Background

1. The Australian Public Service Commission (APSC) has reported that as at 31 December 2021, the Australian Public Service (APS) employed 155,796 people across 97 APS agencies.¹ APS employees are employed under the Public Service Act 1999 (the PS Act), which establishes the APS and is the basis of the regulatory framework applying to it.²

2. APS agencies can, and do, utilise a mixed workforce of APS and non-APS personnel to deliver their purposes. Non-APS personnel include contractors and consultants. Department of Finance (Finance) guidance indicates that the difference between a contract for services and a contract for consultancy services ‘generally depends on the nature of the services and the level of direction and control over the work that is performed to develop the output.’³

3. Workforce planning and management is the responsibility of each APS agency head. In the APS Workforce Strategy 2025, the APSC has stated that:

Ensuring agencies take a structured approach to the use of non-APS employees—including considering where work would be best delivered by an APS employee—and knowledge transfer and capability uplift arrangements is a key element of successful mixed workforce models, which are already being used by agencies across the APS.⁴

4. Additionally, the APSC has published guidance in the form of Guiding principles for agencies when considering the use of SES contractors⁵ relating to the use of contractors in APS Senior Executive Service (SES) roles.⁶ Similar guidance has not been issued for entities when considering the use of contractors for non-SES level roles.

5. The engagement and management of non-APS personnel occurs through procurement action by entities and their contract management processes, rather than the PS Act. These decisions must consider:

• the Commonwealth Procurement Rules (CPRs), which establish the whole-of-government procurement framework, including mandatory rules with which officials must comply when performing duties related to procurement;
• the Protective Security Policy Framework (PSPF), which sets out government protective security policy across the following outcomes: security governance, information security, physical security and personnel security⁷; and
• entity-specific procurement and contract management arrangements which may be contained in Accountable Authority Instructions (AAIs) made under section 20A of the Public Governance, Performance and Accountability Act 2013 (the PGPA Act, which is the basis of the Australian Government’s finance law) and in entity policies and guidelines.

6. Services Australia has advised the Parliament that as at 30 June 2021, its workforce included 4269 contractors, representing 9.7 per cent of the combined APS and contingent workforce.⁸ Services Australia’s contractor workforce performs work in most parts of the entity.

Rationale for undertaking the audit

7. The APS workforce strategy states that the APS will continue to deploy a flexible approach to resourcing that strikes a balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers are used to deliver outcomes within agencies. In this context, the strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS workers. The approach adopted by the APS and its agencies has been the subject of ongoing parliamentary interest, with a number of reviews and parliamentary committee inquiries undertaken in recent years.⁹

8. This audit is one of a series of three performance audits undertaken to provide independent assurance to the Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. Services Australia was selected as one of the APS agencies in this audit series as it is a large and regular user of non-APS personnel. The other audits in this series review the management of contractors by the Department of Defence and Department of Veterans’ Affairs.

Audit objective and criteria

9. The objective of the audit was to examine the effectiveness of Services Australia’s arrangements for the management of contractors.

10. To form a conclusion against the audit objective, the following high-level criteria were adopted.

• Has Services Australia established a fit-for-purpose framework for the use of contractors?
• Does Services Australia have fit-for-purpose arrangements for the engagement of contractors?
• Has Services Australia established fit-for-purpose arrangements for the management of contractors?

Conclusion

11. Services Australia has established largely fit-for-purpose policies and processes for the management of contractors and can demonstrate the effectiveness of some but not all aspects of its arrangements. There remains scope to improve the effectiveness of mandatory training arrangements and implementation of aspects of Policy 12 of the Protective Security Policy Framework (PSPF) relating to the eligibility and suitability of personnel.

12. Services Australia has established a fit-for-purpose framework for the use of contractors. At the agency level there is guidance which provides clarity regarding the different personnel types, including contractors. Guidance has been developed to assist the largest users of contractors within the agency — its service delivery and ICT areas — determine whether there is an operational requirement for the use of contractors.

13. Services Australia has established largely fit-for-purpose arrangements for the engagement of contractors. Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. Services Australia has established mandatory induction training and systems to monitor and report on the completion of induction training by its entire workforce. The effectiveness of training arrangements is reduced by contractors’ training completion rates and shortcomings in processes to ensure contractors and their managers are aware of mandatory induction training. Services Australia has established policy and processes to support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, the key exception being the requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm. By enacting temporary access provisions pending the outcome of pre-engagement eligibility and suitability checks, there is a risk that Services Australia has not met PSPF Policy 12 requirements where there is no assurance process to ensure satisfactory completion of the required checks within a reasonable timeframe.

14. Services Australia has established largely fit-for-purpose arrangements for the management of contractors. Services Australia has clearly documented its requirements and expectations regarding the management and oversight (supervision) of contractors and has established responsibilities for managing completion at the business area level. Arrangements (policy, processes and monitoring) for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel and PSPF Policy 14: Separating personnel have been largely established. With regards to PSPF Policy 14, risks have been identified regarding the effectiveness of agency controls for removing separating individuals’ systems access in a timely way.

Supporting findings

Framework for using contractors

15. Services Australia’s guidance provides clarity regarding the different personnel types, including contractors. (See paragraphs 2.3–2.5)

16. In its provision of guidance on determining whether there is an operational requirement for the use of contractors, Services Australia has focused on the largest users of contractors within the agency — its service delivery and ICT areas. Services Australia has developed arrangements to support workforce planning in its service delivery and ICT workforces which include workforce strategies intended to guide decisions on workforce supply, including for the use of contractors. Decisions to use contractors in all parts of Services Australia’s business are guided by the agency’s Average Staffing Level cap and internal budget allocations. (See paragraphs 2.6–2.11)

Arrangements for engaging contractors

17. Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. For the nine contracts for the engagement of contractors reviewed by the ANAO (engaging 30 per cent of the contractor personnel engaged by Services Australia as of 31 October 2021) all contracts: stated that the supplier must ensure that its personnel comply with all procedures and guidelines required by Services Australia; and included references to applicable agency policies, procedures and guidelines. There was some variability in the terms and conditions of the contracts selected for review, with five ICT contracts not including performance standards. An internal audit from August 2020 states that Services Australia has accepted the risks associated with a lack of performance indicators in the ICT contracts. (See paragraphs 3.3–3.14)

18. Services Australia has largely fit-for-purpose arrangements for inducting contractors, with the completion of mandatory training by its non-APS personnel recorded through monthly reporting. The effectiveness of the arrangements is limited due to low completion rates for mandatory induction and refresher training for contractors, and shortcomings in processes to ensure that contractors complete training. Monthly training reports examined by the ANAO showed that of the contractors engaged by the agency as at 28 February 2022, 34.7 per cent had completed the mandatory induction modules — with a further 28.3 per cent of contractors deemed ‘induction compliant’ by Services Australia — and 32.2 per cent had completed the 2022 mandatory refresher program. Services Australia advised the ANAO that as at 30 April 2022, 39.3 per cent of contractors had completed the mandatory induction modules — with a further 27.0 per cent of contractors deemed ‘induction compliant’ — and 48.8 per cent of contractors had completed the 2022 mandatory refresher program. (See paragraphs 3.15–3.35)

19. Services Australia has established policies and processes that support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, except for PSPF Policy 12 Supporting Requirement 1(c), which relates to obtaining individuals’ agreement to comply with the government’s policies, standards, protocols and guidelines that safeguard resources from harm. Services Australia has enacted temporary access provisions in its personnel security policy ‘to enable rapid recruitment to meet the high service demand generated by COVID-19’ and to manage the 2022 east coast flood emergency and other priorities. There is scope for Services Australia to strengthen its assurance activities to ensure that the mandatory requirements of PSPF Policy 12 have been met, particularly when personnel have already been granted temporary access to Australian Government resources (people, information and assets). (See paragraphs 3.38–3.60)

Arrangements for managing contractors

20. Services Australia has clearly documented its requirements and expectations regarding the management and oversight of contractors. Agency requirements and expectations for contract managers are documented in the Accountable Authority Instructions, the Contract Management Framework and in policies, procedures and guidance. Contract managers are required to undertake mandatory training, with training requirements tailored to the overall risk rating of the contract to be managed. Services Australia requires business areas to ensure that appropriate training has been undertaken but has not established arrangements that provide agency-wide assurance that contract managers have completed the mandatory training. (See paragraphs 4.3–4.13)

21. Services Australia has largely established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel. Services Australia has established policies that support the implementation of PSPF Policy 13 for contractors that address all aspects of the core PSPF requirement. All nine contracts examined by the ANAO included clauses requiring ongoing compliance with Services Australia’s security policies and procedures. In addition, guidance has been established for contract managers around assessing and managing the ongoing suitability of contractors and sharing relevant information of security concern, including forms for reporting security incidents. Where contract periods are greater than three years, Services Australia has no agency-wide assurance that its mandatory requirement for triennial eligibility and suitability checks for contractors is being met. Services Australia has identified opportunities to strengthen arrangements to support compliance with PSPF Policy 13. (See paragraphs 4.14–4.20)

22. Services Australia has established arrangements for the separation of contractors to support compliance with PSPF Policy 14: Separating personnel, including relevant policies and processes, however there is scope for implementation to be more effective. In the nine contracts examined by the ANAO, Services Australia included clauses requiring contractors to comply with Services Australia policies and processes that support compliance with PSPF Policy 14. ANAO testing identified risks in the effectiveness of Services Australia’s ICT controls for removing separating individuals’ systems access in a timely way. Services Australia’s monitoring and reporting on compliance with PSPF Policy 14 has identified that there is further work to be done and identified a range of activities to improve compliance around separating personnel, including strengthening the assurance process for the timely removal of separating individuals’ access to agency systems. (See paragraphs 4.21–4.29)

Recommendations

Summary of entity responses

23. Services Australia’s summary response is provided below and its full response is included at Appendix 1. An extract of this report was sent to the APSC. The APSC’s summary response is provided below and its full response is included at Appendix 1.

Services Australia’s summary response

Services Australia (the agency) welcomes this report, and considers that the recommendations will assist in improving our arrangements for the management of contractors. Changes to the agency’s workforce size and composition reflect government priorities, Budget measures, service delivery demands, ongoing efficiencies and natural attrition. In this context, strong agency capability is essential in delivering on government commitments and transforming the organisation. It is positive that the ANAO has found the agency has a fit-for-purpose framework for the use of contractors, particularly in respect to the guidance that is in place for those groups that are the largest users of contractors, service delivery and ICT.

APSC’s summary response

The Australian Public Service Commission (APSC) acknowledges the extract of the Proposed Audit Report on the ‘Effectiveness of the Management of Contractors’ provided for comment.

The APSC recognises the importance of robust workforce planning through implementation of the APS Workforce Strategy 2025. This includes strengthening APS capability, and the strategic use of mixed models of employment, to ensure agencies achieve their outcomes.

Whilst no recommendations are directed toward the APSC, the Commission will consider any relevant findings following the audit’s completion.

24. At Appendix 2, there is a summary of improvements that were observed by the ANAO during the course of the audit.

Key messages and observations

25. This is one of a series of three performance audits undertaken to provide independent assurance to Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. As well as Services Australia, the ANAO has examined the effectiveness of the management of contractors by the Department of Defence¹⁰ and the Department of Veterans’ Affairs.¹¹

26. Chapter 5 of this audit report sets out high-level observations and key messages for all Australian Public Service agencies following the ANAO’s examination of the three selected agencies’ management of contractors. The observations focus on: data availability and transparency issues relating to the contractor workforce; and the application of ethical and personnel security requirements to the contractor workforce.

Introduction

1.1 The Australian Public Service Commission (APSC) has reported that as at 31 December 2021, the Australian Public Service (APS) employed 155,796 people across 97 APS agencies.¹² APS employees are employed under the Public Service Act 1999 (the PS Act), which establishes the APS and is the basis of the regulatory framework applying to it.¹³

1.2 APS agencies can, and do, utilise a mixed workforce of APS and non-APS personnel to deliver their purposes. Non-APS personnel include contractors and consultants. Department of Finance (Finance) guidance indicates that the difference between a contract for services and a contract for consultancy services ‘generally depends on the nature of the services and the level of direction and control over the work that is performed to develop the output.’¹⁴

1.3 In summary, Finance’s guidance states that services performed by a contractor are under the supervision of the entity, which specifies how the work is to be undertaken and has control over the final form of any resulting output. The output of a contractor is produced on behalf of the entity and the output is generally regarded as an entity product. In contrast, performance of consultancy services is left largely up to the discretion and professional expertise of the consultant, performance is without the entity’s direct supervision, and the output reflects the independent views or findings of the consultant. While the output of a consultant is produced for the entity, the output may not belong to the entity. Box 1 below sets out the contract characteristics, identified in Finance guidance, that help entities distinguish between contractors and consultants.

Source: Department of Finance, Contract Characteristics, available from https://www.finance.gov.au/government/procurement/buying-australian-government/contract-characteristics [accessed 20 January 2022].

1.4 Workforce planning and management is the responsibility of each APS agency head. In the APS Workforce Strategy 2025, in respect to the mix between APS and non-APS personnel, the APSC has stated that:

The APS continues to deploy a flexible approach to resourcing that strikes the balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers collaborate to deliver outcomes within agencies.

A mixed workforce approach will continue to be a feature of APS workforce planning. Non-APS workers, when used effectively in appropriate circumstances, can provide significant benefits to agencies and help them achieve their outcomes. Non-APS workers can also provide access to specialist and in-demand skills to supplement the APS workforce in peak times in business cycles. There will be a need for APS agencies to access skills, capability or capacity differently, including through contractors and consultants, or through external partnerships with academia or industry. There may also be a need to engage with industry to develop skills and capabilities to drive delivery of programs across the service. The use of non-APS employees, including labour hire, contractors and consultants, brings different opportunities and risks for APS agencies to manage. Agencies relying on mixed workforce arrangements need to take an integrated approach to workforce planning that includes and best utilises their non-APS workers. This is particularly important where key deliverables are specifically reliant on this non-APS workforce.

Ensuring agencies take a structured approach to the use of non-APS employees—including considering where work would be best delivered by an APS employee—and knowledge transfer and capability uplift arrangements is a key element of successful mixed workforce models, which are already being used by agencies across the APS.

A professional public service harnesses skills, expertise and capacity from a variety of sources to deliver services as priorities arise. We must focus on understanding and removing barriers to external mobility and encouraging the mobilisation of skills from both across and outside the APS.¹⁵

1.5 In addition, the APSC has published guidance relating to the use of contractors in APS Senior Executive Service (SES) roles.¹⁶ In its Guiding principles for agencies when considering the use of SES contractors¹⁷, the APSC states that:

To meet their business needs, agency heads have the flexibility to engage individuals by the most appropriate means to ensure their agency is best placed to deliver for the Australian public. These guiding principles are designed to assist agencies when considering the appropriateness of using a contractor for a Senior Executive Service (SES) equivalent role and to ensure that appropriate governance arrangements are in place.

…

For the purposes of these principles, an ‘SES contractor’ is an SES-equivalent (e.g. equivalent work value, duties, responsibility, and accountability), contracted by an APS agency via a recruitment agency or third party as an integrated part of the agency’s senior leadership workforce. That is, the agency will have no direct employment relationship under the PS Act with the SES contractor.

1.6 The APSC has stated that the purpose of the principles is ‘to provide APS agencies with considerations when seeking to go beyond the APS employment framework for senior executive capabilities’.¹⁸ Box 2 below sets out the considerations identified in the APSC guidance.

Source: Australian Public Service Commission, Guiding principles for agencies when considering the use of SES contractors, 14 May 2021, paragraphs 5–7, available from https://www.apsc.gov.au/working-aps/aps-employees-and-managers/senior-executive-service-ses/senior-executive-service-ses/contractors-senior-executive-service [accessed 3 December 2021].

1.7 The APSC guidance states that the APSC will collect data on SES contractors, and that for the purposes of reporting, an SES contractor is a person undertaking SES equivalent work who is not engaged under the PS Act or an agency’s enabling legislation.¹⁹ As at 8 March 2022 the APSC had not published data on SES contractors. The APSC advised the ANAO on 3 March 2022 that there were 40 SES contractors in the APS as at 31 October 2021.

1.8 The APSC has not issued guiding principles for the use of non-SES contractors in APS agencies.²⁰

1.9 The APSC and Finance guidance may be supplemented at the entity-level by internal guidance on the different personnel types and how to decide whether there is an operational requirement for the use of non-APS personnel such as contractors.

1.10 The engagement and management of non-APS personnel occurs through procurement action by entities and their contract management processes, rather than the PS Act. The Commonwealth Procurement Rules (CPRs) establish the whole-of-government procurement framework, including mandatory rules with which officials must comply when performing duties related to procurement. Entity-specific procurement and contract management arrangements may also be contained in Accountable Authority Instructions (AAIs) made under section 20A of the Public Governance, Performance and Accountability Act 2013 (the PGPA Act, which is the basis of the Australian Government’s finance law) and in entity policies and guidelines. Contract managers must implement applicable internal requirements and the CPRs and associated requirements set by the Department of Finance. Non-APS personnel must comply with their contractual obligations and any applicable management, oversight and behavioural requirements.

1.11 Non-APS personnel may be ‘officials’ under section 13 of the PGPA Act, in which case they must comply with the finance law in addition to their contractual obligations and applicable entity requirements.²¹ The finance law includes the PGPA Act, the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), entity AAIs, and other legal and policy frameworks — including the whole-of-government procurement, grants, advertising and risk management frameworks. All personnel exercising delegated power under the PGPA Act or other legislation must also comply with the requirements attaching to those delegations.

1.12 Entities’ management of their non-APS personnel is subject to the Protective Security Policy Framework (PSPF), which sets out government protective security policy across the following outcomes: security governance, information security, physical security and personnel security.²² The PSPF policies under the ‘personnel security’ outcome outline how to screen and vet personnel and contractors to assess their eligibility and suitability. They also cover how to assess the ongoing suitability of entity personnel to access government resources and how to manage personnel separation.²³ Entity compliance with the three personnel security policies under the PSPF ‘ensures its employees and contractors are suitable to access Australian Government resources, and meet an appropriate standard of integrity and honesty’.²⁴ The policies and their core requirements are outlined in Figure 1.1 below.

Figure 1.1: PSPF personnel security policies and core requirements

Source: Protective Policy Security Framework, Personnel security, available from https://www.protectivesecurity.gov.au/policies/personnel-security [accessed 3 December 2021].

1.13 Under the PSPF, all agencies must develop their own protective security policies and processes. Services Australia publishes its security policies and procedures on its intranet.

Reviews and inquiries into the APS’s use of contractors

2015 report of the Independent Review of Whole-of-Government Internal Regulation

1.14 The 2015 Independent Review of Whole-of-Government Internal Regulation (the Belcher Review)²⁵ observed the impact of a number of APS legislative and reporting requirements²⁶, which the review considered to have:

created a recruiting environment where entities tend to engage staff through a particular employment category that may not align with their business needs. For example: … contractors hired individually, or through firms, are excluded from ASL [average staffing level] and headcount reporting. While a valid engagement option, it may present longer term issues regarding organisational capacity and knowledge management, and may be a more expensive option in the longer run.²⁷

1.15 Box 3 below contains an excerpt from a Parliamentary Library research paper on public sector staffing and resourcing, which addresses the ASL concept and related issues.²⁸

Note a: ANAO comment: the APSC has stated that ‘ASL counts staff for the time they work. For example, a full-time employee is counted as one ASL, while a part time employee who works three full days per week contributes 0.6 of an ASL. The ASL averages staffing over an annual period. It is not a point in time calculation.’ See Appendix 3 of this audit.

Source: Philip Hamilton, Public sector staffing and resourcing (Staffing, contractors and consultancies), Parliamentary Library Research Publications, October 2020, available from: https://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/rp/BudgetReview202021/PublicSectorStaffingResourcing [accessed 27 January 2022].

2019 report of the Independent Review of the APS

1.16 The 2019 Our Public Service, Our Future: Independent Review of the Australian Public Service (the Thodey Review) also considered the non-APS workforce.²⁹ The Thodey Review commented that:

Labour contractors and consultants are increasingly being used to perform work that has previously been core in-house capability, such as program management. Over the past five years, spending on contractors and consultants has significantly increased while spending on APS employee expenses has remained steady.³⁰

1.17 The Thodey Review published data (see Figure 1.2 below) based on submissions to the Joint Committee of Public Accounts and Audit (JCPAA) Inquiry into Australian Government Contract Reporting – Inquiry based on Auditor-General’s report No. 19 (2017–18).³¹ The Thodey Review stated that submissions to the JCPAA inquiry ‘revealed that [the] spend on contractors more than doubled across a sample of 24 agencies between 2012–13 and 2016–17.’³²

Figure 1.2: Thodey Review — percentage change in spend on employees, labour contractors and consultancy contract notices

Source: Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service, p. 186.

1.18 The Thodey Review further observed that:

The use of labour contractors and consultancy services warrants specific discussion. About a quarter of the submissions [to the review] commented on their use. Most expressed concern about the growing size of the APS’s external workforce and the negative effect on in-house capability. Data on this topic, as is the case with many APS-wide workforce matters, are not gathered or analysed centrally and are often inadequate. For example, the number of contractors and consultants working for the APS is not counted and data on expenditure are inconsistently collected across the service. Data insights that would shed light on whether contractors or consultants met objectives are not routinely aggregated. This makes it difficult to assess the value of external providers relative to in-house employees or to infer the effect on APS capability.³³

…

There is clearly benefit in the APS leveraging the best external capability. It is not possible to have expertise in everything in-house and external providers can be the most efficient way of delivering the best advice, services or support. But the use of external capability needs to be strategic and well-informed, meaning that the APS:

• makes decisions on the use of external capability by reference to a whole-of-service workforce strategy that identifies the core capabilities the APS should invest in building in-house – with external capability used to perform non-core or variable work activity;
• manages use of external capability closely, from the contract design stage through to performance of the prescribed tasks; and
• ensures that all arrangements lead to a transfer of knowledge to the APS.

At all stages the APS should be focused on achieving value for money and better outcomes.

The APS needs to find the right balance between retaining and developing core in-house capability and leveraging external capability to ensure a sustainable and efficient operating model for the decades ahead. To do this effectively, two traditionally autonomous parts of agencies — HR and procurement — must work closely together.³⁴

October 2021 second interim report of the Senate Select Committee on Job Security

1.19 In October 2021, the Senate Select Committee on Job Security released its second interim report, Insecurity in publicly-funded jobs.³⁵ The report examined employment arrangements across the public sector. Drawing on the Thodey Review and JCPAA inquiry, the committee stated that:

the utilisation of labour contractors and consultants has increased markedly in recent years. Across a sample of 24 agencies, spending on contractors has more than doubled over the period between 2012–13 and 2016–17. Furthermore, information sourced from AusTender indicated that the total value of consultant contracts across the APS increased from $386 million to $545 million during the same four year period.³⁶

1.20 In common with the Thodey Review³⁷, the committee was critical of data collection relating to the non-APS workforce:

Neither the Australian Public Service Commission (APSC), nor the Department of Finance, was able to confirm how many people engaged through labour hire or other external contracting arrangements are working within the Australian Public Service. This data is not collected, and neither agency provided an explanation for why this is the case.³⁸

1.21 The committee made the following recommendation on this matter:

The committee recommends that the Australian Government requires:

• the Australian Public Service Commission to collect and publish agency and service-wide data on the Government’s utilisation of contractors, consultants, and labour hire workers;
• the Department of Finance to regularly collect and publish service-wide expenditure data on contractors, consultants, and labour hire workers, including the cost differential between direct employment and external employment; and
• labour-hire firms to disclose disaggregated pay rates and employee conditions.³⁹

November 2021 report on the Senate Finance and Public Administration References Committee Inquiry into the Current Capability of the APS

1.22 In November 2021 the Senate Finance and Public Administration References Committee reported on its Inquiry into the Current Capability of the Australian Public Service.⁴⁰ The matter referred to the committee for inquiry and report was as follows⁴¹:

The current capability of the Australian Public Service (APS) with particular reference to:

(a) the APS’ digital and data capability, including co-ordination, infrastructure and workforce;

(b) whether APS transformation and modernisation projects initiated since the 2014 Budget have achieved their objectives;

(c) the APS workforce; and

(d) any other related matters.

1.23 The committee drew on data in the Thodey Review⁴² and JCPAA inquiry⁴³, and in an effort to ascertain the scale of labour hire usage across the APS⁴⁴, requested staffing profile information from agencies across all portfolios.⁴⁵ The committee observed that:

The responses received indicated that agencies had differing methods of collecting data, and that many agencies did not collect data that allowed them to disaggregate the numbers of labour hire workers from other contractors.

For example, some agencies advised that their recordkeeping systems did not or could not differentiate between contractors directly procured by the agency (e.g. independent contractors), and workers procured through labour hire firms.⁴⁶

1.24 The committee made 13 recommendations, including the following recommendations on data collection and reporting:

• the annual employee census conducted by the APSC ahead of the State of the Service report be expanded to include all labour hire staff who have been engaged on behalf of the APS in that calendar year (recommendation 5);
• the APSC collect and publish standardised agency and service-wide data on the Australian Government’s utilisation of contractors, consultants, and labour hire workers (recommendation 6); and
• the Department of Finance regularly collect and publish annually service-wide expenditure data on contractors, consultants, and labour hire workers, including the cost differential between direct employment and external employment for each role (recommendation 8).

Services Australia’s workforce

1.25 Services Australia is an Executive Agency established under subsection 65(1) of the Public Service Act 1999.⁴⁷ In its 2020–21 annual report, Services Australia states that it:

designs, develops, delivers, coordinates and monitors government services and payments relating to social security, child support, students, families, aged care and health programs. We provide advice to government on the delivery of these services and payments, and collaborate with other agencies, providers and businesses to provide convenient, accessible and efficient services to individuals, families and communities.⁴⁸

1.26 Among the agency’s key functions are the delivery of Centrelink social security payments and services, the administration of Medicare, and assistance with child support arrangements between separated parents. To deliver its key activities, Services Australia has an approved workforce allocation for APS resources in the Portfolio Budget Statements (PBS). The actual APS workforce is reported in Services Australia’s annual report each year. Table 1.1 below sets out Services Australia’s workforce allocation and utilisation over three years.

Table 1.1: Services Australia’s budgeted and actual APS workforce

Note a: Budget Estimate data is sourced from Services Australia’s Portfolio Budget Statements (PBS). Services Australia defines these figures as ‘The average number of employees receiving salary/wages (or compensation in lieu of salary/wages) over a financial year, with adjustments for casual and part-time employees to show the full-time equivalent.’

Note b: Actual workforce data is sourced from Services Australia’s annual reports, reported as FTE (over the financial year). This differs from the figures in Table 1.2 which are reported by headcount.

Source: Services Australia Portfolio Budget Statements and annual reports 2018–19, 2019–20 and 2020–21.

1.27 Services Australia’s 2019–23 Strategic Workforce Plan identifies that determining an appropriate workforce mix (including the non-APS workforce) is an important element of maintaining a flexible, capable and connected workforce across the country to deliver its outcomes. In addition to its APS workforce, Services Australia has defined 11 types (cohorts) of contingent workforce. These are: student placement; system access only; contractor; labour hire; consultant; interpreter; service staff; outsourced (staff); APS secondee; non-APS secondee; and partner.

1.28 Box 4 below sets out the workforce definitions used by Services Australia that have the characteristics of a ‘contractor’ discussed in paragraphs 1.2–1.3 and Box 1.

Source: Services Australia, Contingent workforce resources definitions intranet page, 16 July 2020. Services Australia’s definition of a consultant is ‘A party whose services under the contract meet the Department of Finance’s criteria for a consultancy’.

1.29 This audit has focused on Services Australia’s workforce resources engaged as ‘contractors’ and ‘labour hire’. Service’s Australia’s definitions in Box 4 state that these persons are supplied ‘to do work in and as part of the operations of the agency’.⁴⁹ In contrast, for ‘service staff’ and ‘outsourced’ staff, Services Australia’s definitions state that the agency does not direct the performance of the persons supplied under the contract and the agency has limited control over who or how many persons are provided to deliver the services. Contractors and labour hire personnel perform work in all parts of the operations of the agency and Services Australia maintains responsibility for performance.⁵⁰

Contractor numbers in Services Australia

1.30 Table 1.2 below sets out Services Australia’s APS and contingent workforce headcounts over three years. It includes the agency’s contractor workforce headcount as advised to the Senate Finance and Public Administration References Committee in the context of the committee’s Inquiry into the Current Capability of the APS (discussed in paragraphs 1.22–1.24).

Table 1.2: Services Australia’s workforce headcount

Note a: Services Australia annual reports 2018–19, 2019–20 and 2020–21.

Note b: See definitions in Box 4. The contractor headcount is the number of individuals categorised as ‘labour hire’ or ‘contractor’ in Services Australia’s ‘Contingent Workforce’ report. The ‘Contingent Workforce’ report is extracted from Services Australia’s Human Resource management system. The report identifies individuals that are not engaged by Services Australia as APS employees who have access to Services Australia’s systems.

Note c: As acknowledged in Box 4, non-APS consultants were included in the ‘outsourced staff’ personnel type up to 31 March 2021 and due to the qualifications over these figures, they have not been included in the table.

Note d: Other contingent workforce headcount is the number of individuals categorised as ‘outsourced staff’ or ‘service staff’ in Services Australia’s ‘Contingent Workforce’ report. Services Australia advised the ANAO in June 2022 that ‘Consistent with the definitions in Box 4, outsourced staff and service staff are not reported as headcount, this is because these contracts for this personnel type are a fee-for-service arrangement, whereby they provide for workload seconds and do not translate directly to headcount as this is not specified in the arrangements. The Service Delivery Partners that provide outsourced staff, determine the workforce number required to meet the pre-determined workload.’

Note e: As noted in paragraph 1.27, Services Australia has 11 types (cohorts) of contingent workforce. The contingent workforce figure in this table includes five of these cohorts: contractor, labour hire, consultant, service staff, and outsourced (staff).

Source: Services Australia annual reports 2018–19 and 2019–20 and Services Australia records and advice to ANAO.

1.31 Further information on the characteristics of Services Australia’s 4269 contractor personnel as at 30 June 2021 is at Appendix 4, including the organisational group they worked in and their length of service.

Previous audits and reports

1.32 Agencies’ management of their contracted workforce is considered when necessary in the conduct of ANAO audit and assurance work. Examples of ANAO performance audits which have considered the management of a contracted workforce include:

• Auditor-General Report No.2 2017–18 Defence’s Management of Materiel Sustainment⁵¹;
• Auditor-General Report No.38 2017–18 Mitigating Insider Threats through Personnel Security⁵²;
• Auditor-General Report No.28 2018–19 Management of Smart Centre’s Centrelink Telephone Services — Follow-up⁵³;
• Auditor-General Report No.1 2021–22 Defence’s Administration of Enabling Services — Enterprise Resource Planning Program: Tranche 1⁵⁴;
• Auditor-General Report No.4 2021–22 Defence’s Contract Administration — Defence Industry Security Program55; and
• Auditor-General Report No.6 2021–22 Management of the Civil Maritime Surveillance Services Contract.⁵⁶

1.33 The ANAO has prepared two information reports on procurement activity in the Australian public sector, which have included publicly available information on consultants:

• Auditor-General Report No.19 2017–18 Australian Government Procurement Contract Reporting; and
• Auditor-General Report No.27 2019–20 Australian Government Procurement Contract Reporting Update.

1.34 These information reports presented publicly available data from public sector procurement activity in a number of ways.⁵⁷ The publicly available data includes entity reporting on contracts relating to consultancies, including consultancy contract value.

Rationale for undertaking the audit

1.35 The APS workforce strategy states that the APS will continue to deploy a flexible approach to resourcing that strikes a balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers are used to deliver outcomes within agencies. In this context, the strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS employees. The approach adopted by the APS and its agencies has been the subject of ongoing parliamentary interest, with a number of reviews and parliamentary committee inquiries undertaken in recent years, discussed above at paragraphs 1.14–1.24.

1.36 This audit is one of a series of three performance audits undertaken to provide independent assurance to the Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. Services Australia was selected as one of the APS agencies in this audit series as it is a large and regular user of non-APS personnel. The other audits in this series review the management of contractors by the Department of Defence and the Department of Veterans’ Affairs.

Audit objective, criteria and scope

1.37 The objective of the audit was to examine the effectiveness of Services Australia’s arrangements for the management of contractors.

1.38 To form a conclusion against the audit objective, the following high-level criteria were adopted.

• Has Services Australia established a fit-for-purpose framework for the use of contractors?
• Does Services Australia have fit-for-purpose arrangements for the engagement of contractors?
• Has Services Australia established fit-for-purpose arrangements for the management of contractors?

1.39 The audit examined Services Australia’s framework of policies, plans, processes and guidance that apply to its use, engagement and day-to-day management of contractors.

1.40 The audit did not examine:

• the specific procurement arrangements through which particular contractors are engaged, or the assessment of the value-for-money aspect of specific decisions to engage such personnel instead of APS personnel;
• performance management in terms of specific contracted deliverables as this is part of the management of a contract; or
• the vetting process for contractors undertaken by the Australian Government Security Vetting Agency (AGSVA).

Audit methodology

1.41 Audit procedures included discussions with relevant Services Australia personnel and an examination of the following Services Australia documentation.

• Plans, forecasts and management decisions about Services Australia’s workforce use.
• Guidance available to assist officials’ decision making on whether to engage a contractor instead of an APS resource, including the information to be provided to delegates regarding such choices.
• Nine contracts, used to engage 30 per cent of the contractors engaged in the agency as at 31 October 2021.⁵⁸ These contracts were examined to establish whether they included clauses to require contracted personnel to comply with Services Australia’s policies and procedures, undertake training, and to meet performance standards. The contracts were identified in two stages. Four contracts were identified as bulk labour hire contracts for service delivery personnel, based on management representations from Services Australia. Five contracts were identified as the top five contracts by number of personnel engaged for Service’s Australia’s ICT workforce.
• Mandatory training requirements, procedures and completion reports for induction.
• Policies, procedures and reporting that supports Services Australia’s compliance with PSPF policies 12–14 that relate to the onboarding, ongoing management (including where staff move within the entity) and offboarding of contracted staff.
• Management reports as evidence of the application of Services Australia’s framework for the management of contractors.

1.42 The audit was open to contributions from the public. The ANAO received and considered one submission.

1.43 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $318,474.

1.44 The team members for this audit were Natalie Whiteley, Kim Murray, Hugh Balgarnie and Sally Ramsey.

2.1 As discussed in paragraph 1.4, the APS Workforce Strategy 2025 released by the Australian Public Service Commission (APSC), identifies that an important element of successful mixed workforce models is a ‘structured approach to the use of non-APS employees’, which includes Australian Public Service (APS) agencies ‘considering where work would be best delivered by an APS employee’. The strategy also states that:

The use of non-APS employees, including labour hire, contractors and consultants, brings different opportunities and risks for APS agencies to manage. Agencies relying on mixed workforce arrangements need to take an integrated approach to workforce planning that includes and best utilises their non-APS workers. This is particularly important where key deliverables are specifically reliant on this non-APS workforce.⁵⁹

2.2 This chapter considers the framework established by Services Australia to guide decisions to use contractors. The ANAO examined whether guidance had been developed and issued by Services Australia, that:

• provided clarity about the different personnel types that are utilised as Services Australia’s external workforce, including the definition of ‘contractor’, so the most appropriate option is selected for a particular role; and
• assisted officials to determine whether there is an operational requirement for the use of contractors to support the efficient and effective use of resources.

Does Services Australia’s guidance provide clarity regarding the different personnel types, including contractors?

2.3 Services Australia has provided internal guidance regarding the different personnel types. This guidance is accessible on Services Australia’s intranet, on a dedicated webpage, and includes the definitions for the 11 types of contingent workforce resources utilised by the agency. These are: student placement; system access only; contractor; labour hire; consultant; interpreter; service staff; outsourced (staff); APS secondee; non-APS secondee; and partner.

2.4 Services Australia’s ‘Contingent workforce resources definitions’ intranet page defines the ‘contractor’ and ‘labour hire’ personnel types as follows:

Contractor

A person is a contractor if:

• the person has been supplied to the agency by the person’s own company or another company to do work in and as part of the operations of the agency
• the person is supplied to the agency pursuant to a contract
• the contract specifies the person will supply their labour.

Excludes persons supplied through a labour-hire company or the labour- hire panel.

Labour hire

A person is a labour hire worker if:

• the person has been supplied to the agency by a labour hire company, via a labour hire panel, to do work in and as part of the operations of the agency
• the person has been supplied to the agency pursuant to a contract
• the contract specifies the person will supply their labour.

2.5 As noted in paragraph 1.29, this audit has focused on Services Australia’s workforce resources engaged as contractors and labour hire, and refers to these collectively as ‘contractors’.

Does Services Australia provide guidance on determining whether there is an operational requirement for the use of contractors?

2.6 Services Australia’s Strategic Workforce Plan (2019–2023) recognises its non-APS workforce as part of its workforce mix. The workforce plan identifies that determining an appropriate workforce mix (including contractors) is an important element of maintaining a flexible, capable, and connected workforce across the country to deliver its outcomes.

2.7 An October 2021 brief to Services Australia’s Chief Operating Officer states that:

Work is underway to understand the optimal combination of workforce supply types to meet the capacity, capability and affordability requirements of the Agency. This work includes comparing costs of different workforce supply types, identifying and planning for benefits to be realised through transformation initiatives, and our workforce affordability in the short and medium term. Different combinations of supply types impact differently on capacity, capability, and budget⁶⁰

2.8 To support the delivery of its Strategic Workforce Plan, during 2020 and 2021 Services Australia developed organisational arrangements to support workforce planning for service delivery⁶¹ and for elements of its ICT workforces. These areas are the largest users of contractors within the agency. Services Australia has reported that 3716 (87 per cent) of the 4269 contractors it engaged as at 30 June 2021⁶² were engaged in either the Technology Services Group (2289 personnel) or in service delivery (1427 personnel).⁶³

Organisational arrangements to support workforce planning

2.9 The arrangements developed by Services Australia to support workforce planning in its service delivery and ICT workforces include workforce strategies intended to guide decisions on workforce supply, including for the use of contractors. These arrangements are discussed in Box 5 (the service delivery workforce) and Box 6 (the ICT workforce).

Note a: The committee provides advice to Services Australia’s Executive Committee on matters related to enterprise-wide risks, issues and operations to ensure effective day-to-day running of the agency.

Note b: Services Australia describes Tier 1 functions as basic support and processing, where services are a short single interaction such as self-service advice or processing a simple claim (for example, proof of identify or residential address updates). Services Australia describes Tier 2 functions as mid-level query/claim, where specialised support is provided to customers that need it, and customers receive advice from customer cohort teams. This might include services that require follow up (for example, additional income information) or extended interactions such as a multiple process service (for example, applying for payments and services to help with the cost of raising a child).

Note c: Services Australia advised the ANAO in March 2022 that ‘during emergency responses such as COVID-19 and natural disasters, the agency makes decisions about which core functions can be paused or slowed whilst the associated staff deliver essential services to the Australian community. Staff who undertake data analysis functions have been diverted to critical surge priorities, and workforce mix-related analysis is recommenced as surge requirements are reduced’.

Source: ANAO analysis of Services Australia documentation.

Source: ANAO analysis of Services Australia documentation.

2.10 In January 2022, Services Australia informed the ANAO that similar work to develop workforce strategies has not been done in the remaining Services Australia groups because of the smaller non-APS footprint in those groups. Services Australia further informed the ANAO that its refresh of Services Australia’s current Strategic Workforce Plan, planned for later in 2022, will consider whether similar approaches could be applied across the agency.

2.11 Services Australia advised the ANAO in November 2021 that decisions to engage contractors are made within the context of the agency’s: Average Staffing Level (ASL) cap; and internal budget allocations to operational areas, that can be used to purchase, among other things, the services of contractors/labour hire.

3.1 Services Australia’s contracting templates, induction arrangements and arrangements to support compliance with Protective Security Policy Framework (PSPF) Policy 12: Eligibility and suitability of personnel are the primary mechanisms through which the agency ensures that contractors are obliged to comply with Services Australia’s policies and Commonwealth legislation, understand these obligations, and are suitable to access Services Australia’s information.

3.2 This chapter considers the arrangements established by Services Australia for engaging contractors. To form a view on the fitness-for-purpose of Services Australia’s arrangements for engaging contractors, the ANAO examined a sample of contracts that Services Australia has used to engage contractors. Well-designed contracts and clauses help operationalise requirements and assist officials to consistently apply them at the point of engagement. They also document the expectations placed on contractors and provide a basis for managing non-compliance. Nine contracts (engaging 30 per cent of the contractors engaged in the agency as at 31 October 2021) were reviewed to establish whether they included clauses requiring the contracted personnel to meet performance standards and to comply with Services Australia’s policies and Commonwealth legislation. In addition, the ANAO examined:

• the induction arrangements established to help contractors understand what their responsibilities are and how to meet their obligations when working for Services Australia; and
• the policies and processes in place to ensure that the eligibility and suitability of contractors to access Australian Government resources has been established at engagement as required by PSPF Policy 12: Eligibility and suitability of personnel.⁶⁴ Monitoring and reporting on compliance with the policy was also examined.

Does Services Australia have a contracting suite that is tailored for the use of contractors?

3.3 The engagement of a contractor is a procurement process and requires the establishment of a contract between Services Australia and the contractor or the contractor’s employer. Services Australia has established centrally managed processes for preparing contracts, including when it engages contractors. Services Australia undertakes the following process for drafting contracts for contractor personnel.

• The relevant business area raises a new request or variation in the relevant online purchasing and procurement system.
• The Procurement Partnering team (non-ICT procurement) or Technology Sourcing Branch (ICT procurement) reviews the request and supporting documentation and creates the work order or variation.
• The work order or variation and supporting documentation is provided to the business area for approval by the delegate.

3.4 Services Australia’s procurement policy is set out in its Accountable Authority Instructions (AAIs). The AAIs and procurement, contract and contract management policies and procedures, and contacts for assistance are available on its intranet.

3.5 As discussed in paragraph 1.29, contractors are engaged by Services Australia ‘to do work in and as part of the operations of the agency’, that is, to work in roles usually subject to the Australian Public Service (APS) Code of Conduct and APS Values. Services Australia has set out, in internal policies, the behavioural requirements and expectations that contractors are expected to meet when working with the agency. These policies include: security; privacy; fraud; workplace health and safety; and conduct and behaviour.

3.6 The ANAO chose to examine the largest (by personnel number) contracts that Services Australia uses to engage personnel as contractors in its service delivery workforce⁶⁵ and ICT workforce, to determine whether the contracts included clauses that require the contracted personnel to comply with Services Australia’s policies and procedures, and to meet performance standards.

3.7 The ANAO chose to examine contracts within Services Australia’s service delivery workforce and ICT workforce because these workforces were the two largest users of contractors within Services Australia, based on the contractor data provided by Services Australia to the ANAO. Collectively they engaged 3716 (87 per cent) of the 4269 contractors engaged by the agency as at 30 June 2021.⁶⁶

3.8 The ANAO selected nine contracts for review, comprising four service delivery contracts and five ICT contracts (Table 3.1 below).⁶⁷ The selected contracts covered 1508 (30 per cent) of the 5032 contractor personnel in the agency as at 31 October 2021.

Table 3.1: Nine Services Australia contracts for the engagement of contractors examined by the ANAO

Note a: Contract value as reported on AusTender at 16 February 2022.

Note b: The two Chandler Macleod contracts cover the provision of contractors for different job profiles.

Note c: The two Modis contracts cover the provision of different specified personnel.

Source: ANAO analysis of Services Australia documents.

Analysis of selected contracts

3.9 All nine contracts examined by the ANAO included a requirement for the supplier to ensure that its personnel comply with all procedures and guidelines required by Services Australia.

3.10 The four service delivery contracts state that Services Australia will make the listed policies, procedures and guidelines accessible to personnel on the intranet during the contract term, noting that Services Australia may add or amend such policies, procedures and guidelines. Further, these contracts state that it is the responsibility of contractor personnel to keep abreast of changes made to Services Australia’s policies, procedures and guidelines.⁶⁸

3.11 The five ICT contracts include references to applicable policies, procedures, and guidelines including ‘those policies, procedures, and guidelines published on’ Services Australia’s intranet. These contracts also require the suppliers to ensure that the personnel supplied to Services Australia under the contract comply with these procedures and guidelines, and that the personnel uphold the values and behave in a manner that is consistent with the APS Values and APS Code of Conduct, as applicable to their work in connection with the contract.

3.12 The four services delivery contracts require the Labour Hire Supplier to ensure that their contractor personnel meet Services Australia’s core performance standards⁶⁹ that apply to APS staff performing these roles, or meet performance standards as defined in the contract. The five ICT contracts do not contain any performance standards or indicators for the work to be performed under the contract. In March 2022, Services Australia advised the ANAO that:

The management of an ICT contractor’s performance is the responsibility of their line manager, performed according to the Agency’s Guide for Managers: Labour Hire, page 8 ‘Managing labour hire behaviours and performance’. Contract performance actions, including termination of a contractor’s engagement, are undertaken when line managers notify Technology Sourcing of a performance issue with an ICT contractor. Performance reviews are conducted by the business area prior to the exercise of any extension option.

Managers and team leaders are responsible for identifying any behavioural or performance issues with the contractor that do not align with performance expectations and service standards. Individual contractor performance is assessed against the specified role and level listed in the work order, using the Service Australia job statements for the role/level as the performance measures. The contractor must follow the directions and instructions of the supervisor in the performance of the duties. The supervisor manages this performance, including approval of timesheets. It is expected that a manager or team leader will have direct conversations with a contractor regarding any performance issues (for example, instances of inappropriate language, dress, cultural insensitivity, or being out of adherence for scheduled activities).

3.13 An August 2020 internal audit report into Services Australia’s management of ICT contractors identified a lack of performance measures in the Technology Services Group’s contracts examined as part of that audit. The audit finding stated that:

A lack of clear up-front performance requirements included in contracts (in the form of KPIs, or other outcomes) creates a risk that the department will be less able to achieve and demonstrate value-for-money in contract delivery.

3.14 In response to the internal audit finding, the Senior Responsible Officer within Technology Services Group accepted the risks associated with a lack of performance requirements in contracts and noted that the:

current process is for the most part aligned with HR policy and work level standards and is able to demonstrate value-for-money has been achieved.

Does Services Australia have fit-for-purpose arrangements for inducting contractors?

3.15 The induction process for contractors engaged in Services Australia is outlined in the agency’s targeted guidance for ‘Engaging Contractors and Labour Hire Staff’. This includes:

• a mandatory induction program that includes online training modules on the agency’s value and culture, work health and safety, security, privacy and fraud awareness; and
• a mandatory refresher program to be completed every two years.

3.16 Services Australia’s intranet includes guidance on the Mandatory Induction Program. The intranet page states that:

The Mandatory Induction Program:

• is mandatory for all new staff who have access to our sites or systems
• is designed to be self-directed, with manager support to reinforce key learning
• should be completed within the first week of commencement
• can also be used as a refresher for staff returning from long term leave.

3.17 The intranet page advises that:

The [mandatory induction] program must be completed by all new staff to the agency. This includes ongoing, non-ongoing and irregular and intermittent (casual) employees, and labour hire and contractor staff.

3.18 All staff in Services Australia (APS and non-APS) are also required to complete the Mandatory Refresher Program. The program was launched in 2019–20 and the next iteration of the program was released in February 2022.⁷⁰

3.19 Completion of the online mandatory induction and mandatory refresher programs is monitored through the agency’s Learning Management System.

3.20 Services Australia advised the ANAO in March 2022 of the induction requirements for contractors who are engaged with the agency:

All contractors are required to undertake the full Induction program on their first commencement with Services Australia.

If a contractor leaves us and then is re-engaged, their manager may require them to re-do the Induction Program, depending on how long they have been away from the organisation. However there is no specific policy around this.

Contractors returning to the organisation would also be doing the next Mandatory Refresher Program as appropriate as well, covering many of the Induction Program’s key messages.

3.21 All nine contracts examined by the ANAO (listed in Table 3.1 above), include clauses that require contracted personnel to undertake mandatory induction training, though the specificity of those clauses differed between the nine contracts.

3.22 In addition to mandatory induction training, Services Australia’s guide for managers on labour hire outlines additional training requirements that may be required:

Each business area of Services Australia that engages LH [Labour Hire] staff will need to determine any additional technical training requirements of these staff.⁷¹ Business areas are responsible for providing this training, in consultation with Services Australia’s learning and development team.

…

The LH providers may be responsible for delivery of non-technical training to their LH staff where contractually required. This may be delivered using training packages provided by Services Australia. Some of these products could relate to service delivery skills, values and behaviour, and managing aggressive behaviours.

Attendance at non-technical training will be monitored and reported to Services Australia by the LH provider. The LH provider may be contractually required to ensure that non-technical training is completed prior to the commencement of technical training.

Mandatory induction and refresher programs

3.23 The ANAO reviewed the content of the agency’s mandatory induction and mandatory refresher programs to assess the extent to which expected behaviours and standards from relevant Services Australia policies were covered by the training. The ANAO compared the content in the mandatory induction and refresher programs against the mandatory policies applicable to contractors. The results of the ANAO analysis are summarised below in Table 3.2.

Monitoring completion of mandatory induction requirements by contractors

3.24 Services Australia’s guidance states that:

All staff have a responsibility to complete the [mandatory induction] program, however it is the manager/supervisor’s responsibility to ensure that their staff member knows how to access the program and that it is completed.

3.25 Services Australia produces a standard monthly learning report on online training completed by its personnel (including APS and non-APS personnel). In addition, Services Australia’s policy states that:

Reports for the mandatory refresher program are sent out monthly and cascaded to Divisions and Branches. The report includes a staff listing of who has and has not completed the MRP [Mandatory Refresher Program].

3.26 Table 3.3 (below) illustrates, for the 4944 contractors in Services Australia’s workforce as at 28 February 2022:

• the number and percentage of contractors who completed all five modules of the mandatory induction program; and
• the number and percentage of contractors who completed the two 2019–2021 mandatory refresher program modules, and the 2022 Mandatory Refresher Program.

Table 3.3: Completion and compliance rates for induction and mandatory refresher training for the 4944 contractors in Services Australia’s workforce as at 28 February 2022

Note a: Contractors who had completed all of the five Mandatory Induction Program Modules listed in Table 3.2: Our Values, Work Health and Safety, Security, Privacy and Fraud.

Source: ANAO analysis of Services Australia data.

3.27 As illustrated in Table 3.3, of the 4944 contractors in Services Australia’s workforce as at 28 February 2022, around a third had completed the mandatory induction program and the 2022 mandatory refresher program (34.7 per cent and 32.2 per cent respectively). Just over half had completed the 2019–2021 mandatory refresher program modules 1 and 2 (58.5 per cent and 57.6 per cent respectively).

3.28 In addition to the 1716 contractors (34.7 per cent) who completed all the mandatory induction program modules, Services Australia deemed that another 1397 contractors (28.3 per cent of the 4944 contractors in Services Australia’s workforce as at 28 February 2022) were ‘induction compliant’. Services Australia advised the ANAO in April 2022 that these contractors were deemed to be induction compliant without having to complete the induction training. On this basis, a total of 3113 contractors (62.9 per cent) had met induction training requirements. Services Australia was unable to provide evidence of the decisions that contractors were deemed to be compliant with mandatory induction training without having completed the Mandatory Induction Program or Mandatory Refresher Program. Services Australia advised the ANAO in June 2022 that it had ‘updated internal processes by introducing a decision register for recording of such decisions’.

3.29 Services Australia further advised the ANAO that for the 4851 contractors in the agency’s workforce as at 30 April 2022:

• 3213 (39.3 per cent) had completed the mandatory induction program (with a further 27.0 per cent deemed to be ‘induction compliant’); and
• 2365 (48.8 per cent) had completed the mandatory refresher program.

Services Australia’s internal audit report on Blended Workforce Management

3.30 Services Australia’s June 2021 internal audit report on Blended Workforce Management identified a lack of clarity in responsibility for ensuring that staff complete mandatory training:

Managers are responsible for ensuring that individuals within their business area have completed mandatory training requirements, however, there can be a lack of clarity regarding who is responsible where the agency staff on-boarding personnel is different to the Manager providing day-to-day oversight.

3.31 The internal audit report also found that:

automated notifications are not provided for contractors, including to alert them to requirements to complete on-boarding training and mandatory refresher programs. Consequently, there is a reliance on agency personnel often involved in the on-boarding process to make contractors aware of training requirements and follow-up completion.

3.32 Services Australia’s Audit and Risk Committee considered the audit report in October 2021 and requested that management provide the committee with a report on how Services Australia is addressing the audit findings. The June 2022 Audit and Risk Committee papers noted that the Chief Operating Officer would provide a report at the August 2022 meeting detailing the agency’s people strategy, including cost, composition, labour market and future modelling.

3.33 The low completion and compliance rates for the mandatory induction program (see Table 3.3) and internal audit findings of shortcomings in agency processes for alerting contractors of training requirements (paragraph 3.31), indicate that contractors may not always be made aware of the expected behaviours and standards that Services Australia requires of its personnel. The internal audit also indicates that managers may not be aware of their responsibilities regarding the completion of training by contracted personnel.

3.34 Services Australia, as part of its considerations on how to respond to the June 2021 internal audit on blended workforce management, should establish how it can ensure that contractors complete mandatory induction training to mitigate the risk that its contracted personnel are uninformed or unable to perform their roles effectively.

Has Services Australia established arrangements for the engagement of contractors that support compliance with PSPF Policy 12: Eligibility and suitability of personnel?

3.38 Protective Security Policy Framework (PSPF) Policy 12: Eligibility and suitability of personnel⁷² sets out ‘the pre-employment screening processes and standardised vetting practices to be undertaken when employing personnel and contractors.’ Policy 12 has the following core requirements:

Each entity must ensure the eligibility and suitability of its personnel who have access to Australian Government resources (people, information and assets).

Entities must use the Australian Government Security Vetting Agency (AGSVA) to conduct vetting, or where authorised, conduct security vetting in a manner consistent with the Personnel Security Vetting Standards.

3.39 The policy states that pre-employment screening is the primary activity used to mitigate an entity’s personnel security risks. Entities may use security clearances where they need additional assurance of the suitability and integrity of personnel. This could be for access to security classified information, or to provide greater assurance for designated positions. Under the policy:

Entities must undertake pre-employment screening, including:

• verifying a person’s identity using the Document Verification Service⁷³;
• confirming a person’s eligibility to work in Australia; and
• obtaining assurance of a person’s suitability to access Australian Government resources, including their agreement to comply with the government’s policies, standards, protocols and guidelines that safeguard resources from harm.

3.40 In its mandatory annual report to the Attorney-General’s Department in 2018–19, Services Australia self-assessed its security maturity against PSPF Policy 12 requirements as ‘developing’. In its annual reports for 2019–20 and 2020–21 Services Australia lifted its maturity rating for PSPF Policy 12 to ‘managing’.⁷⁴

3.41 To form a view on whether Services Australia has established arrangements for the engagement of contractors that support compliance with PSPF Policy 12, the ANAO reviewed Services Australia’s arrangements for:

• conducting pre-employment screening and standardised vetting practices when engaging contractors; and
• monitoring that PSPF Policy 12 requirements have been addressed when contractors have been engaged.

Arrangements for conducting pre-employment screening and standardised vetting

3.42 Services Australia’s Personnel Security Policy sets out what Services Australia must do to meet PSPF Policy 12. Table 3.4 below outlines the requirements of PSPF Policy 12 that are to be established by Services Australia and the arrangements Services Australia has established for pre-employment screening processes and standardised vetting practices when engaging contractors.

Table 3.4: Services Australia’s policies and processes that apply to contractors and support compliance with the core requirements for PSPF Policy 12: Eligibility and suitability of personnel

Note a: Identified positions are those that the agency assesses as requiring an authorised security clearance. Services Australia advised the ANAO that as at 25 November 2021, 18 per cent of its security assessed positions were filled by contractors.

Source: ANAO assessment of Services Australia documentation.

3.43 As noted in Table 3.4, the agency’s Personnel Security Policy does not include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12. This omission requires attention by Services Australia.

3.44 Services Australia advised the ANAO in March 2022 that:

Every new employee/contractor is required to sign the “Declaration for handling personal information”. This covers information security, privacy and secrecy obligations and this could be expanded to require a more general declaration to comply with the broader range of government policies, standards, protocols and guidelines that safeguard resources from harm. The agency’s exit form requires all exiting staff to make a number of declarations prior to leaving the agency including they understand their ongoing obligation to protect Australian Government resources under the Criminal Code, Public Service Act 1999 and other relevant legislation.

Arrangements for monitoring and reporting that requirements of PSPF Policy 12 have been addressed when contractors have been engaged

3.47 In October 2021, Services Australia advised the ANAO of its onboarding processes for all personnel (including contractors):

The agency conducts eligibility and suitability screening to assess if individuals are eligible and suitable to have non-public access to the agency’s and the Australian Government’s resources (people, information and assets).

The agency’s eligibility and suitability screening includes:

• eligibility and suitability checks (also known as pre-engagement checks)
• eligibility and suitability assessments based on the results of eligibility and suitability checks.

The agency will not grant an individual with non-public access to resources until eligibility and suitability screening has been completed and the agency has determined that individual is eligible and suitable to be granted that access. In exceptional circumstances, temporary access to agency resources may be granted, pending the completion of the eligibility and suitability check process.

3.48 As part of the onboarding process, contractors are to complete a pre-engagement pack that is then uploaded to Services Australia’s onboarding tracker. The agency’s guidance states that the pre-engagement pack should be completed for:

Any individual who may require non-public access to the department’s or shared services agency’s resources (information, buildings, assets, staff and customers), prior to their commencement.

3.49 Services Australia’s policy and procedure documents state that the Onboarding Services team will ensure eligibility and suitability checks are completed prior to system access being granted.

3.50 Services Australia advised the ANAO in June 2022 that to strengthen its assurance arrangements for PSPF Policy 12 in relation to contractors, since 2018 it has established a centralised onboarding team, made systems improvements including the recording of police checks, and further developed:

a regular report for the Onboarding Team to forecast possible future contractor extensions. Over the last 6 months, this report has been enhanced to capture police check information. This has allowed a cleansing exercise that is approximately 60% complete and still underway to ensure accurate and up-to-date pre-engagement pack (PEP) information.

3.51 Services Australia further advised the ANAO that:

In September 2021, the Onboarding Team implemented automation of the extensions processing. The ‘digital worker’ has been developed to always check for a valid police clearance date before extending system access. Any that do not have a valid police check are flagged as exceptions and we contact the business area to request a new PEP to be completed. The PEP must be complete and have a returned result prior to extension being processed by the Onboarding Team.

The Onboarding Team are also working on an automated reminder for non-payroll staff who are nearing the 3 year milestone requesting them to undertake another pre-engagement check. The scoping exercise is nearing completion for the process.

3.52 Services Australia advised the ANAO in March 2022 that, in relation to assurance activities to ensure mandatory requirements under PSPF Policy 12 are met for contractors, ‘the agency does not currently undertake any specific assurance activities to ensure these mandatory requirements have been met’.

Services Australia’s use of temporary access provisions

3.53 Temporary access provisions allow newly engaged individuals to be granted access to agency facilities, systems and resources before Services Australia has finalised its pre-engagement screening process.

3.54 The Attorney-General’s Department guidance for PSPF Policy 12 recommends that:

entities conduct and finalise pre-employment and entity-specific screening after the conclusion of the merit selection process but prior to an offer of employment or contract. The guidance also stipulates that where checks are not completed prior to engagement, it is recommended that entities make the employment or contract conditional on satisfying the required checks within a reasonable timeframe.

3.55 Commencing in March 2020, Services Australia enacted the use of temporary access provisions in its security policy, ‘to enable rapid recruitment to meet the high service demand generated by COVID-19’ and to manage the 2022 east coast flood emergency and other priorities.⁷⁵ Services Australia advised the ANAO that temporary access provisions are used after an appropriate risk assessment has been conducted. The ANAO reviewed 22 approval emails for temporary access waiver requests, dating from March 2020 to May 2022. Of the 22 emails reviewed, eight included a risk assessment with the request.

3.56 Services Australia advised the ANAO in June 2022 that:

the agency did not waive the mandatory pre-employment screening or security clearance requirements. Services Australia’s application of temporary access provisions was for the purpose of allowing access to agency resources prior to the completion of the agency’s eligibility and suitability check process. The application of the temporary access provisions is consistent with the PSPF guidance, where there was a condition included that:

• all pre-engagement packs and all supporting documentation for each individual must be submitted to the on-boarding team within 14 days (earlier if possible) of an individual’s commencement
• temporary access may subsequently be revoked [if not provided in 14 days].

3.57 Services Australia further advised the ANAO in June 2022 that:

Services Australia temporary access provisions required that individuals submit their pre-engagement pack within a determined number of days of commencement, or their access to agency resources would be suspended. The agency’s onboarding function and/or contract managers monitor the completion and submission of pre-engagement packs and submit and monitor the return of police checks. Where adverse results from the police checks or internal checks are identified for candidates engaged under the temporary access provisions, these individuals are subsequently referred to the Security Branch for an eligibility and suitability assessment to be undertaken. Personnel Security may subsequently request some individuals be suspended from engagement, pending the outcome of the eligibility and suitability assessment.

3.58 In May 2022, Services Australia advised the ANAO that 8077 individuals were onboarded under temporary access provisions after September 2021, including 4825 ‘labour hire/service delivery partner individuals.’ Services Australia was unable to advise the ANAO of the number of individuals, including the number of contractors, that were onboarded under the temporary access provisions up to and including September 2021.

3.59 As noted in paragraphs 3.50–3.51, Services Australia advised the ANAO in June 2022 that it has taken steps to strengthen assurance arrangements around PSPF Policy 12 for contractors, particularly over the last six months.

4.1 Once engaged by Services Australia, the ongoing management of contractors involves:

• day-to-day oversight of the contractor and management of the contract to ensure that contracted outcomes are being delivered as required;
• assessment and management of the ongoing suitability of the contractor to access Australian Government resources; and
• withdrawing access and managing ongoing risks at the end of the contract.

4.2 The ANAO examined the following to form a view on the fitness-for-purpose of Services Australia’s arrangements for the management of contractors.

• Documentation promulgated to officials to inform them of the agency’s requirements and expectations for the management of contractors and the training that was available to support implementation of the guidance.
• Policies and processes for ensuring the ongoing suitability of contracted personnel to access Australian Government resources, as required by PSPF Policy 13: Ongoing assessment of personnel, and monitoring and reporting on compliance.
• Policies and processes for contracted personnel to have their access withdrawn and to be informed of any ongoing security obligations, as required under PSPF Policy 14: Separating personnel, and monitoring and reporting on compliance.

Has Services Australia clearly documented its requirements and expectations regarding the management and oversight of contractors?

Framework documenting the requirements and expectations for managers

4.3 Services Australia has documented its requirements and expectations for contract managers in the Accountable Authority Instructions (AAIs) and Contract Management Framework. This information is available on Services Australia’s intranet.

Accountable Authority Instructions

4.4 The responsibilities of Services Australia’s contract managers are set out in the agency’s AAIs, which state that the mandatory responsibilities of contract managers are:

• complying with the agency’s contract management framework and guidance;
• actively managing the contract including ensuring the contract meets it objectives;
• performance monitoring and reporting to ensure the agency obtains value for money; and
• identifying, assessing and managing contract risks.

Contract Management Framework

4.5 Services Australia has established a Contract Management Framework for the purpose of providing ‘responsible delegates and Contract Managers with a clear and standardised approach to managing and administering contracts for Services Australia’.⁷⁶ The framework outlines the four key elements of contract management in the agency (contract governance, contract administration, performance management and stakeholder management) and the requirements and expectations for contract managers for each of the four elements (illustrated in Figure 4.1).

Figure 4.1: Elements of the contract management framework

Source: Services Australia.

4.6 Policies, procedures and guidance for managers are available in documents and pages on Services Australia’s intranet. The documents include:

• roles and responsibilities of contract managers, which are clearly defined;
• standardised policies and processes for managing contracts in the agency;
• standardised tools to assist contract managers to fulfil their responsibilities, including around performance monitoring, record management, risk management and tracking the contract budget; and
• a range of policies, procedures and guidance on supervising contractors and labour hire personnel including the day-to-day management of induction, performance, security, financial delegations, conduct and behaviour, onboarding and offboarding. ⁷⁷

4.7 In reviewing the documentation available to managers, the ANAO noted duplication of advice on onboarding, day-to-day management, and offboarding of contractors. There is an opportunity for Services Australia to consolidate aspects of its guidance and supporting documentation available to managers, to rationalise the available information and avoid duplication.

4.8 Services Australia advised the ANAO in March 2022 that:

The Procurement Branch publishes contract management resources under a central contract management homepage on the intranet. The homepage links to relevant tools, templates and guidance to assist staff managing arrangements in line with the contract management framework. Separately, there is a range of published information relating to the day-to-day management of labour hire staff which differs from contract management, though some overlap in information is noted.

4.9 The Procurement Branch will review information applicable to the day-to-day management of labour hire staff and contractors and include links to those policies and procedures on its contract managers homepage that may assist contract managers, including: onboarding processes, HR Policy, and training requirements for contractors. The contract manager may delegate administrative duties for the contract, including the day-to-day management and supervision of contractors, to one or more contract administrators. In February 2022, Services Australia advised the ANAO that in addition to the policies, procedures and guidance outlined in paragraph 4.6 for supervisors of contractors in the agency, it has established governance meetings with suppliers to provide contract assurance and address potential risks that may arise through delegating contract administration. The ANAO did not examine the implementation of these arrangements.

Training for contract managers about managing and oversighting contractors

4.10 Contract managers are required to undertake mandatory training to perform their roles. Services Australia has in place a Contract Management Training Pathway for contract managers, that comprises eLearning and formal training. In addition, the agency planned to develop face-to-face workshops, with work expected to commence in March 2022.⁷⁸ Contract administrators, who may be responsible for the day-to-day management and supervision of contractors, can also undertake contract manager training but it is not mandatory.

4.11 Services Australia’s guidance states that these courses are in place to support contract managers in respect to: understanding their responsibilities, planning and assessing supplier performance, communicating with stakeholders, assessing contractual risk, and documenting contract management plans. The mandatory training courses that apply at each contract risk rating level are summarised in Table 4.1 below.

Table 4.1: Mandatory training for contract managers in Services Australia

Note a: The overall risk rating for a contract is determined by the risk assessment of the underlying risks associated with a contract. Services Australia’s Contract Management Framework includes guidance and templates for developing and documenting risk assessments.

Source: ANAO analysis of Services Australia documentation.

Monitoring contract manager training completion rates

4.12 Services Australia advised the ANAO in March 2022 that:

Business areas are responsible to ensure contract managers are appropriately skilled to manage contract deliverables, noting that procurement and contract arrangements are managed centrally by the Procurement Branch for non-ICT procurements and ICT Strategic Sourcing Branch for ICT procurements.

4.13 Services Australia has not established arrangements that provide agency-wide assurance that contract managers have completed the mandatory training.

Feedback from contract managers on available guidance, training and support

4.14 The ANAO sought feedback from 10 contract managers in Services Australia on the effectiveness of the guidance, training and support they are offered to undertake their role.⁷⁹ The responses received from contract managers indicated that generally, the policies, procedures, guidance and support they were offered to undertake their role were effective. The contract managers identified opportunities to improve the range of guidance available through: consolidating resources for managing contractors, development of agency-wide policies and guidance; and development of more Human Resources guidance to support the supervision and management of contractors in the agency.

Has Services Australia established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel?

4.15 When personnel (including contractors) are engaged, entities must ensure that the eligibility and suitability requirements that were established prior to commencement continue to be met. This entity responsibility is set out in PSPF Policy 13: Ongoing assessment of personnel. The purpose of the policy is to describe how entities maintain confidence in the suitability of their personnel to access Australian Government resources and manage the risk of malicious or unwitting insiders. The core requirement of PSPF Policy 13 is that ‘each entity must assess and manage the ongoing suitability of its personnel and share relevant information of security concern, where appropriate.’

4.16 In its 2018–19, 2019–20 and 2020–21 self-assessment of its maturity against PSPF Policy 13 requirements, submitted to the Attorney-General’s Department (AGD), Services Australia rated its maturity level as ‘developing’.⁸⁰

Arrangements for assessing and managing the ongoing suitability of contractors and sharing relevant information

4.17 Services Australia’s Personnel Security Policy sets out what the agency must do to meet PSPF Policy 13. Table 4.2 (below) outlines the results of the ANAO’s review of Services Australia’s policies and processes for assessing and managing the ongoing suitability of contractors.

4.18 In summary, Services Australia has established policies and procedures to support compliance with the requirements of PSPF Policy 13. Services Australia’s policies and procedures address all aspects of the core PSPF requirement and apply to all personnel, including contractors. Services Australia has also included clauses, in the nine contracts examined by the ANAO, requiring ongoing compliance with Services Australia’s security policies and processes.

Table 4.2: Services Australia’s policies and processes that apply to contractors and support compliance with the core requirements of PSPF Policy 13: Ongoing assessment of personnel

Note a: Services Australia’s Personnel Security policy defines individuals as: ‘all ongoing and non-ongoing staff and all contractors, labour hire, consultants, third party providers and other government department or agency personnel.’

Note b: In its 2020–21 self-assessment of its maturity against PSPF Policy 13 requirements submitted to AGD, Services Australia reported nil instances of where the accountable authority had waived the citizenship or checkable background requirements for any security clearances sponsored by the entity.

Note c: Services Australia advised the ANAO in March 2022 that: ‘The review of security clearance eligibility waivers is triggered during the PSPF Annual Assessment process – as the agency is required to report on waivers in the annual submission. This level of detail is not included in our personnel security policy.’

Source: ANAO assessment of Services Australia documentation.

Arrangements for monitoring and reporting that the ongoing suitability of contractors has been assessed and managed

4.19 In its 2020–21 PSPF self-assessment report to AGD, Services Australia reported that:

The entity has substantially developed its procedures and systems to assess and manage ongoing suitability of personnel. In the majority of cases, information of security concern for ongoing suitability of personnel is assessed and shared by the entity with relevant shareholders [sic]. Procedures are mostly in place to ensure compliance with security clearance maintenance requirements (where relevant).

4.20 Services Australia also reported that, to lift its security maturity rating for PSPF Policy 13 from ‘developing’ to ‘managing’, the agency planned to take the following actions.

• By October 2021, establish a project team to:
  • examine and develop policy options to uplift the minimum security requirements in the Personnel Security Policy for all new and existing staff (including contractors) in the agency to a minimum BASELINE security clearance, or other options to manage key risks;
  • undertake a review of existing security clearance assessed positions across the agency; and
  • examine and develop options for all individuals to declare significant changes in personal circumstances.
• By June 2022, develop ongoing training and awareness programs to communicate staff obligations with regard to security policies and procedures.

4.21 In March 2022, Services Australia informed the ANAO that these activities were progressing, though with some delays due to the agency’s response to the COVID-19 pandemic.

Has Services Australia established arrangements for the separation of contractors that support compliance with PSPF Policy 14: Separating personnel?

4.22 When individuals (including contractors) permanently or temporarily leave their employment with an entity, entities are required to take steps to mitigate risks that Australian Government resources will be accessed by individuals without permission or that ongoing security obligations are not met. These requirements are set out in PSPF Policy 14: Separating personnel. Policy 14 states that:

Each entity must ensure that separating personnel:

(a) have their access to Australian Government resources withdrawn;

(b) are informed of any ongoing security obligations.

4.23 In its 2018–19, 2019–20 and 2020–21 self-assessment of maturity against PSPF Policy 14 requirements, submitted to AGD, Services Australia rated its maturity level as ‘developing’.⁸¹

Arrangements for managing access and ongoing security obligations of separating contractors

4.24 Services Australia’s Personnel Security Policy sets out what the agency must do to meet PSPF Policy 14. Table 4.3 below outlines the results of the ANAO’s review of Services Australia’s policies and processes for managing access and ongoing security obligations of separating contractors.

Table 4.3: Services Australia’s policies and processes that apply to contractors and support compliance with the core requirements of PSPF Policy 14: Separating Personnel

Source: ANAO assessment of Services Australia documentation.

4.25 In summary, Services Australia has established policies and processes to support compliance with the requirements of PSPF Policy 14. Services Australia has also included clauses, in the nine contracts examined by the ANAO, requiring ongoing compliance with Services Australia’s security policies and processes.

Arrangements for monitoring and reporting that the requirements of PSPF Policy 14 have been met when contractors are separating

4.26 In its 2020–21 PSPF self-assessment report to AGD, Services Australia reported that:

Separating personnel in the majority of cases understand their ongoing security obligations and have their access to Australian Government resources withdrawn. Systems and processes are substantially developed to verify consistency of separating personnel practices across the entity.

4.27 In that report, Services Australia also stated that to lift its security maturity rating for PSPF Policy 14 from ‘developing’ to ‘managing’, the agency planned to do the following.

• By December 2022, improve separation policies and procedures to include:
  • notification to the Chief Security Officer about proposed cessations of employment resulting from alleged misconduct or other adverse reasons prior to separation;
  • sharing relevant security information for personnel transferring to another Australian Government entity; and
  • determining when a risk assessment is required to identify security implications for personnel separating from the agency for those who have not been able to complete agency specific separation processes.
• By June 2022, further progress activities regarding policies, procedures and technology to ensure access to agency systems and premises is removed appropriately and in a timely manner.

4.28 In March 2022, Services Australia advised the ANAO that ‘these strategies have not progressed as yet due to resources being diverted to priority activities associated with support of Emergency Responses (COVID, fires, floods).’

4.29 ANAO testing of ICT systems controls, conducted as part of the audit of Services Australia’s 2018–19 financial statements, identified instances where separating individuals’ systems access was not removed in a timely way.⁸³ As at 15 June 2022, the finding remained open.

4.30 Services Australia advised the ANAO in March 2022 that:

The Agency undertook a review of all user terminations for the 2020-21 financial year to address the C3 User Termination finding and determine the business, financial and data risks to the Agency.

The review incorporated the work undertaken in the Agency’s fraud Division and identified all users where the system termination action was completed after the users final working day. Where anomalies where detected further reviews where undertaken to determine if this delay led to any business, financial or data risk impact. The review considered system access, credit card usage and access to secure information held in protected enclave.

No business, financial or data risk issues were identified.

A monthly review process has been implemented by the Agency’s payroll area to ensure any delays to user terminations are reviewed.

Appendix 1 Entity responses

Appendix 2 Performance improvements observed by the ANAO

1. The fact that independent external audit exists, and the accompanying potential for scrutiny, improves performance. Program-level improvements usually occur: in anticipation of ANAO audit activity; during an audit engagement as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

• strengthening governance arrangements;
• initiating reviews or investigations; and
• introducing or revising policies or guidelines.

4. In this context, the below improvements were observed by the ANAO during the course of the audit. It is not clear if these actions and/or the timing of these actions were already planned before this audit commenced. The ANAO has not sought to obtain reasonable assurance over the source of these improvements or whether they have been appropriately implemented.

5. The following performance improvements were observed by the ANAO during the course of this audit:

• As discussed in paragraph 2.9, Services Australia has developed workforce strategies to support workforce planning in its service delivery and ICT workforces that are intended to guide decisions on workforce supply, including for the use of contractors. Services Australia advised the ANAO in January 2022 that it is planning to refresh its current Strategic Workforce Plan later in 2022 and will consider where similar approaches could be applied across the rest of the agency (see paragraph 2.10).
• As discussed in paragraphs 3.36 and 3.37, Services Australia advised the ANAO that it is developing governance processes around enterprise mandatory training including a communications plan, and monthly reporting on training completion rates.
• As discussed in paragraph 3.43, Services Australia’s Personnel Security Policy does not include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12. Services Australia advised the ANAO in March 2022 that its declaration for handling personal information form ‘could be expanded to require a more general declaration to comply with the broader range of government policies, standards, protocols and guidelines that safeguard resources from harm’ (see paragraph 3.44).
• As discussed in paragraphs 3.50–3.51 and 3.56–3.57, Services Australia advised the ANAO that over the last 6 months, police check information has been included in reporting used to forecast future contractor extensions. Services Australia also advised that since September 2021, it has been checking that existing pre-engagement pack (PEP) information is accurate and up-to-date.

Appendix 3 Measures for reporting on workforce size

1. The Australian Public Service Commission (APSC) provides information on measures used to report on workforce size.⁸⁸

2. Each year a ‘snapshot’ of data concerning all Australian Public Service (APS) employees as at 30 June and 31 December is released by the APSC. The data is provided by agencies and is drawn from the Australian Public Service Employment Database. APS employment data includes:

• demographic variables including age, gender and work location;
• classification level of APS employees, from trainee to Senior Executive Service;
• diversity data including voluntary items self-reported by APS staff such as disability status, Indigenous status, and cultural diversity; and
• staff movements including engagements, separations and transfers between agencies.

3. The reported size of the APS workforce is a headcount of all people employed at the time of the snapshot. This figure does not adjust for hours worked and it includes any employees who are on extended leave (for 3 months or more), including those on maternity leave and leave without pay.

1. This figure is different to Average Staffing Level (ASL) data provided in the Federal Budget papers. The ASL counts staff for the time they work. For example, a full-time employee is counted as one ASL, while a part time employee who works three full days per week contributes 0.6 of an ASL. The ASL averages staffing over an annual period. It is not a point in time calculation.

2. The Government places a cap on ASL. This is applied across the General Government Sector (which incorporates all of the APS and a range of other government agencies). ASL caps are published in the Federal Budget Papers each year.

3. Another measure of employee numbers used by both private and public sector organisations is Full Time Equivalent (FTE). This is a count of all hours worked at a point in time and then converted to the number of full-time staff. For example, two staff each working 0.6 days per week would be counted as 1.2 FTE.

Appendix 4 Services Australia’s contractor data at 30 June 2021

1. Services Australia’s records indicate that it had 4269 contractors at 30 June 2021. The figures below provide further information about the agency’s contractors including the Services Australia organisational group they worked in, and length of service at 30 June 2021.

2. Figure A.1 below illustrates the 4269 contractors, at 30 June 2021, by Services Australia organisational group.

Figure A.1: Agency contractors at 30 June 2021 by Services Australia organisational group

Source: ANAO analysis of Services Australia data.

3. Figure A.2 illustrates the length of service for the agency’s 4269 contractors. As shown in Figure A.2, based on their most recent contract start date, the largest group of Services Australia’s contractors at 30 June 2021 had been engaged for less than a year (1186 or 42.5 per cent), while 316 (7 per cent) of contractors had been engaged for between five and 10 years.

Figure A.2: Services Australia’s contractors at 30 June 2021 by length of service^a

Note a: Services Australia advised the ANAO that its length of service calculation reflects an individual’s most recent continuous period of service with Services Australia, regardless of contract type. For the 48 individuals without a length of service calculation, Services Australia informed the ANAO that the data provided begins from 29 September 2011, and for non-APS personnel that commenced before this date their actual start date is not readily available in the system for the purposes of calculating length of service. Based on this advice, it is possible that the length of service for these 48 individuals was greater than 10 years as at 30 June 2021.

Source: ANAO analysis of Services Australia data.