Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
National Broadband Network — Transition from Construction to Operation
Please direct enquiries through our contact page.
Audit snapshot
Why did we do this audit?
- NBN Co Limited (NBN Co) is a government business enterprise (GBE).
- The board has ultimate responsibility for the strategies and performance of the company and is accountable to shareholder ministers.
- The nature of the NBN Co transition is one of a shift in the balance of its two core functions of ‘building’ and ‘operating’ the national broadband network.
- The performance audit assesses whether the board had strategies and arrangements in place to oversee and manage the transition.
Key facts
- In December 2020 the Minister for Communications declared that the national broadband network be treated as built and fully operational.
What did we find?
- Strategies and arrangements to oversee and manage the transition from building to operating the national broadband network were largely effective.
- Communication with, and reporting to, shareholder ministers fell short of mandatory and other requirements.
What did we recommend?
- There were three recommendations to NBN Co aimed at ensuring specific requests from shareholder ministers were adequately responded to, the Australian Government’s expectations were reflected in strategy and performance monitoring and mandatory requirements were met.
- NBN Co agreed to all recommendations.
7
number of GBEs which are Commonwealth companies, including NBN Co
$51.4bn
funding committed by the Australian Government to NBN Co since 2011
0
number of corporate plans during the transition period which met all mandatory requirements
Summary and recommendations
Background
1. NBN Co Limited (NBN Co) is a Commonwealth company under the Public Governance, Performance and Accountability Act 2013 (PGPA Act), and is a Government Business Enterprise (GBE). A GBE is a commercially focused government owned business that is established to fulfil a Commonwealth Government purpose. The Commonwealth Government establishes GBEs to implement government policy, where intervention is appropriate such as where there are high barriers to entry, market failure or no market at all and/or infrastructure investments with lower rates of return. There are seven GBEs which are Commonwealth companies, including NBN Co.1
2. The purpose of NBN Co is to provide fast, reliable and affordable connectivity to enable Australia to seize the economic opportunities before it and service the best interests of consumers. NBN Co is accountable to the Australian Government as its sole shareholder. The Commonwealth’s ownership interest is represented by two shareholder ministers, the Minister for Communications and the Minister for Finance. The Australian Government has made a commitment that it will keep NBN Co in public hands for the foreseeable future to provide the company with the certainty needed to continue delivering improvements to the network while keeping prices affordable.
3. The board is the accountable authority under finance law.2 The conduct of the board is subject to the provisions of the PGPA Act, the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), the Corporations Act 2001, the National Broadband Network Companies Act 2011 (NBN Act) and common law. The board has ultimate responsibility for the performance of the company, and the board is accountable to the shareholder ministers.
4. In July 2020 the board commenced oversight of changes to NBN Co’s governance, strategies, initiatives, processes and reporting to facilitate the transition of the company to be ‘a customer-led, trusted critical national infrastructure provider’ by 2023–24. The nature of the NBN Co transition is one of a shift in the balance of its two core functions of ‘building’ and ‘operating’ the national broadband network. NBN Co will continue both types of activities after completion of the transition. The transition reflects the shift in focus to being primarily on the operation of the network while continuing to build and upgrade the infrastructure supporting the network.
5. The governance arrangements and processes undertaken by NBN Co between July 2020 and December 2023 have been examined in this performance audit as the ‘transition period’ in which most of its activities to move the entity from completing the initial build of the national broadband network to being a fully operational wholesaler occurred. Key areas of focus during this period included the company’s organisational structure, financing, risk management, compliance and assurance.
Rationale for undertaking the audit
6. NBN Co is accountable to the Australian Government as its sole shareholder. NBN Co was established in 2009. In June 2011, the Australian Government and NBN Co entered into an Equity Funding Agreement, whereby equity funding of $29.5 billion was provided. In addition, in 2016–17 the Australian Government entered into a loan agreement with NBN Co for $19.5 billion which is required to be repaid by 30 June 2024.3 In 2022–23 the Australian Government and NBN Co entered into an Equity Funding Agreement for an additional $2.4 billion in equity funding to expand full-fibre access to an additional 1.5 million premises by December 2025.4
7. The performance audit will provide assurance that NBN Co has strategies and arrangements in place to oversee its transition from building to operating the national broadband network.
8. Under the Auditor-General Act 1997, as a GBE, performance audits of NBN Co can be undertaken at the request of the Joint Committee of Public Accounts and Audit (JCPAA). A request from the JCPAA was received on 3 August 2023 following an approach from the Auditor-General for such a request.
Audit objective and criteria
9. The objective of the audit was to assess the effectiveness of NBN Co’s strategies to manage its transition from building to operating the national broadband network.
10. To form a conclusion against the objective, the following high-level criteria were adopted:
- Did NBN Co have a fit-for-purpose and risk-based transition plan and strategies in place to transition the business from building to operating the national broadband network?
- Were the arrangements for oversight of the transition effectively managed?
- Does NBN Co’s monitoring and reporting demonstrate that it has effectively transitioned its business to support its focus on operating and enhancing the network?
11. The performance audit examined the changes in governance, processes and reporting from July 2020 to December 2023 to support the transition activities. The focus of the audit was to evaluate the oversight of the transition by the board as the accountable authority. The audit considered the board’s operation and reporting to shareholders based on information provided to the board by management.
Conclusion
12. Strategies and arrangements to oversee and manage the transition from building to operating the national broadband network were largely effective. Communication with, and reporting to, shareholder ministers fell short of mandatory and other requirements.
13. NBN Co had largely fit-for-purpose and risk-based transition plans and strategies except for failing to address all mandatory requirements. The approach to the transition made the achievement of timelines and key milestones less transparent to the board. There is no timeline for completion of the transition. It was not transparent that ministers’ statements of expectations were reflected in NBN Co’s transition plans and strategies.
14. Arrangements for the oversight of transition were largely effective. Communication with, and reporting to, shareholder ministers fell short of mandatory requirements. Requests from shareholder ministers that NBN Co comply with mandatory requirements made between September 2020 and September 2023 were not addressed until early 2024. Until improvements were implemented in February 2023, transition risk information was not complete or accurate and did not consistently reflect the board’s risk appetite. NBN Co’s identification and monitoring of its finance law obligations was incomplete. NBN Co’s assurance and fraud control arrangements supported the transition.
15. NBN Co’s monitoring and reporting demonstrates that it has been largely effective in transitioning its business to support a focus on operating and enhancing the national broadband network. NBN Co’s performance monitoring and reporting did not meet the content requirements of a GBE. NBN Co has demonstrated that its activities and performance expectations have adapted over time to reflect transition performance and outcomes.
Supporting findings
Transition plans and strategies
16. For the transition period NBN Co corporate plans fell short of mandatory requirements related to providing information about purposes, performance, and capability. The most recent corporate plan (2024–27) demonstrated improved compliance except for information about performance. The approach to corporate planning adopted by NBN Co diminishes the transparency of achievement of NBN Co’s strategy and purposes. NBN Co’s management of the transition and consequently the board’s monitoring of transition activities changed over the transition period. Planning for, and reporting of, the transition was incorporated into business-as-usual activities and monitored by the executive committee. This reduced the transparency of the timelines, expectations, and achievements of the transition to the accountable authority and shareholder ministers. (See paragraphs 2.2 to 2.31).
17. NBN Co did not assure itself that transition plans and strategies reflected the priorities, objectives and approach required by the Australian Government as outlined in the statements of expectations. Other external and internal considerations were incorporated into strategy development and monitoring. (See paragraphs 2.32 to 2.45).
18. The initial transition horizon identified in board papers was four years to June 2024. Transition plans were prepared in July 2020. Since March 2022 the board has not received specific information about transition timelines and key milestones. Until December 2023, the board and shareholder ministers did not receive information about how the company’s planned performance measures would contribute to the achievement of its purposes. (See paragraphs 2.46 to 2.54).
Transition oversight arrangements
19. Governance arrangements supported transition requirements and changes in business operations. Governance arrangements did not fully comply with the PGPA Act or reflect changes to the board’s role outlined in the shareholder ministers’ statements of expectations. NBN Co management did not provide complete or accurate information to the board or shareholder ministers about risks and risk management during the transition. The board’s risk appetite was not consistently applied during the transition. NBN Co’s oversight arrangements did not provide for complete identification and monitoring of its compliance with finance law obligations. (See paragraphs 3.5 to 3.68).
20. NBN Co has not met its obligations for communication with, and reporting to, shareholder ministers. During the transition quarterly progress reports did not include all mandatory content and were provided to shareholder ministers by management rather than the board chair as required by Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines (RMG 126 – GBE Guidelines). This was rectified early in 2024 but only after three written requests from shareholder ministers. Information requirements of the Shareholder Information Deed have not been met. (See paragraphs 3.69 to 3.89).
Monitoring and reporting
21. The board received reports and information about NBN Co’s performance during the transition. NBN Co’s performance monitoring and reporting did not meet the content requirements of a government business enterprise. (See paragraphs 4.2 to 4.14).
22. NBN Co has demonstrated that its activities and performance expectations have adapted over time to reflect transition performance and outcomes. NBN Co does not have a single framework or approach for capturing, considering and monitoring the implementation of lessons learnt. (See paragraphs 4.15 to 4.19).
Recommendations
Recommendation no. 1
Paragraph 2.16
NBN Co ensures corporate plans meet the needs of shareholder ministers, the Parliament and the public and meet all requirements of the Public Governance, Performance and Accountability Act 2013 and Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines.
NBN Co Limited response: Agreed.
Recommendation no. 2
Paragraph 2.38
NBN Co establishes processes to assure itself that statement of expectations’ requirements have been sufficiently incorporated into corporate plans and strategies.
NBN Co Limited response: Agreed.
Recommendation no. 3
Paragraph 3.46
NBN Co ensures information provided to shareholder ministers responds to specific requests.
NBN Co Limited response: Agreed.
Summary of entity response
We welcome the positive conclusions that have been made in the Report in respect of NBN Co’s transition from a construction focused company to a fully operational broadband wholesaler.
We are particularly pleased that on an overall basis the ANAO has assessed that NBN Co was largely effective in transitioning to an operating company and that the following observations were recognised in your conclusion in the Report:
- Strategies and arrangements to oversee and manage the transition from building to operating the national broadband network were largely effective.
- NBN Co had largely fit-for-purpose and risk-based transition plans and strategies.
- Arrangements for the oversight of transition were largely effective.
- NBN Co’s monitoring and reporting demonstrates that is has been largely effective in transitioning its business to support a focus on operating and enhancing the national broadband network.
- NBN Co has demonstrated that its activities and performance expectations have adapted over time to reflect transition performance and outcomes.
We note that the Report includes the observation that the approach to the transition made the achievement of timelines and key milestones less transparent to the Board and that there was no timeline for completion of the transition. This reflects management and the Board’s decision to embed the delivery of transition activities within its general operational strategies. As such there is no definitive end date to the transition and achievement of these objectives is replaced by the next stage of transition and optimisation of the Company as it strives to deliver its purpose. This was a conscious decision and was made to ensure that the necessary changes as part of the transition could be best managed alongside the day-to-day operations of the Company.
NBN Co will also work to address each of the three recommendations included in the Report.
Key messages from this audit for all Australian Government entities
23. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Governance and risk management
Performance and impact measurement
1. Background
Introduction
1.1 NBN Co Limited (NBN Co) is a Commonwealth company under the Public Governance, Performance and Accountability Act 2013 (PGPA Act), and is a Government Business Enterprise (GBE). A GBE is a Commonwealth entity or company as defined by section 8 of the PGPA Act and prescribed by section 5 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). A GBE is a commercially focused government owned business that is established to fulfil a Commonwealth Government purpose. The Commonwealth Government establishes GBEs to implement government policy, where intervention is appropriate such as where there are high barriers to entry, market failure or no market at all and/or infrastructure investments with lower rates of return. There are seven GBEs which are Commonwealth companies, including NBN Co.5
1.2 A GBE as a government-owned entity has high levels of scrutiny, sensitivity and accountability.
Effective governance and stewardship frameworks are essential to ensure that GBEs make a positive contribution to economic efficiency, sector competitiveness and the delivery of services to the community.
The Board of Directors provides stewardship, strategic leadership, governance and oversight of GBEs, while also acting as a bridge between Commonwealth policy-making and operational implementation by GBEs.
The Board of Directors of a GBE has ultimate fiduciary responsibility for the performance of the GBE, and are fully accountable to Shareholder Ministers.6
1.3 The purpose of NBN Co is to provide fast, reliable and affordable connectivity to enable Australia to seize the economic opportunities before it and service the best interests of consumers. The Australian Government has made a commitment that it ‘will keep NBN Co in public hands for the foreseeable future to provide the entity with the certainty needed to continue delivering improvements to the national broadband network while keeping prices affordable’.7
1.4 NBN Co is to enhance Australia’s digital capability by delivering services to meet the current and future needs of households, communities and businesses, and to promote digital inclusion and equitable access to affordable and reliable broadband services. NBN Co is required to operate on a commercial basis, drive a culture of efficiency and innovation that yields results, and meet the highest standards of transparency, governance and accountability.8
1.5 NBN Co is accountable to the Australian Government as its sole shareholder. The Commonwealth’s ownership interest is represented by two shareholder ministers. The shareholder ministers are the Minister for Communications and the Minister for Finance. The ministers are supported by their respective departments. The shareholder ministers and shareholder departments have distinct expectations and information requirements of NBN Co. These requirements are set out in the Statement of Expectations, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines (RMG 126 – GBE Guidelines) and the Shareholder Information Deed. In the Statement of Expectations the shareholder ministers set out information to guide NBN Co’s strategic direction and approach. RMG 126 – GBE Guidelines outlines mandatory compliance obligations for accountable authorities of GBEs and non-mandatory suggested better practice governance approaches which can be considered for implementation by GBEs where relevant. The Shareholder Information Deed, which is an agreement between the Commonwealth of Australia and NBN Co, outlines a range of information and meetings to be undertaken between NBN Co and shareholder departments to assist in the monitoring and management of the Commonwealth’s financial interests and risks.
1.6 The board of NBN Co is the accountable authority under finance law.9 The conduct of the board is subject to the provisions of the PGPA Act, the PGPA Rule, the Corporations Act 2001, the National Broadband Network Companies Act 2011 (NBN Act) and common law. The board has ultimate responsibility for the performance of the company, and the board is accountable to the shareholder ministers. The board has established four sub-committees to assist it in achieving its objectives: the financing committee; the audit and risk committee; the nominations committee; and the people and remuneration committee.
1.7 Pursuant to rule 5.4.1 of the Constitution of NBN Co Limited, the board is to comprise a minimum of three and a maximum of nine directors. At December 2023 the board comprised eight non-executive directors and one managing director who was the chief executive officer. The board chair was appointed with effect from January 2022 with a current term to December 2024.10 Since July 2020 there have been five new non-executive directors appointed to the board. The chief executive officer was appointed with effect from September 2018 and reappointed in 2023 for an additional term of three years.
1.8 The Constitution of NBN Co Limited outlines the role of the chief executive officer. In addition the board charter states that ‘the chief executive officer is responsible for implementing strategic objectives, policies, the corporate plan and budget of the company approved by the board’. The board may delegate some of its powers to the chief executive officer.
1.9 The legislative and regulatory framework of NBN Co examined as part of this performance audit is illustrated in Figure 1.1. The application of these documents to NBN Co is described and assessed in the body of this report.
Source: ANAO analysis of NBN Co’s legislative and regulatory framework.
1.10 At 30 June 2023 NBN Co had 4,760 employees and recorded revenue of $5.3 billion. In terms of delivering the national broadband network, in its Annual Report 2023 NBN Co reported there were 12.29 million premises ‘ready to connect’; 6.90 million premises able to access nbn Home Ultrafast speed tier plans and 12,790 new wireless cells added to the Fixed Wireless network.
Transition from construction to operation
1.11 The nature of the NBN Co transition is one of a shift in the balance of its two core functions of ‘building’ and ‘operating’ the national broadband network. NBN Co will continue both types of activities after completion of the transition. The transition reflects the shift in focus to being primarily on the operation of the network while continuing to build and upgrade the infrastructure supporting the network.
1.12 In July 2020 the board commenced oversight of changes to NBN Co’s governance, strategies, initiatives, processes and reporting to facilitate the transition of the company to be ‘a customer-led, trusted critical national infrastructure provider’ by 2023–24. The governance arrangements and processes undertaken by NBN Co between July 2020 and December 2023 have been examined in this performance audit as the ‘transition period’ in which most of its transition activities to move the entity from completing the initial build of the national broadband network to being a fully operational wholesaler occurred. Key areas of focus during this period included the company’s organisational structure, financing, risk management, compliance and assurance.
1.13 In December 2020 the Minister for Communications declared that the national broadband network be treated as built and fully operational.11 This declaration is one of the steps that must occur under the NBN Act before NBN Co can be privatised, but does not necessarily trigger any further steps.
Rationale for undertaking the audit
1.14 NBN Co is accountable to the Australian Government as its sole shareholder. NBN Co was established in 2009. In June 2011, the Australian Government and NBN Co entered into an Equity Funding Agreement, whereby equity funding of $29.5 billion was provided. In addition, in 2016–17 the Australian Government entered into a loan agreement with NBN Co for $19.5 billion which is required to be repaid by 30 June 2024. In 2022–23 the Australian Government and NBN Co entered into an Equity Funding Agreement for an additional $2.4 billion in equity funding to expand full-fibre access to an additional 1.5 million premises by December 2025.12
1.15 The performance audit will provide assurance that NBN Co has strategies and arrangements in place to oversight its transition from building to operating the national broadband network.
1.16 Under the Auditor-General Act 1997, as a GBE, performance audits of NBN Co can be undertaken at the request of the Joint Committee of Public Accounts and Audit (JCPAA). A request from the JCPAA was received on 3 August 2023 following an approach from the Auditor-General for such a request.
Audit approach
Audit objective, criteria and scope
1.17 The objective of the audit was to assess the effectiveness of NBN Co’s strategies to manage its transition from building to operating the national broadband network.
1.18 To form a conclusion against the objective, the following high-level criteria were adopted:
- Did NBN Co have a fit-for-purpose and risk-based transition plan and strategies in place to transition the business from building to operating the national broadband network?
- Were the arrangements for oversight of the transition effectively managed?
- Does NBN Co’s monitoring and reporting demonstrate that it has effectively transitioned its business to support its focus on operating and enhancing the network?
1.19 The performance audit examined the changes in governance, processes and reporting from July 2020 to December 2023 to support the transition activities. The focus of the audit was to evaluate the oversight of the transition by the board as the accountable authority. The audit considered the board’s operation and reporting to shareholders based on information provided to the board by management.
Audit methodology
1.20 The audit methodology included:
- examination of documentation held by NBN Co including strategies, policies, procedures, frameworks, guidelines, internal reporting and meeting minutes;
- meetings with the board chair, executive and staff;
- observation of part of one board meeting; and
- consideration of one public submission to the audit.
1.21 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $499,500.
1.22 The team members for this audit were Michelle Page, Susan Ryan and Peter Bell.
2. Transition plans and strategies
Areas examined
This chapter examines whether NBN Co had fit-for-purpose and risk-based transition plans and strategies in place to transition its business from building to operating the national broadband network.
Conclusion
NBN Co had largely fit-for-purpose and risk-based transition plans and strategies except for failing to address all mandatory requirements. The approach to the transition made the achievement of timelines and key milestones less transparent to the board. There is no timeline for completion of the transition. It was not transparent that ministers’ statements of expectations were reflected in NBN Co’s transition plans and strategies.
Areas for improvement
The ANAO made two recommendations aimed at ensuring NBN Co corporate plans meet the needs of shareholder ministers, the Parliament and the public and meet mandatory requirements; and assuring itself that statement of expectations requirements have been sufficiently incorporated into corporate plans and strategies.
2.1 Fit-for-purpose transition plans and strategies are those which comply with Commonwealth legislation and policy requirements and are consistent with any standards and better practice that have been adopted by the entity. Risk-based plans are those which evaluate options, risks of chosen strategies and implications, both now and into the foreseeable future. Plans and strategies should consider timing, performance and resources. Strategies should be directed towards achieving the Australian Government stated purposes for the Government Business Enterprise (GBE).
Did NBN Co transition plans and strategies reflect appropriate consideration of options, risks and financial implications?
For the transition period NBN Co corporate plans fell short of mandatory requirements related to providing information about purposes, performance, and capability. The most recent corporate plan (2024–27) demonstrated improved compliance except for information about performance. The approach to corporate planning adopted by NBN Co diminishes the transparency of achievement of NBN Co’s strategy and purposes.
NBN Co’s management of the transition and consequently the board’s monitoring of transition activities changed over the transition period. Planning for, and reporting of, the transition was incorporated into business-as-usual activities and monitored by the executive committee. This reduced the transparency of the timelines, expectations, and achievements of the transition to the accountable authority and shareholder ministers.
Corporate planning
2.2 Section 95 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and subsection 27(A) of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) set out the planning and reporting requirements for Commonwealth companies. Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines (RMG 126 – GBE Guidelines) also outlines the mandatory compliance obligations for accountable authorities of a GBE. Mandatory corporate planning compliance obligations are intended to ensure effective accountability and transparency to the Parliament and the public. The mandatory corporate planning compliance obligations are also focused on the delivery of high-quality strategies, planning, and performance information.
2.3 The directors of a Commonwealth company must prepare a corporate plan at least once for each reporting period and give the corporate plan to the shareholder ministers in accordance with the prescribed rules. The corporate plan must set out how the activities of the company will contribute to achieving those priorities and objectives stated by the Australian Government in the Statement of Expectations.13 Corporate plans must cover a period of at least four years and include, for each reporting period covered by the plan, a summary of how the company will achieve its purposes and how the company’s performance in achieving the purposes will be measured and assessed. Corporate plans must include any performance measures and targets that will be used in the measurement and assessment.14 Corporate plans are also expected to include financial results for the year immediately prior as a comparison.
2.4 In recognition that a GBE may wish to include information in corporate plans about strategies and performance measures and targets that may be confidential or contain commercially sensitive information, the accountable authority may agree to prepare both a public (redacted) version of the corporate plan and a confidential (unredacted) corporate plan, or statement of corporate intent, that is provided to shareholder ministers. The public version of the corporate plan must address the requirements of the corporate plan as prescribed by the PGPA Rule and include sufficient non-confidential or non-commercially sensitive information to inform how the GBE plans to deliver on its purposes, and measure its performance, over the reporting period.15
2.5 To assess whether the board had established strategies that reflected appropriate consideration of options, risks and financial implications, the ANAO examined the content of the five corporate plans prepared for the period 2020–23 to 2024–27 and assessed compliance with requirements. As required by RMG 126 – GBE Guidelines, each of the corporate plans covers a four-year period and includes the financial year in which it is prepared. For example, corporate plan 2020–23 covers the period from 1 July 2019 to 30 June 2023.
2.6 An assessment of whether public and confidential corporate plans were prepared and provided by NBN Co to shareholder ministers during the transition period is summarised in Table 2.1.
|
Corporate Plan 2020–23 |
Corporate Plan 2021–24 |
Corporate Plan 2022–25 |
Corporate Plan 2023–26 |
Corporate Plan 2024–27 |
Public version |
Yes |
Yes |
Yes |
Yesa |
Yes |
Confidential version |
No |
No |
Nob |
No |
Yesc |
Note a: A Statement of Corporate Intent 2023–26 was publicly released in August 2022. To reflect the provision of a new Statement of Expectations in December 2022 and entering into an Equity Funding Agreement with the Australian Government for an additional $2.4 billion, a full corporate plan for 2023–26 was publicly released in December 2022.
Note b: A single confidential page was provided to shareholder ministers which outlined the financial and operating forecast targets for each of the four-year periods covered by the corporate plan.
Note c: An analysis of the information contained in the NBN Co integrated operating plan was provided to shareholder ministers in lieu of a confidential corporate plan in May 2023. In August 2023 shareholder ministers requested that a confidential version of the corporate plan, which met requirements, be provided ‘as soon as possible’. On 15 December 2023, a confidential version of the Corporate Plan 2024–27 was provided to shareholder ministers. RMG 126 – GBE Guidelines paragraph 3.7 states that ‘Corporate Plans should be provided to Shareholder Ministers with sufficient time for Shareholder Ministers to provide comments if they wish to do so’. The contents of this confidential corporate plan have been further analysed at paragraphs 2.14 to 2.15.
Source: ANAO analysis of NBN Co corporate plans.
2.7 For the corporate plans since 2022–25, the board decided not to include in corporate plans financial or operational performance measures and targets for more than a twelve-month period. The rationale for this was ‘since commencing activity in local and global debt capital markets, the Company has come under a new suite of obligations and limitations. This means NBN Co must ensure it complies with certain regulatory requirements and guidelines in respect to market disclosures.’ At the time of approving this change to corporate plan information, there was no evidence that the board considered the impact of this change on meeting the corporate plan requirements outlined in the PGPA Act, PGPA Rule or RMG 126 – GBE Guidelines. NBN Co provided a range of planning and performance information to shareholder departments to support the development of corporate plans. This information was not provided to shareholder ministers for the purposes of meeting the requirements of a confidential corporate plan under the PGPA Act, PGPA Rule or RMG 126 – GBE Guidelines.
2.8 Table 2.2 summarises the ANAO’s assessment of NBN Co’s corporate plans against requirements.16 The assessment was made based on an analysis of the public and confidential versions of the corporate plans provided to shareholder ministers.
RMG 126 – GBE Guidelines component |
Requirement |
2020–23 |
2021–24 |
2022–25 |
2023–26 |
2024–27a |
Period corporate plan must cover |
A corporate plan must cover at least four reporting periods: the reporting period for which the plan is prepared and at least the following three reporting periods. |
◆ |
◆ |
◆ |
■ |
◆ |
|
A statement that the corporate plan has been prepared for paragraph 95(1) of the PGPA Act, reporting period for which the corporate plan is prepared and the reporting periods covered by the corporate plan. Reference to any other legislation applicable to the preparation of the corporate plan. |
◆ |
◆ |
◆ |
◆ |
◆ |
|
The purposes of the Government Business Enterprise (GBE), including:
|
▲ |
▲ |
▲ |
▲ |
◆ |
|
|
◆ |
◆ |
◆ |
◆ |
◆ |
|
|
■ |
■ |
■ |
■ |
▲ |
|
The key strategies and plans for each reporting period covered by the corporate plan to achieve the GBE’s purpose, including human resource strategies and industrial relations strategies. |
▲ |
▲ |
▲ |
▲ |
◆ |
|
A summary of the risk oversight and management systems, including an analysis of key risks in the GBE’s environment and how these risks will shape the activities to be undertaken to fulfil the GBE’s purpose and meet financial targets, accountabilities for managing risk, mitigation strategies and their alignment to the objectives and plans of the GBE, consistent with the intent of the Commonwealth Risk Management Policy. |
◆ |
◆ |
◆ |
◆ |
◆ |
Key: ◆ Fully compliant ▲ Partially compliant ■ Not compliant
Note a: On 15 December 2023, a confidential version of the Corporate Plan 2024–27 was provided to shareholder ministers. RMG 126 – GBE Guidelines paragraph 3.7 states that ‘Corporate Plans should be provided to Shareholder Ministers with sufficient time for Shareholder Ministers to provide comments if they wish to do so’. The contents of this confidential corporate plan have been assessed at paragraph 2.14 to 2.15.
Source: ANAO analysis of NBN Co’s corporate plans.
2.9 In relation to the ‘period corporate plan must cover’ requirements, the 2023–26 corporate plan was assessed as ‘non-compliant’ as performance measures and targets beyond a twelve-month planning horizon were not included in the public corporate plan and no confidential information, which covered a four year reporting period, was prepared.
2.10 In relation to the ‘purposes’ and ‘capability’ requirements, although the corporate plans include information on the purposes and objectives of the company, the six strategic pillars which underpin its strategy did not change over the five corporate plans prepared during a period of significant change associated with the transition. The detailed strategies and initiatives which are described in the body of the public corporate plans to support the achievement of purposes were not linked to the strategic pillars or the ‘value creation outcomes’ described in the corporate plans.17 The narrative information in corporate plans does not provide sufficient or clear information on how the strategies and initiatives planned by the entity change over the corporate plan four-year reporting period, how they will be measured over each of the reporting periods or how these strategies contribute to achieving the entity’s, or the Australian Government’s, purposes for the company. In addition, until 2024–27 strategies related to human resources and industrial relations in the corporate plans provided limited insight into NBN Co’s structure and approach to these areas as it moved from construction to operational activities. The 2024–27 confidential corporate plan provided additional information on how strategies linked to key outcomes and performance measures over each of the reporting periods.
2.11 In terms of the ‘performance’ requirement, until 2024–27, the corporate plans did not provide all mandatory information on how NBN Co would achieve its purposes and how this would be measured and assessed. RMG 126 – GBE Guidelines Table 4 outlines 21 minimum key performance measures for corporate plans, including specific indicators and how these should be defined and calculated. These minimum financial and non-financial measures were not included in NBN Co’s corporate plans until 2024–27.
2.12 NBN Co prepares integrated operating plans to ‘support the development of the Corporate Plan and Capital Management Strategy’. The integrated operating plans are detailed documents which outline initiatives and financing, as well as financial and non-financial performance metrics, to support the direction of the company. The integrated operating plans include over 60 performance metrics. An assessment of whether the RMG 126 – GBE Guidelines minimum financial and non-financial measures of performance had been considered by NBN Co when developing corporate plans is provided in Table 2.3. In this table an assessment of ‘partially complaint’ was recorded where the components of the performance indicator were included in the integrated operating plan but the indicator itself was not. This means that the performance indicator could be calculated using existing information but would require effort to locate the relevant information and calculate the required ratio. The assessment was also recorded as ‘partially compliant’ where the performance indicator was not provided for the entire reporting period.
Measure |
Key performance indicator required |
2020–23 to 2023–26 |
2024–27 |
Financial performance |
Total shareholder return |
◆ |
◆ |
Dividend yielda |
◆ |
◆ |
|
Dividend payout ratioa |
◆ |
◆ |
|
Earnings before interest and taxes (EBIT) |
■ |
◆ |
|
Earnings before interest, taxes, depreciation and amortisation (EBITDA) |
◆ |
◆ |
|
Return on equity (RoE) |
◆ |
◆ |
|
Net profit after tax (NPAT) |
▲ |
◆ |
|
Underlying net profit after tax |
▲ |
◆ |
|
Business efficiency |
Operating margin |
▲ |
◆ |
Return on capital employed |
▲ |
◆ |
|
Debtors age (days) |
■ |
◆ |
|
Leverage and solvency |
Gearing ratio |
▲ |
◆ |
Interest cover |
▲ |
◆ |
|
Current ratio |
■ |
◆ |
|
Liquidity ratio |
▲ |
◆ |
|
Customers and stakeholders |
Customer satisfaction |
■ |
▲ |
Meeting CSOs |
N/A |
N/A |
|
Staff |
Staff retention and turnover rates |
▲ |
▲ |
Staff satisfaction |
■ |
▲ |
|
Lost time injury frequency rates and OHS incident rate |
▲ |
▲ |
|
Wages expense ratio |
▲ |
◆ |
|
Key: ◆ Fully compliant ▲ Partially compliant ■ Not compliant
Note a: Dividend yield and payout ratios are assessed as fully compliant as the corporate plans include information that no dividend is yet due and payable.
Source: ANAO analysis of NBN Co corporate plans and integrated operating plans.
2.13 Table 2.3 highlights that the majority of the minimum key performance indicators for corporate plans had not been prepared and reported by NBN Co until 2024–27.
2.14 The confidential corporate plan for 2024–27 included the RMG 126 Table 4 minimum key performance indicators and 77 other performance metrics, that included some duplication.18 The other performance metrics are those used by NBN Co management to assess its performance against the integrated operating plan. The inclusion of management performance indicators in corporate plans diminishes the transparency of the achievement of NBN Co’s strategy and purposes.
2.15 The ANAO considered the approach adopted by NBN Co for the development of the 2024–27 confidential corporate plan. As discussed in paragraph 2.4, RMG 126 – GBE Guidelines envisages that corporate planning requirements are met through a single corporate plan that may be redacted for the public to remove any confidential or commercially sensitive information. In addition, shareholder ministers have requested on three occasions that NBN Co provide a confidential corporate plan (refer to Table 3.3). The approach adopted by NBN Co for 2024–27 corporate planning was to prepare a public corporate plan comprising 60 pages.19 In addition, it provided shareholder ministers with a ‘confidential corporate plan’ that comprised an additional four documents totalling 128 pages much of which was management information and reports.20 In total the 2024–27 corporate planning information provided by NBN Co to shareholder ministers comprised 188 pages. A corporate plan is the primary planning document used by shareholder ministers, the Parliament and the public to understand the purposes of the entity, its objectives, and functions. It should set out how the entity undertakes its key activities and role and how it will measure performance in achieving its purposes. To provide transparency and accountability the information in corporate plans needs to meet requirements and be sufficiently summarised so that stakeholders can readily assess entity purposes, strategy and performance.
Recommendation no.1
2.16 NBN Co ensures corporate plans meet the needs of shareholder ministers, the Parliament and the public and meet all requirements of the Public Governance, Performance and Accountability Act 2013 and Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines.
NBN Co Limited response: Agreed.
2.17 We acknowledge that the Corporate Plans prepared over the audit review period fell short of meeting all mandatory requirements as outlined in the GBE Guidelines. However, we would like to highlight that NBN Co performs a detailed corporate planning and forecasting process each year in support of its corporate plan and budgeting obligations. This Integrated Operating Plan (IOP) spans a 4-year forecast period and NBN Co actively engages with the Shareholder Departments throughout this process, providing supplementary briefings and information to the Departments upon request. In response to Shareholder Minister communication in respect of the Corporate Plan, NBN Co took steps to improve the compliance of Corporate Plan 2024-27 with GBE Guidelines. Moving forward, NBN Co is currently in planning discussions with the Shareholder Departments over the content of the Corporate Plan 2025-28 to ensure that all requirements of the GBE Guidelines are met in full.
Transition plan options and risk exposures
2.18 In July 2020 the board commenced oversight of changes to NBN Co’s governance, strategies, initiatives, processes and reporting to facilitate the transition of the company to be ‘a customer-led, trusted critical national infrastructure provider’ by 2023–24. Although the corporate plan and the integrated operating plan for 2021–24 included information on the operations, initiatives and financing for the company, a Continuous Transformation Plan was noted in July 2020 by the board to complement this information and to assist in providing a greater focus on the ‘operational elements where transformational change is necessary’ over the next four years.
2.19 The Continuous Transformation Plan identified initiatives for 2020–21 and future years to provide a multi-year program of work which focused on building critical strategic capability, simplifying operations, augmenting technology, meeting retail service providers’ needs for simplification, and cost effectiveness. The Continuous Transformation Plan was also intended to facilitate continuous collaboration across relevant business units. The Continuous Transformation Plan included a ‘traffic light’ approach to tracking initiatives to be delivered and was to include a scorecard review on the implementation of initiatives to be reviewed by the board on a quarterly basis. The Continuous Transformation Plan was monitored by the board until February 2021.
2.20 In March 2021 the board noted a document titled Vision2025 which was developed by the Executive Committee21 to provide the organisation with ‘further clarity of direction at a time when the organisation was changing from building a subscriber base to becoming a lean wholesaler’. Vision2025 proposed that NBN Co would be ‘radically different by 2025’. The Executive Committee stated that it would use this new vision to assist in prioritising the transition initiatives to be undertaken.
2.21 In August 2021, in the transition update to the board, management identified that the transition activities from July 2020 to January 2021 focused on the reduction in scale build activity and the accompanying organisational restructure, substantial workforce change (total staffing levels, including contractors, were reduced by around 2,000 people), together with operating cost reductions and process efficiency. Management stated that it was in the process of determining its ‘50 Top Priorities’ to be implemented over 2021–22 to 2024–25 to assist with the transformation. In December 2021 the board noted the top priority initiatives were continuing to be refined and prioritised by management. Ten ‘priority tiers’ had been identified and were to be tracked by management.
2.22 In its March 2022 transition update to the board, management identified that it would focus on the prioritisation of initiatives which would be included in the 2023–26 integrated operating plan development process and corporate plan. From March 2022, there was no specific transition update provided to the board, initiatives would be incorporated into and monitored as general entity performance. The board ‘noted’ the approach taken by management and the early view of the Integrated Operating Plan 2023–26. The board ‘reviewed and noted’ the draft Integrated Operating Plan 2023–26 in March 2022 and ‘approved’ the Integrated Operating Plan 2023–26 in September 2022. A timeline of the key transition oversight activities by the board during 2020–21 to 2022–23 is illustrated in Figure 2.1.
Source: ANAO analysis of board and audit and risk committee papers.
2.23 In summary, between July 2020 and February 2021 the board received information about how the organisation was transforming. Over the next ten months to December 2021 transition initiatives were monitored by the board through general performance reporting and management provided updates on how it was reprioritising initiatives and decision making. After this time, the transition was solely monitored through the delivery of the integrated operating plans and performance reporting information provided to the board (described and examined in paragraph 4.4). The integrated operating plans do not set out a date at which NBN Co will be fully transformed into ‘a customer-led, trusted critical national infrastructure provider’. The internal vision for NBN Co to be ‘a brilliant wholesaler, enabling Australia’s digital future’ by 2025 was included in the Integrated Operating Plan 2022–25. This internal vision was also included in the integrated operating plans for 2023–26 and 2024–27. NBN Co management advised that monitoring of the transition was carried out by the executive committee rather than the accountable authority. It is the board, as the accountable authority, that is responsible for the performance of the GBE and for demonstrating the achievement of performance to the shareholder ministers.
2.24 In July 2020 and February 2021 the board was provided with a list of between five and seven transformation risks. These risks were to complement the risks managed by individual business units as part of business-as-usual activities. These risks were not assessed in accordance with NBN Co’s risk management policy (e.g. there was no assessment of impact and no identification of controls or risk treatment plans).
2.25 From June 2021 NBN Co changed how the strategic risks22 for the company were worded and rated. One strategic risk related to the transition was identified:
Transformation: ability to appropriately govern, resource, synchronise, and develop capabilities to meet nbn’s vision.
2.26 This risk was rated as ‘high’ and ‘trending upwards’. There was no underlying assessment of the controls for this risk, and no treatment plans were identified to bring the risk within the board’s risk appetite of ‘medium’ residual risk. There was also no documentation to indicate how long management expected the risk to be outside of risk appetite. Six monthly updates on the entity risk profile, including information on material business risks were provided to the board (described and examined in paragraphs 3.40 and 3.41). A detailed risk assessment, including information on controls, treatments and ratings for the transformation risk was first provided to the board in February 2023. This was the first time that the transformation risk was assessed to be within risk appetite. A timeline of the key transition updates for 2020–21 to 2022–23 is included at Figure 2.1.
Financial planning
Funding
2.27 In June 2011, the Australian Government and NBN Co entered into an Equity Funding Agreement, whereby equity funding of $29.5 billion was provided. In 2016–17 the Australian Government entered into a loan agreement with NBN Co for $19.5 billion. This loan is required to be repaid by 30 June 2024.23 As NBN Co transitioned from building to a customer-led operating business it was required to diversify its sources of funding in order to finance the repayment of the Commonwealth loan by the due date and to secure financing for future operations. In 2020 the Australian Government agreed to allow NBN Co to acquire private sector long-term debt. Since 2020 NBN Co has raised external funding in excess of $25 billion.
2.28 A Treasury Policy was initially developed and approved by the board in May 2020. The Treasury Policy sets out NBN Co’s approach to managing financial risk and capital planning, including key financial strategies and assumptions. In November 2020 the board established a Financing Committee to consider and approve matters relating to funding arrangements and debt capital markets.24 The Financing Committee regularly updated the board on its activities. The Treasury Policy also outlines the role of the centrally managed treasury function to develop and recommend treasury policies and strategies to the board, to negotiate and manage short and long term funding from financial institutions and capital markets, and to allow central management of NBN Co’s surplus cash position and financial market exposures.
2.29 In August 2020 the board approved the initial refinancing plan which was provided to the Commonwealth of Australia represented by the Department of Communications and the Department of Finance (the departments). The refinancing plan was prepared based on the requirements outlined in the loan agreement. The refinancing plan outlined the approach taken to generate funds to ensure the Commonwealth loan would be repaid by the agreed due date. The document stated that it aligned to the Integrated Operating Plan 2021–24 and information included in capital management plans. Quarterly refinancing plan updates are provided to the departments. The board or its sub-committees do not receive copies of these quarterly reports. At each board meeting the chief financial officer’s performance report is tabled and noted. This document provides information on key financial performance metrics, financial position and financial commentary. It also includes capital expenditure, debt funding and cash flow information. A treasury dashboard is also provided to the board which includes treasury policy compliance information. The board receives regular updates from the Financing Committee on transactions that have been approved and correspondence with shareholder ministers related to financing transaction approvals.
Monitoring
2.30 In March 2019 a Shareholder Information Deed was executed. This was an agreement between the shareholder (Commonwealth of Australia represented by the Department of Communications) and NBN Co. The Shareholder Information Deed outlined a range of information and a series of meetings to be undertaken between NBN Co and shareholder departments to assist the Commonwealth of Australia in monitoring and managing its financial interests and risks as the shareholder in NBN Co. The Shareholder Information Deed was amended in March 2020, November 2020 and April 2022.
2.31 The deed includes the requirement to submit a capital management plan annually, to prepare an annual integrated operating plan and to provide long range financial outlook information. During the transition period, long-term financial planning did not extend to the time horizon required by the Shareholder Information Deed but did support corporate plan and integrated operating plan development and timelines.
Did NBN Co transition plans and strategies reflect the build and operate requirements of the Statement of Expectations and other external and internal considerations?
NBN Co did not assure itself that transition plans and strategies reflected the priorities, objectives and approach required by the Australian Government as outlined in the statements of expectations. Other external and internal considerations were incorporated into strategy development and monitoring.
2.32 NBN Co operates in a commercial environment which is influenced not only by government expectations, which are expressed by the shareholder ministers, but also external and internal factors. External factors, such as the competitive environment, technology changes and the economy can influence how NBN Co is able to deliver on its strategies and can influence internal decision making. The ANAO assessed whether government expectations and external and internal factors were appropriately considered by the board when developing transition plans and strategies.
Statement of Expectations
2.33 A Statement of Expectations may be issued by the responsible minister(s) to Commonwealth entities. A Statement of Expectations provides greater clarity about the government’s policies and objectives relevant to the entity and the priorities the minister expects the entity to observe in conducting its operations. A Statement of Expectations is generally refreshed with every change in minister, where there are changes in Commonwealth policy or every two years. The Statement of Expectations can include information on the strategic direction of the entity and how the entity should engage with business, the community and other government entities. The Statement of Expectations usually includes an expectation for the Commonwealth entity to meet the highest standards of transparency, governance and accountability. The Statement of Expectations usually includes a request for the Commonwealth entity to include information in corporate plans and annual reports on how it intends to, and has, discharged its responsibilities under the Statement of Expectations during the reporting period.
2.34 Following receipt of a Statement of Expectations, the accountable authority of a Commonwealth entity can (although it is not required) respond to the minister(s) with a Statement of Intent which outlines how the entity intends to meet those expectations, including how it will demonstrate progress. The Statement of Intent may be broader in scope than the expectations set out in the Statement of Expectations, and offers an avenue to highlight any emerging risks or operational issues relevant to the delivery of the entity functions. The Statement of Intent usually includes information describing internal initiatives or structures, changes in systems or governance, and efforts to build staff capability and to foster an organisation culture that supports best practice. Generally, both the Statement of Expectations and Statement of Intent are made available on the Commonwealth entity’s website.
2.35 Three statements of expectations from shareholder ministers to NBN Co were in effect during the transition period. Each statement replaced the previous one. The content of each of the statements of expectations is summarised in Table 2.4 indicating changes in the Australian Government’s expectations of NBN Co over the transition period. The 2016 Statement of Expectations focused on the roll out of a network in a cost-effective way. The 2021 Statement of Expectations was issued after the national broadband network was declared that it should be treated as built and fully operational, and focused on the commercial viability of NBN Co, and the company’s priority for complying with PGPA Act and GBE requirements as the entity transitioned to its fully operational phase. The 2022 Statement of Expectations continued the emphasis on transparency, governance and accountability including outlining the specific roles of the board.
Statement of Expectations issue date |
Analysis of key content |
24 August 2016 |
The statement provided NBN Co the flexibility and discretion in operational, technology and network design decisions, within the constraints of the Equity Funding Agreement with the Commonwealth, and the Government’s broadband policy objectives. It stated that NBN Co should roll out a multi-technology mix network and build the network in a cost-effective way using the technology best matched to each area of Australia. In terms of transparency, accountability and planning, the statement specified that in operating its business NBN Co should be mindful of the principles of public transparency, communicating and managing risk and business planning in accordance with NBN Co’s obligations as a Government Business Enterprise. |
26 August 2021 |
This statement was issued following the declaration in December 2020 that the national broadband network should be treated as ‘built and fully operational’.a The statement guides NBN Co’s transition to its fully operational phase while ensuring its strategic direction remains aligned with the government’s objectives for the national broadband network. The statement included the government’s objectives (which had been broadened to support the goal for Australia to be a ‘leading digital economy and society by 2030’) and outlined specific service expectations. These service expectations included regional and remote requirements, and how the organisation would foster competitive and efficient markets. The statement had a greater emphasis on operating commercially and operating efficiently within NBN Co’s capital constraints. Governance and accountability requirements also became more specific including that NBN Co should adopt, as far as practicable, the ASX Corporate Governance Principles and Recommendations and ensure ongoing compliance with RMG 126 – GBE Guidelines and PGPA requirements, including for corporate planning and associated key performance indicators. The statement emphasised that the board is fully accountable to shareholder ministers for the achievement of the objects and purposes of the entity. The statement also suggested that the board should have access to a company secretary to whom the board members can raise matters confidentially and to seek advice as a governance expert.b |
19 December 2022 |
The statement articulated the government objectives and the purpose and objectives of NBN Co. The statement outlined the role and responsibilities of NBN Co including that the board has ultimate responsibility for the performance of the company and is accountable to the Government as its sole shareholder. It stated that NBN Co should observe the principles and obligations set out in RMG 126 – GBE Guidelines. More detailed and specific ‘initiative’ requirements were identified such as digital capability and productivity, equitable access e.g., connecting first nations Australians, and regional and remote expectations. Specific metrics and deadlines for these initiatives were provided or requested to be developed. |
Note a: Declaration that the NBN should be treated as built and fully operational, available from https://www.infrastructure.gov.au/sites/default/files/declaration-that-the-nbn-should-be-treated-as-built-and-fully-operational.pdf [accessed 20 February 2024].
Note b: NBN Co has had a company secretary since June 2010.
Source: ANAO analysis of NBN Co’s statements of expectations.
2.36 NBN Co has not prepared or published a Statement of Intent or any other response to any of the statements of expectations received. The board did not formally acknowledge the receipt of the statements of expectations except for their mention in the published corporate plans and annual reports. NBN Co does not have a process to confirm that statement of expectations’ requirements have been sufficiently incorporated into corporate plans and strategies or governance structures.
2.37 In February 2021 the board minutes included an action that ‘Management will align the content of the next version of the Statement of Expectations (SOE) to the Corporate Plan and highlight any gaps between the two documents when it next reports to the Board on the progress of the SOE’. No gap analysis was provided to the board and the action was closed by the board in July 2021.
Recommendation no.2
2.38 NBN Co establishes processes to assure itself that statement of expectations’ requirements have been sufficiently incorporated into corporate plans and strategies.
NBN Co Limited response: Agreed.
2.39 While NBN Co accepts the recommendation above, we note that NBN Co believes that the Statement of Expectations have been sufficiently incorporated into its operating strategies and corporate plans. This is reflected in the approval of corporate plans by the Board and the Shareholder Ministers. However, we acknowledge that there is no formal process to demonstrate this alignment. We therefore accept the ANAO recommendation that a formal process should be established by NBN Co to assure itself that Statement of Expectations requirements have been sufficiently incorporated into corporate plans and strategies.
External and internal considerations
2.40 The board holds annual strategic planning meetings with the NBN Co executive to assist with the development of integrated operating plans and corporate plans. Board strategy days were held on 15 December 2020, 16 November 2021, 15 November 2022 and 14 November 2023. Detailed agenda and papers were prepared and discussed during these meetings. The agendas included discussion and consideration of customer, technology and market trends, the competitive landscape and emerging risks. The strategic planning days included consideration of external and internal factors impacting on the development and achievement of company purposes and directions.
2.41 No meeting minutes or action items resulting from the board strategic planning meetings were prepared for strategy days held on 15 December 2020 or 16 November 2021. Meeting minutes and outcomes were documented for the strategy meetings held on 15 November 2022 and 14 November 2023. NBN Co management advised the ANAO in January 2024 that board strategic planning meetings were ‘not formal board meetings (which have protocols around minute taking) but rather set up as opportunities to hear and discuss the company strategy as well as what was happening in the market and hence conducted in a less formal setting consistent with the agenda’s at that time.’ Not keeping records diminishes the opportunity for the board to keep shareholder ministers informed, including in the event that shareholder ministers are not invited to or attend the strategic meeting (as required by RMG 126 – GBE Guidelines).
2.42 An integrated operating plan and corporate plan development process is undertaken by NBN Co. This commences with the board strategic planning day and the preparation of both draft and final integrated operating plans and corporate plans by management. These documents are discussed by the board. Shareholder departments provide comments on the draft integrated operating plans, and shareholder ministers may provide comment on the draft corporate plans. The board approves the final integrated operating plans and corporate plans. Shareholder ministers confirm the public release of corporate plans.
2.43 Over the transition period board meetings included a range of guest speakers to provide ongoing insight into the market, competition and future trends. The board received information related to internal and external factors which could impact material business risks and the achievement of key outcomes. Since June 2021, the board received, as part of the analysis of the six-monthly strategic risk profile, a paper outlining the ‘emerging risk profile’. This paper outlines risks and trends on the horizon which are not yet fully understood, unfamiliar or difficult to predict and quantify. This information is captured and analysed by management to identify how emerging issues may become strategic or operational risks or change the trajectory or velocity of NBN Co’s current risks.
2.44 Since February 2023 the board has received a paper on each of the 12 key outcomes of the company. A selection of outcomes are discussed at each meeting (i.e. rotated through each of the 12 outcomes on a cyclical basis). The papers prepared on each outcome included information on key challenges and opportunities, roadmaps for achievement (up to three years), competition and external factors, metrics and progress to date. This included analysis of internal and external factors impacting on the operations of the company.
2.45 At each board meeting the chief executive officer and the chief financial officer provide performance reports which include monitoring of a selection of financial and operational performance metrics. Commentary is included to explain variances including those which could be a result of emerging internal or external factors.
Did NBN Co transition plans and strategies incorporate detailed timelines and performance targets to meet the changing circumstances and needs of transition?
The initial transition horizon identified in board papers was four years to June 2024. Transition plans were prepared in July 2020. Since March 2022 the board has not received specific information about transition timelines and key milestones.
Until December 2023, the board and shareholder ministers did not receive information about how the company’s planned performance measures would contribute to the achievement of its purposes.
2.46 A principal objective of a GBE is that it adds to its shareholder value. RMG 126 – GBE Guidelines states that to achieve this mandate a GBE is expected to: operate efficiently, that is, at a minimum cost for a given scale and quality of outputs; price efficiently; and earn at least a commercial rate of return.25 In addition to setting a principal financial target, shareholder ministers may set other financial and non-financial targets in consultation with the GBE.26
Timelines
2.47 As discussed in paragraph 2.18, the board noted the Continuous Transformation Plan in July 2020. This Continuous Transformation Plan outlined timelines and key milestones which were separate from business-as-usual activities included in the integrated operating plan. When presenting the Continuous Transformation Plan to the board, management stated that ‘the planned transformation brings to life the IOP 21–24 focused on nbn’s six strategic pillars, using a mix of inflight programs and new transformation initiatives to achieve IOP targets’. Oversight of the Continuous Transformation Plan by the board was undertaken until February 2021. From this time, no distinction was made between transition and business-as-usual activities in documents presented to the board. Integrated operating plans, corporate plans or board reporting did not identify when transition would be completed. NBN Co management advised the ANAO in January 2024 that ‘notwithstanding the initial approach of monitoring the transition within a fixed timeline, that under the current approach the transition had been migrated into operations and was recognised as an on-going endeavour’. As discussed in paragraph 2.23, the incorporation of transition activities into the integrated operating plans creates a risk that the board is unable to see the completion of transition against timelines and key milestones.
Initiatives and performance metrics
2.48 The Integrated Operating Plan 2021–24 identified key activities to be undertaken against commitments in the plan. It did not provide information about how these activities were linked to the strategies and outcomes identified in the corporate plan or financial and non-financial performance metrics. From September 2020 the chief executive officer performance report tabled in board meetings included a ‘RAG assessment of enterprise-level key initiatives’.27 This document linked the initiatives being undertaken by the entity to the strategies included in the corporate plan. A tracking status of the initiatives was provided as either: red – initiative is off track and needs attention; amber – initiative has significant challenges with plan in place; or green – initiative is on track. The RAG assessment results for the end of 2020–21 were that of the 19 initiatives still in progress, four were identified as ‘amber’ and one was identified as ‘red’.
2.49 The Integrated Operating Plan 2022–25 identified nine key outcomes to be achieved but did not provide a link between these outcomes and the key strategies and value outcomes identified in the corporate plan or financial and non-financial performance metrics.
2.50 The Integrated Operating Plan 2023–26 identified twelve key outcomes to be achieved. These key outcomes were not linked to the strategies and outcomes included in the corporate plan but were linked to a series of 66 financial and non-financial metrics to be monitored by management. The Integrated Operating Plan 2024–27 included the same twelve key outcomes and also did not link these outcomes to the strategies and value outcomes included in the corporate plan. Sixty-nine financial and non-financial performance metrics were linked to the twelve key outcomes and were to be monitored by management.
2.51 None of the integrated operating plans examined included information on the milestones, cost or resourcing of the key activities, initiatives or outcomes. Information about cost and resourcing was included in the integrated operating plans at the entity level rather than the initiative or outcome level.
2.52 Board reporting on financial and non-financial measures is included in the chief executive officer and chief financial officer’s performance reports. Only a selection of metrics determined by management were included in these documents during the transition period. Progress against all performance metrics included in corporate plans and integrated operating plans was not provided comprehensively, or progressively to the board or shareholder ministers.
2.53 Since February 2023 the board has received papers that address the 12 key outcomes of the company (refer to paragraph 2.44).
2.54 As a GBE, NBN Co is required to provide confidential quarterly progress reports to shareholder ministers. The requirements of the progress reports include provision of an analysis of the GBE’s quarterly and year-to-date performance against corporate plan forecasts and analysis of performance against its broader corporate plan objectives, such as its key performance indicators and operational performance targets and forecasts. The quarterly progress report should also include major achievements during the period along with explanations for any changes to strategies.28 Quarterly progress reports prepared during the audit period included a selection of financial and non-financial performance targets and did not provide commentary or an analysis of performance against the entity’s broader corporate plan objectives.
3. Transition oversight arrangements
Areas examined
This chapter examines whether NBN Co’s oversight of transition arrangements was effective. It examines the implementation of arrangements for governance, risk management, compliance, assurance and stakeholder engagement.
Conclusion
Arrangements for the oversight of transition were largely effective. Communication with, and reporting to, shareholder ministers fell short of mandatory requirements. Requests from shareholder ministers that NBN Co comply with mandatory requirements made between September 2020 and September 2023 were not addressed until early 2024.
Until improvements were implemented in February 2023, transition risk information was not complete or accurate and did not consistently reflect the board’s risk appetite. NBN Co’s identification and monitoring of its finance law obligations was incomplete. NBN Co’s assurance and fraud control arrangements supported the transition.
Areas for improvement
The ANAO made one recommendation aimed at ensuring NBN Co responds to specific requests from shareholder ministers.
The ANAO identified two opportunities for improvement aimed at ensuring board and committee charters reflect PGPA Act requirements and ensuring compliance with both mandatory requirements and Shareholder Information Deed obligations.
3.1 The nature of the NBN Co Limited (NBN Co) transition is one of a shift in the balance of its two core functions of ‘building’ and ‘operating’ the national broadband network. NBN Co will continue both types of activities after completion of the transition. The transition reflects the shift in focus to being primarily on the operation of the network while continuing to build and upgrade the infrastructure supporting the network.
3.2 As discussed in paragraph 2.22 NBN Co’s oversight of the transition was mainly through regular monitoring of the integrated operating plan performance. This included the application of NBN Co’s existing governance and management approaches to facilitate oversight of how the organisation was transitioning.
3.3 The Constitution of NBN Co Limited outlines the roles and functions of the board and the chief executive officer, including the delegation of decision-making powers. The Statement of Expectations outlines board roles and responsibilities, including expectations of the board to meet the highest standards of transparency, governance and accountability for corporate and government-owned entities. Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines (RMG 126 – GBE Guidelines) outlines the mandatory compliance obligations for accountable authorities of a Government Business Enterprise (GBE).
3.4 The Public Governance, Performance and Accountability Act 2013 (PGPA Act) includes specific requirements for engagement with government and shareholder ministers, including keeping them informed about operations and change. NBN Co also has a range of other stakeholders which it must manage and engage including the public, retail service providers, customers, local communities, suppliers, state/territory and federal government, regulators, industry groups and investors.
Did NBN Co implement appropriate governance, risk management, compliance and assurance arrangements to support the transition?
Governance arrangements supported transition requirements and changes in business operations. Governance arrangements did not fully comply with the PGPA Act or reflect changes to the board’s role outlined in the shareholder ministers’ statements of expectations.
NBN Co management did not provide complete or accurate information to the board or shareholder ministers about risks and risk management during the transition. The board’s risk appetite was not consistently applied during the transition.
NBN Co’s oversight arrangements did not provide for complete identification and monitoring of its compliance with finance law obligations.
Governance
Board
3.5 The board of NBN Co is the accountable authority under finance law.29 The conduct of the board is subject to the provisions of the PGPA Act, the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), the Corporations Act 2001, the National Broadband Network Companies Act 2011 (NBN Act) and common law. The board has ultimate responsibility for the performance of the company, and the board is accountable to the shareholder ministers. At December 2023 the board comprised eight non-executive directors and one managing director who was the chief executive officer.
3.6 The board has established a charter to outline its role and how it will discharge its obligations. The board charter is supported by a forward work plan. The board charter was reviewed in December 2020, June 2021, December 2022 and December 2023. The changes made to the board charter over this period were not substantial.
3.7 The Constitution of NBN Co Limited has not been updated since 2013. The constitution has a bearing on how the company operates and this document should be updated when there are significant changes to the entity. The transition of the company from building to operating represents such a change. This includes updating the objects and powers outlined in the constitution. The outdated objects and powers outlined in the constitution are as follows.
The Company’s objects are to roll-out, operate and maintain a national wholesale broadband network while working closely with the Commonwealth during the implementation study in order to facilitate the implementation of Australian Government broadband policy and regulation.
3.8 RMG 126 – GBE Guidelines states that on an annual basis the board of a GBE is expected to assess its performance and the performance of the chair. The performance assessment of the board is to feed into the Annual Board Plan which is provided to shareholder ministers.30 The Annual Board Plan is prepared to provide shareholder ministers with information on the medium-term aims of the entity in terms of board composition, taking into account the strategic objectives of the entity and an assessment of the skill and diversity requirements of the board.
3.9 To assist in the preparation of the Annual Board Plan, the board charter identifies that an external review of board performance is undertaken on a biennial basis. An external review was conducted in September 2022. This review identified additional capabilities the board will need in the future including: digital and technology transformation expertise, understanding of the GBE environment, expertise in government and shareholder minister relationships and skills in the wider ecosphere in which the company operates.
3.10 The Annual Board Plan includes the completion of a board skills matrix. The matrix assesses the current skills and diversity of the board. The matrix used over the audit period was updated in December 2022 to include an additional board skillset of ‘sustainability’. The board skills matrix was not updated to reflect the future skill requirements identified in the September 2022 external review of board performance. In June 2023 the board recorded an action that the 2024 board skills matrix be reviewed and that ‘management consider the skills definitions currently used in the matrix, the scoring system, defining the acceptable minimum number of directors for certain skill sets and benchmarking the format of the matrix’. In December 2023 the board received a paper on skill matrix review outcomes. The board approved the preparation of a revised matrix.
3.11 The board has prepared a board induction pack to assist new members to understand the legal and professional obligations of being a director of the company. Since December 2021, in correspondence to the chair notifying them of new director appointments, shareholder ministers have reminded the chair of the expectation that ‘we encourage regular training updates to be provided to Directors to ensure that all are kept fully informed of their obligations’. No refresher training or briefings have been provided to directors reminding them of their obligations under the PGPA Act, the PGPA Rule, the Corporations Act 2001 or RMG 126 – GBE Guidelines. NBN Co management advised the ANAO in January 2024 that a biennial GBE legislative refresher update to the board will be scheduled commencing September 2024.
3.12 The board approves the key policies of NBN Co. In March 2023 a corporate policy refresh program commenced. The purpose of this program is to reduce the current 66 policies of the entity to 22 policies. It is also to re-confirm the most appropriate place in the governance structure to facilitate approval and review of these policies to promote efficient governance. The board approves policies related to: code of conduct, conflicts of interest, delegation of authority, continuous disclosure, safety and wellbeing, treasury, risk management and fraud and corruption control.
3.13 The board has established four sub-committees to assist it in achieving its objectives: the financing committee; the audit and risk committee; the nominations committee; and the people and remuneration committee.
Financing committee
3.14 The financing committee was established in November 2020 for the purpose of considering and approving matters relating to funding agreements and debt capital markets. The financing committee held six or seven meetings per year during the audit period. The financing committee consists of at least three members, at least one of whom is to have financial expertise in large scale corporate financing.
3.15 The financing committee charter was approved by the board in May 2021 and December 2023. The charter does not reflect all the functions performed by the financing committee. Over the transition period the committee reviewed and recommended to the board the Treasury Policy and approved the Capital Management Strategy. At the time, these functions were included in the audit and risk committee charter. Section 7.3 of the financing committee charter requires the committee to develop and maintain a forward schedule of proposed agenda items for each meeting for the forthcoming year and that it covers all the responsibilities outlined in the charter and an annual schedule of meeting dates, times and locations. This forward work schedule was not prepared over the transition period. In addition, section 4.2 of the charter requires the committee to report annually to the board, describing the committee’s composition, responsibilities and how they were discharged and any other necessary information. This report was not provided during the transition period. Minutes of the financing committee meetings were tabled at relevant board meetings.
Audit and risk committee
3.16 The audit and risk committee was established to assist the board in complying with its financial management, performance reporting, risk oversight and management, reporting obligations, internal control and compliance with relevant laws and policies. The audit and risk committee consists of at least three members, at least one member is to have financial expertise and the necessary technical knowledge and understanding of the industry in which the company operates.
3.17 The audit and risk committee charter was reviewed by the board in November 2021 and December 2023.
3.18 PGPA Rule 17 and 28, and RMG 126 – GBE Guidelines paragraph 3.32 state that the function of the audit committee must include reviewing the appropriateness of the GBE’s financial reporting, performance reporting, system of risk oversight and management and system of internal control. Although reviewing financial performance is included in the audit and risk committee charter, performance reporting of NBN Co’s achievement of its purpose is omitted from the role and functions of the committee. Performance reporting is also not included in the committee’s forward work plan. The audit and risk committee did not meet its PGPA Rule obligation of reviewing the appropriateness of performance reporting during the audit period. Part of the December 2023 charter changes was intended to include performance reporting as a responsibility of the committee. The following was added as a responsibility for performance reporting:
To the extent not already addressed by this Charter, the Committee will review performance reports provided by Management referred to in Sections 4.3 a (Financial); 4.5 e (Internal Audit); 4.6 b (External Audit) and 4.8 d (Risk) and, such other performance reports as agreed with Management from time to time.
3.19 These changes do not address the requirements of section 17 of the PGPA Rule or RMG 126 – GBE Guidelines. The changes do not distinguish performance reporting from financial reporting, system of risk oversight and management and system of internal control information. The audit committee’s responsibility for performance reporting includes, amongst other things, consideration of whether performance reports reflect the success of the entity in achieving its legislative purpose.
3.20 Until December 2023, section 4.3(f) of the charter (financial statements) stated that the role of the committee included to ‘monitor capital management, including optimisation of capital structure and maintenance of adequate liquidity and, the adoption of a capital management plan by the Board’. The audit and risk committee did not examine capital management outside of the financial statements. This was ‘noted’ or ‘approved’ by the financing committee.
3.21 The audit and risk committee charter requires the committee to confirm annually to the board that all responsibilities outlined in the charter have been carried out and section 9(a) states that the committee will review the performance of the committee as a whole taking into account the extent to which the committee has discharged its functions and responsibilities as detailed in the charters. A report was provided to the board in November 2020 and December 2023 outlining how the committee had discharged its responsibilities but no report was provided in 2021 or 2022.
Nominations committee
3.22 The nominations committee was established to assist the board in fulfilling its governance responsibilities in relation to the appointment, induction, independence and ongoing assessment of the skills and experience of directors, board composition, chief executive officer recruitment, succession planning and evaluating the performance of the board, its committees and directors. The nominations committee holds one meeting per year. The nominations committee consists of at least three members, including the chair of the board and chairs of the board’s sub-committees.
3.23 The nominations committee charter was reviewed by the board in June 2021 and December 2023. A forward schedule was developed for committee operations and meeting minutes were tabled at the relevant subsequent board meeting.
People and remuneration committee
3.24 The people and remuneration committee was established to assist the board in fulfilling its governance responsibilities in relation to establishing people management and remuneration policies and practices. The people and remuneration committee held seven meetings each year during the audit period. The people and remuneration committee consists of at least three members.
3.25 The people and remuneration committee charter was reviewed by the board in July 2021 and December 2023. The committee meeting minutes were tabled at the relevant subsequent board meeting.
Opportunity for improvement |
3.26 NBN Co could update governance charters to reflect Public Governance, Performance and Accountability Act 2013 (PGPA Act) and RMG 126 – GBE Guidelines roles and responsibilities. NBN Co could confirm that sub-committees appropriately discharge their terms of reference. |
Risk management
3.27 Accountable authorities of Commonwealth entities must establish and maintain an appropriate system of risk oversight and management for the entity.31 RMG 126 – GBE Guidelines also states that GBE boards are responsible for managing risks. Boards are expected to establish processes and practices within the entity to manage all risks associated with the entity’s operations.32 All GBEs are encouraged to consider applying the Commonwealth Risk Management Policy in relation to risk management frameworks and systems.
3.28 The board approved a risk management policy in August 2021, August 2022 and December 2023. The policy states that the framework is aligned to ISO 31000:2018 Risk management – Guidelines and outlines the roles and responsibilities for risk management within the company.
3.29 The August 2021 and August 2022 risk management policy included a board approved risk appetite statement. The December 2023 risk management policy excluded the board’s risk appetite statement. A paper to the board in December 2023 confirmed that the August 2022 risk appetite statement continued to be in effect. The risk appetite statement outlines the board’s stance toward risk taking across defined risk categories. The risk appetite statement directs management to respond to the risks in a manner that is consistent with the board approved risk appetite levels. The policy states that business units are required to manage their risks in a manner that is consistent with the risk appetite statement and to actively manage and address risks outside of the risk appetite levels. There is no policy requirement for management to report risks to the board which are outside of the board’s risk tolerance identified in the risk appetite statement. The policy states that the board receives information on material business risks.33
3.30 The NBN Co risk management policy states that the chief executive officer is to have overall responsibility for entity management systems, including the implementation of the risk management policy and effective risk management. The chief executive officer is to lead the development of a risk-aware culture and ensure the board is advised of material risk and risk management issues. Information on the organisation’s risk profile is to be reported to the board.
3.31 To fulfill its risk management responsibilities, the board is assisted by the audit and risk committee.
3.32 The board risk appetite statement identifies the ‘risk stances’ which should be applied by management to defined risk categories. The three risk stances are:
Open: Open to pursue significant opportunities or superior returns and accept that not all strategies will succeed.
Balanced: We take a careful and balanced approach, accepting that risks are part of doing business. We ensure these risks are managed in a commercially sensible way and in the best interests of customers.
Cautious: We take a cautious approach, where risk minimisation is the core objective, and all reasonably practicable measures must be taken to minimise or eliminate the risk where possible.
3.33 The board’s risk appetite was not consistently applied during the transition period and resulted in inaccurate risk information being reported to the board. For example, where the board’s risk appetite statement identified a ‘cautious’ approach and a target risk of ‘medium’ for a risk sub-category, management assessed and reported risks as ‘within risk appetite’ even though residual risk ratings were assessed as ‘high’. In November 2023, the audit and risk committee was advised that the risk appetite statement would be reviewed by management, tabled at the audit and risk committee and any changes communicated to the organisation in 2024.
Enterprise risk management strategy and risk maturity level
3.34 The board or the audit and risk committee noted the development of an enterprise risk management strategy during the transition period. Table 3.1 includes details of documents provided to the board and audit and risk committee about the risk management strategy.
Date |
Description |
August 2020 |
The board noted the 2020–21 to 2022–23 enterprise risk management strategy. This document outlined key activities to be undertaken by management over the three-year period. |
August 2021 |
The board noted a risk management strategy for 2021–22 that had been prepared by management. This document was a one-year view of activities, initiatives and tasks to be undertaken. It identified the quarter in which the activity was to be completed. |
August 2022 |
The audit and risk committee endorsed the enterprise risk management strategy for 2022–23. This document was a one-year view of activities, initiatives and tasks to be undertaken. It identified the quarter in which the activity was to be completed during the year. |
August 2023 |
The board noted the enterprise risk management strategy for 2023–24 prepared by management. This document was a one-year view of activities to be undertaken by management to evolve the risk management capability across the business. It was a list of activities and success measures. Timeframes for implementation and how success would be measured were not identified. A longer-range (two-year) risk strategy was presented to the February 2024 audit and risk committee. |
Source: ANAO analysis of board and audit and risk committee papers and minutes.
3.35 The audit and risk committee was provided with the results of an annual self-assessment performed by management on its risk management maturity. Management reported the following self-assessment results: 2020–21 an overall score of 3 out of 4, 2021–22 an overall score of 3.5 out of 534, 2022–23 an overall score of 3.67 out of 5. These assessments indicated that the maturity rating was in line with management and board expectations of a score of 3.5 out of 5 as NBN Co matured its risk management approach.
3.36 In November 2022 the audit and risk committee noted an internal audit report on risk management. The objective of the internal audit was to consider the design and operating effectiveness of the enterprise risk management framework and material business risks.
3.37 The report identified three high and three medium rated findings over the design of key processes and controls for enterprise risk management. The report identified that:
- the current material business risk assessment process does not fully support the direct identification and assessment of key controls;
- business unit control assessments are not being effectively performed;
- treatment plans are not being consistently defined, updated and monitored;
- the reporting structures adopted do not support an integrated view of risks and controls;
- assurance over risk management requires further development and maturity; and
- quality of risk and control data is impacted by resource capability and system useability.
3.38 In July 2023 management reported to the board that it had implemented 24 of the 26 actions to address the findings in the enterprise risk management internal audit. In December 2023 management advised the ANAO that all actions had been implemented.
3.39 RMG 126 – GBE Guidelines states that all GBEs are encouraged to consider applying the Commonwealth Risk Management Policy. NBN Co policy documents state that it ‘aligns’ to the Commonwealth Risk Management Policy. The ANAO assessed compliance with the Commonwealth Risk Management Policy 2023 and made the following observations:
- NBN Co risk management documentation does not clearly define the risk management responsibilities of officials as stipulated in the Commonwealth Risk Management Policy 2023. For example, the accountable authority, chief executive officer and audit and risk committee.
- Element 6 of the Commonwealth Risk Management Policy states that:
Entities must collaborate to manage shared risks. Shared risks are those risks extending beyond a single entity which require a collaborative effort of shared oversight and management. These include risks that extend across entities and may involve other sectors and jurisdictions. The management of shared risks should be agreed by all parties involved. Accountability and responsibility for the management of these risks should be identified and accepted by those best positioned to manage them.35
As a GBE, NBN Co has a range of external stakeholders from which shared risks may arise, including those with shareholder ministers and service delivery partners. NBN Co risk management documents recognise that NBN Co has shared risks, but does not detail processes or approach to how accountability and responsibility for these risks will be identified and discharged. A public contribution to this audit identified that at least one service delivery partner was concerned that NBN Co’s approach to identifying and managing shared risks was not based on a common understanding of the impact of those shared risks.
Board analysis of risk information relevant to the transition
3.40 The board is provided with six-monthly strategic risk profile updates, which include an analysis of the strategic and operational risk profile of the company, discussion of emerging risks and information on the material business risks of the entity. During the transition period the level and type of material business risk information examined by the board evolved. Figure 3.1 outlines the evolution of risk information provided to the board or audit and risk committee.
Source: ANAO analysis of board and audit and risk committee papers and management prepared risk registers.
3.41 Figure 3.1 highlights that the board was not provided with information on whether material business risks were within risk appetite until May 2022 and did not receive information from management about whether treatment plans would bring risks to within risk appetite until August 2022. Detailed information on risks, controls and treatments was not provided to the board until February 2023. February 2023 marked a positive change in the level of detail of material business risk information and analysis provided to the board. February 2023 was also when the material business risk related to the transition was first considered by management to be within the board’s risk appetite.
Risk information provided to shareholder ministers
3.42 Section 4.17 of RMG 126 – GBE Guidelines states that the board must keep shareholder ministers informed of risk management strategies by outlining them in corporate plans and progress reports. In addition, corporate plans and progress reports are expected to contain a statement from the board to shareholder ministers that the entity has appropriate risk management policies and practices in place and that adequate systems and expertise are being applied to achieve compliance with those policies.
3.43 RMG 126 – GBE Guidelines includes a supplementary requirement that risk information included in corporate plans sufficiently addresses risk management policies, including the strategies for managing risks and identification of the current risk ratings and target risk ratings following the implementation of mitigation strategies.36 The confidential quarterly progress reports (which are to include risk information) are to be provided by the chair of the GBE to the shareholder ministers.37
3.44 Until November 202338, quarterly progress reports were provided to shareholder ministers by management rather than the chair of the board as required by RMG 126 – GBE Guidelines. This function had not been delegated by the board to management. The risk information included in the quarterly progress reports was a description of the material business risk and high-level controls and mitigations and a residual risk rating for each risk. The quarterly progress reports did not provide the required information on:
- target risk rating and whether material business risks were within the entity’s risk appetite;
- information to understand how long material business risks were expected to be outside of risk appetite and whether treatment plans had been developed and were in progress; or
- a statement from the board to shareholder ministers that the entity had appropriate risk management policies and practices in place and that adequate systems and expertise were being applied to achieve compliance with those policies.
3.45 The content of the risk information included in quarterly progress reports to shareholder ministers did not change over the transition period. During this time shareholder ministers, on three occasions, wrote to NBN Co highlighting its failure to meet mandatory requirements for quarterly progress reports to include sufficient information on risk and to meet the information requirements of RMG 126 – GBE Guidelines. Table 3.2 summarises the shareholder ministers’ expectations over the transition period related to risk reporting.
Excerpt of shareholder ministers’ correspondence |
21 September 2020
|
12 August 2021
|
4 September 2023
|
Source: ANAO analysis of shareholder minister correspondence to NBN Co.
Recommendation no.3
3.46 NBN Co ensures information provided to shareholder ministers responds to specific requests.
NBN Co Limited response: Agreed.
3.47 We accept the ANAO’s recommendation that NBN Co should provide its Shareholders with information that directly addresses their specific requests. Whilst NBN Co already provides a significant amount of analysis, forecasts, strategic and planning data to the Shareholder Departments and Ministers, we are committed to taking further measures, including those outlined in our response to Recommendation 1, to ensure the Shareholder Departments’ and Ministers’ requests are addressed in full.
Fraud prevention and detection
3.48 The board approves a fraud and corruption control policy. The policy was last approved in June 2023. The policy outlines NBN Co’s approach to managing fraud and corruption and the roles, responsibilities and expectations of employees, contractors and directors to support its approach. The policy states that NBN Co has regard to the Commonwealth Fraud Control Framework (2017) and AS 8001–2021: Fraud and Corruption Control Standards.
3.49 The audit and risk committee approves a fraud and corruption control plan. The fraud and corruption control plan was approved in November 2022 and November 2023. The fraud and corruption control plan outlines the entity’s approach for preventing, detecting and dealing with fraud. This includes detailed strategies, actions and controls for mitigating, monitoring and reporting fraud risks. The fraud and corruption control plan contains a fraud and corruption risk assessment which is updated annually. The fraud and corruption risk assessment identifies eight fraud and corruption risks. The fraud and corruption risks have remained largely unchanged over the transition period, but the risk assessment was updated to reflect changes in the control environment.
3.50 NBN Co’s approach to fraud and corruption control complies with the Commonwealth Fraud Control Framework (2017).
3.51 The board and audit and risk committee receives regular information to monitor fraud prevention and detection activities. Each year the board approves the internal audit charter which articulates the oversight responsibilities of the fraud management and investigation function. The internal audit charter was last approved in May 2023. The charter includes activities related to fraud investigations, monitoring of conflicts of interest and gifts and benefits policy compliance, and the development and execution of fraud and ethics training and awareness programs.
3.52 The audit and risk committee also approves an internal audit and fraud strategic plan which includes details of planned activities to be undertaken by the fraud management and investigation function. The Internal Audit and Fraud Strategic Plan FY23–25 was approved by the audit and risk committee in June 2022.
3.53 Once a year the internal audit and fraud function presents an Annual Perspectives Report on the activities performed during the financial year. This document provides a summary of fraud management and investigation activities undertaken and any results and comparisons to the preceding year. The Annual Perspectives Report also analyses the root cause of any systemic issues identified. The most recent Annual Perspectives Report was tabled in July 2023 and identified that the fraud function completed eight fraud investigations and five fraud risk reviews in 2022–23.
3.54 Summary information on fraud management and investigation activity is regularly provided to the audit and risk committee. This includes the status of any agreed management actions arising from previous reviews. Detailed information on fraud compliance activities such as investigation timelines and outcomes, results of compliance activities and remediation are not included in reporting to the audit and risk committee. This detailed information is provided in quarterly integrity reports to the NBN Co executive committee and management. Management confirmed to the ANAO in October 2023 that there were no instances of fraud that required reporting to the audit and risk committee or board over the transition period.
Compliance
3.55 An enterprise compliance management policy was introduced in August 2021 and updated in August 2022 and November 2023. The August 2022 enterprise compliance management policy provided a framework for managing compliance obligations that, if breached, would likely result in ‘material’ consequences to the entity. What constituted a ‘material’ consequence was not defined in the policy. NBN Co management advised the ANAO that compliance with PGPA Act and RMG 126 – GBE Guidelines would be considered to be ‘material’ to the company.39
3.56 A compliance breach may be treated as a performance issue, or in cases of deliberate serious breach, may result in disciplinary action. To date, no breaches or areas of non-compliance identified by the program or business units have been reported to the audit and risk committee or board.
3.57 The enterprise compliance management policy states that compliance program domains (embedded in most business units) are responsible for both identifying and monitoring NBN Co compliance obligations. Enterprise Compliance is responsible for providing oversight of the enterprise compliance management program and supporting compliance program domains and business units.
3.58 A compliance register has been prepared by NBN Co to assist with the enterprise compliance management program. The compliance register identifies the relevant domain, compliance obligation and authority document. A brief description of the compliance requirement is also provided. ANAO compared the compliance requirements under the PGPA Act and RMG 126 – GBE Guidelines relevant to the scope of this performance audit to the compliance register. Compliance obligations are identified at a high level rather than at a detailed level. For example, the register identifies corporate planning in accordance with RMG 126 – GBE Guidelines but not the specific requirements (e.g., time period, coverage and minimum key performance measures).
3.59 The register does not identify some of the compliance requirements where non-compliance was identified during this performance audit. For example, the need for confidential quarterly progress reports to be provided to shareholder ministers under paragraph 3.12 of RMG 126 – GBE Guidelines was not identified in the register. In addition, while the register correctly identified PGPA Act requirements, such as the role of the audit committee, these roles were not included in NBN Co governance documents such as charters and policies.
3.60 In August 2022 the audit and risk committee received information related to the enterprise compliance program progress. The information provided in the 2021–22 compliance domain fitness check provided results and information on the priorities for enterprise compliance for 2022–23. The domain fitness check results were presented to provide insight into the establishment of the new enterprise compliance program and to provide information on whether, for the entity as a whole, compliance domain areas were fulfilling their responsibilities for identifying and complying with material compliance obligations. The fitness check provided an overall score for the entity of 3 out of 5. The domains assessed included: people, privacy, security, finance, records management, corporate governance, and legal and regulatory.40 In July 2023 the 2022–23 compliance domain fitness check results were presented. The 2022–23 result was 2.7 out of 5. The management priorities for 2023–24 included a focus on driving compliance accountability and establishing a Compliance Assurance Map and program of work.
Assurance
3.61 The board has established an audit and risk committee. Refer to paragraph 3.16 for information on the establishment and mandate of the committee. The audit and risk committee receives information to support its monitoring of the internal and external assurance activities and arrangements of the entity.
3.62 Each year the board approves the internal audit charter. The internal audit charter provides a framework for NBN Co’s internal audit and fraud function which includes its roles and responsibilities related to internal audits, audit support services and non-audit services (such as fraud investigations). The internal audit charter was last approved in May 2023.
3.63 An annual quality review of the internal audit and fraud function is reported to the audit and risk committee. The most recent results were tabled in July 2023. The review assessed the internal audit and fraud function as ‘generally conforms’ with the Institute of Internal Auditors Standards. The audit and risk committee also noted the detailed internal audit methodology and processes to be used by the function when executing its activities.
3.64 The audit and risk committee approves an internal audit and fraud strategic plan which includes details of planned activities to be undertaken by the internal audit and fraud function. The Internal Audit and Fraud Strategic Plan FY23–25 was approved by the audit and risk committee in June 2022. The internal audit activities included in the plan are mapped against material business risks and key outcomes of the entity. This captures any internal audit activity relevant to the transition.
3.65 Every six months the audit and risk committee receives a half year assurance update on activities and outcomes. Once a year NBN Co internal audit presents an Annual Perspectives Report on the activities performed during the financial year. This document provides an analysis of internal audit activities undertaken and any results and comparisons with the preceding year. The Annual Perspectives Report also analyses the root cause of any systemic issues identified. The most recent Annual Perspectives Report was tabled in July 2023 and identified 18 internal audit reviews had been completed in 2022–23 which identified 70 findings and 208 management actions across seven NBN Co business units and three delivery partners. One hundred and sixty-five internal audit management actions were reported as closed ‘on time’ in 2022–23.
3.66 In July 2023 the audit and risk committee noted an overview of the proposed enterprise control assurance framework. The framework outlined the process for providing management and the board confidence in the effectiveness of control activities. The framework uses a three-line assurance model. The update indicated that an enterprise control assurance map was being prepared.
3.67 Internal audit reports and outcomes are tabled at and discussed by the audit and risk committee. The implementation of management actions to address internal audit recommendations are also tracked and monitored by the committee.
3.68 The audit and risk committee approves the appointment of internal audit co-sourced providers.
Has NBN Co effectively engaged with the Australian Government and other stakeholders about the transition?
NBN Co has not met its obligations for communication with, and reporting to, shareholder ministers. During the transition quarterly progress reports did not include all mandatory content and were provided to shareholder ministers by management rather than the board chair as required by RMG 126 – GBE Guidelines. This was rectified early in 2024 but only after three written requests from shareholder ministers. Information requirements of the Shareholder Information Deed have not been met.
3.69 Effective stakeholder management ensures that key stakeholders are identified and their needs and communication preferences are understood and addressed. Effective stakeholder engagement ensures that key stakeholders are informed of the requirements for, and status of, the transition and the impact on services, achievements and future directions. Feedback and satisfaction levels of key stakeholders should also be gathered, analysed and used in decision making.
Stakeholder engagement strategy and management plan
3.70 The NBN Co corporate affairs group has responsibility for coordination of stakeholder engagement and management. Corporate affairs has several teams which focus on government relations, stakeholder relations, employee communications, media relations, social media and planning. For each year during the transition period corporate affairs prepared a plan on a page which identified priorities, initiatives, key outcomes and metrics to be delivered by the corporate affairs teams.
3.71 The government relations team is responsible for supporting the business with meeting the company’s reporting obligations under the PGPA Act, providing information to shareholder ministers and departments, and information to governments at both federal and state/territory levels. The stakeholder relations team is responsible for the management of partnerships and supporting a range of community and national stakeholders across cities development, industry, business and digital inclusion. To assist with the coordination of information across relevant agencies or organisations, corporate affairs has prepared a matrix (RACI analysis41) to indicate which staff teams will be accountable and coordinate correspondence for key organisations. For example, federal government relations staff are the segment owner for all engagement with shareholder ministers and federal government departments.
3.72 At each board meeting, as part of the chief executive officer’s performance report, an attachment is included which provides dashboards for corporate affairs activities. This dashboard summarises the progress of key metrics or drivers, and highlights key activities in the areas of ‘integrated communication, government relations, state corporate affairs, media and external communications, and employee communication’. This includes information on key communication and media events undertaken, and key initiatives in progress.
3.73 In August 2021 the board was provided with an update on ‘reputation’ including that management proposed to adopt the RepTrak reputation measurement model to identify how reputation was aligning to the Vision2025 strategy to ‘be recognised as a trusted organisation’. Management stated that ‘the model is widely used and is benchmarkable with other companies and utilises survey methodology to measure reputation’. The paper identified that ‘in addition to the public reputation survey, management plans to commission separate annual stakeholder surveys to better understand and listen to the views of key stakeholders. These include: federal government, state government, metro, regional, RSPs [Retail Service Providers], investors and suppliers’.
3.74 Reputation scores from the measurement model are allocated out of 100 and tiered, based on RepTrak research from thousands of global companies, where 80+ is Excellent, 70–79 is Strong, 60–69 is Average, 40–59 is Weak, and 0–39 is Poor.
3.75 In July 2022 the board was provided with an update on ‘reputation’ where annual reputation scores were provided. Over the twelve-month period, reputation scores increased from 55 to 58. Strategic communication insights were obtained from the paper which would be used by management to feed into the corporate affairs strategic communication approach. The paper identified that NBN Co had a target RepTrak score of 65 by 2025.
3.76 In November 2022 the audit and risk committee was provided with a deep dive into the material business risk related to ‘stakeholder trust and social licence’. This document provided information on the effectiveness of controls to mitigate the risk of: ‘loss of trust or confidence by customers, shareholder, investors, Government, the community, retail service providers or industry stakeholder impacting nbn’s brand, reputation, and social licence to operate’. The paper identified that the residual risk for this material business risk was ‘high’ and outside of board risk appetite. The target risk rating was ‘medium’ residual risk. The paper identified that the 2022–23 year-to-date average RepTrak score was 60.4. In May 2023 the audit and risk committee was provided with an update to the material business risk for stakeholder trust and social licence. This identified that the residual risk rating for the risk was ‘medium’ and was within board risk appetite.
Engagement with shareholder ministers about the transition
3.77 Section 91 of the PGPA Act requires Commonwealth companies to keep the responsible ministers informed of activities. The board of a GBE must keep shareholder ministers informed of activities and follow a disclosure principle which is similar to the continuous disclosure requirements of the ASX Listing Rules.42 If a GBE becomes aware of any information that may have a material effect on the company’s value or performance, that information must be provided immediately to shareholder ministers. This may include significant changes to the business environment and risks which may impact on the achievement of planned activities and financial projections such as revenue.
3.78 In addition, confidential quarterly reports are to be provided by the board chair to shareholder ministers by specified dates. Content requirements of these reports are outlined in RMG 126 – GBE Guidelines. This includes:
- analysis of quarterly and year-to-date performance against corporate plan forecasts;
- detailed analysis of revenue and expense performance against forecast;
- analysis of performance against broader corporate plan objectives and major achievements during the period along with explanations for any changes to strategies;
- risk management information; and
- a clear statement of the company’s outlook for the rest of the financial year in terms of meeting its full year forecast, those risks that may result in financial results not being indicative of future performance of the entity and opportunities arising and management plans.43
3.79 As detailed in paragraph 2.30, in March 2019 the first Shareholder Information Deed was executed. This was an agreement between the shareholder (Commonwealth of Australia represented by the Department of Communications) and NBN Co.44 The information requirements outlined in the deed do not replace the obligations of the entity to inform shareholder ministers of activities or to provide reports and documents as outlined in the PGPA Act or RMG 126 – GBE Guidelines. The Shareholder Information Deed reiterates that NBN Co must comply with GBE mandatory requirements.
7.1 (a) The Company undertakes to meet its obligations under the performance reporting and governance framework as established by the PGPA Act and the GBE Guidelines or as otherwise set out in Australian Government policy as communicated by the Shareholder by notice in writing to the Company, including in the most recent Statement of Expectations
7.1 (b) …The Company will: … submit Quarterly Progress Reports in accordance with 3.12 and Table 2 of the GBE Guidelines and … confirm that it is compliance with minimum key performance indicators set out in Table 4 of the GBE Guidelines … meet its obligations under the NBN Legislation, PGPA Act and the PGPA Rule
3.80 The Shareholder Information Deed requires NBN Co to prepare a range of information about its objectives, key performance indicators, forecasts and progress. This includes the preparation of an annual integrated operating plan, four-year financial forecast, capital management strategy, long-range financial outlook, monthly shareholder reports and quarterly progress reports.
3.81 Some of the reports and information required by the deed were not being provided by NBN Co (for example, monthly shareholder reports did not include all information requirements). The Shareholder Information Deed was formally amended in March 2020, November 2020 and April 2022 and includes provision for annual review of the reporting obligations specified in the deed. NBN Co does not perform an annual review of the deed, but conducts reviews when it considers necessary. NBN Co management indicated that it is currently working with shareholder departments to update the Shareholder Information Deed requirements to reflect current operations. NBN Co advised the ANAO that it expects formal negotiations on the new deed will commence in March 2024 and the revised deed executed by June 2024. NBN Co management stated that:
not all information under the Deed was provided due to the Departments not requiring the continued provision of this information. The information requirements between NBN and the Departments are dynamic and changes to requirements cannot practically be recorded frequently through changes to the SID but are dealt with via open and frequent communication with the Departments.
3.82 NBN Co is not complying with the deed and has agreed alternative arrangements for the provision of information with shareholder department staff. Agreements between NBN Co management and shareholder department staff relating to the provision of information do not replace or change the information obligations set out in the deed.
3.83 To facilitate the exchange of information with shareholder ministers and departments, a portal has been established. The approach adopted by NBN Co for the preparation and management of information included in the portal is that relevant line areas prepare the technical content and this information is included in the portal by NBN Co corporate affairs. Shareholder ministers, through their offices, and shareholder department staff, are alerted to the inclusion of relevant material in the portal by group emails. A log of all information included in the portal can be generated. This information includes when the information was uploaded into the portal to evidence compliance with key deadlines outlined in the Shareholder Information Deed. Corporate affairs also maintains a manual Excel correspondence tracker which logs information that is exchanged between NBN Co and shareholder ministers. This tracker includes some information which has been communicated via the portal.
3.84 The board has approved a continuous disclosure policy. The stated purpose of this policy includes to:
assist nbn to comply with its continuous disclosure obligations under the GBE Guidelines and the PGPA Act, as reinforced by the Shareholder Information Deed with the Commonwealth;
reflect nbn’s commitment to meeting its Shareholder Ministers’ expectations as expressed in the Statement of Expectations (as updated from time to time, including in relation to improved reporting and transparency measures);
3.85 The policy defines disclosable information as:
any information that has a material effect on nbn’s value and/or performance; may have a material effect on the price or value of its debt securities or an investor’s decision whether to trade in such debt securities; or is required pursuant to Shareholder Minister Disclosure …
3.86 The continuous disclosure policy was approved by the board in November 2021 and February 2023. The policy was updated to reflect changes in NBN Co responsibilities and operations as a result of transition, including changes to the financial strategy and processes for issuing debt.
3.87 In addition, to assist the board to identify what information should be provided to shareholder ministers, the standard template used for board meeting papers includes a prompt to identify if notification to shareholder ministers is required based on the content of the paper.
3.88 Correspondence between the shareholder ministers and the accountable authority is tabled in board papers. Generally, this correspondence is ‘noted’ by board members in meeting minutes. As discussed in paragraph 3.45 during the transition period, the accountable authority received a range of correspondence from shareholder ministers which outlined expectations for the content of corporate plans, the preparation of key performance indicators and quarterly progress reports. The responses provided by the company to shareholder ministers correspondence did not always address the matters outlined in shareholder ministers’ correspondence. Table 3.3 highlights NBN Co responses which did not address matters outlined in correspondence from shareholder ministers.
Excerpt of shareholder ministers correspondence |
NBN Co response to shareholder ministers |
21 September 2020
|
No confidential addendum was made to the corporate plan. The content of the integrated operating plan and quarterly progress reports did not change from the previous versions provided to shareholder departments for the period 2021–24. The financial and non-financial key performance indicators used in corporate plan and integrated operating plan did not align to the minimum key performance indicators outlined in RMG 126 – GBE Guidelines or include the required risk information outlined in RMG 126 – GBE Guidelines (this is further discussed at paragraph 2.12 to 2.14) |
22 May 2023
|
The NBN Co response dated 30 June 2023 did not provide a confidential corporate plan alongside the public version of the corporate plan. Instead, a letter to shareholder ministers was provided which included information on specific topics and questions provided to the company from the shareholder departments when reviewing draft integrated operating plans and a copy of the final integrated operating plan. In its letter NBN Co stated:
|
14 August 2023
|
On 15 December 2023, a confidential version of the Corporate Plan 2024–27 was provided to shareholder ministers. RMG 126 – GBE Guidelines paragraph 3.7 states that ‘Corporate Plans should be provided to Shareholder Ministers with sufficient time for Shareholder Ministers to provide comments if they wish to do so’. The confidential corporate plan has been assessed against mandatory compliance requirements at paragraphs 2.5 to 2.15. Rather than providing an unredacted corporate plan, NBN Co provided shareholder ministers with a ‘confidential corporate plan’ that comprised an additional four documents totalling 128 pages much of which was management information and reports. |
4 September 2023
|
The quarterly progress report for September 2023 which was submitted to shareholder ministers on 10 November 2023, did not include the requirements outlined in paragraph 3.12 of the RMG 126 – GBE Guidelines (this is further described in paragraph 3.45). Although the quarterly progress report was included in formal correspondence from the board chair, the content and format of the quarterly progress report did not change from prior periods. |
Source: ANAO analysis of correspondence between NBN Co and shareholder ministers.
Opportunity for improvement |
3.89 NBN Co could ensure that processes are in place to comply with both mandatory requirements and Shareholder Information Deed obligations. Agreements with shareholder departments cannot replace or alter mandatory reporting and communication requirements under PGPA Act and RMG 126 – GBE Guidelines. |
4. Monitoring and reporting
Areas examined
This chapter examines whether NBN Co’s monitoring and reporting demonstrates that it has effectively transitioned its business to support its focus on operating and enhancing the network.
Conclusion
NBN Co’s monitoring and reporting demonstrates that it has been largely effective in transitioning its business to support a focus on operating and enhancing the national broadband network. NBN Co’s performance monitoring and reporting did not meet the content requirements of a government business enterprise. NBN Co has demonstrated that its activities and performance expectations have adapted over time to reflect transition performance and outcomes.
Areas for improvement
The ANAO made no recommendations.
4.1 Appropriate monitoring and reporting arrangements are those which comply with Commonwealth legislation and policy requirements and are consistent with any standards and better practice that has been adopted by the entity. Monitoring and reporting arrangements should provide insight into the ongoing efficiency and effectiveness of the organisation over time, and link to the strategic objectives of the organisation. Effective monitoring and reporting should capture lessons learnt and provide a structured approach to tracking the implementation of change.
Has NBN Co developed appropriate monitoring and reporting arrangements to provide insight into the ongoing efficiency and effectiveness of the transition?
The board received reports and information about NBN Co’s performance during the transition. NBN Co’s performance monitoring and reporting did not meet the content requirements of a government business enterprise.
4.2 Performance measurement involves collecting, analysing and reporting information about the performance of the Commonwealth company against its purposes, including how this was relevant to the transition from building to operating the national broadband network. Having effective performance reporting and monitoring arrangements is a key aspect of good governance. Effective performance measurement enables entities to: measure and assess their progress toward achieving their purposes; drive desired changes in the efficiency and effectiveness of services; and to demonstrate whether the use of public resources is making a difference and delivering on government objectives.
Monitoring arrangements
4.3 NBN Co does not have a documented performance measure development and monitoring framework. Notwithstanding, NBN Co develops and monitors a range of performance measures and targets. The board oversights the development, and approves, performance measurement and monitoring information for the company as part of the corporate plan and integrated operating plan development and reporting processes. Refer to paragraphs 2.12 to 2.15 for information on the number and type of performance measures used by NBN Co to demonstrate performance and to assess the company’s achievement of its purposes.
4.4 Performance measures and targets are provided to the board for monitoring. This is achieved through consideration of a range of information received at board meetings, including:
- chief executive officer performance reporting, which includes information on the status of key initiatives and outcomes, significant activities undertaken over the prior month and analysis of year-to-date results;
- chief financial officer performance reporting, which includes comparative information and commentary on monthly and year-to-date results for a selection of financial and operating performance measures. This includes financial analysis, cash flow and a treasury dashboard;
- policies and procedures which are subject to board approval;
- presentations and papers from management on strategy, initiatives and status updates; and
- since February 2023, board papers have been provided on each of the 12 key outcomes of the company (refer to paragraph 2.44).
4.5 Refer to paragraphs 2.11 to 2.14 for analysis of the number and type of performance measures used, and the use of the minimum key performance measures for Government Business Enterprises (GBEs) identified in Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines (RMG 126 – GBE Guidelines). Refer to paragraphs 2.48 to 2.54 for the extent of analysis of achievement of entity purposes, strategies and performance measures in corporate plans and quarterly progress reports to shareholder ministers.
Reporting arrangements
Annual reports
4.6 A Commonwealth company that is a GBE must prepare annual reports in accordance with section 97 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), and any relevant rules, the Corporations Act 2001, and any other applicable legislation and guidance issued by the Minister for Finance.45 Annual reports are to include comments on the performance against financial and non-financial expectations outlined in the corporate plan relating to that financial year and are to detail key governance practices. The information on governance practices can be modelled against the ASX Corporate Governance Principles and Recommendations and may include, but is not limited to, board committees of the company and their main responsibilities, education and performance review processes for directors, and ethics and risk management processes. GBEs are also to note that the Auditor-General is able to conduct a performance audit of the entity in the circumstances outlined in the Auditor-General Act 1997.46
4.7 RMG 126 – GBE Guidelines states that one of the key principles underpinning the guidelines is that information produced for shareholder ministers and the community should accord to the highest standards. Where possible, information should be provided in a consistent format to enable ready comparison with information provided previously by the GBE. For example, the reporting of key performance metrics in annual reports and corporate plans.47
4.8 NBN Co prepares and publishes an annual report each year. The annual report is reviewed by the audit and risk committee, and approved by the board. Selected content of the annual report is also subject to assurance activities (both financial and non-financial assurance is reviewed). Refer to paragraphs 3.61 to 3.68 for additional details on NBN Co’s oversight of assurance arrangements.
4.9 The ANAO analysed the content of annual reports for 2019–20 to 2022–23 to assess whether the information provided relating to the transition of the company from building to operating the national broadband network was sufficient. The assessment is provided in Table 4.1.
PGPA Act reference and topic |
Requirement |
2019–20 |
2020–21 |
2021–22 |
2022–23 |
28E(aa) — Assessment of company performance |
The results of a measurement and assessment of the company’s performance during the period, including the results of a measurement and assessment of the company’s performance against any performance measures and any targets included in the company’s corporate plan for the period. |
▲ |
▲ |
▲ |
▲ |
28E(l) — Significant changes |
Any significant activities or changes that affected the operations or structure of the company during the reporting period. |
▲ |
▲ |
▲ |
▲ |
28E(n) — Reports on the entity |
Particulars of any report on the company given by:
|
■ |
◆ |
◆ |
◆ |
28F(2) — Exclusion of information |
A statement regarding the exclusion of information on the grounds that the information is commercially sensitive and would likely result in unreasonable commercial prejudice to the government business enterprise. Information may be excluded if the directors of the government business enterprise believe, on reasonable grounds, that the information is commercially sensitive and would be likely to result in unreasonable commercial prejudice to the government business enterprise. The annual report must state whether such information has been excluded. |
◆ |
◆ |
■ |
■ |
Key: ◆ Fully compliant ▲ Partially compliant ■ Not compliant
Source: ANAO analysis of NBN Co annual reports for 2019–20, 2020–21, 2021–22 and 2022–23.
4.10 The ‘assessment of company performance’ requirement was assessed as ‘partially compliant’ for each reporting period. Annual reports presented the assessment of company performance against prior year actual results rather than corporate plan targets. In addition, since 2021–22 financial and operating performance measures and targets have not been included in sufficient detail in corporate plans and therefore could not be used as comparisons within annual reports. There was no structured mapping between strategies and performance measures and the targets included in corporate plans. There was insufficient insight for readers into how achievement of targets included in annual reports demonstrated the achievement of the entity’s purposes, strategies and value outcomes. Refer to paragraphs 2.48 to 2.54 for a more detailed assessment of financial and operational performance measures and targets included in corporate plans.
4.11 The ‘significant changes’ requirement was assessed as ‘partially compliant’ for all of the annual reports. The annual reports directed the reader to a paragraph in the annual report which stated ‘other than the information set out in the operating and financial review section, there were no significant changes in the state of affairs of the company’. In these annual reports the ‘operating and financial section’ of the annual report was essentially the body of the annual report (referred to in 2019–20 and 2020–21 as the directors’ report). Each of these sections ranged from 56 to 80 pages. This did not provide the reader with sufficient insight or guidance to information on the ‘significant activities or changes that affected the operations or structure of the company during the reporting period’. For example, in 2020–21, board papers noted that there were significant changes to the affairs of the company during the period, such as a reduction in scale of build activity, organisational restructure including substantial workforce change together with operating cost reductions and process efficiency.
4.12 For the ‘reports on the entity’ requirement non-compliance was identified for the 2019–20 annual report. The annual report omitted reference to a key report during the period. The 2019–20 annual report should have referred to the Auditor-General Report No. 15 of 2019–20 National Broadband Network Fixed Line Migration – Service Continuity and Complaints Management.
4.13 For the ‘exclusion of information’ requirement each annual report identified that this requirement was ‘not applicable’. The change in approach to corporate plans from 2021–22 resulted in insufficient details on financial and operational targets being included in public corporate plans. As a result NBN Co did not compare actual results in annual reports to corporate plans and targets and this should have been noted as an exclusion of information. This requirement was assessed as ‘not compliant’ for the relevant years.
Public reporting
4.14 The Shareholder Information Deed identifies a range of reports which are to be made public on the NBN Co website including reports to list the progress of the rollout based on the number of premises ‘ready to connect’, the services ‘activated’ and those ‘yet to ready to connect’, and maps and zones in which key initiatives are being implemented. The website includes this information and also includes audited annual financial reports and half year reports. Reporting information on NBN Co activities is found on the website under ‘about us’ in ‘corporate reports’ and ‘monthly progress report (customer experience)’. The website also provides a ‘debt investor overview’ section which provides an overview of NBN Co’s debt portfolio including domestic and global capital market issuances, credit ratings, liquidity position, debt maturity profile and access to financial results and sustainability reports.
Has NBN Co effectively adapted its approach to transition to reflect performance and outcomes?
NBN Co has demonstrated that its activities and performance expectations have adapted over time to reflect transition performance and outcomes. NBN Co does not have a single framework or approach for capturing, considering and monitoring the implementation of lessons learnt.
4.15 Effective approaches for capturing lessons learnt and implementing change to transition plans and strategies are those that not only consider analysis of information for an individual matter examined but assess broader information on the performance and outcomes of the entity, programs and processes. Effective adaption of approaches to transition should occur on a timely basis and be appropriately approved through the governance structure.
4.16 As described in paragraphs 2.18 to 2.26, between July 2020 and February 2021 NBN Co considered the progressive performance and outcomes of its strategies relevant to transition through the monitoring of a Continuous Transformation Plan. Between March 2022 and February 2023 the transition was monitored by the board primarily through performance monitoring of the integrated operating plans. From February 2023 the board received both performance monitoring information related to the integrated operating plan, and detailed risk assessments and strategy progress and outcome information from management for each of the 12 outcomes outlined in the integrated operating plans. The papers prepared on each outcome included information on key challenges and opportunities, roadmaps for achievement (up to three years), competition and external factors, metrics and progress to date. This included information on progress of key activities and how these were being adapted to meet expectations.
4.17 Performance measures and metrics included in the integrated operating plans changed for each year of the transition. The strategies and key outcomes did not change. For example, the six strategies and twelve key outcomes of the company for 2023–26 and 2024–27 did not change. The change in expected performance was reflected in the detailed performance targets.
4.18 NBN Co does not have a single framework or approach for capturing and considering ‘lessons learnt’ that is broadly applied across the business. Individual business units and teams are responsible for performing these reviews as required and implementing iterative continuous improvements. For example, the ‘Enterprise Simplicity’ program is a multi-year program to modernise information technology across NBN Co to deliver more efficient, effective and customer-friendly systems. Oversight of this program of work by the board is through reporting on one of the 12 key outcomes.
4.19 As the organisation matures in the ‘operating phase’, the lack of an enterprise-wide framework or overarching governance arrangements for lessons learnt may impact on the transparency and accountability of the identification and implementation of lessons learnt and their company-wide impact.
Appendices
Appendix 1 Entity response
Appendix 2 Improvements observed by the ANAO
1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of ANAO audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.
2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s Corporate Plan states that the ANAO’ s annual performance statements will provide a narrative that will consider, amongst other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.
3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:
- strengthening governance arrangements;
- introducing or revising policies, strategies, guidelines or administrative processes; and
- initiating reviews or investigations.
4. In this context, the below actions were observed by the ANAO during the course of the audit. It is not clear whether these actions and/or the timing of these actions were planned in response to the proposed or actual audit activity. The ANAO has not sought to obtain assurance over the source of these actions or whether they have been appropriately implemented.
- A confidential version of the Corporate Plan 2024–27 provided to shareholder ministers (December 2023) (Table 2.1).
- Board charter reviewed and updated (December 2023) (paragraph 3.6).
- Board skills matrix reviewed (December 2023) (paragraph 3.10).
- Board committee charters reviewed and updated (December 2023) (paragraphs 3.14 to 3.25).
- Report provided to the board about how the audit and risk committee had discharged its responsibilities (December 2023) (paragraph 3.21).
- Enterprise risk and resilience policy approved by the board (December 2023) (paragraph 3.28).
- Quarterly progress report provided to shareholder ministers by the board chair (November 2023) (Table 3.3).
- Fraud and corruption control plan approved by the audit and risk committee (November 2023) (paragraph 3.49).
- Enterprise compliance management policy approved by the audit and risk committee (November 2023) (paragraph 3.55).
Footnotes
1 GBEs which are Commonwealth companies are: ASC Pty Ltd, Australian Naval Infrastructure Pty Ltd, Australian Rail Track Corporation Limited, National Intermodal Corporation Limited, NBN Co Limited, Snowy Hydro Limited and WSA Co Ltd, available from https://www.finance.gov.au/government/government-business-enterprises [accessed 24 February 2024].
2 Finance law means the Public Governance, Performance and Accountability Act 2013 (PGPA Act), or the rules (for example, the Public Governance, Performance and Accountability Rule 2014) made pursuant to the PGPA Act, or any instrument made under the PGPA Act, or an Appropriation Act.
3 At 30 June 2023 the outstanding balance of the loan with the Commonwealth was $5.5 billion.
4 Since 2011 the Australian Government has committed $51.4 billion to NBN Co.
5 GBEs which are Commonwealth companies are: ASC Pty Ltd, Australian Naval Infrastructure Pty Ltd, Australian Rail Track Corporation Limited, National Intermodal Corporation Limited, NBN Co Limited, Snowy Hydro Limited and WSA Co Ltd, available from https://www.finance.gov.au/government/government-business-enterprises [accessed 24 February 2024].
6 Department of Finance, The Role of Directors in Commonwealth Government Business Enterprises, available from https://www.finance.gov.au/government/government-business-enterprises/role-directors-commonwealth-gbes-guidelines [accessed 24 February 2024].
7 NBN Co Limited — Statement of Expectations (December 2022), p. 1, available from https://www.nbnco.com.au/content/dam/nbn/documents/about-nbn/policies/statement-of-expectations-2022.pdf.coredownload.pdf [accessed 28 February 2024].
8 NBN Co Limited — Statement of Expectations (December 2022), p. 1, available from https://www.nbnco.com.au/content/dam/nbn/documents/about-nbn/policies/statement-of-expectations-2022.pdf.coredownload.pdf [accessed 28 February 2024].
9 Finance law means the Public Governance, Performance and Accountability Act 2013 (PGPA Act), or the rules (for example, the Public Governance, Performance and Accountability Rule 2014) made pursuant to the PGPA Act, or any instrument made under the PGPA Act, or an Appropriation Act.
10 The chair was previously a non-executive director of NBN Co effective from December 2019.
11 Declaration that the NBN should be treated as built and fully operational, available from https://www.infrastructure.gov.au/sites/default/files/declaration-that-the-nbn-should-be-treated-as-built-and-fully-operational.pdf [accessed 20 February 2024].
12 Since 2011 the Australian Government has committed $51.4 billion to NBN Co.
13 Subsection 95(3) of the Public Governance, Performance and Accountability Act 2013, available from www.legislation.gov.au/Details/C2017C00269 [accessed 30 November 2023].
14 Subsection 27(A)(3) of the Public Governance, Performance and Accountability Rule 2014, available from www.legislation.gov.au/Details/F2023C00895 [accessed 30 November 2023].
15 Department of Finance, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, paragraphs 3.9 to 3.11, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
16 The PGPA Act and PGPA Rule requirements, along with mandatory Department of Finance guidance is summarised in Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, Part 3 – Planning and Reporting, p. 13–20, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
17 During the audit, NBN Co management provided the ANAO with information that mapped the strategies and performance metrics included in corporate plans. This information was not included in documents provided to the shareholder ministers, shareholder departments or the public to assist them in understanding how NBN Co purposes would be achieved and measured.
18 In addition to the 77 performance metrics identified in the confidential corporate plan, NBN Co identified eight performance metrics in the public corporate plan. Overall, for the 2024–27 corporate plans, there were 85 metrics provided to shareholder ministers to hold NBN Co accountable for achievement of its purposes.
19 Other Commonwealth company government business enterprise’s corporate plans/statements of corporate intent are much shorter than NBN Co’s corporate plan, ranging from 13 to 42 pages for 2023–24.
20 The confidential corporate plan comprised: a letter from the chair and the chief executive officer (21 pages); NBN Co Limited’s Corporate Plan 2023–24 – Supplementary Material (87 pages); approved Integrated Operating Plan 2024–2027 (13 pages) and the Capital Management Strategy (7 pages).
21 The Executive Committee is chaired by the chief executive officer and comprises the executive of NBN Co. The executives are: chief financial officer, chief operating officer, chief people and culture officer, chief corporate affairs officer, chief information officer, chief development officer, regional and remote, chief engineering officer, chief strategy and transformation officer, chief legal and regulatory officer and chief customer officer.
22 Also referred to by NBN Co management as ‘material business risks’.
23 At 30 June 2023 the outstanding balance of the loan with the Commonwealth was $5.5 billion.
24 The Financing Committee comprises three non-executive directors. At 30 June 2023 the committee members were Kate McKenzie (chair), Nerida Caesar and Andrew Dix.
25 Department of Finance, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, paragraph 1.8, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
26 ibid. paragraph 1.9.
27 RAG assessments refer to ‘Red, Amber, Green’ traffic light reporting.
28 Department of Finance, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, paragraph 3.12, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
29 Finance law means the Public Governance, Performance and Accountability Act 2013 (PGPA Act), or the rules (for example, the Public Governance, Performance and Accountability Rule 2014) made pursuant to the PGPA Act, or any instrument made under the PGPA Act, or an Appropriation Act.
30 Department of Finance, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, paragraph 2.21, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
31 Section 16 of the Public Governance, Performance and Accountability Act 2013, available from https://www.legislation.gov.au/C2013A00123/latest/text [accessed 30 November 2023].
32 Department of Finance, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, paragraph 4.14, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
33 Material business risks are not defined in the policy, but are frequently referred to as strategic risks.
34 The committee noted a new maturity assessment model rating scale was being used to bring the assessment in line with relevant Commonwealth risk management maturity models.
35 Department of Finance, Commonwealth Risk Management Policy, January 2023, Element 6, available from https://www.finance.gov.au/government/comcover/risk-services/management/commonwealth-risk-management-policy [accessed 12 February 2024].
36 Department of Finance, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, paragraph 4.17 and Table 3a, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
37 ibid., paragraph 3.12.
38 On 10 November 2023, the quarterly report for September 2023 was provided to shareholder ministers by the chair of NBN Co as required by RMG 126 – GBE Guidelines.
39 The November 2023 policy no longer includes the concept of ‘material’ consequences to the entity.
40 Individual domain assessment results were not included in the paper.
41 RACI: Responsible, Accountable, Consulted and Informed.
42 Department of Finance, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, paragraph 3.25, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
43 Department of Finance, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, paragraph 3.12, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
44 Subsequent amendments to the Shareholder Information Deed in March 2020, November 2020 and April 2022 updated the parties to the agreement to be the Commonwealth of Australia as shareholder to be represented by both the Department of Infrastructure, Transport, Regional Development and Communications and the Department of Finance.
45 Department of Finance, Resource Management Guide No. 126: Commonwealth Government Business Enterprises – Governance and Oversight Guidelines, January 2018, paragraph 3.16, available from https://www.finance.gov.au/sites/default/files/2019-12/commonwealth-gbe-governance-and-oversight-guidelines-rmg126.pdf [accessed 30 November 2023].
46 ibid., paragraphs 3.16 to 3.19.
47 ibid., paragraph 1.7.