Introduction

1.1 The Public Service Act 1999 (Public Service Act) requires Australian Public Service (APS) employees, agency heads and statutory office holders to uphold the APS Values and Code of Conduct. The APS Code of Conduct, consistent with duties under the Performance and Accountability Act 2013 (PGPA Act), requires officials not to improperly use their duties, status, power or authority to gain, or seek to gain, a benefit for themselves or any other person, or to cause, or seek to cause, detriment to the entity, the Commonwealth, or any other person. Collectively, these requirements establish obligations for officials and Commonwealth entities in relation to how they manage the provision and receipt of gifts, benefits and hospitality.

1.2 The National Anti-Corruption Commission Act 2022 contains provisions against conduct that adversely affects (or could adversely affect) the honest or impartial exercise or performance of a public official’s powers, functions or duties.

1.3 The Australian Public Service Commission (APSC) publishes Guidance for Agency Heads – Gifts and Benefits.¹⁰ The principles underpinning this guidance are that:

• agency heads are meeting public expectations of integrity, accountability, independence, transparency, and professionalism in relation to gifts and benefits; and
• there is consistency in relation to agency heads’ management of gifts and benefits across the APS agencies and Commonwealth entities and companies.¹¹

1.4 Agency heads must publish a register of any gifts and benefits that they accept, valued at over $100 (excluding GST), on a quarterly basis. A link to the register must also be provided to the APSC for publication on the APSC’s website.

1.5 In the course of their official duties, APS employees may interact with many individuals and organisations, and may receive offers of gifts, benefits and hospitality as part of these interactions. The acceptance of such offers can pose risks to public confidence in entities and the APS more broadly, particularly in meeting the APS Values and the public’s expectations of integrity, accountability, independence, transparency and professionalism.¹²

Murray–Darling Basin Authority functions

1.6 The Murray–Darling Basin is a major water catchment area that includes parts of Queensland, New South Wales, Victoria, South Australia and the Australian Capital Territory (known as Basin states). The 2013 intergovernmental Murray–Darling Basin Agreement outlines arrangements between the Australian Government and Basin states to implement the Basin Plan 2012 (the Basin Plan).¹³

1.7 The Murray–Darling Basin Authority (MDBA) is responsible for coordinating how water resources are managed in the Murray–Darling Basin.¹⁴ Activities undertaken by the MDBA include:

• working with Basin states to ensure 33 water resources plans meet the requirements of the Basin Plan and address the local requirements of water resource management;
• publishing an Annual Water Take Report documenting the MDBA’s examination of use across Murray–Darling Basin catchments including information on water use, held environmental water and Cap compliance;
• reporting on the effectiveness of the Basin Plan by publishing an annual report;
• delivering and participating in conferences, meetings and other stakeholder engagement activities, including an annual conference;
• operating the River Murray system up to the border of South Australia, which includes calculating and releasing the volumes of water needed to meet state orders or system demands; and
• delivering programs to maintain and improve the environmental health, salinity and water quality of the River Murray.

Murray–Darling Basin Authority structure and resourcing

1.8 The MDBA is a corporate Commonwealth entity established under the Water Act 2007 (the Water Act) and comprises:

• an eight-member Authority (the Authority) with functions and responsibilities defined under the Water Act and conditions set by the Remuneration Tribunal¹⁵; and
• a statutory agency of staff engaged under the Public Service Act, with an average staffing level of 367 for 2024–25.¹⁶

1.9 The MDBA’s Chief Executive is the agency head and accountable authority for the purposes of the Public Service Act and the PGPA Act.¹⁷ The Chief Executive is one of the eight members of the Authority and cannot be directed by the Authority in relation to the exercise of powers under the PGPA Act or the Public Service Act.¹⁸

1.10 The MDBA has offices in seven locations: Adelaide, South Australia; Canberra, Australian Capital Territory; Goondiwindi, Queensland; Griffith, New South Wales; Mildura, Victoria; Murray Bridge, South Australia; and Wodonga, Victoria. As at 30 June 2024, 232 of 415 of the MDBA’s staff were based in the Canberra office.

1.11 An overview of MDBA’s total resourcing and the value of MDBA’s new and amended contracts from 2019–20 to 2023–24 is presented in Table 1.1.

Table 1.1: Murray–Darling Basin Authority total net resourcing and contract value

Note a: Value of new and amended contracts published to Austender.

Source: Financial statements contained in MDBA annual reports and ANAO analysis of Austender data.

Previous reports related to gifts, benefits and hospitality

1.12 Auditor-General Report No. 47 2017–18 Interim Report on Key Financial Controls of Major Entities reviewed the gifts and benefits policies of 26 major Australian Government entities, including all departments of state.¹⁹ This report identified:

• the merit of developing a whole of government gifts and benefits policy setting the minimum requirements for entities to include within their policies;
• regular review and monitoring of entities’ gifts and benefits policies increases accountability;
• centrally maintained gifts, benefits and hospitality registers assist entities in meeting accountability and transparency obligations; and
• transparency is enhanced through the publication of entities’ gifts and benefits registers on the internet.

1.13 The Australian Public Service Commissioner issued guidance on 18 October 2019 for reporting of gifts and benefits. The ANAO reviewed the status of the implementation of the guidance as part of Auditor-General Report No. 38 2019–20 Interim Report on Key Financial Controls of Major Entities. The report found that all 24 entities covered by the report had established a register of gifts and benefits, and that, except for one entity, all had recorded gifts and benefits received by the agency head which exceed $100. Publication of received gifts and benefits was undertaken by approximately 79 per cent of entities.²⁰

1.14 The ANAO tabled two audit reports related to gifts, benefits and hospitality in 2023–24.²¹

Rationale for undertaking the audit

1.15 Section 27 of the PGPA Act states that an official must not improperly use their position to gain, or seek to gain, a benefit for themselves or another person, or to cause, or seek to cause, detriment to the entity, the Commonwealth, or any other person. Public service entities must meet public expectations of integrity, accountability, independence, transparency, and professionalism. Acceptance of a gift or benefit that relates to an official’s employment can create a real or apparent conflict of interest that should be avoided.²²

1.16 Public confidence in Commonwealth entities and the APS can be damaged when gifts and benefits that create a conflict of interest are accepted or not properly declared. The APSC states in its publication, APS Values and Code of Conduct in practice, that the risk of the appearance of a conflict can be damaging to public confidence:

The appearance of a conflict can be just as damaging to public confidence in public administration as a conflict which gives rise to a concern based on objective facts.²³

1.17 This audit was conducted to provide assurance to the Parliament that the MDBA has complied with gifts, benefits and hospitality requirements.

Audit approach

Audit objective, criteria and scope

1.18 The objective of the audit was to assess whether the MDBA had complied with gifts, benefits and hospitality requirements.

1.19 To form a conclusion against the objective, the ANAO adopted the following two high-level audit criteria.

• Did the MDBA have effective arrangements in place to manage gifts, benefits and hospitality?
• Were the MDBA’s controls and processes for gifts, benefits and hospitality operating effectively in accordance with its policies and procedures?

1.20 The audit examined the management of gifts, benefits and hospitality within the MDBA from 1 July 2021 to 31 March 2024.

Audit methodology

1.21 To address the audit objective, the audit methodology included:

• examining the MDBA’s documentation including its policies, procedures, risk assessments, registers, assurance and reporting activities relating to the management of gifts, benefits and hospitality;
• meetings with the MDBA’s staff regarding the control frameworks and assurance activities in place to manage risks relating to gifts, benefits and hospitality;
• testing the effectiveness of the MDBA’s control framework for gifts, benefits and hospitality and assessing officials’ compliance with the MDBA’s control framework using the MDBA’s system tools to review and analyse emails and other files²⁴; and
• contacting organisations with contractual relationships with the MDBA to obtain information on gifts, benefits and hospitality offered to MDBA officials.

1.22 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $403,000.

1.23 The team members for this audit were Jenny Broome, Graham Bowrey, Manish Singh, Joshua Francis and Daniel Whyte.

.

2.1 Section 16 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act)²⁵ requires accountable authorities of Commonwealth entities to establish and maintain appropriate systems of risk oversight, management and internal control for the entity.

2.2 Section 27 of the PGPA Act states that an official must not improperly use their position to gain, or seek to gain, a benefit for themselves or another person, or to cause, or seek to cause, detriment to the entity, the Commonwealth, or any other person. Public service entities must meet public expectations of integrity, accountability, independence, transparency, and professionalism. Acceptance of a gift or benefit that relates to an official’s employment can create a real or apparent conflict of interest that should be avoided.

2.3 Corporate Commonwealth entities, such as the MDBA, are encouraged to align their risk management frameworks and systems with the Commonwealth Risk Management Policy. The policy supports the implementation of section 16 of the PGPA Act, by encouraging entities to formalise their approach to managing risks, embed risk management into their culture and work practices, define staff’s risk management responsibilities, and review the effectiveness of controls.²⁶

2.4 Commonwealth officials must also uphold and promote the Australian Public Service (APS) Values and Employment Principles and abide by the Code of Conduct contained in the Public Service Act 1999 (Public Service Act).

2.5 The audit assessed the alignment of MDBA’s arrangements for managing gifts, benefits and hospitality with the PGPA Act and the Australian Public Service Commission’s (APSC’s) Guidance for Agency heads – Gifts and Benefits, as well as examining whether training and education was available to officials.

Have appropriate arrangements been established for managing risks associated with the acceptance or provision of gifts, benefits and hospitality?

Risk management framework

2.6 Between 1 July 2021 and 31 March 2024 the MDBA’s risk management framework comprised:

• an instruction in the MDBA’s Accountable Authority Instructions (April 2022) that all officials ‘must refer to and act in accordance with the MDBA’s risk management framework, policy and guidelines’;
• a Risk Management Framework and Policy (November 2021) that set out a risk management hierarchy, a risk management methodology, governance arrangements for risk, and a risk appetite and tolerance statement;
• a Fraud Control Plan and Policy (October 2022) that included governance arrangements for fraud control and policies, guidelines and templates for handling suspected fraud; and
• related guidelines, assessments and templates.

2.7 The MDBA updated its risk management framework in May and June 2024. The revised framework comprises: a risk management framework titled ‘Managing risk at the MDBA: 7 things you need to know…’ (May 2024); a 2024/25 Risk Appetite Statement (May 2024); and Risk Management Guidelines (June 2024).

Enterprise risk management

2.8 The MDBA defines enterprise risks as those that ‘have the potential to affect the entity as a whole in terms of outcomes or objectives.’

2.9 The MDBA’s January 2019 Enterprise Risk Management Plan identified eight enterprise risks. The plan included two integrity-related risks:

4. Unauthorised access to or disclosure of confidential or sensitive information

8. Material fraud or corruption incident involving MDBA staff member, contractor or grant recipient²⁷

2.10 The plan included a table outlining a high-level risk assessment for four of the eight enterprise risks. No controls were listed for the assessed risks and there were no references to risks or controls related to conflicts of interest or gifts, benefits and hospitality. Risk 4 was not assessed. Risk 8 was assessed as having ‘moderately effective to effective’ controls, a current risk rating with existing controls of ‘moderate’, and a target risk rating of ‘low’.

2.11 At a meeting in August 2023, the MDBA’s Executive Board considered a new Enterprise Risk Report which set out draft assessments against eight revised enterprise risks.²⁸ At subsequent Executive Board meetings, held between August 2023 and May 2024, reporting against the revised enterprise risks was provided and at least one enterprise risk was discussed at each meeting. None of the MDBA’s risk assessment worksheets for these revised enterprise risks since August 2023 has contained references to risks or controls relating to conflicts of interest or gifts, benefits and hospitality.

Fraud control plan and risk assessment

2.12 The PGPA Fraud and Corruption Rule establishes a requirement for an accountable authority to take all reasonable measures to prevent, detect and deal with fraud relating to the entity.²⁹

2.13 The MDBA’s Fraud and Corruption Control Policy and Plan (July 2024) outlines the entities’ policies and guidelines for handling suspected fraud and corruption. The ‘policy and plan’ does not include details on fraud and corruption risks, and it notes that the MBDA’s fraud and corruption risk assessment document is held as a separate document.

2.14 The MDBA developed a draft fraud risk assessment in 2019 with six sub-categories of fraud risks.³⁰ The assessment for each risk records: causes; consequences; controls; current rating; target rating; treatments; residual risk; contingency plan (if the risk occurs); and control effectiveness. The MDBA identified patronage, nepotism, cronyism, collusion and bribery as potential causes for two of the six fraud risks:

Risk 2: Fraudulent or corrupt behaviour in a procurement or grant process

Risk 4: Fraudulent/corrupt behaviour in recruitment

2.15 Common controls identified by the MDBA for these two risks were adherence to and training in the Public Service Act, APS Code of Conduct, MDBA Conflict of Interest Policy, MDBA Fraud Control Plan, Accountable Authority Instructions and delegation instruments. The MDBA assessed the controls as ‘Effective: No control gaps (controls are believed to be operating effectively).’ The draft fraud risk assessment did not reference any controls testing conducted to inform this assessment of control effectiveness.

2.16 From 1 July 2024, the Fraud Rule was updated to the Fraud and Corruption Rule. The MDBA developed a revised fraud and corruption risk assessment, which was approved in July 2024, with five risks.³¹ The assessment for each risk records threats or causes; consequences; controls; current rating; target rating; treatments; residual risk; contingency plan (if the risk occurs); and control effectiveness. The MDBA identified bribery, kickbacks, conflict of interest, favouritism and nepotism as threats for Risk 1: Corruption in decision-making. Controls identified by the MDBA for the risk included:

Adherence to and training in: Public Sector Act, APS Code of Conduct, ethics, MDBA Conflict of Interest Policy, MDBA Fraud Control Plan, Accountable Authority Instructions, fraud and conflict of interest on commencement and biennial refresher (mandatory), compliance reporting, Recruitment and Selection Policy (for non SES), Human Resources Delegations, Sub Delegations and Authorisations 2019.

2.17 The MDBA assessed the controls as ‘Moderately effective: few control gaps. The control is influencing the risk level; however, improvement is needed, but subject to business case and cost effectiveness.’ The MDBA advised the ANAO in September 2024 that control owners were consulted to review and validate controls and assess their effectiveness. The 2024 fraud and corruption risk assessment does not record control owners.

2.18 Existing controls directly related to gifts, benefits and hospitality, including the MDBA’s Official Hospitality, Gifts and Benefits Guidelines and its internal Gifts and Benefits Register, are not referenced in the 2024 fraud and corruption risk assessment.³² The MDBA identified ‘Broaden the publication of received gifts and benefits on external website’ as a treatment for the ‘Corruption in decision-making’ risk (refer paragraph 2.77).

Has the MDBA developed fit-for-purpose policies and procedures for the acceptance of gifts, benefits and hospitality?

2.22 The MDBA’s policies and procedures for the acceptance of gifts, benefits and hospitality are established through:

• instructions in the MDBA’s Accountable Authority Instructions (April 2022) (AAIs);
• the MDBA’s Instrument of Delegation – Core Financial Arrangements (July 2023 and September 2024), which outlines approval requirements for accepting gifts; and
• policy documents, including an Official Hospitality, Gifts and Benefits Guidelines (updated August 2024)³³ and Declaration of Interest Policy 2022–2024 (June 2022).

Accountable Authority Instructions

2.23 The MDBA’s AAIs include instructions related to the acceptance of gifts, benefits and hospitality. The AAIs were issued in April 2022 by the acting Chief Executive.

2.24 The AAIs include the following instructions to all officials on ‘receiving gifts and benefits’.

You must not:

• ask for, or encourage, the giving of gifts to yourself or other officials
• accept a gift of money (except in exceptional circumstances)
• accept a gift or benefit that influences or could be perceived to influence, your decision or action on a particular matter.

If you decide to accept a gift or benefit, your decision must be defensible and able to withstand public scrutiny and be approved by a delegate as per the Instrument of Delegation. You must have regard to the general duties of officials and associated instructions in deciding whether to accept a gift as outlined in the MDBA Official Hospitality, Gifts and Benefits Guidelines.

You should seek advice from Risk and Audit prior to accepting a gift or benefit.

2.25 Under the heading ‘official hospitality’, the AAIs state that MDBA officials must not:

• accept hospitality if by its nature, frequency or other circumstances it could reasonably be seen as compromising your integrity or that of the MDBA.
• accept excessive (either in scale or frequency) hospitality in connection with your official duties.
• accept secretive hospitality.

2.26 The AAIs include the following guidance on acceptance of gifts and benefits:

Officials, in the course of their work, may be offered gifts such as souvenirs, bottles of wine and personal items, or benefits such as sponsored travel, hospitality, accommodation or entertainment.

Generally, officials should not accept gifts or benefits in the course of their work. However, there may be circumstances where it is appropriate to accept a gift or benefit – for example, where refusal could cause cultural offence, where an item of token value is offered by way of public thanks, or where attendance at an event is an important means of developing and maintaining relationships with key stakeholders. Officials need to carefully consider the appropriateness of a gift or benefit before accepting or rejecting it.

Gifts provided to officials in the course of their work immediately become relevant property when received. Where a gift is token in nature an official may be able to retain the gift.

Instrument of Delegation

2.27 The MDBA’s Instrument of Delegation – Core Financial Arrangements (July 2023) established a delegation related to the acceptance of gifts by MDBA officials (see Table 2.1).³⁴ The delegation applied to approving ‘the keeping of a gift by an official managed by the delegate’. For the Executive Director (ED) Business Services³⁵, General Manager (GM) Finance³⁶ and Chief Financial Officer (CFO), this delegation did not allow them to approve gifts accepted by officials outside of their direct reporting lines. The MDBA updated the Instrument of Delegation – Core Financial Arrangements in September 2024 to allow all delegates to approve gifts and benefits accepted by officials outside of their direct reporting lines (see Table 2.1).

Table 2.1: Delegations for the acceptance of gifts, benefits or hospitality

Note a: The ED Business Services is also the Chief Operating Officer of the MDBA.

Note b: The GM Finance position was removed from the September 2024 delegation instrument.

Source: MDBA, Instrument of Delegation – Core Financial Arrangements (July 2023 and September 2024).

2.28 The September 2024 Instrument of Delegation requires delegate approval for keeping gifts or benefits (including hospitality) of any value. In contrast, the March 2022 and August 2024 Official Hospitality, Gifts and Benefits Guidelines both indicate officials may accept gifts or benefits valued at less than $50 without delegate approval (refer to paragraph 2.34).

Policies and procedures related to the acceptance of gifts, benefits and hospitality

Official Hospitality, Gifts and Benefits Guidelines

2.29 The MBDA’s Official Hospitality, Gifts and Benefits Guidelines (August 2024) outline additional guidance, including general principles that officials, including Authority members must not:

• accept any gift, benefit or hospitality:
  • that can be perceived as having a capacity to affect the official’s decisions or considerations;
  • where there is an expectation or implication that a favour is expected in return; or
  • that is travel or accommodation in connection with official duties, regardless of whether it would further the interests of the MDBA³⁷; or
• use any information obtained in their official capacity to gain an advantage for themselves or any other person, or cause detriment to the MDBA, the Commonwealth or any other person.

2.30 The guidelines state that:

Token hospitality such as coffee or a modest meal may be accepted. Before accepting or declining other forms of hospitality such as dinners, sporting event tickets and the like, the approval of the appropriate delegate must be sought. If accepted, this must be recorded by informing the Secretariat and Governance Team…³⁸

2.31 The Official Hospitality, Gifts and Benefits Guidelines provide additional guidance on the acceptance of ‘token’ gifts, benefits and hospitality valued up to $50 (see Box 1).

2.32 The Official Hospitality, Gifts and Benefits Guidelines state that:

Acceptance of any gift, benefit or hospitality is inappropriate and should be declined where it is from a person or company:

• involved in a tender process with the agency, either for the procurement of goods and services or sale of assets;
• meeting with a view to offer services to the MDBA;
• the subject of a decision within the discretionary power, or substantial influence of the MDBA official concerned;
• in a contractual or regulatory relationship with the Commonwealth; or
• whose primary purpose is to lobby Ministers, members or Parliament, or agencies.

2.33 The guidelines do not set out timeframes for delegate approval or for reporting on acceptance from the recipient or delegate to the Secretariat and Governance team. Further, the guidelines do not specify sanctions associated with failure to comply with the requirements.

2.34 The Official Hospitality, Gifts and Benefits Guidelines are inconsistent with the MDBA’s AAIs, which state that acceptance of gifts and benefits must ‘be approved by a delegate as per the Instrument of Delegation’ (refer to paragraph 2.24). The Instrument of Delegation does not provide a delegation for officials to keep gifts or benefits valued under $50 without manager approval (refer to paragraph 2.27). The MDBA advised the ANAO in September 2024 that:

We interpret this to be that the Instrument delegates the ability to approve the keeping of a gift by an official but then the policy notes when officials may accept gifts or benefits with or without delegate approval. This is not a contradiction as the two documents do different things.

Declaration of Interests Policy 2022–2024

2.35 The MDBA’s Declaration of Interests Policy 2022–2024 (June 2022) defines a conflict of interest as ‘a conflict between the public duty and personal interests of an individual that improperly influences the individual in the performance of their official duties and responsibilities.’ The policy requires all entity officials to make declarations of interests on commencement and annually thereafter.

2.36 The policy identifies ‘gifts’ as an interest ‘that would be considered relevant and must be declared for assessment.’ It identifies that a conflict of interest may arise ‘where a person involved in conducting a procurement/grant … has received a gift, hospitality or another benefit from a prospective supplier.’

2.37 The guidelines and notification form do not require recipients or approving delegates to include information about any potential, perceived or actual conflict created by the acceptance of gifts, benefits or hospitality.

Has the MDBA developed fit-for-purpose policies and procedures for the provision of gifts, benefits and hospitality?

2.38 The MDBA’s policies and procedures for the provision of gifts, benefits and hospitality are established through:

• instructions in the MDBA’s AAIs (April 2022), primarily relating to official hospitality;
• the MDBA’s Instrument of Delegation – Core Financial Arrangements (July 2023 and September 2024); and
• the Official Hospitality, Gifts and Benefits Guidelines (updated August 2024) and other policy documents.³⁹

Accountable Authority Instructions

2.39 The MDBA’s AAIs establish policies and controls related to the provision of gifts, benefits and hospitality, including requirements that:

• any decision to spend relevant money on official hospitality must be publicly defensible;
• MDBA officials must not enter into an arrangement to provide official hospitality unless the arrangement has been approved by a delegate under the Instrument of Delegation;
• potential fringe benefits tax (FBT) implications must be considered before approving a commitment; and
• MDBA officials must not make a gift of relevant property, unless it complies with the instructions on gifting relevant property in MDBA’s Official Hospitality, Gifts and Benefits Guidelines.

Instrument of Delegation

2.40 The MDBA’s Instrument of Delegation – Core Financial Arrangements (July 2023 and September 2024) establishes two delegations related to the provision of gifts, benefits and hospitality by MDBA officials (see Table 2.2).

Table 2.2: Delegations related to the provision of gifts, benefits and hospitality

Note a: The ED Business Services is also the Chief Operating Officer of the MDBA.

Note b: The GM Finance position was removed from the September 2024 delegation instrument.

Source: MDBA, Instrument of Delegation – Core Financial Arrangements (July 2023 and September 2024).

Policies and procedures related to the provision of official hospitality

2.41 The MDBA’s policies and procedures make a distinction between providing official hospitality and business catering. Official hospitality and business catering are not consistently defined across policy and procedural documents (see Table 2.3).

Table 2.3: Definitions of official hospitality across the MDBA’s policy framework

Source: ANAO presentation of MDBA information.

2.42 The MDBA has developed an ‘Official Hospitality or Business Catering’ flowchart outlining questions for officials to answer when deciding if an activity is official hospitality or business catering (see Figure 2.1). The effectiveness of this flowchart to support MDBA officials’ decision-making is limited by:

• the lack of definitions for ‘entertainment’ and ‘modest’ in policy and procedural documents; and
• the MDBA’s processes for approving the provision of official hospitality not being designed to record delegates’ consideration of the questions outlined in the flowchart.

Figure 2.1: MDBA’s flowchart for classifying official hospitality or business catering

Source: ANAO presentation of MDBA flowchart.

2.43 Assessment of MDBA’s classification of events as official hospitality or business catering is presented in paragraphs 3.46 to 3.48.

Official Hospitality, Gifts and Benefits Guidelines

2.44 The AAIs require MDBA officials to act in accordance with the Official Hospitality, Gifts and Benefits Guidelines. The process for the provision of official hospitality described in the Official Hospitality, Gifts and Benefits Guidelines is for MDBA officials to request and record approval from delegates on an official hospitality approval form.

2.45 The guidelines outline principles for generally acceptable hospitality and provide examples of acceptable and generally unacceptable hospitality (see Table 2.4), but do not define sanctions associated with failure to comply with the guidelines.

Table 2.4: MDBA’s examples of appropriate and unacceptable hospitality

Source: MDBA, Official Hospitality, Gifts and Benefits Guidelines (August 2024).

2.46 The guidelines include advice about the provision of alcohol with official hospitality, stating:

Alcohol is only provided by exception. If provided it:

• should only be provided with, and incidental to, a meal.
• must reflect the MDBA’s duty of care to keep attendees safe.
• must build the reputation of the department as a professional and trusted partner.
• must have a corresponding offer of non-alcoholic option.

2.47 The MDBA’s Official Hospitality Expense Spending Proposal and Official Hospitality (Special Circumstances) Standing Approval Spending Proposal forms include a field to record the reason for providing official hospitality, including the benefit to the MDBA. The forms do not prompt officials or delegates to document compliance with other policy requirements and principles.

2.48 The March 2022 version of the Official Hospitality, Gifts and Benefits Guidelines stated that MDBA officials must seek approval from the relevant delegate ‘either prior to the activity, or as soon as practicable after the activity’. This was inconsistent with the MDBA’s AAIs which state that MDBA officials must not ‘enter into an arrangement to provide official hospitality unless the arrangement has been approved by a delegate under the Instrument of Delegation’. The August 2024 version of the Official Hospitality, Gifts and Benefits Guidelines state that MDBA officials must seek pre-approval for official hospitality.

2.49 The August 2024 version of the Official Hospitality, Gifts and Benefits Guidelines specify that a ‘delegate must not approve official hospitality they may personally benefit from (including attending the event).’

2.50 The MDBA Sensitive Water Market Information Policy requires MDBA meetings to be ‘managed so that information cannot be overheard.’ The MDBA’s hospitality-related policies and procedures do not reference the Sensitive Water Market Information Policy. Its hospitality approval forms do not document consideration by MDBA officials or delegates if the location or type of hospitality provided for MDBA events are consistent with the Sensitive Water Market Information Policy.

Policies and procedures related to the provision of gifts and benefits

2.53 The MDBA’s AAIs for gifting MDBA property require officials to act in accordance with the Official Hospitality, Gifts and Benefits Guidelines. The guidelines state:

Expenditure on gifts, other than on token gifts, for the purposes of protocol and/or public relations are acceptable when the presentation is to further the aims of the MDBA. Only the Chief Executive, Executive Directors/Division Leads, the Chief Operating Officer or the Chief Finance Officer (CFO) are authorised (as per the instrument of delegation) to approve expenditure on gifts and/or benefits.

If the recipient of a proposed gift is a foreign national, foreign organisation or foreign Government, the CE must also be satisfied of the appropriateness of the proposed gift prior to purchase. [emphasis in original] …

Where an external person speaks at a conference or seminar hosted by the MDBA for no fee, a token gift may be provided with pre-approval given.

2.54 The March 2022 version of the guidelines outlined a range of MDBA gifts and merchandise that could be given as gifts, including drink bottles, books, caps, stationery, USB flash drives, drink bottles, brown paper show bags and bookmarks (see Figure 2.2).

Figure 2.2: MDBA gifts and merchandise

Source: MDBA, Official Hospitality, Gifts and Benefits Guidelines (March 2022).

2.55 The August 2024 version of the guidelines states items that can be used as MDBA gifts are: an aluminium drink bottle and the book Sharing the water – One hundred years of River Murray politics. MDBA merchandise available are: posters, fact sheets, stickers, cotton shopping bags, and Murray River salt flakes sachets.

2.56 In August 2024, the MDBA advised the ANAO that its expenditure (including GST) on MDBA gifts was $3,359.40 in 2021–22, $1,275 in 2022–23, and $0 in 2023–24. The MDBA advised that it had no expenditure on MDBA merchandise over the same period.

Has the MDBA developed effective training and education arrangements to promote compliance with policy and procedural requirements?

Mandatory training requirements

2.57 The MDBA’s Essential Skills Policy (September 2021) establishes two programs of mandatory training: the Essential Induction program and the Essential Refresher program. The policy was due for review in 2023, but as of October 2024 this had not occurred.

2.58 MBDA employees and contractors must complete the Essential Induction program within the first three months of engagement. The program contains a total of nine mandatory whole-of-government e-learning modules (available to MDBA officials via a learning management system known as Learnhub). Two modules are relevant to the management of gifts, benefits and hospitality: Integrity in the Australian Public Service, and Fraud Awareness.

2.59 The MDBA Essential Refresher program requires annual completion of five modules, including the Integrity in the Public Service module, and biennial completion of the Fraud Awareness module. While the policy listed the Integrity in the APS module in the Refresher Program, the module was not part of the program within the Learnhub system until October 2023.

2.60 An overview of the training modules relevant to the management of gifts, benefits and hospitality is presented in Table 2.5.

Table 2.5: Overview of gifts, benefits and hospitality related training modules

Note a: The e-learning module is produced by the Australian Public Service Commission.

The Fraud Awareness module was replaced with the Fraud and Corruption module in July 2024.

Source: ANAO analysis of the Learnhub training module content.

Intranet guidance

2.61 Communication to officials regarding policy requirements can occur through other mechanisms. The MDBA intranet, known as ‘Billabong’, provides news and messaging across the entity. The Billabong page that provides information about the management of gifts, benefits and hospitality to officials is the Declaration of Interests page.

2.62 The Billabong Declaration of Interests page contains an overview of MDBA’s approach to the management of gifts, benefits and hospitality and provides links to the Official Hospitality, Gifts and Benefits Guidelines, the Gifts and Benefits Notification Form, and the Official Hospitality Expense Spending Proposal and Official Hospitality (Special Circumstances) Standing Approval Spending Proposal.

2.63 On 31 March 2022, an intranet post was published advising staff of updates to the MDBA Official Hospitality, Gifts and Benefits Guidelines. The message identified that the updates:

• clarify that delegate approval is not required for an official to keep a token gift or benefit (i.e. of a value less than or equal to $50), although they should keep their own record of it.
• officials should generally not accept gifts from stakeholders to pay for travel and accommodation where travelling on MDBA business to a stakeholder sponsored tour, trip or event.
• reflect recent changes to the Australian Public Service Commission’s (APSC) reporting requirements for gifts and benefits received by the Chief Executive. The Risk and Audit team will co-ordinate internally and update the Chief Executive gifts and benefits register quarterly, then provide a link to the register to the [APSC] for publication on their website.

2.64 There was no intranet post to advise officials when the August 2024 updates to the Official Hospitality, Gifts and Benefits Guidelines were published. The MDBA advised the ANAO in September 2024 that it was waiting for approval of the updated financial delegations before providing broader communications to staff. A ‘Business Bulletin’ email was sent to all staff on 26 September 2024 notifying them of the updated Instrument of Delegation – Core Financial Arrangements. The MDBA advised the ANAO in November 2024 that it is undertaking a further review of the Official Hospitality, Gifts and Benefits Guidelines, and staff will be advised of the revised guidelines once the review is completed.

Guidance for new Authority members

2.65 As part of the induction process for new Authority members, two guidance documents are provided: Guidance for Authority Members and Conflict of Interest Guidance for Authority Members. The guidance documents set out the Authority’s powers, functions and governance supports. Requirements in relation to the conduct of meetings, delegations and the management of conflict of interests are identified. The guidance documents indicate the MDBA has adopted the APS Code of Conduct as the code of conduct for Authority members.

2.66 The guidance documents do not include information on training requirements and Authority members have not been given access to the MDBA Learnhub system nor asked to complete MDBA mandatory training requirements. No specific references are included for gift, benefit and hospitality declaration or reporting requirements.

Does the MDBA have appropriate arrangements for monitoring and reporting on offers, receipts and provision of gifts, benefits and hospitality?

Centralised monitoring of gifts, benefits and hospitality

2.68 The MDBA maintains a centralised internal register of gifts and benefits accepted by MDBA officials. The notification form advises officials to forward the signed form to the Secretariat and Governance Team’s shared email account. The Secretariat and Governance Team is responsible for recording these notifications on an internal Gifts and Benefits Register (the internal register). The MDBA has not established any procedural documents setting out the management of the internal register.

2.69 It is the responsibility of the individual official to ensure that a notification is made to the relevant delegate and the notification form is provided to the Secretariat and Governance Team. Once an entry is made on the internal register, the notification form, which includes the delegate’s decision, is retained in MDBA’s official record keeping system, Content Manager.

2.70 The MDBA does not maintain a register or other reporting mechanism for MDBA gifts or branded merchandise. In August 2024 it updated its internal Gifts and Benefits Register to include a section for recording official hospitality provided to MDBA officials or stakeholders.

2.71 The APSC’s APS Values and Code of Conduct in Practice provides that ‘agencies may require the employees to disclose offers which were not accepted, for example, where the offer could be perceived as a bribe’.⁴⁰ The MDBA’s August 2024 Official Hospitality, Gifts and Benefits Guidelines added a requirement for officials to record any offers of gifts, benefits or hospitality in the internal register. This requirement is inconsistent with a subsequent statement in the guidelines that a notification form is required for accepted non-token gifts, benefits or hospitality. As at October 2024, the notification form had not been updated to operationalise the requirement to declare offers of gifts, benefits and hospitality.

Internal reporting

2.73 The APSC recommends entities measure and report on integrity performance regularly.

Agencies that can effectively measure, monitor and report on their integrity performance will be better positioned to identify risks; action and remedy integrity issues; and embed integrity into all aspects of workplace culture and practice.⁴¹

2.74 The APSC identifies a number of integrity metrics including reporting on gifts, benefits and hospitality.⁴² The MDBA has not established any reporting to management committees or the Chief Executive on the offer, decline, receipt or provision of gifts, benefits and hospitality.

External reporting

Alignment with the Australian Public Service Commission Guidance on gifts and benefits

2.75 The APSC’s Guidance for Agency Heads – Gifts and Benefits (the APSC Guidance) establishes the requirement that agency heads are to publish a register of gifts, benefits and hospitality that have been accepted and are valued at over $100.⁴³ This disclosure includes gifts, benefits and hospitality accepted by their immediate families and dependants where it is related to the official duties of the agency head.⁴⁴ The APSC Guidance also ‘strongly encourages’ statutory office holders to mirror the arrangements for agency heads as best practice⁴⁵, and stipulates a ‘strong expectation’ that items received by staff are also published on the register.⁴⁶

2.76 The MDBA’s Official Hospitality, Gifts and Benefits Guidelines include additional requirements for the Chief Executive that align with the APSC Guidance, including the requirement to publish the register quarterly. The MDBA publishes an Accountable Authority Gifts and Benefits Register on its website.⁴⁷ The MDBA has been publishing the register since ‘quarter 4’ of 2021.

2.77 The March 2022 Official Hospitality, Gifts and Benefits Guidelines did not include any requirements for the public reporting of gifts, benefits and hospitality accepted by MDBA officials other than the Chief Executive. In August 2024 the MDBA added a new section to the guidelines stating:

The MDBA has chosen to voluntarily publish additional details on its website, as well as providing that information to the APSC … ALL gifts and benefits received by any MDBA staff member [including Authority members] over the value of $AUD100.00 will now be published, consistent with the approach of the Australian National Audit Office, to provide greater transparency.⁴⁸

2.78 The APSC Guidance requires the annual reporting of gifted airline lounge memberships.⁴⁹ The only item reported between quarter 4 of 2021 and quarter 2 of 2024 was a complimentary airline membership gifted to the Chief Executive from Qantas Airways Ltd. The gift was listed as being received ‘from 27 June 2022’ but was reported between quarter 2 and quarter 3 of 2023. On 31 October 2024, the MDBA updated the Accountable Authority Gifts and Benefits Register on its website to record the gifted airline lounge membership annually.

Reporting to Parliament

2.79 The MDBA provided responses to questions on notice from the Senate Environment and Communications Legislation Committee on the provision of hospitality that were asked of the Department of Climate Change, Energy and Water on four occasions between June 2023 and June 2024.⁵⁰

2.80 As discussed at paragraph 2.41, the MDBA makes a distinction between official hospitality and business catering, and definitions of these categories vary across MDBA’s policies and procedures. As a result of the inconsistencies in the treatment of events by the MDBA, and the absence of a register of events (see paragraph 2.70), the entity has not been well placed to provide an accurate response to the questions posed. Further examination of the MDBA’s classification and management of official hospitality and business catering is presented at paragraphs 3.46 to 3.48.

3.1 Section 16 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires accountable authorities of Commonwealth entities to establish and maintain appropriate systems of internal control.⁵¹ Successful risk management relies on the implementation of effective controls.⁵² In accordance with the Australian Public Service Commission’s (APSC’s) APS Values and Code of Conduct in practice, compliance with the requirements for gifts, benefits and hospitality supports agencies to manage actual or perceived conflicts of interest.⁵³

3.2 The Department of Finance through the Risk Management Toolkit defines a control as ‘any process, policy, device, system, practice or other action that is put in place to modify the likelihood or consequence of a risk or to detect if a risk is happening.’⁵⁴

3.3 Preventative controls work by reducing the likelihood of inappropriate activities related to gifts, benefits and hospitality before they occur. Preventive controls can include: policies and procedures; education and training; deterrence messaging; declarations and acknowledgements; and pre-approvals with segregation of duties.⁵⁵

3.4 Detective controls can identify failures in activities related to gifts benefits and hospitality and help identify if a risk has occurred.⁵⁶ Detective controls can include: reconciliation and payment processes; monitoring activities, including the use and review of registers; exception reporting; and audit and assurance activities.⁵⁷

3.5 When detective controls identify instances of non-compliance, entities should have effective processes in place for managing investigations and follow-up actions. These may include training, sanctions, or referral to law enforcement agencies.

Has the MDBA implemented effective preventative controls for the receipt or provision of gifts, benefits and hospitality?

Controls for enforcing staff training

3.6 As outlined at paragraph 2.57, the MDBA’s Essential Skills Policy (September 2021) establishes mandatory induction and refresher programs that include two e-learning modules relevant to gifts, benefits and hospitality: Integrity in the Australian Public Service and Fraud Awareness. The policy states that reporting will be provided to MDBA’s Capability Board and Executive Directors on completion of essential skills learning on a regular basis or as needed.

3.7 Monthly human resources reports are provided to MDBA’s Executive Directors and General Managers that contain data on officials’ compliance with Induction and Refresher learning programs. Reporting on officials’ compliance with the Induction learning program began in January 2023 and reporting on compliance with the Refresher learning program began in October 2023. Compliance reporting on completion of MDBA mandatory training had not been provided to the Capability Board, other MDBA governance committees or the MDBA Chief Executive. Without oversight by senior management, the entity is not in a position to assess the impact of non-compliance with mandatory training as a potential integrity issue within its operations and culture.

3.8 The MDBA completed a system upgrade of its Learnhub system in October 2023. During the system upgrade, MDBA officials discovered that the Integrity in the APS module was missing from the refresher program within Learnhub. The module had been identified as a mandatory element of the Refresher program since September 2021.

3.9 MDBA officials were notified of the oversight in a ‘Business Bulletin’ on 10 November 2023:

LearnHub has been refreshed for the first time since 2018 and the new look site is now live! Not only does it have a brand-new look, several courses have also been updated.

People and Culture are in the process of transferring all course completions for the last 12 months. If you have completed courses in the last 12 months this will soon be reflected in LearnHub, if not please complete as soon as possible.

‘Integrity in the APS’ is now included in the MDBA’s Refresher Program, all staff will need to complete this course to remain compliant with the training program.

3.10 The MDBA has not been able to determine a reliable estimate of training completion rates for the two modules due to issues with the completeness and accuracy of its Learnhub data.

Preventative controls for accepting gifts, benefits and hospitality

Self-declaration of accepted gifts, benefits and hospitality

3.11 The MDBA’s controls for monitoring accepted gifts, benefits and hospitality rely on MDBA officials’ knowledge of the requirements for self-declaration. The MDBA does not provide regular reminders to officials to support self-declaration.

3.12 When a declaration is made by an MDBA official to the Secretariat and Governance Team, an entry is made on the internal Gifts and Benefits Register (the internal register). The MDBA has not established any procedural guidance on the management of the internal register (refer to paragraph 2.68).

3.13 The ANAO identified two declarations made by MDBA officials that were provided to the Secretariat and Governance Team and not recorded in the internal register:

• a lunch provided by Murray Irrigation Ltd to 14 MDBA officials; and
• a cloth bag received by a senior official from an international delegation.

3.14 The ANAO’s identification of non-compliance with requirements to declare the acceptance of hospitality is examined at paragraph 3.27.

Delegate approval to accept gifts, benefits and hospitality

3.15 As outlined at paragraphs 2.24 and 2.28, the MDBA’s Accountable Authority Instructions (AAIs) and Instrument of Delegation – Core Financial Arrangements require a delegate to approve the acceptance of a gift or benefit of any value by an official managed by the delegate. The Notification Form completed by officials and signed by the delegate does not record the role or position of the delegate.

3.16 The Instrument of Delegation (July 2023) required the delegate approving the receipt of a gift to be the recipient’s manager. The instrument also lists corporate positions, such as the Executive Director (ED) Business Services and the Chief Financial Officer (CFO), as holding the delegation to approve the keeping of a gift. Notwithstanding the inclusion of corporate positions, the MDBA advised the ANAO in July 2024 that the exercise of the delegation to approve the keeping of a gift must be by a delegate who manages the official.

3.17 Between 1 July 2021 and 31 March 2024, 20 items were recorded on the internal register. An additional two unrecorded items were identified by the ANAO (see paragraph 3.13).

• Of the 22 items, 6 items (27 per cent) were kept by the recipient without approval from a delegate (non-compliant with MDBA policy requirements). These items were reported by the recipient as being valued under $50.⁵⁸
• Of the 16 items where delegate approval was obtained:
  • there was one instance where delegate approval was not required⁵⁹;
  • ten items were approved by a delegate that was the recipient’s manager or an Executive Director of the recipient’s division (compliant with MDBA policy requirements); and
  • five items were approved by a delegate that was not the manager of the recipient (non-compliant with MDBA policy requirements).⁶⁰

Controls for potential conflicts of interest

3.18 The MDBA’s control framework prohibits MDBA officials from accepting gifts and benefits:

• that ‘influences or could be perceived to influence [the MDBA official’s] decision or action on a particular matter’ (refer to paragraph 2.24); and
• from ‘a person or company in a contractual or regulatory relationship with the Commonwealth’ (refer to paragraph 2.32).

3.19 Of the 20 items recorded on the internal Gifts and Benefits Register and two items identified by the ANAO, 14 items (64 per cent) involved accepting gifts or benefits from companies in a contractual arrangement with the Commonwealth at the time the gift or benefit was accepted. There were seven instances of gifts or benefits accepted from external parties who were in contractual arrangements with the MDBA (see Table 3.1).

3.20 Case Study 1 details the circumstances of MDBA officials obtaining approval from the ED Business Services (SES Band 2) to attend a function hosted by PricewaterhouseCoopers Australia (PwC).⁶¹ The MDBA was in a contractual relationship with PwC at the time of the offers. The approver was not the recipients’ manager (a requirement to be a delegate approving receipt of a gift under MDBA’s Instrument of Delegation — refer to paragraph 2.27).

3.21 In May 2024, the MDBA received a gift box from Sauce Communication (refer to Table 3.1 for other gifts from this provider). The gift was declared in line with Official Hospitality, Gifts and Benefits Guidelines. On 13 May 2024, the MDBA emailed Sauce Communications advising:

We’re currently being audited by the Australian National Audit Office, specifically all conference expenditure including gifts given and received.

Hence I will be returning the unopened gift box … and want to reiterate that we enjoy working with you all and are very happy with the services provided, however, no gifts are necessary.

Undeclared hospitality

3.23 The MDBA’s AAIs prohibit officials from accepting frequent hospitality (refer to paragraph 2.25) and the Official Hospitality, Gifts and Benefits Guidelines identifies that benefits should not be accepted from contractors (refer to paragraph 2.32). Until August 2024 the MDBA did not require officials to make a notification for offers of gifts, benefits or hospitality that were not accepted (refer to paragraph 2.71). The MDBA’s gifts, benefits and hospitality framework does not require recipients or approving delegates to include information about the potential, perceived or actual conflict created by the acceptance of gifts, benefits or hospitality (refer to paragraph 2.37). The absence of these controls limits the MDBA’s capacity to monitor and manage attempts to influence MDBA officials’ decisions or actions.

3.24 A search of email and calendar invitations sent to the MDBA from seven organisations with contracts with MDBA identified 70 potential offers of hospitality to MDBA officials⁶², including:

• invitations for ‘coffee meetings’ sent to MDBA SES officials;
• the provision of food associated with work related meetings or events;
• offers to have ’drinks’;
• offers to have a meal sent to SES officials; and
• offers to an MDBA SES official from eWater associated with the MDBA official being a board member of eWater.⁶³

3.25 In most instances there was insufficient information in the email and calendar records to determine whether it was an actual offer of hospitality and in all cases there was insufficient information to determine a whether a potential offer was accepted. In one instance, there was an explicit offer made by a Hudson representative to provide hospitality to an MDBA official:

Blocking this time out for our catch up tomorrow. Let me know if you’re happy with the location. Looking forward to meeting you! PS: Lunch is on us =)

3.26 The MDBA advised the ANAO in September 2024 that none of the 70 potential offers resulted in instances of acceptance of gifts, benefits or hospitality.

3.27 The ANAO approached the seven organisations from which potential offers were received and asked if they had records of hospitality being provided to MDBA officials.⁶⁴ The organisations’ responses are outlined in Table 3.2. The response from Scyne Advisory identified three instances of the acceptance of hospitality by MDBA officials that were not recorded in MDBA’s internal register. The response from Hudson confirmed that the offer of hospitality referred to at paragraph 3.25 was accepted by the MDBA official and there was a record of this expenditure.

Preventative controls for the provision of official hospitality

Delegate approval of provision of official hospitality

3.28 All official hospitality and business catering provided by the MDBA must be approved by a delegate, irrespective of the cost. The MDBA’s Instrument of Delegation establishes the officials that hold a delegation to approve official hospitality (see paragraph 2.40 and Table 2.2) and business catering.⁶⁵

3.29 Based on a review of 61 transactions from the MDBA financial management system⁶⁶, the ANAO identified 35 transactions that did not have a copy of delegate approval in the financial management system. These transactions included:

• catering for a meeting valued at $1,801.90;
• catering for an Authority workshop valued at $1,100.00;
• catering for a performance management training session valued at $661.80; and
• dinner for 27 people as part of a listening tour valued at $2,206.64.

3.30 Case study 2 describes a retirement event arranged by MDBA officials as official hospitality. Approval for the event was provided by an official who did not hold a delegation.

Prior approval of the arrangement

3.31 The MDBA’s AAIs do not permit MDBA officials to enter into an arrangement to provide official hospitality unless prior approval of the arrangement has been provided by a delegate (paragraph 2.39). In the case of business catering, the AAIs require officials to seek and gain approval through a spending proposal for a proposed commitment of relevant money.

3.32 Of 26 transactions reviewed by the ANAO where delegate approval was recorded in the financial management system, there were six instances where approval was not provided in advance, including:

• hospitality for a stakeholder event at a value of $595.45⁶⁷;
• a retirement dinner at a value of $1,065.45 (see Case Study 4); and
• a dinner for the Basin Officials Committee valued at $351.09.

2022 River Reflections Conference dinner

3.33 The River Reflections Conference is an annual event organised by the MDBA. Conference dinners form part of the conference and ‘allow delegates to network and have discussions’ with conference speakers. The MDBA officials arranging the 2022 River Reflections Conference dinner did not obtain approval from a delegate prior to entering into an arrangement to provide official hospitality. The conference dinner was scheduled for 1 June 2022. On 23 May 2022 officials sought approval for the official hospitality from the delegate. The delegate approved the Official Hospitality Expense Spending Proposal, stating:

is it possible to get these approved in advance of the commitment in the future? As delegate I am approving the expenditure on official hospitality. In this case it’s well past the point that I could make any other decision. When you land on a venue after a “value for money” assessment, it would be good if you could seek delegate approval before booking …

3.34 In July 2024 the MDBA advised the ANAO that the ‘hospitality and all associated costs are included in the overall conference budget.’

Achievement of one or more MDBA policy objectives

3.35 As outlined at paragraph 2.39, the MDBA AAIs require certain criteria to be met in order to provide official hospitality and state ‘Official hospitality generally involves the use of public resources to provide hospitality to persons other than MDBA officials to facilitate the achievement of one or more MDBA objectives’. ANAO analysis identified eight official hospitality transactions that did not record the basis for the expenditure meeting policy objectives.⁶⁸

Authority dinners

3.36 The Water Act 2007 requires the Authority to meet at least nine times each financial year. The MDBA arranges a dinner for members around the Authority meetings, generally the evening before the meeting.⁶⁹ The purpose of the dinner is to discuss the agenda of the upcoming meeting and resolve any concerns, and on one occasion to hear from an external speaker.

3.37 Authority dinners are classified by the MDBA as official hospitality. MDBA officials complete an Official Hospitality Expense Spending Proposal form or an Official Hospitality (Special Circumstances) Standing Approval Spending Proposal form for the purposes of obtaining delegate approval for Authority dinners. Both forms require the official to describe the ‘reason for providing the official hospitality (the benefit to the MDBA)’.

3.38 The ANAO reviewed the approval documentation for 14 Authority dinners. For 13 of the 14 Authority dinners, prior approval was obtained. There was no approval for one dinner. The approval forms reviewed by the ANAO generally did not:

• articulate how the proposed event meets ‘one or more MDBA objectives’ (see reasons outlined in Table 3.3);
• document consideration of the MDBA Sensitive Water Market Information Policy in relation to the holding of an event in a public venue (see paragraph 2.50); or
• assess the appropriateness of providing official hospitality solely to MDBA officials for the 13 out of 14 Authority dinners where only MDBA officials were in attendance.

3.39 Further, the MDBA has not considered the issue of positional authority in the circumstances where the delegate approving the hospitality is subordinate to the recipient(s) of the event.

Table 3.3: Purpose of proposed hospitality for Authority members dinners

Source: ANAO presentation of MDBA official hospitality approval forms.

3.40 Additional analysis of the 14 Authority dinners held between 1 July 2021 and 31 May 2024 is presented at Table 3.4.

• Expenditure for six dinners was not consistent with the delegate’s pre-approval.
• Authority members’ remuneration and allowances, including travel allowances, are set by the Remuneration Tribunal. The ‘total cost per person’ for five dinners exceeded the Remuneration Tribunal’s ‘tier 1’ travel allowance.

Provision of alcohol

3.41 The March 2022 Official Hospitality, Gifts and Benefits Guidelines provided guidance on the inclusion of alcohol as part of official hospitality⁷⁰, stating:

It is acceptable to budget for the supply of alcohol for up to two standard drinks per attendee. Consideration must be given to the unit cost of the alcohol being provided with the overriding principle being that the expenditure on alcohol must be appropriate to the circumstances and be publicly defensible.

3.42 The MDBA Business Catering Guidelines and the ‘Official Hospitality or Business Catering’ flowchart prohibit the provision of alcohol with business catering (see Table 2.3 and Figure 2.1).

3.43 ANAO analysis of 61 transactions in the financial management information system identified six instances where alcohol was recorded as making up a proportion of the expenditure. The MDBA classified three of these transactions as business catering:

• the purchase of alcoholic drinks using the Chief Executive’s corporate credit card⁷¹;
• dinner and drinks for a listening tour; and
• the cost of drinks as part of a ‘Chair tour’ valued at $400.

‘Generally unacceptable’ forms of official hospitality

3.44 As presented in Table 2.4, the MBDA’s control framework identifies acceptable and unacceptable forms of official hospitality. The provision of official hospitality to Commonwealth ministers and members of the Australian Parliament is identified as a ‘generally unacceptable’ form of hospitality. Case study 3 describes an event with a Commonwealth minister in attendance provided by the MDBA as official hospitality.

3.45 The MDBA identifies ‘farewell functions’ as another form of generally unacceptable hospitality ‘unless authorised by the Chief Executive or Chief Operating Officer.’ Case study 4 describes the approval of a farewell event for the previous Chief Executive.

Determination of official hospitality or business catering

3.46 The MDBA differentiates between official hospitality and business catering (refer paragraph 2.41 and Table 2.3). The ANAO’s review of transaction records identified four events that had been classified by MDBA officials as both business catering and official hospitality (see Table 3.5).

Table 3.5: Events classified as both official hospitality and business catering

Note a: The Official Hospitality Expense proposal form was signed by the delegate before the event.

Note b: The Business Catering Approval form was approved by the delegate after the event.

Source: ANAO analysis.

3.47 For 39 out of 61 transactions reviewed by the ANAO, the MDBA correctly classified the expenditure as business catering. For four of the transactions classified by MDBA as business catering (meeting expenses), the ANAO assessed the events to meet the definition of official hospitality within MDBA’s policy framework due to the event occurring in a restaurant or at an entertainment venue.

3.48 An example of the MDBA’s inconsistent classification of events is an annual dinner attended by members of the Authority, the Basin Communities Committee and the Basin Officials Committee.

• In May 2021 approval for the event as official hospitality was sought from a delegate. The request form was not signed by the delegate.
• In April 2022 a delegate approved the event as business catering.
• In April 2023 a delegate approved the event as official hospitality.

Records management

3.49 For six of the 61 transactions examined, there was no invoice attached to the transaction record. The MDBA Credit Card Guidelines (2021) require a tax invoice to be retained for all purchases for the purposes of credit card acquittal. The MDBA advised the ANAO in June 2024 that the MDBA ‘[does] not require supporting documentation to be included in line with the ATO GST requirements.’⁷²

3.50 As discussed at paragraph 2.47, the MDBA’s approval forms and related processes for both official hospitality and business catering do not support the effective implementation of controls. The effectiveness of the approval forms is reduced as:

• the approval forms do not require officials preparing the form or the delegates approving the expenditure to document assessments against requirements and guidance — the forms have a single field titled ‘Justification’ or ‘Description’; and
• the delegate approvals are pre-populated statements, with no fields for the delegate to document the basis of their assessment that the expenditure meets policy requirements and guidance.

Has the MDBA implemented effective detective controls for the receipt or provision of gifts, benefits and hospitality?

Financial Management Compliance Survey

3.51 The MDBA requires all officials to complete a Financial Management Compliance Survey twice each financial year for the purposes of gathering ‘data related to all known instances of non-compliance with the finance law.’ In 2022–23 the MDBA made changes to the questions, including the addition of a question about instances where business catering or official hospitality were not provided in accordance with relevant guidelines. Table 3.6 sets out summary results for five surveys conducted between 1 July 2021 and 31 March 2024.

Table 3.6: Reports of non-compliance identified in the MDBA Financial Management Compliance surveys

Note a: The MDBA advised the ANAO in October 2024 that there was a ‘glitch’ in the compliance management system for Survey 1 2022–23 whereby the system pre-populated previously reported breaches against multiple questions in the survey. This resulted in over-reporting of instances of non-compliance.

Source: ANAO presentation of the MDBA’s results of the Financial Management Compliance Surveys.

3.52 Each financial year, the MDBA Chief Financial Officer prepares a compliance summary as part of the Chief Executive’s sign-off process for the MDBA’s financial statements.

• The compliance summary provided to the Chief Executive for 2021–22 reported 11 instances of non-compliance:
  • eight instances of unintentional use of corporate credit card for personal use; and
  • three instances of breaches of procurement processes.
• The compliance summary provided to the Chief Executive for 2022–23 reported 11 instances of non-compliance:
  • eight instances of unintentional use of corporate credit card for personal use; and
  • three instances of breaches of procurement processes.
• The compliance summary provided to the acting Chief Executive for 2023–24 reported 22 instances of non-compliance:
  • 17 instances of unintentional use of corporate credit card for personal use;
  • four instances of breaches of procurement processes; and
  • one instance of non-compliance with business catering requirements.

3.53 The compliance summary includes a section titled ‘Corrective Actions’, which contained the same statements for the 2021–22, 2022–23 and 2023–24 reports:

During the [next] financial year, the Finance and Procurement sections will continue to conduct training sessions for MDBA officials covering compliance with the MDBA Resource Management Framework and the Commonwealth Procurement Rules. Wherever relevant, one-on-one training sessions have been conducted, particularly regarding the use of corporate credit cards.

In addition, to minimise confusion and unintentional use of corporate credit cards, the Finance section continues to affix a unique MDBA sticker to all MDBA corporate credit cards to help officials distinguish them from their personal credit cards.

3.54 The 2023–24 compliance summary also included a statement that the ‘Finance and Business Operations Branch are individually reaching out to those officials who have been involved in financial non-compliance for 2023–24.’

3.55 Seven officials responding to the Financial Management Compliance Survey in 2022–23 identified that they were aware of instances of non-compliance with business catering or official hospitality guidelines. Upon further investigation, the MDBA identified that these reports had resulted from a ‘glitch’ in the compliance management system (see Table 3.6) and did not represent non-compliance with the business catering or official hospitality requirements.

3.56 In 2023–24, two reports of non-compliance with business catering or official hospitality guidelines were made by MDBA officials (see Table 3.6). These two reports related to one instance of non-compliance, which involved an MDBA official seeking retrospective approval for a staff dinner in September 2023 using the Business Catering expense request form. The delegate did not approve the retrospective request and asked that a breach notification be recorded in the MDBA’s compliance management system. The event for which approval was sought was dinner at a restaurant for MDBA officials after attending a catered meeting. In addition to the failure to obtain delegate approval prior to the event identified as non-compliance by the MDBA, the expenditure on a meal at a restaurant for the purposes of business catering is not permitted by the MDBA’s Business Catering Guidelines.⁷³

Other detective controls

3.57 The MDBA has not identified detective controls within its gifts, benefits and hospitality policies and procedures.

Does the MDBA have effective processes for managing identified instances of non-compliance?

3.58 The MDBA has not documented or implemented a process for managing non-compliance with the requirements for gifts, benefits and hospitality. As outlined at paragraphs 2.33 and 2.45, the MDBA’s Official Hospitality, Gifts and Benefits Guidelines do not specify sanctions associated with failure to comply with gift, benefit and hospitality requirements.

3.59 The MDBA has identified one instance of non-compliance relating to gifts, benefits and hospitality through the Financial Management Compliance Survey (paragraph 3.51 and Table 3.6). There was no evidence that follow-up action was taken in response to the instance of non-compliance with official hospitality and business catering requirements reported by MDBA staff.

3.60 The MDBA advised the ANAO in September 2024 that:

The actions taken in response to instances of non-compliance are supported by an annual letter between the CFO and the [Chief Executive]. Specifically, the letter speaks to ‘corrective actions’.

3.61 The ANAO identified the following instances of non-compliance with gifts, benefits and hospitality requirements that had not been identified or reported by the MDBA:

• MDBA officials accepting benefits from contractors (see paragraphs 3.18 to 3.22)⁷⁴;
• official hospitality being approved by an official who did not hold the delegation (see Case study 2);
• no delegate approval for official hospitality for the May 2022 Authority member dinner (see Table 3.4);
• no delegate approval for the joint Authority/Basin Officials Committee/Basin Communities Committee dinner in June 2021 (see paragraph 3.48);
• five Authority member dinners exceeding pre-approved values (see Table 3.4); and
• expenditure on official hospitality for events prohibited by the Official Hospitality, Gifts and Benefits Guidelines (see Case study 3 and Case study 4).

3.62 Case study 5 outlines an instance of non-compliance with financial controls relating to a ‘Leadership Immersion Workshop’ dinner in 2024. No sanctions were applied in relation to this non-compliance.

Has the MDBA established a sound and evidence-based assurance framework so that processes and controls for gifts, benefits and hospitality are implemented and remain effective?

3.63 There has been no management reporting on the offer, decline, receipt or provision of gifts, benefits and hospitality (refer to paragraph 2.74). The MDBA’s management of gifts, benefits and hospitality does not include internal reporting to executive management on control effectiveness. Further, there has been no reporting to the Chief Executive or relevant governance committees on mandatory training completion (refer to paragraph 3.7).

3.64 As outlined at paragraphs 3.18 to 3.19, the MDBA does not have review processes for its internal register to assess conflicts of interest risks (such as offers from suppliers). This limits the effectiveness of controls supporting management of conflicts of interest.

3.65 Topics related to the management of gifts, benefits and hospitality have not been included in the MBDA’s internal audit plan. There was no plan to undertake assurance activity related to gifts, benefits and hospitality.

Appendix 1 Entity response

Appendix 2 Improvements observed by the ANAO

1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of ANAO audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s corporate plan states that the ANAO’s annual performance statements will provide a narrative that will consider, amongst other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

• strengthening governance arrangements;
• introducing or revising policies, strategies, guidelines or administrative processes; and
• initiating reviews or investigations.

4. In this context, the below actions were observed by the ANAO during the course of the audit. It is not clear whether these actions and/or the timing of these actions were planned in response to proposed or actual audit activity. The ANAO has not sought to obtain assurance over the source of these actions or whether they have been appropriately implemented.

• The Murray–Darling Basin Authority (MDBA) updated and published its Official Hospitality, Gifts and Benefits Guidelines in August 2024 (refer to paragraphs 2.29 to 2.33 and 2.44 to 2.54).
• In August 2024 the MDBA developed a forward work plan for the management of official hospitality, gifts and benefits.
• In association with the August 2024 updates to the Official Hospitality, Gifts and Benefits Guideline, the MDBA created an official hospitality section of the internal Gifts and Benefits register (refer to paragraph 2.70).
• The MDBA updated its risk management framework in May and June 2024 and released a revised Fraud and Corruption Policy and Plan in July 2024. A fraud and corruption risk assessment was approved in July 2024.
• The MDBA updated the Accountable Authority Gifts and Benefits Register on its website on 31 October 2024 with an annual declaration of a gifted airline lounge membership.