CHAIR —I now welcome officers from the Australian National Audit Office. I invite you to make an opening statement, at the conclusion of which I will invite members of the committee to ask questions.

Mr Chapman —Thank you, Chair. I will make some brief statements to assist the committee. First of all, we appreciate the opportunity to appear before the committee and offer whatever assistance we can. Mr Ian McPhee, the Auditor-General, would have been pleased to attend but he was otherwise engaged today. With me is Mr Matt Cahill, who heads up our performance audit practice and can provide further information, particularly in the performance audit and fraud control areas, if we perhaps move to those matters.

It may be worth outlining very broadly the ANAO’s mandate and role. We have two primary functions. One is to offer an opinion on financial statements, and that is generally in the context of a material misstatement occurring. Secondly, we have a performance audit program which is very broadly based in terms of its mandate contained in the act: we can look at any aspect of the operations or activities within the public sector. So, very broadly, we are in the business of providing assurance around financial statements and looking at ways of improving public administration.

The Auditor-General is an independent statutory officer; he determines his own work program having regard to the priorities of parliament and other information he receives. Importantly, our reports are all tabled in the parliament as soon as they are completed. This is in an operating context of having some pretty broad and quite strong powers in terms of access to information and information gathering. In terms of the performance audit, it is only fairly generally defined in our act but is commonly accepted as meaning the audit will focus on the effectiveness, efficiency, economy and legal compliance of a program. I make that point in the context of the committee’s broader interests.

Confidentiality is very important and highlighted in our act, but it is probably also worth mentioning that we have a particular provision in the Auditor-General Act, section 36(2), which means that we can provide advice to the commissioner for the AFP if disclosure would be in the public interest. That would generally be where we might identify matters of fraud or corruption. We have that opportunity to pass that information on.

In both our performance audit and our financial statement audit, we give due regard to matters of fraud and corruption. In our performance audit program we have had a series of audits focusing on fraud over the years. Indeed, at the moment we are currently updating our better practice guide on fraud control for agencies as an opportunity to assist agencies to improve their performance.

In conclusion, as a general statement we would consider the government and the community to be pretty well-served by the Australian Public Service in its approach and delivery; however, as auditors we bring a sceptical frame of mind to most of our activities. There would be occasions where, through poor performance, fraud or corruption, issues would emerge. In those instances we do acknowledge our responsibility to highlight those matters and refer them to the appropriate authorities. If that provides the committee with a broader understanding of where we might be placed, we would be very happy to answer any questions you may have.

CHAIR —Some submissions to this inquiry have argued that an integrity commission with jurisdiction over all Commonwealth public sector agencies is needed. What would be your view on that proposal? Do you see any gaps in the Commonwealth integrity system?

Mr Chapman —We can only speak very generally on this matter. Obviously, it is a matter for government and parliament to form views and come to a position on these matters. In our role as auditors, instances of identified corruption are very rare, I have to say. It might be a reflection on the focus of our audit program, where we tend to use other criteria in identifying the subject matter of our audits. They might be around the size of a particular program or the nature of it, or the level of public interest in its administration. It is not our normal practice to focus on matters of corruption, per se.

Fraud awareness is very much an element of the general control environments we would expect to see in each agency. We do give that a fair bit of attention. In our reports, as you have perhaps identified, we have made a number of recommendations over the years. In that context it would be difficult for us to offer the broader umbrella position that might be behind your question. We do have informal relationships with the integrity agencies. There are discussions that occur. The Auditor-General forms part of a more informal CEO integrity agency grouping that meets from time to time to share experiences and discuss matters, but broadly we think the system seems to be working reasonably well.

CHAIR —In your audit report on fraud control in Australian government agencies you noted that smaller agencies are not meeting the mandatory fraud external reporting requirements and are less likely to have fraud control measures in place. Do you think the regulatory requirements are sufficiently tailored to the size and type of agency? Is the support on-hand for smaller agencies to fulfil any requirements? More generally, can you tell the committee about the effectiveness of fraud control in the Commonwealth Public Service?

Mr Chapman —We would just make the broad observation that the size of an agency is often a determinant of their ability to fully comply with the range of requirements before them, and our audits have identified that there are some risks in that space. On a very simplistic level, even the segregation of duties becomes much more difficult for smaller agencies, but I might pass to Mr Cahill to offer some broader comments following the completion of our last audit in that space.

Mr Cahill —As you are aware, that audit was tabled mid last year and builds on a program of audits that we have done. On the guidelines, our view is that they have stood the test of time. They are currently being reviewed and we have been giving input to the Attorney-General’s Department on the guidelines. The commentary out of the audit was that a lot of small agencies were having difficulty implementing the mandatory requirements of the guidelines: the planning, the control and the fraud awareness issues. The underlying issues generally stem from resources and some of the challenges that agencies have, such as typical accounting practices like having separation of controls and dual signatures and such. It is a different environment. Similarly, the commentary in the report from the Australian Institute of Criminology was that while the likelihood of them conforming with the guidelines per se is less than for the larger agencies, the financial risk is not necessarily as evident in the smaller agencies.

We say that part of it is about sharing the better practice. Some very clever things are done in small agencies and the Attorney-General’s Department or some central body could try and facilitate that exchange of information so they can leverage off that, given the tightness of their resources and building on the Deputy Auditor-General’s comments in regard to fraud that it is not unique for small agencies to struggle to manage the range of legislative and other guidelines required to conform with being a public sector agency. In the support area, we felt there was a need for more facilitation to help them do that.

The audit report showed that there has been a general improvement in fraud management, in conformance with the mandatories and in training and awareness. We have some insights in three areas. We felt that the agencies needed to focus their attention at a central agency level where there is some ambiguity in the applicability of the guidelines to some CAC Act agencies. That is to be clarified. We felt that agencies needed to be more proactive in their evaluation and review of new programs. If an agency has a major restructure or a major new program that is not traditional core work for the agency—

CHAIR —Insulation, for example.

Mr Cahill —Those sorts of programs should be a trigger to get the fraud control experts in to actively look at the arrangements in the organisation. By their nature, those sorts of programs challenge people and we do not want fraud control to be an afterthought. The last one is that, when we looked at the analysis of our survey and the underpinning assurance work that continues to be a challenge for small agencies, we found no evidence to suggest that that translates into a greater risk for those agencies because of the amount of effort they need to put in and the amount of risk mitigation relevant to the nature of their work and the exposure that comes with that.

CHAIR —While we are talking about fraud control guidelines, this committee noted previously that within those guidelines corruption is defined is a subset of fraud. Do you think that the focus on fraud detracts from attention to broader corruption and integrity issues?

Mr Chapman —Coming at it from the Auditor’s perspective, there is a standard that touches on this issue of fraud which identifies corruption as an element of fraud. We would generally come at it from a risk profile and the likelihood of some mis-statement or other issue arising. In our own experience, I do not know that the distinction is something that is necessarily going to distract us. I feel that you would probably spend a lot of time trying to isolate the definitions but probably not for significant benefit.

Mr Cahill —In the report, we commented on the need for some work around the definitions of fraud. Obviously in the audit work that we have done, and as the Deputy Auditor-General said, our focus has been predominantly on the fraud in the broader sense and that link between fraud and corruption and whether agencies understand the appropriate emphasis in their review work. We were not able to get underneath that because that was not focus of the audit work.

However, there was an interesting commentary from the Institute of Criminology, which were saying that, obviously, if we get a clearer understanding of the subsets or the various definitions around there, it will help get a better reporting for them. They report annually to the minister and the government on fraud in the Commonwealth and, if they get a better understanding of the different subsets, they will be able to report on the status of fraud in the Commonwealth. To the extent that that is translatable to corruption is obviously a matter for this committee.

CHAIR —Do you think that corruption should be really defined as a subset of fraud? Do you not think it should really be the other way round?

Mr Cahill —I am sorry, I do not really have a view on that. I have probably not given a lot of thought to it.

Senator IAN MACDONALD —I think the Integrity Commissioner had said that he had only just started contact with you people in a semiformal sort of way. I was surprised to hear that. Is that right?

Mr Chapman —Yes. When I say yes, I will probably struggle with getting a definitive time line to it, but it has been over the last 12 months or so. There has been a level of engagement. The reality is that there is not a great deal of overlap in our activity. I think the relationship is important, an understanding of the respective roles is important and an appreciation of what each is doing is important. Particular issues have not come up that have required us to discuss the specifics of those.

Senator IAN MACDONALD —Not perhaps so much in relation to law enforcement agencies but more in relation to the wider Public Service question that we have been discussing through this inquiry, because of your very forensic and very close examination of various issues across governance, you are often perhaps the first ones who may be able to get a hint of something untoward happening. I think you said you were then able to refer those sorts of things to the Federal Police. Is that correct?

Mr Chapman —Yes. It is a general power where, because our work is generally protected and we would not disclose our work, there is specific legislative provision that allows the Auditor-General, if he comes to a view that it is in the public interest to do so, to specifically provide information to the commissioner of the AFP. Perhaps I should add to that that I cannot recall—I am probably going back five or six years—any instances where we have in fact referred matters to the AFP. In most instances, we are more likely to identify or become aware of fraud or even a corrupt activity where the agency itself would advise us of some event occurring or would be aware of some event and would draw that to our attention. We would have due regard to that in the conduct of our auditing activity.

Just to touch on it for a second, with respect to the financial statement auditing work that we do, as I mentioned earlier, there is a requirement for us to form an opinion around whether there is mis-statement in the financial statements and broader legal compliance issues. The Auditor will indeed consciously address issues of fraud. He or she will look at the control frameworks in place, they will talk to the internal audit of other areas to identify whether there have been any breakdowns and they will specifically raise the matter with management of the organisation to form a view around what may be occurring. In the performance audit space our audit program—as you are probably aware, we do about 50 performance audits a year—covers a very broad area of subject matters. Some of those matters will more likely than not touch on areas where fraud can occur. But in the main, it has not been our experience that fraud has been a significant feature of what has occurred. Indeed, in our audit reports we are more likely to find that there has been a breakdown in control procedures or management oversight, which has perhaps led to some poor performance rather than to fraud or corruption as such.

Senator IAN MACDONALD —In my home state of Queensland there was the very recent and obvious case of a minister of the crown—Gordon Nuttall. I can mention him because he has been convicted, convicted and convicted. I quite forget how someone got onto that, but I wonder if auditors-general—state or Commonwealth—do the sort of work that might detect that one particular group was getting an inordinate number of hospital contracts, or if someone else was getting an inordinate benefit from government work? Is that something that you have powers to identify? And if you do not, is there anything that should be done to enhance either your power or ACLEI’s power or the Crime Commission’s power or the Australian Federal Police’s power to look at those things?

Mr Chapman —Firstly, speaking in respect of the Australian National Audit Office, we have conducted a number or audits looking at tendering processes and government procurement and the probity of those sorts of activities and events. Sometimes we are asked to do so; a recent example would be—going back a little bit in time—some of the tendering arrangements for the NBN. It is quite common for us to look at those sorts of activities. Indeed, we recently conducted a fairly significant audit looking at government procurement activities, which did identify some shortcomings in the control processes—none suggesting, I might say, any corrupt behaviour, but where people—

Senator IAN MACDONALD —I am not suggesting for a moment that any of our ministers are in the Gordon Nuttall category, I might add!

Mr Chapman —No, and far from it for me to suggest it!

Senator IAN MACDONALD —But if they were, would you have the power to find it out? That is really the basis of my question.

Mr Chapman —Yes; at the Commonwealth level, probably, and most of the states have similar arrangements. Most expenditures are controlled by the processes taken through the Financial Management Accountability Act, the various government procurement guidelines and a range of other guidance material. It is quite common for us to look at compliance with those particular requirements. So there is no impediment on us looking at government agencies and activity in that space. We have done any number of audits in there.

Mr Cahill —With the two audits that the Deputy Auditor-General has referred to, looking at a specific tender process—particularly of such a large nature—is something that is not unusual. We also endeavour to identify systemic issues to try to improve the control environment and what is good practice, ultimately to get value for money and equitable access for people to government business. That recent audit into direct sourcing was very much focused on getting that message across the public sector. From our own experience, feedback since has been disseminated quite strongly by CEOs in the Commonwealth; being able to make sure you can get a couple of quotes rather than just going straight out and directly sourcing someone. You need to be able to demonstrate, even if it is small—not necessarily for a purchase of something from a stationary supplier, but something that may be $20,000 or $30,000 worth of consulting services—that you can stand back and say, ‘I went out and got some quotes for different solutions and looked at that,’ versus someone just turning up on the books.

We found some documentary shortcomings there which were quite concerning, and we drew those out in the report. But our focus in there is very much on the individual project because of the significance or the material or in trying to do some across-the-board audits to influence that control environment and disseminate some better practice.

Senator IAN MACDONALD —I think you have already answered my next question. I was going to ask—and I should know this—do you have jurisdiction in wholly-government-owned corporations, such as the NBN Co.?

Mr Chapman —Our mandate extends to the CAC Act—the Commonwealth Authorities and Companies Act. There is an issue in our mandate with government business enterprises. With respect to government business enterprises, we undertake the financial statement audit, but we do not have a mandate to undertake a performance audit off our own bat. We can be requested by the minister or the JCPAA to undertake the audit. This is quite a topical matter and it has been raised with us just recently by the JCPAA, who put forward a report just before Christmas recommending that our mandate be extended.

Senator IAN MACDONALD —I was not conscious of that and, as I say, I should have been. Is that for any Commonwealth business enterprise?

Mr Chapman —Yes. Just to give you a bit of background, many years ago, in the 1990s, when the Auditor-General Act was being reviewed and there were a number of government business enterprises, I think the feeling was that it was not appropriate for the Auditor-General, in his own right, to commence an audit of a Qantas or a Commonwealth Bank or an Australia Post or a Telstra. As time has moved on I think the number of GBEs has significantly reduced and I think there is a body of thinking now that it would be appropriate for the Auditor-General to have a mandate to conduct an audit of those GBEs if it were appropriate to do so.

Senator IAN MACDONALD —I used a hypothetical before which I am going to use again. If, for example, NBN Co. had employed someone at a good salary without the job being advertised and, again hypothetically, supposing the minister might have suggested to the head of NBN Co. that this guy needed looking at, that is not something that you of your own initiation could look into at the current time?

Mr Chapman —That is correct. If it were a GBE, hypothetically, we would not be able to conduct that audit. But I think it is important in all this space to acknowledge that, in the broader governance structures that exist under the FMA Act—and, in the corporate world, I think the board—the CEO has prime responsibility for good governance within their organisation. Indeed, our audits are looking at how the CEO has implemented the appropriate processes and good governance arrangements, and be that in terms of recruitment/employment arrangements or fraud control procedures or even corruption awareness or fraud awareness arrangements in the organisation, it does sit with the CEO to have appropriate practices in place. That is predominantly the focus of our audit activity. If, in your hypothetical, the CEO was empowered to employ people and was doing it in an appropriate way, it is a question of whether it was good judgment or illegal, I guess. That is probably a matter for broader scrutiny rather than an auditor.

Senator IAN MACDONALD —Again, I have to be careful and want to make it very clear that this has been raised and has been answered absolutely without any hesitation, and I accept that in using the example. But what about if the CEO of one of these organisations, who you say is in charge, perhaps has big contracts with a company that he previously was a very senior executive in? I again repeat that that has been raised and answered absolutely; there is no suggestion of anything else. In a situation like that, the CEO cannot investigate it because he might be the subject of the case. So who would do that? Would it be perhaps the company’s external auditor?

Mr Chapman —I would suggest not normally, because generally the external auditor would be engaged to perform an audit of the financial statements and I am sure there would be an accurate reflection of the salary and expenditure contained in those financial statements. In our hypothetical discussions here, it is very difficult to be definitive. Within the public sector for FMA agencies, government agencies, obviously the CEO has a relationship with the minister and there is also a role for the head of the Public Service, be it the Public Service Commissioner or the head of Prime Minister and Cabinet.

Senator IAN MACDONALD —But these are government business organisations.

Mr Chapman —When we go to the government business organisations, generally we will have a board in place and the CEO will generally be accountable to the board for good governance, and the board would accept some responsibility there. Again, the board would no doubt be reporting to a minister as perhaps the major shareholder. In that sense it is not too different from the private sector world.

Senator IAN MACDONALD —Except that this is public money, of course.

Mr Chapman —Correct.

Mr Cahill —The CFO under be it the CAC Act or the FMA Act or a government business, would have obligations as well to the board.

Mr Chapman —Though I suspect the senator’s question is more around the processes of selection and appointment as distinct from the other.

Senator IAN MACDONALD —For that part, but the other part is the procurement question. I guess my question to you is that as of now, unless the minister or the joint standing committee asked you to do that, you do not have any power to do that of your own initiation.

Mr Chapman —Correct. We cannot initiate ourselves a performance audit of a GBE.

Senator IAN MACDONALD —Whereas, if it was a department of state you would?

Mr Chapman —That is right.

Senator IAN MACDONALD —I do not know if auditors-general departments and entities are allowed to have an opinion or a view on these, and you will tell me if you are not, but I wonder whether there has been any position of the Auditor-General on whether you should have that power, or is that a decision for others rather than you?

Mr Chapman —The decision is one for the parliament at the end of the day. But in terms of the Auditor-General he does clearly have a position on the public record. He did put forward a submission to the JCPAA inquiry, the review of the Auditor-General Act that was conducted last year, and submitted to the JCPAA that his mandate be extended to the GBE sector. The JCPAA I think has probably accepted that position and it is now a matter for government to consider.

CHAIR —Just to clarify, you can do an investigation of your own initiative in relation to government departments and agencies.

Mr Chapman —We are very fortunate in this country that the Auditor-General Act is a very contemporary piece of legislation and the Auditor-General’s mandate in the Commonwealth sector is very broad.

CHAIR —What about the Reserve Bank: what oversight is there of how the Reserve Bank works, in particularly with issues that were arising out of the Securency matter?

Mr Chapman —We do have a mandate to do the financial statement audit of the Reserve Bank. The committee would be aware that Australia is a signatory to the OECD convention on combating bribery of foreign public officials and in the development of our audit programs we do in appropriate circumstance look at the issue of bribery of foreign public officials as an audit risk.

CHAIR —Is that a matter you are investigating right now?

Mr Chapman —No, if you are referring specifically to the Reserve Bank issue, as I understand the circumstance, the particular allegations relate to a joint venture operation which is between the Reserve Bank and other parties and our audit mandate does not extend to those joint venture arrangements.

CHAIR —Even insofar as it affects the Reserve Bank or implicates the Reserve Bank?

Mr Chapman —There is an implication because Reserve Bank officials are involved in the joint venture arrangement, but we are not auditing those joint venture arrangements.

CHAIR —You could if you wanted to?

Mr Chapman —No. It gets a little bit tricky for us, but our mandate would not extend to that joint venture arrangement.

CHAIR —So which body could look at that within Australia?

Mr Chapman —If there has been corrupt behaviour and it is illegal, I would have thought that the AFP would have primary responsibility for investigating those matters. Just to clarify, our role is not enforcement or to investigate agencies. Our mandate is to conduct audits, and matters of law enforcement is the responsibility of other parties.

CHAIR —Since this inquiry is primarily around ACLEI and its jurisdiction, do you have any comments you would like to make about that? Do you consider that perhaps its mandate should be extended to other agencies, other than the AFP, the ACC and Customs?

Mr Chapman —It is difficult for us to have an informed view on that matter. As a matter of good governance, we acknowledge and appreciate the role that ACLEI performs. In general reading of its operations and activities, it seems to have a reasonably clear mandate over agencies where, perhaps, higher risk lies. As a general proposition we would say that is appropriate. We have not conducted an audit of ACLEI. On occasions where we have conducted audit activity in associated agencies, nothing undue has come to our attention that causes concern. I appreciate the particular challenge of the committee in coming to an informed view on that matter, but it is difficult for us to give you any better information, sorry.

CHAIR —Thank you very much for taking the time to give evidence today.

Mr Chapman —Thank you.

 [12.19 pm]