The objective of this audit was to assess ARPANSA's management of the regulation of Commonwealth radiation and nuclear activities to ensure the safety of their radiation facilities and sources.
The Australian Radiation Protection and Nuclear Safety Agency (ARPANSA) is charged with protecting the health and safety of people and the environment from the harmful effects of radiation. The chief executive officer (CEO) of ARPANSA has powers to regulate Commonwealth activities involving radiation sources and nuclear facilities, including nuclear installations.
Entities must be authorised under licence if undertaking activities involving radiation sources or facilities.1 A licence is only issued after an application for the proposed activity is determined to be compliant with the Australian Radiation Protection and Nuclear Safety Act 1998 (the ARPANS Act) and the Australian Radiation Protection and Nuclear Safety Regulations 1999 (the ARPANS Regulations).2
Compliance with legislative requirements is monitored by ARPANSA. Where an entity is not compliant with the ARPANS Act and Regulations, ARPANSA has a range of enforcement options available to it to enable the protection of the health and safety of people and the environment from the harmful effects of radiation.
The objective of this audit was to assess ARPANSA's management of the regulation of Commonwealth radiation and nuclear activities to ensure the safety of their radiation facilities and sources.
The audit was undertaken in response to an Order of the Senate requesting that the Australian National Audit Office (ANAO) investigate aspects of ARPANSA's licensing processes.3 The audit examined ARPANSA's:
Managing the regulatory function (Chapter 2)
The establishment of ARPANSA was complicated by late changes to its role and structure through amendments that occurred during the passage of legislation. Further, the size and scope of the regulatory function were underestimated during its planning and implementation. The number of sources was four times more than planned, and the number of facilities nearly three times more.
As a result, full implementation of the regulatory function was delayed.
The Regulatory Branch's operational objectives and activities are numerous, vary considerably in scope, are not prioritised, and are insufficiently specific to be clear or assessable. This risks diffusing both strategic direction and operational implementation.
ARPANSA has quality and quantity measures for the regulatory function. However, the measures do not enable assessment of key regulatory activities, such as licensing timeliness or the extent of compliance by licence holders.
Many regulatory objectives did not have related performance measures. Some measures and targets were no longer relevant, or varied from year to year, inhibiting performance comparisons.
ARPANSA has a risk management framework. Its risk profile focuses on risks to ARPANSA as an entity. It does not identify risks to key regulatory processes, such as unlicensed activity, or non-compliance by licence holders.
ARPANSA's Chief Executive Instructions (CEIs) address management of the potential for conflict of interest between the regulatory function and other functions.
However, overall management of conflict of interest is not sufficient to meet the requirements of the ARPANS Act and Regulations. Key aspects of the instructions, such as maintenance of a register of advices, have not been implemented. As well, the instructions do not require matters of conflict of interest to be documented. Potential areas of conflict of interest are not explicitly addressed or transparently managed. This includes ARPANSA's obligation under the ARPANS Act and Regulations to license itself to operate two facilities, and many sources, to conduct its non-regulatory functions.
ARPANSA has a customer service charter. However, it does not monitor or evaluate performance against the standards of the charter.
ARPANSA has a documented process for recording and actioning complaints. However, the Regulatory Branch does not maintain a complaints register, as required. As well, information on complaints is not managed and assessed for the purpose of monitoring and performance management (including reporting in annual reports).
Management of cost recovery for regulatory activities (Chapter 3)
ARPANSA is required to operate on a user-pays basis, to meet the government's requirements that entities regulated should bear the costs of such regulation. These costs include licensing and monitoring of compliance with the Act and Regulations.
However, ARPANSA does not have a documented cost recovery policy/methodology, or other guidance addressing cost recovery.
Initially, ARPANSA used appropriated funds, transferred from the former Nuclear Safety Bureau (NSB), to subsidise licence fees. However, it has not defined whether appropriation funding is still used to subsidise fees.
Since ARPANSA's establishment, licence fees have increased considerably.
There is substantial under-recovery of costs. This is due, in part, to under-recording of regulatory costs. In addition, ARPANSA under-recovers those costs it has identified.
Fees are not supported by a robust activity-based costing system, despite assurances to licensees in 1999 that such a system would underpin fees. There is not a clear relationship between the costs of regulation for groups of clients and types of regulatory activity, and fees charged.
In particular, the costs of regulation of the Replacement Research Reactor (RRR) have been under-recovered.
A number of licensees have expressed concern at the lack of a direct relationship between ARPANSA's costs and its fees.
Licensing (Chapter 4)
Licensing is a key regulatory activity. Since its establishment, ARPANSA has received 158 applications and issued 134 licences.4
ARPANSA provides guidance to applicants. However, the guidance does not explicitly ask applicants to address the statutory matters against which they will be assessed.
Consequently, applications are often inadequate. ARPANSA has often had to seek clarification from applicants during the assessment process.
The bulk of license assessments—some 75 per cent—were made without the support of robust, documented procedures. Assessments of applications were supported by draft procedures only, which staff were not required to follow.
Some 60 per cent of applications accepted for assessment have been processed without a fee. Accepting applications without a fee is a breach of ARPANS legislation.
ARPANSA's primary assessment guideline for reviewing applications does not explicitly align to ARPANSA's legislative requirements. It does not specifically address the statutory matters that the CEO must take into account when deciding whether to issue a licence.
Reflecting the lack of guidance, many reports to the CEO on assessment of an application did not provide a clear analysis of the extent to which the application satisfied the statutory matters.
ARPANSA has not rejected any applications for a licence. However, it has imposed special conditions on all licences issued. An example is requiring a licensee to develop an inventory of all controlled material and controlled apparatus.
Some of these conditions appear to be significant aspects of recognised international best practice, which is a necessary requirement for a licence.
ARPANSA advised that it does not consider that these applicants were deficient in demonstrating radiation protection and nuclear safety. However, ARPANSA does not have systematic arrangements in place to provide assurance that special conditions are not being used to overcome deficiencies within applications.
Nor does ARPANSA provide guidance to its staff on the circumstances under which a licence condition is appropriate, and the scope and application of licence conditions.
ARPANSA does not maintain a single database containing applicant and licence-holder information. Instead, it maintains three separate spreadsheets of information. Consequently, ARPANSA does not have a centralised database for monitoring or reporting its processing performance.
The ANAO estimated that the median time to process applications to June 2004 was 22 months. Some took four years to assess. The median for those lodged in 2003 was three months. That is, half exceeded ARPANSA's standard of three months for processing an application.
Monitoring compliance (Chapter 5)
ARPANSA advised that the effort spent on compliance monitoring is roughly proportional to the level of hazard. However, it does not have an overarching framework to articulate the role, or emphasis, for the various approaches to managing compliance. Nor does it have a strategy for identifying prohibited activity by non-licensed entities.
One aspect of ARPANSA's compliance approach is to raise awareness. To this end, ARPANSA has delivered presentations to licensees. The ANAO found that presentations were well focused on regulatory information.
ARPANSA does not systematically analyse, document or rank the likelihood and consequences of risk associated with a licence. These limitations reduce assurance that compliance efforts are directed to areas of greatest need in a cost-effective manner.
ARPANSA provides licensees with a handbook, which aims to set out all compliance requirements and conditions. However, the handbook does not include all licence conditions prescribed in the ARPANS Act and Regulations; and some reporting requirements are inconsistently specified. These and other limitations weaken, and sometimes detract from, licensees' understanding of regulatory requirements.
ARPANSA does not monitor or assess the extent to which licensees meet reporting requirements. The ANAO found that there had been under-reporting by licence holders.
For example, incidents or changes to inventories had sometimes not been reported within the time required, or not reported at all. As well, ARPANSA had not regularly received all annual reports required of licence holders.
ARPANSA has developed guidelines for entities to facilitate their reporting. However, the guidelines are out of date, do not reflect changed reporting requirements and do not specify a timeframe or format for reports. These inadequacies may have contributed to the observed deficiencies in licensee reporting.
ARPANSA does not have standard operating procedures (SOPs) to support its review of licensees' reports.
ARPANSA undertakes inspections to assess licensee compliance with licence requirements. However, staff determine inspection plans separately. ARPANSA does not have a risk-based program for inspections.
Implementation of individual inspection schedules is not monitored by ARPANSA, as relevant data is not readily available.
There has been marked variation in the extent of notice given to entities prior to inspections, which is not in accordance with stated procedures.
Inspection outcomes are documented in reports to the CEO. However, the extent and nature of reporting varied markedly. For example, terminology and compliance rating scales varied. Some reports did not clearly state whether a licensee was, overall, in compliance with conditions of the licence.
Dealing with breaches and prohibited activity (Chapter 6)
Enforcement actions have focused on non-compliance by licence holders, reflecting ARPANSA's approach to compliance. There have been few actions against unlicensed entities undertaking prohibited activities.
ARPANSA does not have a policy or other guidance addressing use of enforcement powers, notwithstanding that it has been responsible for enforcement since 1999. Actions in response to identified non-compliance are not undertaken in a structured and consistent manner.
ARPANSA does not grade, or otherwise categorise, the extent to which licensees are complying with the requirements of the ARPANS Act and Regulations. In turn, it does not have systematic structures in place to manage enforcement, including a process for escalating enforcement response.
ARPANSA has reported only one designated breach to Parliament. This is notwithstanding that there have been a number of instances where ARPANSA has detected non-compliance by licensees.
For example, ARPANSA issued a direction5 to a licence holder to cease use of radiation equipment following a serious injury. The direction was later revoked. The incident was not classified as a breach, notwithstanding that it was acknowledged that safety management had been inadequate.
The ANAO concluded that improvements are required in the management of ARPANSA's regulatory function. While initial under-resourcing impacted adversely on regulatory performance, ARPANSA's systems and procedures are still not sufficiently mature to adequately support the cost-effective delivery of regulatory responsibilities.
In particular, deficiencies in planning, risk management and performance management limit ARPANSA's ability to align its regulatory operations with risks, and to assess its regulatory effectiveness.
As well, procedures for licensing and monitoring of compliance have not been sufficient, particularly as a licence continues in force until it is cancelled or surrendered. Current arrangements do not adequately support the setting of fees in a user-pays environment, nor ARPANSA's responsibilities for transparently managing the potential for conflict of interest.
ARPANSA has recognised the need to address these gaps, and advised that it intends to review and improve the business processes supporting its regulatory function to address this audit's recommendations.
The ANAO made 19 recommendations for improving ARPANSA's delivery of its regulatory function. ARPANSA agreed with all recommendations. ARPANSA's full response to the audit is provided in Appendix 6. The following was ARPANSA's summary response:
ARPANSA acknowledges the work of the ANAO and agrees that the business processes supporting its regulatory functions need improvement. It has established a review to bring forward detailed recommendations and to implement revised business processes. The review will take up the recommendations of the ANAO report.
ARPANSA has substantial regulatory achievements to its credit, not least in the safety assessment and licensing of the OPAL reactor where there were many positive steps taken to improve the transparency and accountability of the process and the decision on the construction licence withstood a challenge in the Federal Court.
The audit report points to areas where ARPANSA needs to explicitly identify and set out its approach to ensure greater transparency and consistency and ARPANSA will implement these recommendations.
ARPANSA acknowledges that it does need to develop further its compliance policy which is in its initial stages of development. Further development of ARPANSA‘s approach, in particular the issue of subsequent enforcement after a finding of actual breach, must grow out of application of the law in particular circumstances and be based upon the fundamental requirement that controlled persons whose interests are affected by such findings are afforded procedural fairness throughout the process.
ARPANSA accepts all the recommendations of the ANAO report.
1 The ARPANS Act covers controlled persons, that is: a Commonwealth entity; a Commonwealth contractor; a person in the capacity of an employee of a Commonwealth contractor; or a person in a prescribed Commonwealth place. This report refers to controlled persons as entities.
2 Unless exempt under Schedule 2 or Part 4, Division 1 of the ARPANS Regulations.
3 Senate Hansard, No. 8, Thursday, 29 August 2002, p. 3997.
4 To September 2004.
5 Under Section 41, the CEO may give written directions to a controlled person requiring the controlled person to take such steps in relation to the thing as the CEO considers appropriate.