10 November 2017

Ms Elizabeth Alexander AM and Mr David Thodey AO
c/o PGPA Act Review Secretariat
Department of Finance
One Canberra Avenue
FORREST ACT 2603

Dear Ms Alexander and Mr Thodey

Review of the Public Governance, Performance and Accountability Act 2013

Thank you for your invitation of 9 October 2017 to provide a submission to the statutory review of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). I also wish to thank you for the opportunity to discuss the review on 27 October 2017.

The Australian National Audit Office (ANAO) undertakes a wide-ranging audit program which touches on almost all aspects of the resource management, governance and performance framework established under the PGPA Act and Rule, including entities’ compliance with the framework and the Department of Finance’s administration at a whole-of-government level.

As discussed, there are no obvious gaps in the regulatory framework and it has usefully brought a number of key matters into the foreground. These include risk management, corporate planning and performance reporting. These elements of the framework have the potential to facilitate improved risk and performance management and improved accountability to the Parliament and community. They are the main focus of this submission, which also includes some observations on audit committees, coverage of the procurement framework and the interaction of the PGPA Act with the Auditor-General Act 1997.

Corporate planning and performance reporting

The expected benefits of the regulatory framework established by the PGPA Act and Rule included improved performance of the public sector and improved quality of information to Parliament to support its constitutional role in relation to Commonwealth expenditure.

The PGPA Act and Rule mandate a more robust process and expectations around corporate planning and performance reporting, to set a stronger frame for entity management and accountability.

The performance framework requires accountable authorities to publish on their entity’s website a corporate plan for the entity at least once each reporting period and to give that corporate plan to the responsible Minister and the Finance Minister.

Corporate plans are intended to be the primary planning documents of Commonwealth entities—addressing the purposes of the entity, the operating environment, the means to assess entity performance, entity capability and systems of risk oversight and management. They represent the beginning of the performance cycle for an entity and publication of a performance statement in the entity’s annual report represents the end of the performance cycle. The first corporate plans were required to be published by 31 August 2015 and the first performance statements that report on the performance of entities in 2015–16, were required to be included in entities’ 2015–16 annual reports.

It is worth noting that while corporate plans and performance statements are effectively the bookends for accountability to Parliament, only the performance report is required to be tabled in Parliament. The tabling of corporate plans would enhance parliamentary oversight and the accountability process, particularly if the requirement for their completion was brought forward to before the commencement of the reporting period.

In Report 453: Development of the Commonwealth Performance Framework (December 2015), the Parliament’s Joint Committee of Public Accounts and Audit expressed concern about how long it might take to update entity corporate plans after each point in the budget cycle—in particular whether, following the tabling of a budget, updated corporate plans would be available for scrutiny at Senate Estimates (paragraph 3.88). The Committee recommended that the Department of Finance should consider a new minimum requirement or explicit direction to entities to ensure that corporate plans be updated as soon as practicable after relevant appropriations have been approved by the Parliament (paragraph 4.44).

The Parliament and the Finance Minister have sent clear signals by embedding expectations in the regulatory framework and there are no structural impediments to realisation of the expected benefits. The primary challenge, as observed in recent ANAO audits, relates to implementation at the entity level. In this context the key issue is what in the new approach has changed the incentives for accountable authorities to ensure that the implementation of the new framework results in the expected improvements.

ANAO audit coverage has included corporate plans, performance statements and risk management regimes. As part of this audit program, the ANAO has reviewed:

• entities’ implementation of legal and policy requirements;
• the maturity of internal processes used for planning and risk management;
• the role played by senior leaders and audit committees;
• the appropriateness of entities’ corporate plans and performance statements; and
• the Department of Finance’s role in leading this sector-wide reform.

Corporate planning

Two ANAO performance audits of corporate planning, involving 14 entities, have been published to date. They are ANAO Report No.6 2016–17 Corporate Planning in the Australian Public Sector and ANAO Report No.54 2016–17 Corporate Planning in the Australian Public Sector 2016-17. A third performance audit is currently in progress.

The two completed audits have highlighted that the audited entities were at different levels of maturity in their implementation of requirements and that further work was needed to fully embed requirements and position the corporate plan as the entity’s primary planning document. The ANAO also found differences in the maturity of entity systems and processes used for developing corporate plans and monitoring their implementation.

While the findings reported by the ANAO might be expected in view of the relatively early stage of implementation of the new corporate plan requirement, some form of corporate planning could be expected to already have been in place for most entities for a significant time. It is therefore disappointing that some entities are not moving more quickly to learn from the lessons of the first two cycles of the new corporate planning requirements. More active attention from senior management is required to further embed the requirements in the third cycle of corporate planning and realise the expected benefits.

Senior management engagement is necessary for successful implementation and for managing the risk that entities will focus primarily on compliance rather than improved performance management. The challenge is to create a stronger incentive structure for ongoing improvement, which is reinforced by Parliamentary scrutiny assisted by external audit. The corporate planning framework currently contains no particular incentives for improved performance or consequences for non-compliance and poor implementation.

Performance reporting

Since the mid-1980s public sector management frameworks have emphasised the importance of measuring program performance. While the frameworks have changed over the years, the fundamental goals have remained largely consistent—to be able to measure and assess the impact of government programs.

Over time the observations and recommendations of the ANAO have consistently highlighted where entities’ performance information could be improved. This is one indicator that greater incentive is required for entities to advance their performance measurement and reporting.

In its guidance, the Department of Finance has usefully encouraged entities to tell a ‘rich story’ in their performance reporting. Finance has also established some standards relating to the timing and content of reporting. For example, performance criteria should be relevant, reliable and complete.

However, a robust framework and good guidance (including better practice examples) may not be sufficient for successful implementation. Strong incentives for accountable authorities are also likely to be important. Transparency and external assurance are likely to be the strongest incentives.

Transparency will provide an incentive when all relevant data sets relating to performance assessment are publicly available so that interested parties are able to test the assertions being made by accountable authorities in their performance statements. This process would be enhanced where there is assurance over the reliability of the data and the completeness of the disclosure.

With respect to external assurance, while the Auditor-General may conduct a performance audit at any time, section 40 of the PGPA Act constrains the Auditor-General’s independence in conducting an audit of the annual performance statements of Commonwealth entities unless requested by either the Minister for Finance or the responsible minister. This means that the Parliament does not receive the assurance on performance statements included in annual reports as it does over financial statements, where an independent audit report is mandatory.

The growing maturity of Commonwealth entities’ annual financial statements can in part be attributed to the regular external audit scrutiny applied by the ANAO. Engagement with entities throughout a financial year provides the opportunity to resolve matters affecting the reliability of financial statements in real time. This approach, accompanied by the ANAO’s bi-annual reporting of significant and moderate audit issues to the Parliament, has played a role in entities moving towards the more mature financial reporting processes observed today. The introduction of annual audits of performance statements could be expected to lead to similar improvements to the maturity of entities’ performance measurement and reporting.

Past experience demonstrates that leaving external review of performance indicators to periodic performance audits only is unlikely to drive the desired level of improvement. This in turn may result in the current reform agenda for performance reporting going a similar way as previous ones, with modest improvement and ongoing frustration of the Parliament with the quality of performance reporting by entities.

In order to be prepared for the possibility of being requested to undertake an audit of performance statements, the ANAO has developed a methodology and is undertaking a number of performance audits to both test the methodology and provide some insights on the introduction of performance statements. These audits review the relevance, reliability and completeness of performance criteria used by entities, as well as compliance with process requirements.

The first such performance audit is ANAO Report No.58 2016–17 Implementation of the Annual Performance Statements Requirements 2015–16. The audit assessed the appropriateness of the entities’ performance criteria, and the completeness and accuracy of the results reported against those criteria. This included an assessment of the underlying systems and processes supporting the entities’ performance reporting. The ANAO selected two entities that were considered to demonstrate better practice. The audit concluded that:

• The appropriateness of both entities’ performance criteria could be improved to provide a basis for a consistent and balanced assessment of the entities’ progress in achieving their purposes. Opportunities for improvement noted during the audit included: articulating who will benefit from the entities’ activities and how they will benefit from those activities; disclosing the method or basis for measurement; and clarifying or increasing the alignment of performance measures to the purpose.
• Both entities had systems and processes in place to enable them to collect, measure, assess, assure and report their performance information. However, the ANAO observed that the entities would benefit from earlier planning, including consideration of data availability, and implementing a continuous reporting process.

The ANAO has commenced a follow-on audit of the implementation of the performance statements requirements by selected entities for 2016–17.

Timeliness of reporting

To be an effective accountability tool, reporting not only needs to be accurate but also needs to be timely. The effect of section 46 of the PGPA Act is that accountable authorities must prepare and present annual reports for their entity to the responsible Minister by 15 October. While there are rules on the preparer of the annual report and performance statement, there is no requirement for the responsible Minister to present the annual report to Parliament in time for Supplementary Budget Estimates in October. The framework could usefully address this issue by amending the PGPA Act to specify a date by which annual reports must be tabled to provide sufficient time for Parliamentarians to review performance information before Supplementary Budget Estimates.

Audit committees

Audit committees have a number of mandated roles under the framework, relating to the review of:

• performance reporting;
• financial reporting;
• the system of risk oversight and management; and
• the system of internal control.

There is also a requirement that the majority of members be independent.

The introduction of these requirements suggests that audit committees are expected to contribute something to entity governance that is over and above that of management-led governance arrangements, such as internal finance and IT committees. The key value-add would appear to be independence of mind, as a basis for providing robust support, advice and assurance to the accountable authority. If that is the case, there is merit in all audit committee members being independent.

There is also merit in considering the types of skills required by audit committee members, as audit committees are now expected to do more than review entity financial statements and key risks. For example, the review of performance statements, which is now a requirement under the regulatory framework, benefits from an understanding of the operational responsibilities of the entity.

In passing, it is also worth mentioning that there has been a long-standing practice that the ANAO will attend audit committee meetings as an observer, and will have an opportunity to engage with committee members in confidence. Given that cases exist where the ANAO is excluded from audit committee meetings, there would be value in documenting this practice more formally in the framework.

Coverage of Commonwealth procurement framework

Achieving value for money is the core rule of the Commonwealth Procurement Rules, which are the keystone of the Australian Government’s procurement policy framework.

While the Commonwealth Procurement Rules apply to the 95 non-corporate Commonwealth entities, they only apply to 20 out of 70 corporate Commonwealth entities (as listed in section 30 of the PGPA Rule). They do not apply to the 17 Commonwealth companies or to Government Business Enterprises.

There does not appear to be a consistent rationale for the application of the Commonwealth Procurement Rules to entities. Coverage appears to be historical and there may be an element of ‘grandfathering’ following the move from the Financial Management and Accountability Act 1997 and Commonwealth Authorities and Companies Act 1997 to the PGPA Act. There would be benefit in having a more transparent and documented basis for granting exemptions from the procurement framework.

Recent ANAO audits of Commonwealth entities have identified shortcomings in procurement practices and there is good reason to ask whether extending the procurement framework to all entities would help lift capability across the public sector. Procurement is core business for Commonwealth entities and deficiencies can result in higher than necessary expense for taxpayers and business, as well as significant reputational risks for the Australian Government and responsible entities.

In Report 465: Commonwealth Procurement (September 2017), the Parliament’s Joint Committee of Public Accounts and Audit expressed a belief that corporate Commonwealth entities not subject to the Commonwealth Procurement Rules should more closely model their procurement arrangements on the Rules as a matter of best practice (paragraph 2.12). The Committee also recommended that the Department of Finance, working with the ANAO, consolidate procurement guidance as it relates to corporate Commonwealth entities (for example, the relevant Accountable Authority Instructions) to ensure such entities more strictly apply the Rules in developing and implementing their procurement policies and procedures.

Interaction of the PGPA Act and Auditor-General Act—independence issues

A risk to be borne in mind in the review is the impact that any proposed changes may have on the independence of the Auditor-General in carrying out functions under the Auditor-General Act 1997 (Cth). There are examples in the PGPA Act whereby independence can be compromised, such as the constraint on auditing annual performance statement audits described earlier. A number of other examples are discussed below. In considering the implementation of the PGPA Act and opportunities to improve its implementation, the role of the Auditor-General as an independent officer of the Parliament should be kept in mind.

Application of Government policy

As an accountable authority for the purposes of the PGPA Act, the Auditor-General must comply with the duties set out in that Act. On the whole, these duties do not give rise to issues with respect to the Auditor-General’s independence. Notwithstanding this, the obligation in section 21 of the PGPA Act (to govern an entity in a way that is not inconsistent with government policies) has the potential to challenge the Auditor-General’s ability to independently carry out the audit and assurance functions under the Auditor-General Act. For example, the Efficiency through Contestability Programme administered by the Department of Finance has the potential to raise such issues, in the context of implementing cross-sector shared services. Specifically, the Auditor-General’s ability to independently audit service delivery can be affected should the ANAO’s services be delivered through these mechanisms.

The Auditor-General adopts two postures in determining the implementation of government policy—one as Auditor-General for Australia in the delivery of audit and assurance functions under the Auditor-General Act, and another as the ANAO’s accountable authority operating under the PGPA Act. Where the two postures result in conflict, it is likely that the functions of the Auditor-General Act will prevail, and will drive engagement with relevant entities to resolve conflict.

Deletion of information by accountable authorities

Section 105D of the PGPA Act provides authority for the Finance Minister to determine, by written instrument, modifications to the application of the PGPA Act in respect of entities (or entities’ activities) which are determined by responsible Ministers to be intelligence or security agencies or listed law enforcement agencies. In practice, in making these determinations, the Finance Minister has required action by affected accountable authorities which interferes with the Auditor-General’s functions in presenting reports to Parliament—for example the deletion of material from Auditor-General’s reports on annual performance statements.

The Parliament has dealt with the inclusion of sensitive information in public reports of the Auditor-General through section 37 of the Auditor-General Act. That section precludes such information being included in public reports if the Auditor-General is of the opinion that the disclosure of the information would be contrary to the public interest for any of the reasons set out in the section. The section also provides for the Attorney-General to issue a certificate to the Auditor-General stating that in the Attorney-General’s opinion disclosure of the information would be contrary to the public interest for any of the reasons set out in the section. Such a certificate requires the Auditor-General to not disclose the information and if one is issued, the Auditor-General must report that information has been omitted from a report and the reasons why the Attorney-General has issued a certificate.

The application of section 37 is not delegated to any other officer in the ANAO and its terms are seriously considered in the course of exercising Auditor-General functions. The exclusion of sensitive material from reports in instances where the Auditor-General is of the opinion that including such material is not in the public interest is not subject to further scrutiny by the Parliament (subsection 37 (3)) nor through other processes (the ANAO is exempt from Freedom of Information requirements).

In the context of reporting by the Auditor-General on annual performance statements of an entity, the processes established under section 105D of the PGPA Act in effect put determinations relating to sensitive material in the hands of the Executive. The determinations are not legislative instruments and therefore attract no Parliamentary scrutiny.

Annual report of the Auditor-General

The PGPA Act (section 46) requires that annual reports of entities must be presented to the Parliament by the entity’s responsible Minister. Prior to its enactment, the Auditor-General’s annual reports were tabled under the Auditor-General Act. The Auditor-General’s annual report may well include commentary about the operations of Government, the decisions of responsible Ministers and the administration of portfolio entities overseen by Ministers. The current process is untenable for the Auditor-General and presents a risk for the integrity of reporting and independence. Authority has therefore been given to restore the Auditor-General’s ability to present an annual report directly to the Parliament, as is the case with all other Auditor-General reports. An amendment has been introduced to the Parliament but has not yet passed.

The ANAO’s contact officer for these matters is Dr Tom Ioannou (Group Executive Director) should the review require any further information.

Yours sincerely

Grant Hehir
Auditor-General