Please direct enquiries relating to reports through our contact page.
The objective of the audit was to assess the extent to which the Department of the Environment and Energy has implemented the recommendations from ANAO Report No. 43 2013–14 and strengthened its framework for the delivery of its regulatory activities.
1. The objectives of the Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act), which is administered by the Department of the Environment and Energy (Environment), include the protection of matters of national environmental significance (MNES). Actions, such as land clearing and mining, that are likely to have a significant impact on, for example, national threatened species and ecological communities, must be approved by the Minister for the Environment and may be subject to conditions.
2. The effective monitoring by Environment of approval holders’ compliance with conditions helps to ensure achievement of the EPBC Act’s objectives. The ANAO has previously examined Environment’s monitoring of compliance in ANAO Report No. 43 2013–14, Managing Compliance with Environment Protection and Biodiversity Conservation Act 1999 Conditions of Approval. In that audit, the ANAO concluded that Environment had limited assurance regarding approval holders’ compliance with approval conditions and was generally passive in its approach to managing non-compliance with EPBC Act conditions of approval. The ANAO made five recommendations aimed at improving Environment’s regulatory performance. Environment agreed to implement all recommendations.
3. Subsequently, in ANAO Audit Report No. 7 2015–16, Managing Compliance with the Wildlife Trade Provisions of the Environment Protection and Biodiversity Conservation Act 1999, the ANAO concluded that Environment’s management of compliance with the EPBC Act was undermined by the absence of, among other matters, a risk-based approach to monitoring compliance. The ANAO noted that, at that time, Environment was implementing a five-year Regulatory Capability Development Program to strengthen its regulatory compliance framework. Further, in his October 2015 response to the audit, the departmental Secretary foreshadowed a review of the department’s regulatory practices and maturity (the Regulatory Maturity Project).
4. The objective of the audit was to assess the extent to which the Department of the Environment and Energy has implemented the recommendations from ANAO Report No. 43 2013–14 and strengthened its framework for the delivery of its regulatory activities. To form a conclusion against the audit objective, the ANAO adopted the following high level criteria:
5. Environment has made progress in addressing the five recommendations made in ANAO Report No. 43 2013–14, Managing Compliance with Environment Protection and Biodiversity Conservation Act 1999 Conditions of Approval (as outlined in Table S.1). To date, limited progress has been made in relation to the implementation of broader initiatives to strengthen the department’s regulatory performance.
Table S.1. Implementation status of recommendations
|
Recommendation |
Status |
|
ANAO recommendation No. 1 Develop an effective compliance intelligence capability and relevant risk factors for approved controlled actions |
Implemented |
|
ANAO recommendation No. 2 Transfer approved controlled actions to the compliance monitoring area |
Partially implemented |
|
ANAO recommendation No. 3 Establish risk-based arrangements to manage compliance |
Implemented |
|
ANAO recommendation No. 4 Implement processes for responding to instances of non-compliance |
Implemented |
|
ANAO recommendation No. 5 Establish functional support systems and appropriate performance monitoring and reporting arrangements |
Partially implemented |
Note: A full description of the ANAO’s recommendations is provided in Box 1, Chapter 1.
Source: ANAO analysis.
6. Environment has implemented Recommendations 1, 3 and 4 from ANAO Audit Report No. 43, 2013–14 and has made progress in implementing Recommendations 2 and 5. As a result, Environment is better placed to provide assurance that approval holders are complying with conditions of approval. Fully implementing Recommendations 2 and 5 from ANAO Audit Report No. 43, 2013–14, addressing areas for improvement identified in this audit and implementing the recommendations arising from departmental reviews should further strengthen Environment’s delivery of regulatory functions.
7. Environment had made limited progress to address identified shortcomings in its regulatory activities through its five-year Regulatory Capability Development Program prior to the early termination of the program in December 2015. A subsequent Regulatory Maturity Project, which was finalised in April 2016, identified further options to strengthen the delivery of Environment’s regulatory activities, with a number of recommendations made to address weaknesses that had previously been identified by internal and external audit coverage. As was also highlighted by previous ANAO audit coverage, the project identified that Environment is yet to undertake a structured departmental-wide risk assessment of its regulatory activities to inform its regulatory settings and resourcing decisions. Environment has committed to implement the recommendations of the project.1
8. Recommendation 1 has been implemented. Environment has established an annual Compliance Monitoring Program, with the development of the program informed by an effective compliance intelligence capability and the application of relevant risk factors for controlled actions. The arrangements that are in place support Environment to identify, analyse and monitor regulatory risks relating to controlled actions and aid in prioritising compliance activities to mitigate these risks. There is further scope for Environment to improve arrangements for the development of the annual programs, including: finalising programs in a more timely manner; and strengthening processes for the collection, retention and analysis of compliance intelligence.
9. Recommendation 2 has been partially implemented. Environment has established procedures for the transfer of responsibility for approved controlled actions from environment assessment branches to post approval monitoring teams and routinely monitors the transfer process. However, the established procedures included inconsistent guidance to staff and transfers were not occurring in accordance with established timelines. Further, limited documentation outlining the reasons for the retention of some controlled actions by assessment branches means that Environment is not well placed to demonstrate that the transfer process is operating effectively and, ultimately, that all approved controlled actions are subject to appropriate compliance activity.
10. Recommendation 3 has been implemented. Environment has established appropriate arrangements to manage risks to compliance with conditions of approval, primarily through: the revision of guidance material for staff; targeting of compliance monitoring activities to high risk actions; and the improved coordination of compliance monitoring activities across the population of controlled actions. There would be merit in strengthening arrangements to ensure that compliance monitoring activities are delivering an appropriate level of assurance against a clearly articulated risk appetite and tolerances and that accurate data is being used to determine risk ratings and to direct compliance activities.
11. Recommendation 4 has been implemented. Environment has established appropriate processes for responding to non-compliance, with: guidance that requires departmental officers to centrally record all instances of non-compliance that are identified; and the establishment and operation of a Regulatory Advisory Panel that has enhanced the consistency of Environment’s decision-making in relation to compliance and enforcement actions. The introduction of the panel has also led to improvements in the documentation underpinning decisions. There would be merit in Environment improving the arrangements in place to monitor the recording of non-compliance incidents and reviewing the roles and responsibilities for the panel and delegated decision-makers.
12. Recommendation 5 has been partially implemented. Environment has improved its arrangements to monitor and report on compliance activities, but continuing IT system functionality limitations impact on Environment’s ability to effectively and efficiently monitor its regulatory performance. Further: internal report arrangements do not provide timely and targeted information on the performance of the compliance function; and performance information reported externally by Environment does not currently provide stakeholders with sufficient insights into the extent to which compliance monitoring activities have been effective in protecting the environment from significant impacts.
13. Environment made limited progress on the achievement of the objectives established for its Regulatory Capability Development Program prior to the early termination of the program in December 2015. The subsequent completion of a Regulatory Maturity Project has provided Environment with a broad range of recommendations to strengthen the delivery of its regulatory functions. In light of the issues encountered when implementing the earlier program, Environment should take steps to appropriately support the implementation of the recommendations made in the project report.
14. Environment has not undertaken a structured departmental-wide risk assessment of its regulatory activities to inform its resourcing decisions. Environment has agreed to the recommendation to undertake such an assessment in response to the Regulatory Maturity Project.
Recommendation No.1
Paragraph 3.18
The Department of the Environment and Energy should routinely review its compliance monitoring approach to ensure that an appropriate level of assurance is obtained relative to the risk appetite and tolerances specified.
Department of the Environment and Energy’s response: Agreed.
15. The Department of the Environment and Energy’s summary response to the report is provided below, while its full response is at Appendix 1.
The Department agrees with the recommendation in the report. The Department is grateful for the assistance and cooperation of the Australian National Audit Office in assessing the performance of the Department’s compliance monitoring activities for approvals under the Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act).
The Department has published a formal response to the Regulatory Maturity Project review and established a Regulatory Steering Committee to oversee a program of work over the next 12–18 months. The Department has already completed actions to address several priority recommendations and has measures in place to address the remainder.
In light of the Department’s Risk Management Policy (which is currently being updated to include articulating risk appetite and tolerances) and the Regulatory Maturity Project, the Department has already commenced reviewing its compliance risk approach. The Department will also review compliance monitoring approaches across all relevant legislation as part of creation of the Independent Office of Compliance.
The Department will continue to implement improvements to procedures, IT systems and governance relating to compliance monitoring activities for approvals under the EPBC Act, in order to fully implement recommendations 2 and 5 of the 2013–2014 ANAO Audit (ANAO Report No. 43).
1.1 The objectives of the Environment Protection and Biodiversity Conservation Act 1999 (EPBC Act) include the protection of matters of national environmental significance (MNES), the promotion of ecologically sustainable development, the conservation of biodiversity, and cooperative approaches to the protection and management of the environment. The effective monitoring of compliance with the EPBC Act helps to ensure achievement of its objectives. Actions, such as land clearing, mining, residential/commercial developments and land transport, that are likely to have a significant impact on, for example, world heritage properties or national threatened species and ecological communities must be approved by the Minister for the Environment2 and may be subject to conditions.
1.2 The Department of the Environment and Energy (Environment) is responsible for ensuring that approval holders (such as landholders, developers and companies) comply with any conditions attached to an approval by the Minister. According to Environment’s records, there were 786 active controlled actions3 and 79 expired approvals as at 31 August 2016.
1.3 Compliance monitoring and investigations/enforcement activities undertaken by Environment, including those associated with approved controlled actions, are managed by the Compliance and Enforcement Branch within the Environment Standards Division.4 In 2016–17, the branch received a budget allocation of around $9.7 million and had approximately 68 officers across five sections.
1.4 In June 2014, the Australian National Audit Office (ANAO) tabled Audit Report No.43 2013–14, Managing Compliance with Environment Protection and Biodiversity Conservation Act 1999 Conditions of Approval in the Parliament. In that audit, the ANAO found that Environment had limited assurance regarding approval holders’ compliance with approval conditions and was ‘generally passive’ in its approach to managing non-compliance with EPBC Act conditions of approval for controlled actions. The ANAO made five recommendations (see Box 1) aimed at improving Environment’s regulatory performance. Environment agreed to implement all recommendations.
|
Box 1: Recommendations of the previous ANAO audit |
|
ANAO Recommendation No.1 To better assess and manage the risks to matters of national environmental significance posed by approved controlled actions, the ANAO recommends that Environment develop and implement an annual program of compliance activities having regard to:
ANAO Recommendation No.2 To strengthen compliance monitoring of approved controlled actions, the ANAO recommends that Environment:
ANAO Recommendation No.3 To improve the management of risks to compliance and matters of national environmental significance, the ANAO recommends that Environment:
ANAO Recommendation No.4 To improve processes for responding to instances of non‐compliance, the ANAO recommends that Environment:
ANAO Recommendation No.5 To improve the governance and oversight of the compliance monitoring function, the ANAO recommends that Environment:
|
1.5 Environment’s Audit Committee agreed to close ANAO Recommendations 1–4 on 23 June 2015 and ANAO Recommendation 5 on 17 November 2015.
1.6 The Parliament’s Joint Committee of Public Accounts and Audit (JCPAA) conducted an inquiry into the previous ANAO audit in late 2014 and released its report in March 2015.5 The JCPAA made three recommendations (see Box 2) in relation to the previous audit. Of these three recommendations, recommendations 4 and 6 included elements aimed at improving Environment’s overall management of compliance with EPBC Act conditions of approval.6 Environment responded to these recommendations on 4 September 2015, with the departmental Secretary advising the committee that considerable progress had been made to address the issues identified in the ANAO report. The Status of Recommendations summary attached to the Secretary’s advice indicated that Recommendations 1 and 2 had been implemented and that Environment was still in the process of implementing elements of Recommendations 3, 4 and 5.
1.7 The JCPAA also recommended (Recommendation 5) that the ANAO consider following-up on Environment’s progress in implementing the recommendations from the previous audit in 12–18 months.
|
Box 2: Recommendations of the JCPAA reporta |
|
JCPAA Recommendation No.4 (points 1, 2 and 4) The Committee recommends that Environment report back to the JCPAA, within six months of the tabling of this report, on its continued progress:
JCPAA Recommendation No.5 (points 1 and 3) The Committee recommends that the ANAO consider including, in its schedule of performance audits for the next 12–18 months, a follow up audit of Environment’s management of compliance with EPBC Act conditions of approval, with a particular focus on:
JCPAA Recommendation No.6 The Committee recommends that Environment take a leadership role in its governance arrangements concerning management of compliance with EPBC Act conditions of approval, particularly in the context of the new one-stop-shop arrangements, by demonstrating effective reporting against appropriate performance measures. |
Note a: Environment does not currently report to its Audit Committee on the progress of implementation of parliamentary committee recommendations
1.8 In November 2015, the ANAO tabled Audit Report No. 7 2015–16, Managing Compliance with the Wildlife Trade Provisions of the Environment Protection and Biodiversity Conservation Act 1999 in the Parliament. In that report, the ANAO concluded that Environment’s management of compliance was undermined by the absence of appropriate and tailored policy and procedural guidance, functional IT support systems and a risk-based approach to monitoring compliance. Further, the ANAO found that settings and resources allocated by Environment to its regulatory responsibilities were not informed by a structured departmental-wide risk assessment focusing on its regulatory activities. The ANAO noted that Environment had recognised the need to address shortcomings in its regulatory activities and was establishing a comprehensive regulatory compliance framework through its existing five-year Regulatory Capability Development Program. This program had been identified in the ANAO’s previous audit as a mechanism Environment was using to address findings from a 2013 internal audit it had conducted.
1.9 In 2015, Environment commenced a Regulatory Maturity Project (the project)7 to assess the maturity, capability and capacity of Environment’s regulatory functions.8 Environment commissioned the project in response to:
1.10 Overall, the project concluded that:
Environment’s approach to regulation is sound and consistent with many other regulators. … However, while the Senior Executive has a strong desire to continue to move Environment towards being a modern best practice regulator, it is fair to say that Environment is on the road to best practice, but has not yet reached that goal.
1.11 The report included 37 recommendations aimed at positioning Environment as a contemporary, mature and trusted regulator. In addition, the report outlined areas for Environment to concentrate its efforts, including: objectives and performance; approach to regulation; approach to risk; people; engagement; and systems and tools. Environment formally responded to the report in October 2016, accepting all recommendations.
1.12 The objective of the audit was to assess the extent to which the Department of the Environment and Energy has implemented the recommendations from ANAO Report No. 43 2013–14, Managing Compliance with Environment Protection and Biodiversity Conservation Act 1999 Conditions of Approval and strengthened its framework for the delivery of its regulatory activities.
1.13 To form a conclusion against the audit objective, the ANAO adopted the following high level criteria:
1.14 The audit examined the extent to which Environment has implemented the five recommendations made in ANAO Report No. 43 2013–14 and the effectiveness of arrangements in place, as well as Environment’s progress in implementing the Regulatory Capability Development Program and undertaking a structured departmental-wide risk assessment of its regulatory activities. Given the alignment of relevant JCPAA recommendations and recommendations made previously by the ANAO, the JCPAA’s recommendations have been addressed in the context of assessing the department’s progress in implementing the ANAO’s recommendations.
1.15 In undertaking the audit, the ANAO reviewed Environment’s records (including policies, procedures, reviews, records of decisions, management reporting, and briefings), and examined relevant systems and databases. In addition, the ANAO interviewed departmental officers and sampled approved controlled actions with conditions to determine the extent to which compliance monitoring, inspection and audit activity had been undertaken by Environment during the period from July 2014 to June 2016.
1.16 The performance audit was conducted in accordance with ANAO auditing standards at a cost to the ANAO of approximately $276 000.
The ANAO examined the Department of the Environment and Energy’s (Environment’s) progress towards implementing the recommendations of the previous ANAO audit, including whether it had:
Environment has implemented Recommendations 1, 3 and 4 from ANAO Audit Report No. 43, 2013–14 and has made progress in implementing Recommendations 2 and 5. As a result, Environment is better placed to provide assurance that approval holders are complying with conditions of approval. Fully implementing Recommendations 2 and 5 from ANAO Audit Report No. 43, 2013–14, addressing areas for improvement identified in this audit and implementing the recommendations arising from departmental reviews should further strengthen Environment’s delivery of regulatory functions.
The ANAO identified scope for Environment to improve its monitoring of compliance with conditions of approval, including:
Note a: The coverage of the recommendations in the chapter has been adjusted to align with the compliance continuum.
Recommendation 2 has been partially implemented. Environment has established procedures for the transfer of responsibility for approved controlled actions from environment assessment branches to post approval monitoring teams and routinely monitors the transfer process. However, the established procedures included inconsistent guidance to staff and transfers were not occurring in accordance with established timelines. Further, limited documentation outlining the reasons for the retention of some controlled actions by assessment branches means that Environment is not well placed to demonstrate that the transfer process is operating effectively and, ultimately, that all approved controlled actions are subject to appropriate compliance activity.
2.1 Once a controlled action is approved by the Minister, responsibility is to be transferred from the environment assessment branches to the Compliance and Enforcement Branch. In the previous audit, the ANAO found that:
2.2 On this basis, Recommendation 2 aimed to strengthen transfer protocols to help ensure that approved controlled actions were subject to appropriate compliance monitoring, with controlled actions remaining with assessment teams only in those circumstances where there was a specific need. In response to this recommendation, Environment established procedures that require approved projects to be transferred from environment assessment branches to the Compliance and Enforcement Branch within one week of the date of approval. Further, the timely transfer of approved actions was to be monitored through weekly reports that were designed to inform senior managers of the: action’s title; type of activity (such as residential development or coal seam gas development); project section; assigned officer; case and status dates; and action(s) taken to implement the transfer.
2.3 The ANAO reviewed the arrangements established by Environment10 and found that:
2.4 Given the risk identified in the earlier audit relating to approved controlled actions retained by assessment teams being less likely to receive sufficient compliance monitoring coverage, further work is required by Environment to ensure that responsibility for all approved controlled actions is clearly assigned and that they are subject to appropriate compliance activity.
2.5 In evidence to the Joint Committee of Public Accounts and Audit’s (JCPAA’s) inquiry into the previous audit, Environment advised the committee that all legacy approved controlled actions had been transferred to the Compliance Monitoring Team by June 2014. Records retained by Environment indicate that there had been a substantive reduction in the number of legacy controlled actions awaiting transfer as of 1 July 2014.12 However, departmental records also indicate that the transfer of legacy controlled actions was ongoing as at 15 September 2014. Further, Environment did not retain evidence to confirm that all actions retained by the assessment area at the time of the previous audit had been transferred to the Compliance and Enforcement Branch.
Recommendation 1 has been implemented. Environment has established an annual Compliance Monitoring Program, with the development of the program informed by an effective compliance intelligence capability and the application of relevant risk factors for controlled actions. The arrangements that are in place support Environment to identify, analyse and monitor regulatory risks relating to controlled actions and aid in prioritising compliance activities to mitigate these risks. There is further scope for Environment to improve arrangements for the development of the annual programs, including: finalising programs in a more timely manner; and strengthening processes for the collection, retention and analysis of compliance intelligence.
2.6 Compliance intelligence should feed into every aspect of compliance management, including planning, risk assessment, monitoring and enforcement activities. In this regard, the ANAO’s previous audit found that Environment had not established an effective compliance intelligence capability for controlled approved actions some 14 years after the EPBC Act came into force. Recommendation 1 aimed to improve Environment’s assessment and management of risks to matters of national environmental significance (MNES) from approved controlled actions by developing an annual program of compliance activities informed by a structured approach to the collection, retention and analysis of compliance intelligence and the assessment of compliance risks.
2.7 Since 2014, Environment has published annual Compliance Monitoring Programs13, which outline targets for key compliance monitoring activities such as the preparation of Compliance Monitoring Plans for specific controlled actions, audits and site inspections. Environment has, however, experienced delays in finalising its annual compliance programs, with programs endorsed after the year to which they relate has commenced (see Table 2.1). Environment advised that these delays are due to the incorporation of performance information of compliance activities conducted in the previous year into the document. To ensure that the programs are endorsed in a timely manner to enable the appropriate targeting and coordination of compliance activities over the full year, Environment could explore alternate approaches to reporting on the previous year’s performance.
Table 2.1: Delays in approving the annual Compliance Monitoring Programs
|
Period |
Due |
Finalised |
Extent of delay |
|
2014–2015 |
1 July 2014 |
1 August 2014 |
One month |
|
2015–2016 |
1 July 2015 |
6 September 2015 |
Two months |
|
2016–2017 |
1 July 2016 |
21 October 2016 |
More than three monthsa |
Note a: Environment’s Regulatory Advisory Panel endorsed the 2016–2017 program on 3 November 2016, with the plan published on Environment’s website on 21 November 2016.
Source: ANAO analysis of departmental information.
2.8 The previous ANAO audit found that there was considerable scope for Environment to improve the collection of relevant intelligence, including from other regulators and post-approval monitoring activities. At that time, intelligence was primarily obtained from post-approval monitoring of reports and plans that approval holders are required to prepare, supplemented by monitoring inspections, compliance audits, engagement with environmental regulators, and contact from members of the public.
2.9 In 2015, Environment reviewed its regulatory intelligence capability. This review highlighted that arrangements had been established to obtain adequate access to the information that the department requires to effectively monitor compliance by regulated entities. For example, since the previous audit Environment has improved its collection of relevant intelligence by:
2.10 Environment’s reliance on hard copy records at the time of the previous audit made information sharing and analysis of compliance intelligence more difficult. While the introduction of an electronic document management system (SPIRE) in 2014 and the expanded use of CEMS has made the analysis of intelligence data more efficient, Environment is unable to retain intelligence information electronically that is classified as ‘Protected’ or above. The review discussed at paragraph 2.9, highlighted that the lack of a Protected-level system also affected Environment’s ability to efficiently access key intelligence sources. In this context, the Regulatory Maturity Project16 has recommended that Environment invest in IT tools for gathering and analysing intelligence, including data sharing with other entities.
2.11 The retention of compliance intelligence that has a ‘Protected’ classification outside of CEMS and in hard copy makes it more difficult for Environment to effectively incorporate this intelligence into its risk analyses. To address system limitations, Environment established an Intelligence Capability Working Group in July 2016 to deliver a series of enhancements to Environment’s IT systems to better support its intelligence capability. Planned enhancements include establishing a ‘Protected’ enclave to allow Environment to store and analyse intelligence information classified up to ‘Protected’. These enhancements are expected to be completed in March 2017.
2.12 The previous audit found that Environment: had not identified an appropriate set of relevant risk factors against which approved controlled actions could be assessed and ranked; and did not regularly review the small number of risk factors used at the time. In response to these findings, Environment identified factors for assessing the risks a controlled action poses to matters of national environmental significance (MNES), with this information used to inform the development of the National Environmental Significance Threat and Risk Assessment (NESTRA) tool.17 Environment uses the NESTRA tool to assess and rank (on a risk basis) approved activities, including approved controlled actions.18
2.13 The NESTRA tool incorporates 32 risk factors that are used to calculate a risk score in the post approval stage for activities. The 32 factors are weighted and reflect the likelihood and consequence of non-compliance impacting MNES. Of these 32 factors: 17 factors relate to the number and type of MNES potentially affected as a consequence of non-compliance; and 15 factors relate to the likelihood that the approval holder would be non-compliant based on the their compliance history (number of enforcement actions, compliance incidents, allegations or infringement notices) as well as the nature, number and complexity of conditions attached to the approval of the controlled action. Following the first year of NESTRA’s use, Environment made a number of amendments to NESTRA risk factors and weightings in mid-2015.
2.14 The risk factors used by the NESTRA tool to calculate the likelihood of non-compliance do not currently incorporate data into the risk assessment relating to the frequency and coverage of monitoring by other government regulators. This is an area that the ANAO has previously identified as being a weakness in Environment’s risk assessment approach.19 This is particularly important given the EPBC Act allows the Minister for the Environment to attach a single condition to an approval that requires the approval holder to comply with state/territory government conditions. In this context, there would be merit in Environment exploring options to incorporate intelligence data collected through other regulators’ compliance monitoring activities into the NESTRA tool. Further, given planned improvements to enable intelligence classified as ‘Protected’ to be stored and analysed electronically, it would be timely for Environment to consider how this data might also be better used to inform risk rankings.
Recommendation 3 has been implemented. Environment has established appropriate arrangements to manage risks to compliance with conditions of approval, primarily through: the revision of guidance material for staff; targeting of compliance monitoring activities to high risk actions; and the improved coordination of compliance monitoring activities across the population of controlled actions. There would be merit in strengthening arrangements to ensure that compliance monitoring activities are delivering an appropriate level of assurance against a clearly articulated risk appetite and tolerances and that accurate data is being used to determine risk ratings and to direct compliance activities.
2.15 The previous audit concluded that Environment had limited assurance regarding approval holders’ compliance with their approval conditions due to inadequate monitoring arrangements. Recommendation 3 aimed to improve guidance to staff on the importance of documenting the assessment and approval of materials submitted by approval holders and to establish an effective risk-based and coordinated approach to Environment’s compliance monitoring activities.
2.16 The conditions that are attached to the approval of a controlled action may require:
2.17 The previous audit found that Environment’s assessment of material submitted by approval holders was not appropriate or adequate in terms of timeliness and rigour, with issues also identified in the documentation of the assessments undertaken. To address these issues, the ANAO recommended that relevant standard operating procedures be reviewed, with the requirement to document the assessment and approval of material submitted by approval holders to be reinforced to departmental staff.
2.18 Environment has reviewed its standard operating procedures for the approval of project documents and compliance monitoring. The revised procedures reinforce to staff the need for the assessment and approval of material submitted by approval holders to be appropriately documented. Further, the Management Plan Approval Coversheet that was introduced by Environment in August 2016 to improve workflow processes includes a quality assurance checklist that highlights the need for staff to comply with established procedural requirements when assessing plans. Environment has established a process to verify officers’ compliance with procedures, but is yet to routinely assess officers’ adherence to the revised standard operating procedures.
2.19 As was the case when the ANAO conducted the previous audit, a key challenge for Environment in effectively monitoring compliance with conditions of approval is the limited visibility of report submission due dates. Environment’s IT systems contain limited information in relation to key dates for controlled actions (such as commencement dates), but do not have the functionality to enable reporting milestones to be recorded. Notwithstanding the establishment of manual processes to monitor submission dates, there would be benefits in Environment improving arrangements for the monitoring of approval holders’ compliance with report requirements.
2.20 The ANAO selected a sample of 87 approved controlled actions to examine the assessment and approval of management plans received between 1 July 2014 and 30 June 2016. Of the 87 controlled actions sampled, 56 approvals included conditions that required management plans to be approved by the Minister or by Environment. For these 56 approved controlled actions, 11 management plans were submitted between 1 July 2014 and 30 June 2016 in relation to eight approved controlled actions. It was not clear from departmental records whether all approval holders had submitted plans as required across the period reviewed by the ANAO.
2.21 All 11 plans received by Environment were submitted in a timely manner. Environment’s records included evidence of the assessment and approval of nine of the 11 plans.21 The ANAO noted that for one approval (two plans) the approval holders would not be able to implement the plans as required due to the time taken by the department to review the plans.22
2.22 During 2014–15, Environment aimed to review all compliance and monitoring reports that were required to be submitted by approval holders. Of the 253 reports submitted, 120 were reviewed (48 per cent). In relation to the 87 controlled actions selected in the ANAO’s sample, 30 approvals included conditions that required compliance and monitoring reports or compliance certificates to be submitted to Environment. In relation to these 30, Environment received 11 reports during 2014–15 and reviewed seven reports. Due to limitations in Environment’s data, it was unclear whether the 11 reports received were the total number of reports that were due.
2.23 In 2015–16, Environment focused its resources on reviewing compliance and monitoring reports for high risk controlled actions. Environment advised the ANAO that it had met this objective, as it had reviewed all 70 annual compliance reports and monitoring reports submitted for high risk projects. In relation to the ANAO’s sample, three reports had been submitted for high risk controlled actions and evidence was retained to indicate that all three reports had been reviewed by departmental officers.
2.24 Environment uses the NESTRA tool to assess and rank controlled actions according to the risk posed to MNES bi-annually. On the basis of the resulting NESTRA ranking, Environment categorises controlled actions as ‘high’, ‘medium’ and ‘low’ and records this information in a Compliance Monitoring Spreadsheet (the ‘tracker‘ spreadsheet). The tracker spreadsheet also contains data about the type of controlled action, approval dates and is used to record the status of compliance monitoring activities that have been conducted. As at August 2016, the 850 controlled actions recorded in the tracker spreadsheet comprised 111 (13 per cent) high risk, 354 (42 per cent) medium risk, and 385 (45 per cent) low risk.23
2.25 The annual Compliance Monitoring Program outlines Environment’s intended coverage of monitoring activities and advised approval holders of its focus on high risk controlled actions. Environment’s approach to targeting high risk controlled actions in 2016–17 is outlined in Table 2.2.24
Table 2.2: Compliance monitoring coverage for high, medium and low risk approved controlled actions, 2016–17
|
Activity |
High risk projects |
Medium risk projects |
Low risk projects |
|
Compliance Monitoring Plan prepared |
All |
For new approvals or where selected for a random inspection or audit |
|
|
Monitoring Inspection |
At least 30%a |
At least 70 other risk rated controlled actions |
|
|
Compliance Audit |
5%b |
Only where selected for a random audit |
|
|
Review Annual Compliance Reports |
All |
- |
- |
Note a: This equates to approximately 33 controlled actions.
Note b: This equates to approximately five controlled actions.
Source: ANAO analysis of Environment’s 2016–17 Compliance Monitoring Program.
2.26 Using the tracker spreadsheets, Environment can analyse controlled actions on a sectoral (such as, the mining, energy, construction, and transport sectors) and geographical basis to identify where there are groups of high risk controlled actions. This information is subsequently incorporated into compliance monitoring programs. For example, the 2015–16 Compliance Monitoring Program identified common challenges by sector and priority regions for additional focus. Environment has conducted industry outreach activities to raise awareness of common compliance issues as well as targeted compliance monitoring activities towards identified priority regions and sectors.
2.27 The NESTRA tool has helped Environment to better direct compliance monitoring activities to those controlled actions that have been assessed as presenting a high risk. Environment could further enhance its approach by setting a risk tolerance for compliance activities associated with approved controlled actions to ensure its compliance monitoring activities are delivering an appropriate level of assurance against its risk appetite and tolerance.25 The ANAO has made a recommendation in Chapter 3 to this end.
2.28 The establishment of risk ratings calculated from the NESTRA tool is reliant on the quality of compliance data incorporated into the ‘load file’ for the tool. At present, these files are manually populated by departmental officers and require data to be collected from a number of sources and subsequently interpreted. A key mechanism for reviewing the accuracy of data in the load file is the development of a Compliance Monitoring Plan, as data is updated and recorded for each risk factor when these plans are prepared or reviewed.26
2.29 Of the 850 approved controlled actions identified in Environment’s tracker spreadsheet as at August 2016, there was a current Compliance Monitoring Plan for 95 of the 111 high risk controlled actions and 98 of the 739 medium and low risk controlled actions. In relation to the 657 controlled actions where there was not a current plan, the load files for these actions may not have been checked since July 2014 (when the NESTRA tool was first introduced). As a consequence, there is an increased risk of inaccurate NESTRA ratings for the 657 controlled actions that do not have a current plan, with compliance activities potentially misdirected as a result.27 Given the reliance placed on the NESTRA ratings when determining compliance coverage, there would be merit in Environment undertaking spot checks of the accuracy of data inputs to the tool for medium and low risk controlled actions.
2.30 The ANAO’s previous audit found that overall, the monitoring undertaken by Environment for controlled actions had been insufficient to determine approval holders’ compliance with conditions of approval. A coordinated approach to compliance monitoring involves a range of tools to provide ongoing assurance that approval holders comply with the conditions attached to an approval.
2.31 As previously noted, Environment has implemented a risk-based approach to compliance monitoring activities that is informed by the risk ratings derived from the NESTRA risk assessment. Environment obtains assurance that approval holders comply with conditions attached to an approval by:
2.32 Approvals for controlled actions may be current for a significant period of time. In the absence of an effective management information system from which key compliance dates and data can be extracted to aid the coordination of compliance monitoring activities, Environment manually prepares Compliance Monitoring Plans to assist in the management of its compliance activities. Each plan is current for 12 months and provides a snapshot of key monitoring data, including the: status of a controlled action; number of management plans required; details of environmental offsets28; monitoring requirements; and current listing status of species.29
2.33 Compliance monitoring activities conducted for each controlled action, including the preparation of Compliance Monitoring Plans, are recorded in the ‘tracker’ spreadsheet.30 From its tracker spreadsheets, Environment can identify, monitor and report on the extent of compliance monitoring coverage achieved for each controlled action. While the preparation of Compliance Monitoring Plans and the use of the ‘tracker’ spreadsheet are practical workarounds, the efficiency and effectiveness of Environment’s compliance monitoring across the lifespan of approved controlled actions is limited by the lack of an appropriate IT system.31
Recommendation 4 has been implemented. Environment has established appropriate processes for responding to non-compliance, with: guidance that requires departmental officers to centrally record all instances of non-compliance that are identified; and the establishment and operation of a Regulatory Advisory Panel that has enhanced the consistency of Environment’s decision-making in relation to compliance and enforcement actions. The introduction of the panel has also led to improvements in the documentation underpinning decisions. There would be merit in Environment improving the arrangements in place to monitor the recording of non-compliance incidents and reviewing the roles and responsibilities for the panel and delegated decision-makers.
2.34 At the time of the previous audit, Environment’s processes did not require information on potential non-compliance with conditions of approval to be recorded centrally. Further, where enforcement actions had been taken to address non-compliance, the audit found that there was scope for Environment to better demonstrate the consistency of its decision-making by improving the documentation of reasons: to explicitly address the factors to be considered when determining an appropriate response as outlined in the Regulatory Compliance Manual32; and by including comparisons of how the proposed enforcement action corresponded to recent decisions for relevant past cases. Recommendation 4 aimed to improve Environment’s processes for responding to non-compliance.
2.35 Environment has developed procedures outlining the manner in which departmental officers are to manage approval holders’ non-compliance with conditions of approval. These procedures reinforce the importance of: officers reporting all identified instances of non-compliance; and recording all incidents (which may or may not require a response) centrally in the CEMS database.33 Further, Environment has established an internal key performance indicator in its annual Branch Plan covering the recording of identified non-compliance, with the target set at 100 per cent.34 The documentation retained by Environment indicates that reporting against this target during 2015–16 was limited to February and March when the target was reported as met.35 However, the basis for Environment’s assessment of its performance against the indicator was not documented, such as information on any verification sampling or review work that was undertaken. Environment should ensure that robust arrangements are in place to effectively monitor and report against established performance indicators.
2.36 The documentation of reasons for enforcement actions taken by Environment (such as using coercive powers, decisions to refer a matter to the Commonwealth Director of Public Prosecutions or decisions to commence civil proceedings) has been enhanced through the establishment of the Regulatory Advisory Panel.36 The panel has been established to provide guidance, advice and recommendations to Environment’s regulatory decision-makers. Its role includes providing oversight of high risk operational decisions proposed by regulatory line areas and endorsing strategic approaches.
2.37 To obtain the panel’s advice about compliance activities to be undertaken for a controlled action, officers are required to submit a template-based briefing paper. The template requires officers to identify, among other details, the factors considered in proposing the action and relevant past cases.37 The panel’s consideration and endorsement of the proposed approach is to be recorded on the briefing paper and a summary is to be captured in relevant meeting minutes.
2.38 The minutes from 20 panel meetings covering the period from May 2015 to July 2016 indicate that the panel’s advice was sought by several areas of Environment in relation to a range of matters, including: consultation and endorsement of compliance and enforcement related policy documentation; endorsement of investigation approaches, such as applications for warrants; and grant program related fraud investigations. The breadth of compliance related actions considered by the panel contributes to greater consistency in relation to regulatory action taken across Environment.
2.39 The responsibility for decisions relating to compliance and enforcement actions is assigned to delegated senior managers within Environment, with the Regulatory Advisory Panel responsible for providing advice and for ‘endorsing’ proposed enforcement actions. In those circumstances where the decision-maker does not follow the panel’s endorsed course of action, they are required to provide the panel with details of the decision taken and the supporting rationale. In the period from May 2015 to July 2016, the panel minutes reviewed by the ANAO did not include any instances where a decision-maker advised that they had taken a decision that had not previously been endorsed by the panel.
2.40 The panel comprises departmental officers with experience in regulatory activity. In some circumstances, the delegated decision-maker is also a member of the panel. While this approach capitalises on the skills and experience of officers from across Environment, it has the potential to confuse the roles and responsibilities of the delegated decision-maker and of the panel. Further, the role of the panel in ‘endorsing’ a proposed course of action as opposed to a role of ‘recommending’ a course of action to the decision-maker also has the potential to confuse decision-making in relation to compliance and enforcement actions. As such, there would be merit in Environment reviewing the roles and responsibilities of the Regulatory Advisory Panel and decision-makers in relation to compliance and enforcement actions.
Recommendation 5 has been partially implemented. Environment has improved its arrangements to monitor and report on compliance activities, but continuing IT system functionality limitations impact on Environment’s ability to effectively and efficiently monitor its regulatory performance. Further: internal report arrangements do not provide timely and targeted information on the performance of the compliance function; and performance information reported externally by Environment does not currently provide stakeholders with sufficient insights into the extent to which compliance monitoring activities have been effective in protecting the environment from significant impacts.
2.41 The previous audit found that Environment’s expanded use of IT systems to support regulatory activities had delivered mixed results and that its management of hard copy records did not effectively support the compliance monitoring function. In addition, the audit found that there was scope for Environment to improve its performance monitoring and reporting arrangements for its compliance function. Recommendation 5 was aimed at strengthening support systems and improving Environment’s approach to performance monitoring and reporting.
2.42 The previous audit found that the records necessary for officers to effectively and efficiently monitor approval holders’ compliance with conditions of approval and to demonstrate management activities that had been undertaken were not maintained and/or could not be retrieved efficiently. In July 2014, Environment introduced an electronic document management system (SPIRE). This new system has search functionality, which has improved the management of compliance related documentation within Environment. However, pre-existing hard copy records and network drive files were not migrated to SPIRE. As a consequence, these records along with those retained on SPIRE are required to be reviewed by compliance staff in order to gain a ‘complete picture’ of an approval holder’s pre-July 2014 compliance history. There would be merit in Environment reviewing the cost and benefits of retaining information in a more accessible format.
2.43 The two IT systems that were used by Environment for the management of regulatory information at the time of the previous audit were the:
2.44 In relation to the CEMS database, Environment has taken steps to address the data quality issues previously noted by the ANAO and improvements to CEMS’ functionality are expected to be in place by March 2017.38 As outlined earlier, current guidance reinforces the need for departmental officers to centrally record all instances of non-compliance that are identified.39 Environment’s guidance also outlines the manner in which records retained in CEMS are to be linked to other relevant information. Linked data is used by Environment to incorporate information about infringement notices and civil or criminal actions relating to an approval holder’s other approval(s) into the NESTRA tool.40
2.45 In 2015, Environment replaced the Chapter 4 database with the Environmental Impact Assessment System (EIAS). Similar to the ANAO’s finding in the previous audit, given limited functionality of IT systems, departmental officers have developed a number of workarounds (usually spreadsheet based ‘trackers’) to undertake monitoring activities and to inform management reporting on compliance activities. In this context, the Regulatory Maturity Project report included a recommendation regarding IT systems, highlighting the need for Environment to invest in an end-to-end IT system as a high priority. The department accepted this recommendation and advised that it was increasing its investment in IT systems and products.
2.46 The previous report noted that senior departmental management had limited visibility of the activities, outputs and performance of the compliance monitoring function. In response to this finding, the ANAO recommended that Environment improve the frequency and coverage of management reporting relating to the activities undertaken to monitor compliance.
2.47 Environment’s Executive is informed of the Compliance and Enforcement Branch’s performance bi-annually through divisional-level reports, which are cleared by the First Assistant Secretary of the Environment Standards Division. The reports provide information on the:
2.48 While these reports provide information on the quantum of key compliance monitoring activities conducted, they provided limited visibility of the branch’s activities, outputs and performance due to the high level nature of the information provided. In particular, a performance measure has not been established relating to the branch’s performance regarding the effectiveness of their monitoring of approval holders’ compliance with conditions of approval.
2.49 The previous report noted that the branch reviewed its activities and outputs on a quarterly basis. The performance expectations for departmental branches within Environment are initially set out as part of each branch’s annual business plan. The Compliance and Enforcement Branch’s Business Plan for 2014–15, 2015–16 and 2016–17 set out:
2.50 The KPIs established for the branch and sections within the branch comprise targets for the number of activities to be conducted to implement the annual Compliance Monitoring Program. For example, targets in the 2016–17 branch plan include: ‘compliance plans are to be developed for all EPBC Act projects identified through NESTRA as high risk’; and ‘at least 30 per cent of NESTRA high risk projects are to be the subject of a compliance monitoring inspection’. The previous report noted that the inclusion of information about the number and type of non-compliance identified or the frequency of Environment’s contact with high risk approval holders would better demonstrate the active monitoring of approved controlled actions.41 To date, targets relating to the types of non-compliance identified and the frequency of contact with high risk approval holders have not been included in the branch’s business plans.
2.51 Records retained by Environment indicate that reporting against the branch’s 2015–16 Business Plan was limited with the department:
2.52 The branch’s limited reporting due to the delayed finalisation of the branch plan, as well as the reliance on the divisional level reports across the year reduces the visibility of trends in activities across the year. The ANAO notes that the 2016–17 Branch Plan was also approved in Quarter 2 (21 October 2016). There would be merit in Environment establishing fit-for-purpose reporting arrangements that provide departmental management with timely and targeted information on the performance of the compliance function.
2.53 The previous audit concluded that the establishment of, and reporting against, improved performance measures was necessary to better position Environment to demonstrate to external stakeholders that it was appropriately regulating approved controlled actions.42 In April 2016, the Regulatory Maturity Project report also recommended that Environment develop robust and measurable objectives and KPIs relating to its regulatory activities.
2.54 There is further work required from Environment to address this recommendation and the recommendation arising from the Regulatory Maturity Project, as reported performance in Environment’s annual reports remains focused on the activity level rather than demonstrating the effectiveness or impact of compliance monitoring activities in protecting the environment from significant impacts due to controlled actions. The indicators, deliverables and the information reported for 2013–14, 2014–15 and 2015–16 are outlined in Table 2.3.
Table 2.3: External performance reporting
|
Year |
Indicator/deliverable |
Performance reported |
|
2013–14 |
Key Performance Indicator: All reported compliance incidents under the EPBC Act and the Sea Dumping Act are assessed or investigated within statutory timeframes. |
Achieved.
|
|
2014–15 |
Program deliverable: Undertake risk based compliance and enforcement activities to support regulation under the EPBC Act and Sea Dumping Act. No relevant Key Performance Indicator |
Achieved.
|
|
Program deliverable: Ensure environmental regulation is effective by reviewing all allegations of non-compliance under the EPBC Act and Sea Dumping Act and investigating as appropriate. |
Achieved.
|
|
|
2015–16 |
Program deliverable:
No relevant Key Performance Indicator |
|
Source: ANAO analysis of Environment’s Annual Reports for 2014–15 and 2015–16.
2.55 In addition to information about regulatory performance provided in its Annual Report, Environment’s annual Compliance Monitoring Program outlines the number and type of compliance monitoring activities planned for the year and reports on achievements against the plan in the subsequent year’s program.43 The ANAO reviewed the activities planned by Environment for 2015–16 and the achievements subsequently reported in the 2016–17 program and found that there is scope for Environment to report more clearly on whether planned activities were achieved or not. For example, while the department indicated it would develop compliance plans for 20 per cent of high risk projects (approximately 20 projects), it subsequently reported that it had developed compliance plans for 104 projects. Reporting would be clearer and more meaningful if Environment confirmed that the 104 plans prepared included plans for the targeted number of high risk projects.
2.56 As of 2015–16, Environment is also required to publicly report against the Regulator Performance Framework that is intended to increase the transparency and accountability of Commonwealth regulators.44 The first assessment period covers the 2015–16 financial year, with regulators required to self-assess their regulatory performance and administration against six KPIs. Environment’s self-assessment for 2015–1645 applied to all regulatory responsibilities of the department, including the regulation of approved controlled actions. Environment reported that its regulatory performance was:
2.57 The framework also requires regulators’ self-assessments to be validated by external stakeholders. Four stakeholder organisations provided feedback on Environment’s self-assessment. The department reported that the feedback was generally positive and that stakeholders requested that future assessments include more detail about the performance of individual regulatory regimes and better performance information to help track regulatory improvements over time. The inclusion of more detail about the contribution of individual regulatory regimes towards the rating for each KPI would better support the validation of the department’s assessment by external stakeholders who may not be familiar with all aspects of Environment’s regulatory responsibilities.
The ANAO examined the Department of the Environment and Energy’s (Environment’s) progress in implementing initiatives to improve its regulatory performance, including: the five-year Regulatory Capability Development Program; and the conduct of a structured departmental-wide risk assessment of regulatory activities to inform regulatory settings and resourcing decisions.
Environment had made limited progress to address identified shortcomings in its regulatory activities through its five-year Regulatory Capability Development Program prior to the early termination of the program in December 2015. A subsequent Regulatory Maturity Project, which was finalised in April 2016, identified further options to strengthen the delivery of Environment’s regulatory activities, with a number of recommendations made to address weaknesses that had previously been identified by internal and external audit coverage. As was also highlighted by previous ANAO audit coverage, the project identified that Environment is yet to undertake a structured departmental-wide risk assessment of its regulatory activities to inform its regulatory settings and resourcing decisions. Environment has committed to implement the recommendations of the project.
The ANAO has made one recommendation aimed at aligning the level of assurance obtained through Environment’s compliance monitoring program with the risk appetite that is to be articulated by Environment.
Given the limited progress made on the earlier Regulatory Capability Development Program, the need for effective oversight arrangements to be established to monitor progress of the implementation of the Regulatory Maturity Project’s recommendations was identified as an area for improvement.
3.1 The ANAO’s previous performance audit noted that the Regulatory Capability Development Program was part of a broad body of work that Environment had initiated to address identified shortcomings in its regulation of approved controlled actions. Shortcomings, identified in an earlier 2013 internal audit of Environment’s management of its compliance and enforcement program, included that regulatory activities and resourcing needed to be targeted according to a risk-based assessment of all departmental legislation containing regulatory provisions.
3.2 In 2015, the ANAO’s performance audit of wildlife regulation46 found that Environment’s implementation of the Regulatory Capability Development Program had been slower than expected. The ANAO’s performance audit of wildlife regulation also found that Environment’s settings and resourcing decisions for wildlife regulation had not been informed by a structured departmental-wide risk assessment of its regulatory activities.47 Such an assessment would have better positioned Environment to make informed decisions about the regulatory settings to apply and the resourcing to allocate to its regulatory functions.
Environment made limited progress on the achievement of the objectives established for its Regulatory Capability Development Program prior to the early termination of the program in December 2015. The subsequent completion of a Regulatory Maturity Project has provided Environment with a broad range of recommendations to strengthen the delivery of its regulatory functions. In light of the issues encountered when implementing the earlier program, Environment should take steps to appropriately support the implementation of the recommendations made in the project report.
3.3 The business case for the five-year Regulatory Capability Development Program was endorsed by Environment’s Executive in September 2013 with the objective of: establishing a comprehensive regulatory compliance framework, supporting the entire regulatory spectrum, from regime design through to litigation and enforcement; and enabling Environment to undertake an integrated and risk-based approach to advance Environment’s regulatory maturation.
3.4 The program was designed to deliver this objective over four project phases:
3.5 Activities were aligned to six streams of activity: organisation and culture; regulatory design; regulation; regulatory compliance; litigation and enforcement; and awareness, communication and education. The total cost of delivery was initially budgeted at $1.97 million, which was subsequently revised down to $1.7 million. Environment advised that $1.03 million had been expended.
3.6 The governance arrangements for the program included a Program Board comprised of senior officers that reported on progress to Environment’s Executive Board and to Environment’s Audit Committee. Initially, a specific team was established to manage program delivery and provide secretariat services to the Program Board.
3.7 Environment advised the ANAO that, following the decision to undertake an assessment of Environment’s regulatory maturity, the Regulatory Capability Development Program and the Project Board ceased on 17 December 2015. Environment had not retained evidence of the program’s closure arrangements or the date on which the project had been closed.
3.8 Prior to the termination of the program, some elements had been progressed (see Figure 3.1).
Figure 3.1: Key steps and changes made prior to the termination of the Regulatory Capability Development Program
Source: ANAO analysis of departmental data.
3.9 The records retained by Environment indicate that the department’s Executive was advised that all Phase 1 projects were nearing completion in February 2015, including:
3.10 While a Program Plan was developed for Phase 2, departmental records do not indicate the extent of progress against the plan. Further, departmental records indicated that the Project Board did not meet for an extended period prior to the program being terminated in December 2015.
3.11 As of November 2016, Environment had not undertaken an evaluation of the program or documented any lessons learned from its implementation.48 The findings of the subsequent Regulatory Maturity Project indicate that the Regulatory Capability Development Program was not effective in meeting its objectives. Among other findings, the project concluded that Environment: did not have an overarching regulatory posture and that there were opportunities to improve regulatory governance structures; and did not have a systematic approach for identifying and managing risk across regulatory functions or across Environment. The project report made 37 recommendations, including that Environment develop a new regulatory framework (a key objective of the original program) and five recommendations to improve Environment’s approach to risk.
3.12 In light of the limited progress made by the Regulatory Capability Development Program and its early termination, Environment should take steps to appropriately support the implementation of the recommendations made in the Regulatory Maturity Project report. This includes establishing robust governance arrangements, including regular and timely performance reporting to the Executive Board to enable oversight of delivery. To this end, the departmental Secretary has committed to improving Environment’s internal practices and capability as a regulator.49
Environment has not undertaken a structured departmental-wide risk assessment of its regulatory activities to inform its resourcing decisions. Environment has agreed to the recommendation to undertake such an assessment in response to the Regulatory Maturity Project.
3.13 Environment advised the ANAO that it is yet to undertake a structured departmental-wide risk assessment of its regulatory activities to inform its regulatory settings and resourcing decisions. Environment did, however, cite its pilot of a ‘zero-based budgeting’ approach across all departmental activities for the 2016–17 budget as an avenue that Environment is exploring to better direct its resources.50 This approach involved departmental branches ‘justifying’ their expenses based on task priority. While acknowledging the insights gained from piloting a new budgeting approach, Environment would benefit from a clearer understanding of the relative regulatory risks of each regulatory function through a structured assessment as outlined previously by the ANAO.
3.14 Similar to the finding outlined in the ANAO audit of wildlife regulation, the Regulatory Maturity Project also commented on the lack of a structured departmental-wide risk assessment of regulatory activities within Environment. The absence of such an assessment made it difficult for Environment to obtain assurance that its resources are being appropriately allocated according to risk. On this basis, the project report included five recommendations designed to equip Environment with a better understanding of risks across regulatory functions and across Environment.51 In particular, the Regulatory Maturity Project report recommended that Environment:
3.15 Environment has agreed to implement these recommendations, with some actions taken during the conduct of the project to assist in building its understanding of departmental risks. These actions included the establishment of the following two new positions:
3.16 As part of its assessment of Environment’s risk management functions, the Regulatory Maturity Project noted that Environment did not have a well-defined or communicated risk appetite. According to the Commonwealth Risk Management Policy, which was released on 1 July 2014, an entity must establish, endorse and maintain an entity specific risk management policy that defines the entity’s risk appetite and risk tolerance. The project report’s recommendations required that a risk appetite be established as part of the new regulatory framework and consistently communicated and reinforced as part of revisions to the risk framework.
3.17 Environment has subsequently outlined its risk appetite and tolerances in its Corporate Plan 2016–17. The ANAO notes that the department has reflected its risk appetite and tolerances broadly in the Corporate Plan, but that the level of risk tolerated varies across the department depending on the operating environment, the nature of the work being undertaken and the acceptance for loss in the pursuit of delivering the activity. In this context there would be merit in the department clearly articulating the risk appetite and tolerance relating to its regulatory activities and routinely reviewing its compliance monitoring approach to ensure that settings are providing an appropriate level of assurance to address Environment’s articulated risk appetite and tolerances.
3.18 The Department of the Environment and Energy should routinely review its compliance monitoring approach to ensure that an appropriate level of assurance is obtained relative to the risk appetite and tolerances specified.
Department of the Environment and Energy’s response: Agreed.
1 The project report and Environment’s response were released on the department’s website on 21 November 2016. Available from: <www.environment.gov.au> [accessed 28 November 2016].
2 Part 3, Environment Protection and Biodiversity Conservation Act 1999, prohibits the undertaking of an action without approval from the Minister for the Environment that is likely to have a significant impact on MNES.
3 The Minister may decide that the action is a ‘controlled action’ and can apply conditions to avoid, mitigate or offset (compensate) for the action’s impact(s) on MNES.
4 In addition to the management of compliance with conditions attached to EPBC Act approved controlled actions, the Compliance and Enforcement Branch is also responsible for the regulation of other actions approved under EPBC Act Parts 7, 9, 10 and 13, the Environment Protection (Sea Dumping) Act 1981, the Fuel Quality Standards Act 2000 and the Ozone Protection and Synthetic Greenhouse Gas Management Act 1989.
5 Joint Committee of Public Accounts and Audit, Report No. 447, EPBC Act, Cyber Security, Mail Screening, ABR and Helicopter Program: Review of Auditor-General Reports Nos 32–54 (2013–14).
6 At the time that the inquiry was conducted, Environment was focused on addressing the Government’s commitment to establishing a One-stop Shop for environmental approvals covering both Commonwealth and state/territory government legislation. The new arrangements were intended to reduce the regulatory burden on proponents. As such, aspects of the JCPAA’s recommendations also related to One-stop Shop arrangements. As of December 2016, the legislation necessary to support the implementation of One-stop Shop arrangements has not been re-introduced for the 45th Parliament’s consideration. On this basis, parts of Recommendations 4, 5 and 6 that were directed towards the One-stop Shop arrangements were not considered within the scope of this audit.
7 Environment engaged Mr Joe Woodward, a former Deputy Director-General of the New South Wales Department of Environment and Climate Change to conduct the review. Mr Woodward was supported by departmental officers.
8 Environment published the Regulatory Maturity Project Final Report and its response to the recommendations on its website on 21 November 2016. Available from: <http://www.environment.gov.au/ epbc/publications/regulatory-maturity-project-final-report> [accessed 28 November 2016].
9 Some controlled actions retained by the environment assessment branches had been approved in 2001.
10 The ANAO examined weekly status reports covering a two month period—4 July 2016 to 29 August 2016 (nine status reports). These reports recorded the transfer status of 13 approved controlled actions.
11 Environment advised that there may be sound reasons for delaying the transfer of controlled actions, for example where subject to legal challenge, and that approved projects that remain with the environment assessment branches may be subject to compliance monitoring activities. However, as discussed later in this section, documentation weaknesses meant that the basis on which approved controlled actions were retained was not generally evident.
12 Departmental records indicate that there were 13 controlled actions with pre-2014 approval dates (approximately 10 per cent of the legacy population) awaiting transfer as at 17 July 2014.
13 Available from: <www.environment.gov.au>.
14 The recording of non-compliance in CEMS is discussed further in paragraph 2.35.
15 The members of the National Border Targeting Centre include the: Department of Immigration and Border Protection, Australian Federal Police, Australian Securities and Investments Commission, Australian Crime Commission, Department of Foreign Affairs and Trade, Department of Agriculture and Water Resources, Office of Transport Security.
16 Discussed previously in paragraphs 1.9–1.11.
17 The NESTRA tool was developed in partnership with the Commonwealth Scientific and Industrial Research Organisation (CSIRO). Environment commenced using the NESTRA tool on 1 July 2014. The CSIRO also assisted Environment with the selection of threat and risk indicators to determine risk rankings.
18 The use of the NESTRA tool is discussed further from paragraph 2.24.
19 ANAO Audit Report No.43 2013–14, paragraph 2.13, p. 48.
20 Conditions may require approval holders to submit for Environment’s approval, plans or other documents that provide detailed information not available during the assessment phase. These documents generally require approval before an element or phase of the project can proceed. For example, environmental management plans, conservation management plans, revegetation or rehabilitation plans, offset management plans, water monitoring and management plans and significant species management plans.
21 The department advised that the remaining two plans did not yet require approval as the project had not commenced.
22 The Regulatory Maturity Project report noted that, alongside a number of risks attached to relying on management plans as a condition of approval, the volume of management plans requiring review exceeded the available resources available within Environment’s compliance teams.
23 The tracker spreadsheet includes controlled actions with expired approvals.
24 The Regulatory Maturity Project noted that Environment targets a significantly lower proportion of high risk projects than other regulatory entities.
25 According to the Commonwealth Risk Management Policy (2014), an entity must establish, endorse and maintain an entity specific risk management policy that defines the entity’s risk appetite and risk tolerance.
26 Compliance monitoring plans are discussed further in paragraphs 2.32–2.33.
27 As discussed previously in paragraph 2.13, the controlled actions are assessed and ranked against 32 risk factors. Many of these risk factors will be static across the life of the controlled action.
28 Environmental offsets are measures that compensate for the residual impacts of an action on the environment and can be required as a condition of approval.
29 Listed threatened species and ecological communities are recognised as a MNES. The listing status and category, for example as critically endangered or vulnerable, can be amended over time following consideration of conservation status.
30 Use of the tracker spreadsheet was previously discussed in paragraph 2.24.
31 Environment’s IT system limitations and the related recommendations made by the Regulatory Maturity Program report are discussed in paragraph 2.45.
32 The Regulatory Compliance Manual has been replaced by the Compliance Procedures Manual. Factors to be considered are also outlined in the new manual.
33 Department of the Environment and Energy, Standard Operating Procedure: Compliance Procedures Manual for Compliance Incidents, 30 June 2014 and Standard Operating Procedure: Non-compliance with Conditions of Approval, 18 August 2016.
34 Similar indicators for EPBC Act related compliance monitoring activity were included in Environment’s Compliance Monitoring Program for 2015–16 and 2016–17.
35 Internal management reporting is discussed further in paragraphs 2.46-2.52.
36 The Regulatory Advisory Panel is chaired by Environment’s General-Counsel and is comprised of officers with experience in: operational regulatory activity, inspection and investigations, legal and litigation and risk management and governance. The panel first met on 21 May 2015.
37 The factors that officers are to consider when determining an appropriate response to non-compliance are outlined in the Standard Operating Procedure: Compliance Procedures Manual for Compliance Incidents.
38 The planned improvements to CEMS are discussed in paragraph 2.11.
39 As previously noted, Environment is yet to establish arrangements to gain assurance that this is occurring.
40 One of the 32 risk factors incorporated into NESTRA is ‘in the last three years, has the approval holder been subject to an infringement notice or civil or criminal action in relation to another approval?’.
41 Australian National Audit Office, op. cit. p. 116, paragraph 5.53.
42 Australian National Audit Office, op. cit. p. 119, paragraph 5.63.
43 As previously noted in paragraph 2.7, annual Compliance Monitoring Programs have been published by Environment since 2014. These plans outline a risk-based approach to monitoring compliance among the controlled actions subject to regulation.
44 The framework has applied from 1 July 2015. Further information about the framework and the KPIs is available from: <https://www.cuttingredtape.gov.au/resources/rpf/reviewing-performance> [accessed 18 November 2016].
45 Regulator Performance Framework Annual Self-Assessment Report 2015–16, Commonwealth of Australia 2016.
46 ANAO Audit Report No. 7 2015–16, Managing Compliance with the Wildlife Trade Provisions of the Environment Protection and Biodiversity Conservation Act 1999, November 2015.
47 At the time, Environment considered that the risk arising from its responsibilities to regulate the wildlife trade under Part 13A of the EPBC Act was low compared to its other regulatory activities and risk settings and resources were allocated according to this relative risk.
48 Environment did, however, advise that lessons learned had been discussed with senior officers involved in the program’s delivery in the context of the Regulatory Maturity Project.
49 Environment published the Regulatory Maturity Project Final Report and its response to the recommendations on its website on 21 November 2016. Available from: <http://www.environment.gov.au/ epbc/publications/regulatory-maturity-project-final-report> [accessed 28 November 2016].
50 A zero-based budget requires all budgeted expenditure to be justified rather than year-on-year incremental changes to the budget or actual results from the preceding year.
51 The relevant recommendations relate to Environment’s: regulatory framework; compliance and enforcement strategy (using a risk-approach to allocation of resources); risk management framework; risk assessment and resource allocation; and use of intelligence (to inform its risk management approach).