any projects that were not recommended by Infrastructure. The announcement of successful projects occurred two months after the original timeframes provided to applicants. As at 16 October 2024, the Growing Regions Program Federation Funding Agreement Schedule had been executed with the Western Australian, South Australian, Queensland, Tasmanian, New South Wales and Victorian governments.

Supporting findings

Assessment of applications

17. The Business Grants Hub assessed EOI applications against the grant opportunity guidelines despite eligibility requirements for projects not being clearly defined in the guidelines. After the Business Grants Hub had completed its eligibility assessment, the minister, through their office, advised Infrastructure of their preference for all 163 ineligible applicants to be given an opportunity to correct any administrative errors or omissions. The Business Grants Hub then completed another eligibility assessment on the 58 applications that had been resubmitted. Conflict of interest declarations were completed by all assessors undertaking the EOI assessment. Panel members received training from the Business Grants Hub and attended probity briefings delivered by an external probity advisor engaged by Infrastructure. (See paragraphs 2.3 to 2.33)

18. The panel scored and ranked applications as required under the grant opportunity guidelines, noting difficulty with the definition of what constituted ‘regional priorities’. Recommendations were made based on average scores and followed the requirements set out in the guidelines. Decisions were documented and probity requirements were followed. All panel members were originally required to score each application except where projects were in their electorate or jurisdiction. To assist in managing the panel’s workload, part-way through the assessment process there was a change in the scoring approach from having panel members score all applications, to a minimum of three scorers per application. Infrastructure did not consider in its design of the assessment process how different numbers of panel members scoring each application would impact on a project’s average score. (See paragraphs 2.34 to 2.66)

19. The Business Grants Hub assessed full applications against the three merit criteria as outlined in the grant opportunity guidelines and awarded each project a final score. The design of the eligibility requirements in the grant opportunity guidelines resulted in projects that potentially did not meet the program’s policy intent progressing through the assessment process. The minister did not fund 14 recommended projects which they identified as not suitable for funding as they would be better suited for funding under a different program. (See paragraphs 2.67 to 2.83)

20. Applications were ranked by the Business Grants Hub based on its assessment against the three criteria set out in the grant opportunity guidelines. The Business Grants Hub reported all highly suitable and suitable projects for funding. Following the Business Grants Hub’s merit assessment, Infrastructure completed further analysis and assessment of projects for geographical spread and socio-economic outcomes. This further assessment was not approved when the program was designed or set out in the grant opportunity guidelines. This resulted in Infrastructure removing three projects from the Business Grants Hub’s full assessment merit list and adding a further seven. (See paragraphs 2.84 to 2.101)

Award of funding

21. An initial high-level assessment by the Australian Government Solicitor obtained by Infrastructure prior to briefing the minister stated that lawful authority for proposed expenditure for the program was not in place. Infrastructure proposed an approach that sought to mitigate this risk. Infrastructure recommended that the minister approve 54 applications up to the limit of the available funding. The recommendation did not state how value for money was determined following an additional analysis of project applications and adjustment of results by Infrastructure. Funding recommendations for Round 1 of the Growing Regions Program did not meet the original timeframes as planned by Infrastructure primarily due to the need to seek legal advice on the lawful authority matter. (See paragraphs 3.1 to 3.22)

22. Reasons for all funding decisions were appropriately documented and informed by written recommendations from Infrastructure. The minister did not award funding to any projects that were not recommended by Infrastructure. All 40 applicants that the minister approved for funding were found to be highly suitable or suitable through the merit assessment process. The minister did not award funding to 14 projects that were recommended by Infrastructure. (See paragraphs 3.23 to 3.33)

Recommendations

Summary of entity response

23. The proposed report was provided to the Department of Infrastructure, Transport, Regional Development, Communications and the Arts, and the Department of Industry, Science and Resources. Extracts of the proposed report were provided to the Attorney-General’s Department. The summary responses are provided below and the full responses are at Appendix 1.

Department of Infrastructure, Transport, Regional Development, Communications and the Arts

The department welcomes the overall conclusion that the implementation and award of funding for Round 1 of the Growing Regions Program was largely effective. The department notes there have been some additional challenges in implementing the Growing Regions Program, including as a result of external factors.

While the department has asked the ANAO to consider the factual basis and emphasis given to some of the findings and commentary in the report, the department acknowledges that aspects of the program could have been improved.

The department agrees to both recommendations in the report and notes they are being implemented in the administration of Round 2 of the program.

Department of Industry, Science and Resources

The Department of Industry, Science and Resources acknowledges the Australian National Audit Office’s report on the implementation and award of funding for the Growing Regions Program.

The department notes this audit is the second of two reports on the effectiveness of the Growing Regions Program.

As a provider for Australian Government grants through the Business Grants Hub we will consider the key messages from the audit that are applicable for all Australian Government entities in the co-design and administration of future granting programs.

Attorney-General’s Department

The Attorney-General’s Department (“the department”) notes the extracts of Chapter 1 and Chapter 3 of the proposed ANAO report on the Implementation and award of funding for the Growing Regions Program.

The department has no comments on the audit findings in the extract it has viewed. Responsibility for administering the Growing Regions Program rests with the Department of Infrastructure, Transport, Regional Development, Communications and the Arts.

Background

1. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:

Conflicts of interest are also a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar of integrity architectures.¹

2. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out general duties of accountable authorities and officials of Australian Government entities.² The general duties related to conflicts of interest for an official include:

• not improperly using their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth or others³; and
• disclosing the details of any material personal interests that relate to the affairs of the entity.⁴

3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further detail on requirements for managing conflicts of interest.⁵ Under the PGPA Act, accountable authorities have a duty to establish and maintain appropriate systems of risk oversight and management and internal control.⁶ In addition, the PGPA Rule establishes a requirement for the accountable authority to take all reasonable measures to prevent, detect and deal with fraud and corruption relating to the entity.⁷

4. Boards of corporate Commonwealth entities (CCEs) are the accountable authority unless otherwise prescribed by an Act or the rules. Membership of boards can consist of both executive directors and non-executive directors. CCE boards are responsible for the operations of their entities.

5. The Department of Finance states:

Corporate Commonwealth entities generally have enabling legislation that establishes the scope of their activities and a multi-member accountable authority (such as a board of directors).

6. Specialist skills and expertise may be required to provide a suitable composition for a CCE board. The board members that are appointed to CCE boards in respect of their specialist skills or expertise can have inherent interests that exist as a consequence of their specialist experience. For example, they may be involved in industry associations or have duties to other organisations. These interests can conflict with their duties as a board member of a CCE.

7. The operations of boards for four CCEs were selected for examination as a part of this audit:

• the Australian Sports Commission (ASC);
• Food Standards Australia New Zealand (FSANZ);
• Infrastructure Australia (IA); and
• the National Portrait Gallery of Australia (NPGA).

Rationale for undertaking the audit

8. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties.⁸ Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosures and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.

9. Section 29 of the PGPA Act provides a duty to disclose material interests. CCE board members may have material personal interests that relate to their role as a member of an accountable authority. Board requirements for specific qualifications, skills and experience pose the risk that domain knowledge and industry familiarity may lead to conflicts of interest.

10. This audit was conducted to provide assurance to the Parliament that the boards of the four CCEs are effectively managing conflicts of interest.

Audit objective and criteria

11. The objective of the audit was to assess the effectiveness of the operations of the boards of four CCEs in managing conflicts of interest.

12. To form a conclusion against the objective, the ANAO examined:

• Have the boards developed appropriate arrangements to manage board conflicts of interest?
• Have the boards effectively managed board conflicts of interest consistent with their own policies?

13. The audit examined the operations of the boards of four CCEs in managing conflicts of interest over the period 1 July 2021 to 31 December 2023. The appointment process for board members was not examined as part of this audit.

Conclusion

14. The operations of the boards in managing conflicts of interest were largely effective. Arrangements for managing conflicts of interest were implemented by the boards in accordance with legislative requirements and documented by some of the boards in policies and procedural guidance. The effectiveness in implementing these arrangements were inconsistent across the boards which resulted in deficiencies in declaring and managing conflicts of interest by the boards. This reduced the overall effectiveness of the boards in their management of conflict of interest risks.

15. The boards have developed largely appropriate arrangements for managing conflicts of interest. All boards have implemented arrangements to support the declaration of interests by board members, including following their appointment and during the term of their appointment. The arrangements implemented by the boards were aligned to requirements in the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). The board of the NPGA did not have a conflict of interest policy that included managing conflicts of interest related to its board. The boards of the ASC and FSANZ had not developed conflict of interest management plans for board members holding other roles within the Australian Government. The boards have largely relied on board induction processes to provide training and education in relation to managing conflicts of interest. The boards had implemented varying arrangements to obtain assurance over the management of conflicts of interest relating to board members.

16. The boards were partly effective in implementing arrangements for managing board conflicts of interest consistent with their own policies. There were shortcomings in the operating effectiveness of processes for declaring and managing conflicts of interest across all boards. This included instances where: declarations of interest were not obtained from newly appointed board members in a timely manner; declarations of interests were not implemented as a standing agenda item at board meetings; and boards’ assessments of declarations of interest were not sufficiently documented to record whether the board had determined declarations to be material personal interests.

Supporting findings

Arrangements to manage conflicts of interest

17. The boards had identified and assessed fraud and corruption risks within their risk management frameworks. The board of IA had identified conflict of interest controls for its then board within its operational and fraud risk registers. (See paragraphs 2.3 to 2.14)

18. All boards had arrangements for board members to declare interests following appointment and at board meetings. The arrangements implemented by the boards were aligned to requirements in the PGPA Act and PGPA Rule. The ASC, FSANZ and IA boards had policies and procedural guidance to manage board conflicts of interest. The NPGA board did not have a conflict of interest policy that provided coverage of the board, with the exception of a policy for declaring, managing and overseeing board conflicts of interest related to the acquisition of works. The boards for ASC and FSANZ had not developed management plans for potential conflicts of interest relating to ex-officio board members that held other roles within the Australian Government. (See paragraphs 2.15 to 2.60)

19. The boards largely relied on board induction processes and related resources from the Department of Finance for promoting compliance with conflict of interest requirements. The boards for the ASC and FSANZ had developed guidance specific to managing board conflicts of interest. The FSANZ board provided board members with access to its learning management system, which included training related to conflicts of interest. The IA board had delivered training for board members that included a module on conflicts of interest. None of the boards had documented training plans for board members or arrangements for monitoring training undertaken by board members. The Department of Finance’s resources on managing conflicts of interest are not specific to boards of corporate Commonwealth entities. (See paragraphs 2.61 to 2.84)

20. None of the boards had implemented an assurance strategy or framework that was specific to, or provided coverage of, board conflicts of interest. All boards had developed some form of arrangement to obtain assurance over board conflicts of interest.

• The ASC board obtained attestations from its board members on compliance with section 29 of the PGPA Act and provided reporting to its audit committee.
• The FSANZ board maintains a centralised register of interests declared by board members that is published on its website.
• The IA board undertook an internal audit in 2018–19 that covered board conflicts of interest and conducted Australian Securities and Investments Commission register searches of board members’ interests in 2021 to confirm declarations.
• The NPGA board had undertaken a specific review of board declarations to update its register of interests for board members. (See paragraphs 2.85 to 2.105)

Effectiveness of conflict of interest arrangements

21. There were instances across all boards where processes for declaring interests were not operating effectively.

• The ASC, FSANZ and NPGA boards had instances where they held board meetings where declarations of interests were not included in agendas or obtained during board meetings.
• The ASC and NPGA boards had instances where they did not obtain declarations of interests from newly appointed board members in a timely manner.
• All boards did not sufficiently document their assessment of declared interests and whether they were considered to be material personal interests. (See paragraphs 3.3 to 3.24)

22. All boards had implemented induction processes for their board members that covered conflict of interest. The ASC’s board induction processes were updated to provide coverage of conflicts of interest for board members commencing from March 2022, but not all current members had received the guidance. The FSANZ, IA and NPGA boards had implemented additional training and education arrangements on conflict of interest obligations for board members. (See paragraphs 3.25 to 3.35)

Recommendations

Summary of entity responses

23. Extracts of the proposed report were provided to the ASC, the Department of Finance, FSANZ, IA and the NPGA. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the course of the audit are listed in Appendix 2.

Australian Sports Commission

Thank you for providing the Australian Sports Commission (ASC) with the opportunity to comment on the Australian National Audit Office (ANAO) proposed audit report on Management of Conflicts of Interest by Corporate Commonwealth Entity Boards.

The ASC acknowledges and accepts the key findings, recommendations and the opportunities for improvement presented in the Section 19 Report.

Department of Finance

The Department of Finance agrees the recommendation and findings provided in the report extract.

Food Standards Australia New Zealand

FSANZ acknowledges the importance of this audit to provide assurance to Parliament that the operations of Boards effectively manage conflicts of interest. In this context it is noted FSANZ is one of four entities (out of 74 CCE’s) assessed over the period July 2021 to December 2023.

The Board notes the audit’s findings that our arrangements for managing conflicts of interest align with the relevant legislation and are largely effective. As the independent agency responsible for the development of draft food standards for Australia and New Zealand, trust and confidence of decision-makers and stakeholders is important. The FSANZ Board takes a very conservative approach to managing conflicts of interest and, for transparency, we maintain and manage a register of all interests of Board members, regardless of whether they are classified as a material personal interest or not.

Infrastructure Australia

As the Australian Government’s independent adviser on nationally significant infrastructure investment planning and project prioritisation Infrastructure Australia values accountability, acting with integrity and upholding the highest ethical standards.

We appreciate the work of the ANAO which found that the boards of the four CCEs were largely effective in their management of conflicts of interest.

Infrastructure Australia accepts the recommendation that we strengthen our recording of the assessment and consequences of declared conflicts of interest. We have also commenced work to reflect the ANAO feedback on opportunities for improvement in administrative and management practices to strengthen our governance framework in relation to conflicts of interest.

National Portrait Gallery of Australia

The National Portrait Gallery (NPGA) welcomes the Australian National Audit Office’s (ANAO) report and accepts the recommendations made for the agency.

The report finds that the NPGA has developed largely effective arrangements for managing conflicts of interest for its the Board in accordance with legislative requirements.

The report identifies areas for improvement and makes two recommendations where the NPGA can take steps to strengthen its processes and assurance activities through update of its existing Conflict of Interest policy and processes. The NPGA agrees with, and is already taking steps to implement, these recommendations.

The NPGA also recognises the other areas of improvement identified in the Report, notably the expansion of assurance activities and the implementation of a Board training workplan. This will ensure that the NPGA is operating in alignment with government best practice in conflicts of interest management.

The NPGA thanks the ANAO audit team for their professionalism during the audit process.

Background

1. The Department of Foreign Affairs and Trade (DFAT) is responsible for issuing passports to Australian citizens in accordance with the Australian Passports Act 2005, with delivery of passport services in Australia and overseas being one of DFAT’s three key outcomes. In July 2006, DFAT established the Australian Passport Office as a separate division to provide passport services. The Australian Passport Office has offices in each Australian capital city and it collaborates with Australian diplomatic missions and consulates to provide passport services to Australians located overseas.

2. DFAT is also the entity responsible for Australia’s international trade agreements. The Commonwealth Procurement Rules (CPRs) incorporate the requirements of Australia’s international trade obligations and government policy on procurement into a set of rules. As a legislative instrument, the CPRs have the force of law.¹ Officials from non-corporate Commonwealth entities such as DFAT must comply with the CPRs when performing duties related to procurement. Achieving value for money is the core rule of the CPRs.

Rationale for undertaking the audit

3. The issuing of passports to Australian citizens is an important function of the Department of Foreign Affairs and Trade, undertaken by its Australian Passport Office. Between 1 July 2019 and 31 December 2023, the Australian Passport Office managed 331 contracts totalling $1.58 billion.

4. During the conduct of an earlier audit, Auditor-General Report No. 13 2023–24 Efficiency of the Australian Passport Office, the ANAO observed a number of practices in respect of the conduct of procurement by DFAT through its Australian Passport Office that merited further examination. The Auditor-General decided to commence a separate audit of whether the procurements DFAT conducts through its Australian Passport Office comply with the Commonwealth Procurement Rules and demonstrate the achievement of value for money.

5. The audit provides assurance to the Parliament of the effectiveness of the department’s procurement activities in achieving value for money, and the ethics of the department’s procurement processes, noting that procurement is an area of continuing focus by the Joint Committee of Public Accounts and Audit.²

Audit objective and criteria

6. The objective of the audit was to examine whether the procurements that DFAT conducts through its Australian Passport Office are complying with the Commonwealth Procurement Rules and demonstrating the achievement of value for money.

7. To form a conclusion against this objective, the following high-level criteria were applied.

• Have open and competitive procurement processes been employed?
• Has decision-making been accountable and transparent?

8. The audit focussed on procurement activities by the Australian Passport Office relating to contracts and contract variations that had a start date of between 1 July 2019 and 31 December 2023.

Conclusion

9. The procurements that DFAT conducted through its Australian Passport Office did not comply with the Commonwealth Procurement Rules and DFAT’s procurement policies, and did not demonstrate it had achieved value for money.

10. DFAT did not employ open and competitive processes in the conduct of Australian Passport Office procurement. There were no procurements conducted between July 2019 and December 2023 by way of an open approach to the market. Of the 73 procurements examined in detail by the ANAO, 29 per cent involved competition where the department had not identified a preferred supplier prior to inviting quotes.

11. Procurement decision-making was not sufficiently accountable and was not transparent. Procurement practices have fallen short of ethical standards, with DFAT initiating inquiries of the conduct of at least 18 individuals, both employees and contractors, in relation to Australian Passport Office procurement activities examined by the ANAO.

Supporting findings

Open and competitive procurement

12. DFAT did not appropriately plan the procurement activities for its Australian Passport Office. There was no overarching procurement strategy. The department engaged a contractor to develop a multi-year procurement strategy that was never completed. Overall, only 15 per cent of the 62 approaches to market examined by the ANAO met the minimum requirements at planning stage. (See paragraphs 2.3 to 2.20)

13. None of the 243 contracts totalling $476.5 million the APO entered between 1 July 2019 and 31 December 2023 was let via an approach to the open market.

14. DFAT’s AusTender reporting indicates the APO procures by open tender from a panel arrangement 71 per cent of the time. The ANAO examined 53 contracts DFAT had reported this way and identified that for 15 contracts (28 per cent) the APO had deviated from the panel arrangement to the extent that the approach constituted a limited tender. The ANAO also examined 12 contracts valued over the $80,000 threshold reported by DFAT as let by limited tender. The approach taken for six of these contracts (50 per cent) did not demonstrably satisfy the limited tender condition or exemption from open tender that had been reported by DFAT. The department’s approach is inconsistent with the Commonwealth Procurement Rules which, in turn, reflect the requirements of the Australia-United States Free Trade Agreement (DFAT is the Australian Government entity responsible for Australia’s international trade agreements). (See paragraphs 2.22 to 2.50)

15. A competitive approach was used to establish only 29 per cent of the 73 contracts tested by number or 25 per cent by value. This involved the APO inviting more than one supplier to quote in a process that did not have a pre-determined outcome. On 19 occasions the procurement approach was not genuine as the purported competitive process did not, in fact, involve competition. (See paragraphs 2.51 to 2.70)

16. For 14 per cent of contracts tested, evaluation criteria were included in request documentation with those same criteria used to assess submissions. (See paragraphs 2.72 to 2.77)

17. There was not a documented approval to approach the market for 36 per cent of the 73 contracts examined in detail by the ANAO. Advice provided to approvers on the outcomes of approaches to market in most cases did not demonstrate how value for money was considered to have been achieved. Three-quarters of the time the approval was requested by an embedded contractor, often populating a template as an administrative function and sometimes at the direction of the approver telling them what to recommend.

18. One quarter of the time, approval was given within a week of the expected contract start date. A 2022–23 practice of approving commitments on the understanding that the Department of Finance would later agree to additional funding to cover the costs was not sound financial management. (See paragraphs 2.79 to 2.104)

Accountable and transparent decision-making

19. For 71 per cent of the procurements examined by the ANAO, an appropriate contractual arrangement was in place prior to works commencing and after approval had been obtained to enter the arrangement. (See paragraphs 3.3 to 3.13)

20. Sound and timely advice was not provided to inform decisions about whether to vary contracts. In aggregate, the contracts the APO entered between 1 July 2019 and 30 June 2023 doubled in value during that period through contract amendment. The approval records for contract variations did not include advice on how value for money would be achieved and, for a number of high value contracts, approval was sought after costs were incurred. A quarter of the variations tested were entered after the related services had commenced and/or costs incurred. (See paragraphs 3.14 to 3.35)

21. ANAO analysis of AusTender data between 1 July 2019 and 30 June 2023 indicated that DFAT did not meet the Commonwealth Procurement Rules requirement to report contracts and amendments within 42 days of execution at least 22 per cent of the time. The extent of non-compliance increased to 44 per cent when the analysis was based on ANAO examination of the departmental records in a sample of 230 contracts and amendments. The AusTender reporting of 70 APO contracts examined was largely accurate. The reported descriptions of the goods or services procured was usually applicable but was also usually lacking in detail. The reported reasons given for 112 contract amendments examined did not contain sufficient detail to meet the minimum instructions in the AusTender reporting guide 81 per cent of the time. (See paragraphs 3.37 to 3.52)

22. Procurement activities fell short of ethical requirements. In response to ethical findings made by the ANAO in relation to a number of the procurements examined as part of this performance audit, the department advised the ANAO that it considers there are clear indications of misconduct involving a number of current or former DFAT officials and contractors as well as clear cultural issues. The department has commenced, or is considering, investigation (or referral) activity in relation to the conduct of at least 18 individuals in relation to various procurements examined by the ANAO. (See paragraphs 3.53 to 3.83)

23. The department’s central procurement team has not exercised sufficient oversight of the APO’s procurement activities. Departmental risk controls that have been documented have not been complied with by the APO and this non-compliance should have been evident to the central procurement team, and addressed. The department also does not have adequate arrangements in place for the identification and reporting of breaches of finance legislation. (See paragraphs 3.85 to 3.105)

Recommendations

Summary of entity responses

24. The proposed report was provided to DFAT. Extracts of the proposed report were also provided to Alluvial Pty Ltd, Brink’s Australia Pty Ltd, Compas Pty Ltd, Community and Public Sector Union, Customer Driven Solutions Pty Ltd, Datacom Systems (AU) Pty Ltd, Deloitte Touche Tohmatsu, Department of Finance, Grosvenor Performance Group Pty Ltd, Hays Specialist Recruitment (Australia) Pty Ltd, Mühlbauer ID Services GmbH, Peoplebank Australia Ltd, Procurement Professionals Pty Ltd, Propel Design Pty Ltd, Randstad Pty Ltd, Serco Citizen Services Pty Ltd, Services Australia, UiPath S.R.L, Verizon Australia Pty Ltd and Yardstick Advisory Pty Ltd. The letters of response that were received for inclusion in the audit report are at Appendix 1. Summary responses, where provided, are included below.

Department of Foreign Affairs and Trade

The department values the ANAO’s independent review of procurement practices at the Australian Passport Office (APO). The audit came at a time when the department was assessing the effectiveness of the current procurement model. As a result of both reviews, the department’s procurement practices will be amended to improve compliance and efficiency. This will include the Finance Division taking more centralised and direct control over procurement activities, and additional resources to implement changes and provide enhanced oversight.

The ANAO audit highlighted the proactive steps the current Executive Director APO took to address procurement and cultural issues when she commenced with the department in early 2023. Work has continued, leading to the creation of a new Procurement, Finance and Assurance Section within APO. Additionally, the Internal Audit Branch has initiated a wide-ranging internal audit of procurement activities across the department.

Following the ANAO audit report and internal reviews, the department will also revise its Compliance and Assurance Framework as it relates to Public Governance, Performance and Accountability Act 2013 obligations. The updated Framework will be purpose-built, adopt a risk-based approach, and include effective assurance mechanisms. The department has initiated activities to address specific areas of concern regarding actions of staff.

Compas Pty Ltd

Compas is concerned that the Proposed Report conveys an imputation that it has engaged in conduct that may not be in accordance with the Commonwealth Procurement Rules.

Such an imputation is incorrect.

The relevant evaluation process was an internal DFAT process over which Compas, rightly, had no visibility. Given this, Compas cannot respond to, nor is it privy to, what processes were taken by DFAT to address the Panel Member’s affiliation to it.

Any deficiencies in the evaluation process cannot be attributed to Compas, and the final report should make this expressly clear in its findings. Any failure to do so could result in a reader being under a misapprehension that Compas had the ability to influence the process, did in fact influence the process improperly and, as a result, gained an improper advantage or benefit.

Should such a misrepresentation occur, this would have an unreasonably adverse effect on Compas’ reputation that it has built over nearly 40 years and have a deleterious effect on our business.

Propel Design Pty Ltd

Propel Design notes the extract provided by the ANAO. Propel Design submitted its tender for the procurement in question in accordance with all requirements under the Digital Marketplace (now BUYICT) and was not aware of any individuals appointed to the evaluation panel. We believe our employee was selected as the preferred contractor based on their skills and experience, as set out in their resumé and our responses to the selection criteria.

Background

1. Fraud against Australian Government entities and corrupt conduct by Australian Government officials are serious matters that can constitute criminal offences. Fraud and corruption undermine the integrity of and public trust in government, including by reducing funds available for government program delivery and causing financial and reputational damage to defrauded entities.¹

2. The Australian Government defines fraud as:

Dishonestly obtaining (including attempting to obtain) a gain or benefit, or causing a loss or risk of loss, by deception or other means.²

3. Fraud against the Australian Government can be committed by government officials or contractors (internal fraud) or by parties such as clients of government services, service providers, grant recipients, other members of the public or organised criminal groups (external fraud).³ The Australian Government’s requirements for fraud control apply to both internal and external fraud risks. The 2024 Commonwealth Fraud and Corruption Control Framework states that:

Fraud and corruption are risks that can undermine the objectives of every Australian Government entity in all areas of their business, including delivery of services and programs, policy-making, regulation, taxation, procurement, grants and internal procedures.⁴

Australian Skills Quality Authority

4. The Australian Skills Quality Authority (ASQA) is the Australian Government agency responsible for the regulation of around 90 per cent of vocational education and training (VET) providers operating in Australia. ASQA’s purpose is ‘to ensure quality VET, so that students, industry, governments and the community can have confidence in the integrity of national qualifications issued by training providers’.⁵

Rationale for undertaking the audit

5. Fraud against Australian Government entities reduces available funds for public goods and services and causes financial and reputational damage to the Australian Government.⁶ All Commonwealth entities are required to have fraud control arrangements in place to prevent, detect and respond to fraud. From 1 July 2024, this requirement also extends to corruption.⁷ This audit is intended to provide assurance to the Parliament regarding the fraud control arrangements in ASQA.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of ASQA’s fraud control arrangements as the national regulator of the vocational education and training sector.

7. To form a conclusion against this objective, the following high-level criteria were adopted.

• Have appropriate arrangements been established to oversee and manage fraud risks?
• Have appropriate mechanisms been established to prevent fraud and promote a culture of integrity?
• Have appropriate mechanisms been established to detect and respond to fraud?
• Has the Australian Skills Quality Authority appropriately prepared for the commencement of the revised Commonwealth Fraud and Corruption Control policy in July 2024?

Conclusion

8. ASQA has established partly effective fraud control arrangements. ASQA’s Fraud Control Plan 2022–2024 and Fraud Control Policy focus on internal fraud risks and do not consider the entity’s regulatory fraud environment. ASQA has undertaken minimal steps to align with the Commonwealth’s revised Fraud and Corruption Control Framework which came into effect on 1 July 2024.

9. ASQA has not established appropriate arrangements to manage fraud risk. Fraud control arrangements are based on a fraud control policy that was developed in 2013 and does not reflect current Commonwealth legislative and policy requirements. ASQA’s Fraud Control Plan 2022–2024 does not consider its regulatory fraud control environment, and there is no process to test regulatory fraud controls systematically and regularly. The Fraud Control Plan 2022–2024 contains an overlap of roles and responsibilities of key officials.

10. ASQA has established largely appropriate mechanisms to prevent fraud and promote integrity across its internal and regulatory environments. This includes channels to promote fraud awareness and integrity internally through training, fraud qualifications and professional development, and engagement including social media and sector alerts. Within its regulatory environment, ASQA has established outreach mechanisms to the VET sector that address fraud awareness. ASQA has not appropriately assessed the effectiveness of these mechanisms.

11. ASQA has recently established detection controls, including a tip-off line and information-sharing relationships with external agencies. ASQA has not assessed the effectiveness of these detection controls. ASQA has established an investigatory process for regulatory fraud but does not measure its outcomes or effectiveness.

12. ASQA has taken minimal steps to align with the revised Commonwealth Fraud and Corruption Policy through the development of an updated draft Fraud and Corruption Control Policy and Plan for 2024–2026. ASQA has not prepared an implementation plan and there is no evaluation plan for the new or revised controls. ASQA’s new Fraud and Corruption Control Policy and Plan 2024–2026 has minimal updates from the Fraud Control Policy and Plan 2022–2024 and does not include regulatory fraud or corruption controls.

Supporting findings

Oversight and management of fraud risks

13. ASQA’s fraud control framework is based on a fraud control policy that was developed in 2013 and does not reflect current Commonwealth legislative and policy requirements, or the changes the entity has undergone in the 10 years since the policy was developed. ASQA’s Fraud Control Plan 2022–2024 does not consider the entity’s regulatory fraud control environment, and associated fraud control activities. ASQA has developed a regulatory model which details ASQA’s regulatory and compliance approach. The regulatory model does not specifically address fraud. ASQA’s fraud control plan includes an overlap of responsibilities between key officials. (See paragraphs 2.2 to 2.23)

14. ASQA’s Fraud Control Plan 2022–2024 identified one external fraud risk. The Plan identified seven internal fraud risks, six of which were reviewed during the period covered by the plan. ASQA undertook risk assessments in 2023 and 2024 within its regulatory environment using its environmental scan tool which identified fraud risk relating to visa fraud. The outcomes of risk assessments were not provided to ASQA’s internal audit function. (See paragraphs 2.24 to 2.39)

15. ASQA’s Fraud Control Plan 2022–2024 addresses internal fraud risks and controls and one external fraud risk relating to false or misleading information. The Plan does not address ASQA’s role as the national regulator for the VET sector and its associated regulatory fraud control environment. The Fraud Control Plan 2022–2024 contains controls commensurate with the identified internal fraud risks. Limited testing of controls occurred once in 2023, and mechanisms to test the internal fraud controls on a regular basis have not been established. (See paragraphs 2.40 to 2.48)

Fraud prevention and integrity culture

16. Internal preventative controls align with the risks identified in the entity’s Fraud Control Plan 2022–2024. Regulatory preventative measures include sector alerts and participation in the Fraud Fusion Taskforce. ASQA has not tested the effectiveness of its internal or regulatory fraud prevention controls (including its controls for managing identity fraud), or its documented procedures for preventing, detecting and responding to fraud. (See paragraphs 3.2 to 3.20)

17. ASQA promotes a fraud awareness culture within the entity through annual mandatory fraud awareness training and utilising internal communication channels, including CEO messages emailed to all staff. As at April 2024, the reported completion rate for ASQA’s mandatory fraud awareness training was 84 per cent. ASQA also undertakes outreach programs through mechanisms such as sector alerts and social media alerts to promote fraud awareness. (See paragraphs 3.21 to 3.27)

18. Officials with fraud control responsibilities at ASQA have opportunities for ongoing professional development through training, such as that provided by the Commonwealth Director of Public Prosecutions. ASQA officials engaged in fraud control activities hold relevant qualifications, including the Certificate IV in Government (Investigation) and Diploma in Government (Investigation). (See paragraphs 3.28 to 3.35)

Fraud detection and response

19. ASQA’s detection controls include mechanisms such as a tip-off line and information sharing arrangements with external agencies which provide an appropriate detection framework. There is no documented or consistent process for monitoring and evaluating the effectiveness of these detective controls. (See paragraphs 4.2 to 4.25)

20. ASQA has established mechanisms to investigate and respond to fraud but does not measure its performance, including the effectiveness and efficiency of its fraud response. There were no consistent documented processes and procedures for the operation of ASQA’s investigation capability. ASQA has referred matters to external agencies as part of their information sharing mechanisms. In early August 2024 there were two instances where ASQA referred fraud matters to the Commonwealth Director of Public Prosecutions. One fraud matter was discussed with the Australian Federal Police in 2023–24. (See paragraphs 4.26 to 4.37)

21. ASQA’s Annual Report 2022–23 includes its Accountable Authority’s certification on fraud control confirming that the CEO was satisfied that ASQA has appropriate prevention, detection, investigation, reporting and data collection procedures and processes in place. This certification in the annual report was not supported by evidence. ASQA has established reporting channels with other Commonwealth entities to report fraud and has provided information to the Australian Institute of Criminology as required, and has not kept records of the information provided. (See paragraphs 4.38 to 4.46)

Preparation for the revised Commonwealth Fraud and Corruption Control Framework

22. ASQA does not have an implementation plan for the revised Commonwealth Fraud and Corruption Control Policy. ASQA has an updated Fraud and Corruption Control Policy and Plan 2024–2026. As at July 2024, this document is still in draft and does not address ASQA’s regulatory fraud control environment. (See paragraphs 5.2 to 5.8)

23. ASQA has not established a plan to evaluate the implementation of new or revised fraud and corruption controls. (See paragraphs 5.9 to 5.10)

Recommendations

Summary of entity response

24. The proposed audit report was provided to ASQA. ASQA’s summary response is provided below, and its full response is included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

ASQA places a high value on review and improvement and welcomes the role that ANAO plays in providing independent insights supporting performance improvement. ASQA is already taking action to improve clarity of roles and responsibilities, and document our processes for monitoring and evaluating the effectiveness of fraud controls across prevention and detection to ensure that our internal controls are fit for purpose to protect the entity from these risks. Giving consideration to the audit findings, ASQA will now finalise our Fraud and Corruption Policy and Plan 2024-2026 under the revised Commonwealth Fraud and Corruption Control Framework, which came into effect during this audit in July 2024.

We note that the Commonwealth Fraud and Corruption Control Framework provides a system of governance and accountability across entities for protecting public resources from fraud and corruption. In its role as the National Regulator of VET ASQA is focused on protecting vulnerable students and taking action against non-genuine providers, and to scrutinise those who are in the business of managing or operating RTOs. This has a broader public purpose to prevent harms including those that might arise from external fraud that are not directed at or directly detrimental to the Commonwealth, but to students, employers or industry. This fact has implications for ASQA’s consideration of Recommendation 2 of this report.

Background

1. Fraud against Australian Government entities and corrupt conduct by Australian Government officials are serious matters that can constitute criminal offences. Fraud and corruption undermine the integrity of and public trust in government, including by reducing funds available for government program delivery and causing financial and reputational damage to defrauded entities.¹

2. The Australian Government defines fraud as:

Dishonestly obtaining (including attempting to obtain) a gain or benefit, or causing a loss or risk of loss, by deception or other means.²

3. Fraud against the Australian Government can be committed by government officials or contractors (internal fraud) or by parties such as clients of government services, service providers, grant recipients, other members of the public or organised criminal groups (external fraud).³ The Australian Government’s requirements for fraud control apply to both internal and external fraud risks. The 2024 Commonwealth Fraud and Corruption Control Framework states that:

Fraud and corruption are risks that can undermine the objectives of every Australian Government entity in all areas of their business, including delivery of services and programs, policy-making, regulation, taxation, procurement, grants and internal procedures.⁴

4. The audit examines fraud control arrangements in the National Health and Medical Research Council (the NHMRC). The NHMRC administers the Medical Research Endowment Account (MREA) to provide assistance for public health and medical research and training, primarily through grant programs.

5. The NHMRC also manages grants through the Medical Research Future Fund (MRFF) on behalf of the Department of Health and Aged Care (Health) pursuant to a shared services agreement.

Rationale for undertaking the audit

6. Fraud against Australian Government entities reduces available funds for public goods and services and causes financial and reputational damage to the Australian Government.⁵ All Commonwealth entities are required to have fraud control arrangements in place to prevent, detect and respond to fraud. From 1 July 2024, this requirement also extends to corruption.

Audit objective and criteria

7. The objective of the audit was to assess the effectiveness of the NHMRC’s fraud control arrangements.

8. To form a conclusion against this objective, the following high-level criteria were adopted.

• Have appropriate arrangements been established to oversee and manage fraud risks?
• Have appropriate mechanisms been established to prevent fraud, and promote a culture of integrity?
• Have appropriate mechanisms been established to detect and respond to fraud?
• Has the NHMRC appropriately prepared for the commencement of the revised Commonwealth Fraud and Corruption Control policy in July 2024?

Conclusion

9. The NHRMC’s fraud control arrangements are partly effective. The NHMRC has appropriate mechanisms in place for internal fraud control, but there are inadequate mechanisms in place to prevent, detect and investigate fraud risks relating to grant recipients.

10. The NHMRC has established partly appropriate arrangements to oversee and manage fraud risks. The NHMRC’s 2023–2025 Fraud and Corruption Control Framework is aligned with the 2017 Commonwealth Fraud Control Framework. The agency has established largely appropriate oversight arrangements for the management of fraud risks. The Audit and Risk Committee did not provide independent advice to the accountable authority on the appropriateness of the system of risk management. The NHMRC’s 2023–2025 Fraud and Corruption Risk Assessment includes risks relating to its core business, the administration of grant funding. The Fraud and Corruption Control Plan is largely appropriate for internal fraud risks. It falls short of appropriately managing external fraud risks relating to the NHMRC’s administration of grant funding. The NHMRC has not identified and assessed all external fraud risks relating to grant funding. The NHMRC’s risk assessment of grant related fraud risks is not based on all relevant information. Most of the controls for grant related fraud risks rely on the cooperation of, or untested assurances from, the grant recipients. The NHMRC has not established mechanisms to review the effectiveness of the controls listed in the 2023–2025 Fraud and Corruption Risk Assessment.

11. The NHMRC has established partly effective mechanisms to prevent fraud and promote a culture of integrity. The NHMRC included preventative controls for all risks identified in its Fraud and Corruption Control Risk Assessment. The controls have not been assessed for their appropriateness or effectiveness. Fraud awareness training and relevant resources are provided to all staff. External stakeholders are made aware of the NHMRC’s processes for managing fraud risks through various publications on its website. The NHMRC’s monitoring of compliance with annual fraud awareness training provides reasonable assurance to the accountable authority of the completion rate. No arrangements have been put in place to ensure that the NHMRC staff who identify, assess and manage fraud risks or investigate suspected fraud have the relevant training or qualifications or undertake ongoing professional development.

12. The NHMRC has established partly appropriate mechanisms to detect and respond to fraud. The NHMRC has not assessed the appropriateness or effectiveness of the detective controls listed for the internal and external fraud risks identified in its 2023–2025 Fraud and Corruption Control Plan. The detective controls relating to the NHMRC’s administration of grants do not provide the NHMRC with assurance on the level of compliance with reporting and investigation obligations placed on grant recipients under the NHMRC’s funding agreements. By not requiring that investigations by grant recipients are undertaken by a qualified investigator, the NHMRC’s procedures are inconsistent with the 2017 Commonwealth Fraud Control Framework. The fraud and misconduct registers maintained by the NHMRC are not consistent with each other and do not contain sufficient information to support informed decision-making and continuous improvement activities. The NHMRC reported one instance of significant non-compliance and advised the minister that it recovered grant funding associated with the one case where fraud was substantiated in 2022–23 and 2023–24.

13. The NHMRC’s preparations for the commencement of the revised Commonwealth Fraud and Corruption Policy on 1 July 2024 have been largely appropriate, with change management activities yet to be delivered. The NHMRC included a definition of corruption and reporting and referral obligations to the National Anti-Corruption Commission in its 2023–2025 Fraud and Corruption Control Framework. No corruption related risks were added to the Fraud and Corruption Control Plan at this time. The NHMRC developed an implementation plan and, as at 1 July 2024, had developed a draft framework and a plan to achieve compliance with the new policy. Over the period 2024 to 2026, the NHMRC plans to review grant fraud risks and test the controls for selected grant fraud risks, including risks with high risk ratings.

Supporting findings

Oversight and management of fraud risks

14. The NHMRC established a Fraud and Corruption Framework that covers key elements of the 2017 Commonwealth Fraud Control Framework. Senior officials were assigned responsibility for fraud control activities and a Fraud and Corruption Control Officer (FCCO) was appointed. The NHRMC’s Executive Board is responsible for, and the Audit and Risk Committee (ARC) provides assurance over, risk management including fraud. Both the Executive Board and the ARC reviewed the NHMRC’s fraud and corruption control policy. The procedures for dealing with alleged grant fraud are incomplete. They do not effectively support the NHMRC to conduct fraud risk assessments based on all available information and data, or to fulfil its obligations for specific grants administered under the shared services agreement with the Department of Health and Aged Care. The ARC did not seek further information on the effectiveness of controls following consideration of the reports of instances of suspected fraud. The ARC’s advice to the Chief Executive Officer (CEO) relied on assertions from management that the agency complies with the Commonwealth Risk Management Policy and the Commonwealth Fraud Control Framework. (See paragraphs 2.2 to 2.15)

15. The NHMRC undertook fraud risk assessments in 2019 and 2023. The 2019 fraud risk assessment was not updated following the launch of a new grants management IT system. The 2023–2025 Fraud and Corruption Risk Assessment included risks related to the NHMRC’s administration of grants which is one of the agency’s core functions. The risk assessment utilises the risk matrix for likelihood and consequence set out in the enterprise risk management framework. The relationship between accepted risk ratings and the NHRMC’s tolerances for specific risk categories is not documented. The NHMRC’s ARC did not consider the 2023–2025 Fraud and Corruption Control Plan in assessing the appropriateness of the 2024–25 internal audit work program. (See paragraphs 2.16 to 2.38)

16. The NHMRC’s 2023–2025 Fraud and Corruption Control Plan included 27 fraud risks, seven of which related to external risks. Responsibility for managing each of the controls was not listed in the 2023–2025 Fraud and Corruption Risk Assessment. Controls for internal risks are more clearly aligned with the identified risks than those listed for external risks in the 2023–2025 Fraud and Corruption Control Plan. The non-mandatory reporting to the NHMRC of all instances of alleged fraud, including where it relates to research misconduct, limits the information that the NHMRC has regard to when conducting risk assessments for external fraud risks. The NHMRC has not established appropriate mechanisms to gain assurance over all grant recipients’ compliance with the terms of funding agreements or MREA grant recipients’ responses to the annual self-assessment compliance survey. Both of these are listed as controls for external risks related to the NHMRC’s administration of grant programs. Except for specific ICT controls, the NHMRC has not established a mechanism to review the effectiveness of controls listed in the 2023–2025 Fraud and Corruption Risk Assessment. (See paragraphs 2.39 to 2.62)

Fraud prevention and integrity culture

17. The NHMRC’s 2023–2025 Fraud and Corruption Control Risk Assessment includes preventative controls for all identified risks. Preventative controls for internal fraud risks directly relate to the cause of the risk. Preventative controls for external fraud risks largely relate to education and guidance materials for grant recipients and expected compliance with the NHMRC funding agreement. The NHMRC has not assessed the appropriateness and effectiveness of its preventative controls for fraud risks. Fraud risks are considered in the development of new grant guideline opportunities. The fraud risks were not reviewed following a change in ICT systems or based on the results of the annual compliance review for grant recipients. There are inconsistencies in the NHMRC’s procedures for staff on preventing, detecting and dealing with fraud. The NHMRC’s strategies to mitigate the risk of fraud are stronger for internal fraud risks than external fraud risks. (See paragraphs 3.2 to 3.24)

18. The NHMRC has fraud related guidance materials on its intranet. Fraud awareness training must be completed by staff upon commencement with the entity and refreshed on an annual basis. As at 30 June 2024, 189 of 244 staff had completed fraud awareness training, representing 77.5 per cent of the NHMRC’s total workforce. One of six senior executive service officers had completed this training. The NHMRC publishes its Research Integrity and Misconduct Policy on its website, which includes a section on fraud and other misconduct. The NHMRC’s website also allows anonymous reports of fraud to be provided. The NHMRC has not evaluated the effectiveness of its fraud awareness training. (See paragraphs 3.25 to 3.35)

19. The NHMRC does not carry out fraud investigations and has no qualified investigators. It does not oversee fraud investigations conducted by grant recipients or gain assurance they have been undertaken by qualified investigators. The NHMRC’s staff who identify, assess and manage fraud risks do not have the relevant fraud control training or qualifications. The NHMRC does not have a plan in place for the professional development of staff involved in fraud and corruption activities. (See paragraphs 3.36 to 3.46)

Fraud detection and response

20. The NHMRC listed detective controls for all but two of the risks identified in the 2023–2025 Fraud and Corruption Control Risk Assessment. Detective controls for internal fraud risks directly relate to the cause of the risk. Detective controls for external fraud risks largely require the cooperation of grant recipients. Except for limited testing of ICT controls, the NHMRC has not assessed the appropriateness and effectiveness of its detective controls for fraud risks. The NHMRC has processes in place to receive anonymous reports of alleged fraud. A 2023–24 audit of grant applications prior to the award of funding identified 11 applications which were ineligible that had not been detected during the NHMRC’s standard application review processes. The fraud risk assessment was not updated following the outcome of this audit. (See paragraphs 4.2 to 4.21)

21. The NHMRC’s 2023–2025 Fraud and Corruption Control Framework contains a flowchart of the steps to be undertaken following notification of a suspected fraud. These processes do not relate to instances of suspected fraud by a grant recipient as they are not investigated by the NHMRC. The funding agreements between the NHMRC and grant recipients do not provide the NHMRC with complete information in relation to suspected frauds. The NHMRC’s fraud registers do not contain sufficient information of the investigation or decision-making process. For the one case between 2022–23 and 2023–24 where an allegation of suspected fraud was substantiated after investigation by the grant recipient, the NHMRC did not report the incident to the Australian Federal Police (AFP). The NHMRC recovered $2.6 million in relation to this fraud case. (See paragraphs 4.22 to 4.37)

22. The NHMRC has complied with its reporting obligations in its annual report and to the Australian Institute of Criminology. For the only substantiated fraud in 2022–23 and 2023–24, the NHMRC briefed the Minister for Health and Aged Care following a press release by the relevant grant recipient. The NHMRC has arrangements in place with Health for the management of suspected fraud and other research misconduct. The NHMRC maintains fraud risk registers as well as misconduct and integrity registers, with a separate register developed for each year. These registers do not include detailed information about the incidents and are not consistent with each other. (See paragraphs 4.38 to 4.53)

Preparation for the revised Commonwealth Fraud and Corruption Control Framework 2024

23. The NHMRC’s 2023–2025 Fraud and Corruption Control Framework reflects the establishment of the National Anti-Corruption Commission in July 2023 and relevant reporting and referral requirements. In February 2024 the NHMRC developed an implementation plan, with key milestones and deadlines, for the commencement of the 2024 Commonwealth Fraud and Corruption Policy. As at July 2024 the NHMRC had prepared a draft updated framework and plan to satisfy the requirements of the 2024 Commonwealth Fraud and Corruption Policy. The NHMRC has not developed a plan to put the revised Policy into action, including the delivery of change management activities. (See paragraphs 5.2 to 5.10)

24. The NHMRC plans to review ten grant fraud risks and to test the controls for four grant fraud risks over the period 2024 to 2026. (See paragraphs 5.11 to 5.15)

Recommendations

Summary of entity response

25. The proposed audit report was provided to the NHMRC. The NHMRC’s full response is provided below.

The National Health and Medical Research Council (NHMRC) takes its responsibilities in relation to fraud and corruption risk seriously. We welcome the ANAO’s review of the efficacy of our systems and processes to prevent, detect and respond to this risk.

A small statutory authority within the Health and Aged Care portfolio, NHMRC funds the highest quality health and medical research and training, and issues guidelines and advice on the prevention, diagnosis and treatment of disease, the provision of health care and on ethical issues relating to health. NHMRC is committed to continuous improvement across all its endeavours and recognises that ensuring the effective and efficient discharge of our responsibilities is fundamental to maintaining community confidence in the health and medical research that underpins Australia’s health care system.

NHMRC accepts the audit findings, conclusions and recommendation and considers that this audit outcome presents an opportunity to further strengthen our management of fraud and corruption risk. NHMRC agrees with all five audit recommendations and will progress implementation with the guidance of our Executive Board and with quality assurance oversight from our independent Audit and Risk Committee.