Audit snapshot

Why did we do this audit?

  • It is essential that financial regulators uphold high probity standards, to strengthen the legitimacy and integrity of the regulator and support the objectives of the regulatory scheme.
  • This is one of a series of three performance audits which continues the ANAO’s examination of probity management in Commonwealth entities.
  • The audit provides the Parliament with independent assurance regarding probity management at the Australian Competition and Consumer Commission (ACCC).

Key facts

  • The ACCC is an independent statutory authority established under the Competition and Consumer Act 2010 and promotes competition, fair trading, protection of consumers rights and product safety for consumers, businesses and the Australian community.
  • The ACCC shares staff and resources with the Australian Energy Regulator (AER), an independent statutory body responsible for regulating Australia's energy market.

What did we find?

  • Probity management at the Australian Competition and Consumer Commission (ACCC) has been partly effective, however there are a number of initiatives underway to strengthen internal arrangements.
  • The ACCC had arrangements mostly structured to manage the probity risks.
  • The ACCC is developing a framework and arrangements to monitor the effectiveness of internal controls and compliance with probity requirements.
  • The ACCC fully or largely complied with most of the probity related requirements examined in this audit.

What did we recommend?

  • The Auditor-General made five recommendations relating to: trading in financial instruments; compliance with the Protective Security Policy Framework; approval arrangements for corporate credit card expenditure of statutory officers; and arrangements for gifts, benefits and hospitality.
  • The ACCC agreed to the recommendations.

1406

employees as at 30 June 2022.

7

ACCC Commissioners.

5

AER Board members.

1

person (the ACCC Chair) is the Accountable Authority.

Summary and recommendations

Background

1. The Organisation for Economic Co-operation and Development (OECD) has observed that:

Regulation is a key tool for achieving the social, economic and environmental policy objectives of governments that cannot be effectively addressed through voluntary arrangements and other means. Governments have a broad range of regulatory powers reflecting the complex and diverse needs of their citizens, communities and economy.

Regulators are entities authorised by statute to use legal tools to achieve policy objectives, imposing obligations or burdens through functions such as licencing, permitting, accrediting, approvals, inspection and enforcement. Often they will use other complementary tools, such as information campaigns, to achieve the policy objectives, but it is the exercise of control through legal powers that makes the integrity of their decision-making processes, and thus their governance, very important.1

2. The OECD has further observed that:

Strong governance strengthens the legitimacy and integrity of the regulator, supporting the high level policy objectives of the regulatory scheme and will lead to better outcomes.2

3. The OECD has identified two broad aspects of governance relevant to regulators:

  • external governance (looking out from the regulator) – the roles, relationships and distribution of powers and responsibilities between the legislature, the minister, the ministry, the judiciary, the regulator’s governing body and regulated entities; and
  • internal governance (looking into the regulator) – the regulator’s organisational structures, standards of behaviour and roles and responsibilities, compliance and accountability measures, oversight of business processes, financial reporting and performance management.3

4. The Australian Government’s overarching governance framework for public entities, including its regulatory agencies, is established by the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the supporting Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

5. The PGPA Act contains general duties for entity accountable authorities and officials which are relevant to probity and ethics.4 These duties are not restricted to resource management functions, as the PGPA Act regulates entity governance, performance and accountability more broadly. The general duties establish an overarching framework for probity and ethical behaviour applying to the officials of PGPA Act entities.

6. Further specific probity and ethical requirements may apply to entity personnel, including requirements established by the Parliament in the regulator’s enabling legislation, other applicable laws and policy frameworks, and the internal policies and frameworks put in place by the entity’s accountable authority.

Rationale for undertaking the audit

7. It is essential that financial regulators uphold high probity standards, to strengthen the legitimacy and integrity of the regulator and support the objectives of the regulatory scheme.

8. This is one of a series of three performance audits which continues the ANAO’s examination of probity management in Commonwealth entities and provides independent assurance to the Parliament. It builds on Auditor-General Report No. 21 2019–20 Probity Management in Rural Research and Development Corporations, which assessed the effectiveness of five rural research and development corporations’ management of probity.

9. This series of audits focuses on probity management in entities with a role in financial regulation activities. These are the:

  • Australian Competition and Consumer Commission (ACCC);
  • Australian Prudential Regulation Authority (APRA); and
  • Australian Securities and Investments Commission (ASIC).

Audit objective and criteria

10. The audit objective was to assess the effectiveness of the ACCC’s probity management.

11. To form a conclusion against the objective, the ANAO adopted the following high-level criteria.

  • Does the ACCC have arrangements structured to manage selected probity risks and promote compliance with requirements?
  • Has the ACCC established monitoring and reporting arrangements to provide assurance on the effectiveness of internal controls and compliance with probity requirements?
  • Has the ACCC complied with probity requirements?

12. The ANAO reviewed a selection of probity risks requiring management by Australian Government entities, including a number of specific risks requiring management by entities involved in financial regulation activities. The risks selected for review related to:

  • code of conduct;
  • the management of conflict of interest;
  • the management of key regulatory risks (such as regulatory capture risk and financial trading);
  • the management of senior executive remuneration;
  • probity in procurement;
  • the oversight of corporate credit card expenditure;
  • the management of gifts, benefits and hospitality;
  • the identification and management of fraud risks; and
  • the management of public interest disclosures.

13. The ANAO’s review focused on the period July 2020–November 2022 and where relevant, included key subsequent events up to and including February 2023. The ANAO did not examine specific investigations into ACCC personnel or review the ACCC’s corporate governance arrangements.5

Conclusion

14. Probity management at the Australian Competition and Consumer Commission (ACCC) has been partly effective, however there are a number of initiatives underway to strengthen internal arrangements.

15. The ACCC has arrangements mostly structured to manage the probity risks selected for ANAO review and arrangements to promote compliance with requirements. There is scope to clarify the application of several probity related requirements in the code of conduct for ACCC Commissioners and Australian Energy Regulator (AER) Board members. There is also scope to improve the effectiveness of ACCC policies for managing risk relating to: perceived conflicts of interest; information security; positional authority; and gifts, benefits and hospitality.

16. The ACCC is developing a framework and arrangements for monitoring the effectiveness of internal controls and compliance with probity requirements, and for providing assurance to the accountable authority in relation to probity. The scope of this monitoring has been limited, with a small number of internal audits undertaken. The ACCC has established a compliance team and as of early 2023, was developing a compliance framework and undertaking a procurement process for software to facilitate centralised management and reporting of compliance incidents. The ACCC does not have an entity-wide framework for following up on instances of non-compliance.

17. The ACCC fully or largely complied with most of the probity related requirements examined in this audit.

18. The ACCC is developing a framework for following up on instances of non-compliance. There is no evidence of instances of non-compliance identified in the context of this audit being addressed in accordance with ACCC requirements for: procurement; and gifts, benefits and hospitality.

Supporting findings

Arrangements to manage probity risks and promote compliance with requirements

19. The ACCC has developed a code of conduct for ACCC Commissioners and AER Board members which details probity requirements. In the code, several probity related requirements applying to ACCC Commissioners do not explicitly extend to AER Board members.

20. The ACCC has identified key probity risks relating to: conflict of interest; senior executive remuneration; information security; trading in financial instruments; procurement; corporate credit card expenditure; gifts, benefits and hospitality; fraud; and public interest disclosures. The ACCC has not explicitly identified regulatory capture as a probity risk to be managed.

21. For the period examined in this audit, the ACCC had policies, procedures and arrangements to manage the identified risks.

22. There is scope to improve the effectiveness of ACCC policies for managing risks relating to: perceived conflicts of interest; sensitive information; positional authority; and gifts, benefits and hospitality.

  • The arrangements relating to ACCC Commissioners and AER Board members trading in relevant financial instruments are not as strong as those for ACCC employees, for whom prior approval (via the granting of an exemption) is required to undertake trading in financial instruments in situations where there may be a real or perceived conflict of interest.
  • Internal practices for managing sensitive information are not always consistent with the Australian Government’s Protective Security Policy Framework (PSPF) and the ACCC’s internal ‘Guidance on security classification 2019’. The management of sensitive committee papers is not always consistent with the ‘need to know’ principle, and documents containing sensitive information (including committee papers) do not always contain appropriate protective markings.
  • The ACCC Chief Executive Officer (CEO) reviews and approves credit card expenses as part of the acquittal process for the ACCC Chair and Commissioners, and the AER CEO approves credit card expenses as part of the acquittal process for the AER Chair and AER Board members. Positional authority risk would be reduced by amending arrangements requiring subordinate officials to approve the expenses of senior statutory officers.
  • ACCC employees are not required to declare and record the receipt of gifts, benefits and hospitality valued under $50. Recording all instances of gifts, benefits and hospitality received by ACCC personnel, regardless of value, would improve transparency and assist in providing additional assurance that the intent of the ACCC’s policy is realised.
  • There is an emphasis in ACCC guidance on identifying the benefit to the ACCC above managing perceived conflicts of interest, including where hospitality is provided by suppliers. Further, the ACCC’s process for declaring gifts, benefits and hospitality does not require recipients to document in the gifts, benefits and hospitality register their assessment of whether accepting an offer represents a real or perceived conflict of interest, and how any identified perceived conflicts are to be managed. (See paragraphs 2.3 to 2.173)

23. The ACCC was in the process, as at February 2023, of establishing a framework for the design and review of its policies. For the selected probity risks, there was evidence of most relevant policies being reviewed and updated during the period examined in this audit. (See paragraphs 2.174 to 2.178)

24. For the selected probity risks, the ACCC has informed its personnel of probity requirements. The ACCC has adopted a combination of: training; making information on policies, procedures and arrangements easily accessible on its intranet; and messaging from senior officials to reinforce knowledge of probity requirements and promote compliance.

25. There is limited reliance on refresher training or centralised monitoring and reporting of training completion rates, to mitigate enterprise-level integrity risks and provide assurance regarding the achievement of training goals. (See paragraphs 2.179 to 2.194)

Monitoring, reporting and assurance

26. The ACCC is developing a framework for monitoring the effectiveness of internal controls and providing assurance to the accountable authority in relation to probity. The scope of this monitoring activity had been limited, with a small number of internal audits undertaken. The Chair of the ACCC Audit and Risk Committee wrote to the ACCC accountable authority in 2019, 2020 and 2021 encouraging the ACCC to consider the adequacy of the internal audit budget. The ACCC began to expand its internal audit coverage in 2022. In May 2022 the ACCC undertook an entity-wide assessment of selected internal controls, including those related to a number of the key probity risks considered in this audit. (See paragraphs 3.3 to 3.22)

27. The ACCC has established a compliance team and undertakes regular monitoring of compliance with annual conflict of interest declaration requirements and completion of mandatory security awareness training. As of March 2023, the ACCC was developing an entity-wide compliance framework and planning for the procurement of software to facilitate centralised compliance management and reporting of compliance incidents. (See paragraphs 3.23 to 3.27)

28. The ACCC does not have an entity-wide framework for following up on instances of non-compliance, and the policies reviewed in this audit typically did not include details of the consequences for non-compliance. (See paragraphs 3.28 to 3.35)

Compliance with requirements

29. For the periods reviewed by the ANAO, the ACCC undertook its internal assurance processes under which relevant personnel made conflict of interest declarations or self-assessments. The results for these processes were reported to senior management committees. The ACCC Chair signed a letter to the Treasurer advising on the Chair’s pecuniary interests as required under the Competition and Consumer Act 2010 in June 2022. The letter was sent to the Treasurer in May 2023.

30. ACCC personnel complied with requirements relating to senior executive remuneration and corporate credit cards.

31. ACCC personnel were largely compliant with requirements relating to gifts, benefits and hospitality.

32. The ACCC’s procurement policies and guidance require officials to comply with the Commonwealth Procurement Rules (CPRs). The ACCC’s procurement policies and guidance do not outline any further specific requirements for the management of probity related risks. For the 10 high-value procurements reviewed by the ANAO there was documented consideration of probity in five of the procurements.

33. Restrictions on ACCC employees relating to trading in financial instruments were not captured in any ACCC policies until 25 November 2022, and were therefore not subject to ANAO testing as part of this audit.

34. As the ACCC does not require any attestation or completion of training on an annual basis that is centrally reported, the ANAO did not review compliance with requirements in relation to the code of conduct. (See paragraphs 4.3 to 4.46)

35. As of March 2023, the ACCC was in the process of developing an entity-wide framework for following up on instances of non-compliance. There is no evidence of instances of non-compliance identified in the context of this audit being addressed in accordance with the ACCC’s requirements relating to: procurement; and gifts, benefits and hospitality. (See paragraphs 4.47 to 4.54)

Recommendations

Recommendation no. 1

Paragraph 2.56

The Australian Competition and Consumer Commission establish a requirement for ACCC Commissioners and AER Board members to obtain approval prior to trading in relevant financial instruments. There should also be specific arrangements for approval of trading in relevant financial instruments by the ACCC Chair.

Australian Competition and Consumer Commission response: Agreed.

Recommendation no. 2

Paragraph 2.70

The Australian Competition and Consumer Commission ensure that, consistent with the Australian Government’s Protective Security Policy Framework (PSPF):

  1. sensitive committee papers are only made available on a need to know basis; and
  2. documents containing sensitive information (including committee papers) contain appropriate protective markings consistent with PSPF requirements and the ACCC’s internal ‘Guidance on security classification 2019’.

Australian Competition and Consumer Commission response: Agreed.

Recommendation no. 3

Paragraph 2.112

The Australian Competition and Consumer Commission address positional authority risk relating to the approval of ACCC Commissioner and AER Board member expenses by requiring that:

  1. expenditure made by or on behalf of the ACCC or AER Chair be approved by a deputy or other ACCC Commissioner or AER Board member; and
  2. expenditure made by or on behalf of ACCC Commissioners or AER Board members (other than the Chairs) be approved by the ACCC or AER Chair.

Australian Competition and Consumer Commission response: Agreed.

Recommendation no. 4

Paragraph 2.138

The Australian Competition and Consumer Commission require that all accepted offers of gifts, benefits and hospitality be recorded in its human resources software system.

Australian Competition and Consumer Commission response: Agreed.

Recommendation no. 5

Paragraph 2.152

The Australian Competition and Consumer Commission strengthen its gifts, benefits and hospitality arrangements by requiring the recipients of offers of gifts, benefits or hospitality to record in the ACCC’s internal register whether accepting the gift, benefit or hospitality represents a real or perceived conflict of interest and document the basis for their decision.

Australian Competition and Consumer Commission response: Agreed.

Summary of Australian Competition and Consumer Commission response

36. The proposed audit report was provided to the ACCC. The ACCC provided the summary response below. The full response from the ACCC is provided at Appendix 1. The improvements observed by the ANAO during the course of this audit are at Appendix 2.

The Australian Competition and Consumer Commission including the Australian Energy Regulator (together, ACCC) welcomes the ANAO’s audit and findings.

A strong probity management and governance framework supports our regulatory functions, and therefore supports our respective objectives of making markets work for consumers and making energy consumers better off—now and in the future.

The ACCC has agreed to all of the recommendations in the ANAO’s report. The ACCC agrees that implementation of the recommendations will clarify existing policies, enhance internal governance, and strengthen our management of probity risks.

The ACCC is committed to continuous improvement in all aspects of our work including management of probity risks. The ACCC notes the ANAO’s identified opportunities for improvement and agrees that implementation of those measures will further enhance the agency’s probity management.

Key messages from this audit for all Australian Government entities

This audit is one of a series of probity management audits that apply a standard methodology to probity management in financial regulators. The three entities included in the ANAO’s 2022–23 probity management in financial regulators series are the:

  • Australian Competition and Consumer Commission (ACCC);
  • Australian Prudential Regulation Authority (APRA); and
  • Australian Securities and Investments Commission (ASIC).

Key messages from the ANAO’s series of probity management audits will be outlined in an Audit Insights product available on the ANAO website.

1. Background

Introduction

Government regulators

1.1 The Organisation for Economic Co-operation and Development (OECD) has observed that:

Regulation is a key tool for achieving the social, economic and environmental policy objectives of governments that cannot be effectively addressed through voluntary arrangements and other means. Governments have a broad range of regulatory powers reflecting the complex and diverse needs of their citizens, communities and economy.

Regulators are entities authorised by statute to use legal tools to achieve policy objectives, imposing obligations or burdens through functions such as licencing, permitting, accrediting, approvals, inspection and enforcement. Often they will use other complementary tools, such as information campaigns, to achieve the policy objectives, but it is the exercise of control through legal powers that makes the integrity of their decision-making processes, and thus their governance, very important.6

Regulator governance

1.2 The OECD has further observed that:

Strong governance strengthens the legitimacy and integrity of the regulator, supporting the high level policy objectives of the regulatory scheme and will lead to better outcomes.7

1.3 The OECD has identified two broad aspects of governance relevant to regulators:

  • external governance (looking out from the regulator) – the roles, relationships and distribution of powers and responsibilities between the legislature, the minister, the ministry, the judiciary, the regulator’s governing body and regulated entities; and
  • internal governance (looking into the regulator) – the regulator’s organisational structures, standards of behaviour and roles and responsibilities, compliance and accountability measures, oversight of business processes, financial reporting and performance management.8

1.4 The OECD has described these components of external and internal governance as the ‘different building blocks that make up the governance architecture of regulators’.9

Duties of Australian Government officials

1.5 The Australian Government’s overarching governance framework for public entities, including its regulatory agencies, is established by the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the supporting Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).

1.6 The PGPA Act contains general duties for entity accountable authorities and officials which are relevant to probity and ethics.10 These duties are not restricted to resource management functions, as the objects of the PGPA Act (and its overview section) make clear that the Act is concerned with entity governance, performance and accountability more broadly (see Box 1 below).

Box 1: Objects and overview of the Public Governance, Performance and Accountability Act 2013 (PGPA Act)

Objects of the PGPA Act (section 5)

The objects of this Act are:

(a) to establish a coherent system of governance and accountability across Commonwealth entities; and

(b) to establish a performance framework across Commonwealth entities; and

(c) to require the Commonwealth and Commonwealth entities:

(i) to meet high standards of governance, performance and accountability; and

(ii) to provide meaningful information to the Parliament and the public; and

(iii) to use and manage public resources properly; and

(iv) to work cooperatively with others to achieve common objectives, where practicable; and

(d) to require Commonwealth companies to meet high standards of governance, performance and accountability.

Overview of the PGPA Act (section 6)

This Act is mainly about the governance, performance and accountability of Commonwealth entities.

It is also about:

  • the use and management of public resources by the Commonwealth and Commonwealth entities; and
  • the accountability of Commonwealth companies.

1.7 The requirements of the PGPA Act and PGPA Rule, including the general duties of entity officials, may extend to persons who are not entity employees (such as contractors) if they are considered to be entity officials under the Act. Contract provisions may also extend PGPA Act and PGPA Rule requirements (and elements of the Public Service Act 1999 (PS Act), discussed below) to persons who are not entity employees.11

1.8 As at 6 March 2023 there were 189 PGPA Act entities and companies.12 The duties of entity accountable authorities and officials under the PGPA Act are summarised in Box 2 below.

Box 2: General duties of accountable authorities and officials

General duties of accountable authorities (extracts)

Section 15 — Duty to govern the Commonwealth entity

(1) The accountable authority of a Commonwealth entity must govern the entity in a way that:

(a) promotes the proper use and management of public resources for which the authority is responsible; and

(b) promotes the achievement of the purposes of the entity; and

(c) promotes the financial sustainability of the entity.

Note: Section 21 (which is about the application of government policy) affects how this duty applies to accountable authorities of non-corporate Commonwealth entities.

(2) In making decisions for the purposes of subsection (1), the accountable authority must take into account the effect of those decisions on public resources generally.

General duties of officials (extracts)

Section 25 — Duty of care and diligence

(1) An official of a Commonwealth entity must exercise his or her powers, perform his or her functions and discharge his or her duties with the degree of care and diligence that a reasonable person would exercise if the person:

(a) were an official of a Commonwealth entity in the Commonwealth entity’s circumstances; and

(b) occupied the position held by, and had the same responsibilities within the Commonwealth entity as, the official.

(2) The rules may prescribe circumstances in which the requirements of subsection (1) are taken to be met.

Section 26 — Duty to act honestly, in good faith and for a proper purpose

An official of a Commonwealth entity must exercise his or her powers, perform his or her functions and discharge his or her duties honestly, in good faith and for a proper purpose.

Section 27 — Duty in relation to use of position

An official of a Commonwealth entity must not improperly use his or her position:

(a) to gain, or seek to gain, a benefit or an advantage for himself or herself or any other person; or

(b) to cause, or seek to cause, detriment to the entity, the Commonwealth or any other person.

Section 28 — Duty in relation to use of information

A person who obtains information because they are an official of a Commonwealth entity must not improperly use the information:

(a) to gain, or seek to gain, a benefit or an advantage for himself or herself or any other person; or

(b) to cause, or seek to cause, detriment to the Commonwealth entity, the Commonwealth or any other person.

Section 29 — Duty to disclose interests

(1) An official of a Commonwealth entity who has a material personal interest that relates to the affairs of the entity must disclose details of the interest.

(2) The rules may do the following:

(a) prescribe circumstances in which subsection (1) does not apply;

(b) prescribe how and when an interest must be disclosed;

(c) prescribe the consequences of disclosing an interest (for example, that the official must not participate at a meeting about a matter or vote on the matter).

Probity

1.9 Taken together, the general duties establish an overarching framework for probity and ethical behaviour applying to the officials of PGPA Act entities.

1.10 The Australian Government Department of Finance (Finance), which administers the PGPA Act and PGPA Rule and is the framework policy owner, has not included a general definition of probity in its PGPA Glossary.13 Finance has, however, adopted the following definition of probity in the procurement context:

Probity is the evidence of ethical behaviour, and can be defined as complete and confirmed integrity, uprightness and honesty in a particular process.14

1.11 While intended to inform those involved in procurement activity, this definition of probity is sufficiently robust to describe the general expectation applying to Australian Government activity more broadly, including regulatory activity.

1.12 The specific probity and ethical requirements applying to the personnel of an Australian Government entity will depend on what type of entity it is, the legislation applying to it, the government policies and frameworks applying to it, and the internal policies and frameworks it has put in place. In summary.

  • Whether the entity is a non-corporate Commonwealth entity or a corporate Commonwealth entity15 under the PGPA Act, will determine which elements of the framework established by the PGPA Act and PGPA Rule will apply to the entity. In particular, entity type will affect whether certain activity-specific frameworks apply to an entity.
    • Activity-specific frameworks can establish ethical and probity requirements specific to the activity they regulate, and cover grants administration16, government procurement17, government advertising18, protective security19, appearing before the Parliament20, liaising with lobbyists21, caretaker conventions22, risk management23 and fraud control.24 These frameworks will generally specify which types of entities they cover and may also place specific obligations on the accountable authority, such as to promote an internal culture supportive of the purposes of the framework.25
  • Entities established under legislation are statutory bodies and will also be subject to the requirements of that legislation. The entity’s enabling legislation may include specific ethical obligations applying to the accountable authority and/or entity staff. Individual statutory offices are also established through legislation, which may include ethical requirements.
  • Other applicable legislation may place further ethical and probity requirements on the entity. Examples include anti-corruption legislation26 and corporations law requirements. As at 6 March 2023, there were 17 Commonwealth controlled companies subject to the Corporations Act 2001.
  • If the entity is subject to the PS Act27, additional ethical and probity requirements apply to Australian Public Service (APS) employees, including the APS Values and APS Code of Conduct.28
    • Section 10 of the PS Act sets out the APS Values. Subsection 10(2), ‘Ethical’, states that ‘The APS demonstrates leadership, is trustworthy, and acts with integrity, in all that it does.’ The APS Commissioner’s Directions (31 January 2022) made under the PS Act elaborate on the APS Values. Section 14 of the Directions sets out requirements to be met to uphold the ‘Ethical’ value, ‘having regard to an individual’s duties and responsibilities’. The requirements include: ‘acting in a way that models and promotes the highest standard of ethical behaviour’, ‘complying with all relevant laws, appropriate professional standards and the APS Code of Conduct’ and ‘acting in a way that is right and proper, as well as technically and legally correct or preferable’. Section 12 of the PS Act provides that an APS Agency Head ‘must uphold and promote the APS Values and APS Employment Principles’.
    • Australian Public Service Commission (APSC) guidance highlights that integrity covers several different and overlapping aspects that relate to conduct and how APS employees work individually and collectively. Integrity includes: compliance with legislative frameworks, policies and practices, and ensures standards for integrity are being met; a values-based approach that promotes ethical decision-making; institutional integrity, where organisational systems, policies and practices are purposeful, legitimate and trustworthy; and a pro-integrity culture, in which there is a positive, conscious effort to make integrity a central consideration of all activities.29
    • A number of specific probity requirements apply to APS Senior Executive Service (SES) employees and/or APS agency heads.30 These include the declaration of interests31 and the declaration of gifts, benefits and hospitality.32
  • Entity-specific frameworks include an entity’s internal policies and guidance in respect of implementing applicable laws and frameworks. Examples include Accountable Authority Instructions (AAIs) made under the PGPA Act33, and internal integrity frameworks. Entity-specific frameworks may sometimes establish higher expectations than the minimum standards established by whole-of-government policy owners such as Finance. Professional codes and standards may also apply to entity personnel working in certain sectors or roles. The need for such codes and standards may be specified in legislation applying to the entity.

The accountable authority’s role in promoting probity

1.13 As discussed in paragraph 1.6, the PGPA Act places a number of duties on an entity’s accountable authority. As discussed in paragraph 1.12, other applicable frameworks will also place obligations on entity leaders, such as the promotion of an appropriate culture. The ANAO has previously observed that in order to fulfil its governing role in relation to probity, the accountable authority would be expected to set out roles and reporting within the entity, approve and review probity policies, ensure it is informed about the entity’s activities, act on information promptly, and take an active role when working with management.34

The Australian Competition and Consumer Commission

1.14 The Australian Competition and Consumer Commission (ACCC) is an independent statutory authority. It was established under and administers the Competition and Consumer Act 2010 (CCA) and other legislation. According to the 2022–23 ACCC and Australian Energy Regulator (AER) Corporate Plan:

The primary responsibilities of the ACCC are to enforce compliance with the competition, consumer protection, fair trading and product safety provisions of the … (CCA), regulate national infrastructure and undertake market studies.35

1.15 The ACCC is a non-corporate Commonwealth entity for the purposes of the PGPA Act. It is one of three entities that have body corporate status but are prescribed in their enabling legislation as non-corporate Commonwealth entities.36 Like most non-corporate Commonwealth entities, the ACCC engages employees under the PS Act.

1.16 The ACCC is comprised of a Chairperson and six other members appointed by the Governor-General on the nomination of the Treasurer. The CCA also establishes the AER as a separate statutory authority with decision-making powers exercised separately to those exercised by members of the ACCC.37 The five members of the AER are collectively referred to as the AER Board. For the purposes of the finance law the AER is part of the ACCC, and the ACCC Chairperson is the accountable authority under the PGPA Act. Under section 44AAC of the CCA, the Chairperson of the ACCC is required to make employees available to assist the AER Board exercise its functions. Under section 8A of the CCA, appointed associated members are involved in deciding matters before the Commission.38 Under section 8AB of the CCA, AER Board members are taken to be Associate Members of the ACCC for the purposes of the PGPA Act and certain sections of the CCA.39

1.17 The ACCC reflects the functional difference between the ACCC and AER in its organisational structure, with a separate AER Chief Executive Officer (CEO) who oversees organisational units dedicated to assisting the AER Board exercise its statutory functions.40 The ACCC also presents many of its corporate documents, including its Corporate Plan and Annual Report, with branding of both the ACCC and AER.

1.18 In this audit the ANAO has considered the ACCC and AER as a single entity and has referred to the entity as the ‘ACCC’ except where particular consideration is required in relation to the AER Board acting pursuant to its specific statutory functions.

Oversight arrangements

1.19 The ACCC is subject to a range of oversight arrangements. These include the Australian Commission for Law Enforcement Integrity (ACLEI).41 The ACCC came under ACLEI’s jurisdiction on 1 January 2021.42

1.20 In recent years the House of Representatives Standing Committee on Economics has also undertaken inquiries into the ACCC and its operations.43

Rationale for undertaking the audit

1.21 It is essential that financial regulators uphold high probity standards, to strengthen the legitimacy and integrity of the regulator and support the objectives of the regulatory scheme.

1.22 This is one of a series of three performance audits which continues the ANAO‘s examination of probity management in Commonwealth entities and provides independent assurance to the Parliament. It builds on Auditor-General Report No. 21 2019–20 Probity Management in Rural Research and Development Corporations, which assessed the effectiveness of five rural research and development corporations’ management of probity.

1.23 This series of audits focuses on probity management in entities with a role in financial regulation activities. These are the:

  • Australian Competition and Consumer Commission (ACCC);
  • Australian Prudential Regulation Authority (APRA); and
  • Australian Securities and Investments Commission (ASIC).

Audit approach

Audit objective, criteria and scope

1.24 The audit objective was to assess the effectiveness of the ACCC’s probity management.

1.25 To form a conclusion against the objective, the ANAO adopted the following high level criteria:

  • Does the ACCC have arrangements structured to manage selected probity risks and promote compliance with requirements?
  • Has the ACCC established monitoring and reporting arrangements to provide assurance on the effectiveness of internal controls and compliance with probity requirements?
  • Has the ACCC complied with probity requirements?

1.26 The audit scope was the period July 2020–November 2022 and where relevant, included key subsequent events up to and including February 2023. The ANAO did not examine specific investigations into ACCC personnel or review the ACCC’s corporate governance arrangements.44

Probity risks examined in this audit

1.27 The ANAO reviewed a selection of probity risks requiring management by Australian Government entities, including a number of specific risks requiring management by entities involved in financial regulation activities. The risks selected for review related to:

  • the code of conduct;
  • the management of conflict of interest;
  • the management of key regulatory risks (such as regulatory capture risk and financial trading);
  • the management of senior executive remuneration;
  • probity in procurement;
  • the oversight of corporate credit card expenditure;
  • the management of gifts, benefits and hospitality;
  • the identification and management of fraud risks; and
  • the management of public interest disclosures.

1.28 In this audit report the ACCC and AER are considered as a single entity, the ‘ACCC’, except where particular consideration is required in relation to the AER Board acting pursuant to its specific statutory functions.

Audit methodology

1.29 The audit methodology included reviewing entity documentation and meeting with entity personnel.

1.30 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $389,000.

1.31 The team members for this audit were Grace Guilfoyle, James Sheeran, Jo Rattray-Wood, Alexandra McFadyen and Michelle Page.

1.32 The ANAO has co-operative evidence gathering arrangements in operation with entities. On 9 May 2022, the ACCC advised the ANAO that it was unable to voluntarily provide certain information requested by the ANAO due to legislative restrictions on the disclosure of the requested information. On 22 June 2022 the Auditor-General issued the ACCC with a notice to provide information and produce documents pursuant to section 32 of the Auditor-General Act 1997. The ACCC provided the information and documents requested within the specified time, following receipt of the notice.

2. Arrangements to manage probity risks and promote compliance with requirements

Areas examined

This chapter examines whether the Australian Competition and Consumer Commission (ACCC) has arrangements structured to manage selected probity risks and promote compliance with requirements. The selected risks relate to: code of conduct; conflict of interest; key regulatory functions; senior executive remuneration; procurement; corporate credit card expenditure; gifts, benefits and hospitality; fraud; and public interest disclosures. The period examined in this audit was July 2020–November 2022 and where relevant, key subsequent events up to and including February 2023.

Conclusion

The ACCC has arrangements mostly structured to manage the probity risks selected for ANAO review and arrangements to promote compliance with requirements. There is scope to clarify the application of several probity related requirements in the code of conduct for ACCC Commissioners and Australian Energy Regulator (AER) Board members. There is also scope to improve the effectiveness of ACCC policies for managing risk relating to: perceived conflicts of interest; information security; positional authority; and gifts, benefits and hospitality.

Areas for improvement

The ANAO made five recommendations. These are aimed at: strengthening probity arrangements relating to trading in relevant financial instruments; improved compliance with the Protective Security Policy Framework (PSPF); managing positional authority risk regarding approval arrangements for corporate credit card expenditure by ACCC Commissioners and AER Board members; requiring all accepted offers of gifts, benefits and hospitality to be recorded in the human resources software system; and strengthening internal policies regarding the acceptance and recording of gifts, benefits and hospitality.

The ANAO also identified eight opportunities for improvement in relation to: the code of conduct requirements relating to AER Board members; the inclusion of references to regulatory capture risk and its management in the ACCC’s corporate plan; improving consistency in the identification and management of probity risks in procurement; reconciling contradictory statements and including clear guiding principles in internal guidance relating to gifts, benefits and hospitality; aligning internal timing requirements for the declaration of gifts, benefits and hospitality; strengthening guidance in relation to the acceptance of gifts, benefits and hospitality from suppliers; refresher training in managing integrity risks; and the monitoring and reporting of training completion rates.

2.1 An entity’s accountable authority and management are responsible for establishing and promoting a culture of ethical behaviour within the entity. Identifying key probity risks and establishing, maintaining and promoting policies, procedures and arrangements to manage those risks helps ensure probity risks are being effectively managed in accordance with relevant requirements and consistent with community expectations.

2.2 This chapter examines whether the ACCC has:

  • identified key probity risks and developed policies, procedures and arrangements to manage the identified risks;
  • ensured policies and procedures are maintained; and
  • effectively informed relevant people of probity related requirements, to promote compliance.

Has the ACCC identified key probity risks and developed policies, procedures and arrangements to manage the identified risks?

The ACCC has developed a code of conduct for ACCC Commissioners and AER Board members which details probity requirements. In the code, several probity related requirements applying to ACCC Commissioners do not explicitly extend to AER Board members.

The ACCC has identified key probity risks relating to: conflict of interest; senior executive remuneration; information security; trading in financial instruments; procurement; corporate credit card expenditure; gifts, benefits and hospitality; fraud; and public interest disclosures. The ACCC has not explicitly identified regulatory capture as a probity risk to be managed.

For the period examined in this audit, the ACCC had policies, procedures and arrangements to manage the identified risks.

There is scope to improve the effectiveness of ACCC policies for managing risks relating to: perceived conflicts of interest; sensitive information; positional authority; and gifts, benefits and hospitality.

  • The arrangements relating to ACCC Commissioners and AER Board members trading in relevant financial instruments are not as strong as those for ACCC employees, for whom prior approval (via the granting of an exemption) is required to undertake trading in financial instruments in situations where there may be a real or perceived conflict of interest.
  • Internal practices for managing sensitive information are not always consistent with the Australian Government’s Protective Security Policy Framework (PSPF) and the ACCC’s internal ‘Guidance on security classification 2019’. The management of sensitive committee papers is not always consistent with the ‘need to know’ principle, and documents containing sensitive information (including committee papers) do not always contain appropriate protective markings.
  • The ACCC Chief Executive Officer (CEO) reviews and approves credit card expenses as part of the acquittal process for the ACCC Chair and Commissioners, and the AER CEO approves credit card expenses as part of the acquittal process for the AER Chair and AER Board members. Positional authority risk would be reduced by amending arrangements requiring subordinate officials to approve the expenses of senior statutory officers.
  • ACCC employees are not required to declare and record the receipt of gifts, benefits and hospitality valued under $50. Recording all instances of gifts, benefits and hospitality received by ACCC personnel, regardless of value, would improve transparency and assist in providing additional assurance that the intent of the ACCC’s policy is realised.
  • There is an emphasis in ACCC guidance on identifying the benefit to the ACCC above managing perceived conflicts of interest, including where hospitality is provided by suppliers. Further, the ACCC’s process for declaring gifts, benefits and hospitality does not require recipients to document in the gifts, benefits and hospitality register their assessment of whether accepting an offer represents a real or perceived conflict of interest, and how any identified perceived conflicts are to be managed.

Code of conduct

2.3 ACCC employees are engaged under the Public Service Act 1999 (PS Act) and are subject to the Australian Public Service (APS) Code of Conduct set out in section 13 of the PS Act. The Australian Public Service Commission (APSC) has stated that:

Employees of the Australian Public Service (APS) occupy a position of trust. They are entrusted by the Government and the community to undertake important work on their behalf. With this trust comes a high level of responsibility which should be matched by the highest standards of ethical behaviour from each APS employee … The conduct of public servants, both inside and outside the workplace, can have implications for the confidence the community has in the administration of an agency or the APS as a whole.45

2.4 The ACCC also has a Code of Conduct for Commission Members and Associate Members (Members’ Code of Conduct). The Members’ Code of Conduct states that it ‘applies to all members of the Commission, including the Chair, Deputy Chairs, members and Associate Members.’46 During the period examined for this audit, there were two versions of the Members’ Code of Conduct: one dated December 2019, which was replaced by one dated August 2022. Both versions of the Members’ Code of Conduct state that:

This Code is intended to assist members of the Commission to understand key obligations in relation to their conduct that arise from statutory and non-statutory sources, and to help members to identify situations where these obligations apply and the steps they should take to meet these obligations.

2.5 The Members’ Code of Conduct identifies expectations in a range of areas relevant to probity, including:

  • conflicts of interest;
  • proper behaviour;
  • acceptance of gifts and hospitality;
  • contact with interest groups;
  • confidentiality;
  • decision-making; and
  • post-appointment arrangements.

2.6 The ACCC advised the ANAO that ‘the AER relies on the [Members’] Code of Conduct for all AER Board members, who are also Associate Members of the Commission.’47 The ANAO’s review indicates that the Members’ Code of Conduct refers to AER Board members only in the context of them being Associate Members of the ACCC, and does not explicitly reference their AER function.

2.7 Some requirements set out in the Members’ Code of Conduct apply to ACCC Commissioners only, with no equivalent arrangement outlined for AER Board members. These include:

  • guidance on members trading in shares (this is discussed further in paragraphs 2.46 to 2.60)48;
  • paid outside employment49;
  • reporting ‘relevant interests’50; and
  • arrangements for current members who commence discussions with potential employers for the period after their term expires.51

2.8 The 2019 Members’ Code of Conduct explicitly detailed the conflict of interest requirements established under the Competition and Consumer Act 2010 (CCA) for ACCC Commissioners. However, requirements specific to AER Board members, that are also contained in the CCA, were not mentioned.52 This information was not included in the subsequent, 2022 Members’ Code of Conduct.

2.9 The ACCC further advised the ANAO that the ACCC’s gifts, benefits and hospitality policy also applies to AER Board members. The ANAO’s review indicates that while the Members’ Code of Conduct refers to gifts, benefits and hospitality53:

  • the gifts, benefits and hospitality policy does not explicitly state that it applies to AER Board members; and
  • available advice on the applicability of the ACCC’s gifts, benefits and hospitality policy to AER Board members is not clear.

2.10 There would be benefit in clarifying and as necessary incorporating specific AER requirements in the Code of Conduct for Commission Members and Associate Members, for the benefit of the members and in the interests of transparency.

Opportunity for improvement

2.11 There is an opportunity to clarify and document requirements for AER Board members in relation to the Code of Conduct for Commission Members and Associate Members, for the benefit of the members and in the interests of transparency.

Conflict of interest

2.12 The ACCC has identified conflict of interest as a key probity risk and developed policies, procedures and arrangements to manage the identified risks. w

2.13 The ACCC’s November 2022 Enterprise Risk Register includes the risk that:

Serious findings of a lack of integrity by staff or statutory appointees (for instance as a result of fraud, corruption or other impropriety), or inadequate compliance and assurance systems, damages the agency’s reputation as an effective regulator with the Australian Government and other key stakeholders, resulting in reduced funding and/or responsibilities, and reduced credibility as a regulator.

2.14 The November 2022 Enterprise Risk Register listed ‘Conflict of interest processes’ as a key control for managing these risks. ACCC divisions identify risks in their divisional business plans, some of which include specific identification of risks related to conflict of interest.54

2.15 As referenced in Box 2 in Chapter 1 of this audit, section 29 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) establishes a duty to disclose interests and requires officials of Commonwealth entities who have a material personal interest that relates to the affairs of the entity to disclose the details of the interest. The CCA also establishes requirements around disclosure and management of conflicts of interest for the ACCC Chair and ACCC Commissioners55, as well as the AER Board Chair and AER Board members.56 As discussed in paragraph 2.3, ACCC employees are subject to the APS Code of Conduct found in section 13 of the PS Act. The Code states that:

An APS employee must:

(a) take reasonable steps to avoid any conflict of interest (real or apparent) in connection with the employee’s APS employment; and

(b) disclose details of any material personal interest of the employee in connection with the employee’s APS employment.

2.16 To support the management of risks related to conflict of interest, the ACCC has developed a conflict of interest policy for ACCC employees. Conflict of interest requirements for ACCC Commissioners and AER Board members are included in the Members’ Code of Conduct, discussed in paragraphs 2.4 to 2.11.

Requirements for ACCC employees

2.17 The ACCC had two versions of its conflict of interest policy during the period reviewed for this audit. The first was dated June 2016 and was replaced by an update dated November 2022. Both versions apply ‘to all ongoing and non-ongoing employees, including SES [Senior Executive Service]’ and state that:

The Conflict of Interest Policy aims to mitigate two strategic risks …

  • failure of governance processes around decision-making
  • damage to reputation and being seen as an ineffective regulator.

2.18 The 2016 and 2022 conflict of interest policies address various obligations under the PGPA Act and PS Act. The conflict of interest policies also address:

  • the importance of appropriately managing conflict of interest to avoid damaging the reputation of the ACCC and APS;
  • what constitutes an actual, potential or perceived conflict of interest;
  • how to identify or avoid conflicts of interest;
  • when and how conflicts are to be disclosed for non-SES and SES employees; and
  • obligations of employees and managers.

2.19 The ACCC has established separate processes for identifying and managing conflicts of interest for its SES and non-SES employees. Non-SES employees are required to complete a conflict of interest self-assessment within one month of commencing with the ACCC and thereafter at least once each financial year or if the employee has a change in circumstances that might give rise to new conflicts of interest.57 Where the self-assessment results in the identification of a ‘real, perceived or potential conflict of interest’, non-SES employees are required to complete a disclosure form, which includes details of the conflict and a plan for managing it.

2.20 In respect to SES employees, the 2022 conflict of interest policy states that:

SES employees are required to make a declaration of their material personal interests in connection with their employment at the ACCC. The declaration must also include a management plan developed between the SES and their immediate manager to address any conflicts which arise from the declaration of interests. All entities in whish [sic] shares are held and the number of shares held must be included in the declaration.

2.21 The 2022 conflict of interest policy also states that SES ‘Sign-offs can be escalated where appropriate, for example, where an EGM [Executive General Manager] considers that there are particular issues that should be brought to the CEO’s attention.’58

2.22 A review of the ACCC’s framework for managing SES employees’ conflicts of interest was conducted in 2021. This review found 13 areas for improvement and considered that the underlying cause of multiple areas for improvement was the platform the ACCC used to manage conflict of interest.59 The review determined that the digital system used by the ACCC was not fit-for-purpose.60

2.23 The ACCC identified four areas for improvement that were not dependent on a system infrastructure upgrade being completed.61 The ACCC advised the ANAO that: ‘The Executive Management Board noted the project update and provided in-principle support for the conflict of interest project to progress with the development an ICT project brief for the Data, Information and Security Committee’s consideration with other projects’.

Requirements for contractors

2.24 Both the 2016 and 2022 conflict of interest policies, which were in place during the period reviewed for this audit, state the following about requirements for contractors:

2.4 The conflict of interest issues concerning contractors who act on behalf of the ACCC are managed through the contractual terms of their engagement.

2.5 Managers of contractors need to consider the nature of the contractor’s role when determining how to address the risks posed by conflict of interest. The more a role involves engagement in decision making such as recommendations concerning legal or regulatory or procurement matters the greater need there is for a formal conflict of interest declaration to be provided by the contractor.

2.25 ACCC intranet content states that:

Conflict of interest issues for people engaged under a contract to supply services to the ACCC/AER are managed through the contractual terms of their engagement. The contractor’s manager will advise the contractor of disclosure requirements.

When a disclosure is required, the contractor should use the Conflict of Interest form … available in Aurion [the ACCC’s human resources system].

Requirements for ACCC Commissioners and AER Board members

2.26 As noted in paragraph 2.5, conflict of interest requirements for ACCC Commissioners and AER Board members are included in the Members’ Code of Conduct, which was discussed in paragraphs 2.4 to 2.8. The Members’ Code of Conduct states that: ‘Members should always perform their official duties without fear or favour, and regardless of any expectation that they (or persons associated with them) will benefit or suffer as a consequence.’ It also states that:

Conflicts of interest can take a variety of forms. An actual conflict of interest occurs where a member’s interest in fact compromises, influences or affects the proper performance of their official duties. A perceived conflict of interest occurs where a member’s interest gives rise to a reasonable apprehension of bias in relation to the proper performance of their official duties — even if the member would not in fact be biased. However, perceived conflicts do not arise where the interest is so insignificant that no reasonable person would think that it would give rise to bias or affect the proper performance of duties. For example, where a member’s pecuniary interest is trivial and so could not reasonably be thought to affect their performance, it is unlikely that a perceived conflict of interest would arise.

2.27 The Members’ Code of Conduct also:

  • addresses the legislative basis of conflict of interest requirements62;
  • provides examples of potential conflicts of interest; and
  • sets out processes for disclosing interests (ACCC Commissioners only).63

2.28 As discussed, for the period examined for this audit, there were two versions of the Members’ Code of Conduct. The first was dated December 2019 and was replaced by the version dated August 2022. Both versions included a requirement for Commissioners to inform the Chair on an annual basis of their interests. The 2019 Members’ Code of Conduct included instructions for members and templates for various declarations. In the 2019 Members’ Code of Conduct the template for the ‘Commission member statement of private interests (financial, non-financial and personal)’ requested details relating to shareholdings, real estate; trusts and nominee companies; directorships in companies; partnerships; investments; other assets; other substantial sources of income; gifts; sponsored travel; hospitality; and liabilities. The 2022 Members’ Code of Conduct did not contain the instructions or templates. The ACCC provided the ANAO with a ‘Declaration of Private Interests Form’. The ACCC advised the ANAO in February 2023 that the form is provided to Commissioners as part of onboarding.

2.29 In September 2020 the ACCC identified that officers with responsibility for distributing agendas and meeting papers for Commission committees did not have access to sufficient information that would allow them to prevent Commissioners from receiving information relating to individuals or businesses with whom the Commissioners had an identified conflict. To address this issue, in November 2022, the ACCC provided its Executive General Managers and certain legal and Executive Office officers64 with access to a ‘Commissioner conflict of interest disclosure register’. These officers were advised that:

Your access has been provided on the basis you will in certain circumstances need to consult the register – for example when seeking decisions from Commissioners – to assist in the process of ensuring Commissioners who have made a disclosure and are recused do not participate in decision making. The primary obligation is on Commissioners to avoid participation in matters for which they are recused but having access to this register will assist you in supporting this practice.

2.30 In addition to the requirements for all Commissioners, under section 17 of the CCA, the ACCC Chair ‘must give written notice to the Minister of all pecuniary interests that the Chairperson has or acquires in any business carried on in Australia or in any body corporate carrying out such business.’ Internal compliance with the ACCC’s conflict of interest declaration requirements is discussed in Chapter 4 of this report in paragraphs 4.4 to 4.9.

Key entity-wide risks relating to regulatory activities

2.31 The ANAO examined whether the ACCC had identified regulatory capture risk and other key risks relating to its regulatory activities and established policies, procedures and arrangements to effectively manage those risks. The audit scope focussed on entity-wide policies, procedures and arrangements and not those that only applied to certain specific roles or activities.

2.32 The ACCC has not explicitly identified regulatory capture risk as a risk to be managed in its enterprise risk register. The ACCC had identified risks relating to trading in financial instruments and information security. Policies, procedures and arrangements relating to probity management in regulatory activities could be improved.

Regulatory capture risk

2.33 Maintaining independence is crucial for regulators to effectively perform their function. The 2019 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (the Hayne Royal Commission) stated that ‘the risk of regulatory capture is well acknowledged’.65 The Parliamentary Joint Committee on Corporations and Financial Services, in its 2019 report on Statutory Oversight of the Australian Securities and Investments Commission, the Takeovers Panel and the Corporations Legislation, stated that:

The committee considers that regulatory capture is a significant issue faced by Australian regulators generally, given the size and power of corporations that operate in Australia.66

2.34 The committee defined regulatory capture as:

instances where regulators are excessively influenced or effectively controlled by the industry they are supposed to be regulating. There are three areas in which particular risks arise for regulatory capture:

  • staff moving between industry and regulatory jobs;
  • secondments; and
  • where regulatory staff are embedded in private sector organisations (that is, required to conduct their work within the workplace of industry participants, away from their home base at the regulator).67

2.35 In relation to the issues raised in paragraph 2.34, the ACCC advised the ANAO that:

Staff movements between industry and regulatory jobs does occur from time to time, which is managed through existing probity controls including the conflict of interest declaration process and exclusion of relevant staff from matters that give rise or may be perceived to give rise to a conflict of interest.

Secondments to and from the ACCC are typically in relation to government agencies or overseas competition or consumer regulators. Secondments to industry and staff being embedded in private sector organisations occur very rarely, if ever, within the ACCC. These would be governed by the Paid and Unpaid Other Employment Policy, and have been previously considered by the agency.68

2.36 The need to maintain independence is reflected in the ACCC Statement of Expectations, and a reference to the ACCC being an independent Commonwealth statutory authority is included in the ‘ACCC Statement of Intent — Telecommunications-related functions’ published on the ACCC website.69 No mention is made in either regarding the risk of regulatory capture.

2.37 The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule)70 sets out requirements with which entities must comply in relation to their corporate plans. This includes that corporate plans include ‘a summary of the risk oversight and management systems of the entity, and the key risks that the entity will manage and how those risks will be managed’.71 The ACCC and AER Corporate Plan 2022–23 provides a description of the ACCC’s and AER’s key risks. It identifies ‘Serious findings of a lack of integrity, inadequate compliance and assurance systems damage the agency’s reputation as an effective regulator’ as a key risk72, but does not reference the risk of regulatory capture. It also references the ACCC values, including ‘independent’ and ‘trustworthy’.73 As noted in paragraphs 2.3 and 2.4, ACCC employees are subject to the APS Code of Conduct and Commission Members and Associate Members are subject to the Members’ Code of Conduct. These set out the standards of behaviour expected of ACCC employees and Commissioners. This includes the highest standards of ethical behaviour from each APS employee and Commissioners to act honestly, in good faith and for a proper purpose.

2.38 The ACCC’s Enterprise Risk Register includes a more expansive version of the risk articulated in the ACCC and AER Corporate Plan 2022–23. It identifies the risk of:

Serious findings of a lack of integrity by staff or statutory appointees (for instance as a result of fraud, corruption or other impropriety), or inadequate compliance and assurance systems, damages the agency’s reputation as an effective regulator with the Australian Government and other key stakeholders, resulting in reduced funding and/or responsibilities, and reduced credibility as a regulator.74

2.39 The Enterprise Risk Register (September 2022) provides further information related to this risk, and states that:

the agency’s reputation is critical to its ongoing effectiveness as a regulator. Reputation within the business community and the legal profession is critical for incentivising compliance with the laws the agency administers and enforces. Reputation with other regulators is also important for facilitating cooperation when tackling shared challenges. Lastly, reputation with the public at large, Government and broader public service is critical to maintaining and/or extending agency funding, without which incentives for compliance would diminish.

A particular way in which the agency’s credibility can be adversely impacted is through findings or outcomes that staff and/or statutory appointees have engaged in conduct that involves corruption, fraud, impropriety or that otherwise calls into question the agency’s integrity and trustworthiness. Examples include misappropriation or misapplication of public funds; cronyism and nepotism; significant conflicts of interest (especially if undeclared). Such conduct may be either intentional or inadvertent. The agency’s credibility can also be adversely impacted through findings or outcomes that the agency does not have appropriately robust systems to ensure integrity in our processes. Vigilance, focus, ongoing investment of time and resources is therefore needed to protect the agency’s reputation.

2.40 Nine key controls are identified for this risk. The ACCC advised the ANAO that five of these would mitigate regulatory capture risk: procurement approval processes; conflict of interest processes; recruitment processes (including a requirement for an independent member on all panels); the internal audit program; and establishing an integrity unit. The ACCC also advised the ANAO of the following ‘Protections against regulatory capture’:

  • the ACCC’s function as an economy-wide regulator; and
  • its structure under which decision-making powers are generally limited to statutory appointees.

2.41 On the first point, the ACCC advised the ANAO in June 2022 that:

the agency has a very wide remit and in many instances operates as an ‘economy-wide’ regulator. Many of the agency’s core activities are not sector-specific: e.g., competition and consumer investigations and enforcement; merger assessments; competition exemptions; product safety etc. This work is also highly transactional such that when one project is finished, the staff and managers involved move onto the next, often in a different sector of the economy, and involving different stakeholders. Even where functions do have a sectoral focus, the stakeholder group is highly diverse, such as in respect of the agency’s infrastructure regulatory functions and the AER. The separation of decision-makers and staff is again relevant as a safeguard. Further, the agency’s regulatory model is very clearly focused around compliance, enforcement and deterrence, and the agency has a strong record of using its powers to achieve these outcomes, including via litigation. This is distinct from other models where the regulator may be more closely involved with stakeholders (e.g., co-regulatory) or seeking outcomes via consensus or cooperation.

Each of these factors mitigate the risk factors usually associated with regulatory capture.

2.42 On the second point, the ACCC advised the ANAO that:

The agency has limited delegations for any substantive aspects of its subject-matter or functional activities. Formal powers and functions are typically exercised by the relevant decision-making authority, be that the Commission, the Board and/or their respective Chairs. Where functional delegations exist, they generally relate to minor, routine or procedural matters, such as where delegations would assist with the efficient functioning of the agency. Core decision-making responsibilities therefore remain with the relevant statutorily–appointed authority.

2.43 The ANAO did not assess whether the identified risks relating to regulatory capture were effectively managed by the ACCC.75

2.44 In summary, the ACCC has not explicitly identified regulatory capture, as a risk to be managed, in its enterprise risk register or other relevant documentation. The Parliamentary Joint Committee on Corporations and Financial Services has identified regulatory capture as a significant issue faced by Australian regulators. Given the significance of the risk, there would be benefit in the ACCC addressing regulatory capture risk and its management, in the entity corporate plan.

Opportunity for improvement

2.45 There is an opportunity for the Australian Competition and Consumer Commission to consider including references to regulatory capture risk and how it is managed in the entity corporate plan.

Restrictions on trading in financial instruments

2.46 In addition to general conflict of interest risk (discussed in paragraphs 2.12 to 2.30), the ACCC has identified a specific entity-wide risk relating to ACCC officials inappropriately gaining financial advantage due to their role at the ACCC.

Employees

2.47 The June 2016 Conflict of Interest Policy stated that:

To avoid situations of conflict of interest, ACCC employees must … not use information obtained in the course of official duties to gain an advantage for themselves or for any other person e.g. using information to buy or sell shares.

2.48 Advice on this risk was made available on the ACCC’s intranet, including the following:

an APS employee who buys or sells shares while in possession of commercially sensitive information may have a real or perceived conflict of interest and may have breached the APS Code of Conduct by making improper use of inside information to gain, or seek to gain, a benefit or an advantage for them self [sic] or anyone else. If so, their employment could be terminated and/or they could be subject to other penalties …

Employees should be aware that some of the information they receive and can access in the course of their duties:

may not be generally available and would reasonably be expected to have a material effect on the price or value of a financial product if it was generally known, and/or

may be commercially sensitive.

Employees must not trade in shares or other financial products, or induce others to do so, while in possession of such information. It is the responsibility of each employee to form a judgment as to whether the information they possess in the course of their APS employment would be considered inside or commercially sensitive information. If unsure, you should discuss this with your Director or SES.

2.49 The ACCC updated its conflict of interest policy in November 2022 to include a section on ‘improper use of information — share trading’. The policy outlines the obligations of ACCC employees76 regarding insider trading, including that:

All ACCC employees must:

(a) scrupulously observe the prohibitions on insider trading and tipping contained in Division 3 of Part 7.10 of the Corporations Act 2001;

(b) use reasonable endeavours to avoid situations where it might reasonably appear that they have not complied with those prohibitions or have made improper use of information obtained in the course of their employment with the ACCC; and

(c) not trade where there is, or it may reasonably appear there is, a conflict between their role and responsibilities at ACCC and their trading activities.

2.50 The 2022 conflict of interest policy further states that:

To ensure that we avoid situations in which employees are at risk of failing to comply with these legal obligations, the following prohibitions also apply to share trading by ACCC employees:

(a) SES must not trade in any securities related to a current ACCC matter under assessment, investigation or market study in which they are actually or potentially a decision maker.

(b) Employees must not trade in any securities related to a current ACCC matter under assessment, investigation or market study they are or have been involved in.

(c) Employees must not trade in any securities related to a current ACCC matter under assessment, investigation or market study about which they have had access to confidential information, for example by accessing Commission or Committee papers, by attending meetings at which the matter is discussed in detail or by informal discussions with colleagues.

(d) Changes in shareholdings and other material personal interests should be updated in Aurion [the ACCC’s human resources system] during the year, as well as during the annual conflict of interest declaration.

2.51 Under the conflict of interest policy, the ACCC CEO may grant an exemption to the restrictions on trading in financial instruments in ‘exceptional circumstances … after consultation with the relevant SES manager, ACCC General Counsel and Deputy General Counsel, Corporate’.77

ACCC Commissioners and AER Board members

2.52 The 2019 Members’ Code of Conduct provided the following guidance regarding shareholdings by ACCC Commissioners:

Full-time members should normally avoid holding shares directly. If a full-time member proposes to hold shares directly, they should consult the Chair and exercise careful personal judgement in respect of such transactions to ensure that any financial dealings do not raise an actual or perceived conflict with the functions of that member.

2.53 As noted in footnote 48, the reference to ‘full-time members’ indicates that this stipulation did not apply to AER Board members, who are Associate Members of the ACCC.78 The ACCC advised the ANAO in February 2023 that:

While the ACCC’s Members Code of Conduct does not specifically refer to AER Board members … it includes information relating to trading in financial products. AER Board members are formally covered in their capacity as Associate Commissioners and by convention have abided by the Code.

2.54 The August 2022 update to the Members’ Code of Conduct also included the requirement quoted in paragraph 2.52 and broadened advice regarding trading in shares. It now states that:

Any official who buys or sells shares while in possession of commercially sensitive information may have a real or perceived conflict of interest and may have breached their PGPA Act obligations by making improper use of inside information to gain, or seek to gain, a benefit or an advantage for themself or anyone else. If so, their appointment could be terminated and/or they could be subject to other penalties.

2.55 The arrangements relating to ACCC Commissioners and AER Board members trading in financial instruments are not as strong as those for ACCC employees, for whom prior approval (via the granting of an exemption) is required to undertake trading in financial instruments in situations where there may be a real or perceived conflict of interest (see paragraphs 2.49 to 2.51). The arrangements for ACCC Commissioners and AER Board members should be strengthened, and aligned to arrangements applying to employees, by introducing a requirement to obtain approval prior to trading in financial instruments.

Recommendation no.1

2.56 The Australian Competition and Consumer Commission establish a requirement for ACCC Commissioners and AER Board members to obtain approval prior to trading in relevant financial instruments. There should also be specific arrangements for approval of trading in relevant financial instruments by the ACCC Chair.

Australian Competition and Consumer Commission response: Agreed.

2.57 The ACCC agrees with the recommendation.

2.58 The ACCC will make necessary amendments to its existing Code of Conduct for Commission Members and Associate Members. It has been the agency's intent to implement a process requiring prior approval for trading in relevant financial instruments by the ACCC Chair and ACCC Commissioners (including Associate Members from the AER Board) to complement the existing policy for employees that was updated in 2022. This will include specific arrangements for the ACCC Chair.

2.59 The AER will establish specific arrangements that require AER Board members to obtain prior approval of trading in relevant financial instruments.

2.60 The ACCC notes that the term ‘financial instruments’ has a very broad meaning, which without further clarification would likely apply to circumstances beyond the intent of the recommendation. The ACCC therefore understands the recommendation is limited to ‘relevant’ financial instruments so the ACCC and AER respectively can identify appropriate definitions and scope to address the risks relevant to each agency.

Information security

2.61 In the course of undertaking its functions, the ACCC collects, analyses, shares and stores sensitive and confidential information.

Confidentiality project

2.62 The ACCC commenced an enterprise-wide confidentiality project in August 2019 to facilitate implementation of recommendations made by an internal legal review of confidentiality arrangements.79 One recommendation was to create a position statement on the ACCC’s risk appetite and tolerance in respect of inadvertent disclosure of confidential information. This recommendation was accepted and a position statement was endorsed by ACCC Commissioners and AER Board members in February 2020 and made available on the ACCC intranet. The confidentiality position statement said that:

Unauthorised disclosure of, or access to, confidential information is rated as one of the agency’s top six strategic risks … It has been rated as high risk with potentially major consequences if a disclosure occurs … [emphasis in original]

The risks associated with inadvertent disclosure of confidential information include:

  • serious harm to the person, organisation, or company that has provided the information
  • a significant impact on our reputation
  • undermining confidence in the agency, making it difficult for us to carry out our functions, including conducting reviews and investigations, and bringing proceedings
  • potential liability for claims including breach of contract or statutory duty.

2.63 The ACCC’s Strategic Risk Profile 2019–20 included the risk of ‘Confidentiality breach: Unauthorised release of, or access to, confidential information’, which was rated a ‘high’ risk.

2.64 The confidentiality project was closed on 31 March 2021 and the unauthorised disclosure risk was removed from the strategic risk register in October 2021. The ACCC advised the ANAO in July 2022 that:

We consider we now have largely effective controls in place to address the risk, to the point where a confidentiality breach is no longer identified as an enterprise risk. The identified controls we have in place to address these risks include, for example, that we have robust induction practices for staff in relation to handling information, and regular reminders on our intranet.

2.65 The ACCC further advised the ANAO in December 2022 that:

In 2021, the agency revised and updated its approach to managing enterprise risks, which included re-formulating its ‘Enterprise Risk Register’ and ‘Strategic Risk Profile’ so that they focused on a more targeted set of enterprise risks. This included reducing the number of enterprise risks from 24 to 8, and refocusing management of other risks to an operational/business unit level.

Consistent with this, risks relating to inadvertent disclosure of information were, and continue to be, managed at the divisional/business unit level rather than the enterprise level. This reflects that risks relating to inadvertent disclosure of information have different features in different business units.

Document access

2.66 The ANAO observed that meeting papers for several ACCC governance and management committees were accessible on the ACCC intranet. This included papers presented to the ACCC Commission and AER Board, their sub committees and associated subject-matter specific inquiry and management committees. These papers frequently included confidential information gathered in relation to entities regulated by the ACCC and AER, as well as sensitive information relating to ongoing investigations and regulatory decision-making. Examples include:

  • advice provided to support recommendations to instigate legal proceedings against regulated entities;
  • advice and recommendations regarding regulatory decision-making, including merger authorisations;
  • legal advice, including advice on the prospects of successful litigation and potential counter arguments that may be made by regulated entities; and
  • proposed penalties for entities with whom the ACCC is engaged in litigation, including the method for determining minimum terms of settlement, discounts to be provided for early settlement and details of settlement negotiations.

2.67 Regarding the accessibility of this sensitive information, the ACCC advised the ANAO that:

the agency has a longstanding culture of transparency and open access to information and knowledge sharing where appropriate. This includes but is not limited to decision making bodies in respect of meetings of the Commission, AER Board and most subject matter committees. We consider this a vital part in assisting the agency to carry out its day to day business operations and functions in the most efficient, effective and transparent manner. The transparency assists with a number of probity considerations, supports whole of agency awareness of interrelated matters, maximises benefit information utilisation, assists with avoidance of duplication and inconsistency …

Although generally meeting attendance is open to all, predominantly, it is the relevant staff that have an item on a meeting agenda that would be in attendance … Staff from the broader division relevant to the matter are often in attendance, to understand the decision-making process and strategic considerations beyond their immediate work …

Where a specific item that is to be discussed at a meeting is particularly sensitive, attendance and access to the relevant paper is closely managed by the relevant secretariat on a case by case basis, but with appropriate transparency preserved. This represents a small proportion of the Commission’s and AER’s work.

The ACCC has standard terms on which it receives information (including confidential information) from third parties such as businesses. These include that there is no restriction on the internal use of the information consistent with the agency’s statutory functions.

Protective markings in committee papers

2.68 The ACCC’s committee papers containing sensitive information typically did not display protective markings as required by the ACCC’s ‘Guidance on security classification 2019’. This guidance requires that documents that contain or cite sensitive information should be marked as ‘OFFICIAL: Sensitive’80, with an additional marking of ‘Legal privilege’ where documents contain legal advice or material otherwise protected by legal professional privilege. The guidance also states that ‘OFFICIAL: Sensitive documents must be marked’. Under the Australian Government’s Protective Security Policy Framework (PSPF), PSPF Policy 8 (relating to sensitive and classified information) states that ‘the need-to-know principle applies to all OFFICIAL: Sensitive information’.81

2.69 Committee papers available on the ACCC intranet, including those presented to the ACCC Commission or AER Board for regulatory decision-making, typically include check boxes at the beginning of the document indicating whether the document contains legally privileged or confidential information.

Recommendation no.2

2.70 The Australian Competition and Consumer Commission ensure that, consistent with the Australian Government’s Protective Security Policy Framework (PSPF):

  1. sensitive committee papers are only made available on a need to know basis; and
  2. documents containing sensitive information (including committee papers) contain appropriate protective markings consistent with PSPF requirements and the ACCC’s internal ‘Guidance on security classification 2019’.

Australian Competition and Consumer Commission response: Agreed.

2.71 The ACCC agrees with the recommendation.

2.72 The ACCC takes our obligations under the Protective Security Policy Framework seriously and has controls in place directed towards the need-to-know principle. Work is well progressed in implementing recommendations from an Information Security & Awareness internal audit (conducted in April 2022), that will assist in implementing the ANAO’s recommendation.

2.73 The ACCC will further review our existing practices and processes for restricting access to a range of information and documents and make any necessary additional changes to strengthen our information management and governance frameworks and processes. These settings will continue to recognise the importance of engagement across different teams and functions to ensure information that is relevant to others is available, while ensuring consistency with need-to-know principles.

2.74 The ACCC’s document templates will be updated to better enable protective markings to be applied.

Security report

2.75 The ACCC prepares an information security report each month.82 This report provides information on a number of security related matters including:

  • security incidents83;
  • completion of security training;
  • USB usage;
  • emails sent to external sources (and the senders, recipients and classification of the email); and
  • internet usage.

Senior executive remuneration

Entity policy

2.76 A senior executive remuneration policy contributes to the management of probity within an entity by introducing transparency in the remuneration setting process. Having the accountable authority establish and approve remuneration policies also enables the accountable authority to influence behaviour and can be an important mechanism in communicating the desired culture within the entity.

2.77 The ACCC has a Senior Executive Service (SES) remuneration and benefits policy (December 2022).84 The policy was approved by the ACCC CEO and outlines the objectives for SES renumeration and non-monetary benefits.85 The policy includes remuneration increments for each SES classification level that are aligned to percentiles (for example, APS median and ‘APS 95th percentile’) in the APS remuneration report.86 The policy outlines base salary, employer superannuation contribution and total remuneration for various increment levels within each band of the SES cohort. ACCC documentation states that:

Pay levels are influenced by a number of different factors including meeting starting salary considerations; market relativities; time in role; choices or nuances of specific arrangements with individuals … It is expected that over time as SES separate and commence, SES remuneration will become more closely aligned to the remuneration increments in the ACCC SES remuneration policy.

2.78 The policy states that it operates ‘in conjunction with the General 24.1 Determination for Senior Executive Officers which is approved by the ACCC Chair and individual 24.1 issued to each Senior Executive Officer.’87 Among other things, the General 24.1 Determination sets out how the performance of SES officers will be assessed. It also states that a ‘Senior Executive Officer’s performance will be formally reviewed at least annually’ and that ‘All performance assessments will be reviewed and moderated by the COO’.

Government policy

2.79 Probity requirements for the personnel of Australian Government entities include compliance with applicable laws and government policies.88

2.80 In recent years the Australian Government has made decisions that impacted remuneration arrangements for senior executives in Australian Government entities. On 26 March 2020, the Australian Government announced that all remuneration increases for APS Senior Executive Service (SES) or equivalent employees (senior executives) would be suspended across the Commonwealth public sector in response to the COVID-19 pandemic.89 On 25 June 2021, the Australian Public Service Commission (APSC) announced the end of the pause on all remuneration adjustments for senior executives.90 ACCC records indicate that it applied the March 2020 remuneration pause to its senior executives and there were no pay increases for the 2019–20 financial year.

2.81 In August 2021 the APSC released Performance Bonus Guidance applicable to all Commonwealth entities and companies. The guidance stated that:

Commonwealth entities and companies should exercise rigour and restraint in the use of performance bonus payments … Performance bonuses may only be used in limited circumstances, justifiable to the Parliament and the public … As a general principle, most positions should not be eligible to earn a performance bonus. For instance, performance bonuses would not be appropriate in most policy, service delivery, regulatory, or corporate roles … Commonwealth entities and companies should avoid the broad use of performance bonuses.91

2.82 ACCC documentation dated March 2021 stated that the ‘ACCC’s approach to SES remuneration is largely inconsistent with the broader APS and potentially, public expectations’.92 In March 2021, the ACCC initiated a review to update its SES employment framework. ACCC documentation states that:

This included reviewing the [section] 24.1 [PS Act] determination that specifies terms and conditions for Senior Executive Officers, as well as the SES remuneration policy.

The review sought for both:

1. Internal consistency (to bring all Senior Executive Officers onto the same terms and conditions given many longstanding SES have not had a determination reissued in several years) and

2. External consistency (to have ACCC/AER remuneration including the rolling in of performance pay aligned with the broader APS approach and values).

2.83 As part of the review, performance pay and allowances would also be incrementally rolled into base salary over the next 14 months for eligible SES.93 ACCC documentation indicates that performance pay was rolled into base salary from 1 July 2021.94 ACCC documentation states that the principles guiding the review were that changes be:

5. Cost neutral – any changes must result in a Senior Executive Officer’s total reward being the same as before the change. There cannot be any additional cost to the ACCC.

6. Consistent with the broader APS – remuneration for ACCC’s Senior Executive Officers should be consistent with the broader APS.

7. Performance oriented – align remuneration for Senior Executive Officers to ACCC/AER strategic objectives and desired leadership behaviours.

8. Contemporary – incorporate motivators other than remuneration (i.e. non-monetary benefits) to drive performance.

2.84 As part of the review, a revised general s.24 (PS Act) determination was approved by the ACCC Chair on 1 July 2021. The determination states that senior executives may request a remuneration review once in any two year period95 and that performance will be assessed in accordance with the requirements set out in the determination. The s.24 determination further states that consideration may also be given to any one or more of the following criteria:

a. market relativities

b. a change in the scope/complexity of the Senior Executive Officer’s role

c. impact on the organisation if the Senior Executive Officer were to leave the ACCC

d. cost of a replacement with equivalent skills.

2.85 In August 2021, following the lifting of the pause in June 2021, the ACCC Chair approved a 1.7 per cent across the board remuneration increase96 to all eligible senior executives, SES, and SES equivalent employees97, with the exception of the ACCC CEO.98

2.86 On 6 October 2022 the Australian Government released the Public Sector Interim Workplace Arrangements 2022, which replaced the Public Sector Workplace Relations Policy 2020. The interim arrangements operate from 1 September 2022 until 31 August 2023. They apply to APS and non-APS Australian Government entities and Members of Parliament staff. The arrangements also apply to SES and equivalent employees. The interim arrangements provide for a one-off annual remuneration increase of three per cent for Commonwealth employees.

2.87 On 2 December 2022, the ACCC CEO approved a three per cent salary increase for the SES cohort99 in line with the Australian Government’s Public Sector Workplace Relations Interim Arrangements 2022.On 13 December 2022, the ACCC Chair approved a three per cent salary increase for the ACCC CEO in accordance with the same workplace arrangements.100 Chapter 4 of this audit (paragraphs 4.14 to 4.21) provides further details.

Procurement

2.88 The ACCC has identified key probity risks related to procurement and has developed policies, procedures and arrangements to manage the identified risks.

2.89 Under the PGPA Act, the Finance Minister issues the Commonwealth Procurement Rules (CPRs) for officials to follow when performing duties in relation to procurement. The CPRs govern how entities buy goods and services and state that procurements should:

use public resources in an efficient, effective, economical and ethical manner that is not inconsistent with the policies of the Commonwealth.101

2.90 The CPRs define the terms ‘efficient’, ‘effective’, ‘economical’ and ‘ethical’, and state that:

Ethical relates to honesty, integrity, probity, diligence, fairness and consistency. Ethical behaviour identifies and manages conflicts of interests, and does not make improper use of an individual’s position.102

2.91 Under the CPRs, ethical behaviour includes:

  • recognising and dealing with actual, potential and perceived conflicts of interest;
  • dealing with potential suppliers, tenderers and suppliers equitably, including by seeking appropriate internal or external advice when probity issues arise, and not accepting inappropriate gifts or hospitality;
  • carefully considering the use of public resources; and
  • complying with all directions, including relevant entity requirements, in relation to gifts or hospitality, privacy and security.103

2.92 The ACCC’s Accountable Authority Instructions (AAIs) identify that the ACCC is required to comply with the CPRs. The section on procurement in the AAIs states that ‘Officials must disclose any current or prospective personal interest that may create a conflict of interest as soon as they become aware of the conflict.’ Guidance is also provided on the ACCC’s intranet regarding probity considerations in procurement. This includes:

  • general advice about probity in procurement104;
  • links to advice from the Department of Finance regarding probity in procurement105; and
  • a template for a procurement probity plan.

2.93 The ACCC has also developed training and briefing materials that include consideration of probity in procurement.

2.94 The ACCC’s procurement policies and guidance do not include specific operational requirements for the management of probity in procurement, including in relation to entities the ACCC regulates, or regarding entities subject to ongoing ACCC investigations or legal action.106 The ACCC advised the ANAO that a central procurement team reviews all procurements valued at $10,000 or more, with the exception of procurements of external legal services from panel arrangements.107 The ACCC further advised that:

Approaches for assuring probity and managing probity issues in procurement are tailored to each procurement depending on the size, risk and complexity of the matter. The agency uses internal probity advisors and external probity advisor[s] as required. The central procurement team with support from the Corporate Law Unit will appoint a probity advisor for complex, high risk procurements. Procurement plans, probity plans, conflict of interest declarations, evaluation plans and evaluation reports are required for complex and high risk procurements and completed as required for transactional or routine procurements.

2.95 In November 2021 the ACCC commissioned a review of 41 procurements undertaken in its Consumer Data Right (CDR) Division.108 The review was finalised in April 2022 and identified that:

In almost all procurements we identified that probity documentation was needed. It many cases there was no evidence of probity processes or documentation existing at all for the procurement (or we were not provided it).

2.96 The ANAO examined a sample of ACCC procurements (see paragraphs 4.22 to 4.25). The ANAO identified that probity management practices for some procurements included: members of the evaluation team providing activity-specific conflict of interest declarations; appointment of probity advisors; and/or the establishment of probity plans. Some procurements had none of these practices. The ACCC advised the ANAO in February 2023 that:

The sample of procurements that were examined by the ANAO had been assessed by the procurement team and the appropriate probity documentation and practices were completed, based on the level of risk and complexity associated with each procurement. The Commonwealth Procurement Rules require officials to maintain for each procurement a level of documentation commensurate with the scale, scope and risk of the procurement. For simple, low risk procurements, the probity practices listed above are not normally required.

2.97 The findings of the ACCC’s 2021 review of selected procurements (discussed in paragraph 2.95), and the differences in approach identified by the ANAO (discussed in paragraph 2.96), indicates that there is an opportunity for the ACCC to seek to obtain greater consistency in its identification and management of probity risks in procurement, by enhancing its internal guidance.

Opportunity for improvement

2.98 There is an opportunity for the Australian Competition and Consumer Commission to improve consistency in its identification and management of probity risks in procurement by establishing guidance that details:

  • probity management requirements applicable to all procurements; and
  • the circumstances that require additional probity management measures, and what those additional probity management measures are.

Corporate credit card expenditure

2.99 The ACCC has identified the key probity risks related to corporate credit card expenditure and developed policies, procedures and arrangements to manage most of the identified risks. Positional authority risk would be reduced by amending current arrangements for the approval of ACCC Commissioner and AER Board member expenses.

2.100 Corporate credit cards (credit cards) offer a transparent, flexible and efficient way for Australian Government officials to obtain cash109, goods or services to meet business needs. Australian Government policy requires non-corporate Commonwealth entities to pay expenses via a payment card where the payment is an eligible payment under $10,000.110 The misuse of credit cards can expose an entity to risks such as waste and fraud. Instances of misuse and weaknesses in relevant entity controls attract considerable parliamentary and public interest and can cause reputational damage to affected entities and the Australian Government.111

2.101 The ACCC issues credit cards to Commissioners and staff.112 The ANAO reviewed the ACCC’s credit card policy, procedures and arrangements to assess whether they addressed selected risks associated with the use of credit cards. In particular, the ANAO examined whether the ACCC’s policies, procedures and arrangements addressed:

  • requirements for the issue of credit cards, including specifying cardholder obligations;
  • expenditure approval requirements;
  • acquittal requirements (including timing and documentation requirements and reviewer responsibilities); and
  • requirements for the return of credit cards.

2.102 The ACCC’s AAIs outline requirements in relation to the issue, usage and security of corporate credit cards. The ACCC also has a credit card manual (Card Holder Manual January 2019) that further details various requirements in relation to credit card use. Credit card related guidance is provided on the ACCC intranet.

Requirements for the issue of credit cards including specifying cardholder obligations

2.103 The ACCC’s credit card manual sets out the application process, which includes the requirement to provide a justification, receive supervisor’s approval, and read and sign the corporate credit card cardholder agreement.113 The AAIs and credit card manual also outline some roles and responsibilities of cardholders.114 The ACCC intranet guidance sets out requirements for reconciling monthly credit card statements and disputing a credit card transaction.

Credit card expenditure limits

2.104 The ACCC credit card manual discusses transaction and monthly credit limits but does not specify particular limits. At the time of conducting audit fieldwork these parameters were set on a case by case basis.115

Expenditure approval requirements

2.105 In its credit card manual, the ACCC provides guidance for staff as to what are acceptable and unacceptable transactions. Staff are not able to approve their own credit card expenses. The ACCC has credit card approval guidance for managers which outlines how managers approve expenses and what documents the staff member incurring the expense must provide to support approval.

Approval arrangements for ACCC Commissioners

2.106 A corporate credit card holder’s expenditure is typically approved by their supervisor. For the role of the accountable authority there is a power imbalance as they do not have the equivalent of a supervisor. Previous ANAO audits have identified risks in relation to positional authority.116 In Auditor-General Report No. 33 2015–16 Defence’s Management of Credit and other Transaction Cards, the ANAO reported that for review of credit card transactions to work effectively:

the reviewer must be in a position to exercise independent judgement … this means that they cannot be in a position which would constrain unreasonably their capacity to question transactions that appear inappropriate; for example, this may be difficult for a person junior to the cardholder … (paragraph 2.42).

2.107 The 2020 Thom review of the Australian Securities and Investments Commission (ASIC) governance arrangements117 also highlighted risks related to positional authority when approving expenses for very senior personnel. The report stated that:

Clearly there are particular challenges that arise when subordinate officials are required to approve expenses for very senior statutory officers, particular for the Accountable Authority. These decisions can still be problematic, even if the approving official is very senior, for example, the CFO or COO … challenges arise for expenses that, while business expenses in nature, have sensitivities and can be subject to public scrutiny and criticism.118

2.108 Recommendation 8 of the Thom review included the following elements, to manage positional authority issues related to expense approvals.

The review recommends that ASIC should:

  • Require the Chair’s approval for the expenses of Commission members; and
  • Require a Deputy Chair’s approval for the Chair’s expenses.119

2.109 Although directed to ASIC, the recommendation highlighted a risk for statutory bodies. The process for approving credit card expenditure by the ACCC Commissioners is not documented and there are no requirements for ACCC Commissioners to obtain pre-approval for credit card expenses. The ACCC advised the ANAO that: ‘All credit cardholders have a s23 [PGPA Act] delegation to incur expenditure on their credit card up to the limit of their credit card.’ The ACCC CEO reviews and approves credit card expenses as part of the acquittal process for the ACCC Chair and Commissioners and the AER CEO approves credit card expenses as part of the acquittal process for the AER Chair and AER Board members. This approach is not consistent with that recommended by the Thom review.

2.110 Following the release of the Thom review the ACCC undertook a high level internal review of its corporate governance frameworks which considered the relevance to the ACCC of the Thom review findings and recommendations, including recommendation 8.120 The ACCC review noted that one of the weaknesses of the ACCC approvals process for Commissioner expenses was: ‘Senior SES is subordinate to the Chair (the accountable authority)’.121 The ACCC review assessed that recommendation 8 of the Thom Review was relevant to the ACCC ‘In part’, and stated that:

Commissioner expenses must be approved by the COO. Presently, consider this approach (i.e. Commissioner expenses approved by a very senior SES) appropriately reduces risks associated with subordinate approver.

However, could be benefit to test whether any refinement to process needed for larger / more sensitive expenses.

2.111 In summary, the ACCC’s approach to the management of positional authority risk remains inconsistent with that recommended by the Thom review, notwithstanding the acknowledged weaknesses with that approach. Positional authority risk should be addressed by amending current arrangements for the approval of ACCC Commissioner and AER Board member expenses.

Recommendation no.3

2.112 The Australian Competition and Consumer Commission address positional authority risk relating to the approval of ACCC Commissioner and AER Board member expenses by requiring that:

  1. expenditure made by or on behalf of the ACCC or AER Chair be approved by a deputy or other ACCC Commissioner or AER Board member; and
  2. expenditure made by or on behalf of ACCC Commissioners or AER Board members (other than the Chairs) be approved by the ACCC or AER Chair.

Australian Competition and Consumer Commission response: Agreed.

2.113 The ACCC agrees with the recommendation.

2.114 The ACCC acknowledges positional authority risk relating to the approval of ACCC Commissioner and AER Board Member expenses, which currently require CEO approval. The ACCC will seek to implement an efficient and effective process that addresses positional authority risk, likely including some senior management involvement as one of the checks and balances in this area.

2.115 The ACCC advised the ANAO in February 2023 that ‘Executive Assistants are only permitted to make purchases on behalf of ACCC Commissioners and AER Board members where prior approval is received by the relevant Senior Executive.’122 This process is not documented, however the ACCC advised the ANAO that this approval may be written or verbal and is provided by the person requesting the purchase of the goods or services.

Acquittal requirements

2.116 The ACCC has guidance on the acquittal process (titled ‘Purchase card online acquittal process January 2019’) which provides information on scanning receipts, retention of hard copy documents, and dealing with missing receipts. The ACCC credit card manual does not include guidance in relation to timeframes for acquittal. For much of the audit period, ACCC intranet guidance states that the 29th day of the month is the end of the billing period. In contrast, a Finance Branch procedure document (Credit Card Application Processing August 2021) states that ‘All acquittals should be in by the last business day of the month’. The ACCC advised the ANAO that:

The end of the billing period is 27th of each month. Cardholders are required to acquit their transactions in full by the end of the following month. All transactions are routinely acquitted and approved by the supervisor prior to month end close.

2.117 During the audit the ACCC updated its intranet guidance to clarify that the 27th of each month is the end of the billing period.

2.118 The ACCC credit card manual states that ‘If the monthly Credit Card Statement Summary is not actioned in a timely manner, or the other requirements of the credit card manual are not followed, the corporate credit card may be withdrawn.’ In relation to whether there is documented guidance outlining consequences when appropriate acquittal requirements are not met, the ACCC advised the ANAO that:

The Finance Branch has effective controls in place to ensure prompt acquittal, review and approval of credit card transactions. System reminders are sent to all card holders notifying of transactions awaiting acquittal in addition to the central administrator following up with card holders and supervisors where required. Delays in acquitting monthly transactions are escalated to the Director of Finance or the Chief Finance Officer.

2.119 The ACCC’s guidance on the acquittal process provides some guidance on requirements regarding lost receipts. The purchase card and online acquittal process guidelines state the following with regard to missing receipts:

If you do not have the receipt/tax invoice and the purchase is greater than $82.50 inclusive of GST, you should contact the supplier to obtain a duplicate tax invoice.

If a duplicate record is unavailable or no receipt was issued you will need to provide some other documentary evidence of the transaction.

Please complete the Lost Receipt Declaration Form and attach to credit card transaction (with other evidence if available).

Acquittal arrangements for ACCC Commissioners and AER Board members

2.120 The ACCC advised the ANAO that the acquittal arrangements for ACCC Commissioners and AER Board members are as follows:

Credit card transactions for members are reviewed and approved through online workflow by senior executives of the Commission, consistent with agency requirements.

The ACCC CEO reviews and approves credit card acquittals for the Accountable Authority, the ACCC Commissioners and the AER CEO.

The AER CEO reviews and approves credit card acquittals for the AER Chair and AER Board Members.

The Chief Finance Officer approves credit card acquittals for the ACCC CEO.

Requirements for the return of credit cards

2.121 The ACCC’s intranet guidance states that:

Credit cards are to be cancelled when:

  • Employment ceases
  • Employee is going on extended leave
  • Employees job role has changed & a credit card is no longer required
  • Credit card is lost or fraudulent activity is suspected
  • Another option is to request to block the card if it is temporarily misplaced.
ACCC monitoring of credit card use.

2.122 The ACCC advised the ANAO that in addition to the review of transactions by the cardholder’s supervisor, ‘The Finance Branch subsequently reviews individual transactions $82.50 GST inclusive or more for both reasonableness and GST compliance.’

2.123 The ACCC’s compliance with credit card requirements is discussed in Chapter 4 of this audit in paragraphs 4.26 to 4.33.

Gifts, benefits and hospitality

2.124 The ACCC has identified risks in relation to gifts, benefits and hospitality and has established policies, procedures and arrangements to manage the identified risks.

2.125 Section 27 of the PGPA Act states that an official must not improperly use their position to gain, or seek to gain, a benefit to themselves or another person. The giving or receiving of gifts, benefits and hospitality can create the perception that an official is subject to inappropriate external influence. Perceptions of this sort can give rise to reputational risks for public entities, including the legitimacy and integrity of regulators (discussed in paragraphs 1.2 and 1.3 of this audit report).

2.126 The ACCC is an APS agency. On 30 November 2021, the APSC released ‘Guidance for Agency Heads — Gifts and Benefits’, which states that:

Public confidence in APS agencies and the APS more broadly can be damaged when gifts and benefits that create a conflict of interest are accepted or not properly declared. The appearance of a conflict can be just as damaging to public confidence in public administration as a conflict which gives rise to a concern based on objective facts.123

2.127 A policy for giving and receiving gifts, benefits and hospitality is an important element of a robust control environment and supports ethical conduct. The effective implementation of such a policy, which generally requires accurate disclosures by entity personnel, benefits from strong cultural settings within the entity, including the example set by senior leadership (‘tone at the top’).

2.128 The ACCC’s policy on gifts, benefits and hospitality applies to ACCC officials124 and contractors. As discussed in paragraph 2.9, the ACCC advised the ANAO that the ACCC’s practice has been to apply the policy to AER Board members, although this arrangement has not been formally documented beyond including the ACCC policy on the AER website.125

2.129 The ACCC’s policy sets out seven principles, which include the following:

ACCC officials, while performing their roles, must apply the following principles in considering whether to accept any gifts, benefits and/or hospitality:

a. An ACCC official should generally seek to avoid accepting gifts unless when it would benefit the ACCC in carrying out its roles, duties and/or functions to accept a gift.

b. An ACCC official should not accept any gift, hospitality or benefit if it would result in an actual conflict of interest.

c. An ACCC official should only accept a gift, hospitality or benefit, when there may be a perceived conflict of interest, when it would benefit the ACCC in carrying out its roles, duties and/or functions.

2.130 Principle ‘c’ above describes circumstances where an official may accept a gift, hospitality or benefit notwithstanding a perceived conflict of interest. The circumstance is when acceptance would benefit the ACCC.126 This approach contradicts the following stipulation, appearing earlier in the ACCC’s policy, that acceptance should not occur where it gives rise to an actual or perceived conflict of interest:

ACCC officials should not accept any gifts, hospitality or benefits that give rise to an actual or perceived conflict of interest. A conflict may arise because acceptance (either in a particular instance or cumulatively) may influence, or be perceived to influence, the actions or decisions of ACCC officials. The ACCC’s integrity as an independent regulator must remain beyond reproach.

2.131 For the avoidance of doubt and to facilitate compliance, there is benefit in the ACCC reconciling inconsistencies relating to perceived conflicts of interest. There is also scope to strengthen the ACCC’s framework for the management of gifts, benefits and hospitality. As discussed in paragraph 2.129, the ACCC’s policy provides that ‘an ACCC official should generally seek to avoid accepting gifts’. Extending this guiding principle to benefits and hospitality would strengthen the ACCC’s framework.

Opportunity for improvement

2.132 There is an opportunity for improvement for the Australian Competition and Consumer Commission to update its gifts, benefits and hospitality policy to:

  • reconcile the conflicting requirements regarding the acceptance of a gift, hospitality or benefit when there may be a perceived conflict of interest; and
  • establish a clear guiding principle for ACCC officials regarding generally avoiding the acceptance of gifts, benefits or hospitality.

2.133 The ACCC’s policy on gifts, benefits and hospitality also outlines:

  • examples of gifts, benefits and hospitality;
  • when it is appropriate to accept gifts, benefits and hospitality;
  • declaration and approval requirements for accepting gifts, benefits and hospitality; and
  • reporting requirements, including thresholds for declaring gifts, benefits and hospitality and what will be reported publicly on the ACCC’s website.127

2.134 The ACCC supplements this policy with intranet guidance. The ACCC’s key requirements for managing gifts, benefits and hospitality are summarised in Table 2.1.

Table 2.1: The ACCC’s gifts, benefits and hospitality arrangements

Category

ACCC requirements

Definitions of gifts, benefits and hospitality

  • No specific definitions of gifts, benefits or hospitality but the policy includes several examples of each category and when it is acceptable or not to receive a gift, benefit or hospitality.

Approach to conflict of interest

  • There is contradictory advice regarding conflict of interest. Principle ‘c’ of the relevant policy describes circumstances where an official may accept a gift, hospitality or benefit notwithstanding a perceived conflict of interest. The circumstance is when acceptance would benefit the ACCC in carrying out its roles, duties and/or functions. This approach contradicts a stipulation, appearing earlier in the policy, that acceptance should not occur where it gives rise to an actual or perceived conflict of interest. Discussed in paragraphs 2.129 and 2.130.

Declaration requirements

  • ACCC Commissioners must declare all accepted gifts, benefits and hospitality. ACCC Commissioners and AER Board members do not declare gifts, benefits and hospitality in the ACCC’s human resources software system.
  • ACCC employees must declare the acceptance of gifts, benefits and hospitality valued at $50 or more and record declarations in the ACCC’s human resources software system.
  • Donations offered to a charity on behalf of the ACCC must be declared.a
  • Declarations must be made ‘as soon as practicable following an offer or receipt of the gift, benefit or hospitality’.

Approval requirements

  • ACCC Commissioners may decide whether they accept gifts, benefits and hospitality offered to them.
  • ACCC employees ‘should seek and document approval from their supervising SES officer’.

Prohibited gifts, benefits or hospitality

  • Tickets to sports events, arts events or movies.
  • Cash, shares, vouchers or cash discounts.
  • Offers made in connection with a tender or purchasing process.
  • Gifts from ACCC suppliers.b
  • Offers involving a nightclub, bar or casino.
  • Gifts or benefits that involve travel, resort or hotel accommodation other than with the express prior agreement of the delegate that approved the travel.
  • Prizes offered from a competition, door prize or lottery-style promotion.

Cultural giftsc

  • The policy states that ‘There are some situations where it is appropriate to accept a gift or benefit. This includes when refusal of the gift could cause offence, such as when the giver is from a different cultural background.’

Requirements to surrender to the ACCC

  • Consumable gifts ‘should generally be provided to the social club … to be raffled or awarded as a prize at social events’.
  • Non-consumable gifts should be surrendered to the ACCC.
  • For gifts over $50 in value ‘delegate approval under s.66 of the PGPA Act will need to be obtained for the individual to retain the gift as it is considered ‘relevant property’ owned by the Commonwealth, not the ACCC officer’.
  • When an employee makes a declaration in the register, they are required to record who used or retained the gift or benefit.

Publication of gifts, benefits and hospitality registers

  • Details of gifts, benefits and hospitality declared by ACCC Commissioners and AER Board members are published on the ACCC and AER external websites every quarter with recipient names identified.
  • Details of gifts, benefits and hospitality contained in the employee register are published on the ACCC and AER external websites every six months with recipient names not identified.
   

Note a: The policy states that a donation may be accepted if the Commissioner or supervising SES is satisfied the proposed charity is aligned with the ACCC’s values.

Note b: Suppliers include, for example, printers, stationery providers, landlords, property or fit-out agents or suppliers. Although the acceptance of gifts and benefits from suppliers is prohibited, the ACCC permits the receipt of hospitality from suppliers in some cases. The policy lists factors to be considered in determining whether to accept the hospitality.

Note c: Cultural gifts are items of cultural or sentimental value for which a monetary value is difficult to assign.

Source: ANAO analysis of ACCC documentation.

2.135 The ACCC uses a manual process for recording, collating and reviewing gifts, benefits and hospitality received by ACCC Commissioners each quarter.128 A similar process is used for AER Board members.129 ACCC employees declare their receipt of gifts, benefits and hospitality valued at $50 or higher, in a central register kept in the ACCC’s human resources system. The quarterly process used for ACCC Commissioners does not support compliance with the policy requirement to declare gifts, benefits and hospitality ‘as soon as practicable following an offer or receipt of the gift, benefit or hospitality.’ A quarterly process also introduces additional risk that matters requiring declaration could be overlooked. The process adopted for ACCC employees helps reduce this risk and supports compliance with the policy requirement to make declarations as soon as practicable. There would be benefit in aligning the declaration timeframe for ACCC Commissioners with that applying to ACCC employees.

Opportunity for improvement

2.136 There is an opportunity for improvement for the Australian Competition and Consumer Commission to align the declaration timeframe for ACCC Commissioners (currently quarterly) with that applying to ACCC employees, to facilitate the policy requirement that declarations occur as soon as practicable following an offer or receipt of a gift, benefit or hospitality.

2.137 Recording accepted offers of gifts, benefits or hospitality in separate manual systems, especially when the information is being collated and published externally for transparency purposes, creates the risk that information is not properly recorded and disclosures may not be made when they should be. Requiring all accepted offers of gifts, benefits and hospitality to be recorded in the ACCC’s human resources software system, irrespective of whether the offer was accepted by an ACCC Commissioner, AER Board member, employee or contractor, would provide additional assurance that records are complete.

Recommendation no.4

2.138 The Australian Competition and Consumer Commission require that all accepted offers of gifts, benefits and hospitality be recorded in its human resources software system.

Australian Competition and Consumer Commission response: Agreed.

2.139 The ACCC agrees with the recommendation.

2.140 While our Gifts, Hospitality and Benefits Policy requires approval of the acceptance of any gifts, benefits and hospitality by ACCC employees, it only requires they be recorded in the central HR system, when the value is over $50. The ACCC will adjust the current policy to ensure all accepted offers of gifts, benefits and hospitality for statutory office holders, employees and contractors, regardless of value, be recorded in our software system.

2.141 As discussed in paragraph 2.129, the ACCC’s policy regarding conflicts of interest states that: ‘An ACCC official should only accept a gift, hospitality or benefit, when there may be a perceived conflict of interest, when it would benefit the ACCC in carrying out its roles, duties and/or functions.’

2.142 The policy also states that ACCC officials should: ‘Consult the CEO prior to acceptance if a Commissioner or a supervising SES officer (in relation to a[n] employee) has any reservations about whether there is any potential conflict or sufficient benefit to warrant the acceptance of the offer.’

2.143 No guidance is provided in the policy on assessing benefits to the ACCC. However, the policy provides examples of when it is appropriate to accept an offer of hospitality and when more consideration is required, and an example of when hospitality should be declined.

2.144 The one example of when hospitality should be declined is as follows:

An invitation to an ACCC official to attend a private dinner paid for by a private sector entity with a limited number of stakeholders present and where attendance is considered to provide no recognisable benefit to the ACCC in carrying out its roles, duties and/or functions.

2.145 Examples provided in the policy for ‘circumstances when it is okay to accept hospitality’ include the following.

  • A Commissioner attending an industry dinner following an industry forum.
  • Christmas or seasonal drinks/events hosted by business and consumer stakeholder bodies and by law and consulting firms on ACCC panels.

2.146 Examples provided under the heading ‘Circumstances when more consideration is required before accepting the hospitality offered’ include the following.

  • Networking functions, such as alumni events, drinks hosted by barristers at their chambers, and breakfast, lunch, dinner, drinks or seminar events hosted by corporate suppliers or potential suppliers to the ACCC particularly where coinciding with procurement processes.
  • Celebration meals offered to ACCC staff at the conclusion of a matter at a restaurant, by law firms, consultancies, or experts engaged by the ACCC.
  • Attendance at a corporate sponsored table at an event.

2.147 The ACCC policy provides a list of factors ACCC officials should consider when determining whether to accept hospitality.130 In relation to ‘Circumstances when more consideration is required before accepting the hospitality offered’, the policy states that after consideration of these factors, ‘If the ACCC official considers that attendance would benefit the ACCC in carrying out its roles, duties and/or functions, the official should attend and declare the hospitality in the gifts register’.

2.148 As noted in Table 2.1, the ACCC’s policy prohibits gifts from ACCC suppliers.131 A number of the examples cited above show that accepting hospitality from suppliers is permissible, including in situations where it is more than incidental to ACCC officials undertaking their core functions. The ACCC advised the ANAO in February 2023 that:

the ACCC considers there are legitimate circumstances where it is appropriate to accept hospitality. These circumstances are where the hospitality is relatively low value and incidental to the purpose of establishing and supporting the engagement with key partners such as legal practitioners.

However, the ACCC acknowledges that there is ambiguity and possible inconsistency in the advice given in the Gifts, hospitality and benefits policy. The policy is due for review in November 2024; however, the agency will now bring this forward to be considered by August 2023. Part of that Policy refresh project includes simplifying the language in policies and ensuring that there is no conflicting information being provided in the guidance documents.

2.149 With respect to gifts, benefits and hospitality, the perception of a conflict of interest can be just as important as an actual conflict of interest. The emphasis in ACCC guidance on identifying the benefit to the ACCC above managing perceived conflicts of interest leaves the ACCC vulnerable to risks of perceived threats to its independence as a regulator. There is also a risk of negative perceptions regarding the fairness of ACCC procurement practices, where hospitality provided by suppliers is more than incidental to ACCC officials undertaking their core functions. There is scope for the ACCC to strengthen its guidance regarding the acceptance of gifts, benefits or hospitality from suppliers.

Opportunity for improvement

2.150 There is an opportunity for improvement for the Australian Competition and Consumer Commission to strengthen its guidance regarding the acceptance of gifts, benefits or hospitality from suppliers, particularly where hospitality is more than incidental to ACCC officials undertaking their core functions.

2.151 Further, the ACCC’s process for declaring gifts, benefits and hospitality does not require recipients to document in the gifts, benefits and hospitality register their assessment of whether accepting an offer represents a real or perceived conflict of interest, and how any identified perceived conflicts are to be managed. The ACCC should improve the transparency of its internal gifts, benefits and hospitality register by introducing a requirement to capture such information.

Recommendation no.5

2.152 The Australian Competition and Consumer Commission strengthen its gifts, benefits and hospitality arrangements by requiring the recipients of offers of gifts, benefits or hospitality to record in the ACCC’s internal register whether accepting the gift, benefit or hospitality represents a real or perceived conflict of interest and document the basis for their decision.

Australian Competition and Consumer Commission response: Agreed.

2.153 The ACCC agrees with the recommendation.

2.154 The recommendation will enhance our existing practices and procedures for gifts, benefits and hospitality and promote consistency of processes and documentation for statutory officeholders, employees and contractors and strengthen management of real or perceived conflicts of interest.

2.155 The ACCC’s compliance with gifts, benefits and hospitality requirements is discussed in Chapter 4 of this audit in paragraphs 4.34 to 4.46.

Identification and management of fraud risks

2.156 Section 10 of the PGPA Rule requires the accountable authority to take all reasonable measures to prevent, detect and deal with fraud relating to the entity.132 It lists six requirements relating to fraud risk assessments, fraud control plans, and mechanisms for preventing fraud.

2.157 The ACCC’s 2022 Enterprise Risk Register includes the following risk:

Serious findings of a lack of integrity by staff or statutory appointees (for instance as a result of fraud, corruption or other impropriety), or inadequate compliance and assurance systems, damages the agency’s reputation as an effective regulator with the Australian Government and other key stakeholders, resulting in reduced funding and/or responsibilities, and reduced credibility as a regulator.

2.158 This risk had a ‘high’ rating, and as of November 2022 was rated as above the ACCC’s risk tolerance.

2.159 The ACCC has a Fraud Control Plan (August 2022).133 It was endorsed by the ACCC’s Audit and Risk Committee in August 2022 and approved by the ACCC’s Corporate Governance Board, which includes the accountable authority, in October 2022.

2.160 The 2022 Fraud Control Plan defines fraud as ‘dishonestly obtaining a benefit, or causing a loss, by deception or other means’. It ‘assesses the risk of fraud occurring at the ACCC and sets out controls to address that risk’. The plan outlines 19 fraud risks.

2.161 Both the 2022 Fraud Control Plan, and the preceding 2019 plan, refer to the ACCC and AER. While both plans reference the application of the policy to ACCC staff, they do not specify whether they apply to ACCC Commissioners and/or AER board members.134

2.162 ACCC records indicate that:

  • in 2020–21 there were seven allegations of fraud received or detected (four internal and three external); and
  • in 2021–22 there were six allegations of fraud received or detected (two internal and four external).

2.163 In both financial years the external fraud related to external charges on ACCC credit cards. ACCC documentation indicates the amounts were refunded by the financial institution.

2.164 The 2022 and 2019 fraud control plans set out how the ACCC prevents, detects and responds to fraud and corruption risks. The ANAO assessed whether the ACCC’s fraud policy, plan and arrangements complied with section 10 of the PGPA Rule. Overall, as outlined in Table 2.2, the ACCC has met the requirements of section 10.

Table 2.2: Fraud control requirements and ACCC compliance

PGPA Rule section 10 requirement

Meets requirement

Description/examples of ACCC arrangements

Conduct a fraud risk assessment regularly and when there is a substantial change in the structure, functions or activities of the entity.

Largely

The ACCC and AER 2022 Enterprise Risk Register includes an enterprise-level risk relating to fraud.

The 2022 Fraud Control Plan outlines 19 fraud risks.

ACCC documentation indicates that following its 2021 organisational restructure (and the inclusion of enforcement functions of the ACCC within the jurisdiction of the Australian Commission for Law Enforcement Integrity), responsibility for the coordination of ACCC fraud control activities changed. The planned update of the 2019 Fraud Control Plan (scheduled for August 2021) did not occur and the revised Fraud Control Plan was not released until August 2022.

Develop and implement a fraud control plan that deals with identified risks as soon as practicable after conducting a risk assessment.

The ACCC had a fraud control plan in place.

Have an appropriate mechanism for preventing fraud, including by ensuring that:

(i) officials of the entity are made aware of what constitutes fraud; and

(ii) the risk of fraud is taken into account in planning and conducting the activities of the entity.

ACCC staff are required to complete the Employee Induction Program within six weeks of commencement. It includes a section on fraud. Specific ‘Fraud Awareness’ training must also be completed within 24 months of commencement.a Training materials include a definition of fraud. There is no centralised monitoring of completion of either course. The ACCC advised the ANAO that monitoring of completion is done by supervisors as part of the annual performance cycle process.

The ACCC’s intranet includes information relating to fraud, including how to report suspected fraud.

There are examples of fraud related messaging to staff.

There is regular risk and governance reporting on divisional risk landscapes to the Corporate Governance Board and Audit and Risk Committee.

Annually the Audit and Risk Committee is provided with an update on fraud control activity.

Have an appropriate mechanism for detecting incidents of fraud or suspected fraud, including a process for officials of the entity and other persons to report suspected fraud confidentially.

The ACCC’s AAIs require staff and contractors to report actual or suspected fraud in accordance with the Fraud Control Plan. Suspected fraud can be reported by various means, including anonymously.

The ACCC can detect incidents of fraud via internal and external audit or by other review activities, and via members of the public and external contractors.

Have an appropriate mechanism for investigating or otherwise dealing with incidents of fraud or suspected fraud.

The ACCC’s Fraud Control Plan sets out the mechanisms for investigating and dealing with fraud or suspected fraud incidents. This includes assessing whether the incidence is considered significant corruption for the purposes of the Law Enforcement Integrity Commissioner Act 2006 (LEIC Act). If assessed as significant, the Fraud Control Officer (FCO) and ACCC CEO must advise the ACCC Chair so that the Chair can notify the Integrity Commissioner. If not assessed as significant, the FCO and CEO will arrange for the conduct of a preliminary investigation. The FCO will report to the CEO with the preliminary findings to inform a decision on next steps. Where the matter is not investigated by the Australian Federal Policeb, the FCO and CEO will decide whether the matter should be investigated further (internally, or otherwise by an external investigator).

Have an appropriate mechanism for recording and reporting incidents of fraud or suspected fraud.

ACCC employees must report suspected fraud to their supervisor (where appropriate) or otherwise the FCO. The supervisor must, as soon as possible, refer the report to the FCO. If the suspected fraud relates to the person’s supervisor, the matter should be reported to the FCO or a member of the Senior Executive Service.

Details of how to report fraud are available on the ACCC’s intranet. The ACCC also publishes its fraud@accc.gov.au email address on its website to facilitate external reporting of suspected fraud.

Allegations of fraud committed by the:

  • ACCC Chair must be reported to the ACCC CEO;
  • FCO must be reported to the ACCC CEO; and
  • ACCC CEO must be reported to the ACCC Chair.c
  • The Fraud Control Plan does not outline arrangements for reporting allegations of fraud committed by AER Board members.

Findings of fraud are to be reported to the ACCC’s Audit and Risk Committee as necessary and annually.d

     

Note a: The ACCC also has a Contractor Induction program. Contractors on contracts of four weeks or longer are required to complete the Fraud Awareness module.

Note b: The ACCC’s 2022 Fraud Control Plan states that suspected fraudulent activity will be referred to the AFP in circumstances where the matter involves:

a significant or potentially significant monetary or property loss to the Commonwealth;

activity that has, or has the potential to, undermine public confidence in, or the integrity of, the ACCC;

the bribery or corruption, or attempted bribery or corruption, of an ACCC staff member or Commissioner;

the unlawful causing of a significant gain, or loss, to an external party.

Note c: In February 2022 the ACCC advised the ANAO that ‘Suspected fraud or potential fraud by the AER Board members (other than the Chair) can be reported to any manager or supervisor of the reporting individual, or to the Fraud Control Officer, or via the process set out in the Public Interest Disclosure Act 2013. Allegations in relation to the AER Chair must be reported to the ACCC CEO’.

Note d: Subject to any laws that require otherwise.

Source: ANAO analysis of ACCC documentation.

Public interest disclosures

2.165 The ACCC has established a public interest disclosure (PID) policy that is accessible to both ACCC officials and the public; has identified authorised officers; and makes optional training available to authorised officers through the Australian Government Solicitor.

2.166 The Public Interest Disclosure Act 2013 (PID Act) establishes a PID scheme where public officials ‘who suspect wrongdoing within the Commonwealth public sector can raise their concerns.’135 The PID Act ‘applies to Australian Government agencies, Commonwealth companies, public authorities and Commonwealth contracted service providers.’136 The purpose of the PID Act is to:

promote the integrity and accountability of the Commonwealth public sector by:

  • encouraging and facilitating the making of disclosures of wrongdoing by public officials
  • ensuring that public officials who make protected disclosures are supported and protected from adverse consequences relating to the making of a disclosure
  • ensuring that disclosures are properly investigated and dealt with.137

2.167 The kinds of conduct that disclosures can be made about include but are not limited to:

  • a contravention of the law
  • corruption
  • perverting the course of justice
  • maladministration
  • an abuse of public trust
  • falsifying scientific research
  • wastage of public money, or
  • conduct that is a danger to health, safety or the environment.138

2.168 The PID Act sets out a range of obligations including those relating to the principal officer of each agency139 and authorised officers.140

2.169 The ANAO examined whether the ACCC had:

  • established a PID policy that was accessible to ACCC officials and the public;
  • identified authorised officers;
  • PID training available for staff; and
  • provided PID related guidance on its intranet and website.

2.170 The ACCC has a public interest disclosure policy dated June 2018. The policy is available on the ACCC’s intranet and outlines:

  • the requirements of a public interest disclosure;
  • what is disclosable conduct;
  • who can make a public interest disclosure;
  • protections under the PID Act;
  • how to make a public interest disclosure;
  • roles and responsibilities;
  • what happens after a public interest disclosure is made;
  • confidentiality requirements; and
  • support arrangements.

2.171 A public interest disclosure can be made by current and former ACCC employees, including temporary and contracted employees, and service providers contracted by ACCC (including their officers and employees). The ACCC’s policy states that:

Authorised Officers are the Principal Officer and officers of an agency authorised in writing by the Principal Officer for the purposes of the PID Act (s36). They have a range of decision-making, notification and other responsibilities under the PID Act.

2.172 The ACCC also provides guidance relating to public interest disclosure on its intranet. The ACCC’s website includes a link to its PID Policy and the email address to be used to make a disclosure to an authorised officer.

2.173 As of 27 March 2023, the ACCC had eight authorised officers. As discussed in Table 2.3, the ACCC has mandatory PID training for new starters and offered optional PID training to authorised officers, run by the Australian Government Solicitor.

Were relevant policies subject to periodic review?

The ACCC was in the process, as at February 2023, of establishing a framework for the design and review of its policies. For the selected probity risks, there was evidence of most relevant policies being reviewed and updated during the period examined in this audit.

2.174 Periodic review of entity policies assists in ensuring they remain fit-for-purpose and address current risks. For the period examined as part of this audit, the ANAO examined whether relevant policies were subject to periodic review.141

2.175 The ACCC undertook an internal compliance review that was completed in May 2022, which recommended that the ACCC ‘introduce a document control system and carry out a project to refresh the ACCC’s internal control documents’. In November 2022 the ACCC advised the ANAO that its compliance team was working on:

a policies and procedures library for employees (called Policy and Procedure Hub), continuing to aim for launch by end of the year. Work on this library includes developing an overarching governance framework to manage processes for ensuring policies included in the library are approved policies and procedures, and therefore can be relied upon with confidence as the ‘single source of truth’.

2.176 The Policy and Procedure Hub was launched in January 2023. The ACCC commenced its ‘policy refresh’ project in July 2022. ACCC documentation states that:

With consideration of the ongoing ANAO probity audit, the internal compliance team was asked to prioritise integrity related policies, with a focus being to update and strengthen the policies from an integrity and probity perspective.

2.177 The ACCC advised the ANAO in February 2023 that: ‘The project will also develop an Internal Control Document Development and Review Policy with guidance on how to determine appropriate review periods and determine appropriate levels of accountability.’

2.178 Over the period examined for this audit, most relevant ACCC policies were reviewed and updated.142

Does the ACCC effectively inform its personnel of probity requirements and promote compliance?

For the selected probity risks, the ACCC has informed its personnel of probity requirements. The ACCC has adopted a combination of: training; making information on policies, procedures and arrangements easily accessible on its intranet; and messaging from senior officials to reinforce knowledge of probity requirements and promote compliance.

There is limited reliance on refresher training or centralised monitoring and reporting of training completion rates, to mitigate enterprise-level integrity risks and provide assurance regarding the achievement of training goals.

2.179 The effectiveness of an entity’s arrangements for managing probity risks is dependent on personnel being effectively informed of the requirements with which they are required to comply. This can be done through, for example:

  • the provision of training;
  • making information on policies, procedures and arrangements addressing probity risks easily accessible to staff; and
  • regular messaging from senior officers.

Training related to probity risks

2.180 The ACCC has a suite of training, some of which is mandatory, that addresses the probity risks examined in this audit. The ACCC launched a revised learning and development program (the ‘Essentials Program’) in June 2022. The Essentials Program includes:

  • a security awareness course that is required to be completed annually;
  • induction courses that are required to be completed within a specified period after commencement with the ACCC143;
  • role-specific courses that are required to be completed prior to commencing in a role or within a specified period of time after commencement in the role144; and
  • other courses that are required to be completed within 24 months.145

2.181 ACCC documentation states that courses were chosen for inclusion in the Essentials Program because:

  • they help us to meet statutory/legislative obligations and/or employment policy standards
  • lack of knowledge and compliance would pose significant risk to the ACCC/AER
  • they reflect ACCC/AER priorities (e.g. diversity and inclusion, appropriate workplace behaviours and psychological safety)
  • they meet Australian Public Service Commissioner directives.

2.182 Table 2.3 provides details of training available for ACCC personnel for the probity risks examined in this audit.

Table 2.3: ACCC probity related training

Probity risk

Mandatory training available

Frequency of required renewal

Code of conduct

Yes

Mandatory for new starters.

The Essentials Program also contains an APSCa course on ‘Integrity in the APS’, which must be completed within 24 months.

Not required

Conflict of interest

Yes

Mandatory for new starters.

Not required

Regulatory capture

No

Not required

Confidentiality and information security

Yes

Mandatory for new starters.

Annually

Procurement

No

Training was available from September 2022 ‘for employees who manage contracts or have a financial delegation’.

Not required

Corporate credit card expenditure

No

Not required

Gifts, benefits and hospitality

Yes

Mandatory for new starters.

Not required

Fraud

Yes

Mandatory for new starters.

The Essentials Program also contains an APSCa course on ‘Fraud Awareness’, which must be completed within 24 months.

Not required

Public interest disclosures

Yes

Mandatory for new starters.

Not required

     

Note a: The APSC provides a range of education and training courses through the APS Academy.

Source: ANAO analysis of ACCC documentation.

2.183 The ACCC advised the ANAO that:

In June 2022, the ACCC/AER launched a suite of “essential” training known as the Essentials program via the Bunya online learning management system. All employees are required to complete this training …

Guidance to employees is that courses in the Essentials program that have previously been completed, including as part of the Induction Program, do not need to be repeated unless they are a reoccurring course. Currently the only reoccurring course is Security Awareness.

2.184 The ACCC further advised the ANAO that:

ACCC Commissioners and AER Board members are employees for the purposes of the Bunya system and receive the same automatic emails and reminders to complete the agency’s Induction and Essentials programs of training as other agency employees.

Refresher training

2.185 Mandatory refresher training can be an effective way to help ensure knowledge regarding probity requirements is up-to-date and personnel are reminded of their obligations. As of January 2023, security awareness training was the only training module with a requirement that staff undertake mandatory refresher training. This was made mandatory in July 2021, with all staff required to complete the training by February 2022.146

2.186 The July 2021 review into the management of senior executive conflicts of interest (see paragraphs 2.22 and 2.23) made two recommendations regarding annual refresher training on conflicts of interest.147 The ACCC advised the ANAO that ‘Conflict of Interest training applying to all Commission officials has been updated. The recommendation for more specific training and annual refresher training for SES is expected to be considered further by the proposed Chief Integrity Officer.’148 The ACCC further advised the ANAO that the recommendation for managers to complete an annual course to identify and manage conflicts of interest would also be considered by the proposed Chief Integrity Officer.

2.187 As noted in paragraph 2.14, the ACCC’s Enterprise Risk Register lists ‘Conflict of interest processes’ as a key control for managing integrity risk, which is one of the ACCC’s seven enterprise risks.149 The ACCC could usefully consider the role of refresher training in its management and mitigation of identified enterprise-level integrity risks.

Opportunity for improvement

2.188 There is an opportunity for improvement for the ACCC to further consider the role of refresher training in its management and mitigation of identified enterprise-level integrity risks.

Monitoring compliance with requirements

2.189 ACCC records indicate that when introducing the Essentials Program, the ACCC ‘moved away from a “mandatory” compliance-focused approach’ that had earlier been planned. References to mandatory modules (except for security awareness training) and consequences for non-completion were removed from the guideline document prepared to assist ACCC personnel understand the Essentials Program. Instead the ACCC favoured an ‘initial focus on a cultural shift rather than “rules”’.

2.190 The ACCC advised that ANAO that monitoring completion of the Essentials Program courses is done by supervisors as part of the annual performance cycle process, as follows:

As part of performance planning, employees are asked to confirm (self-report) that they have a plan to complete the Essentials program and, at the end of the performance cycle, that they are up to date with Essential program training. This is designed to act as a prompt to encourage completion of the program and to provide some data to the agency on completion of the program.

Managers will be monitoring completions as part of performance planning discussions …

Currently there is no central reporting on Essential program completions or compliance (aside from reporting on Security awareness training compliance and quarterly reporting on completion of D&I [diversity and inclusion] training). Reporting compliance with training requirements based on Bunya [online learning system] data is currently a resource intensive, manual process.150

2.191 As discussed in paragraph 2.181, training courses were selected for inclusion in the Essentials Program to satisfy compliance obligations, meet agency priorities and help manage enterprise risks. Centralised monitoring and reporting of completion rates for this training would provide additional assurance regarding achievement of those goals.

Opportunity for improvement

2.192 There is an opportunity for improvement for the ACCC to further consider the role of centralised monitoring and reporting of completion rates for Essentials Program training, to provide additional assurance regarding the achievement of the program’s goals.

Accessibility of information on probity requirements

2.193 The ACCC makes policies, procedures and information regarding arrangements to address probity risks available on its intranet. Some intranet pages that contain this information also contain contact details for specialist staff who can provide assistance.

Messaging from senior officials

2.194 The ACCC uses a range of channels for providing its personnel with information on probity requirements, including information on policy updates, and reminders regarding obligations and senior officials’ expectations. These channels include:

  • regular direct messaging from the CEO;
  • an email newsletter called ‘ACCCess’; and
  • articles published on the intranet landing page.

3. Monitoring, reporting and assurance

Areas examined

This chapter examines whether the Australian Competition and Consumer Commission (ACCC) has established monitoring and reporting arrangements to provide assurance on the effectiveness of its internal controls and compliance with probity requirements, and arrangements to follow up on identified instances of non-compliance. The period examined in this audit was July 2020–November 2022 and where relevant, key subsequent events up to and including February 2023.

Conclusion

The ACCC is developing a framework and arrangements for monitoring the effectiveness of internal controls and compliance with probity requirements, and for providing assurance to the accountable authority in relation to probity. The scope of this monitoring has been limited, with a small number of internal audits undertaken. The ACCC has established a compliance team and as of early 2023, was developing a compliance framework and undertaking a procurement process for software to facilitate centralised management and reporting of compliance incidents. The ACCC does not have an entity-wide framework for following up on instances of non-compliance.

3.1 An entity’s accountable authority is required to establish appropriate controls and maintain sufficient oversight to ensure internal controls operate as intended, to assist in mitigating probity related risks and promote compliance. Well-functioning assurance arrangements, including reporting to senior management, provide confidence that risks are being effectively controlled or identify when controls are ineffective or absent. Entities also need to ensure that instances of non-compliance are treated in a timely and appropriate manner in accordance with specified requirements.

3.2 This chapter assesses whether the ACCC has established monitoring and reporting arrangements to provide assurance on the effectiveness of internal controls and compliance with probity requirements. Specifically, the ANAO examined if the ACCC has established a fit for purpose framework for:

  • monitoring the effectiveness of internal controls relating to probity and providing assurance to the accountable authority;
  • monitoring compliance with probity requirements, including regular monitoring and reporting; and
  • following up on identified instances of non-compliance.

Is there a framework for monitoring the effectiveness of internal controls relating to probity and providing assurance to the accountable authority?

The ACCC is developing a framework for monitoring the effectiveness of internal controls and providing assurance to the accountable authority in relation to probity. The scope of this monitoring activity had been limited, with a small number of internal audits undertaken. The Chair of the ACCC Audit and Risk Committee wrote to the ACCC accountable authority in 2019, 2020 and 2021 encouraging the ACCC to consider the adequacy of the internal audit budget. The ACCC began to expand its internal audit coverage in 2022. In May 2022 the ACCC undertook an entity-wide assessment of selected internal controls, including those related to a number of the key probity risks considered in this audit.

3.3 Information on the effectiveness of internal controls gives the accountable authority assurance regarding compliance with probity policies and the extent to which staff uphold standards of conduct. Section 16 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires the accountable authority of a Commonwealth entity to establish an appropriate system of internal control. Section 17 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) requires the accountable authority to establish an audit committee, the functions of which must include reviewing the appropriateness of the system of internal control. This would include coverage of oversight of the management of identified probity risks.

Internal audit

Review activity

3.4 The ACCC has an internal audit strategy covering the period 2019–23. The strategy states that ‘key strategic risks … underpin the Internal Audit Strategy.’ The strategy lists criteria for selecting internal audit topics and states that that there would be periodic audits on topics that are key to the achievement of key business objectives and strategic priorities, and strategic risks. The ACCC’s 2021–22 Annual Report states that ‘Audit topics consider areas of significant risk and seek to ensure that all major functions, systems and business areas of the agency are audited regularly.’

3.5 The ACCC undertook two internal audits in 2020–21151 and three in 2021–22. The internal audits in this period included:

  • IT security and governance;
  • monitoring compliance with enforceable undertakings;
  • employee use of delegations and authorisations;
  • information security and awareness (iManage)152; and
  • management of COVID-19 and lessons learned.

3.6 In the annual letter of assurance to the ACCC Chair in 2019, 2020 and 2021, the Chair of the ACCC’s Audit and Risk Committee153 encouraged the ACCC Chair to consider the adequacy of the budget provided to internal audit.154 The assurance letter dated 14 September 2021 stated that:

In its 2019 and 2020 assurances letters to you the [Audit] Committee encouraged management to consider the adequacy of the internal audit budget. The Committee notes the importance of ensuring internal budget allocation keeps pace with the substantial increase in the agency size and complexity of work in recent years. The Committee therefore again encourages you to assess whether the current model of 3 internal audits per year is sufficient to adequately cover all key risks within an acceptable multi-year timeframe.

3.7 The number of internal audits undertaken has meant there has not been regular testing of controls relating to risks identified in the ACCC’s strategic risk registers, including probity related risks. The ACCC’s 2019–20 Strategic Risk Profile included six risks, all of which were rated as ‘high’.155 A further assessment of the ACCC’s enterprise risks occurred in October 2021, with eight risks identified as ‘key enterprise risks for 2021–22’. This resulted in the addition of a risk related to ‘serious findings of a lack of integrity damage the agency’s reputation as an effective regulator’, which was given a risk rating of ‘medium’.156 An update in September 2022 included seven enterprise risks, of which five were rated as ‘high’, including the risk of ‘serious findings of a lack of integrity, or inadequate compliance and assurance systems damage the agency’s reputation as an effective regulator’.

3.8 In April 2022 the ACCC Executive Management Board was presented with a proposal to incrementally increase the number of internal audits by one to two audits per year. In August 2022 the ACCC commenced a two year contract with an external provider of internal audit services.157 Correspondence from the Chair of the Audit and Risk Committee to the ACCC Chair dated 8 September 2022 stated that:

The [Audit and Risk] Committee notes the changes that have been progressed in relation to the agency’s internal audit model. In its 2019, 2020 and 2021 annual letters of advice, the Committee encouraged management to consider the adequacy of the internal audit approach and budget. The Committee has emphasised the importance of ensuring internal budget allocation keeps pace with the substantial increase in the agency size and complexity of work.

The Committee has been encouraged in 2021–22 to see that management has reconsidered the approach to internal audit and decided to move to an audit partner model with more funding and scope for further audits to be undertaken. … We note that engagement and induction for the audit partner is underway, and we will continue to monitor progress. This will constitute a significant investment.

3.9 The updated ACCC and AER Risk Management Framework, which was approved by the Acting ACCC Chair on 16 December 2022, stated that:

The agency has engaged a third party service provider as an audit partner to carry out the centralised internal audit function. The provider is engaged for a two year period, commencing in September 2022. The provider will conduct three to four formal audits per year, supported by additional reviews and other work with an assurance or business improvement focus.

3.10 The ACCC’s internal audit provider prepared an Internal Audit Work Plan (IAWP) for 2022– 24, which was approved by the ACCC’s Chief Risk Officer in January 2023 and noted by the Audit and Risk Committee in February 2023.158 The 2022–24 IAWP included four internal audits for 2022–23159 and six for 2023–24.160 The internal audit provider also undertook an assurance mapping activity in 2022–23, to assess the ACCC’s assurance arrangements across its seven enterprise risks.

3.11 Prior to the 2022–24 IAWP, the ACCC’s internal audit program was undertaken under the Internal Audit Strategy 2019–2023, which included an Internal Audit Plan for 2019–23. A paper to the Audit and Risk Committee in March 2022 stated that while the Internal Audit Plan for 2019–23 contained a schedule of internal audit topics for the years covered by the Internal Audit Strategy, ‘In practice the topics for each year are reviewed and determined annually by the Executive Office with input from senior management, and may change from what is specified in the Plan.’

Oversight

3.12 Under its charter, the role of the ACCC’s Audit and Risk Committee is to provide ‘independent advice and assurance to the Accountable Authority, through the CGB [Corporate Governance Board], on the entity’s financial reporting, performance reporting, risk oversight and management, and systems of internal control.’ The Audit and Risk Committee receives updates on the ACCC’s internal control framework. Internal audit reports are discussed as a standing agenda item at the Audit and Risk Committee and the Committee also receives regular reporting on the implementation of audit recommendations.

3.13 As discussed in paragraph 2.110, the ACCC undertook an internal review of its governance frameworks following publication of the Thom review. The ACCC internal review stated that:

Executive Office has indicated it can also consider further whether internal audit reports that are currently provided to Audit Committee should also be provided to Corporate Governance Board.

3.14 A paper provided to the Audit and Risk Committee indicates that as of November 2022, there was:

No regular update provided to CGB [Corporate Governance Board] regarding:

  • Audits commenced
  • Final audit reports delivered
  • Tracking implementation of recommendations.

Audit reports/updates provided by exception, or as requested.

3.15 The Corporate Governance Board receives minutes of Audit and Risk Committee meetings and verbal updates from members of the Audit and Risk Committee. The ACCC’s Executive Management Board, which is chaired by the ACCC Chief Executive Officer, receives final audit reports/outcomes where relevant.161

Internal assessment of the effectiveness of controls

3.16 In May 2022, the ACCC undertook an entity-wide assessment of selected internal controls related to corporate and governance obligations.162 ACCC documentation indicates that the assessment built on a legislative compliance review undertaken by an external consultant in 2019. The 2022 assessment was reported to the Executive Management Board and the Corporate Governance Board in June 2022. The covering minute to both committees stated that:

The assessment relied on information and documents provided by line areas in addition to information obtained from interviews with Responsible Officers and Accountable SES. It did not include testing of internal controls to check if they were effective in meeting each obligation in practice.

3.17 The assessment considered arrangements relating to:

  • conflict of interest;
  • procurement;
  • credit card expenditure;
  • gifts, benefits and hospitality; and
  • fraud control.

3.18 The review contained 38 recommendations for strengthening policies, procedures and arrangements relating to specific compliance obligations.163 It also contained a recommendation for the ACCC to implement a ‘control document management system’ and ‘policy refresh project’.164 The policy refresh project is discussed in paragraphs 2.175 to 2.177.

3.19 As of March 2023, the ACCC was developing a compliance framework.165 It has not yet been determined what control monitoring and testing activities are planned under the proposed framework.

Other reviews of probity controls

3.20 In December 2022 the ACCC advised the ANAO that:

to supplement the internal audit program the agency also undertakes other audit initiatives directed at key enterprise risks. An example is the two audits per year undertaken in relation to the Consumer Data Right. These audits are reported to the CDR Internal Governance Board … and the Audit and Risk Committee.166

3.21 This review activity has included a review related to Consumer Data Right (CDR) procurements and CDR cyber security and compliance with the Information Security Manual.167 While the ACCC refers to these as internal audits, these reviews were not formally part of the internal audit program and were not subject to the ACCC’s standard practices for tracking the implementation of recommendations. Both reviews were provided to the Audit and Risk Committee for noting.

3.22 Additionally, the ACCC commissioned a review related to senior executive conflict of interest management, which was finalised in July 2021.168 ACCC documentation indicates that it was provided to the ACCC’s Executive Management Board.

Is there a framework for monitoring compliance with probity requirements, including regular monitoring and reporting?

The ACCC has established a compliance team and undertakes regular monitoring of compliance with annual conflict of interest declaration requirements and completion of mandatory security awareness training. As of March 2023, the ACCC was developing an entity-wide compliance framework and planning for the procurement of software to facilitate centralised compliance management and reporting of compliance incidents.

3.23 The ACCC undertakes regular monitoring of compliance with some probity requirements. This includes compliance with annual conflict of interest declaration requirements and completion of mandatory security awareness training.

3.24 A compliance assurance process, to inform mandatory reporting on compliance with the PGPA Act and PGPA Rule, are part of the ACCC’s annual report preparation.169 This process is informed by compliance questionnaires completed by senior officers170, as well as monitoring of procurement activity and finance-related internal controls.

3.25 An October 2019 compliance assessment commissioned by the ACCC recommended that the ACCC establish a legislative compliance framework.171 The ACCC’s compliance arrangements were also identified as an area for improvement in the 2021 internal review into governance frameworks which followed publication of the Thom review.172 The internal review stated that:

To date, the agency’s culture has served it well in quickly identifying issues that may result in non-compliance; however, there is no central management or oversight to identify compliance risks, assign responsibility and accountability, audit compliance with our obligations and, assign responsibility and accountability when an issue is identified for resolution. Moreover, the agency’s growing size and diversification of its statutory roles and responsibilities reinforces the need to have in place fit-for-purpose formal governance structures, rather than remaining reliant on a culture of compliance. As noted above, the current structure considerations have an opportunity to invest in improved compliance awareness and compliance monitoring.

3.26 The ACCC’s Audit and Risk Committee was advised in November 2021 that a dedicated compliance team had been established, and the committee was provided with a draft project plan on developing a central compliance function. This team undertook a compliance assessment process (discussed in paragraphs 3.16 to 3.18). The ACCC advised the ANAO that:

In early 2023, the team will continue to refine the framework as further planning is undertaken of:

  • the policy refresh project
  • the procurement and implementing of the Risk and Compliance IT tool, and
  • preparing the Assurance checklist: Systems of internal control for the Audit and Risk Committee for end of financial year reporting …

Monitoring and reporting on compliance activities with obligations and internal controls (e.g. policies) is the responsibility of the obligation/policy owner. As part of the policy refresh project, policy owners will be required to include an accountability table which will clearly identify and delegate responsibilities for monitoring compliance (and non-compliance) and reporting on the same. Internal Compliance will have a role to oversee that the monitoring and reporting activities are being undertaken (but is not responsible for doing that monitoring and reporting), as well as a role to review and inspect reports to help identify any patterns of behaviour or systemic issues to be raised with an appropriate governance board.

3.27 As of March 2023 the ACCC was in the process of developing an entity-wide compliance framework and was undertaking a procurement process for software to facilitate centralised compliance management and reporting of compliance incidents. The ACCC advised the ANAO that the Compliance Framework was expected to be considered by the Corporate Governance Board in May 2023 and the compliance management software was expected to be launched in mid-2023.

Is there a framework for following up on identified instances of non-compliance?

The ACCC does not have an entity-wide framework for following up on instances of non-compliance, and the policies reviewed in this audit typically did not include details of the consequences for non-compliance.

3.28 Having a framework for following up on identified instances of non-compliance assists in providing assurance to the accountable authority regarding the effectiveness of probity management arrangements.

Responding to non-compliance with probity requirements

3.29 The ACCC does not have an entity-wide framework for responding to instances of non-compliance with probity requirements.

3.30 As discussed in paragraph 3.13, after the release of the Thom review in 2021, the ACCC undertook an internal review ‘to identify whether the agency had any weaknesses or gaps in its governance frameworks.’ As discussed in paragraphs 3.16 to 3.18, in May 2022 the ACCC also undertook an entity-wide assessment of selected internal controls related to corporate and governance obligations.

Consequences for non-compliance with probity requirements

General approach

3.31 As discussed in paragraphs 3.19 and 3.27, the ACCC was developing a compliance framework in late 2022. As of January 2023, the ACCC had no general approach regarding consequences for non-compliance with probity requirements.

Policy specific

3.32 As discussed in paragraph 2.3, the Australian Public Service (APS) Code of Conduct applies to ACCC staff. Consequences for failing to manage conflict of interest can result in a breach of the APS Code of Conduct. In its conflict of interest policy, the ACCC states that:

If a breach of the Code of Conduct is found, section 15 of the Public Service Act provides that the following sanctions may be imposed:

  • termination of employment
  • reduction in classification
  • re-assignment of duties
  • reduction in salary
  • deductions from salary, by way of fine
  • a reprimand.

Depending on the nature of the conflict of interest, prosecution under the Crimes Act 1914 could also occur with appropriate penalties being imposed by a court.

3.33 The other ACCC policies reviewed in this audit typically did not include details of the consequences for non-compliance.

3.34 Credit cards can be withdrawn in circumstances where there is non-compliance with the credit card manual, as discussed in paragraph 2.118. Where there is accidental misuse of a credit card, the ACCC advised the ANAO that ‘the cardholder will contact the Finance Branch for instructions. The transaction/s will be acquitted as a receivable and the Finance Branch will contact the cardholder with instructions on how to repay the funds.’

3.35 Identification of probity related non-compliance and management of identified non-compliance is discussed in Chapter 4 of this audit report.

4. Compliance with requirements

Areas examined

This chapter examines whether the Australian Competition and Consumer Commission (ACCC) has demonstrated compliance with its probity requirements and addressed non-compliance in accordance with its stated requirements.

Conclusion

The ACCC fully or largely complied with most of the probity related requirements examined in this audit.

The ACCC is developing a framework for following up on instances of non-compliance. There is no evidence of instances of non-compliance identified in the context of this audit being addressed in accordance with ACCC requirements for: procurement; and gifts, benefits and hospitality.

Area for improvement

The ANAO identified one opportunity for improvement aimed at improving the transparency and completeness of reporting in the ACCC’s gifts, benefits and hospitality register.

4.1 Entities cannot effectively manage probity related risks if the policies, procedures and arrangements designed to mitigate those risks are not followed. This chapter assesses whether the ACCC has demonstrated compliance with the probity requirements selected for ANAO review and addressed non-compliance in accordance with its stated requirements.

4.2 The requirements reviewed by the ANAO related to:

  • code of conduct;
  • conflict of interest;
  • trading in financial instruments;
  • senior executive remuneration;
  • selected procurement requirements;
  • corporate credit card use; and
  • gifts, benefits and hospitality.173

Has the ACCC complied with the selected probity requirements?

For the periods reviewed by the ANAO, the ACCC undertook its internal assurance processes under which relevant personnel made conflict of interest declarations or self-assessments. The results for these processes were reported to senior management committees. The ACCC Chair signed a letter to the Treasurer advising on the Chair’s pecuniary interests as required under the Competition and Consumer Act 2010 in June 2022. The letter was sent to the Treasurer in May 2023.

ACCC personnel complied with requirements relating to senior executive remuneration and corporate credit cards.

ACCC personnel were largely compliant with requirements relating to gifts, benefits and hospitality.

The ACCC’s procurement policies and guidance require officials to comply with the Commonwealth Procurement Rules (CPRs). The ACCC’s procurement policies and guidance do not outline any further specific requirements for the management of probity related risks. For the 10 high-value procurements reviewed by the ANAO there was documented consideration of probity in five of the procurements.

Restrictions on ACCC employees relating to trading in financial instruments were not captured in any ACCC policies until 25 November 2022, and were therefore not subject to ANAO testing as part of this audit.

As the ACCC does not require any attestation or completion of training on an annual basis that is centrally reported, the ANAO did not review compliance with requirements in relation to the code of conduct.

Code of conduct

4.3 When Commissioners and employees join the ACCC they are required to declare, amongst other things, that they have read and understood the Australian Public Service (APS) Code of Conduct.174 The requirement to comply with the APS Code of Conduct is reiterated in induction training that employees and Commissioners are required to complete. As discussed in paragraph 2.190, there is no central reporting on the completion of training aside from reporting on security awareness training compliance and quarterly reporting on completion of diversity and inclusion training. As the ACCC does not require any attestation or completion of training on an annual basis that is centrally reported, the ANAO did not review compliance with requirements in relation to the APS Code of Conduct or the ACCC’s Code of Conduct for Commission Members and Associate Members (Members’ Code of Conduct).

Compliance with annual declaration process requirements relating to conflict of interest

4.4 The ACCC’s arrangements for managing conflicts of interest are discussed in paragraphs 2.12 to 2.30.

4.5 As discussed in paragraph 2.19, ACCC employees are required to complete a conflict of interest declaration (SES employees) or a self-assessment (non-SES employees175) within one month of commencing with the ACCC and if the employee has a change in circumstances that might give rise to new conflicts of interest. In addition to these requirements, SES employees are required to complete an annual conflict of interest declaration and non-SES employees are required to complete a conflict of interest self-assessment each financial year. All ACCC employees, including senior executives, are required to confirm that they:

  • have read and understood the conflict of interest policy;
  • are aware of insider trading law and prohibitions in place around trading while in possession of price sensitive information; and
  • have identified any real, perceived or potential conflicts of interest relating to themselves and their immediate family members.

4.6 The ANAO examined whether there is evidence of the ACCC having conducted its annual conflict of interest declaration (SES) and self-assessment (non-SES) processes for the most recent period, and whether the results were reported to relevant senior management. The ANAO also examined what actions the ACCC took in relation to identified non-compliance.

4.7 At the time the ANAO conducted audit fieldwork, the most recent cycles had ended on 31 July 2022 for SES declarations and 31 August 2022 for non-SES self-assessments.176 ACCC documentation indicates that the ACCC tracked completion rates and reported results to the Corporate Governance Board in October 2022. The report indicated the following.

  • All SES declaration forms were submitted by 31 July 2022.
  • As of 4 October 2022, 1217 out of 1233 non-SES employees (99 per cent) had completed their self-assessment. The report advised that 16 forms were still to be completed by non-SES employees who had either returned from leave after 31 July 2022 or joined the ACCC/Australian Energy Regulator (AER) in August 2022. The report further advised that follow up action was planned ‘to ensure compliance at the earliest possibility’.
Disclosure of Commissioner and Board member interests

4.8 As noted in footnote 50, the Members’ Code of Conduct states that ‘Commissioners should inform the Chair on an annual basis – by 30 June – of all their relevant interests’. The most recent declaration process for ACCC Commissioners and AER Board members was undertaken in June and July 2022. Declaration of interest forms were completed by all ACCC Commissioners and AER Board members, including the ACCC Chair and AER Board Chair, with one exception.177 The individual declarations were not provided to the ACCC Chair. The ACCC advised the ANAO in April 2023 that:

In June 2022, the Executive Office asked Commissioners to:

  • validate their entities in the Commissioner Disclosure register
  • complete the annual Declaration of Private Interest Form.

Executive Office staff reviewed the validated entries and the completed Declaration of Private Interest Forms to ensure that all relevant disclosures that could give rise to a perceived or actual conflict of interest were included in the Commissioner Disclosure register. The Executive Office also considered associate members’ Declaration of Private Interest Forms.

On 31 August 2022, a paper was presented to Commissioners, including the Chair, that set out a report of Commissioners’ declarations received outside Commission meetings or not previously considered, including following the annual Declaration of Private Interest Form process …

4.9 Under section 17 of the Competition and Consumer Act 2010, the ACCC Chair ‘must give written notice to the Minister of all pecuniary interests that the Chairperson has or acquires in any business carried on in Australia or in any body corporate carrying out such business.’ In March 2023 the ACCC advised the ANAO that ‘The agency’s practice and interpretation of section 17 is that the Chair provides a disclosure of interest declaration to the Minister upon appointment to the role and upon any change in circumstances post-appointment.’ The ACCC Chair commenced in the role on 21 March 2022 and signed a letter to the Treasurer dated 3 June 2022 detailing pecuniary interests. The letter was sent to the Treasurer on 12 May 2023.178

Compliance with trading in financial instruments requirements

4.10 The ACCC’s arrangements for trading in financial instruments are discussed in paragraphs 2.46 to 2.60. As discussed in paragraph 2.49, the ACCC updated its conflict of interest policy in November 2022 to include a section on ‘improper use of information — share trading’. This established restrictions regarding trading in securities for employees. As this was at the end of the period subject to audit the ANAO did not examine compliance with these requirements.

4.11 As discussed in paragraph 2.52, the Members’ Code of Conduct states that:

Full-time members should normally avoid holding shares directly. If a full-time member proposes to hold shares directly, they should consult the Chair and exercise careful personal judgement in respect of such transactions to ensure that any financial dealings do not raise an actual or perceived conflict with the functions of that member.

4.12 In February 2023 the ACCC advised the ANAO that ‘The only direct shareholdings disclosed by ACCC Commissioners were in their possession upon commencement and either remained in their possession or were divested post commencement.’ This statement was consistent with information contained in ACCC Commissioner and AER Board member declarations. The ACCC further advised the ANAO that:

In relation to AER Board members, only one member … has disclosed direct shareholdings. The shareholdings are held via a self-managed superannuation fund and are not energy–related. If a perceived or actual conflict of interest arose for [an] AER Member … in the course of … ACCC/AER work, a management plan would be implemented. As no conflict has arisen, a management plan has not been required.

4.13 The AER Board member listed the superannuation fund in the annual declaration of interests.

Compliance with senior executive remuneration requirements

4.14 The ACCC’s arrangements for senior executive remuneration are discussed in paragraphs 2.76 to 2.87. As discussed in paragraphs 2.77 and 2.78, the ACCC has a remuneration and benefits policy for substantive SES employees, which states that the ‘policy operates in conjunction with the General [section] 24.1 [PS Act] determination for Senior Executive Officers and individual 24.1 issued to each Senior Executive Officer’. The General 24.1 Determination sets out requirements relating to annual review of performance for SES employees and requirements regarding requests for individual renumeration reviews.179

4.15 The ANAO reviewed whether:

  • the process for reviewing senior executive remuneration for its most recent performance period was undertaken in accordance with entity requirements; and
  • whether the ACCC’s accountable authority (the ACCC Chair) was provided with and approved individual remuneration outcomes for members of the senior executive cohort for the most recent performance cycle that resulted in a pay rise.

4.16 As outlined in paragraph 2.85, the ACCC Chair approved a 1.7 per cent remuneration increase for SES and SES equivalents, excluding the ACCC Chief Executive Officer (CEO), in August 2021. This rise was consistent with the requirements of the Public Service Workplace Relations Policy 2020.180

4.17 On 2 December 2022, the ACCC CEO approved a three per cent salary increase for the SES cohort181 in accordance with the Public Sector Interim Workplace Arrangements 2022.On 13 December 2022, the ACCC Chair approved a three per cent salary increase for the ACCC CEO in accordance with the same workplace arrangements.182 The ACCC Chair was provided with information on: the CEO’s existing remuneration, proposed remuneration, and relativities with other SES at that level across the APS.183

4.18 In addition to the general increases for the SES during the period reviewed by the ANAO, the most recent process that resulted in a pay increase for some SES officers was a review process undertaken in December 2022. For a small number of senior executives, increments were approved by the ACCC CEO on 21 December 2022. The ACCC’s General s24 Determination states that: ‘A Senior Executive Officer’s performance will be formally reviewed at least annually. All performance assessments are required to be reviewed and moderated by the ACCC COO.’184 As part of the review process, the CEO was provided with information, including on the individual remuneration and performance of all those in the senior executive cohort. ACCC records indicate that in February 2023 the ACCC Chair was provided with the outcomes of the remuneration review.

4.19 In September 2022 the ACCC Chair was advised that the People and Culture Branch planned to provide both annual and regular reporting on remuneration details to the Chair for substantive SES Band 2 and 3 employees, ‘to improve probity and assist us with providing assurance to you that the ACCC manages executive remuneration appropriately.’

4.20 As of March 2023, no further increases in remuneration to members of the senior executive had occurred.

4.21 In summary, for the process examined by the ANAO:

  • the process for reviewing senior executive remuneration for its most recent performance period was undertaken in accordance with entity requirements; and
  • there is evidence the ACCC Chair was provided with the remuneration outcomes for members of the senior executive cohort for the most recent performance review process that resulted in a pay rise for some members of the senior executive cohort.

Consideration of probity in procurement

4.22 The ACCC’s policies, guidance and arrangements for probity management in procurement activities are outlined in paragraphs 2.88 to 2.98. The ACCC’s procurement policies and guidance require officials to comply with the CPRs.185 As discussed in paragraph 2.94, the ACCC’s procurement policies and guidance do not include any further specific requirements for the management of probity related risks.

4.23 The ANAO selected a sample of ten procurements undertaken by the ACCC between July 2021 and October 2022. The procurements selected were the 10 highest value procurements for the period recorded on AusTender as at 19 October 2022.

4.24 For each procurement, the ANAO assessed whether there was evidence of the consideration of probity as part of the procurement process. The results of this assessment are summarised in Table 4.1.

Table 4.1: Consideration of probity in the selected ACCC procurements

Sample number

Procurement and Contract Notice (CN) number

Procurement type as assessed by the ANAO

Value at 19/10/22 as recorded on AusTender

($)

ANAO comment

1

Building Lease – Sydney (CN3880272)

Use of mandatory Australian Government coordinated procurement arrangement

80,530,630

  • The ACCC’s central procurement team reviewed the procurement prior to PGPA s23 approval.
  • There was no documented evidence of probity management specific to this procurement.
  • The ACCC advised the ANAO in February 2023 that ‘Probity risks are managed by the legal provider, procurement or internal legal as required. Probity advice was not obtained given the absence of probity issues.’

2

Building Lease – Canberra (CN3880287)

Use of mandatory Australian Government coordinated procurement arrangement

42,190,493

  • The ACCC’s central procurement team reviewed the procurement prior to PGPA s23 approval.
  • An external probity advisor was appointed and provided probity advice in response to questions from the ACCC.
  • The procurement and evaluation plan stated that the probity advisor would provide ‘probity endorsement once the final evaluation summary has been prepared’. The ACCC advised the ANAO in February 2023 that: ‘The ACCC sought final certification sign off from [the probity advisor] as part of finalising the lease documentation however it did not seek final “probity endorsement” as per the evaluation plan.’

3

Construction – Canberra Accommodation Project $1,250,607.6 are third party procurement costs being reimbursed from the landlord. (CN3891307)

Panel procurement – 5 suppliers approached

7,689,413

  • The ACCC’s central procurement team reviewed the procurement prior to PGPA s23 approval.
  • A probity plan was established.
  • An external consultant was appointed to assist with managing communication with tenderers and provide probity advice if probity issues arose. No evidence of probity advice was provided to the ANAO.
  • The probity plan stated that ‘All ACCC officers involved in the ATM [approach to market] Process should have signed a Conflict of Interest Declaration’. The four evaluation team members made conflict of interest declarations but the delegate did not.

4

Independent Testing Services for the BPMR Programa (CN3882242)

Open tender

5,178,017

  • The ACCC’s central procurement team reviewed tender documents and the probity plan.
  • A probity plan was established.
  • An external probity advisor was appointed. The external probity advisor provided a probity report that was included in the tender evaluation report.
  • The evaluation plan stated that conflict of interest declarations must be completed by all persons involved in the request for tender process. Tender evaluation panel members, internal technical advisors and external procurement advisors provided conflict of interest declarations. There was no declaration documented by the decision-maker, contrary to the evaluation plan.

5

Ventia Property Operating Expenses (CN3777843-A1)

Use of mandatory Australian Government coordinated procurement arrangement

4,845,717

  • The ACCC’s central procurement team reviewed the procurement prior to PGPA s23 approval.
  • ACCC documentation states that ‘the Department of Finance have directed agencies to remain with current providers and not seek quotes from other providers on the panel.’
  • There was no documented evidence of probity management specific to this procurement. The ACCC advised the ANAO that ‘The Department of Finance assigned successful suppliers to non-corporate Commonwealth entities. As a result, no probity advice was required.’

6

Surge Capacity Resourcing (CN3812772)

Panel procurement – single supplier approached

4,255,650

  • The ACCC’s central procurement team reviewed the procurement prior to PGPA s23 approval.
  • There was no documented evidence of probity management specific to this procurement. The ACCC advised the ANAO that ‘The procurement was considered low risk and was conducted through a panel arrangement, so specific probity documentation was not required.’

7

VSA5 Non Common Cloud Commitment licences (CN3918921)

Panel procurement – single supplier approachedb

3,050,203

  • The ACCC’s central procurement team reviewed the procurement prior to PGPA s23 approval.
  • There was no documented evidence of probity management specific to this procurement. The ACCC advised the ANAO that ‘The approach was a direct source to the DTA’s [Digital Transformation Agency’s] mandated supplier and considered low risk. Therefore, a procurement plan, probity plan and probity advisor were not required.’

8

Provision of sentencing, digitisation, and disposal services (CN3838974)

Panel procurement – single supplier approached

2,687,496

  • The ACCC’s central procurement team reviewed the procurement prior to PGPA s23 approval.
  • There was no documented evidence of probity management specific to this procurement.

9

Security Monitoring and Reporting Services (CN3917855)

Panel procurement – 32 suppliers approached

2,017,197

  • The ACCC’s central procurement team reviewed the procurement prior to PGPA s23 approval.
  • An external probity advisor was appointed and a probity plan prepared.
  • Tender evaluation committee members completed conflict of interest declarations.
  • Other personnel involved in the procurement, including the delegate, signed an acknowledgement of the probity plan but did not complete a conflict of interest declaration in line with the requirements of the probity plan.

10

IT consultancy services (CN3824354-A1)

Panel procurement – single supplier approached

1,874,389

  • The ACCC’s central procurement team reviewed the procurement prior to PGPA s23 approval.
  • This procurement was for services for phase 2 of an IT project (build and implementation), which followed a discovery and service design phase. Probity arrangements were put in place for the procurement of services for the first phase of the project, which involved the ACCC approaching four suppliers.c
  • Probity arrangements for the first phase (discovery and service design) included the appointment of an internal probity advisor, provision of a probity report as part of the evaluation report, and completion of conflict of interest declarations by tender evaluation committee members.
  • The procurement plan covered the two phases and listed reengaging the phase 1 supplier to undertake phase 2.
         

Note a: The ACCC advised the ANAO in February 2023 that BPMR stands for Broadband Performance Monitoring and Reporting.

Note b: This procurement was undertaken through the Software Marketplace — Whole of Australian Government Software Licensing and Services Panel. The procurement was for services under ‘category 1’, for which there is only a single supplier.

Note c: The AusTender contract number for the phase 1 procurement is CN3767189 with a total reported value of $220,000.

Source: ANAO review of ACCC documentation.

4.25 As summarised in Table 4.1, for the ten high-value procurements reviewed by the ANAO, the ACCC documented consideration of probity as part of the procurement process in five cases. In four of the remaining five procurements, internal probity requirements established for the individual procurements were not fully complied with.186 As discussed in paragraph 2.97, there is an opportunity for the ACCC to seek to obtain greater consistency in its identification and management of probity risks in procurement, by enhancing its internal guidance.

Compliance with corporate credit card requirements

4.26 The ACCC’s policies, procedures and arrangements for credit card expenditure are discussed in paragraphs 2.99 to 2.123.

4.27 The ANAO examined the corporate credit card use of the following senior ACCC personnel:

  • the Accountable Authority;
  • the AER Chair;
  • ACCC Deputy Chairs;
  • AER Deputy Chair;
  • ACCC Chief Executive Officer (called the ACCC Chief Operating Officer prior to January 2022); and
  • AER Chief Executive Officer.187

4.28 These roles were selected on the basis that setting the ‘tone at the top’ is important when trying to instil an ethical culture in an entity. Further, external review is a means of testing whether there are controls in place to manage positional authority risks within an entity.188

4.29 The ANAO also examined whether the executive assistants for people in the above roles have credit cards and if so, whether they can make purchases on behalf of their manager.

4.30 The ANAO reviewed all credit card transactions for the people in the selected roles for the months of June and July 2022. These months were selected as they were sufficiently recent to reflect current entity practices and, at the time of conducting audit testing, the acquittal process should have been complete. The ANAO examined whether:

  • transactions were acquitted within the required timeframe;
  • tax invoices or other supporting documentation was provided (where applicable);
  • transactions were approved in accordance with requirements189; and
  • whether transactions appeared to be for incidental or other private expenditure.

4.31 In the audit sample there were 102 credit card transactions, with a total expenditure of $14,446.23. Of the 102 transactions examined, all were compliant with ACCC requirements. There were also three instances identified by the ACCC where there were no tax receipts provided as required. A lost receipt declaration was completed in each case, in accordance with ACCC requirements.

4.32 The ACCC advised the ANAO that executive assistants can make purchases on behalf of senior ACCC personnel. The ANAO did not identify any transactions where a manager approved expenses incurred on their executive assistant’s card.

4.33 Of the 102 transactions reviewed by the ANAO, no instances were observed that appeared to be for private expenditure.

Compliance with gifts, benefits and hospitality requirements

4.34 The ACCC’s arrangements for gifts, benefits and hospitality are discussed in paragraphs 2.124 to 2.155.

4.35 The ANAO reviewed the ACCC’s gifts, benefits and hospitality register for the period 1 July 2020 to 30 September 2022. The ANAO examined the register for this period because the effective management of probity risks related to gifts, benefits and hospitality is an important element of: supporting an ethical culture; managing the risk of real and perceived conflicts of interest; and managing the risk of regulatory capture.

4.36 The ANAO examined whether:

  • declarations were made in line with ACCC policy;
  • gifts, benefits or hospitality to staff were approved in accordance with requirements190; and
  • where applicable, details of gifts, benefits and hospitality reported on the ACCC’s website matched those on the ACCC’s three internal registers.

4.37 As discussed in paragraphs 2.135 to 2.140, the ACCC maintains separate registers for staff191, ACCC Commissioners, and AER Board members.192 The ANAO analysis was undertaken across all three registers. There were a combined 127 entries in the registers.

4.38 Table 4.2 provides a summary of entries in the ACCC’s gifts, benefits and hospitality registers during the period reviewed by the ANAO.

Table 4.2: Summary of the ACCC’s gifts, benefits and hospitality registers

Categorya

Number

Percentage

Examples

Complimentary attendance at a conference, presentation or seminar

30

24

  • Discounted or free registration to attend a presentation or conference. This may include incidental hospitality.
  • Presenters at a conference or seminar received a free ticket to attend the rest of the event.

Functions and events

16

13

  • Attendance at cocktail parties/drinks events.
  • Provided with tickets to functions.
  • Attendance at evening networking/drinks events.

Meals

52

41

  • Food provided at conferences.
  • Meals provided at events.
  • Breakfast meetings.
  • Working lunches while in attendance at meetings.
  • Working dinners paid for by counsel for the prosecution on a litigation matter.

Gifts

15

12

  • Bottles of wine.
  • Food hampers.
  • Gift pack with teddy bear and sweets.
  • Pen and mug.
  • Flowers.
  • Gift vouchers.

Cultural Giftsb

2

2

  • Plaque, scarf and peppercorns from a study tour visit.

Airline lounge memberships

12

9

  • ACCC Commissioners received complimentary memberships to airline lounges.
  • AER Board members received complimentary memberships to airline lounges.
  • ACCC and AER staff received complimentary memberships to airline lounges.

Total entries

127

100c

 

       

Note a: The categories in this table were determined by the ANAO based on analysis of the ACCC’s three Gifts, Benefits and Hospitality registers.

Note b: Cultural gifts are items of cultural or sentimental value for which a monetary value is difficult to assign.

Note c: Due to rounding, the ‘Percentage’ column does not add to 100 per cent.

Source: ANAO analysis of the three ACCC gifts, benefits and hospitality registers, 1 July 2020 to 30 September 2022.

4.39 In respect to the entries in the ACCC’s three registers for the period reviewed, most gifts, benefits and hospitality were managed in accordance with ACCC requirements.193 The ANAO identified the following exceptions.

  • There were two occasions where a gift card was accepted contrary to ACCC policy.
  • There were 12 occasions where the gift, benefit or hospitality was reported late. On five of these occasions reporting occurred eight to 16 months after the event. On the other seven occasions reporting occurred two months after the event.
  • There were 10 occasions where the entry in a register was not published online.
  • There was one occasion where the entry was published online but did not appear in the internal register.
  • Registers for AER Board members and ACCC employees assigned to the AER were not published for the period 3 January 2020 to 31 December 2020. The ACCC advised the ANAO in February 2023 that this was ‘due an oversight at the time of staff turnover’.194

4.40 Additionally, there was one occasion where attendance at a drinks function appeared to give rise to a potential conflict of interest but was accepted nonetheless. The hospitality was described in the register as:

This was a general invitation to [a] low value function. It was accepted because it provides an opportunity to meet and appraise the strength of [name of organisation removed] and staff providing corporate legal advice on Commonwealth issues; to determine whether the firm is a viable competitive option for use by the CLU [Corporate Law Unit] team.

4.41 The ACCC advised the ANAO in February 2023 that: when the ACCC official attended this function, there was no tender or purchasing process in place; and the ACCC has not engaged with the organisation in relation to any procurement activity since the function.

4.42 As discussed in paragraphs 2.129 and 2.130, the ACCC’s gifts, benefits and hospitality policy permits acceptance of this type of hospitality, notwithstanding the potential for a perceived or actual conflict of interest. The policy also states that ‘Any offer of a gift or benefit that is made in connection with a tender or purchasing process’ is to be refused. The ACCC register indicates that the purpose of attending the function was to determine whether the firm was a viable competitive option for use by the ACCC’s Corporate Law Unit. On that basis, acceptance of the hospitality was contrary to ACCC policy.

4.43 The ANAO also identified the following discrepancies between the internal staff register and the registers published on the ACCC and AER websites.

  • Instances where an individual staff member made a declaration, however the register on the website described multiple members as attending the event.
  • For declarations surrounding airline lounge memberships, it is not clear which individuals, or how many individuals, received this benefit.

4.44 In relation to the airline lounge memberships, the ANAO was advised that ‘the ACCC declares these in a generic disclosure on its register rather than accumulating individual disclosures.’

4.45 ACCC policy states that employees must seek and document approval from their supervising SES officer to accept a gift, benefit or hospitality.195 When making declarations in the register, ACCC employees provide the name of the SES officer who approved acceptance. However, the documentation supporting this approval is contained outside the relevant register. As the registers provided to the ANAO did not contain supporting evidence for the approval, the ANAO was not in a position to test if approvals had been made in accordance with ACCC policy. There is an opportunity to improve the transparency and completeness of the ACCC’s gifts, benefits and hospitality registers by documenting the supporting evidence for an approval in the registers. In addition, as the ACCC CEO does not have a ‘supervising SES officer’ there is scope for the ACCC to establish approval arrangements for the acceptance of gifts, benefits or hospitality by the ACCC CEO.196

Opportunity for improvement

4.46 There is an opportunity for the Australian Competition and Consumer Commission to improve the transparency and completeness of its gifts, benefits and hospitality arrangements by:

  • documenting supporting evidence of an approval to accept a gift, benefit or hospitality in its registers; and
  • establishing approval arrangements for the acceptance of a gift, benefit or hospitality by the ACCC CEO.

Has non-compliance been addressed in accordance with stated requirements?

As of March 2023, the ACCC was in the process of developing an entity-wide framework for following up on instances of non-compliance. There is no evidence of instances of non-compliance identified in the context of this audit being addressed in accordance with the ACCC’s requirements relating to: procurement; and gifts, benefits and hospitality.

4.47 Following up on identified instances of non-compliance assists in providing assurance to the accountable authority on compliance with entity requirements and the effectiveness of probity management arrangements.

4.48 The ACCC’s framework for following up on identified instances of non-compliance is discussed in paragraphs 3.28 to 3.35. As of March 2023, the ACCC was in the process of developing an entity-wide framework for following up on instances of non-compliance.

4.49 The ANAO examined whether there was evidence of action being taken in relation to non-compliance identified by the ACCC and in the context of this audit.

Declaration process relating to conflict of interest

4.50 The ACCC conducted the annual conflict of interest declarations (SES) and self-assessment (non-SES) process in accordance with its requirements. The ACCC was able to demonstrate that completion rates were tracked and that individuals who had not completed the declaration were followed up until all those required to complete the declaration had done so.

Procurement

4.51 In respect to the non-compliance with procurement requirements discussed in paragraphs 4.22 to 4.25, the ACCC advised the ANAO in February 2023 that:

The ACCC has monitoring controls in place to capture and report instances of non-compliance with the Finance Law to Senior Management and the Audit Committee. Where non-compliance is identified, individuals are required to implement strategies to prevent future instances of occurrence and report these as part of the non-compliance process.

4.52 The ACCC further advised the ANAO that:

The ACCC understands the importance of consistency in identification and management of probity risks in procurement.

The agency will look to consider ways in which it can further strengthen its existing internal guidance on probity requirements and governance for all procurements, including having additional probity management measures for higher risk, more complex procurements.

Gifts, benefits and hospitality

4.53 In respect to the non-compliance with its gifts, benefits and hospitality arrangements discussed in paragraphs 4.34 to 4.46, the ACCC advised the ANAO in February 2023 that ‘The ACCC notes that the ANAO has identified instances on [sic] non-compliance.’ The ACCC further advised the ANAO that ‘there are areas for clarification and improvement of our current Gifts, hospitality and benefits policy and practices.’

4.54 As noted in paragraph 2.148, the ACCC also advised the ANAO in February 2023 that its review of the gifts, benefits and hospitality policy would be brought forward from November 2024 to August 2023.

Appendices

Appendix 1 Australian Competition and Consumer Commission response

Page one of the response from the Australian Competition and Consumer Commission. A summary of the response can be found in the summary and recommendations chapter.

Page two of the response from the Australian Competition and Consumer Commission. A summary of the response can be found in the summary and recommendations chapter.

Appendix 2 Improvements observed by the ANAO

1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of ANAO audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s 2022–23 Corporate Plan states that the ANAO’s annual performance statements will provide a narrative that will consider, amongst other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

  • strengthening governance arrangements;
  • introducing or revising policies, strategies, guidelines or administrative processes; and
  • initiating reviews or investigations.

4. In this context, the below actions were observed by the ANAO during the course of the audit. It is not clear whether these actions and/or the timing of these actions were planned in response to proposed or actual audit activity. The ANAO has not sought to obtain assurance over the source of these actions or whether they have been appropriately implemented. Changes observed include the following.

  • Updates to policies and frameworks, including:
    • Accountable Authority Instructions and the Commissioner and Associate Members Code of Conduct; and
    • policies relating to conflict of interest; senior executive remuneration; the credit card manual; gifts, benefits and hospitality; fraud control plan; and risk management framework.
  • Updated intranet guidance related to probity in procurement and credit cards.
  • Addition of gifts, benefits and hospitality training for new staff and new procurement training made available.
  • Entity-wide assessment of selected internal controls.
  • Revised approach to internal audit and appointment of external provider of internal audit services.
  • Launch of the Policy and Procedure Hub.

Appendix 3 Department of Finance guidance — Ethics and Probity in Procurement: Principles

1. An extract of the Department of Finance’s guidance on Ethics and Probity in Procurement: Principles197 is reproduced below.

1. The principles underpinning ethics and probity in Australian Government Procurement are:

  • Officials must act ethically, in accordance with the APS Values (set out in section 10 of the Public Service Act 1999) and Code of Conduct (set out in section 13 of the Public Service Act 1999), at all times in undertaking procurement.
  • Officials must not make improper use of their position.
  • Officials should avoid placing themselves in a position where there is the potential for claims of bias.
  • Officials must not accept hospitality, gifts or benefits from any potential suppliers.
  • Agencies must not seek to benefit from supplier practices that may be dishonest, unethical or unsafe, which may include tax avoidance, fraud, corruption, exploitation, unmanaged conflicts of interest and modern slavery practices.
  • All tenderers must be treated equitably. This means that all tenderers must be treated fairly - it does not necessarily mean that they are treated equally.
  • Conflicts of interest must be managed appropriately.
  • Probity and conflict of interest requirements should be applied with appropriate and proportionate measures informed by sound risk management principles.
  • Value for money outcomes are best served by effective probity measures that do not exclude suppliers from consideration for inconsequential reasons.
  • Confidential information must be treated appropriately during and after a procurement process.
  • External probity specialists should only be appointed where justified by the nature of the procurement.

Footnotes

1 OECD, OECD Best Practice Principles for Regulatory Policy, The Governance of Regulators [Internet], OECD, 2014, p. 17, available from https://read.oecd-ilibrary.org/governance/the-governance-of-regulators_… [accessed 18 November 2022].

2 ibid., p. 17.

3 ibid., p. 19.

4 An accountable authority can be an individual or a group of individuals (such as a governing board). An accountable authority, whether an individual or a member of a governing board, is also an official under the PGPA Act and is therefore subject to the general duties of officials in sections 25 to 29 of the PGPA Act.

5 In recent years the ANAO has conducted two series of governance audits. These audits assessed the effectiveness of the governance board in public sector entities. These are available on the ANAO’s website from https://www.anao.gov.au/pubs/performance-audit?query=board+governance&items_per_page=10 [accessed 3 March 2023].

6 OECD, OECD Best Practice Principles for Regulatory Policy, The Governance of Regulators [Internet], OECD, 2014, p. 17, available from https://read.oecd-ilibrary.org/governance/the-governance-of-regulators_… [accessed 18 November 2022].

Professor Malcolm K. Sparrow similarly observed in 2000 that: ‘The important features that distinguish regulatory and enforcement agencies from the rest of government are precisely the important features that they share. The core of their mission involves the imposition of duties. They deliver obligations, rather than services. …Their routine use of state authority and coercion distinguishes them from the rest of government and carries its own distinct strategic and managerial challenges.’ Sparrow, M. K., The Regulatory Craft, Brookings Institution Press, Washington DC, 2000, p. 2.

7 OECD, OECD Best Practice Principles for Regulatory Policy, The Governance of Regulators [Internet], OECD, 2014, p. 17, available from https://read.oecd-ilibrary.org/governance/the-governance-of-regulators_… [accessed 18 November 2022].

8 ibid., p. 19.

9 OECD, The Governance of Regulators, Governance of Regulators’ Practices: Accountability, Transparency and Co-ordination [Internet], OECD, 2016, p. 16, available from https://read.oecd-ilibrary.org/governance/governance-of-regulators-prac… [accessed 18 November 2022].

10 An accountable authority can be an individual or a group of individuals (such as a governing board). An accountable authority, whether an individual or a member of a governing board, is also an official under the PGPA Act and is therefore subject to the general duties of officials in sections 25 to 29 of the PGPA Act.

11 Auditor-General Report No. 43 2021–22 Effectiveness of the Management of Contractors — Department of Defence, pp. 16–22.

This was one of a series of three performance audits — in the Department of Defence, the Department of Veterans’ Affairs and Services Australia — which examined the management of contractors by Australian Public Service (APS) agencies. Chapter 5 of this audit report set out high-level observations and key messages for all APS agencies, including in respect to the application of ethical and personnel security requirements to the contractor workforce. The ANAO observed in paragraphs 5.4–5.5 that individual agencies determine the extent to which the ethical and integrity frameworks that apply to APS employees (which include the ethical requirements of the PS Act and the PGPA Act) also apply to contractors and other non-APS personnel engaged by the agency. These decisions are captured in, and managed through, contracts. This discretionary approach applies in an agency operating environment where a large number of contractors are doing work in and as part of the operations of APS agencies, alongside APS personnel, as part of a mixed workforce. On that basis, the rationale for a discretionary approach is not clear. One risk of adopting a discretionary approach is that it may give rise to unequal behavioural expectations across personnel types within workplaces, and the risk of inconsistent management of personnel behaviours.

12 The PGPA Act Flipchart and List published by the Department of Finance (Finance) provides a summary of all non-corporate and corporate Commonwealth entities and companies. These resources are available from https://www.finance.gov.au/government/managing-commonwealth-resources/structure-australian-government-public-sector/pgpa-act-flipchart-and-list [accessed 6 April 2023].

13 Department of Finance, PGPA Glossary [Internet], available from https://www.finance.gov.au/about-us/glossary/pgpa/term-ethical [accessed 23 May 2023].

The glossary includes the following definition of ethical:

(in relation to the proper use of public resources) The extent to which the proposed use is consistent with the core beliefs and values of society. Where a person behaves in an ethical manner it could be expected that a person in a similar situation would undertake a similar course of action. For the approval of proposed commitments of relevant money, an ethical use of resources involves managing conflicts of interests, and approving the commitment based on the facts without being influenced by personal bias. Ethical considerations must be balanced with whether the use will also be efficient, effective and economical. [emphasis in original]

14 Department of Finance, Ethics and Probity in Procurement: Principles [Internet], 17 May 2021, available from https://www.finance.gov.au/government/procurement/buying-australian-government/ethics-and-probity-procurement [accessed 9 February 2023].

15 Corporate Commonwealth entities are legally separate from the Commonwealth. The Finance Flipchart recorded that there were 100 non-corporate Commonwealth entities and 72 corporate Commonwealth entities as at 6 March 2023.

16 Department of Finance, Commonwealth Grants Rules and Guidelines 2017 [Internet], Finance, available from https://www.finance.gov.au/government/commonwealth-grants/commonwealth-grants-rules-and-guidelines [accessed 21 November 2022].

The Australian Government grants policy framework applies to all non-corporate Commonwealth entities subject to the PGPA Act.

17 Department of Finance, Commonwealth Procurement Rules [Internet], Finance, 1 July 2022, available from https://www.finance.gov.au/government/procurement/commonwealth-procurement-rules [accessed 21 November 2022].

Officials from non-corporate Commonwealth entities and prescribed corporate Commonwealth entities listed in section 30 of the PGPA Rule must comply with the Commonwealth Procurement Rules when performing duties related to procurement.

18 Department of Finance, Australian Government Guidelines on Information and Advertising Campaigns by non-corporate Commonwealth entities. Interim Guidelines were in effect from July 2022, available from https://www.finance.gov.au/government/advertising/australian-government-guidelines-information-and-advertising-campaigns-non-corporate-commonwealth-entities [accessed 21 November 2022]. Non-corporate Commonwealth entities under the PGPA Act must comply with the Guidelines.

19 Attorney-General’s Department, Protective Security Policy Framework (PSPF) [Internet], AGD, available from https://www.protectivesecurity.gov.au/ [accessed 21 November 2022].

The PSPF applies to non-corporate Commonwealth entities subject to the PGPA Act to the extent consistent with legislation. The PSPF represents better practice for corporate Commonwealth entities and wholly-owned Commonwealth companies under the PGPA Act. Non-government organisations that access security classified information may be required to enter into a deed or agreement to apply relevant parts of the PSPF for that information.

20 Department of the Prime Minister and Cabinet, Government Guidelines for Official Witnesses before Parliamentary Committees and Related Matters – February 2015 [Internet], PM&C, available from https://www.pmc.gov.au/resource-centre/government/government-guidelines-official-witnesses-parliamentary-committees-and-related-matters-february-2015 [accessed 21 November 2022].

The guidelines state that they are ‘designed to assist departmental and agency officials, statutory office holders and the staff of statutory authorities in their dealings with the parliament. The term ‘official’ is used throughout the Guidelines; it includes all persons employed by the Commonwealth who are undertaking duties within a Commonwealth department or agency (whether employed under the PS Act or other legislation) and those in government business enterprises, corporations and companies. It is recognised, however, that the role and nature of some statutory office holders and their staff will require the selective application of these Guidelines, depending on the individual office holder’s particular statutory functions and responsibilities.’

21 Attorney-General’s Department, Australian Government Register of Lobbyists and Lobbying Code of Conduct [Internet], AGD, available from https://www.ag.gov.au/integrity/australian-government-register-lobbyists [accessed 21 November 2022].

Under the code, Australian Government representatives must only meet with third-party lobbyists who are registered. Under the code Australian Government representatives include an agency head or a person employed under the PS Act, a person engaged as a contractor or consultant by an Australian Government agency whose staff are employed under the PS Act, and a member of the Australian Defence Force.

22 Department of the Prime Minister and Cabinet, Guidance on Caretaker Conventions 2021 [Internet], PM&C, available from https://www.pmc.gov.au/resource-centre/government/guidance-caretaker-conventions [accessed 21 November 2022].

The guidance states that: ‘The conventions and practices have developed primarily in the context of the relationship between ministers and their departments (and executive agencies since the commencement of the PS Act). The relationship between ministers and other Australian Government entities and bodies, such as statutory authorities and government companies, varies depending on the specific body. All bodies should observe the conventions and practices, unless doing so would conflict with their legal obligations or compelling organisational requirements.’

23 Department of Finance, Commonwealth Risk Management Policy [Internet], Finance, 1 January 2023, available from https://www.finance.gov.au/about-us/news/2022/revised-commonwealth-risk-management-policy-2023 [accessed 1 February 2023].

The Policy was developed to support section 16 of the PGPA Act, which requires accountable authorities to maintain systems of risk oversight, management and internal control. The Policy is mandatory for all non-corporate Commonwealth entities and recommended as best practice for corporate Commonwealth entities.

24 Attorney-General’s Department, Commonwealth Fraud Control Framework [Internet], AGD, available from https://www.counterfraud.gov.au/library/commonwealth-fraud-control-framework [accessed 21 November 2022].

The Framework comprises three tiered documents — the fraud rule, fraud policy and fraud guidance — with different binding effects for corporate and non-corporate Commonwealth entities. Non-corporate Commonwealth entities must comply with the fraud rule and fraud policy. The fraud guidance is not binding, however the government considers the guidance to be better practice and expects entities to follow it where appropriate.

25 For example, Element Three of the 2023 Commonwealth Risk Management Policy states that ‘Culture is shaped by the behaviours and attitudes of leaders. The desired culture for managing risk should be clearly defined and demonstrated by the executive in a form that is communicated and actively promoted to staff. An entity’s internal policies should also be aligned to its desired culture.’ The fraud guidance under the Commonwealth Fraud Control Framework states that accountable authorities play a key role in setting the ethical tone within their entities, and fostering and maintaining a culture of fraud awareness and prevention.

26 Established under the Law Enforcement Integrity Commissioner Act 2006 (LEIC Act), the Australian Commission for Law Enforcement Integrity (ACLEI) oversees the integrity of Australian Government law enforcement agencies and selected regulators. The Integrity Commissioner investigates allegations of corruption involving current or former staff members of the Australian Competition and Consumer Commission (ACCC); Australian Prudential Regulation Authority (APRA); and Australian Securities and Investments Commission (ASIC).

Australian Commission for Law Enforcement Integrity, About the Commission [Internet], available from https://www.aclei.gov.au/about-aclei/about-commission [accessed 23 November 2022].

In November 2022 the Australian Parliament passed legislation to establish a new National Anti-Corruption Commission (NACC), with jurisdiction over the Commonwealth public sector as a whole. ACLEI will be subsumed into the NACC. The NACC is expected to begin operations in mid-2023.

On 9 December 2022 ACLEI launched a Commonwealth Integrity Maturity Framework to assist Commonwealth entities to assess and plan to improve their integrity systems in preparation for the commencement of the NACC.

Australian Commission for Law Enforcement Integrity, Commonwealth Integrity Maturity Framework [Internet], available from https://www.aclei.gov.au/preventing-corruption/commonwealth-integrity-maturity-framework [accessed 1 February 2023].

27 The Australian Public Service Commission (APSC) reported that in 2020–21, 97 Australian Government entities employed staff under the PS Act.

Australian Public Service Commission, State of the Service Report 2020-21 [Internet], APSC, available from https://www.apsc.gov.au/initiatives-and-programs/workforce-information/research-analysis-and-publications/state-service/state-service-report-2020-21/appendix-2-aps-agencies [accessed 18 November 2022].

28 Australian Public Service Commission, APS Values and Code of Conduct in practice [Internet], APSC, 13 September 2021, available from https://www.apsc.gov.au/publication/aps-values-and-code-conduct-practice [accessed 18 November 2022].

29 Australian Public Service Commission, Fact sheet: Defining Integrity [Internet], APSC, 9 December 2021, available from https://www.apsc.gov.au/node/1532 [accessed 20 November 2022].

30 Australian Public Service Commission, Integrity in the APS [Internet], APSC, 8 December 2021, available from https://www.apsc.gov.au/working-aps/integrity [accessed 20 November 2022].

31 Australian Public Service Commission, Declaration of interests [Internet], APSC, 7 March 2019, available from https://www.apsc.gov.au/working-aps/integrity/integrity-resources/declaration-interests [accessed 20 November 2022].

32 Australian Public Service Commission, Guidance for Agency Heads–Gifts and Benefits [Internet], APSC, available from https://www.apsc.gov.au/working-aps/integrity/integrity-resources/guidance-agency-heads-gifts-and-benefits [accessed 20 November 2022].

33 AAIs are written instruments that may be issued by the accountable authority to instruct officials on matters relating to the PGPA Act framework. AAIs assist accountable authorities in meeting their general duties under the PGPA Act and establishing appropriate internal controls for their entity.

Finance guidance on AAIs is available from https://www.finance.gov.au/government/managing-commonwealth-resources/managing-risk-internal-accountability/duties/risk-internal-controls/accountable-authority-instructions-aais-rmg-206 [accessed 18 November 2022].

34 Auditor-General Report No. 21 2019–20 Probity Management in Rural Research and Development Corporations, p. 17.

35 Australian Competition and Consumer Commission, ACCC and AER Corporate Plan 2022–23 [Internet], ACCC, p. 5, available from https://www.accc.gov.au/publications/corporate-plan-priorities/corporate-plan-2022-23 [accessed 22 January 2023].

36 The ACCC was established as a body corporate under subsection 6A(2) of the CCA. However, pursuant to subsection 6A(1) of the CCA, the ACCC is taken to be a non-corporate Commonwealth entity for the purposes of the finance law. Section 8 of the PGPA Act provides that ‘finance law’ means the PGPA Act, or the rules made under section 101 of the PGPA Act, or any instrument made under the PGPA Act, or an Appropriation Act.

37 Under section 44AG of the CCA Act, the AER consists of two Commonwealth members and three state or territory members, all of whom are appointed by the Governor-General. The 2022–23 ACCC and AER Corporate Plan states that the AER is ‘responsible for regulating wholesale and retail energy markets, and energy networks, under national energy legislation and rules.’

38 Associate members can also be deemed by the Chair of the ACCC to be members of the ACCC for the purpose of deciding certain matters before the Commission.

39 The ACCC’s Code of Conduct for Commission Members and Associate Members states that:

The ACCC has had Associate Members from the Australian Energy Regulator (AER), the New Zealand Commerce Commission (NZCC) and the Australian Media and Communications Authority (ACMA). Associate Members engage in ACCC committee deliberations on areas of common regulatory interest.

The ACCC advised the ANAO in February 2023 that ‘AER members do not ordinarily participate in deciding matters before the Commission.’

40 There is a separate position of ACCC CEO (called ACCC Chief Operating Officer prior to 25 January 2022), with broader responsibilities under the ACCC’s governance structure. In the ACCC’s financial statements, the ACCC CEO is identified as one of the ACCC’s Key Management Personnel and the AER CEO is not.

41 ACLEI provides oversight in relation to the integrity of Australian Government law enforcement agencies. According to its website, ACLEI’s key activities are to:

  • detect corruption and enhance ACLEI partner agencies’ capability to detect corruption;
  • receive and assess notifications and referrals of alleged corrupt conduct by members of law enforcement agencies;
  • conduct investigations into serious and systemic corrupt conduct;
  • support partner law enforcement agencies to conduct their own investigations; and
  • prevent corruption through engagement, support and identification of vulnerabilities.

Australian Commission for Law Enforcement Integrity, About the Commission [Internet], ACLEI, available from https://www.aclei.gov.au/about-aclei/about-commission [accessed 21 November 2022].

42 Other Australian Government entities subject to ACLEI’s jurisdiction include the Australian Criminal Intelligence Commission, Australian Federal Police, Australian Prudential Regulation Authority, Australian Securities and Investments Commission, Australian Taxation Office, Australian Transaction Reports and Analysis Centre, Department of Agriculture, Water and the Environment and Department of Home Affairs (including the Australian Border Force).

43 See for example, reports of the House of Representatives Standing Committee on Economics relating to:

44 In recent years the ANAO has conducted two series of governance audits. These audits assessed the effectiveness of the governance board in public sector entities. These are available on the ANAO’s website from https://www.anao.gov.au/pubs/performance-audit?query=board+governance&items_per_page=10 [accessed 3 March 2023].

45 Australian Public Service Commission, APS Values and Code of Conduct in practice [Internet], 13 September 2021, available from https://www.apsc.gov.au/publication/aps-values-and-code-conduct-practic… [accessed 2 November 2022].

46 Section 8A of the Competition and Consumer Act 2010 (CCA) provides for the Minister to appoint Associate Members to the ACCC. Section 8AB of the CCA states that ‘an AER member is taken to be an Associate Member of the Commission during the period for which he or she is an AER member.’

47 Paragraph 1.16 of this audit outlines how AER Board members come to be Associate Members of the ACCC.

48 The Members’ Code of Conduct states that:

Full-time members should normally avoid holding shares directly. If a full-time member proposes to hold shares directly, they should consult the Chair and exercise careful personal judgement in respect of such transactions to ensure that any financial dealings do not raise an actual or perceived conflict with the functions of that member.

The Members’ Code of Conduct distinguishes between ‘full-time’ ACCC Members and Associate Members (see paragraph 2.4 of this audit). The wording of this stipulation indicates that it does not apply to AER Board members. There are no equivalent requirements for AER Board members.

49 The Members’ Code of Conduct states that:

Members (excluding Associate Members) are not permitted to engage in any paid employment outside the duties of their office without the consent of the Minister (s. 13 of the CCA). The Governor-General can terminate the appointment of a member who, without the consent of the Minister, engages in any paid employment outside the duties of the office.

There are no equivalent requirements for AER Board members. Section 44AX of the CCA provides that:

(1) A full-time AER member must not engage in paid employment outside the duties of the member’s office without the Minister’s consent.

(2) A part-time AER member must not engage in any paid employment that conflicts or could conflict with the proper performance of the member’s duties.

50 The Members’ Code of Conduct states that ‘Commissioners should inform the Chair on an annual basis – by 30 June – of all their relevant interests.’ The wording of this stipulation indicates that it does not apply to AER Board members and there are no equivalent requirements for AER Board members.

51 The Members’ Code of Conduct states that:

Members who commence discussions with potential employers should be aware that this can give rise to real or perceived conflicts of interest, and if any arise through such discussions they should be disclosed in the manner outlined above for interests generally. Commissioners should inform the Chair of the fact and nature of the discussions. In the case of the Chair, the Minister should be informed.

Similar to footnote 48, the Members’ Code of Conduct distinguishes between ACCC Commissioners and Associate Members. The wording of this stipulation indicates that the requirement to inform the Chair does not apply to AER Board members. There are no equivalent requirements for AER Board members.

52 Section 44AX of the CCA addresses outside employment by full-time and part-time AER Board members and section 44AY establishes requirements for disclosure of interests by AER Board members.

53 The Members’ Code of Conduct states that:

Associate Members should adhere to the gifts and hospitality policy of their home agency where applicable, and defer to the ACCC policy as appropriate.

The ACCC Gifts and Hospitality Policy includes more detailed requirements to be followed by Commissioners, Associate Members and employees. All members should be aware of their reporting obligation under the ACCC Gifts and Hospitality Policy and the subsequent publication on the ACCC website of gifts, hospitality or benefits that are accepted.

The ACCC’s gifts, benefits and hospitality policy does not mention Associate Members and offers of gifts, benefits and hospitality accepted by AER Board members are published on the AER website, not the ACCC website.

54 The ACCC had 14 divisional business plans in 2021–22, five of which identified conflict of interest related risks. These were: Competition Division; Corporate Division; Mergers, Exemptions and Digital Division; Merger and Authorisation Review Division; and Specialised Enforcement and Advocacy Division.

55 Section 17 of the CCA establishes requirements relating to disclosure of interests by the ACCC Chairperson and section 17A establishes requirements for ‘Disclosure of certain interests by members of the Commission when taking part in determinations of matters’.

56 See footnote 52.

57 The 2022 conflict of interest policy states that a self-assessment must also be completed if:

  • there is a change in duties that may be relevant to the identification of real, perceived or potential conflict of interest, this includes where the employee moves work area.
  • there is a change to interests that may be relevant to the identification of real, perceived or potential conflict of interest. For instance, financial interests may change where an employee makes an investment and personal interests may change where the employee commences a new relationship.

The 2016 conflict of interest policy contains these requirements; the 2022 policy expanded this section to provide examples.

58 The 2016 conflict of interest policy noted that issues should be brought to the Chief Operating Officer’s (COO’s) attention, which was updated to the CEO in the 2022 policy.

59 The 13 areas included: managers do not receive specialised training in identifying conflicts of interest; in practice, SES employees face little administrative consequence for failing to submit an updated SES Disclosure Form; there are no formal procedures for verifying that an SES employee’s management plan has been implemented; committee secretariats are unable to effectively regulate SES employees’ access to documentation and attendance at committee meetings; the People and Culture Branch lacks access to the data on SES employees’ conflicts of interest that they are required to supply to the audit committee; and the ACCC’s current system for managing conflicts of interest is not financially sustainable.

60 This was due to the cost of making minor modifications to the conflict of interest declaration module and difficulty extracting data to use internally, for example, by committee secretariats.

61 These were: the ACCC centralise responsibility for managing SES employees’ conflicts of interest; the Conflicts of Interest Policy should mandate the creation and storage of more extensive conflict of interest records; SES officers should be required to complete an online ‘refresher course’ on conflicts of interest before updating their material personal interests; and managers should be required to complete a specialised online course on identifying and managing conflicts of interest each year.

62 This includes sections 17 and 17A of the CCA, and section 29 of the PGPA Act. There are no references to section 44AY of the CCA, which establishes specific conflict of interest requirements for AER Board members.

63 As noted in footnote 50, the processes for disclosing interests set out in the Members’ Code of Conduct only relate to ACCC Commissioners.

64 The ACCC’s Executive Office provides secretariat support to the ACCC Commission and management committees.

65 K M Hayne, Final Report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry [Internet], p. 443, available from https://www.royalcommission.gov.au/banking [accessed 11 April 2023].

66 Joint Committee on Corporations and Financial Services, Statutory Oversight of the Australian Securities and Investments Commission, the Takeovers Panel and the Corporations Legislation, Report No. 1 of the 45th Parliament, February 2019, p. 54, paragraph 3.49, available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Corporat… [accessed 30 October 2022].

67 ibid., p. 31, paragraph 3.24.

68 The ACCC and AER Paid and Unpaid Other Employment Policy sets out expectations for employees engaging in other employment.

69 Sometimes entities are provided with a Statement of Expectations from their Minister. These statements generally outline the Minister’s key priorities and set out the government’s expectations for the entity, including the priorities it is expected to observe in conducting its operations. Entities then respond to their Minister as to how they intend to deliver the identified priorities through a Statement of Intent.

The Statement of Expectations (March 2022) is available on the ACCC website from https://www.accc.gov.au/system/files/ACCC%20Statement%20of%20Expectations%20March%202022.pdf [accessed 28 March 2023].

The ACCC advised the ANAO in April 2023 that:

The previous government issued a Statement of Expectation in March 2022 following the appointment of … ACCC Chair and just prior to the 2022 election.

Following the subsequent change in government, the ACCC engaged with the new Treasurer and received confirmation that the Statement of Expectation would not be amended. The ACCC commenced preparation of a new Statement of Intent soon after and is in the process of finalising this document. The process has required additional time but will be published in the first half of 2023.

No statement of expectation was issued to the ACCC between 2014 and March 2022 (when the current statement of expectation was issued).

The Statement of Intent (December 2020) is available on the ACCC website from https://www.accc.gov.au/system/files/ACCC%20-%20Statement%20of%20intent%20-%20Telecommunications.pdf [accessed 21 April 2023].

70 The PGPA Act is supported by the PGPA Rule. The PGPA Rule prescribes a range of matters that are necessary or convenient to be prescribed for the purposes of carrying out or giving effect to the PGPA Act. Sections 16E and 27A of the PGPA Rule set out the matters that the accountable authority must include in the entity’s corporate plan.

71 See section 16E of the PGPA Rule.

PGPA Rule 2014 [Internet], available from https://www.legislation.gov.au/Details/F2022C01102 [accessed 9 March 2023].

72 Australian Competition and Consumer Commission, ACCC and AER Corporate Plan 2022–23 [Internet], ACCC, p. 5, available from https://www.accc.gov.au/publications/corporate-plan-priorities/corporate-plan-2022-23 [accessed 22 January 2023].

73 ibid., p. 9.

74 In the November 2022 Enterprise Risk Register the risk is stated as ‘Serious findings of a lack of integrity, or inadequate compliance and assurance systems, damages the agency’s reputation as an effective regulator with the Australian Government and other key stakeholders, resulting in reduced funding and/or responsibilities, and reduced credibility as a regulator.’

75 The ANAO reviewed the extent to which regulatory capture risk was reflected in the ACCC’s key external corporate documents and internal risk documentation as part of reviewing, at a high level, whether the ACCC had identified regulatory capture as an enterprise risk.

76 As noted in paragraph 2.17, the November 2022 conflicts of interest policy states that it applies to ‘all ongoing and non-ongoing employees, including SES’ and that there are separate policies and arrangements for ACCC Commissioners, AER Board members and contractors.

77 The policy requires an application for exemption which sets out all relevant circumstances and the reasons an exemption is sought. The policy states that:

In deciding whether to grant an exemption, the ACCC CEO will have regard to the information that the staff member has had access to in the course of their duties or otherwise in their employment with the ACCC, including the nature of that information and whether it is market sensitive at the time of the exemption request.

78 See paragraphs 2.6 to 2.11 for a broader discussion of the inclusion, in the Members’ Code of Conduct, of requirements applying to ACCC Commissioners but not to AER Board members.

79 ACCC documentation states that ‘the purpose of the review was to advise in relation to whether the agency has appropriate and practical risk controls in place to minimise the risk of unauthorised disclosure of confidential information and to make recommendations as needed.’

80 Two examples provided by the ACCC’s ‘Guidance on security classification 2019’ are ‘market sensitive information’ and ‘staff paper, commission paper or ESB [Energy Security Board] briefing material which cites sensitive information’.

81 The PSPF was introduced to help Australian Government entities protect their people, information and assets. The PSPF sets out security requirements applicable to Australian Government entities.

82 The ACCC advised the ANAO in February 2023 that: the monthly information security report is sent to the Chief Security Officer and General Manager, People and Culture; and more serious issues identified in the report will also be escalated to the CEO.

83 ACCC documentation states that ‘a security incident is anything considered a significant breach in policy. This could include things such as forwarding particularly sensitive documents to a personal mailbox or malware breaches.’

84 Prior to this policy the ACCC had a ‘Remuneration and benefits policy’ for substantive SES. This policy was introduced in July 2021 and updated in August 2021.

85 The objectives of the policy are to: attract, motivate and retain high-performing SES officers, reward high-performance, achieve ACCC/AER strategic objectives, and maintain relativity with the broader APS SES and open market as far as practicable.

86 The report is available from https://www.apsc.gov.au/remuneration-reports/australian-public-service-remuneration-report-2021 [accessed 2 February 2023].

The APS Remuneration Report is produced annually by the APSC. The report presents a summary of remuneration paid to APS employees under the PS Act as of 31 December each year.

87 The ‘General 24.1 Determination’ refers to a determination made under section 24 of the PS Act. The determination sets out the terms and conditions of employment for ACCC’s senior executives. In addition to the general s.24 determination each ACCC senior executive has an individual determination that sets out requirements specific to them. Prior to the introduction of the general determination, the terms and conditions for each SES were contained in individual s.24 agreements.

88 For example, section 21 of the PGPA Act provides that the accountable authority of a non-corporate Commonwealth entity must govern the entity in a way that is not inconsistent with the policies of the Australian Government.

89 The suspension applied to general wage increases and, where applicable, performance-based increment progression plus payment of discretionary SES bonuses.

Australian Public Service Commission, Australian Public Service Remuneration Report 2021 [Internet], APSC, p. 2, available from https://www.apsc.gov.au/sites/default/files/2022-08/Australian%20Public%20Service%20-%20Remuneration%20Report%202021%20-%20Accessible.pdf [accessed 28 October 2022].

90 ibid.

91 Australian Public Service Commission, Performance Bonus Guidance [Internet], APSC, 13 August 2021, p. 2, available from https://www.apsc.gov.au/circulars-guidance-and-advice/performance-bonus… [accessed 28 October 2022].

92 ACCC documentation states that:

In 2019, ACCC SES base salaries were below the APS average for their classification. However, when taking into account all remuneration components (i.e. superannuation, allowances and bonuses), the median paid ACCC SES is better remunerated than at least 75% of SES in the APS at their classification … Recently there has been considerable interest in the remuneration paid to APS and non-APS senior executives in Australia. ACCC SES remuneration is inconsistent with how SES are remunerated across the broader APS … The ACCC has not changed components for SES remuneration in over a decade. However, [for] SES officers, the superannuation funds they chose to contribute to and taxation laws have all changed significantly since this time.’

In addition, the ACCC identified that in 2019 ACCC performance payments accounted for 30 per cent of all performance payments in the APS by value.

93 The roll-in of performance pay into base salary was to occur from 1 July 2021 and the roll-in of other allowances from 1 July 2022. The ACCC advised the ANAO that its SES had been permitted to roll-in up to $10 000 of their business allowance into base salary since 2018–19.

94 ACCC documentation states that:

The gross roll-in amount was determined by calculating a Senior Executive Officer’s average performance rating/percentage from the Jul-Dec 2019, Jan-June 2020 and July-Dec 2020 periods. i.e. (7% + 7% + 7.5%)/3 = 7.2% average … Where a Senior Executive Officer is eligible for performance pay but has not received performance pay previously, 7% was used as their average performance rating/percentage … Where a Senior Executive Officer has received performance pay previously, but not for all 3 periods, each instance was considered on a case-by-case basis to take into account the individual circumstances … The Senior Executive Officer’s average performance rating/percentage was then multiplied by their current base salary to determine the gross roll-in amount. i.e. $195,000 x 7.2% = $14,040.

The ACCC advised the ANAO that the average performance pay for Executive Group Managers who had received it over a three year period ranged between eight and nine per cent and for Group Managers the average ranged between 7.5 and nine per cent, and that given the flow-on impacts increasing base salaries had on superannuation benefits, further adjustments were made to ensure that the roll-in of the performance pay percentage was on an overall cost neutral basis to the agency.

95 The determination also states:

For an SES Band 1 employee, their relevant EGM [Executive Group Manager], the AER CEO (where applicable) and the COO must endorse the review.

For an SES Band 2 employee, the AER CEO (where applicable) and COO must endorse the review.

For an SES Band 3 employee, the COO (where applicable), AER Chairperson (where applicable) and ACCC Chairperson must endorse the review.

The ACCC Chairperson is the delegate for all SES remuneration reviews.

96 This was consistent with the Public Service Workplace Relations Policy 2020.

97 ACCC documentation indicates that the ACCC has some non-SES employees with SES equivalent remuneration under ACCC Individual Flexibility Arrangements (IFAs). ACCC documentation indicates the ACCC Chair was provided with the names, classification, division, IFA category and total remuneration for 15 non-SES employees with SES equivalent remuneration who would receive the 1.7 per cent general base salary increase.

98 ACCC documentation indicates that the APSC’s Executive Remuneration Management Policy provides APS agency heads (such as the ACCC Chair) with the ability to approve an APS employee’s total remuneration up to a notional amount. The notional amount is 65 per cent of the lowest pay point of the Secretaries’ classification structure. Agency heads are required to obtain approval from the APSC Commissioner before they offer any SES or non-SES employee a remuneration package valued in excess of the notional amount. ACCC documentation indicates that to ensure the ACCC COO’s remuneration remained below the notional amount, the ACCC COO would be excluded from any general base salary increase in 2021–22.

99 The increase also applied to non-SES personnel with an Individual Flexibility Arrangement. The ACCC advised the ANAO that the ACCC CEO was excluded from this process.

100 The ACCC advised the ANAO that both the SES and the CEO pay increases came into effect on 21 December 2022.

101 Department of Finance, Commonwealth Procurement Rules [Internet], Finance, 1 July 2022, p. 11, paragraph 4.4, available from https://www.finance.gov.au/government/procurement/commonwealth-procurement-rules [accessed 21 November 2022]. The CPRs are subject to periodic update.

102 ibid., p. 15, paragraph 6.5.

103 ibid., p. 15, paragraph 6.6.

Additionally, the Department of Finance has issued guidance outlining 11 principles to support probity in procurement. These are included in Appendix 3 of this audit report.

104 This includes that the level of detail and documentation required should be appropriate to the level of risk and complexity of the procurement.

105 This includes the principles discussed in footnote 103 and Appendix 3 of this audit report.

106 In March 2023 the ACCC advised the ANAO that:

As an economy-wide regulator, the ACCC regulates and closely engages with a broad range of businesses. The ACCC is cognisant when procuring goods and services that the industries it regulates comprise a range of essential suppliers. It would be impractical to exclude as a general rule procurement with businesses that the ACCC regulates.

Any procurement risk is substantially mitigated by the fact that many procurements involving such industries or entities are required to be managed at the whole of government level – for example, whole of government travel arrangements – and/or draw upon whole of government panels (for example, those established by the Digital Transformation Agency).

Furthermore, within the ACCC itself, relevant procurements are typically undertaken at a corporate level rather than the business areas who undertake regulatory oversight of, and engagement with, such industries.

107 The ACCC advised the ANAO in February 2023 that its: ‘Specialist Advice and Services Division (SASD) has the responsibility for establishing and managing the external legal supplier panel. This business area is also responsible for the engagement of external legal services off the Whole of Government Legal Services Panel.’

108 The CDR is an Australian Government initiative aimed at facilitating sharing of consumers’ data held by businesses. According to the ACCC website, the ACCC is responsible for: delivering the enabling technology solutions and software tools used by industry; accrediting Consumer Data Right recipients; providing guidance to participants on CDR rules and standards; and monitoring compliance and enforcing CDR legislation, rules and standards.

Australian Competition and Consumer Commission, The Consumer Data Right [Internet], ACCC, available from https://www.accc.gov.au/focus-areas/the-consumer-data-right [accessed 17 January 2022].

109 The ACCC advised the ANAO in February 2023 that under arrangements with the ACCC’s credit card provider all cash and cash advance transactions are blocked.

110 The value is inclusive of GST and merchant service fee.

Department of Finance, Payment card policy for payments valued below $10,000 [Internet], Finance, July 2022, available from https://www.finance.gov.au/publications/resource-management-guides/supplier-pay-time-or-pay-interest-policy-rmg-417/part-2-payment-card-policy-payments-valued-below-10000 [accessed 1 November 2022].

111 Auditor-General Report No. 8 2016–17 Controls over Credit Card Use, p. 13.

112 As at 22 February 2023, the ACCC had updated guidance on its intranet to explicitly state that contractors are not eligible for a corporate credit card.

113 The applicant must sign both the ACCC’s corporate credit card cardholder agreement and the credit card provider’s cardholder agreement.

114 These include: storing credit cards securely; having regard to the ACCC’s credit card policies and processes; information and examples regarding acceptable and unacceptable transactions, including information that credit cards are not to be used for goods or services for personal use; and drawing supervisor attention when a receipt or tax invoice is unavailable.

115 In February 2023 the ACCC updated its credit card intranet guidance to explicitly state recommended limits. These are: $5,000 for APS 3-6 employees; $10,000 for Executive Level employees; and $10,000 for employees in administrative roles. Any limit over $10,000 requires approval by the Chief Financial Officer.

116 For example, Auditor-General Report No. 1 2021–22 Defence’s Administration of Enabling ServicesEnterprise Resource Planning Program: Tranche 1, paragraphs 4.30 and 4.42, discussed risk relating to positional authority in relation to delegation and time approval arrangements.

117 The review related to ASIC, one of the three Australian Government regulators examined in this ANAO audit series on probity management. The review included recommendations directed to ASIC on its policies relating to the payment of Commissioner expenses and related controls. An abridged public version of the report was released in 2021.

118 Dr Vivienne Thom AM, Abridged report on the review of ASIC governance arrangements [Internet], Department of the Treasury, 28 January 2021, p. 39, available from https://ministers.treasury.gov.au/sites/ministers.treasury.gov.au/files/2021-01/Abridged_ASIC_Governance_Report-for-release_0.pdf [accessed 24 March 2023].

119 ibid., Recommendation 8, pp. 6–7.

120 The ACCC staff review took the form of a submission for the Corporate Governance Board’s 28 April 2021 meeting.

121 The identified strengths were: ‘Have senior SES approving officeholder expenses’ and ‘Senior SES has awareness of finance law requirements’. The identified weaknesses were: ‘Senior SES is subordinate to the Chair (the accountable authority)’ and ‘No additional processes for large and/or sensitive expenses’.

122 The ACCC further advised that:

Commissioners and AER Board members do not have access to approve official’s, including EAs [Executive Assistants], credit card transactions in the Financial Management Information System (FMIS). The FMIS configuration defaults the credit card approver to the cardholder’s supervisor. Commissioners and AER Board members do not have a delegation, nor do they have active authorisation and approval status in the Finance system.

123 Australian Public Service Commission, Guidance for Agency Heads – Gifts and Benefits [Internet], APSC, available from https://www.apsc.gov.au/working-aps/integrity/integrity-resources/guidance-agency-heads-gifts-and-benefits [accessed 16 March 2023].

124 In the policy, ‘ACCC officials’ are the ACCC Commissioners and staff. The ACCC AAIs define officials as including the ACCC Chair, other members and Associate Members, AER Board members and ACCC employees.

125 As noted in paragraph 2.9, the Members’ Code of Conduct refers to gifts, benefits and hospitality. However the advice on the applicability of the ACCC’s gifts, benefits and hospitality policy to AER Board members is not clear.

126 This point is also made in several other places in the ACCC policy.

127 APSC guidance for APS agencies requires agency heads to publicly disclose on their entity website, all gifts or benefits accepted valued at over $100.00 (excluding GST) on a quarterly basis. Although not a requirement, under this guidance there is a strong expectation that agency heads will also publish gifts and benefits received by staff in their agency that exceed the threshold of $100.00 (excluding GST). The ACCC has included these requirements in its policies.

128 The ACCC advised the ANAO that the process includes providing a reminder to Commissioners and their executive assistants to submit their declaration. The ACCC further advised that draft declarations are prepared by executive assistants based on diary access, final declarations are confirmed by Commissioners, and details are provided to the ACCC CEO for approval prior to publication on the ACCC website.

129 The ACCC advised the ANAO that ‘AER Board member declarations are made in a spreadsheet [in] real time’, and executive assistants work with their AER Board members to record details in the spreadsheet. Each quarter information is extracted and compiled in a draft register. The register is reviewed and approved by the AER Executive Director, Corporate and the AER CEO prior to publication on the AER website.

The ACCC further advised the ANAO that in relation to the AER process: ‘In the period 30 June 2020 – 31 December 2021, there was no central spreadsheet. Rather, registers were compiled based on review of diaries by Executive Assistants in consultation with the AER Board members that they support. Due to COVID-19 movement controls, there was very little gifts, benefits and hospitality accepted during this period.’

130 The policy states that:

25. When determining whether to attend an event with hospitality, ACCC officials should consider the following factors:

a. whether the purpose of attendance is directly related to the ACCC’s roles, duties and/or functions and holds value to the ACCC

b. whether the ACCC is speaking or otherwise benefits from representation

c. whether a range of stakeholders will be in attendance.

26. Factors that may weigh against an ACCC official’s attendance at an event with hospitality include:

a. where the purpose of attendance is only indirectly related to the ACCC’s business

b. where there will be limited attendees

c. where the event is sponsored by a private entity

d. where the location could be considered inappropriate.

131 The policy states that ‘all ACCC officials are to refuse … any gift from ACCC suppliers, such as printers, stationery providers, landlords, property or fit-out agents or suppliers.’

132 PGPA Rule 2014 [Internet], available from https://www.legislation.gov.au/Details/F2022C01102 [accessed 9 March 2023].

133 Prior to this version the ACCC had a Fraud Control Plan 2019–23 issued in August 2019.

134 The ACCC AAIs state that ‘officials must act in accordance with the ACCC Fraud Control Plan’. The AAIs define officials as including the ACCC Chair, other members and Associate Members of the Commission, AER Board members and ACCC employees. In February 2023, the ACCC advised the ANAO that:

When the Plan is next reviewed, the ACCC will consider expressly referring to Commissioners and AER Board members to explain that the Plan applies to them as entity officials.

135 Commonwealth Ombudsman, Public interest disclosure (whistleblowing) [Internet], Commonwealth Ombudsman, available from https://www.ombudsman.gov.au/complaints/public-interest-disclosure-whistleblowing [accessed 7 March 2023].

A person must be a current or former ‘public official’ as defined in s 69 of the PID Act, to make a public interest disclosure …

Individuals and organisations that provide goods or services under a Commonwealth contract … and their officers or employees are also public officials for the purposes of the PID Act.

Commonwealth Ombudsman, Agency Guide To The Public Interest Disclosure Act 2013 Version 2 [Internet], Commonwealth Ombudsman, April 2016, p. 4, available from https://www.ombudsman.gov.au/__data/assets/pdf_file/0020/37415/Agency_Guide_to_the_PID_Act_Version_2.pdf [accessed 7 March 2023].

136 Commonwealth Ombudsman, Information for Agencies [Internet], Commonwealth Ombudsman, available from https://www.ombudsman.gov.au/industry-and-agency-oversight/public-interest-disclosure-whistleblowing/information-for-agencies [accessed 7 March 2023].

137 Commonwealth Ombudsman, Agency Guide To The Public Interest Disclosure Act 2013 Version 2 [Internet], Commonwealth Ombudsman, April 2016, p. 2, available from https://www.ombudsman.gov.au/__data/assets/pdf_file/0020/37415/Agency_Guide_to_the_PID_Act_Version_2.pdf [accessed 7 March 2023].

138 Commonwealth Ombudsman, Public interest disclosure (whistleblowing) [Internet], Commonwealth Ombudsman, available from https://www.ombudsman.gov.au/complaints/public-interest-disclosure-whistleblowing [accessed 7 March 2023].

139 A principal officer is the head of an agency or their delegate. The PID Act requires a principal officer to:

  • Appoint a sufficient number of authorised officers to receive internal PIDs in your agency
  • Ensure the authorised officers are accessible to current and former public officials of your agency
  • Establish written PID procedures for your agency and ensure these are accessible
  • Broadly promote the PID scheme to public officials as an effective way to speak up about wrongdoing
  • Promptly act to investigate and address allegations of wrongdoing
  • Delegate powers and responsibilities as are necessary for the effective operation of the PID scheme
  • Influence an organisational culture that supports public officials who speak up about wrongdoing and does not tolerate reprisal against them
  • Drive change to address problems uncovered through the investigation of internal PIDs [emphasis in original]

Commonwealth Ombudsman, Public Interest Disclosure Scheme Reference Guide [Internet], Commonwealth Ombudsman, p. 1, available from https://www.ombudsman.gov.au/__data/assets/pdf_file/0024/37428/pid_reference_guide.pdf [accessed 7 March 2023].

140 An ‘authorised officer is a public official who belongs to the agency and is either the principal officer or is appointed in writing as such by the principal officer.’

Commonwealth Ombudsman, Agency Guide To The Public Interest Disclosure Act 2013 Version 2 [Internet], Commonwealth Ombudsman, April 2016, p. 16, available from https://www.ombudsman.gov.au/__data/assets/pdf_file/0020/37415/Agency_Guide_to_the_PID_Act_Version_2.pdf [accessed 7 March 2023].

Amongst other things, authorised officers provide advice to public officials about PIDs and assess whether allegations of wrongdoing constitute a PID.

141 Relevant policies are those related to the probity risks outlined in the audit scope section of Chapter 1 of this audit (see paragraph 1.27).

142 See Appendix 2 of this audit report for examples of policies updated during the period covered by this audit.

143 ACCC employees are required to complete the Employee Induction Program within six weeks of commencing at the ACCC. The course includes modules that must be completed: within one week (including security awareness and corporate induction modules); within three weeks (including fraud awareness, workplace health and safety and integrity in the APS); and within six weeks (including managing confidential information, Commonwealth Resource Management Framework and public interest disclosures).

A separate Contractor Induction Program contains different training requirements and timeframes, depending on whether the contract period is: less than four weeks; four weeks to three months; or more than three months. The courses are largely the same as those for employees.

144 Examples include training for employees new to supervising staff and training for employees involved in recruitment processes.

145 The ACCC advised the ANAO in February 2023 that the 24 month requirement applies from the time of the introduction of the Essentials Program for existing employees, or within 24 months of commencement for employees who joined after the introduction of the Essentials Program.

146 ACCC documentation states that ‘the decision to mandate security training has vastly improved completion rates from less than 25% historically, to now over 98%’. Reporting of mandatory security training completion rates in December 2022 found that the training was overdue for six per cent of personnel.

147 The recommendations were that ‘SES employees should be required to complete an online ‘refresher course’ on conflicts of interest before updating their material personal interests’ and ‘Managers should be required to complete a specialised online course on identifying and managing conflicts of interest each year’.

148 The ACCC advised the ANAO that ‘The CEO has committed to designating an SES officer to be Chief Integrity Officer by the end of 2022.’ On 6 February 2023 the ACCC’s Executive Management Board endorsed the establishment of an Integrity Advisory Group and the role of Chief Integrity Officer.

149 The risk, which in November 2022 was identified as being above an acceptable level, is:

Serious findings of a lack of integrity, or inadequate compliance and assurance systems, damages the agency’s reputation as an effective regulator with the Australian Government and other key stakeholders, resulting in reduced funding and/or responsibilities, and reduced credibility as a regulator.

150 In December 2022, the ACCC advised the ANAO that:

Automated reporting of Essential program training completions/compliance will be progressed in a future phase of the Strategic Capability team’s data work.

  • Reporting will likely capture self-reported plans and completions via Aurion.
  • As the program was launched in June 2022, data from Aurion forms will be available at the end of the 22/23 performance cycle (July/August 2023).
  • Work is being done with … [the] system provider, to enable managers to see real time completion data for their employees and to better manage compliance locally.

151 ACCC documentation indicates that the ACCC planned to undertake three internal audits in 2020–21, however the ACCC considered the expected benefits of the third audit had reduced and resources for the third audit were reallocated to assist in the update to enterprise risks.

152 iManage is the ACCC’s electronic document and records management system.

153 In May 2022, the ACCC Audit Committee was renamed the ACCC Audit and Risk Committee.

154 The ACCC and AER Internal Audit Strategy 2019–23 stated that the budget for internal audits was approximately $105,000. As noted in paragraph 3.8 and footnote 157, in August 2022 the ACCC commenced a two year contract with an external provider of internal audit services with a value of $353,489.40 ($176,744.70 per year).

155 One of the six risks was the risk of ‘Confidentiality breach: unauthorised release of, or access to, confidential information’. This was discussed in paragraph 2.63.

156 Three of the other risks were rated as ‘high’, one as ‘medium/high’ and three as ‘medium’.

157 The contract value recorded on AusTender is $353,489.40.

158 The committee was advised in November 2022 that the IAWP would be presented to it for endorsement in February 2023. ACCC records indicate that in February 2023 the IAWP was presented to the committee for noting.

159 Additional deliverables for 2022–23 included development of the Internal Audit Work Plan and a business continuity testing exercise.

160 An additional deliverable for 2023–24 is the review and updating of the 2023–24 internal audit program.

161 ACCC documentation indicates that the Executive Management Board is consulted on potential audit topics and informed of audits commissioned/commencing.

162 The assessment was confined to the ACCC’s internal compliance activities.

163 The report to the Corporate Governance Board on 22 June 2022 stated that there were 37 recommendations, however 38 were listed.

164 The control document management system project was to include a framework for the development, management and storage of compliance-related policies, procedures and other similar documents.

165 This is discussed further in paragraphs 3.25 to 3.27.

166 The CDR Internal Governance Board terms of reference state that:

Given its size and risk profile, the Board will manage an audit program focussed on particular issues from budget, procurement, recruitment to overall approach to resourcing. Audits are to be undertaken by an external expert. Audit program to be funded at estimated $150 – 200,000 from CDR budget.

167 The Information Security Manual is established by the Australian Cyber Security Centre, which is part of the Australian Signals Directorate.

168 This review was discussed in paragraphs 2.22 and 2.23.

169 Section 17AG(2)(d) of the PGPA Rule requires entities to include in their annual reports ‘a statement of any significant issue reported to the responsible Minister under paragraph 19(1)(e) of the [PGPA] Act that relates to non-compliance with the finance law in relation to the entity’.

170 The questionnaires ask personnel to indicate whether: they have ‘carried out all procurements in accordance with ACCC policies and the Commonwealth Procurement Rules’; their ‘Corporate Credit Card was only used for work related purposes’; they ‘have disclosed all material personal interests where they could directly impact role or duties’; and they ‘have not improperly used information.’

171 The review was titled ‘legislative compliance assessment’. It also included other sources of compliance obligations such as government policies and resource management guides.

172 The ACCC staff review took the form of a submission for the Corporate Governance Board’s 28 April 2021 meeting.

173 The ANAO did not test the ACCC’s compliance with public interest disclosures.

174 As ACCC Commissioners are engaged under the Competition and Consumer Act 2010, not the Public Service Act 1999 (PS Act), and are not APS employees, the APS Code of Conduct does not automatically apply to them.

175 Where a non-SES employee identifies a potential conflict of interest, the employee is required to complete a disclosure form, which includes a management plan.

176 ACCC documentation indicates the completion date for both groups was originally 31 August 2022 but the completion date for SES forms was brought forward to 31 July 2022.

177 One ACCC Commissioner last completed a declaration in August 2021. The ACCC advised that this Commissioner ‘did not complete a declaration of private interests form in 2022 due to extended personal leave … [and] will complete a declaration of private interests form as part of the 2023 process.’

178 The ACCC advised the ANAO in May 2023 that ‘due to an administrative oversight the signed letter to the Treasurer dated 3 June 2022 detailing the Chair’s pecuniary interests was not sent to the Treasurer’s Office. We have since informed the Treasurer’s Office of the oversight and on 12 May 2023 provided a copy of the signed letter to the Treasurer dated 3 June 2022.’

The previous ACCC Chair last provided an updated declaration to the Minister in October 2013.

179 An SES employee may request a remuneration review once in any two year period.

180 In addition to the general increases for the SES, during the period reviewed by the ANAO, a small number of increment advancements were approved by the ACCC CEO.

181 The increase also applied to non-SES personnel with an Individual Flexibility Arrangement (see footnote 97). The ACCC advised the ANAO that the ACCC CEO was excluded from this process.

182 The ACCC advised the ANAO that both the SES and CEO pay increases came into effect on 21 December 2022.

183 ACCC documentation indicates that this information was based on amounts detailed in the 2021 APS remuneration report.

184 The General 24.1 Determination refers to the COO as it was issued prior to the separate position of ACCC CEO being created on 25 January 2022 (as discussed in footnote 40).

185 While the CPRs contain clear statements regarding the need for ethical behaviour, they do not set out specific operational requirements. Where an accountable authority considers that there is a need for specific operational requirements, this is generally done in the context of accountable authority instructions.

186 These were sample numbers two, three, four and nine.

187 For part of the period subject to audit, there was an acting AER CEO.

188 The ACCC CEO and the AER CEO were selected as key senior executives in relation to managing the entity as they are typically responsible for many of the probity related risks examined in this audit.

189 Standing approval arrangements for ACCC Commissioners are discussed in paragraph 2.109.

190 As discussed in paragraph 4.45, the ANAO was not in a position to test if approvals had been made in accordance with ACCC policy as the registers provided to the ANAO did not record evidence of approval.

191 Staff are only required to make a declaration for a gift, benefit or hospitality that was accepted and with a value of $50 or more.

192 ACCC Commissioners and AER Board members must declare all gifts, benefits and hospitality received.

193 The ACCC’s requirements are summarised in Chapter 2 in Table 2.1 of this audit report.

194 The ACCC further advised that:

Retrospective catch up of public registers for 2020 was considered but rejected because:

  • the timing delay precluded meaningful validation of raw data, increasing the risk of public registers being incorrect/incomplete
  • integrity risks associated with gifts, benefits and hospitality were low in 2020 due [to] COVID-19 impacts for the workplace which reduced the frequency of offers to nil or thereabouts.

195 The 2020 policy on gifts, benefits and hospitality stated that ‘a staff member should seek approval from their supervising SES officer to accept a gift, hospitality or benefit.’ The 2022 policy added that ACCC employees should also document this approval. Both versions of the policy were in effect for the period reviewed in this audit.

196 The ANAO identified one instance where the register recorded that a gift accepted by the ACCC CEO was approved by an SES officer subordinate to the CEO. The issue of positional authority risk is discussed in paragraphs 2.106 to 2.114.

197 Department of Finance, Ethics and Probity in Procurement: Principles [Internet], 17 May 2021, available from https://www.finance.gov.au/government/procurement/buying-australian-government/ethics-and-probity-procurement [accessed 9 February 2023].