Audit snapshot

Why did we do this audit?

  • Parliamentary committee and Auditor-General reports identify risks to the successful delivery of outcomes and areas where administrative or other improvements can be made by Australian Government entities.
  • This is the fourth in a series of audits that highlight whether entities have implemented recommendations in line with commitments made to the Parliament.
  • The audit examined recommendations directed to the Department of Home Affairs (the department).

Key facts

  • A schedule of outstanding government responses to parliamentary committee reports is presented to the Parliament twice a year.
  • In December 2021, one per cent of Senate committee reports and three per cent of House of Representatives committee reports were responded to within the agreed timeframe across the Australian Government.

What did we find?

  • The department’s implementation of the agreed parliamentary committee and Auditor-General recommendations examined in the audit was largely effective.
  • The department now has largely fit-for-purpose arrangements to respond to, monitor and implement agreed recommendations.
  • With respect to the 25 agreed recommendations examined, 16 (64 per cent) were implemented, two (eight per cent) were largely implemented, three (12 per cent) were partly implemented, one (four per cent) was not implemented and for three (12 per cent) implementation was ongoing.

What did we recommend?

  • There was one recommendation to the department to update recommendation implementation guidance.
  • The department agreed to this recommendation.

7 out of 8 (88%)

Parliamentary committee recommendations fully or largely implemented by the department.

11 out of 14 (79%)

Closed Auditor-General recommendations fully or largely implemented by the department.

Summary and recommendation

Background

1. The Department of Home Affairs1 (the department) is a non-corporate Commonwealth entity that coordinates policy and operations for Australia’s national and transport security, federal law enforcement, criminal justice, cyber security, border, immigration, multicultural affairs, emergency management and trade-related functions.

2. As a department of state, the department regularly receives recommendations as part of parliamentary committee inquiries and external audit activity by the Australian National Audit Office (ANAO).

3. Parliamentary committee and Auditor-General reports identify risks to the successful delivery of outcomes and generally provide recommendations to address them. Successful implementation of agreed recommendations requires effective governance arrangements, with timely implementation approaches, that set clear responsibilities and timelines for addressing the required actions.

4. Committees of the Australian Parliament, including the Joint Committee of Public Accounts and Audit, consist of members from one or both Houses of Parliament. Parliamentary committee inquiries are used to ‘investigate specific matters of policy or government administration or performance’.2

5. The Auditor-General scrutinises and provides independent assurance as to whether the Executive arm of the Australian Government is operating and accounting for its performance in accordance with the Parliament’s intent.

Rationale for undertaking the audit

6. Parliamentary committee and Auditor-General reports, in addition to providing assurance to the Parliament, identify risks to the successful delivery of outcomes and areas where administrative or other improvements can be made by Australian Government entities. The appropriate and timely implementation of agreed recommendations is an important part of realising the full benefit of a parliamentary committee or Auditor-General report, and for demonstrating accountability to the Parliament.

7. This is the fourth in a series of audits that highlight whether entities have implemented recommendations in line with commitments made to the Parliament.

Audit objective and criteria

8. The audit examined whether the department implemented all agreed recommendations from parliamentary committee and Auditor-General reports within the scoped timeframe.

9. To form a conclusion against the audit objective, the ANAO adopted the following high-level criteria.

  • Does the department have fit-for-purpose arrangements to respond to, monitor and implement agreed recommendations? (Chapter 2)
  • Were agreed recommendations effectively implemented? (Chapter 3)

10. The ANAO reviewed the department’s implementation of 25 agreed recommendations, comprised of eight parliamentary committee recommendations and 17 Auditor-General recommendations.3

Conclusion

11. The department’s implementation of the agreed parliamentary committee and Auditor-General recommendations examined in the audit was largely effective.

12. The department now has largely fit-for-purpose arrangements to respond to, monitor and implement agreed recommendations. The department introduced arrangements to monitor the implementation of agreed parliamentary committee recommendations in September 2021. Recent process improvements are yet to be incorporated into department-wide guidance.

13. With respect to the 25 agreed recommendations examined, 16 (64 per cent) were implemented, two (eight per cent) were largely implemented, three (12 per cent) were partly implemented, one (four per cent) was not implemented and for three (12 per cent) implementation was ongoing.

Supporting findings

Arrangements to respond to, monitor and implement agreed recommendations

14. The department now has effective governance arrangements to respond to, monitor and implement agreed recommendations. Clear accountabilities, delegated decision making and oversight were in place for Auditor-General recommendations and have been recently established for parliamentary committee recommendations. The department’s Assurance Framework includes parliamentary committee and Auditor-General reports. (Paragraphs 2.2 to 2.22)

15. The department now has effective processes to respond to, monitor and implement agreed recommendations. The department recently introduced new processes to improve the implementation of recommendations. It is yet to incorporate these changes into department-wide guidance. (Paragraphs 2.23 to 2.40)

16. The department has largely effective systems to monitor the implementation of agreed recommendations. The department has appropriate information management systems to monitor recommendations, however, tracking information is incomplete and guidance is in draft form. The department has effective internal and external reporting arrangements. (Paragraphs 2.43 to 2.57)

Implementation of recommendations

17. Prior to February 2022, the department did not have documented procedures for developing fit-for-purpose implementation plans, nor were any plans developed, for the selected Auditor-General recommendations. All (17) Auditor-General recommendations were assigned a recommendation owner at the appropriate level. One Auditor-General recommendation was assigned a due date and risk rating. (Paragraphs 3.4 to 3.9)

18. The effectiveness of the department’s monitoring of the implementation of each selected recommendation was reduced by the absence of a clear assurance process. The Audit and Risk Committee received at least one status update for seven (40 per cent) recommendations. There was a range of 22 to 380 days from when a report tabled to when the first status update was provided to the team responsible for monitoring the recommendation’s implementation. (Paragraphs 3.10 to 3.17)

19. The recommendations examined were not all implemented in full and closed in accordance with requirements.

  • For the eight parliamentary committee recommendations examined, seven were implemented and one was not implemented.
  • For the 17 Auditor-General recommendations examined, nine were implemented, two were largely implemented, three were partly implemented and for three, implementation was ongoing.

20. In all instances where the department recorded an Auditor-General recommendation as being implemented, it was closed in accordance with requirements. (Paragraphs 3.18 to 3.58)

Recommendation

Recommendation no. 1

Paragraph 2.41

Department of Home Affairs update its procedures to reflect the process improvements implemented throughout the audit. This includes:

  1. implementation planning;
  2. progress reporting;
  3. implementation timeframes; and
  4. risk management of recommendations.

Department of Home Affairs response: Agreed.

Summary of entity response

21. The department’s summary response is provided below and its full response is included at Appendix 1.

The Department is committed to the effective oversight and implementation of recommendations from parliamentary committee and Auditor-General reports and welcomes the ANAO assessment of the strengths and weaknesses of its processes.

In 2019, the Department implemented structured processes to respond to, monitor and implement recommendations from Auditor-General and internal audit reports. From 1 February 2022, this process was extended to include all agreed recommendations from Parliamentary committee reports. The audit reflects the strengths of this process, and also identifies a series of improvements the Department has been implementing over the last six months.

The Department has commenced drafting the recommended update to its procedures to reflect the process improvements that were made throughout the audit, and implementation is expected by 30 June 2022. The Department has also implemented the suggested assurance process over the data retained within its recommendations database. This process will be documented in the updated procedural instruction.

Key messages from this audit for all Australian Government entities

The ANAO published Audit Insights — Implementation of Recommendations on 30 June 2021.4 Below are additional key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Governance and risk management

Key learning reference
  • When responding to, monitoring and implementing agreed recommendations, entities should establish clear and consistent expectations for how risk should be considered, including the risk involved in implementing the recommendation, as well as what failure might look like.
  • Financial statements audit recommendations can relate to performance issues. The approach identified in this audit highlighted the importance of involving the relevant business area within the entity and monitoring these recommendations through the Audit and Risk Committee.

1. Background

Introduction

1.1 The Department of Home Affairs5 (the department) is a non-corporate Commonwealth entity that coordinates policy and operations for Australia’s national and transport security, federal law enforcement, criminal justice, cyber security, border, immigration, multicultural affairs, emergency management and trade-related functions.

1.2 As a department of state, the department regularly receives recommendations as part of parliamentary committee inquiries and external audit activity by the Australian National Audit Office (ANAO).

1.3 Parliamentary committee and Auditor-General reports identify risks to the successful delivery of outcomes and generally provide recommendations to address them. Successful implementation of agreed recommendations requires effective governance arrangements, with timely implementation approaches, that set clear responsibilities and timelines for addressing the required actions.

1.4 Committees of the Australian Parliament, including the Joint Committee of Public Accounts and Audit (JCPAA), consist of members from one or both Houses of Parliament. Parliamentary committee inquiries are used to ‘investigate specific matters of policy or government administration or performance’.6

1.5 The Auditor-General scrutinises and provides independent assurance as to whether the Executive arm of the Australian Government is operating and accounting for its performance in accordance with the Parliament’s intent.

Previous audits

1.6 This is the fourth in a series of performance audits that examine the effectiveness of Australian Government entities’ implementation of agreed recommendations from parliamentary committee and Auditor-General reports.7

1.7 Auditor-General Report No. 6 2019–20, tabled in August 2019, examined entities in the Agriculture and Infrastructure portfolios. It found that the four selected entities had not effectively demonstrated implementation of all agreed recommendations examined by the audit. The report made four recommendations to improve governance and executive oversight of the implementation of recommendations. Three were directed to entities in the audit, and one to the Department of the Prime Minister and Cabinet to reinforce the responsibility of accountable authorities to monitor and implement agreed parliamentary committee recommendations.

1.8 In response to the first report, on 7 August 2019, the Secretary of the Department of the Prime Minister and Cabinet wrote to departmental secretaries strongly encouraging all departments and agencies to:

… finalise government responses to parliamentary committee reports in a timely manner so that the Government can table its response to a committee report within the timeframes established through the respective resolutions of the House of Representatives and the Senate … [and] have processes in place to monitor the implementation of recommendations accepted by the Government.

1.9 Auditor-General Report No. 46 2019–20, tabled in June 2020, examined entities in the Health and Education portfolios. This report concluded that nothing came to the ANAO’s attention that the entities had not implemented applicable parliamentary committee and Auditor-General performance audit recommendations. Entities implemented all parliamentary committee recommendations agreed to in the period 1 July 2016 to 30 June 2017. General arrangements to respond to, monitor and manage parliamentary committee recommendations required improvement.

1.10 Auditor-General Report No. 34 2020–21, tabled in April 2021, examined the Department of Defence. Of the 32 agreed recommendations examined in the audit, the ANAO found 15 (46.9 per cent) were implemented, six (18.8 per cent) were largely implemented, four (12.5 per cent) were partly implemented and seven (21.9 per cent) were not implemented. The report concluded that the Department of Defence had appropriate governance arrangements to respond to, monitor and implement Auditor-General performance audit recommendations, and partially appropriate governance arrangements for parliamentary committee recommendations.

Timeliness of responses to parliamentary committees

1.11 Parliamentary committee reports usually recommend government action. For example, the introduction of legislation, a change in administrative procedures or review of policy. Such action is the responsibility of the Executive Government rather than the Parliament.

1.12 The President of the Australian Senate (Senate) and the Speaker of the House of Representatives (House) present a report to the Senate and House, respectively, on the status of government responses twice a year.8 Reports remain on this schedule until:

  • a response is received;
  • the relevant committee agrees that a response is no longer expected; or
  • a request to remove an inquiry from the list is received and agreed.

1.13 Table 1.1 outlines the key results from the President of the Senate report as at 30 June 2021 and 31 December 2021. Report responses are required within three months of the report being presented to the Senate.

Table 1.1: Senate — outstanding government responses as at 30 June 2021a and 31 December 2021a

Description

Amount

Percentage

Amount

Percentage

 

As at 30 June 2021

As at 31 December 2021

No. of reports with a response

35b

12

38e

12

No. of reports with a response that was received within the specified timeframe

12

4

3

1

No. of reports with a response but received late

23b

8

35e

11

No. of reports with no response

249c

88

288f

88

Total number of reports included in the schedule

284d

100

326g

100

Shortest timeframe taken to respond

< 1 month

< 1 month

Longest timeframe where a response was provided

67 months

(5 years and 7 months)

33 months

(2 years and 9 months)

Latest pending response (not yet received)

221 months

(18 years and 5 months)

227 months

(18 years and 11 months)

         

Note a: The timeframe covered in each reporting period includes the oldest report where a government response is outstanding.

Note b: Total numbers include seven partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities.

Note c: The time allowed for responding had not yet expired for 25 of the 249 reports with no response.

Note d: Five responses in this report schedule referred to 13 JCPAA reports. All responses were late.

Note e: Total numbers include eight partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities.

Note f: The time allowed for responding had not yet expired for 36 of the 288 reports with no response.

Note g: Ten responses in this report schedule referred to 14 JCPAA reports. All responses were late.

Source: ANAO analysis of Senate reporting.

1.14 Table 1.2 outlines the key results from the Speaker of the House report as at 23 June 2021 and 1 December 2021. Report responses are required within six months from the report being presented to the House.

Table 1.2: House — outstanding government responses as at 23 June 2021 and 1 December 2021a

Description

Amount

Percentage

Amount

Percentage

 

As at 23 June 2021

As at 1 December 2021

No. of reports with a response

17b

14

29f

20

No. of reports with a response that was received within the specified timeframe

4c

3

4

3

No. of reports with a response but received late

13b

11

25f

17

No. of reports with no response

102d

86

113g

80

Total number of reports included in the schedule

119e

100

142h

100

Shortest timeframe taken to respond

< 2 months

< 2 months

Longest timeframe where a response was provided

20 months (1 year and 8 months)

63 months

(5 years and 3 months)

Latest pending response (not yet received)

133 months

(11 years and 1 month)

138 months

(11 years and 6 months)

         

Note a: The timeframe covered in each reporting period includes the oldest report where a government response is outstanding.

Note b: Total numbers include ten partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities.

Note c: This includes two responses that were submitted within the time period and not reflected in the Speaker’s Schedule.

Note d: The time allowed for responding had not yet expired for 13 of the 102 reports with no response.

Note e: This includes two responses that were submitted within the time period and not reflected in the Speaker’s Schedule. Nine responses in this report schedule referred to 12 JCPAA reports. All responses were late. This excludes one report to avoid double counting as it was accurately reported on in a previous Speaker’s Schedule.

Note f: Total numbers include nine partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities.

Note g: The time allowed for responding had not yet expired for 33 of the 113 reports with no response.

Note h: Ten responses (including eight partial) in this report schedule referred to 13 JCPAA reports. All responses were late. This excludes one report to avoid double counting as it was accurately reported on in a previous Speaker’s Schedule.

Source: ANAO analysis of House reporting.

1.15 Very few responses were received in the required timeframe. Within the most recent reporting period:

  • three of the 326 (one per cent) Senate and joint committee reports received a response within the three-month timeframe; and
  • four of the 142 (three per cent) House and joint committee reports received a response within the six-month timeframe.

1.16 The timeliness of government responses has remained consistently low across all four performance audits in this series.

Rationale for undertaking the audit

1.17 Parliamentary committee and Auditor-General reports, in addition to providing assurance to the Parliament, identify risks to the successful delivery of outcomes and areas where administrative or other improvements can be made by Australian Government entities. The appropriate and timely implementation of agreed recommendations is an important part of realising the full benefit of a parliamentary committee or Auditor-General report and demonstrating accountability to the Parliament.

1.18 This is the fourth in a series of audits that highlight whether entities have implemented recommendations in line with commitments made to the Parliament.

Audit approach

Audit objective, criteria and scope

1.19 The audit examined whether the department implemented all agreed recommendations from parliamentary committee and Auditor-General reports within the scoped timeframe.

1.20 To form a conclusion against the audit objective, the ANAO adopted the following high-level criteria.

  • Does the department have fit-for-purpose arrangements to respond to, monitor and implement agreed recommendations?
  • Were agreed recommendations effectively implemented?

1.21 The ANAO reviewed the department’s implementation of 25 agreed recommendations, comprised of eight parliamentary committee recommendations and 17 Auditor-General recommendations.9

Audit methodology

1.22 To allow sufficient time for their implementation, the recommendations examined in this audit were limited to the following two categories.

  • Parliamentary committee reports tabled between January 2019 and June 2020, where a government response was received prior to 31 September 2020, including:
    • those agreed10 to, with an action item allocated to the department; and
    • those noted, with an action item allocated to the department.
  • Auditor-General reports tabled between January 2019 and September 2020.

1.23 This audit did not examine:

  • parliamentary committee reports where the subject of the report was either a review of annual reports, or an inquiry or review into proposed Bills or delegated legislation11;
  • any recommendations that were agreed to by other entities that sit within the Home Affairs portfolio; or
  • recommendations if they were likely to be examined by the ANAO in a separate performance audit, or as part of a parliamentary inquiry.

1.24 The audit involved:

  • review of entity documentation, such as guidelines, procedures, management reports, audit committee papers, meeting minutes, briefing materials, implementation plans, closure packs and other supporting evidence relating to monitoring progress and reporting against agreed recommendations;
  • examining IT system controls and supporting documentation for those systems used by the department to manage recommendations; and
  • meetings with relevant entity staff.

1.25 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $184,000.

1.26 The team members for this audit were Zoe Pilipczyk, Olivia Robbins, Benjamin Harwood, Glen Ewers and Alex Wilkinson.

2. Arrangements to respond to, monitor and implement agreed recommendations

Areas examined

This chapter examines whether the Department of Home Affairs (the department) has fit-for-purpose arrangements to respond to, monitor and implement agreed parliamentary committee and Auditor-General recommendations.

Conclusion

The department now has largely fit-for-purpose arrangements to respond to, monitor and implement agreed recommendations. The department introduced arrangements to monitor the implementation of agreed parliamentary committee recommendations in September 2021. Recent process improvements are yet to be incorporated into department-wide guidance.

Areas for improvement

The ANAO made one recommendation for the department to update existing guidance. One area for improvement was identified to regularly review high-level system access.

2.1 An agreed response to a parliamentary committee or Auditor-General recommendation is a formal commitment to implement the recommended action. Entities with effective governance arrangements, processes and systems in place to respond to, and monitor agreed recommendations, are better positioned to successfully implement recommendations.

Does the department have effective governance arrangements to respond to, monitor and implement agreed recommendations?

The department now has effective governance arrangements to respond to, monitor and implement agreed recommendations. Clear accountabilities, delegated decision making and oversight were in place for Auditor-General recommendations and have been recently established for parliamentary committee recommendations. The department’s Assurance Framework includes parliamentary committee and Auditor-General reports.

Accountabilities and delegated decision making

2.2 Successful implementation of agreed recommendations requires effective senior management oversight and monitoring to set clear responsibilities and timeframes for addressing the required action.

Parliamentary committee reports

2.3 The Department of the Prime Minister and Cabinet is responsible for notifying the lead entity for the government response to a parliamentary committee report. An entity may be required to provide input to a response when it is not the lead. The Department of Home Affairs (the department or Home Affairs) requires at least Deputy Secretary clearance of government response input before it is submitted for approval by the relevant Minister. ‘Government responses must be approved by either the Cabinet or the Prime Minister, or a Minister on behalf of the Prime Minister, depending on the subject matter’.12

2.4 The Secretary of the Department of the Prime Minister and Cabinet’s letter to departmental secretaries referred to in paragraph 1.8 stated that:

[i]t is critical for responsible agencies to monitor and implement the parliamentary committee’s recommendations agreed to by the Government.

2.5 On 8 August 2019, Home Affairs’ Secretary requested action be taken to address the letter’s content. The department considered tracking parliamentary committee recommendations, but did not progress any action. On 23 September 2021, the department commenced monitoring agreed parliamentary committee recommendations to ‘improve the governance and oversight of the implementation of recommendations from parliamentary inquiries’.

2.6 The Chief Audit Executive is responsible for closure of implemented parliamentary committee recommendations.

Auditor-General reports

2.7 The Secretary of the department has delegated responsibility for designing and delivering assurance frameworks and activities, including alignment with the department’s risk profile, to the Chief Audit Executive. This includes:

  • endorsing the department’s response to Auditor-General performance audit reports; and
  • the closure of all internal and external audit recommendations, except for agreed financial statements audit recommendations.13

2.8 The Chief Financial Officer is responsible for:

  • endorsing the department’s response to Auditor-General financial statements audit reports; and
  • monitoring implementation of agreed financial statements audit recommendations.14

Roles and responsibilities

2.9 Figure 2.1 maps responsibility within the department to respond to, monitor, implement, oversee and close agreed recommendations.

Figure 2.1: The department’s processes to respond to, monitor, implement, oversee and close agreed recommendations

Shows the department’s processes to respond to, monitor, implement, oversee and close agreed Parliamentary Committee and Auditor-General recommendations, including which team is responsible for each phase of the process.

Key:  ➔ flow of information; (a) parliamentary committee and performance audit.

Source: ANAO analysis of departmental information.

Respond to recommendations

2.10 Responsibility for receiving and coordinating responses within the department, and allocating parliamentary committee and Auditor-General recommendations is delegated to:

  • the Ministerial and Parliamentary Branch for parliamentary committee recommendations;
  • the Audit and Assurance Branch for Auditor-General performance audit recommendations; and
  • the Financial Operations Branch for Auditor-General financial statements audit recommendations.

2.11 Each branch devolves responsibility for responding to recommendations to relevant business areas.

Monitor and implement
Monitor

2.12 Monitoring of agreed parliamentary committee and Auditor-General recommendations is conducted by two branches.

  • Audit and Assurance monitors parliamentary committee and Auditor-General performance audit recommendations.
  • Financial Operations monitors Auditor-General financial statements audit recommendations.
Implement

2.13 The relevant First Assistant Secretary, Assistant Commissioner or Group Manager, is responsible for implementing parliamentary committee and Auditor-General recommendations. As at 28 February 2022, all (165) open parliamentary committee recommendations and all (14) open Auditor-General recommendations had been assigned an appropriate officer responsible for the recommendation’s implementation.

Oversight

2.14 The Public Governance, Performance and Accountability Rule 2014 requires that entity audit committees review the appropriateness of the accountable authority’s financial and performance reporting, and systems of risk oversight and management and internal controls.

2.15 The Audit and Risk Committee is the main oversight body for agreed recommendations. The Audit and Risk Committee has delegated oversight of Auditor-General financial statements audit recommendations to the Financial Statements Sub-Committee.

  • The Audit and Risk Committee Charter requires the Committee to provide the Secretary with written advice ‘about significant issues identified [in internal and external audit reports] and monitoring the implementation of agreed actions’. On 15 October 2021, the Audit and Risk Committee Charter was amended to also require written advice on significant issues identified and monitoring the implementation of agreed actions from ‘relevant parliamentary committee reports’.
  • The Financial Statements Sub-Committee provides advice to the Audit and Risk Committee on a range of matters, including ‘[m]onitoring of progress towards management’s remediation of existing audit findings from previous ANAO financial statement audit reports’.

2.16 The Financial Statements Sub-Committee provides regular updates to the Audit and Risk Committee, including updates on the status of financial statements audit recommendations. The Audit and Risk Committee agreed it would monitor implementation of the agreed Auditor-General financial statements audit recommendation reviewed in this audit.15

Closure

2.17 As mentioned in paragraphs 2.6 to 2.8, the Chief Audit Executive and Chief Financial Officer are responsible for closing agreed parliamentary committee and Auditor-General recommendations.

Risk management

2.18 Entities have a responsibility to establish effective internal checks and controls and an effective risk and assurance framework to monitor and manage risk at the enterprise level. Under section 16 of the Public Governance, Performance and Accountability Act 2013, ‘[t]he accountable authority of a Commonwealth entity must establish and maintain: an appropriate system of risk oversight and management for the entity’.

2.19 The department’s current Risk Management Framework was approved on 21 December 2021. The Risk Management Framework outlines the department’s arrangements for designing, implementing, monitoring, reviewing and continually improving risk management. It also includes the controls management approach and reporting requirements.

2.20 The department’s current Assurance Framework was approved on 2 September 2020. The Assurance Framework informs departmental staff of the overarching principles of assurance, the interaction between assurance and risk management and the role of governance controls. This framework is intended to be read and applied in conjunction with the Risk Management Framework.

2.21 The Assurance Framework is based on the Institute of Internal Auditors Position Paper: Three Lines of Defense in Effective Risk Management and Control.16 The three lines of assurance include:

  • first line — management assurance: managers across the department own and manage risk;
  • second line — risk oversight and compliance functions: program level controls or stewardship oversight measures for managing risk and non-compliance; and
  • third line — independent assurance: external entities to the department, such as the ANAO, provide assurance on the effectiveness of risk management and internal controls.

2.22 Parliamentary committee and Auditor-General reports fall within the department’s third line of assurance.

Has the department established effective processes to respond to, monitor and implement agreed recommendations?

The department now has effective processes to respond to, monitor and implement agreed recommendations. The department recently introduced new processes to improve the implementation of recommendations. It is yet to incorporate these changes into department-wide guidance.

2.23 Processes for managing the implementation of recommendations should begin with a clear arrangement for responding to recommendations.17 Agreeing to a recommendation acknowledges that things can be improved. The Parliament’s expectation is that the entity then makes those improvements that address the deficiency identified.

Respond to recommendations

2.24 When responding to parliamentary committee and Auditor-General recommendations, entities should clearly state their intentions on whether they will implement the recommendation in full. By clearly indicating what actions will or will not be done in response to recommendations, entities minimise the risk of ambiguity.

2.25 The department has three separate documented procedures for receiving and coordinating responses and allocating parliamentary committee and Auditor-General recommendations. For the sample of recommendations reviewed in this audit, the department:

  • supported or noted the parliamentary committee recommendations; and
  • agreed or agreed in principle to the Auditor-General recommendations.

Monitor and implement

2.26 Effective monitoring requires an approach that accurately tracks progress and records the actions of the business area or individual responsible for implementation. The goal is that those with accountability can have a clear line of sight to the implementation of agreed recommendations. This section considers whether there is clear guidance to:

  • establish roles and responsibilities;
  • establish timeframes; and
  • assess risk for agreed parliamentary committee and Auditor-General recommendations.
Roles and responsibilities

2.27 Successful implementation of recommendations requires senior management oversight, and implementation planning to set clear responsibilities and timeframes for delivering the agreed action.

Monitor

2.28 The department has guidance to monitor agreed parliamentary committee and Auditor-General performance audit recommendations. Audit and Assurance seeks status updates from the recommendation owner every two months.

2.29 Financial Operations use draft guidance for the end-to-end process of engaging with Auditor-General financial statements audit, including monitoring implementation of agreed recommendations. The department advised that:

Given the limited number of financial statement[s] audit recommendations over the last few years there is no need to formalise a procedure noting the strong conventions and precedents in place for monitoring recommendations with the ANAO and Financial Statements Sub-Committee.

Implement

2.30 For Auditor-General recommendations made in financial statements audits, recommendation owners are made aware of their reporting requirements to the Financial Statements Sub-Committee.18 Reporting to the Audit and Risk Committee is on request.

2.31 In relation to financial statements audit recommendations, the department advised:

The implementation plan for financial statement[s] audit findings depends on the nature of the finding and the ANAO regularly monitors progress of these findings in their interim and final audit reports as part of the financial statements audit process. Therefore, general guidance on the implementation of findings would not be relevant as it would change depending on the rating and nature of the finding.

2.32 From February 2022, the department requires parliamentary committee and Auditor-General performance audit recommendation owners to document a Management Action Plan. This requires recommendation owners to set out:

  • the actions that will be taken to achieve the intent of the recommendation;
  • responsibilities and timeframes for each action; and
  • how established actions will achieve the intent of the recommendation.
Implementation timeframes

2.33 Establishing and meeting timeframes for implementing recommendations is important to ensure recommendations are implemented, and that any risks or issues which led to the recommendations being made are addressed in a timely fashion.

2.34 Prior to February 2022, departmental guidance did not require timeframes to be established for parliamentary committee or Auditor-General recommendations.19 The department is currently establishing timeframes for all open recommendations being tracked by Audit and Assurance. As at 28 February 2022:

  • three of 165 (two per cent) open parliamentary committee recommendations had an implementation timeframe; and
  • one of 14 (seven per cent) open Auditor-General recommendations had an implementation timeframe.
Risk

2.35 Clear and consistent processes for understanding risk will position entities to design risk-based implementation plans. An effective risk assessment process should include clear linkages between risk ratings and agreed action items.

2.36 Prior to February 2022, departmental guidance did not require a risk rating to be assigned for agreed parliamentary committee or Auditor-General performance audit recommendations. The department is in the process of assigning risk ratings to all open recommendations being tracked by Audit and Assurance. As at 28 February 2022:

  • three of 165 (two per cent) open parliamentary committee recommendations had been assigned a risk rating; and
  • one of 14 (seven per cent) open Auditor-General performance audit recommendations had been assigned a risk rating.

2.37 The department advised that it adopts the risk rating the ANAO assigns financial statements audit recommendations. Financial Operations also considers and reports (to the Financial Statements Sub-Committee) the risk of the recommendation being implemented within the expected completion date.

Oversight

2.38 The Audit and Risk Committee and Financial Statements Sub-Committee are responsible for overseeing the implementation of recommendations (see paragraph 2.15). Recommendation tracking and implementation is a standing agenda item for both committees.

  • Audit and Assurance provide an update at each Audit and Risk Committee meeting on relevant open and closed recommendations.
  • Financial Operations provide an update at each Financial Statements Sub-Committee on relevant open and closed recommendations.

2.39 Paragraphs 2.53 to 2.55 discuss oversight of recommendations in more detail.

Closure

2.40 Recommendation owners prepare a business case and closure pack to demonstrate the implementation of the recommendation. Audit and Assurance or Financial Operations review the business case to assess whether closure is supported. If supported, a closure minute is prepared for the Chief Audit Executive’s or Chief Financial Officer’s endorsement (see paragraphs 2.6 to 2.8). Once a closure decision has been made, the recommendation owner is notified.

Recommendation no.1

2.41 Department of Home Affairs update its procedures to reflect the process improvements implemented throughout the audit. This includes:

  1. implementation planning;
  2. progress reporting;
  3. implementation timeframes; and
  4. risk management of recommendations.

Department of Home Affairs response: Agreed.

2.42 The Department has commenced drafting an update to the procedural instructions governing the management and implementation of recommendations. Implementation is expected to be completed by 30 June 2022.

Does the department have effective systems in place to monitor the implementation of agreed recommendations?

The department has largely effective systems to monitor the implementation of agreed recommendations. The department has appropriate information management systems to monitor recommendations, however, tracking information is incomplete and guidance is in draft form. The department has effective internal and external reporting arrangements.

2.43 Systems to monitor the implementation of agreed recommendations should be fit-for-purpose, reflecting the size of the entity, the nature of its business and its governance structure. Entities should ensure there are sufficient system controls to maintain complete and accurate data.

Systems

2.44 The department has three separate systems to monitor parliamentary committee and Auditor-General recommendations.

  • Ministerial and Parliamentary use the Parliamentary Document Management System (PDMS)20 to capture agreed parliamentary committee recommendations.
  • Audit and Assurance uses a Microsoft Access database (the Recommendation Monitoring and Assurance (RMA) database) to monitor parliamentary committee and Auditor-General performance audit recommendations.
  • Financial Operations maintain a spreadsheet to track Auditor-General financial statements audit recommendations.

System controls

2.45 A manual process is used to enter, track and close parliamentary committee and Auditor-General recommendations. There are sufficient manual controls, provided regular monitoring of user groups is maintained. Limited system enforced controls (IT controls)21 are in place to maintain the completeness and accuracy of data in PDMS and the RMA database.

Parliamentary Document Management System

2.46 The department uses PDMS to manage its interactions with parliamentary committee inquiries, between an inquiry commencing and a government response being submitted.22

2.47 Appropriate staff are granted PDMS access that only allows users to perform specific tasks during a ministerial or parliamentary workflow process. In November 2021, Ministerial and Parliamentary reviewed high-level PDMS user access. All users who held the Parliamentary Coordinator role in PDMS were checked to ensure their level of access aligned with their role. As a result:

  • Parliamentary Coordinator access was removed from 69 users;
  • forty Ministerial and Parliamentary staff retained full Parliamentary Coordinator access; and
  • ninety departmental officers retained partial Parliamentary Coordinator access.

2.48 There would be merit in the department establishing a regular review process for high-level PDMS access.

Completeness and accuracy

2.49 ANAO analysis in October 2021 identified that PDMS did not contain all agreed parliamentary committee recommendations. Ministerial and Parliamentary emailed relevant staff during this audit to address this. As at 23 February 2022, the department advised that PDMS contained all agreed parliamentary committee recommendations.

Recommendation Monitoring and Assurance database

2.50 The department uses the RMA database to manage status reporting of parliamentary committee and Auditor-General performance audit recommendation implementation. Key documents, such as status updates to the Audit and Risk Committee and closure minutes are retained in the department’s electronic document and records management system.

2.51 The RMA database is stored in a shared drive. Drive access is restricted to branch level. Database backups are manual and are completed daily with weekly backups saved to the department’s electronic document and records management system.23 Draft guidance on the RMA database is available, and training is provided on an as needed basis.

Completeness and accuracy

2.52 As at March 2022, the RMA database contained all Auditor-General recommendations.24 The RMA database does not contain a complete record of implementation tracking. For example, Audit and Assurance has not recorded when a closure minute was received for all implemented Auditor-General recommendations.

Reporting

Internal reporting

2.53 The Audit and Risk Committee and Financial Statements Sub-Committee are the oversight bodies for agreed recommendations. The Audit and Risk Committee provides advice to the Secretary on the status of agreed recommendations (see paragraph 2.15).

2.54 The ANAO reviewed the minutes for both committees’ meetings conducted between January 2019 and December 2021, to determine the percentage of meetings where a recommendation update was provided to the committees and the Secretary. The Audit and Risk Committee met 20 times and the Financial Statements Sub-Committee met 14 times in this period.

Table 2.1: Percentage of meetings between January 2019 and December 2021 where a recommendation update was provided

Action

Percentage

Financial Operations provided an update to the Financial Statements Sub-Committee on agreed recommendations.

100

Audit and Assurance provided an update to the Audit and Risk Committee on agreed recommendations.

80a

Audit and Risk Committee provided an update to the Secretary on agreed recommendations.

80b

   

Note a: An update was not provided in May 2020, two meetings in September 2020 and one meeting in September 2021.

Note b: These updates included unique information on the total number of open and closed recommendations.

Source: ANAO analysis of departmental information.

2.55 Table 2.1 shows that within the audit timeframe, the department consistently reported to the relevant oversight bodies on the implementation of agreed recommendations. Auditor-General recommendation reporting at the team and recommendation owner level is discussed in paragraphs 3.10 to 3.17.

External reporting

2.56 Entities are required to provide updates to the Department of the Prime Minister and Cabinet on outstanding government responses to parliamentary committee reports (see paragraphs 1.11 to 1.16). The department’s current processes meet this requirement. Entities are not required to report on the implementation status or closure of agreed recommendations, unless requested.25

2.57 When requested, the department provides advice to the ANAO:

  • on the implementation status of performance audit recommendations26; and
  • to inform reviews and reports on the status of financial statements audit recommendations as part of ANAO’s biannual reporting.

3. Implementation of recommendations

Areas examined

This chapter examines whether the Department of Home Affairs (the department) effectively implemented agreed recommendations, by reviewing a sample of 25 agreed recommendations comprised of eight parliamentary committee and 17 Auditor-General recommendations.

Conclusion

With respect to the 25 agreed recommendations examined, 16 (64 per cent) were implemented, two (eight per cent) were largely implemented, three (12 per cent) were partly implemented, one (four per cent) was not implemented and for three (12 per cent) implementation was ongoing.

Area for improvement

The ANAO identified one area for improvement relating to assurance over recommendation monitoring data.

3.1 Recommendations from parliamentary committee and Auditor-General reports focus on what needs to happen, not how to do it. Successful implementation of recommendations requires fit-for-purpose implementation plans, and strong senior management oversight and monitoring to ensure delivery of the agreed action.

3.2 Prior to September 2021, the Department of Home Affairs (the department) did not have a process to monitor agreed parliamentary committee recommendations (see paragraph 2.5). As a result, this limited the ANAO’s examination on whether selected parliamentary committee recommendations were implemented in full and closed in accordance with requirements.

3.3 Table 3.1 outlines the number of agreed parliamentary committee and Auditor-General recommendations that were within the scope of this audit. For details of the selected recommendations see Appendix 3, Appendix 4 and Appendix 5.

Table 3.1: Parliamentary committee and Auditor-General reports and recommendations within the audit scope

Author

Number of reports

Agreed recommendations

Joint Committee of Public Accounts and Audit

1

1

Parliamentary Joint Committee on Intelligence and Security

1

3

Parliamentary Joint Committee on Law Enforcement

1

2

Joint Standing Committee on Foreign Affairs, Defence and Trade

1

1

Senate Standing Committees on Rural and Regional Affairs and Transport

1

1

Auditor-General performance audit

8

16

Auditor-General financial statements audit

1

1

Total number of reports and recommendations in scope

14

25

     

Source: ANAO analysis of information in the public domain.

Did the department develop a fit-for-purpose implementation plan for each of the selected recommendations?

Prior to February 2022, the department did not have procedures or guidance for developing fit-for-purpose implementation plans, nor were any plans developed for the selected Auditor-General recommendations. All (17) Auditor-General recommendations were assigned a recommendation owner at the appropriate level. One Auditor-General recommendation was assigned a due date and risk rating.

3.4 In the absence of procedures or guidance on how to implement agreed recommendations, the ANAO examined whether the department assigned roles and responsibilities, timeframes, and a risk rating for selected Auditor-General recommendations.

Roles and responsibilities

3.5 Auditor-General recommendation owners are at the level of First Assistant Secretary, Assistant Commissioner or Group Manager (see paragraph 2.13). All selected Auditor-General recommendations were assigned an appropriate recommendation owner.

Implementation timeframes

3.6 Prior to February 2022, the department did not require timeframes be established for agreed Auditor-General recommendations (see paragraph 2.34). One Auditor-General recommendation was assigned a timeframe.27

Risk

3.7 Prior to February 2022, the department did not require risk to be assessed for agreed Auditor-General performance audit recommendations (see paragraph 2.36). None of the (16) selected performance audit recommendations were assigned a risk rating.

3.8 The department advised it adopts the ANAO’s risk ratings for financial statements audit recommendations (see paragraph 2.37). The financial statements audit recommendation reviewed in this audit resulted from a ‘significant non-adherence’ to the department’s Visa and Citizenship Quality Management Framework. The department agreed to the recommendation but disagreed that the finding was ‘significant’.28 In November 2019, the department’s recommendation owner for the financial statements audit recommendation submitted a paper to the Audit and Risk Committee stating:

The Department disagrees with the Category A finding as set out in the management response …

The Department’s view is that the audit shifted scope throughout and that the final scope of the audit was too broad and well beyond the time and resources committed to truly understand the complexity of the business continuum and of the broader risk, quality and assurance frameworks, systems and processes as to inform a Category A finding.

In particular the ANAO’s focus on a subcomponent of tactical level quality assurance activity fails to consider the Department’s end to end business design and program outcomes and raises questions regarding the linkage between tactical level quality assurance and its impact on the identified high level strategic risk.

In addition, the audit was conducted as part of the Department’s annual financial statement audit, although this issue is a performance related one, not financial and the audit did not involve the same methodology or level of preparation that should be applied to a performance audit.

3.9 The department did not assign a risk rating to this recommendation when it was a significant (Category A) finding. The department adopted ANAO’s risk rating when this finding was downgraded to Category B and Category C.29 Financial Operations reported to the Financial Statements Sub-Committee on the risk of this recommendation being implemented within the expected completion date in the May and June 2021.

Did the department effectively monitor the implementation of each selected recommendation?

The effectiveness of the department’s monitoring of the implementation of each selected recommendation was reduced by the absence of a clear assurance process. The Audit and Risk Committee received at least one status update for seven (40 per cent) recommendations. There was a range of 22 to 380 days from when a report tabled to when the first status update was provided to the team responsible for monitoring the recommendation’s implementation.

3.10 Effective monitoring requires an approach that accurately tracks progress and records the actions of the business area or individual responsible for implementation. The goal is that those with entity accountability can have a clear line of sight to the implementation of agreed recommendations.

3.11 As depicted in Figure 2.1, the recommendation owner is responsible for implementing recommendations and providing updates to:

  • Audit and Assurance or Financial Operations; and
  • Audit and Risk Committee or Financial Statements Sub-Committee.

3.12 The recommendation owner for the reviewed financial statements audit recommendation provided updates to the Audit and Risk Committee (see paragraph 2.16).

Auditor-General performance audit recommendations

3.13 As discussed in paragraph 2.44, the Recommendation Monitoring and Assurance (RMA) database is used to monitor the implementation of agreed Auditor-General performance audit recommendations. The department does not have a process to obtain assurance over the information retained within the RMA database. Using the available information, the ANAO found that:

  • all recommendation owners provided at least one update to Audit and Assurance;
  • the frequency and number of updates varied between recommendations, ranging from one to 12 updates30;
  • the lapsed time between a recommendation being tabled and the first update ranged from 2231 to 380 days32;
  • the median and average lapsed time between a recommendation being tabled and the first update from the recommendation owner was 239 days (7.9 months);
  • fifty per cent of the recorded status updates from recommendation owners were in response to a request from Audit and Assurance; and
  • once Audit and Assurance initiated contact, most recommendation owners provided an update at least once every three months.33

3.14 The department advised that:

to manage the database size, the recommendations monitoring system only records substantive updates to progress in the comments field/audit history for each audit. This … result[s] in differences in the total number of updates recorded against each recommendation.

3.15 There would be merit in the department establishing a process to gain assurance over the data retained within the RMA database. This would support Audit and Assurance provide accurate reporting to the Audit and Risk Committee (see paragraph 2.38).

Auditor-General financial statements audit recommendations

3.16 The Auditor-General financial statements audit recommendation was managed through the Audit and Risk Committee (see paragraph 2.16). In December 2020, the Financial Statements Sub-Committee requested that updates be provided for visibility. Financial Operations sought and provided updates to the Financial Statements Sub-Committee in March, May and July 2021.

Audit and Risk Committee

3.17 The Audit and Risk Committee was provided with inconsistent and irregular implementation status updates for Auditor-General recommendations.

  • Ten (59 per cent) recommendations did not provide any updates.
  • Three (18 per cent) recommendations provided one update.34
  • Three (18 per cent) recommendations provided two updates.35 One word changed in the second update, which was provided four months after the first update.
  • One (six per cent) recommendation provided five updates.36

Were the selected recommendations implemented in full and closed in accordance with requirements?

The recommendations examined were not all implemented in full and closed in accordance with requirements.

  • For the eight parliamentary committee recommendations examined, seven were implemented and one was not implemented.
  • For the 17 Auditor-General recommendations examined, nine were implemented, two were largely implemented, three were partly implemented and for three, implementation was ongoing.

In all instances where the department recorded an Auditor-General recommendation as being implemented, it was closed in accordance with requirements.

3.18 Entities that are effective at implementing recommendations have processes to provide assurance that this has occurred. Entities will often undertake a quality assurance process prior to determining that a recommendation has been implemented and closed.

3.19 The approach used by the ANAO to assess the implementation status of the 25 selected recommendations is set out in Table 3.2 below.

Table 3.2: Implementation status assessment categories

Category

Explanation

Not implemented

There is no supporting evidence that the agreed action has been undertaken or the action taken does not address the intent of the recommendation as agreed.

Partly implemented

The action taken was less extensive than the recommendation agreed, as:

  • it fell well short of the intent of the recommendation as agreed; or
  • processes were initiated or implemented but outcomes not achieved.

Largely implemented

The action taken was less extensive than the recommendation agreed, as:

  • it fell short of the intent of the recommendation as agreed; or
  • processes were initiated or implemented and there is evidence there was also action taken to achieve the outcome.

Implemented

There is supporting evidence that the agreed action has been undertaken and the action met the intent of the recommendation as agreed.

   

Source: ANAO.

3.20 The ANAO reviewed agreed and noted37 parliamentary committee and Auditor-General recommendations between January 2019 and September 2020 (see paragraphs 1.22 and 1.23). This included:

  • three agreed parliamentary committee recommendations;
  • five noted parliamentary committee recommendations; and
  • seventeen agreed Auditor-General recommendations (see Table 3.1).

Agreed parliamentary committee recommendations

3.21 Table 3.3 contains the department’s and ANAO’s assessment regarding the implementation of selected agreed parliamentary committee recommendations. Additional commentary is provided where the department and ANAO assessment differed. Appendix 3 provides the full text of each agreed recommendation.

Table 3.3: Summary assessment of agreed parliamentary committee recommendations implementation

Recommendation and report

Author

Department assessment

ANAO assessment

Recommendation 1, Review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018

Parliamentary Joint Committee on Intelligence and Security

Implemented

Implemented

Recommendation 2, Review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018

Parliamentary Joint Committee on Intelligence and Security

Implemented

Implemented

Recommendation 3, Review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018

Parliamentary Joint Committee on Intelligence and Security

Implemented

Implemented

       

Source: ANAO analysis of departmental information.

3.22 There were no instances where the department’s and ANAO’s assessment in Table 3.3 differed.

Noted parliamentary committee recommendations

3.23 Table 3.4 contains the department’s and ANAO’s assessment regarding the implementation of selected noted parliamentary committee recommendations. The ANAO assessed the department against its responsibilities outlined in the government’s response. Appendix 4 provides the full text of each agreed recommendation.

Table 3.4: Summary assessment of noted parliamentary committee recommendations implementation

Report

Author

Department assessmenta

ANAO assessment

Recommendation 2, Report 479: Australian Government Security Arrangements

Joint Committee of Public Accounts and Audit

Implemented

Recommendation 1, Theft and export of motor vehicles and parts

Joint Committee on Law Enforcement

Not implemented

Recommendation 2, Theft and export of motor vehicles and parts

Joint Committee on Law Enforcement

Implemented

Recommendation 6, From little things big things grow: Supporting Australian SMEs go global

Joint Standing Committee on Foreign Affairs, Defence and Trade

Implemented

Recommendation 5, The operation, regulation and funding of air route service delivery to rural, regional and remote communities

Senate Standing Committees on Rural and Regional Affairs and Transport

Implemented

       

Note a: As these recommendations were noted, the department did not provide an assessment on implementation status.

Source: ANAO analysis of departmental information.

Joint Committee of Public Accounts and Audit, Report 479: Australian Government Security Arrangements — recommendation 2

3.24 The ANAO assessed this recommendation as implemented.

3.25 The government response to recommendation 2 included that:

As per the Recommendation two, of Report 479: Australian Government Security Arrangements, please find enclosed the Department of Home Affairs’ progress report on the implementation of the recommendations from the ANAO Audit Report 38, and the status of the Department’s compliance with the Protective Security Policy Framework.

3.26 The department provided a progress report to the Joint Committee of Public Accounts and Audit within three months. The government response gave no commitment to annual reporting.

Joint Committee on Law Enforcement, Theft and export of motor vehicles and parts — recommendations 1 and 2
Recommendation 1

3.27 The ANAO assessed this recommendation as not implemented.

3.28 The government response to recommendation 1 included that:

[It] intends to give effect to the intent of this recommendation through administrative changes within the scope of the provisions of the Customs Act relating to false and misleading statements. The Government will direct the ABF to consider appropriate amendments to Australia’s export declaration process, to require an exporter to confirm the legitimacy of their goods at the point of export. If an exporter’s declaration regarding those goods were found to be false or misleading, this would trigger offences under both the Customs Act and the Criminal Code Act 1995 (Criminal Code) for providing false or misleading statements.

3.29 The department advised the ANAO that:

Since the Inquiry’s recommendation, there have been no instances of stolen vehicles or vehicle parts raised as being seized or detained. As such, there have been no compliance actions to review. Once an instance of the exportation of stolen vehicles or vehicle parts is detected at the border, the treatment of those goods will be examined and advice will be generated, as required.

3.30 The department has not made administrative changes within the scope of the provisions of the Customs Act 1901 relating to false and misleading statements.

Recommendation 2

3.31 The ANAO assessed this recommendation as implemented.

3.32 The government response to recommendation 2 included that:

[The department] collaborates regularly with domestic law enforcement agencies to address unlawful and illicit activities that cut across areas of Commonwealth and State and Territory responsibilities.

3.33 The department provided three examples of where it collaborates with domestic law enforcement agencies.

  • The Black Economy Standing Taskforce: the Taskforce’s objective is to protect the public finances of Australia.38
  • The Australian Transnational, Serious and Organised Crime Committee: the Committee’s objective is to contribute to the protection of Australia, its people, and its interests from the harms of transnational, serious and organised crime.39
  • The Criminal Justice and Law Enforcement Forum: the Forum’s objective is to provide strategic oversight and guidance for the development of whole-of-government strategies and policies, and coordinated activities to respond to the threat of transnational, serious and organised crime.40
Joint Standing Committee on Foreign Affairs, Defence and Trade, From little things big things grow: Supporting Australian SMEs go global — recommendation 6

3.34 The ANAO assessed this recommendation as implemented.

3.35 The government response to recommendation 6 included that:

The Department of Home Affairs is leading a whole-of-government agenda to transform and modernise international trade that flows across Australia’s border.

3.36 In June 2021, the government established a whole-of-government Simplified Trade System Implementation Taskforce. Responsibility for this taskforce now sits within the Foreign Affairs and Trade portfolio.41

Senate Standing Committees on Rural and Regional Affairs and Transport, The operation, regulation and funding of air route service delivery to rural, regional and remote communities — recommendation 5

3.37 The ANAO assessed this recommendation as implemented.

3.38 The government response to recommendation 5 included that:

The Department of Infrastructure, Transport, Cities and Regional Development is working with industry and the Department of Home Affairs to undertake up to six case studies to assess the financial impact of the new aviation security requirements on regional airports and, where possible, the flow on impact to the local communities.

3.39 In September 2021, the department worked with the Department of Infrastructure, Transport, Regional Development and Communications to finalise this analysis.

Agreed Auditor-General recommendations

3.40 Table 3.5 contains the department’s and ANAO’s assessment regarding the implementation of selected agreed Auditor-General recommendations. Additional commentary is provided where the ANAO and department assessment differed. Appendix 5 provides the full text of each agreed recommendation.

Table 3.5: Summary assessment of agreed Auditor-General recommendations implementation

Report

Author

Department assessment

ANAO assessment

Recommendation 3, Establishment and Use of ICT Related Procurement Panels and Arrangements

Auditor-General Report (No. 4 2020–21)

Implemented

Partly implemented

Recommendation 2, Fraud Control Arrangements in the Department of Home Affairs

Auditor-General Report (No. 43 2019–20)

Implemented

Implemented

Recommendation 1, Procurement of Garrison Support and Welfare Services

Auditor-General Report (No. 37 2019–20)

Implemented

Implemented

Recommendation 2, Procurement of Garrison Support and Welfare Services

Auditor-General Report (No. 37 2019–20)

Implemented

Implemented

Recommendation 4, Aboriginal and Torres Strait Islander Participation Targets in Major Procurements

Auditor-General Report (No. 25 2019–20)

Implemented

Largely implemented

Recommendation 5, Aboriginal and Torres Strait Islander Participation Targets in Major Procurements

Auditor-General Report (No. 25 2019–20)

Implemented

Largely implemented

Recommendation 6, Aboriginal and Torres Strait Islander Participation Targets in Major Procurements

Auditor-General Report (No. 25 2019–20)

Implemented

Implemented

Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2019

Auditor-General Report (No. 20 2019–20)

Implemented

Implemented

Recommendation 1, Delivery of the Humanitarian Settlement Program

Auditor-General Report (No. 17 2019–20)

Implemented

Partly implemented

Recommendation 2, Delivery of the Humanitarian Settlement Program

Auditor-General Report (No. 17 2019–20)

Implementation ongoing

Implementation ongoing

Recommendation 3, Delivery of the Humanitarian Settlement Program

Auditor-General Report (No. 17 2019–20)

Implementation ongoing

Implementation ongoing

Recommendation 1, Management of the Tourist Refund Scheme

Auditor-General Report (No. 8 2019–20)

Implemented

Implemented

Recommendation 2, Management of the Tourist Refund Scheme

Auditor-General Report (No. 8 2019–20)

Implementation ongoing

Implementation ongoing

Recommendation 3, Management of the Tourist Refund Scheme

Auditor-General Report (No. 8 2019–20)

Implemented

Partly implemented

Recommendation 1, Coordination Arrangements of Australian Government Entities Operating in Torres Strait

Auditor-General Report (No. 41 2018–19)

Implemented

Implemented

Recommendation 2a, Efficiency of the Processing of Applications for Citizenship by Conferral

Auditor-General Report (No. 25 2018–19)

Implemented

Implemented

Recommendation 3, Efficiency of the Processing of Applications for Citizenship by Conferral

Auditor-General Report (No. 25 2018–19)

Implemented

Implemented

       

Note a: This recommendation was ‘Agreed in principle’. The ANAO assessed whether the department implemented what it agreed to in its response.

Source: ANAO analysis of departmental information.

3.41 There were five instances where the two assessments in Table 3.5 differed.

Auditor-General Report No. 4 2020–21 Establishment and Use of ICT Related Procurement Panels and Arrangements — recommendation 3

3.42 The ANAO assessed this recommendation as partly implemented.

3.43 Recommendation 3 was that the department ‘give greater consideration to competition when selecting suppliers from a panel, particularly in the case of high value procurements or where there is likely to be a substantial increase in the value of a procurement, to drive value for money’.

3.44 In response to this recommendation, the department updated ICT-related procurement guidance. The department does not monitor or report on whether greater competition (and value for money) has been considered (and achieved).

3.45 The department has completed seven high value procurements since this recommendation was closed in March 2021. One supplier was approached for five (71 per cent) of these procurements.

Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements — recommendations 4 and 5
Recommendation 4

3.46 The ANAO assessed this recommendation as largely implemented.

3.47 Recommendation 4 was that the department ‘review and update their procurement protocols to ensure procuring officers undertaking major procurements that trigger the [Mandatory Minimum Requirements] comply with required steps in the procurement process’.

3.48 The department has updated procurement-related guidance to include reference and hyperlinks to the Indigenous Procurement Policy and Mandatory Minimum Requirements. The department is currently drafting an Indigenous Procurement Strategy.

Recommendation 5

3.49 The ANAO assessed this recommendation as largely implemented.

3.50 Recommendation 5 was that the department ‘establish processes, or update existing processes, to ensure contract managers and contractors regularly use the [Indigenous Procurement Policy] Reporting Solution for [Mandatory Minimum Requirements] reporting’.

3.51 The department has developed a procedure on reporting for the Mandatory Minimum Requirements. Six procurements that triggered the Mandatory Minimum Requirements have been completed since this recommendation was closed in October 2020. The Indigenous Procurement Policy Reporting Solution has been used for one (17 per cent) of these procurements.

Auditor-General Report No. 17 2019–20 Delivery of the Humanitarian Settlement Program — recommendation 1

3.52 The ANAO assessed this recommendation as partly implemented.

3.53 Recommendation 1 was that the department ‘finalise changes to contract management arrangements for the [Humanitarian Settlement Program] to ensure full alignment with the Australian Government Contract Management Guide’.

3.54 The finalised contracts do not fully align with the Australian Government Contract Management Guide. For example, the contract management plans do not:

  • provide the contact details for the contract manager/s;
  • contain details of risks that have been identified and how and by whom they will be managed; or
  • include details of stakeholder engagement, including a schedule of meetings.
Auditor-General Report No. 8 2019–20 Management of the Tourist Refund Scheme — recommendation 3

3.55 The ANAO assessed this recommendation as partly implemented.

3.56 Recommendation 3 was that the department ‘implement and embed into business practices the data analysis tools that they have already developed’.

3.57 The department has developed a procedure on how to generate various reports based on available Tourist Refund Scheme data. This procedure does not include information as to how the department uses the data analysis tools to undertake data analytics on aspects of the Tourist Refund Scheme, such as non-compliance and fraud.

Closure

3.58 Recommendation owners prepare a business case and closure pack to demonstrate the implementation of the recommendation. Audit and Assurance or Financial Operations review the business case to assess whether closure is supported. If supported, a closure minute is prepared for the Chief Audit Executive’s or Chief Financial Officer’s endorsement (see paragraph 2.40). Selected Auditor-General recommendations that had been closed were administered in accordance with these requirements.

Appendices

Appendix 1 Department of Home Affairs response

Page one of the response from the Department of Home Affairs. You can read a summary of the response in the Summary and recommendation chapter of this report.

Page two of the response from the Department of Home Affairs. You can read a summary of the response in the Summary and recommendation chapter of this report.

Appendix 2 Performance improvements observed by the ANAO

1. The fact that independent external audit exists, and the accompanying potential for scrutiny, improves performance. Program-level improvements usually occur: in anticipation of ANAO audit activity; during an audit engagement as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

  • strengthening governance arrangements;
  • initiating reviews or investigations; and
  • introducing or revising policies or guidelines.

4. In this context, the below improvements were observed by the ANAO during the course of the audit. It is not clear if these actions and/or the timing of these actions were already planned before this audit commenced. The ANAO has not sought to obtain reasonable assurance over the source of these improvements or whether they have been appropriately implemented.

5. Performance improvements observed by the ANAO during the course of this audit were that the department:

  • established a process to monitor the implementation of agreed parliamentary committee recommendations (see paragraph 2.5);
  • amended the Audit and Risk Committee Charter to include reporting to the Secretary on parliamentary committee reports and agreed recommendations (paragraph 2.15);
  • commenced a process that set timeframes and assigned risk ratings to open agreed parliamentary committee and Auditor-General performance audit recommendations (see paragraphs 2.34 and 2.36, respectively);
  • undertook a review of high-level Parliamentary Document Management System user access (see paragraph 2.47); and
  • improved the completeness of data in the Parliamentary Document Management System and the Recommendation Monitoring and Assurance database (see paragraph 2.49 and 2.52, respectively).

Appendix 3 Agreed parliamentary committee recommendations examined in this audit

Table A.1: Parliamentary Joint Committee on Intelligence and Security, Review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018

Recommendation

Government response

Recommendation 1

The Committee recommends that section 187N of the Telecommunications (Interception and Access) Act 1979 be amended to require the Committee’s review of the amendments made by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 by June 2020.

The Government supports this recommendation in principle. However, it has been superseded by the request from the Chair of the Parliamentary Joint Committee on Intelligence and Security, Mr Andrew Hastie MP, to the Prime Minister on 9 August 2019 that legislation be introduced to defer the Committee’s reporting date to 30 September 2020.

The passage of legislation to provide this extension would permit the Committee to extend the reporting date of Independent National Security Legislation Monitor until June 2020 (from March 2020) as requested by the Monitor.

This extension is needed to provide the Committee with sufficient time to consider the findings of the Independent National Security Legislation Monitor’s review, carry out a detailed review of the legislation, and undertake appropriate consultations with industry and the public.

Recommendation 2

The Committee recommends that sufficient resources be made available to the Independent National Security Legislation Monitor to enable the review of the amendments made by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, as referred by the Committee, and report by 1 March 2020.

The Government supports this recommendation in principle, noting that the Independent National Security Legislation Monitor has asked the Committee for an extension of the Monitor’s reporting date, to June 2020, as discussed in response to recommendation 1. The Attorney-General’s portfolio and the Department of Home Affairs are working with the Independent National Security Legislation Monitor to ensure sufficient resources are made available for this review.

Recommendation 3

The Committee recommends that the Government continues to ensure that the Inspector-General of Intelligence and Security and the Commonwealth Ombudsman have sufficient resources to ensure that they can properly execute their additional responsibilities under the Assistance and Access Act.

The Government supports this recommendation. The Government will monitor the resource impacts on the Inspector General of Intelligence and Security and the Commonwealth Ombudsman and consider additional resourcing where necessary.

   

Source: Parliamentary Joint Committee on Intelligence and Security, Review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, p. xi, and Government Response, pp. 2–3.

Appendix 4 Noted parliamentary committee recommendations examined in this audit

Table A.2: Joint Committee of Public Accounts and Audit, Report 479: Australian Government Security Arrangements

Recommendation

Government response

Recommendation 2

The Committee recommends that each of the five entities scrutinised in Audit Report 38 (2017–18) provide a progress report to the Committee, within three months and with an update every twelve months, on their implementation of the recommendations from the Audit Report and the status of their compliance with the Protective Security Policy Framework.

As per the Recommendation two, of Report 479: Australian Government Security Arrangements, please find enclosed the Department of Home Affairs’ progress report on the implementation of the recommendations from the ANAO Audit Report 38, and the status of the Department’s compliance with the Protective Security Policy Framework.

   

Source: Joint Committee of Public Accounts and Audit, Report 479 Australian Government Security Arrangements, p. vii, and Government Response, p. 1.

Table A.3: Joint Committee on Law Enforcement, Theft and export of motor vehicles and parts

Recommendation

Government response

Recommendation 1

The committee recommends that the Australian government amends the Customs Act 1901 and the Customs (Prohibited Exports) Regulations 1958 to make it an offence to export stolen goods, including stolen motor vehicles and motor vehicle parts.

The Government notes this recommendation.

The Australian Border Force (ABF), as Australia’s customs service undertakes regular compliance action, including against false or misleading declarations under the Customs Act 1901 (the Customs Act). The Government reaffirms the ABF’s role in combatting illicit activities at our borders and in supporting law enforcement agencies.

The Customs Act governs Australia’s customs related functions and is the legislative authority for customs requirements for the importation, and exportation, of goods to and from Australia. This includes penalties for breaching provisions in the Customs Act.

The Customs (Prohibited Exports) Regulations 1958 (Prohibited Exports Regulations) prohibit the exportation of goods from Australia either absolutely or by prohibiting exportation unless specified conditions or restrictions are complied with. The prohibitions in the Prohibited Exports Regulations are generally made to support Australia’s international obligations or on measures of Australian national significance.

The Government intends to give effect to the intent of this recommendation through administrative changes within the scope of the provisions of the Customs Act relating to false and misleading statements. The Government will direct the ABF to consider appropriate amendments to Australia’s export declaration process, to require an exporter to confirm the legitimacy of their goods at the point of export. If an exporter’s declaration regarding those goods were found to be false or misleading, this would trigger offences under both the Customs Act and the Criminal Code Act 1995 (Criminal Code) for providing false or misleading statements.

The Government notes that penalties for making a false or misleading statement under the Customs Act include fines of up to a maximum of 250 penalty units ($55,500). Penalties for providing false or misleading information under the Criminal Code includes a maximum penalty of imprisonment for 12 months. These penalties would apply in addition to penalties under State and Territory law relating to theft and handling of stolen goods, which can also include imprisonment.

The application of additional penalties under the Customs Act and the Criminal Code would be an appropriate additional deterrent to exporting stolen vehicles and parts. This approach reflects that the primary offences of theft and handling stolen property remain matters for domestic law enforcement.

The ABF would be required to amend the export declaration form and make system changes to give effect to this approach.

The Government’s view is that neither amending the Customs Act nor creating a new export prohibition under the Prohibited Exports Regulations would be an effective or appropriate response to the criminal issue identified by the Committee. ABF officers are not in a position to assess accurately and promptly the ownership of goods presented for export to justify their seizure, in the absence of intelligence from domestic law enforcement agencies or specific referrals. Combatting the theft and handling of motor vehicles and vehicle parts remains primarily a domestic law enforcement issue.

The Government’s proposed action would provide a suitable additional deterrent for exporting stolen vehicles and parts and would support federal and state and territory law enforcement agencies in their law enforcement efforts.

Recommendation 2

The committee recommends that the Australian Border Force works with state and territory law enforcement agencies and the National Motor Vehicle Theft Reduction Council to develop a national strategy to reduce the export of stolen motor vehicles and motor vehicle parts.

The Government notes this recommendation.

The Home Affairs portfolio, which includes the ABF, collaborates regularly with domestic law enforcement agencies to address unlawful and illicit activities that cut across areas of Commonwealth and State and Territory responsibilities. Areas of the Portfolio other than the ABF are more appropriately placed to represent the Portfolio’s interests with the National Motor Vehicle Theft Reduction Council. The ABF will refer the recommended action to the Department of Home Affairs and its relevant portfolio agencies for consideration.

   

Source: Source: Joint Committee on Law Enforcement, Theft and export of motor vehicles and parts, p. ix, and Government Response, pp. 2–3.

Table A.4: Joint Standing Committee on Foreign Affairs, Defence and Trade, From little things big things grow: Supporting Australian SMEs go global

Recommendation

Government response

Recommendation 6

The Committee recommends that the Australian Government makes its free trade agreements (FTA) more user-friendly for Australian small and medium enterprises (SMEs) by:

  • Developing closer linkages between the Export Finance and Insurance Corporation (Efic) and municipal councils and local chambers of commerce so their networks can help promote Efic’s services to Australian SMEs; and
  • Establishing a ‘single trade window’ for SME exporters to guide them to education, products and services that meet their needs, and improve the access of SMEs to a centralised source of trade resources, from government agencies such as the Department of Foreign Affairs and Trade, Australian Trade and Investment Commission, Department of Home Affairs, Department of Agriculture and Water Resources, Export Finance and Insurance Corporation, Department of Industry, Innovation and Science, and the Department of Jobs and Small Business.

Noted

The Australian Government will review this recommendation in the broader context of looking at EFA’s alliances with key stakeholders in a range of levels of industry and government. EFA and Austrade are currently working together to further strengthen the working relationship between the two agencies, to ensure that they provide a seamless and enhanced service offering to Australian businesses looking to expand into international markets.

The Department of Home Affairs is leading a whole-of-government agenda to transform and modernise international trade that flows across Australia’s border. This agenda aims to create a future international trade system for Australia that is digital, seamless, and secure. This system would be underpinned by an enhanced single window for international trade. Australia already has a customs single window, the Integrated Cargo System. The Department of Home Affairs is engaging with SMEs on trade modernisation reforms.

Austrade is also developing the ‘Export Support Finder’ (ESF), a digital tool that will help any exporter, or potential exporter, to quickly and easily find information and services provided by Government and other expert sources to support their export journey. The ESF will focus initially on services exports, and will be expanded to accommodate other export categories in response to client demand over time. The ESF will draw on Austrade’s existing knowledge base and systems, its experience of enquiries from clients, and the knowledge base of selected Austrade partners.

The Australian Government notes that a single source of trade resources for businesses already exists — www.business.gov.au. The website is a trusted one-stop shop for SMEs with relevant links to specific exporting information (Austrade), business competitiveness and productivity support (DIIS), customs information (Home Affairs) and FTAs (DFAT). The Government will consider expanding trade-related information on www.business.gov.au to include exporting digital goods and services. In addition, the award winning FTA Portal provides SMEs with valuable information regarding exporting or importing goods and services from our FTA partners (refer Recommendation 9.2).

   

Source: Joint Standing Committee on Foreign Affairs, Defence and Trade, From little things big things grow: Supporting Australian SMEs go global, p. xxxi, and Government Response, pp. 9–10.

Table A.5: Senate Standing Committees on Rural and Regional Affairs and Transport, The operation, regulation and funding of air route service delivery to rural, regional and remote communities

Recommendation

Government response

Recommendation 5

The committee recommends that following a financial analysis into the ongoing costs of the provision of security screening at regional airports, the Australian Government consider providing ongoing financial assistance to those regional airports which have been identified as requiring passenger security screening enhancements as part of the 2018–19 Budget, where required.

The Australian Government notes these recommendations.

The Department of Infrastructure, Transport, Cities and Regional Development is working with industry and the Department of Home Affairs to undertake up to six case studies to assess the financial impact of the new aviation security requirements on regional airports and, where possible, the flow on impact to the local communities. The airports, from across a number of states, will be selected based on varying profiles and operating environments.

It has been a longstanding policy of successive governments that industry is responsible for the cost of security, including operating costs. The majority of regional airports required to upgrade screening equipment already conduct security screening and are responsible for managing the associated costs.

   

Source: Senate Standing Committees on Rural and Regional Affairs and Transport, The operation, regulation and funding of air route service delivery to rural, regional and remote communities, p. xiii, and Government Response, p. 6.

Appendix 5 Agreed Auditor-General recommendations examined in this audit

Table A.6: Auditor-General Report No. 4 2020–21 Establishment and Use of ICT Related Procurement Panels and Arrangements

Recommendation

Home Affairs response

Recommendation 3

The Department of Home Affairs and the Department of Industry, Science, Energy and Resources give greater consideration to competition when selecting suppliers from a panel, particularly in the case of high value procurements or where there is likely to be a substantial increase in the value of a procurement, to drive value for money.

Agreed.

The Department will continue to consider approaching more than one supplier to provide services and will actively consider ways to enhance competitive tension in procurements when selecting suppliers from a panel, particularly in relation to high value procurements.

   

Source: Auditor-General Report No. 4 2020–21 Establishment and Use of ICT Related Procurement Panels and Arrangements, p. 85.

Table A.7: Auditor-General Report No. 42 2019–20 Fraud Control Arrangements in the Department of Home Affairs

Recommendation

Home Affairs response

Recommendation 2

The Department of Home Affairs accountable authority’s annual report certification prepared pursuant to subsection 17AG(2) of the PGPA Rule 2014 should certify that all reasonable measures have been taken to deal appropriately with fraud relating to the entity, or indicate what further measures need to be implemented.

Agreed.

The Department will ensure that future annual reports are consistent with this recommendation when providing certification under section 17AG(2)(b)(iii) of the PGPA Rule 2014.

   

Source: Auditor-General Report No. 42 2019–20 Fraud Control Arrangements in the Department of Home Affairs, p. 49.

Table A.8: Auditor-General Report No. 37 2019–20 Procurement of Garrison Support and Welfare Services

Recommendation

Home Affairs response

Recommendation 1

The Department of Home Affairs develop policy guidance to ensure that, where a limited tender procurement is undertaken, decisions in relation to the providers to receive requestions for quotation are accurately and concisely documented.

Agreed.

The Department will develop policy guidance and update internal procurement procedures to meet this recommendation with a particular focus on highly sensitive, high value, and/or complex procurements.

Recommendation 2

The Department of Home Affairs develop policy guidance to ensure that, where Letters of Intent are issued to contractors pending the finalisation of contracts, interim performance reports are prepared when an assessment of key contract risks and deliverables suggests it would be prudent to do so.

Agreed.

The Department will develop policy guidance, that interim performance management frameworks be developed when Letters of Intent are issued to contractors pending finalisation of contracts, in circumstances where a risk assessment including consideration of relevant timeframes, key transition risks of deliverables deems it to be necessary.

   

Source: Auditor-General Report No. 37 2019–20 Procurement of Garrison Support and Welfare Services, pp. 33 and 51.

Table A.9: Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements

Recommendation

Home Affairs response

Recommendation 4

All audited entities review and update their procurement protocols to ensure procuring officers undertaking major procurements that trigger the MMRs comply with required steps in the procurement process.

Agreed.

The Department of Home Affairs will review and update its existing suite of procurement guidance and templates to ensure officers undertaking major procurements have the appropriate information available to comply with the MMRs.

Recommendation 5

All audited entities establish processes, or update existing processes, to ensure contract managers and contractors regularly use the IPP Reporting Solution for MMR reporting.

Agreed.

The Department of Home Affairs will update its existing guidance and processes to ensure contract managers and contractors regularly use the IPP Reporting Solution for MMR reporting.

Recommendation 6

After guidance has been provided by the policy owner, all audited entities establish appropriate controls and risk-based assurance activities for active MMR contracts.

Agreed.

The Department of Home Affairs will re-examine internal guidance and processes for consistency once additional guidance from the National Indigenous Australians Agency has been received.

   

Source: Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements, pp. 52, 57 and 59.

Table A.10: Auditor-General Report No. 20 2019–20 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2019

Recommendation

Home Affairs response

The ANAO recommends that Home Affairs prioritise the:

  • finalisation of related reviews and implementation of: the Immigration and Citizenship Services Group Quality Management Framework; Immigration; Integrity Assurance Framework; and related Global Case Management Framework;
  • implementation of the newly established procedural instructions;
  • finalisation of enhancements to system tools and review of quality assurance testing programs; and
  • re-introduction of regular monitoring, appropriate analysis and reporting of quality assurance activities. This should be communicated to relevant stakeholders including the Executive, Audit Committee and other appropriate governance committees.

Home Affairs has agreed to the recommendations however, disagreed with the rating of the finding. Home Affairs has advised that:

  • the related review and implementation of the relevant frameworks has been significantly progressed;
  • the newly established procedural instructions were implemented from 1 July 2019 with a post implementation review scheduled in early 2020;
  • a number of system enhancements have been completed with further enhancements to be finalised by the end of 2019; and
  • regular reporting and monitoring activities are considered necessary. Home Affairs is considering the required elements recommended by the ANAO as the quality assurance framework is reviewed.
   

Source: Auditor-General Report No. 20 2019–20 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2019, pp. 199–200.

Table A.11: Auditor-General Report No. 17 2019–20 Delivery of the Humanitarian Settlement Program

Recommendation

Home Affairs response

Recommendation 1

Home Affairs should finalise changes to contract management arrangements for the HSP to ensure full alignment with the Australian Government Contract Management Guide.

Agreed.

Contract management activities for the HSP were recently centralised within the Department. This streamlined administrative processes and provided greater consistency in approach. The Department is already well advanced in finalising individual contract management plans for each provider, which once in place, will mean that the contractual arrangements are fully compliant with the Australian Government Contract Management Guide.

Recommendation 2

That Home Affairs (in consultation with DSS) continue to prioritise identifying, planning for and resolving HSP IT system issues that are either causing risks to program delivery, or impacting Home Affairs’ ability to manage program performance.

Agreed.

The Department has identified a range of system enhancements, building on system improvements already implemented. We will continue to work closely with DSS on implementation of these enhancements, which will further mitigate risks and improve performance management.

Recommendation 3

Home Affairs should finalise the review and update of HSP performance information, including by:

  1. refining the KPIs in the HSP contracts to reflect relevant elements of the HSP Program Outcomes Framework;
  2. providing additional guidance to service providers on how to measure attainment of the orientation competencies; and
  3. developing a Data Management Plan to help track if the HSP Program is meeting its objective.

Agreed.

The Department considers that it already has good performance information to assess program performance and client progress against outcomes. This includes data on client achievement against the orientation outcomes which directly links to the HSP Outcomes Framework, service provider performance reports, key performance indicators, research, internal data reports on service levels and client outcomes.

Notwithstanding this, the Department is implementing a new performance framework which will further strengthen performance reporting. This includes building on existing key performance indicators to better align to the HSP Outcomes Framework and our HSP data management plan to improve tracking of client progress towards outcomes and achievement of the program objective. The Department will continue to improve guidance to service providers on measuring attainment of orientation outcomes and work to better link HSP to the Adult Migrant English Program and other settlement programs to provide a more holistic approach to supporting clients to achieve settlement outcomes.

A new Assurance and Compliance Strategy has also been recently finalised, to provide assurance that settlement services are delivered appropriately, support client progression towards outcomes, and tests integrity of service provider claims. This includes gaining insights directly from clients on their overall satisfaction of settlement services and where improvements could be made. The Department is reorientating the HSP to move from an outputs measured model to an outcomes based model providing greater flexibility to respond to client needs and achieve outcomes.

   

Source: Auditor-General Report No. 17 2019–20 Delivery of the Humanitarian Settlement Program, pp. 26, 37 and 55.

Table A.12: Auditor-General Report No. 8 2019–20 Management of the Tourist Refund Scheme

Recommendation

Home Affairs response

Recommendation 1

The ATO and Home Affairs improve risk management of the TRS by preparing a joint risk assessment of the TRS which identifies all risks and appropriate treatments, and review the assessment annually.

Agreed.

The Department and ABF are engaging with the Australian Taxation Office (ATO) to develop a joint risk assessment that will be reviewed annually and endorsed by the Inter-Agency Liaison Committee, established under the Memorandum of Understanding between the ATO and the Department. A joint-agency workshop to commence this work was held on 31 July 2019.

Recommendation 2

In order to provide advice to the government about the numbers of Australian citizens and residents who fail to declare at the border goods for which they have previously received a GST refund through the TRS, and the amount of revenue leakage due to these goods being reimported, that Home Affairs, the ATO and the Treasury:

  1. jointly develop a methodology for estimating this non-compliance and revenue leakage;
  2. conduct an exercise to measure the non-compliance and revenue leakage; and
  3. report the results of this exercise to the government.

Agreed.

The Department and ABF will work with the ATO and Treasury to develop and implement an appropriate methodology and mechanism for reporting to Government. The joint-agency workshop held in July 2019 commenced the development of a methodology and the results will be reviewed by the Inter-Agency Liaison Committee.

Recommendation 3

Home Affairs and the ATO implement and embed into business practices the data analysis tools that they have already developed.

Agreed.

The operation of data analysis tools will be included and explained in a Standard Operating Procedure for the Tourist Refund Office. This will provide further guidance on the operation of these tools and further embed the use of the tools into standard business practice.

   

Source: Auditor-General Report No. 8 2019–20 Management of the Tourist Refund Scheme, pp. 39, 48 and 53.

Table A.13: Auditor-General Report No. 41 2018–19 Coordination Arrangements of Australian Government Entities Operating in Torres Strait

Recommendation

Home Affairs response

Recommendation 1

Noting the complexities in Torres Strait and the need for a degree of flexibility and discretion, the Department of Home Affairs develop comprehensive business rules to guide the implementation of immigration and customs legislation in Torres Strait and ensure consistent application of Treaty and legislative provisions.

Agreed.

The Department agrees with this recommendation noting the need for comprehensive business rules to guide the implementation of immigration and customs legislation in the Torres Strait, which should have regard as the report notes, to the complexities of operating in the Torres Strait and the need for a degree of flexibility and discretion in applying legislative and Treaty provisions. The Department agrees that good governance is essential in any operating environment and is actively addressing relevant policies and procedural instructions to guide the implementation of immigration and customs legislation in Torres Strait, and the consistent application of the relevant Treaty and legislation.

On 10 May 2019 the Department finalised a Policy Statement relating to allowed inhabitants of the Protected Zone. This Statement broadly satisfies the recommendation and will facilitate the ABF to enhance Procedural Instructions and Standard Operating Procedures to provide further guidance around the exercise of discretionary detention powers. A Procedural Instruction for detaining an unlawful non-citizen in an excised offshore place and a Standard Operating Procedure providing further guidance border monitoring officers on the importation of goods used in connection with traditional activities, have been reviewed and are currently in the final stages of drafting. We expect to finalise these two documents soon.

Further, on 18 April 2019, the ABF and the Department of Agriculture and Water Resources (DAWR) signed a Letter of Exchange which articulates roles, responsibilities and work instructions, and reflects the amendments to the Biosecurity Act 2015. The ABF and DAWR have a long productive working relationship in this unique operating environment that relies on cooperation to provide border security and deliver services to the Commonwealth, including the administration of immigration, customs and biosecurity regulations. A copy of this Letter of Exchange has been provided to the ANAO.

   

Source: Auditor-General Report No. 41 2018–19 Coordination Arrangements of Australian Government Entities Operating in Torres Strait, pp. 28–29.

Table A.14: Auditor-General Report No. 25 2018–19 Efficiency of the Processing of Applications for Citizenship by Conferral

Recommendation

Home Affairs response

Recommendation 2

The Department of Home Affairs establish and monitor performance standards that address periods of processing inactivity, including the length of time between an application being received and substantive processing work commencing.

Agreed in principle.

Whilst the department disagrees with the ANAO’s findings that the processing of citizenship applications has not been done efficiently, it is agreed in principle to monitor the time taken between processing stages, to the extent already captured in existing systems. The department acknowledges that it must continue to evolve the way it operates to keep pace with increased lodgements and changing risk profiles.

System-wide reforms to the way the Citizenship program is delivered are well underway, including:

  • client communication and client experience improvements
  • capacity enhancements
  • integrity enhancements
  • business operating model improvements, and
  • enhancements to facilitate global case management.

The department will explore ICT system enhancements to increase reporting capabilities, which will be subject to funding and prioritisation across the portfolio.

Recommendation 3

The Department of Home Affairs agree with the Department of Finance a revised funding model for citizenship activities that is based on updated activity levels and efficient costs.

Agreed.

The Government tasked the department with transforming Australia’s visa and citizenship system in response to rising traveller volumes and complex risks at the border. The department plans to review citizenship costs and funding arrangements as part of the Government’s broader immigration reform program.

   

Source: Auditor-General Report No. 25 2018–19 Efficiency of the Processing of Applications for Citizenship by Conferral, pp. 44 and 58.

Footnotes

1 The department also includes the Australian Border Force, which is responsible for border, investigatory, compliance, detention (facilities and centres) and enforcement functions, as well as Australia’s customs functions.

2 Parliament of Australia, Committees, [Internet], Parliament of Australia https://www.aph.gov.au/Parliamentary_Business/Committees [accessed 7 February 2022].

3 This included 16 performance audit recommendations and one financial statements audit recommendation.

4 Australian National Audit Office, Audit Insights — Implementation of Recommendations [Internet], ANAO, 2021, available from https://www.anao.gov.au/work/audit-insights/implementation-recommendations-2021 [accessed 7 February 2022].

5 The department also includes the Australian Border Force, which is responsible for border, investigatory, compliance, detention (facilities and centres) and enforcement functions, as well as Australia’s customs functions.

6 Parliament of Australia, Committees, [Internet], Parliament of Australia https://www.aph.gov.au/Parliamentary_Business/Committees [accessed 7 February 2022].

7 First audit: Auditor-General Report No. 6 2019–20 Implementation of ANAO and Parliamentary Committee Recommendations.

Second audit: Auditor-General Report No. 46 2019–20 Implementation of ANAO and Parliamentary Committee Recommendations — Education and Health Portfolios.

Third audit: Auditor-General Report No. 34 2020–21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence.

8 JCPAA reports are presented in the reports of both the President and the Speaker.

9 This included 16 performance audit recommendations and one financial statements audit recommendation.

10 For the purpose of the audit, ‘agreed’ has been defined as an entity or government response of ‘agreed’, ‘agreed in part’, ‘agreed in principle’, ‘supported’, ‘supported in part’ or ‘supported in principle’.

11 There are currently processes in place to monitor these recommendations. The ANAO considered three recommendations made in the Parliamentary Joint Committee on Intelligence and Security’s Review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. Two of the three recommendations did not include amendments to legislation. As a result, it was decided that all three recommendations would be reviewed in this audit.

12 Australian Government, Tabling Guidelines [Internet], Department of the Prime Minister and Cabinet, 2019, p.11, available from https://www.pmc.gov.au/resource-centre/government/tabling-guidelines [accessed 7 February 2022].

13 These include Assurance Reviews, Australian Human Rights Commission, ANAO, Australian Red Cross, Aviation Maritime Review, Commonwealth Ombudsman, Detention Assurance Reviews, Internal Audit, International Committee of the Red Cross and Management Initiated Reviews.

14 As at March 2022, the department did not have any open Auditor-General financial statements audit recommendations.

15 The department advised this was for two reasons: ‘1. There was no impact on the financial statements and 2. The finding came from a performance audit and not the financial statements audit process’.

16 The Institute of Internal Auditors, The Three Lines of Defense in Effective Risk Management and Control, IIA, 2013.

17 Openness to criticism and learning plays an important role in building an effective culture, whether it be in supporting an innovative culture, a risk management culture or a compliance culture. Organisations that respond to external criticism defensively or dismissively (’we are already aware of the issue’, ‘we are already addressing the issue’, ‘the report needs to be read in context’, ‘the issues raised are not material’) put at risk their ability to build an effective governance culture and embed the characteristics of a learning organisation. Australian National Audit Office, Audit Insights — Implementation of Recommendations [Internet], ANAO, 2021, available from https://www.anao.gov.au/work/audit-insights/implementation-recommendations-2021 [accessed 7 February 2022].

18 Status of financial statements audit recommendations is a standing agenda item at Financial Statement Sub-Committee meetings.

19 Financial statements audit recommendations are not considered closed until agreed with the ANAO and formally closed through the interim or final audit letter.

20 PDMS is administered by the Department of Finance and offers a whole-of-government parliamentary workflow. It is a digital platform that supports: Ministerial level correspondence; briefings and submissions; Parliamentary Questions on Notice; Senate Estimates Briefings and Questions on Notice; Executive level communications; and general communications and media.

21 Input to PDMS is logged with a date, time and username stamp. Deletions are limited to supporting documents only. A version history and data backup is maintained to enable the restoration of earlier versions. The department provides staff with guidance and training on PDMS.

22 In September 2021, the department also began using PDMS to record the implementation status of agreed parliamentary committee recommendations (see paragraph 2.5).

23 This allows the department to retrieve earlier versions of the database.

24 As at 29 November 2021, the RMA database contained 95 agreed Auditor-General performance audit recommendations from 1 July 2013. The RMA database did not contain one recommendation from Auditor-General Report No. 53 2017–18 Cyber Resilience. As at 2 March 2022, this recommendation had been added to the RMA database.

25 Requests to report on implementation or closure can be included in the recommendation text or after it is issued by the relevant committee or its secretariat, or by the Auditor-General.

26 One of the ANAO’s performance metrics is the percentage of ANAO recommendations implemented within 24 months of a performance audit report. The ANAO monitors entities’ implementation of performance audit recommendations by attending entity audit committees and conducting audits that follow up on entity progress in implementing previously made recommendations (such as this audit). The ANAO also seeks advice annually from all relevant entities on progress in implementing performance audit recommendations over a two-year implementation period.

27 This was the one selected Auditor-General financial statements audit recommendation.

28 Auditor-General Report No. 20 2019–20 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2019, pp. 199–200.

29 This finding was downgraded to a moderate (Category B) audit finding and reported to the Parliament in Auditor-General Report No.38 2019–20 Interim Report on Key Financial Controls of Major Entities. The finding was then downgraded again, to a minor (Category C) audit finding in Auditor-General Report No.40 2020–21 Interim Report on Key Financial Controls of Major Entities, available from Interim Report on Key Financial Controls of Major Entities. The ANAO does not report to the Parliament on minor findings.

30 There was an average of four status updates per recommendation.

31 Recommendation 3 from Auditor-General Report No. 4 2020–21 Establishment and Use of ICT Related Procurement Panels and Arrangements.

32 Recommendations 2 and 3 from Auditor-General Report No. 8 2019–20 Management of the Tourist Refund Scheme.

33 Two recommendations did not consistently provide updates. Six months passed between updates for recommendation 3 from Auditor-General Report No. 25 2018–19 Efficiency of the Processing of Applications for Citizenship by Conferral, and 12 months passed between updates for recommendation 1 from Auditor-General Report No. 41 2018–19 Coordination Arrangements of Australian Government Entities Operating in Torres Strait.

34 This was the three recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.

35 This was the three recommendations from Auditor-General Report No. 8 2019–20 Management of the Tourist Refund Scheme.

36 This was the recommendation from Auditor-General Report No. 20 2019–20 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2019. The recommendation owner provided the first update within three months of the report being tabled. Updates were then provided by the recommendation owner every second Audit and Risk Committee meeting.

37 In reviewing the recommendations that were noted in the government response, the ANAO examined only those that included a commitment by the department to implement an action in the recommendation response.

38 Membership includes the Australian Border Force, the Australian Taxation Office, the Australian Federal Police, and the Australian Criminal Intelligence Commission.

39 Membership includes a senior official from each Australian policing, and Justice or Attorney General agency.

40 Membership includes agency heads from across the Australian Government.

41 In the 2021–22 Budget, the government provided an additional $37.4 million over three years from 2021–22 to support initiatives to modernise and improve Australia’s trade system, including a review of the regulatory processes and ICT systems that impact cross-border trade. Australian Government, Budget Measures: Budget Paper No. 2: 2021–22 [Internet], Commonwealth of Australia, Canberra, 2021, p. 98, available from https://archive.budget.gov.au/2020-21/bp2/download/bp2_complete.pdf [accessed 26 April 2022].