Introduction

Against a background of increased use of contracted service providers by Australian Government agencies, the Parliament introduced a range of measures designed to improve the openness and public knowledge of information on procurement and expenditure of public moneys. One of these measures, the Senate Order for Departmental and Agency Contracts (the Senate Order) was introduced in June 2001. The Senate Order has been amended several times since, most recently in December 2003.

The requirements of the Senate Order underline the principle that the Parliament's and the public's access to information on government programs and services should not be prevented, or otherwise restricted, through the use of commercial contractual arrangements, unless there is a sound reason to do so.

Specifically, the Senate Order requires agencies to place lists of contracts valued at $100 000 or more on the Internet. Among other things, these lists must indicate whether each contract requires the parties to maintain the confidentiality of any of the contract's provisions, and whether there are any other requirements of confidentiality. The 85 agencies which published 2007 calendar year listings reported 35 800 contracts, valued at approximately $80 billion.¹

The Senate Order requires Ministers to table in the Senate, letters of advice that the agencies they administer have listed their contracts on their Internet sites. The Senate Order also requests the Auditor-General annually review contract lists and to report any inappropriate use of confidentiality provisions.

In light of the Government's positive response to the Senate Order, the Department of Finance and Deregulation (Finance) has produced a range of Financial Management Guidance (FMG) that provides information to agencies about the listing of contract details on the Internet, including on the use (and reporting) of confidentiality provisions. Specifically, the following three publications are relevant:

• FMG 8: Guidance on the Listing of Contract Details on the Internet (Meeting the Senate Order on Departmental and Agency Contracts), January 2004;
• FMG 3: Guidance on Confidentiality in Procurement, July 2007; and
• FMG 15: Guidance on Procurement Publishing Obligations, July 2007.

This guidance also outlines the categories of information that generally would be considered legitimate claims to confidentiality, including: internal costing information or information about profit margins; propriety information, such as technical or business solutions; and specific personal information.

Against this background, it is expected that agencies will appropriately manage confidential information when purchasing goods and services under contractual arrangements. This includes protecting the Government's interests and carefully assessing, on a case by case basis, all claims by potential suppliers for the protection of information. Equally, agencies must maintain accurate records of the use of confidentiality provisions in contracts and ensure these details are reported correctly.

Claims for confidentiality should be fully assessed, reflected appropriately in contracts and related-documentation, and accurately reported. In assessing claims for confidentiality, agencies must be cognisant of the rights and obligations arising from the Government's various reporting and disclosure mechanisms, including: the interests of Parliamentary committees; the protection and disclosure of information principles enshrined in the Freedom of Information Act 1982 and the Public Service Act 1999; and the access rights of the Auditor-General.

This report outlines the results of the Australian National Audit Office's (ANAO's) tenth audit of agencies' compliance with the reporting requirements of the Senate Order.

Audit objective and scope

The audit objective was to assess whether all agencies compiled Internet listings as required by the Senate Order, and to examine the appropriateness of the use, by selected agencies, of confidentiality provisions.

Specifically, this audit examined information reported in agencies' 2007 calendar year listings. The 2007 listings were required to contain information on contracts entered into during the twelve months ending 31 December 2007; or contracts entered into before 2007, that were not fully performed at 31 December 2007.

The audit involved a desktop review of the Internet sites of each of the 96 agencies covered by the Senate Order to assess the extent and timing of contract reporting. In addition, a detailed examination was undertaken in six agencies of the use of confidentiality provisions in contracts, and also of the processes used to compile Internet listings.

The six agencies selected for detailed examination were:

• Australian Research Council (ARC);
• Australian Securities and Investments Commission (ASIC);
• Centrelink;
• Department of Immigration and Citizenship (DIAC);
• Federal Court of Australia; and
• National Archives of Australia (NAA).

Audit conclusion

The proportion of contracts reported as containing confidentiality provisions protecting information in the contract by the audited agencies has decreased significantly over the period that the Senate Order has been in operation. In particular, it has declined steadily from 19 per cent reported in the calendar year 2003 listing to some 10 per cent reported in the 2007 listings. This trend reflects the impact of the Senate Order in reducing the use of confidentiality provisions in contracts. Despite this positive trend, there remains some significant issues that are affecting the accuracy of agencies' reporting of information relating to their contracts on the Internet.

In particular, the audit found in the six audited agencies that there continues to be inappropriate use of confidentiality provisions protecting information in contracts. Only 28 of the 101 contracts containing confidentiality provisions protecting information in the contracts that were examined were considered to correctly include these provisions. This result is broadly consistent with the ANAO's most recent Senate Order audit (2006 Internet listings), which found that the proportion of such contracts that correctly included confidentiality provisions was 26 per cent. It is, however, an improvement on the results of the audit of 2005 Internet listings, which found that the proportion of such contracts correctly including confidentiality provisions was only 8 per cent.

Contract listings for 2007 were published on the Internet by the due date of 29 February 2008 by 75 of the 96 agencies (78 per cent) covered by the Senate Order. A further ten agencies published a 2007 listing after the due date. Eleven agencies did not publish lists for the 2007 calendar year. Of these agencies: two did not publish lists for reasons of national security²; four published financial year listings; and five did not publish lists.

Given the substantial value of contracts reported by agencies in the 2007 calendar year listings ($80 billion), it is important that agencies provide accurate and complete Internet listings. This enables the Parliament and others to be informed about the use of contracts, and in particular, about the use of confidentiality provisions in contracts. The incorrect inclusion of confidentiality provisions in contracts can potentially undermine the purpose of the Senate Order by preventing or reducing access to such information. Accordingly, the ANAO has made one recommendation designed to improve agencies' decision-making on the use of confidentiality provisions in contracts and achieve greater consistency in the application of Finance's guidance.

Key findings

Confidential provisions in contracts listed by the audited agencies (Chapter 2)

Together, the six audited agencies reported 3 008 contracts (valued at $9.4 billion) in their 2007 Internet listings. Some 310 or 10 per cent of these contracts were listed as containing confidentiality provisions protecting information in the contract. This result continues the downward trend identified in the three previous calendar year listings, where 13, 17 and 18 per cent of contracts (respectively) were listed by the audited agencies as having such provisions.

The ANAO examined 190 of these 310 contracts. We found that only 101 of the 190 contracts (53 per cent) reported as containing confidentiality provisions protecting information in the contract actually contained such provisions. The remaining 89 contracts did not contain any confidentiality provisions protecting information in the contract and were therefore misreported. These differences arose due to errors in the decision to include confidentiality provisions in contracts, and also from a misunderstanding of the differences between confidentiality provisions that: protect information specifically identified in the contract; protect information generated during the performance of the contract; and general confidentiality clauses.

Table 1 Correctness of use of confidentiality provisions by the six audited agencies in contracts examined by the ANAO

Notes: (a) Percentage shown is the number of contracts actually containing confidential provisions as a proportion of the number of contracts listed as containing such provisions.

(b) Percentage shown is the number of contracts either correctly or incorrectly containing confidentiality provisions as a proportion of the number of contracts actually containing confidentiality provisions.

Source: ANAO, based on testing results.

As shown in Table 1, only 28 per cent of the contracts with confidentiality provisions that were examined correctly included these provisions. The types of contractual information that was considered to be appropriately included as confidential related to contractors' financial capability, original business methodology and trade secrets, and specific personal information. This indicates that agencies had incorrectly applied the confidentiality criteria from the guidelines when assessing claims for confidentiality, in 72 per cent of those contracts with confidentiality provisions.

Most of the 73 contracts (70 contracts valued at $590 million) assessed as incorrectly including confidentiality provisions related to the protection of contractors' hourly rates or fees and pricing information. Finance's guidance indicates that a claim for confidentiality of pricing information will only be appropriate where that information reveals details of a supplier's internal costing or profit margins.

Around 55 per cent of the 73 contracts (40 contracts valued at $127 million) that were considered to incorrectly include confidentiality provisions related to the acquisition of Information and Communications Technology products or services.

There is a degree of subjectivity involved in agencies assessing claims to protect information as confidential, particularly claims that information is commercially sensitive and likely to cause unreasonable detriment if disclosed to another party. Typically this judgement is formed through discussion and negotiation with prospective suppliers, in the broader context of determining if the supplier is fully capable of undertaking the contract at the best value for money.

The need to reconsider the appropriateness of decisions on the use of confidentiality provisions is likely to be greater in older contracts. In this regard, 54 of the 73 contracts (74 per cent) that were found to incorrectly include confidentiality provisions were entered into before 31 December 2005, and 12 (22 per cent) of these were entered into before 31 December 2003.

Incorrectly including confidentiality provisions in contracts can potentially undermine the purpose of the Senate Order by preventing or reducing access to such information. The ANAO considers that agencies can improve their decision-making by having measures in place to examine proposals to include confidentiality provisions in contracts when preparing, varying or extending contracts. Such arrangements can ensure appropriate levels of review and achieve greater consistency in the application of Finance's guidance on confidentiality provisions in contracts. Any review measures should be cost effective and appropriate to the size and nature of each agency's procurement activity.

The other 89 contracts listed as containing confidentiality provisions that were examined during the audit did not contain any confidentiality provisions protecting information in the contract and as such, were misreported. Misreporting the use of confidentiality provisions, on its own, does not reduce the rights of the Parliament or the public to access agencies' contractual information, or undermine the purpose of the Senate Order. However, it can mislead interested parties as to their ability to access contractual information.

The high level of misreporting suggests, however, that agencies continue to find it difficult to differentiate between confidentiality provision designed to protect information identified in the contract, and confidentiality provisions designed to protect information generated during the performance of the contract (such as reports). It also suggests a misunderstanding between specific clauses that protect the confidentiality of part of the contract itself and general confidentiality clauses. For example, general confidentiality clauses can restate legislative obligations for confidentiality (such as the Privacy Act 1998) or set out in general terms how they will impose a duty of confidentiality (such as describing how Intellectual Property rights will be dealt with).

Overall, most of the contracts examined in the audited agencies contained clauses providing for disclosure of contract related information to the Parliament, or its Committees, and the ANAO. The inclusion of these clauses is significant as it means that both parties are aware, regardless of the use of confidentiality provisions in a contract, that there is no absolute guarantee of confidentiality of any information.

Compliance with Senate Order requirements (Chapter 3)

For the 2007 reporting period, 96 Financial Management and Accountability Act 1997 (FMA Act) agencies were covered by the Senate Order. The ANAO found that 75 of these agencies posted a listing of contracts on the Internet by the due date of 29 February 2008. A further ten agencies published a 2007 listing after the due date. Of the remaining eleven agencies: two did not publish lists for reasons of national security³; four published financial year listings; and five did not publish lists. Of these five agencies, four were prescribed as FMA Act agencies during the reporting period.

As was the case in previous years, the Ministers' letters of advice were typically not tabled in the Senate by the due date of 29 February 2008. Only one letter of advice (relating to one agency covered by the Senate Order) was tabled by the due date, although a further 10 letters (relating to 57 agencies covered by the Order) were tabled the following business day. Where the due date for tabling the Ministers' letters falls outside of scheduled Parliamentary sitting days, agencies should make arrangements with the Senate Table Office to table these letters out of session.

The audit found that only one of the six audited agencies had published a complete contract list for the 2007 calendar year. Lists in a further four agencies were 90 per cent or more complete (see Figure 1). This situation represented a considerable improvement on the results of the previous audit of the Senate Order, which reported that the completeness of the listings of the audited agencies ranged from 64 to 96 per cent.

Figure 1 Completeness of audited agencies' 2007 Internet listings ^(a)

Note: (a) Completeness refers to the proportion of the ‘number of contracts listed' (excluding the ‘number of contracts incorrectly included') remaining after deducting the proportion of the number of ‘contracts incorrectly omitted'.

Source: ANAO testing of contracts in 2007 Internet listings for selected agencies.

There was no evidence to indicate that those contracts excluded from agencies' Internet listings were more (or less) likely to include confidential provisions. Rather, they were omitted due to oversight or because of a misunderstanding by the respective agencies about their reporting obligations.

The total estimated cost of complying with the Senate Order, as derived from agencies' 2007 Internet listings, was approximately $996 000. In 2006, the cost was approximately $900 000. This represented an average cost of compliance per agency of approximately $14 000 (2006: $14 000).

Processes for compiling Internet listings at the audited agencies (Chapter 4)

Overall, the ANAO found that each of the audited agencies had reasonably sound systems, processes and quality controls in place to support the compilation of 2007 Internet listings and that these processes had lead to largely complete and accurate listings.

However, the many errors in relation to the use and reporting of confidentiality provisions identified by the ANAO suggest that there are further opportunities to strengthen processes. While the principle of not treating contracting information as confidential, unless there is good reason to do so, is generally well established in agencies' procedural and guidance material, it is not yet sufficiently entrenched into agencies' practices.

As shown by the relatively low proportion of contracts which correctly included confidentiality provisions (see Table 1), the use of confidentiality provisions is only warranted in the special circumstances which are set out in Finance's guidance. The re-enforcement of this point in agencies' guidance and training is likely to assist decision-making on the inclusion of confidentiality provisions.

Sound and better practices observed during the audit

Examples of sound and better practices identified during the audit were:

• Centrelink produced a monthly internal newsletter titled Procurement Times, which was distributed to staff with procurement-related roles. This publication provided advice on current procurement policy, requirements, regulations and activities, as well as information on the use of confidentiality provisions in contracts and associated reporting requirements;
• DIAC outlined the process and format for preparing the 2007 contract listing to staff in its business areas, including advice on what should be reported and the process for confirming the information to be reported; and
• Centrelink records contract numbers in its Financial Management Information System, AusTender and contracts register. The use of a common contract number enabled Centrelink to identify more accurate and complete information for the Senate Order listing.

Summary of agencies' responses

Each of the audited agencies, together with the Department of Finance and Deregulation, agreed with, or supported the recommendation. Agencies' responses to the recommendation are shown in Chapter 2. Any additional comments provided by agencies are shown in Appendix 4.

Recommendation

The report recommends agencies implement review measures to assess the appropriateness of decisions to include confidentiality provisions in contracts and provide suitable feedback to staff involved in procurement.

Footnotes

^{1  The value reported for each contract should be an estimate of the full amount to be paid or received over the life of the contract.}

^{2  Contracts can be excluded from Internet listings where disclosure of the existence of the contract could damage the Australian Government, or in order to safeguard national security.}

^{3  Contracts can be excluded from Internet listings where disclosure of the existence of the contract could damage the Australian Government, or in order to safeguard national security.}