Background

1. Airservices Australia (Airservices) is established under the Air Services Act 1995 to provide air traffic control and other related services to the aviation industry in Australian-administered airspace. The Department of Defence (Defence) provides air traffic management to military aviation in Australia, including at Defence airfields that operate with shared military and civil use.

2. The OneSKY program aims to build and operate a joint civil–military air traffic management system. The program includes the design and delivery of the new Civil Military Air Traffic Management System (CMATS) plus supporting infrastructure for Airservices and Defence. Airservices is the lead agency delivering the CMATS program in collaboration with Defence.

3. In February 2018 Airservices entered into separate acquisition and support contracts with Thales Australia Limited (Thales) and an on-supply agreement with Defence.

Rationale for undertaking the audit

4. Passengers in Australian airspace rely on Airservices to provide critical air traffic control infrastructure safely and efficiently. The OneSKY program is a major change for Airservices, and CMATS is a core component of the program. Airservices has contracted Thales to develop and support CMATS. The ANAO has previously undertaken three performance audits on the procurements for CMATS, the most recent in 2019.¹ Procurement and contract management of large-scale IT projects involve elevated risks. The audit provides assurance to Parliament on whether Airservices is managing the contract for CMATS effectively.

Audit objective and criteria

5. The objective of the audit was to assess the effectiveness of Airservices’ contract management for the OneSKY program.

6. To form a conclusion against the audit objective, the audit team applied the following high-level criteria:

• Has Airservices developed appropriate governance arrangements to support contract management?
• Has Airservices managed the contract effectively to achieve value for money?

Conclusion

7. Airservices’ contract management of the OneSKY program is partly effective. It has governance processes in place and has developed procedures to manage the contract. Shortcomings in contract management planning, performance management and probity have limited its effectiveness in managing the contract to minimise cost increases and schedule delays.

8. Airservices has implemented partly appropriate contract management governance arrangements. A contract management plan is in place; however, arrangements did not sufficiently cover provider performance, program risk and probity issues. Risk processes did not completely capture interdependencies between contract management and program risks. An on-supply agreement formalised arrangements between Airservices and the Defence for the delivery of CMATS. It relies on effective collaboration and governance forums for issues escalation. The Defence component of CMATS was declared a Project of Concern in October 2022 outside of the formal governance forums.

9. Airservices is partly effective in managing the contract to achieve value for money. It has a process to manage variations; however, a high number of variations to date have resulted in cost increases and schedule extensions, and the rationale for its value-for-money assessment was not consistently documented when seeking approval. The incentive-based pricing model agreed in the contract between Airservices and Thales has not been fully effective in containing costs, with the target price expected to be met. Airservices’ supplier performance management is not fully developed or utilised. Airservices applies enterprise-wide probity procedures for conflicts of interest and gifts and benefits, but staff did not always follow these.

Supporting findings

Contract management governance

10. Airservices has developed a OneSKY contract management plan. The plan covers elements set out in the Airservices contract management procedure, such as roles and responsibilities, governance arrangements and the variation process. It does not cover contract management risk or probity for CMATS, and does not reference the CMATS risk management plan or probity plan. The contract management plan does not sufficiently cover contractual performance management. The OneSKY program has 12 governance forums that are intended to provide direction and oversight. The OneSKY Strategic Relationship Forum has never met and in October 2022 CMATS was declared a Project of Concern. (See paragraphs 2.3 to 2.21)

11. Airservices applies the OneSKY program risk management process to contract management risks. It has risk management plans and documentation to identify and monitor contract risks; however, controls and treatments are not fully effective and contract management risks have been realised throughout the project. The interdependency between contract management risks (including Thales’ performance) and risk to overall program delivery and objectives is not fully captured — for example, through documentation of specific contract management actions and levers to ensure program-wide deliverables are achieved. (See paragraphs 2.22 to 2.39)

12. The on-supply agreement formalised the relationship between Airservices and Defence for the delivery of CMATS and has been varied 10 times. It covers collaboration between the two entities and governance forums, but does not provide for escalation if issues cannot be resolved within these mechanisms. In August 2021 Defence escalated its concerns about the project to ministerial level and in October 2022 the Minister for Defence Industry declared CMATS a Project of Concern. The Minister for Defence Industry has since held six meetings with principal stakeholders to address project underperformance. These have resulted in the development of a remediation plan to address program-wide issues. As at February 2025 CMATS remains on the Project of Concern list, with exit criteria formulated to demonstrate delivery of Defence capability. The exit criteria are not expected to be met before 2027. (See paragraphs 2.40 to 2.62)

Achievement of value for money

13. The combined impact of 44 variations as at 31 December 2024 has seen the cost of the acquisition contract increased by $160 million (AUD equivalent) and the delivery date extended by 53 months (four-and-a-half years). Airservices has a process in place to support the development and assessment of contract variations. Briefs to the approval delegate did not completely document how the various elements (technical need, risk and cost) collectively justified the value-for-money assessment or the effect of incremental change on the overall contract value for money. (See paragraphs 3.2 to 3.28)

14. The acquisition contract operates under an incentive arrangement where Airservices and Thales share costs and savings. Under the contract agreed in February 2018, Airservices reimburses Thales for actual costs incurred for works performed up to the ceiling cost. Since December 2023 the arrangement has focused on payments based on milestones. Airservices has mechanisms in place to monitor Thales’ performance, but it does not fully utilise these. In February 2024 program-level key performance indicators were introduced as part of Project of Concern remedial action but these do not provide associated consequences for supplier underperformance where relevant. (See paragraphs 3.29 to 3.69)

15. Airservices has procedures for probity management. Airservices utilises enterprise-wide conflict of interest procedures and gifts, benefits and hospitality acceptance procedures, but these are not reflected in OneSKY probity plans. Airservices staff accepted and did not declare gifts, benefits or hospitality, indicating limited compliance with Airservices’ code of conduct requirements and procedures on perceived and actual conflicts. (See paragraphs 3.70 to 3.88)

Recommendations

Summary of entity responses

16. The proposed audit report was provided to Airservices and Defence. An extract was provided to Thales. Airservices’ and Defence’s summary responses are provided below and their full responses are provided at Appendix 1.²

Airservices Australia

Airservices acknowledges the report’s findings and appreciates its thorough analysis. While some findings do not fully align with the recommendations, the latter primarily focus on documentation improvements rather than significant deficiencies in existing practices. There are substantial differences between the previously shared report preparation paper (RPP) and the S19 proposed report, specifically noting that the newly added ‘Conclusion’ section presents a more negative view than the broader findings suggest.³ It is pertinent to note Airservices has swiftly implemented corrective actions, addressing all recommendations reflecting its commitment to the OneSKY program and national airspace management harmonization.

Key responses to the recommendations include updating the OneSKY Program Contract Management Plan to enhance guidance on risk management, performance monitoring, and periodic contract reviews. Contract management risks have been integrated into the broader program risk framework, while the Evaluation Report Template has been refined to further clarify value-for-money assessments. The in-practice structured set of approved KPIs have also been linked with contract management plan for cross-reference, and a new procedure has been introduced to strengthen probity awareness regarding hospitality, gifts, and benefits.

These promptly implemented actions demonstrate Airservices’ dedication to continuous improvement in successfully delivering the complex OneSKY program.

Department of Defence

Defence welcomes the ANAO Audit Report into the Management of the OneSKY contract and acknowledges the findings. Defence notes the five recommendations contained in the audit report relate to Airservices Australia’s (Airservices) contract management processes.

Defence is committed to strengthening and standardising processes and controls for contract management. Whilst the audit recommendations are against Airservices’ processes, as part of the collaboration between Airservices and Defence on the OneSKY Program, Defence will work with Airservices and assist, where required and appropriate, to apply the audit recommendations.

Background

1. Fraud against Australian Government entities and corrupt conduct by Australian Government officials are serious matters that can constitute criminal offences. Fraud and corruption undermine the integrity of and public trust in government, including by reducing funds available for government program delivery and causing financial and reputation damage to defrauded entities.¹

2. The Australian Government’s Commonwealth Fraud and Corruption Control Framework defines fraud and corruption as:

• fraud: dishonestly obtaining (including attempting to obtain) a gain or benefit, or causing a loss or risk of loss, by deception or other means; and
• corruption: any conduct that does or could compromise the integrity, accountability or probity of public administration.²

3. Creative Australia, a corporate Commonwealth entity (CCE), is the Australian Government’s primary investment and advisory body for arts and culture. In 2023–24 Creative Australia supported the community by administering $237.4 million in grants and other funding opportunities.

Rationale for undertaking the audit

4. Fraud and corruption against Australian Government entities reduces available funds for public goods and services and causes financial and reputational damage to the Australian Government.³

5. The Australian Government amended section 10 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), effective 1 July 2024⁴, to include corruption risks and introduce new requirements for fraud and corruption governance arrangements. All Australian Government entities are required to have fraud and corruption control arrangements in place to prevent, detect and respond to fraud and corruption.⁵

6. Creative Australia must meet the minimum standards set out in the PGPA Rule and, as a CCE, it is strongly encouraged to implement the Commonwealth Fraud and Corruption Policy.⁶ This audit is intended to provide assurance to the Parliament regarding the fraud and corruption control arrangements in Creative Australia.

Audit objective and criteria

7. The objective of the audit was to assess the effectiveness of Creative Australia’s fraud and corruption control arrangements.

8. To form a conclusion against this objective, the following high-level criteria were adopted.

• Have appropriate arrangements been established to oversee and manage fraud and corruption risks?
• Have appropriate mechanisms been established to prevent fraud and corruption, and promote a culture of integrity?
• Have appropriate mechanisms been established to detect and respond to fraud and corruption?

Conclusion

9. Creative Australia’s fraud and corruption control arrangements are partly effective. Creative Australia has mechanisms in place that seek to mitigate internal fraud and corruption risks. These mechanisms are partly appropriate for the purpose of preventing, detecting and investigating external fraud risks.

10. Creative Australia has established partly effective arrangements to oversee and manage fraud and corruption risks. Creative Australia has developed a Fraud and Corruption Control Framework that has external and internal fraud controls. Creative Australia does not categorise its controls. The framework has been developed in the context of Creative Australia’s risk management framework and documents fraud and corruption risk responsibilities of senior officials. Creative Australia does not differentiate between fraud risks and corruption risks in its risk register. The scope of fraud and corruption control responsibilities are not reflected in Creative Australia’s Authorisations Framework. Creative Australia’s Audit and Risk Committee (ARC) approved the fraud and corruption policy and discussed the policy with the Australia Council Board (the Board). The ARC provides advice on the fraud and corruption risk management system. The ARC is not able to provide assurance to the accountable authority on the appropriateness of controls. While risk assessment results are recorded in Creative Australia’s risk management system, the process undertaken to assess fraud and corruption risks is not documented. Creative Australia does not test the effectiveness of its fraud and corruption controls beyond making a judgement as to whether they are working. Creative Australia did not have a Fraud Control Plan in 2023–24. Its 2024–25 Fraud and Corruption Control Plan does not appropriately manage fraud and corruption risks, and was developed without consideration to risk assessments, and does not consider new functions and activities.

11. Creative Australia has established partly effective mechanisms to prevent fraud and corruption and promote a culture of integrity. Creative Australia’s processes assist officials in preventing fraud and corruption. Creative Australia has established mechanisms to ensure its officials are aware of what constitutes fraud and corruption. Two of the 15 fraud and corruption risks do not have controls in place. Fraud and corruption risks are not considered when planning and undertaking activities. Creative Australia did not have a mechanism to effectively monitor completion of mandatory induction training for all new staff and advised the ANAO in March 2025 that it has since moved to a process of recording training records in its Human Resource management system. Creative Australia’s officials with responsibilities for the management and oversight of fraud and corruption are not primarily employed to undertake fraud and corruption risk management activities. These officials have not undertaken professional development to increase capability in the management of fraud and corruption risks.

12. Creative Australia’s mechanisms to detect and respond to fraud and corruption are partly effective. Creative Australia has not detected a suspected case of fraud or corruption. While Creative Australia has detailed reporting requirements in its multi-year investment programs, it does not have a robust detection mechanism in its general grants and Australian Cultural Fund (ACF) programs. Creative Australia does not cross check non-compliance with the ACF when applicants are accessing other grant opportunities, and if potential fraud or corruption is detected, it does not have guidelines to manage an investigation appropriately. Creative Australia has appropriate mechanisms in place to detect externally originating cyber-attacks. External parties do not have a way to report suspected cases of fraud or corruption confidentially. Non-compliance with grant requirements, including not completing funding activities, are not considered as a potential fraud case by Creative Australia.

Supporting findings

Oversight and management of fraud and corruption risks

13. Creative Australia has established a Fraud and Corruption Control Framework that defines fraud and corruption. Corruption is not defined in line with the definition contained in section 8 of the National Anti-Corruption Commission Act 2022 (NACC Act). The framework does not reference the NACC Act or identify processes for overseeing or managing fraud and corruption risks. Senior officials are assigned responsibilities for fraud control activities in the framework which are not reflected in Creative Australia’s Authorisations Framework. The ARC provides the accountable authority advice over risk management. The ARC does not receive independent assurance on the effectiveness of Creative Australia’s fraud and corruption control arrangements. The ARC does review and approve the fraud and corruption control framework and notes the results of Creative Australia’s internal audit program related to fraud and corruption. Fraud and corruption risks are not reported to the accountable authority. (See paragraphs 2.2 to 2.20)

14. Creative Australia reviews its fraud and corruption risks every six months. There is no documented process for identifying risks, including for entity-specific activities, functions and programs, and fraud and corruption risk assessments are not documented. Effective November 2024, the updated 2024–25 Fraud and Corruption Control Policy does not incorporate changes reflecting the absorbed functions of Creative Australia Partnerships Limited. Creative Australia uses a risk matrix to determine a risk rating for its fraud and corruption risks. Topics covered in Creative Australia’s internal audit program are not informed by the outcomes of fraud and corruption risk reviews. (See paragraphs 2.21 to 2.40)

15. Creative Australia did not have a fraud control plan for 2023–24 and considered its control plan for 2022–23 remained fit for purpose. Creative Australia’s 2024–25 fraud and corruption control plan does not refer to risk assessments, is not linked to fraud and corruption risks, and Creative Australia does not test the effectiveness of its fraud and corruption controls, outside of testing its ICT environment. The ARC uses Creative Australia’s internal audit program every two years to provide a level of confidence to the Board on control effectiveness. (See paragraphs 2.41 to 2.53)

Fraud and corruption prevention and integrity culture

16. Creative Australia has not assessed the appropriateness and effectiveness of its fraud and corruption controls. Creative Australia does not categorise its controls as preventative, detective or corrective. The ANAO assessed controls and determined that 84 per cent of controls are preventative. Two fraud and corruption risks recorded in Creative Australia’s risk management system do not have controls in place. Controls with preventative properties largely relate to functions and activities of Creative Australia that existed prior to 1 July 2023, not incorporating new activities and functions, including the functions acquired on the deregistration of the company Creative Australia Partnerships Limited. Creative Australia does not have a process to prevent non-compliant recipients of funding through the Australian Cultural Fund (ACF) from accessing grants through its other grant programs. Creative Australia has a framework and controls to mitigate the risk of fraud associated with unauthorised access to Creative Australia systems. (See paragraphs 3.3 to 3.23)

17. Creative Australia has mechanisms to ensure its officials are aware of what constitutes fraud and corruption. Induction training includes fraud and corruption awareness. Creative Australia has no documented process to monitor attendance and completion rates of induction training for new officials. Creative Australia has policies related to conflicts of interest, confidentiality, public interest disclosures, and code of conduct available on its website. The website does not provide a mechanism for external parties to request a copy of Creative Australia’s Fraud and Corruption Control Policy. Creative Australia’s external contracts contain anti-bribery and anti-corruption clauses. Creative Australia does not monitor or evaluate its awareness initiatives. (See paragraphs 3.24 to 3.35)

18. Creative Australia has not undertaken any fraud or corruption investigations. If required, Creative Australia advised that investigations would be carried out by suitably qualified external investigators. Creative Australia has officials that have fraud and corruption risk management responsibilities. These officials are not primarily engaged to undertake fraud and corruption risk activities. (See paragraphs 3.37 to 3.46)

Fraud and corruption detection and response

19. Creative Australia has controls in place to detect external cyber-attacks. Creative Australia does not have mechanisms in place for external parties to report suspected cases of fraud or corruption anonymously where appropriate. Processes are in place to detect incidents where non-compliant grant recipients have not carried out the funded activity. Creative Australia does not treat these incidents as potential fraud and does not check non-compliance in its ACF when applicants are accessing grants in its other grant programs. Creative Australia reports individual cases of non-compliance in its grant programs, other than the ACF, when reports are more than 30 weeks overdue. All 15 fraud and corruption controls with detective properties are consistent with the Commonwealth Fraud Prevention Centre’s catalogue of fraud controls. Creative Australia has not assessed the appropriateness and effectiveness of its detective controls for fraud and corruption risks. (See paragraphs 4.2 to 4.16)

20. Creative Australia has not undertaken or responded to a fraud or corruption investigation. Creative Australia developed a Fraud and Corruption Incident Register where it intends to record cases of suspected fraud or corruption, should an incident be reported or identified. Creative Australia does not investigate non-compliance with grant requirements where activities are not completed as a suspected case of fraud and does not cross check non-compliance with reporting in the ACF when an applicant is accessing its other grant programs. In cases of non-compliance where grant recipients received a ’30-week letter’, Creative Australia did not follow up on its requests to repay grant funds when funded activities had not been completed. (See paragraphs 4.18 to 4.34)

21. Creative Australia has complied with its annual reporting obligations and completed its response to the Australian Institute of Criminology’s annual survey within the timeframes required. Creative Australia has not reported any suspected fraud or corruption incidents. Creative Australia has developed a Fraud and Corruption Incident Register. (See paragraphs 4.37 to 4.45)

Recommendations

Summary of entity response

22. The proposed audit report was provided to Creative Australia. The summary response to the report is below and the full response is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Creative Australia is committed to ensuring that its fraud and corruption obligations are taken seriously and welcomed the ANAO’s review of its systems, processes and control arrangements.

As part of the National Cultural Policy: Revive (January 2023), the functions of Creative Australia have substantially expanded, with the period of change commencing on 1 July 2023 and continuing over an initial four-year horizon.

As a result, Creative Australia is rapidly developing, deploying, and maturing our strategy, policies, procedures and operations (including fraud and corruption control arrangements) in response to these changes.

Creative Australia acknowledges that with the changing landscape of fraud and corruption, including an increasingly challenging cyber security environment, all organisations are actively seeking to adapt and strengthen systems and controls to prevent and detect fraud and corruption. This of course is more challenging in a small organisation of limited resources.

The Accountable Authority of Creative Australia will ensure that the recommendations from this review are implemented, the opportunities for improvement are carefully considered, and that appropriate expert resources are devoted to improving and enhancing our control arrangements in a timely, effective, and efficient manner.

Background

1. Reducing the disparity between Indigenous and non-Indigenous economic outcomes has been a longstanding goal of Australian governments. The National Agreement on Closing the Gap aims to strengthen economic participation and development of Aboriginal and Torres Strait Islander people and their communities.¹ Increasing opportunities for Indigenous economic participation has also been an area of interest for the Australian Parliament.²

2. The Indigenous Procurement Policy (IPP) was established in 2015 with the objective ‘to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy’.³ One of three elements of the IPP are the mandatory minimum requirements (MMRs), which are targets for minimum Indigenous employment and/or supply use for Australian Government contracts valued from $7.5 million in certain specified industries.⁴ The National Indigenous Australians Agency (NIAA) is responsible for administering the IPP, including the MMRs.

Rationale for undertaking the audit

3. The stated policy objective of the MMRs is to ‘ensure that Indigenous Australians gain skills and economic benefit from some of the larger pieces of work that the Commonwealth outsources, including in Remote Areas’.⁵ Compliance with the MMRs is mandatory for non-corporate Commonwealth entities. The MMRs were established in July 2015 and became binding on contractors from 1 July 2016.

4. Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements was undertaken to provide assurance that the MMRs were being effectively administered and selected entities were complying with them.⁶ The audit concluded that while the MMRs were effectively designed, their administration had been undermined by ineffective implementation and monitoring by the policy owner and insufficient compliance by the selected entities.⁷ The audit made six recommendations to improve administration of and compliance with the MMRs, which were all agreed to.

5. Auditor-General reports identify risks to the successful delivery of government outcomes and provide recommendations to address them. The tabling in the Parliament of an agreed response to an Auditor-General recommendation is a formal commitment by the entity to implement the recommended action. Effective implementation of agreed Auditor-General recommendations demonstrates accountability to the Parliament and contributes to realising the full benefit of an audit.⁸

6. This audit examines whether the NIAA; Department of Defence (Defence); Department of Education (Education); Department of Employment and Workplace Relations (DEWR)⁹; Department of Home Affairs (Home Affairs); and Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts (Infrastructure) have effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20. Entities’ implementation of agreed recommendations will help provide assurance to the Parliament about whether the MMRs are meeting the objective of stimulating Indigenous entrepreneurship, business and economic development and providing Indigenous Australians with opportunities to participate in the economy.

Audit objective and criteria

7. The audit objective was to assess whether selected entities effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.

8. To form a conclusion against the objective, the following high-level criteria were adopted.

• Did the NIAA implement recommendations related to the administration of the MMRs?
• Does the NIAA manage exemptions to the MMRs effectively?
• Did selected entities implement recommendations related to their compliance with the MMRs?

Conclusion

9. Almost five years after the recommendations were agreed to, entities had partly implemented recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements. Although the NIAA had improved guidance for entities and sought to increase MMR reporting compliance, a recommendation for the NIAA as the policy owner to implement an evaluation strategy was not completed. The NIAA has not demonstrated whether the MMRs are improving Indigenous economic participation. A risk related to the inappropriate use of exemptions was not managed. Recommendations intended to address the risk that reporting on MMR contracts is incomplete and inaccurate were partly implemented by audited entities. Reforms to the Indigenous Procurement Policy were announced in February 2025 without a clear understanding of the policy’s effectiveness.

10. The NIAA largely implemented two of three recommendations relating to its administration of the MMRs: to develop guidance on the MMRs for Australian Government entities and contractors; and to implement a strategy to increase MMR reporting compliance. The NIAA did not complete a third recommendation as it developed but did not implement an MMR evaluation strategy. Additional commitments made by the NIAA in response to two recommendations were not met.

11. Contracts subject to the MMRs may be exempted by entities for valid reasons established in the Indigenous Procurement Policy. The inappropriate use of exemptions impedes achievement of the Indigenous Procurement Policy’s objectives. The NIAA’s management of exemptions has been partly effective. Systems have been set up to allow potentially invalid exemptions. There is a lack of guidance and assurance over the appropriate use of exemptions.

12. Defence, Education and Home Affairs largely implemented the agreed recommendations relating to compliance with the MMRs. The NIAA, DEWR and Infrastructure partly implemented the agreed recommendations. The MMRs are relevant to the approach to market, tender evaluation, contract management, reporting and finalisation phases of a procurement. Compliance with the MMR requirements was higher in the approach to market, tender evaluation and contract management phases than in the reporting and finalisation phases. All entities could do more to ensure contractors’ compliance with MMR targets and to gain assurance over reported MMR performance.

Supporting findings

Administration of mandatory minimum requirements

13. Auditor-General Report No. 25 2019–20 recommended that the NIAA develop tailored guidance on managing the MMRs throughout the contract lifecycle in consultation with entities and contractors. The NIAA published updated guidance on managing the MMRs in July 2020, following stakeholder consultation. The guidance included complete information for nine of 14 topics identified as requiring additional guidance in Auditor-General Report No. 25 2019–20. Guidance included incomplete information on MMR exemptions, managing MMR performance reporting, and obtaining assurance over contractors’ MMR performance reporting. As at March 2025, guidance had not been updated since July 2020 despite changes to MMR reporting requirements. A commitment to publish guidance tailored for Indigenous businesses was not met. (See paragraphs 2.5 to 2.22)

14. Contractors must report on, and Australian Government entities must assess, performance in meeting agreed MMR targets. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement a strategy to increase entity and contractor compliance with MMR reporting requirements to ensure information in the Indigenous Procurement Policy Reporting Solution (IPPRS) is complete. The NIAA planned and undertook activities aimed at increasing contractors’ compliance with MMR reporting requirements and entities’ management of reporting non-compliance. These included improvements to the IPPRS and monitoring reporting compliance in Australian Government portfolios. The NIAA closed the ANAO recommendation before planned changes to the IPPRS were implemented. As at February 2025, the IPPRS did not fully support contract managers to meet reporting requirements for all types of MMR contracts. User feedback indicated ongoing access and support issues. While reporting compliance increased between 2022 and 2024, as at June 2024, entities and contractors were not fully compliant with MMR reporting requirements and information in the IPPRS was incomplete. Reforms to the IPP announced by government in February 2025 included potentially increasing transparency of suppliers’ performance against MMR targets. (See paragraphs 2.23 to 2.32)

15. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement an evaluation strategy for the MMRs that outlines an approach to measuring the impact of the policy on Aboriginal and Torres Strait Islander employment and business outcomes. Although an evaluation strategy for the MMRs was finalised, it was not implemented. The NIAA has not met requirements to review the effectiveness of a procurement-connected policy every five years. There is no performance monitoring and limited public reporting about the MMRs. (See paragraphs 2.33 to 2.54)

Exemptions from mandatory minimum requirements

16. Between July 2016 and September 2024, 63 per cent (valued at $69.3 billion) of all contracts recorded in the Indigenous Procurement Policy Reporting Solution (IPPRS) were exempted from the MRRs by relevant entities. The proportion of contracts exempted by entities from the MMRs has increased over time. The IPPRS has been set up by the NIAA to allow entities to record reasons for exemptions. The reason categories in the IPPRS mainly align with the Indigenous Procurement Policy, however include a category called ‘other’ that does not align. Of exempted contracts, 34 per cent (valued at $30.2 billion) used the exemption category ‘other’. The NIAA advised the ANAO that some contracts exempted for ‘other’ reasons were exempted because they are in practice non-compliant with the Indigenous Procurement Policy. Entities’ use of the ‘other’ exemption category for non-compliant contracts obscures the degree of non-compliance with the MMRs and is not appropriate. The NIAA does not provide complete guidance on the use of exemptions, or assurance over the legitimacy of exemptions. The NIAA has not considered the strategic implications of exemption usage for the achievement of policy objectives. (See paragraphs 3.1 to 3.13)

Compliance with mandatory minimum requirements

17. Auditor-General Report No. 25 2019–20 recommended that all audited entities review and update their procurement protocols to ensure procuring officers undertaking major procurements that trigger the MMRs comply with required steps in the procurement process.

• As at December 2024, all entities updated their procurement protocols for MMR requirements. One component of this was the development of detailed internal guidance. As at December 2024, Defence, Education, Home Affairs and Infrastructure’s guidance identified key MMR requirements for the approach to market to contract management phases of the procurement lifecycle. DEWR’s guidance and the NIAA’s internal guidance did not identify all key MMR requirements.
• Aside from Home Affairs, all entities’ contracts were largely compliant with the MMRs at the approach to market, tender evaluation and contract management phases of the procurement lifecycle. Home Affairs’ contracts was partly compliant. Defence’s compliance was poorer for contracts resulting from panel procurements.
• All audited entities could improve tender evaluation processes by including an IPPRS search on tenderers’ past MMR compliance.
• In summary: Defence, Education, and Infrastructure largely implemented the 2019–20 recommendation, and the NIAA and DEWR partly implemented it. Home Affairs’ guidance was appropriately updated, however it has not consistently ensured that procuring officers undertaking major procurements that trigger the MMRs comply in practice with the required steps. (See paragraphs 4.3 to 4.18)

18. Auditor-General Report No. 25 2019–20 recommended that all audited entities establish processes, or update existing processes, to ensure contract managers and contractors regularly use the IPP Reporting Solution (IPPRS) for MMR reporting.

• Defence, Education and Home Affairs’ internal guidance identified key IPPRS reporting requirements, while the NIAA, DEWR and Infrastructure’s internal guidance did not identify all key requirements.
• For a sample of contracts, the NIAA’s MMR reporting was timely and based on accurate IPPRS data. For the other five entities, there were issues with both timeliness and accuracy. None of the five entities consistently followed up on late contractor reporting.
• When a contract variation is published on AusTender, IPPRS data is not consistently updated. This means a contract may be identified as on track to meet the MMR target based on incorrect values or a contract may move to the finalisation step prematurely as the end date is inaccurate.
• In summary: Defence, Education and Home Affairs largely implemented the 2019–20 recommendation, and the NIAA, DEWR and Infrastructure partly implemented it. (See paragraphs 4.19 to 4.37)

19. Auditor-General Report No. 25 2019–20 recommended that after guidance has been provided by the policy owner, all audited entities establish appropriate controls and risk-based assurance activities for active MMR contracts.

• As the policy owner, the NIAA published guidance in July 2020 that has a short overview on how MMR performance information could be verified.
• All six entities established at least some controls and arrangements to gain assurance over contractors’ MMR performance reporting. Controls and arrangements were more developed in Education and Home Affairs.
• For a sample of contracts examined, none of the entities consistently undertook assurance activities to verify contractor performance reporting. Defence undertook the most assurance activity.
• In summary: all entities partly implemented the 2019–20 recommendation. (See paragraphs 4.38 to 4.59)

Note a: Based on 161 contracts where an assessment outcome was reported as at 30 September 2024.

Note b: Joint Standing Committee on Aboriginal and Torres Strait Islander Affairs, Inquiry into economic self-determination and opportunities for First Nations Australians (2024), pp. 13–19, 39–40.

Recommendations

20. This report makes eight recommendations.

Summary of entity responses

21. Extracts of the proposed audit report were provided to the NIAA, Defence, Education, DEWR, Home Affairs and Infrastructure. Entities’ summary responses are provided below. Entities’ full responses are provided at Appendix 1.

National Indigenous Australians Agency

The National Indigenous Australians Agency (NIAA) welcomes the findings of the audit.

The primary purpose of the Indigenous Procurement Policy (IPP) is to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy. The Mandatory Minimum Requirements (MMR) are a key component of this policy.

Prior to the implementation of the policy in 2015, Indigenous businesses secured limited business from Commonwealth procurement. The policy has significantly increased the rate of purchasing from Indigenous businesses.

The NIAA is proud to take the lead on behalf of the Commonwealth in providing advice on how to best meet the requirements of the IPP. The NIAA provides advice to Commonwealth entities through its many publications and its dedicated IPP team. Within the resources available, the NIAA has also invested in providing ICT tools and support to assist Commonwealth entities with their responsibility to ensure accurate reporting on targets and MMRs.

As with all other elements of the Commonwealth Procurement Rules, it is the responsibility of each Commonwealth entity to meet the obligations of the IPP. The NIAA welcomes the ANAO’s recommendations on how it can improve the advice it provides to entities to meet their obligations.

Department of Defence

Defence welcomes the ANAO Audit Report assessing whether selected entities effectively implemented the agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.

Defence agrees to the recommendation directed at all audited entities to establish or strengthen processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with the mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

As the Commonwealth’s largest procurer, Defence is proud of its significant commitment towards supporting the long-term growth and sustainability of the Indigenous business sector, and will continue working with the National Indigenous Australians Agency to improve the monitoring and reporting of the MMR targets.

Department of Education

The Department of Education welcomes this report. The report recognises the significant efforts the department has made to implement changes recommended by the ANAO’s performance audit of February 2020, however the department acknowledges the need to continue its efforts to strengthen its processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

Education is already making progress towards meeting the report’s recommendation, including working with contract managers to ensure that assurance activities are performed more consistently, and that contract managers regularly review and verify contractor reports. Education will continue to engage with departmental contract managers to ensure that MMR contracts are actioned in the IPPRS within the audit’s recommended timeframes.

Education notes the audit’s broader messages to all entities on the importance of strengthening procurement processes to ensure tenderers’ Indigenous Participation Plans are assessed and that assessments are appropriately documented. Education has added additional information to its intranet guidance on the process required when evaluating tender responses for MMR contracts, and its guides on approaching the market and evaluating and selecting suppliers. In addition, Education has updated its Evaluation Plan templates to include MMR requirements as part of the evaluation process, where applicable.

Education are regular participants in the Commonwealth Procurement and Contract Management Community of Practice and participate in networking opportunities across the Australian Public Service, including informal knowledge sharing across entities.

Department of Employment and Workplace Relations

The Department of Employment and Workplace Relations (DEWR) acknowledges the Australian National Audit Office’s (ANAO) report detailing the outcomes of the follow up audit of Targets for minimum Indigenous employment or supply use in major Australian Government procurements.

DEWR is committed to delivering compliant procurement processes that deliver the expected business outcomes. This includes ensuring compliance with the Indigenous Procurement Policy and that our high value (as defined by the Indigenous Procurement Policy) contracts are properly managed and reported on. Starting from a low maturity level, we have been on a continuous journey of improvement since the Department’s creation in July 2022 (following a Machinery of Government change). We acknowledge and accept the ANAO’s findings and commit to implementing their recommendations as part of our broader procurement maturity program of work.

Department of Home Affairs

The Department of Home Affairs is committed to the implementation of the Government’s policy objective to drive growth in Aboriginal and Torres Strait Islander businesses and employment.

The Department agrees with the two recommendations made by the Auditor-General aimed at improving the Department’s compliance with mandatory minimum requirements (MMR) of the Indigenous Procurement Policy throughout the procurement and contract management phases, and will strengthen its processes, guidance, reporting and assurance activities to achieve this.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts

The department supports the policy objectives of the Indigenous Procurement Policy and the achievement of the Mandatory Minimum Requirements (MMR) as a key element of the IPP. This follow up audit, which examined all five of the department’s procurements that triggered the MMR, has highlighted the need for further improvement in aspects of the department’s arrangements for meeting the MMR. The department is committed to making the necessary improvements to its processes.

Background

1. Australia’s biosecurity system protects its environment, economy and way of life. Australia is one of the few countries that remain free from some of the world’s most damaging pests and diseases, for example foot-and-mouth disease (FMD).¹ The Department of Agriculture, Fisheries and Forestry (the department) has forecast the value of production in the agriculture, fisheries and forestry sectors to reach $94.3 billion in 2024–25.²

2. In 2021, the department (then the Department of Agriculture, Water and the Environment (DAWE)) released Commonwealth Biosecurity 2030, a ‘strategic roadmap for protecting Australia’s environment, economy, and way of life’.³ The roadmap identified that the department needs a ‘workforce that has the capacity, skills, and flexibility to prepare for and respond to emerging biosecurity risks, challenges, and opportunities,’ and included a priority action to ‘invest in a skilled and responsive workforce supported by improved regulatory tools and information.’⁴

Rationale for undertaking the audit

3. Regulatory and workforce capability has been identified by the department as a strategic risk that has the potential to impact its ability to achieve its purposes and priorities.⁵

4. Recent reviews of the department, including by the ANAO, the Inspector-General of Biosecurity, and the Australian Public Service Commission have found weaknesses in the department’s workforce planning, governance, arrangements to respond to non-compliance with biosecurity requirements, and culture.

5. This audit provides assurance to Parliament that the department has effective workforce planning, delivery, and oversight to deliver Australia’s Appropriate Level of Protection against biosecurity import risks at the Australian border.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of the Department of Agriculture, Fisheries and Forestry’s management of the biosecurity workforce.

7. To form a conclusion against the audit objective, the following criteria were adopted.

• Has the department undertaken appropriate workforce planning to deliver the biosecurity function?
• Does the department meet the requirements of its workforce plans for the biosecurity workforce?
• Has the department established effective arrangements to monitor and report on the activities and delivery of the biosecurity workforce?

Conclusion

8. The department’s planning and management of the biosecurity workforce is partly effective. Deficiencies in planning for and the delivery of the workforce and systemic and ongoing issues with information management compromise the department’s ability to effectively manage biosecurity risks. The department is progressing workforce planning activities at the enterprise level and within Biosecurity Operations Division (BOD) and the Post Entry Quarantine Facility (PEQ). These workforce planning activities will need to be supported by monitoring and reporting arrangements that identify and allocate the workforce resources to the areas of greatest biosecurity risk; and allow for an assessment of the effectiveness of biosecurity activities.

9. The department has been partly effective in its workforce planning for the biosecurity function. A group-level tactical workforce plan was approved in October 2024 and an enterprise-wide workforce strategy was published in December 2024. These documents, when implemented, have the potential to integrate workforce planning into the department’s enterprise planning framework and to align it with the department’s purpose. Prior to the development of these plans, BOD undertook workforce planning activities including the development of workforce reports and an operational Workforce Strategy. The operational Workforce Strategy for BOD would benefit from the inclusion of a future state workforce design. An operational workforce plan has not been developed for PEQ. The impact of changes in biosecurity risk on workforce resource requirements are not consistently measured. The department does not have a strategy for coordinating surge support at the border. Business continuity plans for BOD have not been maintained. Business continuity plans for PEQ are published and maintained.

10. The department has been partly effective in meeting the requirements of its biosecurity workforce plans. The biosecurity workforce is below budgeted levels, driven by understaffing in BOD. The department has established mechanisms to authorise biosecurity officers under the Biosecurity Act 2015 (the Act). The department does not have a policy that clarifies the circumstances for biosecurity officer authorisations, including when authorisation is no longer required. The department supports staff to make decisions regarding biosecurity risk through training and the development of decision support material, and has funded projects to update decision support material. Not all instructional material used by biosecurity officers is held in the instructional material library, and 39 per cent of biosecurity-related material in the library is out of date. Staff competencies are not stored in an appropriate record-keeping system and ongoing verification of staff competencies is not part of a risk-based framework that supports divisional and enterprise learnings and continual improvement. The department does not have assurance that staff are booked to cargo inspections in accordance with their competencies.

11. The department’s monitoring and reporting of biosecurity activities and workforce is partly effective. The department has systems in place that collect data on the biosecurity workforce and on the activities and delivery of the biosecurity function. Data quality issues relating to establishment and scheduling data limit the department’s understanding of its resource allocation. The department is currently progressing an enterprise-level human resources data-linking project, which has the potential to provide insights into its workforce. Until there are links between resource systems and biosecurity outcomes, the department is unable to gain assurance over the effectiveness of its workforce allocations against biosecurity risks. Ongoing deficiencies in the department’s record keeping impact its documentation of its business considerations and decisions, and risks the department being unable to demonstrate that staff have the competencies to undertake tasks they are assigned.

Supporting findings

Workforce planning for the biosecurity function

12. In October 2024 the department developed a group-level tactical workforce plan for the Biosecurity, Operations and Compliance Group. An enterprise-level workforce strategy and planning framework was published in December 2024. The governance framework over workforce planning that occurs at the group, division and team levels does not ensure that existing work is leveraged for department-wide impact and to prevent duplication of effort. BOD has developed operational and program level planning specific to its operating context. These set out activities intended to support workforce attraction, recruitment and retention. They do not describe a clear future state for the workforce in terms of identifying required staffing numbers, linked to skills and capabilities, location and strategies for delivering against surge and overtime requirements. The PEQ does not have finalised workforce plans. (See paragraphs 2.3 to 2.49)

13. The department has commenced work to develop interventions across the employment lifecycle intended to deliver a sustainable future workforce. BOD has drafted a recruitment strategy and commenced developing a capability framework. PEQ has a draft capability framework, which has not been implemented. The department does not have a strategy to meet government targets for First Nations representation in the biosecurity workforce. (See paragraphs 2.50 to 2.73)

14. The department has processes in place to consider the workforce impact of changes in risk at the border. These are not consistently applied. BOD has identified the need to formalise surge capacity and capability in executive forums. The division does not currently have a dedicated surge response for deployment during an unexpected biosecurity event. BOD undertook a review of its business continuity plans in 2022 and developed a framework and some plans as a result of the review. The plans are now out of date and have been removed from the department’s intranet. A further review and updating project is planned for 2025. PEQ has a business continuity plan that is available on the intranet. (See paragraphs 2.74 to 2.99)

Delivering the biosecurity workforce

15. At June 2024, BOD was 320.9 full time equivalent staff below budgeted staffing levels. This has resulted in increased wait times for industry. At June 2024, PEQ staffing was at budgeted levels. Over 2022–23 and 2023–24, BOD and PEQ recruitment process timelines exceeded departmental policy requirements. The department has developed materials to assist staff to make biosecurity related decisions and manage biosecurity risk. Not all materials are centrally located in an approved system, and 39 per cent of biosecurity-related instructional material is out of date, creating a risk that biosecurity risk is not being effectively managed. (See paragraphs 3.3 to 3.39)

16. The department has established mechanisms to authorise biosecurity officers under the Act. The department would benefit from documentation guiding when authorisation is appropriate, when it should be maintained, and when it should be revoked. The department has identified necessary staff competencies and has developed training and competency assessment processes. Records of competency assessment are not stored in an appropriate record-keeping system and the department does not have assurance the cargo and maritime inspections scheduling system schedules inspectors according to their competencies. The process of verifying staff competencies does not ensure a risk-based approach to coverage, allow for continual improvement of processes, or provide executive oversight. (See paragraphs 3.40 to 3.112)

Monitoring and reporting of the activities and delivery of the biosecurity workforce

17. The department has systems in place that collect data on the activities and delivery of the biosecurity workforce. BOD has identified deficiencies in its data governance over the collection of information into Aurion and the Scheduling and Workload Management System (SWMS). There are also deficiencies in the department’s record keeping, which result in a lack of clarity over decisions taken and assurance over key processes. The inconsistent, incorrect or incomplete collection of information impedes the ability of the department to use data to understand its workforce and activities. (See paragraphs 4.3 to 4.27)

18. The department has created dashboard reports summarising biosecurity activities and the workforce. These are used by staff at all levels and in all pathways. Reports present information on the activities undertaken by the department, and its operating context. Inconsistent data collection and the absence of leakage reporting against all pathways and locations impacts the department’s ability to understand and prioritise risks presented by each pathway and to allocate its workforce in response. (See paragraphs 4.28 to 4.49)

Recommendations

Summary of entity response

19. The proposed audit report was provided to the department. The department’s summary response is reproduced below. The full response from the department is at Appendix 1. Improvements observed by the ANAO over the course of this audit are listed at Appendix 2.

The Department of Agriculture, Fisheries and Forestry (the department) welcomes the findings of the ANAO and is committed to implementing the report’s seven recommendations appropriately and in a timely manner.

The recommendations focus on strengthening workforce planning, resource allocation, benefits management, record keeping, and reporting. As import volumes rise and the biosecurity risk environment continues to evolve, the department recognises the critical role that these business functions play in managing biosecurity risks. The department is committed to understanding the systemic issues that could limit our effective delivery of the biosecurity workforce. The ANAO findings, therefore, provide valuable insights that will support ongoing efforts to enhance effective and efficient management of the biosecurity workforce and regulatory capability uplift initiatives.

We will continue to improve processes that support the biosecurity workforce and broader management of biosecurity risks. Work is already underway across the department to address several elements of the recommendations and to leverage identified opportunities for improvement. The department remains committed to driving positive change through the Transformation Action Plan, other departmental strategic initiatives, and enhanced Biosecurity, Operations and Compliance Group operating models.

Background

1. The Growing Regions Program was announced in May 2023 as an open, competitive grants program that provides grants to local government entities and eligible incorporated not-for-profit organisations for capital works projects that aim to deliver community and economic benefits across regional and rural Australia.¹ The Australian Government committed $600 million to the program over two rounds with $300 million available in each round.

2. Grants between $500,000 and $15 million were available to eligible applicants to deliver priority community and economic infrastructure projects. The objectives of Round 1 of the program are:

• constructing or upgrading community infrastructure that fills an identified gap or need for community infrastructure.
• contributing to achieving a wide range of community socio-economic outcomes; and
• is strategically aligned with regional priorities.

3. The Department of Infrastructure, Transport, Regional Development, Communications and the Arts (Infrastructure) is responsible for the Growing Regions Program. Infrastructure engaged the Department of Industry, Science and Resources, through the Business Grants Hub, to administer the program.

4. The program used a two-stage application process. Applicants were required to submit an Expression of Interest (EOI) application which would first be assessed by the Business Grants Hub to ensure projects met eligibility, project readiness and program suitability requirements before a multi-party parliamentary panel (the panel) assessed how closely all eligible projects aligned with regional priorities. The panel then recommended to Infrastructure which projects should be invited to submit a full application. EOI applications that were assessed as meeting requirements and approved to proceed were invited to submit a full application in stage two. Infrastructure made the final decision on which applicants would be invited to progress to stage two and submit a full application.

5. Round 1 of the Growing Regions Program opened on 5 July 2023 and received 650 EOI applications seeking a total of $2.7 billion in grant funding, of which 443 applications ($1.81 billion) were found suitable by the panel to progress to stage two.

6. Full applications opened on 27 November 2023 and closed on 15 January 2024. The Business Grants Hub assessed 311 projects for funding worth $1.5 billion. Of these projects, Infrastructure recommended 54 projects for funding up to the value of $300 million. On 16 May 2024 the Minister for Infrastructure, Transport, Regional Development and Local Government announced funding for 40 successful projects to the value of $207 million.²

7. This audit is the second of two reports on the effectiveness of the Growing Regions Program. The first audit, Auditor-General Report No. 31 2023–24 Design of the Growing Regions Program, was presented to the Parliament on 29 May 2024 and examined the effectiveness of Infrastructure’s design and planning for the Round 1 of the Growing Regions Program.

Rationale for undertaking the audit

8. The Growing Regions Program was a new grants program and one of the largest programs administered by Infrastructure. The program also contained a new design feature — a two-stage assessment process with an EOI stage assessed by a multi-party parliamentary panel.

9. Previous ANAO performance audits have identified deficiencies in Infrastructure’s implementation of regional grants programs including program design, providing information to the delegate, and transparency of decision-making.³

10. This audit provides assurance to the Parliament on the implementation and award of funding for Round 1 of the Growing Regions Program and whether Infrastructure implemented lessons learned from previous grants programs.

Audit objective and criteria

11. The objective of the audit was to assess the effectiveness of the implementation and award of funding for Round 1 of the Growing Regions Program.

12. To form a conclusion against the objective, the following high-level audit criteria were applied.

• Were applications assessed in accordance with the grant opportunity guidelines?
• Were funding recommendations and decisions made in accordance with the Commonwealth Grants Rules and Guidelines?

Conclusion

13. The implementation and award of funding for Round 1 of the Growing Regions Program was largely effective. Effectiveness was diminished by Infrastructure undertaking an additional assessment process which was not specified in the grant opportunity guidelines.

14. Assessment of applications for the Growing Regions Program was partly in accordance with the grant opportunity guidelines. The Business Grants Hub assessed EOI applications against the grant opportunity guidelines despite eligibility requirements for projects not being clearly defined in the guidelines. After the Business Grants Hub had completed its eligibility assessment, the minister through their office, advised Infrastructure of their preference for all 163 applicants found ineligible to be given the opportunity to correct any administrative errors or omissions with their applications. While the panel scored and ranked applications as required under the grant opportunity guidelines, panel members noted difficulty with the definition of what constituted ‘regional priorities’. Infrastructure did not consider in its development of the panel assessment process, the implications on a project’s average score by having a different number of panel members scoring applications.

15. Full applications were assessed partly in line with the grant opportunity guidelines. In its assessment of full applications, the Business Grants Hub correctly applied the three merit criteria from the grant opportunity guidelines. Infrastructure then completed a further geographical assessment of projects which was not set out in the grant opportunity guidelines. This resulted in Infrastructure removing three projects from the merit list and adding seven. By altering the results of the Business Grants Hub’s merit assessment, Infrastructure recommended projects to the minister which were not assessed as the most meritorious under the grant opportunity guidelines.

16. Infrastructure’s advice to the minister outlined the assessment process and risks relating to the approval of applications for the Growing Regions Program. The advice did not state how value for money was determined following Infrastructure’s additional analysis of the results of the Business Grants Hub’s merit assessment. Based on an initial, high-level assessment from the Australian Government Solicitor, Infrastructure advised that there was no lawful authority for the proposed expenditure under the program and proposed that to address that, funding could be awarded under a Federation Funding Agreement rather than as grants. Funding decisions were appropriately documented by the minister and the minister did not approve any projects that were not recommended by Infrastructure. The announcement of successful projects occurred two months after the original timeframes provided to applicants. As at 16 October 2024, the Growing Regions Program Federation Funding Agreement Schedule had been executed with the Western Australian, South Australian, Queensland, Tasmanian, New South Wales and Victorian governments.

Supporting findings

Assessment of applications

17. The Business Grants Hub assessed EOI applications against the grant opportunity guidelines despite eligibility requirements for projects not being clearly defined in the guidelines. After the Business Grants Hub had completed its eligibility assessment, the minister, through their office, advised Infrastructure of their preference for all 163 ineligible applicants to be given an opportunity to correct any administrative errors or omissions. The Business Grants Hub then completed another eligibility assessment on the 58 applications that had been resubmitted. Conflict of interest declarations were completed by all assessors undertaking the EOI assessment. Panel members received training from the Business Grants Hub and attended probity briefings delivered by an external probity advisor engaged by Infrastructure. (See paragraphs 2.3 to 2.33)

18. The panel scored and ranked applications as required under the grant opportunity guidelines, noting difficulty with the definition of what constituted ‘regional priorities’. Recommendations were made based on average scores and followed the requirements set out in the guidelines. Decisions were documented and probity requirements were followed. All panel members were originally required to score each application except where projects were in their electorate or jurisdiction. To assist in managing the panel’s workload, part-way through the assessment process there was a change in the scoring approach from having panel members score all applications, to a minimum of three scorers per application. Infrastructure did not consider in its design of the assessment process how different numbers of panel members scoring each application would impact on a project’s average score. (See paragraphs 2.34 to 2.66)

19. The Business Grants Hub assessed full applications against the three merit criteria as outlined in the grant opportunity guidelines and awarded each project a final score. The design of the eligibility requirements in the grant opportunity guidelines resulted in projects that potentially did not meet the program’s policy intent progressing through the assessment process. The minister did not fund 14 recommended projects which they identified as not suitable for funding as they would be better suited for funding under a different program. (See paragraphs 2.67 to 2.83)

20. Applications were ranked by the Business Grants Hub based on its assessment against the three criteria set out in the grant opportunity guidelines. The Business Grants Hub reported all highly suitable and suitable projects for funding. Following the Business Grants Hub’s merit assessment, Infrastructure completed further analysis and assessment of projects for geographical spread and socio-economic outcomes. This further assessment was not approved when the program was designed or set out in the grant opportunity guidelines. This resulted in Infrastructure removing three projects from the Business Grants Hub’s full assessment merit list and adding a further seven. (See paragraphs 2.84 to 2.101)

Award of funding

21. An initial high-level assessment by the Australian Government Solicitor obtained by Infrastructure prior to briefing the minister stated that lawful authority for proposed expenditure for the program was not in place. Infrastructure proposed an approach that sought to mitigate this risk. Infrastructure recommended that the minister approve 54 applications up to the limit of the available funding. The recommendation did not state how value for money was determined following an additional analysis of project applications and adjustment of results by Infrastructure. Funding recommendations for Round 1 of the Growing Regions Program did not meet the original timeframes as planned by Infrastructure primarily due to the need to seek legal advice on the lawful authority matter. (See paragraphs 3.1 to 3.22)

22. Reasons for all funding decisions were appropriately documented and informed by written recommendations from Infrastructure. The minister did not award funding to any projects that were not recommended by Infrastructure. All 40 applicants that the minister approved for funding were found to be highly suitable or suitable through the merit assessment process. The minister did not award funding to 14 projects that were recommended by Infrastructure. (See paragraphs 3.23 to 3.33)

Recommendations

Summary of entity response

23. The proposed report was provided to the Department of Infrastructure, Transport, Regional Development, Communications and the Arts, and the Department of Industry, Science and Resources. Extracts of the proposed report were provided to the Attorney-General’s Department. The summary responses are provided below and the full responses are at Appendix 1.

Department of Infrastructure, Transport, Regional Development, Communications and the Arts

The department welcomes the overall conclusion that the implementation and award of funding for Round 1 of the Growing Regions Program was largely effective. The department notes there have been some additional challenges in implementing the Growing Regions Program, including as a result of external factors.

While the department has asked the ANAO to consider the factual basis and emphasis given to some of the findings and commentary in the report, the department acknowledges that aspects of the program could have been improved.

The department agrees to both recommendations in the report and notes they are being implemented in the administration of Round 2 of the program.

Department of Industry, Science and Resources

The Department of Industry, Science and Resources acknowledges the Australian National Audit Office’s report on the implementation and award of funding for the Growing Regions Program.

The department notes this audit is the second of two reports on the effectiveness of the Growing Regions Program.

As a provider for Australian Government grants through the Business Grants Hub we will consider the key messages from the audit that are applicable for all Australian Government entities in the co-design and administration of future granting programs.

Attorney-General’s Department

The Attorney-General’s Department (“the department”) notes the extracts of Chapter 1 and Chapter 3 of the proposed ANAO report on the Implementation and award of funding for the Growing Regions Program.

The department has no comments on the audit findings in the extract it has viewed. Responsibility for administering the Growing Regions Program rests with the Department of Infrastructure, Transport, Regional Development, Communications and the Arts.

Background

1. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:

Conflicts of interest are also a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar of integrity architectures.¹

2. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out general duties of accountable authorities and officials of Australian Government entities.² The general duties related to conflicts of interest for an official include:

• not improperly using their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth or others³; and
• disclosing the details of any material personal interests that relate to the affairs of the entity.⁴

3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further detail on requirements for managing conflicts of interest.⁵ Under the PGPA Act, accountable authorities have a duty to establish and maintain appropriate systems of risk oversight and management and internal control.⁶ In addition, the PGPA Rule establishes a requirement for the accountable authority to take all reasonable measures to prevent, detect and deal with fraud and corruption relating to the entity.⁷

4. Boards of corporate Commonwealth entities (CCEs) are the accountable authority unless otherwise prescribed by an Act or the rules. Membership of boards can consist of both executive directors and non-executive directors. CCE boards are responsible for the operations of their entities.

5. The Department of Finance states:

Corporate Commonwealth entities generally have enabling legislation that establishes the scope of their activities and a multi-member accountable authority (such as a board of directors).

6. Specialist skills and expertise may be required to provide a suitable composition for a CCE board. The board members that are appointed to CCE boards in respect of their specialist skills or expertise can have inherent interests that exist as a consequence of their specialist experience. For example, they may be involved in industry associations or have duties to other organisations. These interests can conflict with their duties as a board member of a CCE.

7. The operations of boards for four CCEs were selected for examination as a part of this audit:

• the Australian Sports Commission (ASC);
• Food Standards Australia New Zealand (FSANZ);
• Infrastructure Australia (IA); and
• the National Portrait Gallery of Australia (NPGA).

Rationale for undertaking the audit

8. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties.⁸ Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosures and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.

9. Section 29 of the PGPA Act provides a duty to disclose material interests. CCE board members may have material personal interests that relate to their role as a member of an accountable authority. Board requirements for specific qualifications, skills and experience pose the risk that domain knowledge and industry familiarity may lead to conflicts of interest.

10. This audit was conducted to provide assurance to the Parliament that the boards of the four CCEs are effectively managing conflicts of interest.

Audit objective and criteria

11. The objective of the audit was to assess the effectiveness of the operations of the boards of four CCEs in managing conflicts of interest.

12. To form a conclusion against the objective, the ANAO examined:

• Have the boards developed appropriate arrangements to manage board conflicts of interest?
• Have the boards effectively managed board conflicts of interest consistent with their own policies?

13. The audit examined the operations of the boards of four CCEs in managing conflicts of interest over the period 1 July 2021 to 31 December 2023. The appointment process for board members was not examined as part of this audit.

Conclusion

14. The operations of the boards in managing conflicts of interest were largely effective. Arrangements for managing conflicts of interest were implemented by the boards in accordance with legislative requirements and documented by some of the boards in policies and procedural guidance. The effectiveness in implementing these arrangements were inconsistent across the boards which resulted in deficiencies in declaring and managing conflicts of interest by the boards. This reduced the overall effectiveness of the boards in their management of conflict of interest risks.

15. The boards have developed largely appropriate arrangements for managing conflicts of interest. All boards have implemented arrangements to support the declaration of interests by board members, including following their appointment and during the term of their appointment. The arrangements implemented by the boards were aligned to requirements in the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). The board of the NPGA did not have a conflict of interest policy that included managing conflicts of interest related to its board. The boards of the ASC and FSANZ had not developed conflict of interest management plans for board members holding other roles within the Australian Government. The boards have largely relied on board induction processes to provide training and education in relation to managing conflicts of interest. The boards had implemented varying arrangements to obtain assurance over the management of conflicts of interest relating to board members.

16. The boards were partly effective in implementing arrangements for managing board conflicts of interest consistent with their own policies. There were shortcomings in the operating effectiveness of processes for declaring and managing conflicts of interest across all boards. This included instances where: declarations of interest were not obtained from newly appointed board members in a timely manner; declarations of interests were not implemented as a standing agenda item at board meetings; and boards’ assessments of declarations of interest were not sufficiently documented to record whether the board had determined declarations to be material personal interests.

Supporting findings

Arrangements to manage conflicts of interest

17. The boards had identified and assessed fraud and corruption risks within their risk management frameworks. The board of IA had identified conflict of interest controls for its then board within its operational and fraud risk registers. (See paragraphs 2.3 to 2.14)

18. All boards had arrangements for board members to declare interests following appointment and at board meetings. The arrangements implemented by the boards were aligned to requirements in the PGPA Act and PGPA Rule. The ASC, FSANZ and IA boards had policies and procedural guidance to manage board conflicts of interest. The NPGA board did not have a conflict of interest policy that provided coverage of the board, with the exception of a policy for declaring, managing and overseeing board conflicts of interest related to the acquisition of works. The boards for ASC and FSANZ had not developed management plans for potential conflicts of interest relating to ex-officio board members that held other roles within the Australian Government. (See paragraphs 2.15 to 2.60)

19. The boards largely relied on board induction processes and related resources from the Department of Finance for promoting compliance with conflict of interest requirements. The boards for the ASC and FSANZ had developed guidance specific to managing board conflicts of interest. The FSANZ board provided board members with access to its learning management system, which included training related to conflicts of interest. The IA board had delivered training for board members that included a module on conflicts of interest. None of the boards had documented training plans for board members or arrangements for monitoring training undertaken by board members. The Department of Finance’s resources on managing conflicts of interest are not specific to boards of corporate Commonwealth entities. (See paragraphs 2.61 to 2.84)

20. None of the boards had implemented an assurance strategy or framework that was specific to, or provided coverage of, board conflicts of interest. All boards had developed some form of arrangement to obtain assurance over board conflicts of interest.

• The ASC board obtained attestations from its board members on compliance with section 29 of the PGPA Act and provided reporting to its audit committee.
• The FSANZ board maintains a centralised register of interests declared by board members that is published on its website.
• The IA board undertook an internal audit in 2018–19 that covered board conflicts of interest and conducted Australian Securities and Investments Commission register searches of board members’ interests in 2021 to confirm declarations.
• The NPGA board had undertaken a specific review of board declarations to update its register of interests for board members. (See paragraphs 2.85 to 2.105)

Effectiveness of conflict of interest arrangements

21. There were instances across all boards where processes for declaring interests were not operating effectively.

• The ASC, FSANZ and NPGA boards had instances where they held board meetings where declarations of interests were not included in agendas or obtained during board meetings.
• The ASC and NPGA boards had instances where they did not obtain declarations of interests from newly appointed board members in a timely manner.
• All boards did not sufficiently document their assessment of declared interests and whether they were considered to be material personal interests. (See paragraphs 3.3 to 3.24)

22. All boards had implemented induction processes for their board members that covered conflict of interest. The ASC’s board induction processes were updated to provide coverage of conflicts of interest for board members commencing from March 2022, but not all current members had received the guidance. The FSANZ, IA and NPGA boards had implemented additional training and education arrangements on conflict of interest obligations for board members. (See paragraphs 3.25 to 3.35)

Recommendations

Summary of entity responses

23. Extracts of the proposed report were provided to the ASC, the Department of Finance, FSANZ, IA and the NPGA. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the course of the audit are listed in Appendix 2.

Australian Sports Commission

Thank you for providing the Australian Sports Commission (ASC) with the opportunity to comment on the Australian National Audit Office (ANAO) proposed audit report on Management of Conflicts of Interest by Corporate Commonwealth Entity Boards.

The ASC acknowledges and accepts the key findings, recommendations and the opportunities for improvement presented in the Section 19 Report.

Department of Finance

The Department of Finance agrees the recommendation and findings provided in the report extract.

Food Standards Australia New Zealand

FSANZ acknowledges the importance of this audit to provide assurance to Parliament that the operations of Boards effectively manage conflicts of interest. In this context it is noted FSANZ is one of four entities (out of 74 CCE’s) assessed over the period July 2021 to December 2023.

The Board notes the audit’s findings that our arrangements for managing conflicts of interest align with the relevant legislation and are largely effective. As the independent agency responsible for the development of draft food standards for Australia and New Zealand, trust and confidence of decision-makers and stakeholders is important. The FSANZ Board takes a very conservative approach to managing conflicts of interest and, for transparency, we maintain and manage a register of all interests of Board members, regardless of whether they are classified as a material personal interest or not.

Infrastructure Australia

As the Australian Government’s independent adviser on nationally significant infrastructure investment planning and project prioritisation Infrastructure Australia values accountability, acting with integrity and upholding the highest ethical standards.

We appreciate the work of the ANAO which found that the boards of the four CCEs were largely effective in their management of conflicts of interest.

Infrastructure Australia accepts the recommendation that we strengthen our recording of the assessment and consequences of declared conflicts of interest. We have also commenced work to reflect the ANAO feedback on opportunities for improvement in administrative and management practices to strengthen our governance framework in relation to conflicts of interest.

National Portrait Gallery of Australia

The National Portrait Gallery (NPGA) welcomes the Australian National Audit Office’s (ANAO) report and accepts the recommendations made for the agency.

The report finds that the NPGA has developed largely effective arrangements for managing conflicts of interest for its the Board in accordance with legislative requirements.

The report identifies areas for improvement and makes two recommendations where the NPGA can take steps to strengthen its processes and assurance activities through update of its existing Conflict of Interest policy and processes. The NPGA agrees with, and is already taking steps to implement, these recommendations.

The NPGA also recognises the other areas of improvement identified in the Report, notably the expansion of assurance activities and the implementation of a Board training workplan. This will ensure that the NPGA is operating in alignment with government best practice in conflicts of interest management.

The NPGA thanks the ANAO audit team for their professionalism during the audit process.