Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Foreign Affairs, Defence and Trade References Committee—Senate Standing—Department of Defence’s management of credit and other transaction cards—Report, dated May 2017


Download PDF Download PDF

The Senate

Foreign Affairs, Defence and Trade

References Committee

Department of Defence's management of credit and other transaction cards

May 2017

ii

 Commonwealth of Australia 2017

ISBN 978-1-76010-565-5

Foreign Affairs, Defence and Trade Committee Department of the Senate PO Box 6100 Parliament House Canberra ACT 2600 Australia

Phone: + 61 2 6277 3535 Fax: + 61 2 6277 5818 Email: fadt.sen@aph.gov.au Internet: http://www.aph.gov.au/senate_fadt

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Australia License.

The details of this licence are available on the Creative Commons website: http://creativecommons.org/licenses/by-nc-nd/3.0/au/

Printed by the Senate Printing Unit, Parliament House, Canberra.

iii

Committee Membership

Senator Alex Gallacher, Chair ALP, SA

Senator Chris Back, Deputy Chair LP, WA

Senator Kimberley Kitching ALP, VIC

Senator David Fawcett LP, SA

Senator Scott Ludlam AG, WA

Senator Claire Moore ALP, QLD

Secretariat

Mr David Sullivan, Committee Secretary

Mr Owen Griffiths, Principal Research Officer

Ms Suzanne O'Neill, Senior Research Officer

Ms Kimberley Balaga, Research Officer

Ms Shannon Ross, Administrative Officer

iv

Table of Contents

Committee Membership ................................................................................... iii

Recommendations .............................................................................................vii

Chapter 1.............................................................................................................. 1

Introduction .............................................................................................................. 1

Referral of inquiry .................................................................................................. 1

Conduct of the inquiry ............................................................................................ 1

Structure of report ................................................................................................... 1

Acknowledgements ................................................................................................ 2

Chapter 2.............................................................................................................. 3

Background ............................................................................................................... 3

Introduction ............................................................................................................ 3

Size and scale of Defence's resource management task ......................................... 3

Proper use of relevant monies ................................................................................ 4

ANAO performance audit ...................................................................................... 5

Chapter 3.............................................................................................................. 9

Key issues................................................................................................................... 9

Introduction ............................................................................................................ 9

Effectiveness of controls ........................................................................................ 9

Governance framework ........................................................................................ 22

Chapter 4............................................................................................................ 29

Committee view and recommendations................................................................ 29

Controls on credit and other transaction cards ..................................................... 30

Governance framework ........................................................................................ 33

vi

Appendix 1 ......................................................................................................... 35

Submissions ............................................................................................................. 35

Appendix 2 ......................................................................................................... 37

Tabled documents and Additional information .................................................. 37

Tabled documents ................................................................................................. 37

Additional information ......................................................................................... 37

Answers to questions on notice ............................................................................ 37

Appendix 3 ......................................................................................................... 39

Public hearings ........................................................................................................ 39

Tuesday 7 March 2017 ......................................................................................... 39

Thursday 6 April 2017 .......................................................................................... 39

Appendix 4 ......................................................................................................... 41

Relevant Excerpts from the Public Governance Performance and Accountability Act 2013 .................................................................................................................... 41

Recommendations

Recommendation 1

4.11 The committee recommends that the Minister for Defence directs the Australian National Audit Office to undertake biennial performance audits of the Department of Defence's management of credit and other transaction cards to ensure:

(a) recommendations from the 2015-16 performance audit are implemented in full; and

(b) Defence complies with performance standards set by the Public Governance, Performance and Accountability Act 2013.

Recommendation 2

4.12 The committee recommends that the Joint Committee of Public Accounts and Audit include the Department of Defence's management of credit and other transaction cards and its compliance with the Public Governance, Performance and Accountability Act 2013, as part of its ongoing work program.

Recommendation 3

4.22 The committee recommends that the Department of Defence re-examine the use of credit cards for cash advances and their acquittal processes, including independent verification of transactions for travel and purchase cards, in collaboration with the Department of Finance and the Australian National Audit Office.

Recommendation 4

4.25 The committee recommends that the Department of Defence ensure that it fully addresses the issues identified in the Australian National Audit Office audit report on the use of taxis and car hire, including:

(a) ensuring adequate controls are in place to effectively manage taxi and car hire for those unable to use the Defence travel card; and

(b) investigating the high use of specific individual taxis, multiple expensive taxi fares and 'small hours' travel. The results of this investigation should be made publicly available on the Defence website.

Recommendation 5

4.33 The committee recommends that the Department of Defence be more transparent in reporting disciplinary action taken against individuals found to have committed credit card fraud, whether steps taken are administrative or judicial in nature. This should include publishing the outcomes of disciplinary or criminal action on the Defence website and in service newspapers.

Recommendation 6

4.35 The committee recommends that the Department of Defence evaluate its current training, education and information programs in relation to the use of

viii

credit and other transaction cards to ensure compliance with the performance standards set by the Public Governance, Performance and Accountability Act 2013.

Chapter 1 Introduction

Referral of inquiry 1.1 On 10 November 2016, the Senate referred an inquiry into the Department of Defence's management of credit and other transaction cards to the Foreign Affairs, Defence and Trade References Committee for inquiry and report by 11 May 2017. The terms of reference for this inquiry are as follows:1

The Department of Defence's management of credit and other transaction cards with particular reference to:

a. Controls in place to manage credit card expenditure including action to prevent credit card misuse and minimise risk to the Commonwealth;

b. Issuing of CabCharge 'Fastcards' and 'E-tickets' to staff including monitoring and management of e-ticket accounts;

c. Controls in place on the use of fuel cards for commercial and military vehicles, including compliance testing of the assurance framework;

d. Implementation of the Department of Defence's new governance arrangements for credit card management;

e. Legislative requirements and framework set out in the Financial Management and Accountability Act 1997 and its successor, the Public Governance, Performance and Accountability Act 2013; and

f. any other related matters.

Conduct of the inquiry 1.2 The committee advertised the inquiry on its website and wrote to individuals and organisations likely to have an interest in the inquiry and invited them to make written submissions.

1.3 The committee received two submissions to the inquiry. Additional information was received from the Departments of Defence and Finance, the Australian Institute of Criminology and the Australian Payments Clearing Association.

1.4 Two public hearings were held in Canberra on 7 March and 6 April 2017, at which witnesses from the Australian Institute of Criminology, the Australian National Audit Office (ANAO) and the Departments of the Attorney-General's, Defence and Finance, gave evidence.

Structure of report 1.5 The report contains four chapters. This introduction outlines the scope and process of the inquiry. Chapter 2 briefly outlines the unique nature of the Defence resource management environment. It also describes the requirements for the proper

1 Journals of the Senate, No.14-10 November 2016, p. 4.

2

use of relevant monies established by the Public Governance Performance and Accountability Act 2013 (No. 123, 2013 with amendments No.126, 2015) (PGPA) and the Commonwealth resources management framework under the public management reform agenda which was introduced in 2013. The public management reform agenda, through the Commonwealth resources management framework and the PGPA, frames the ANAO performance audit report into Defence's management of credit and other transaction cards, which triggered the inquiry.2

1.6 Chapter 3 summarises the key issues explored by the committee during the inquiry, illustrating these through an examination of case studies for each card type. It also considers the implications for the governance of credit and other transaction cards in the Department of Defence. Chapter 4 concludes with the committee's view and recommendations for ensuring the proper use of relevant monies by the Department of Defence when using credit and other transaction cards.

Acknowledgements 1.7 The committee thanks all those who contributed to the inquiry by making submissions, providing additional information or expressing their views through correspondence and emails. The committee acknowledges those who gave their time to attend the public hearings and give evidence.

2 Australian National Audit Office, Defence's Management of Credit and other Transaction Cards, ANAO Report No. 33 2015-16 Performance Audit. (ANAO Report, 2016)

Chapter 2 Background

Introduction 2.1 This chapter briefly describes the size and scale of the resource management task placed on the Department of Defence to facilitate its primary task to defend the nation and its national interests.1 It then outlines the responsibilities and duties of the Department, as a non-corporate Commonwealth entity, to ensure the proper use of relevant monies as established legislatively by the Public Governance Act (PGPA) and its policy counterpart, the Commonwealth resource management framework under the public management reform agenda introduced by the Australian Government in 2013. Continuing the devolution of responsibilities established by the Financial Management Accountabilities Act 1997, these instruments and guidance establish the resources management framework against which the ANAO conducted the performance audit of Defence's management of credit and other transaction cards.2

Size and scale of Defence's resource management task 2.2 Defence holds a unique role among Commonwealth entities that perform the Australian Government's directions. As the 2016 Defence White Paper describes: Our most basic Strategic Defence Interest is a secure, resilient Australia. The first strategic

Defence Objective is to deter, deny and defeat any attempt by a hostile country or non-state actor to attach, threaten or coerce Australia. The government is providing Defence with the capacity and resources it needs to be able to independently and decisively respond to military threats, including incursions into Australia's air, sea and northern approaches…The Government will ensure Australia maintains a regionally superior ADF with the highest levels of military capacity and scientific and technological sophistication…3

2.3 By any measure, Defence is Australia's largest non-corporate Commonwealth entity to facilitate the performance of its unique role. Defence has an operating budget for the 2016-17 financial year projected at $32.337 billion and an estimated workforce strength comprising 77,649 personnel.4 Whilst historically, the size and scale of resources available to Defence has been uncertain and variable, this is set to change over the next decade. The current government has made a firm commitment to build Defence's capacity. The 2016 Defence White Paper projects an overall budget growth to two per cent of Australia's Gross Domestic Product by 2020-21, representing a projected investment of $195 billion in Australia's defence capacity over 10 years. By

1 Department of Defence, Mission, http://www.defence.gov.au/AboutUs.asp, accessed 27 April 2017.

2 ANAO Report, 2016

3 Department of Defence, 2016 Defence White Paper, 2016, pp.17-18.

4 The Department of Defence submission to the inquiry noted actual expenditure in 2015-16 of $31,523 billion. The Defence Portfolio Budget Statement 2016-17 advises that the workforce strength consists of an estimated 59,209 in the ADF which is due to grow to 62,400, and a civilian workforce of approximately 18,440.

4

2020, Defence will emerge as one of the largest and best-resourced of all the non-corporate Commonwealth entities.

2.4 The substantive portion of the Defence budget is dedicated to investment in defence capability, the weapons systems and platforms, military facilities and bases, information and communications technology, and workforce to assist Defence achieve its purpose.5 Credit and other transaction cards, the focus of the ANAO performance audit, are to be used for comparatively minor operational expenses, such as official travel, including allowances for travel-related meals, accommodation and other incidentals; official purchases of goods and services under the threshold of $10,000; taxi fares and car hire; and fuel for work-related vehicles. Together, these expenses constitute a significant pool of resources. According to the ANAO performance audit, credit and other card transactions accounted for expenditure ranging between $499,635,337 in 2012-2013 and $548,474,723 in 2014-15.6

Proper use of relevant monies 2.5 The ANAO performance audit examined the period 2012-2015, which included the Department of Defence’s transition from the Financial Management and Accountability Act 1997 (FMAA) to the PGPA. The PGPA took effect from 1 July 2014 and transition arrangements from the FMAA to the PGPA applied until June 2015.

2.6 Previously governed under the ambit of the FMAA, the proper use of relevant monies is now encompassed by the PGPA which, as the legal cornerstone of the public management reform agenda, sets out the requirements for the governance, reporting and accountability of Commonwealth entities (and companies) and for their use and management of public resources. The PGPA consolidates the devolution of responsibilities and duties for resource management begun, in Defence, in the 1990s, with the implementation of the recommendations of the 1996 Defence Efficiency Review through the consequent Defence Reform Program (DRP).7 The DRP fundamentally restructured Defence by fully embracing a 'shared service' model to improve, amongst other aspects, the efficiency of support and administrative functions. At the time, a review of the program advised that the long-term financial impact of the change was 'difficult to discern'.8

2.7 The PGPA sets enhanced standards against which the proper use of relevant monies is to be measured. Defence, as a non-corporate Commonwealth entity, is subject to the PGPA and its policy counterpart, the Commonwealth resource management framework, which provides guidance on how the Commonwealth public

5 Department of Defence, 2016 Defence White Paper, 2016, p. 31.

6 ANAO Report, 2016, p. 13.

7 Australian National Audit Office, Defence Reform Program Management and Outcomes, Department of Defence, Report No. 16, 2001-2001, Performance Audit, 2001

8 Mark Thomson, ASPI, Defence Reform: The Australian Experience, presentation to the Atlantic Council Workshop on Comparative Defence Reform, 21 June 2013, Ottawa, Canada.

5

sector uses, manages and reports on public resources with the advent of the public management reform agenda.9

2.8 The PGPA outlines the fundamental requirements for all Commonwealth entities to ensure the proper use and management of public resources, described as the efficient, effective, economical and ethical use or management of public resources.10 Commonwealth entities, and the officials therein, must use or manage public resources in a way that is not inconsistent with the policies of the Australian government.11

2.9 The PGPA, in conjunction with the Commonwealth risk management policy, also prescribes officials' responsibilities and duties for exercising accountabilities, by managing risk through establishing internal controls, including fraud prevention and investigation, and conducting audit processes.12

2.10 Commonwealth entities are also required to produce good quality information which can measure, assess and report on the delivery of progress and services for which they are responsible.13

ANAO performance audit 2.11 The Auditor General presented the performance audit report on Defence’s Management of Credit and other Transaction Cards to Parliament on 5 March 2016.14 ANAO examined the Department of Defence's management of credit and other transaction cards between 2012-2015 to consider whether Defence was effectively managing and controlling the use of Commonwealth credit and other transaction cards for official purposes in accordance with legislative and policy requirements. At the time of the audit, Defence had over 100,000 credit and other transaction cards on issue. These included:

(a) Defence travel cards—issued by Diners under the whole-of-government (WOG) arrangement managed by the Department of Finance; a companion MasterCard was also available under this arrangement, for those situations where the Diners card was not able to be used;

(b) Defence purchasing cards—Visa cards issued by the National Australia Bank under direct arrangement with Defence and separate from the WOG arrangements managed by the Department of Finance; 15

(c) Cabcharge (Fastcards) and e-tickets used for taxi fares and car hire; and

9 See Appendix 4 for an explanation of the key roles and responsibilities established by the PGPA 2013, as advised by the Commonwealth Resource Management Framework.

10 PGPA 2013, s. 15.

11 PGPA 2013, s. 28.

12 Department of Finance, Commonwealth Risk Management Policy, 1 July 2014.

13 PGPA 2013, s.35, s.37, s.38, s.39, s.40 and s.46.

14 ANAO Report, 2016.

15 Department of Finance, Supplementary Response to Questions on Notice, 29 March 2017, Q1.

6

(d) Defence fuel cards, managed by SG Fleet, for Defence's military and civilian vehicles, known as the green and white fleets.

2.12 The Department of Finance advises all Commonwealth government entities on the use of credit and other transaction cards which are recommended for low-value purchases of goods and services. Credit cards are used by the Australian Government because they are considered to offer an efficient and timely means to pay for goods and services purchased for official purposes. The reporting arrangements available through card use are intended to offer a basis for managing the risks of misuse and fraud.16

2.13 The ANAO performance audit assessed Defence's management of credit and other transaction cards against three criteria. It considered whether:

(a) Defence have effective arrangements to control the issue and return of credit cards;

(b) controls over individual purchases are sound and operating effectively;

(c) Defence has a sound framework in place to provide evidence-based assurances that controls over relevant card issue use and return are effective.

2.14 The audit was seeking to ascertain whether Defence had identified the risks associated with the use of credit cards and put in place sufficient precautionary or detective controls to address those risks. The risks fell into two categories to prevent and manage waste (uneconomical use of public resources) or fraud (dishonestly obtaining a benefit or causing a loss, by deception or other means).

2.15 The audit identified that neither preventative nor detective controls were as effective as they could (or should) be across the agency. Further, the report identified that although management information was available to Defence, it did not take advantage of the analytical tools and information available to monitor and ensure accountable use of public monies by its workforce. It neither managed the risks nor reported on performance adequately.17

2.16 The audit found that Defence:

…does not have a complete and effective set of controls to manage the use of credit and other transaction cards. An active management process and use of IT-based analytical techniques would help Defence develop its control framework and provide better assurance over the use of these cards to purchase goods and services.18

16 Department of Finance: Resources Management Guide No 416, Facilitating Supplier Payment Through Payment Card, November 2016, which outlines Commonwealth policy on payment cards as the preferred method to pay suppliers for eligible payments valued below $10,000. The policy is intended to facilitate timely payment to suppliers, assist their cash flow and reduce costs to business in supplying to the Commonwealth.

17 ANAO Report 2016, p.15.

18 ANAO Report, 2016, p. 7.

7

2.17 The ANAO report made recommendations in three key areas to enhance Defence's management and use of credit and other transaction cards:

(a) To improve management of credit cards, Defence should:

(i) Identify risk associated with credit cards and its current control framework;

(ii) Implement enterprise-wide control arrangements aligned to key risks;

(iii) Implement arrangements to provide assurance that the control arrangements are working as intended.

(b) To provide assurances that credit card use is consistent with Defence policies, Defence should:

(i) undertake periodic analysis of credit card transactions, targeting key areas of risk; and

(ii) take corrective action where necessary.

(c) To help ensure that the new fuel management arrangements are operating satisfactorily, and have addressed the risks identified in this performance audit report and in its 2012 internal audit on fuel card and fuel management, the ANAO recommends that Defence conduct a follow-up review of progress in the 2016-2017 financial year.19

2.18 Defence acknowledged the audit report's findings and agreed with the three recommendations. The report noted that Defence had advised that it had introduced new governance arrangements alongside a suite of investigative analytics covering all aspects of credit cards. Defence also welcomed the ANAO's acknowledgement of improvements to fuel card management including the formation of the fuel services branch in early 2015. Defence advised it would ‘aggressively continue’ implementation ‘and refinement’ of the new fuel card assurance framework across Defence including 'streamline exception reporting…appropriate innovative IT solutions and…additional preventative and detective controls as necessary'.20

19 ANAO Report, 2016, pp. 9-10.

20 ANAO Report 2016, pp. 7-10.

8

Chapter 3 Key issues

Introduction 3.1 This chapter outlines two key issues arising from the evidence received in relation to the terms of reference of the inquiry. These include:

(a) the effectiveness of controls in relation to credit and other transaction cards; and

(b) the governance framework for credit and other transaction cards.

Effectiveness of controls 3.2 Controls on credit and other transaction cards may operate in two ways: controls that are designed to ensure that the individual using the card is the authorised cardholder; and those that are designed to ensure that authorised cardholders use the card in accordance with policy and procedures designated by the organisation, or a broader accountable authority, such as the Commonwealth. Controls act to either prevent or detect the misuse of cards, intentional or otherwise.

3.3 The ANAO audit found that Defence had identified some risks and some controls on the use of credit and transaction cards in the Department's fraud control plans. However, the audit found that the suite of preventative controls was incomplete

and of limited effectiveness. Controls had either been inconsistently applied or simply not implemented. The audit canvassed a range of issues around preventative controls, with this inquiry focusing on two of these in particular: merchant blocking and cash

advances.

3.4 The audit also found that while some detective controls had been

implemented, the effectiveness of these controls was undermined by a lack of rigour or systematic application. In particular, the ANAO report highlighted that Defence had not drawn on available management information to monitor and analyse credit or transaction card activity. The audit identified various transactions where analysis of available information could have helped identify and manage risks. The committee explored related concerns extensively with Defence during the inquiry, including:

(a) instances of non-compliance with Defence and Commonwealth policies and procedures, particularly in relation to traffic infringements and Austender; and

(b) claims of seasonality in routine payments, with ad hoc changes to card limits for apparently predictable operating costs.

3.5 The inquiry was particularly concerned by the apparent 'softness' in the acquittals process for transactions using virtual and physical cards, particularly in relation to cash advances and electronic transfers.

10

Travel and purchase cards

3.6 Defence travel cards (DTCs) are issued by Defence under the whole-of-government (WOG) arrangements established by the Department of Finance.1 Defence assumes all personnel need to travel and so all personnel who meet the legal requirements for card access are routinely issued with a DTC. In 2014-15, Defence was responsible for 41 per cent of all Commonwealth expenditure on travel cards, an amount of some $286.7 million. In comparison to other Commonwealth entities, Defence spent a proportionately greater expenditure on car rental, taxi travel and cash advances through the travel card.2

3.7 Arrangements for Defence purchase cards are managed independently by Defence, separate from the WOG arrangements for travel cards. Purchase cards are intended to be utilised by Defence personnel to buy goods and services under $10,000, reflecting the high volume, low-level transactions considered routine to Defence's purchasing environment, and as recommended by Department of Finance guidelines. The ANAO audit found that Defence spent between $10 and $40 million each month using the purchasing cards over the three years covered by the audit.

Controls on what is purchased: merchant blocking

3.8 All merchants are assigned an identifier code, which is utilised when credit and other transaction cards are used to make a payment. Blocking is a control where transactions against certain merchant codes are automatically prevented, or blocked. It prevents the card user from transactions against merchants which are considered to offer goods and services outside the usual purview of Defence and for which the card user could not assume to have the authority or approval to transact.

3.9 Defence acknowledged that at the time of the audit, only one merchant category was blocked on the DTC.3 However, although this block had been in place for eight years, the ANAO found 24 transactions, at a cost of $15,000, against this merchant category during the audit, indicating that the block had been ineffectively applied. In addition, the ANAO found that no categories were blocked on the Purchase Card, and there were 1900 transactions by Purchase Card in the same

category at a cost of $3.3million.

3.10 When questioned by the ANAO on these inconsistencies during the audit, Defence could not retrieve the paperwork which explained their rationale for blocking this category or for the absence of blocks generally. In explanation, Defence told the ANAO:

1 Department of Finance, Response to Questions on Notice arising from the hearing on 7 March 2017, Q1.

2 ANAO Report 2016, p 33, paras 3.1-3.5: The ANAO notes that this data is sourced from the credit company who supply it to the Department of Finance and advises that because the data is based on merchant category codes, aggregated and reported by the credit card company, caution is needed with interpretation.

3 Category 7997: Clubs, Country Clubs Membership (Athletics, Recreation, Sports), Private Golf Courses, Entertainment.

11

…Generally, they did not have blocked merchant categories because of inconsistencies in merchant categories when compared to the goods and services actually provided by the merchant.4

3.11 However, in response to the draft audit report, Defence assured the audit team that, in accord with the new governance arrangements, Defence had now introduced and applied merchant blocking as a dedicated control: two new merchant categories were blocked on both travel cards and purchase cards and another 50 merchant categories are monitored routinely.5 This was confirmed by Defence's submission to the inquiry which provided lists of blocked merchants.6

3.12 However, when the committee questioned Defence on these matters during the public hearing on 7 April, Defence asserted that the nature of the work in Defence can seem '…a bit unusual for corporate entities and other government departments'. It might require activities in locations which are considered unusual by those outside the department but in fact, 'represent valid procurement of approved goods and services within the guidelines'.7

Controls on access to cash advances on travel cards

3.13 As part of negotiated conditions of employment, Defence personnel can access cash through the Defence travel cards to withdraw allowances for meals and incidentals, although Defence policy encourages use of the DTC to pay the supplier direct for the expenses which these entitlements are expected to meet.8 Once travel is approved, subject to travel taking place as approved, cash withdrawal requires no separate authorisation. Cash advanced to Defence travellers totalled $52 million, comprising 7.5 per cent of all Commonwealth entity travel card expenditure in the audit period. Defence travellers accounted for almost all this amount comprising 97 per cent of all cash advances across government using the travel card.9

3.14 The ANAO audit found that, whilst Defence had identified that the ‘single greatest risk to the (Defence Travel Card) Program is the unauthorised use of cash’, the Defence Card Management System (CMS) was singularly not ‘well suited’ to acquitting cash in advance.10 The ANAO identified a range of practices around the use of the Defence travel card which it considered 'difficult to reconcile with Defence policy'.11 Consequently, a chief concern for the committee was the arrangements for

4 ANAO Report, 2016, p.18, para 2.7 -2.10.

5 Department of Defence, Submission 1, Attachment E: the two new merchant codes blocked related to gambling and dating/escort agencies.

6 Department of Defence, Submission 1, Attachment E.

7 Mr David Spouse, First Assistant Secretary Financial Services, Department of Defence, Committee Hansard, Thursday 6 April 2017, p3.

8 ANAO Report, 2016.

9 ANAO Report, 2016, p.33.

10 2009 Defence Fraud Control Plan, ANAO Report, 2016, p.21.

11 See ANAO Report, 2016, Appendix 6, p.73.

12

accessing cash and the corresponding controls around the acquittal process. Two examples identified by the ANAO report highlight this concern: the amount of interest generated through cash advances, and that the amount of cash advanced can be greater than entitlements indicate. In both instances, the committee was concerned by the

apparent 'softness' of the acquittal process.

3.15 Observing that cash advanced for travel allowances can amount to large sums, particularly for longer trips, the ANAO reviewed the top 30 individual withdrawals between the six months of January and June 2015. These transactions showed a range between just under $8500 to $42,384. As Defence agreed during the hearings, cash withdrawals on the Travel cards carry a charge, in most cases, of 1.75 per cent of the value of the withdrawal.12 The ANAO found that in 2014-15, Defence personnel withdrew $50,761,587 using the DTC at an approximate further cost of $888,328 through interest charges on cash advances to Defence.13

3.16 The ANAO also found that, in practice, Defence personnel accessed cash from the travel card greater than the amount allocated as allowances for meals and incidentals. An audit sample showed that 37 per cent of withdrawals either exceeded the approved amount for meals and incidental allowances and no receipts or other support documentation was provided to show that actual expenditure was incurred; or insufficient documentation was provided to determine the values of approved meals and incidentals.14

3.17 The sample suggested that personnel were withdrawing cash not only for meals and incidentals but also for a further part of their approved travel, such as accommodation, training or other costs which Defence policy expects to be paid either centrally, through virtual card payments, or through other payment means such as purchase orders in response to an invoice.

3.18 At the hearing, the committee asked Defence to explain why Defence personnel needed cash for travel, when other entities do not access cash for their travel entitlements and especially when, as Defence agreed, acquitting cash advances is 'risky' practice?15 The committee asked, what, in particular, makes Defence so different to all the other departments that its personnel require access to cash to travel?

3.19 Defence explained that access to cash was a condition of service for all ADF and APS personnel in Defence. However, it was 'a requirement on all officers' to seek appropriate approval for travel through the department's online travel calculator, and acquit appropriately through the after-travel certification.16 In instances where travel

12 Committee Hansard, 6 April 2017, p.24.

13 ANAO Report, 2016, p. 41, para 3.29-3.30.

14 ANAO Report, 2016, p. 41, para 3.28-3.32.

15 Dr Tom Clarke, First Assistant Secretary, Audit and Fraud Control, Department of Defence, Committee Hansard, 6 April 2017, p. 19.

16 Mr David Spouse, First Assistant Secretary Financial Services, Department of Defence, Committee Hansard, 6 April 2017, p. 19.

13

varied from the approved circumstance, it was incumbent upon the officer travelling to advise the department and reimburse funds accordingly, as necessary. If the department found an officer had not repaid excess travel funds, a debit note would be issued.

3.20 When the Committee asked the department the value of overpayments in travel allowances, and how many debit notes the department had issued in relation to non-acquitted cash advances, Defence was unable to respond.

3.21 The committee explored one of the specific examples identified by the audit and asked Defence to explain the circumstances surrounding the cash withdrawal of $42,384. The department advised it had not investigated the report, and instead responded:

I suspect that that is a case where people stepped outside of the guideline and took cash for elements that should be covered in the whole of government travel arrangements, that is, hotels, airfares and that sort of thing.17

3.22 When the committee asked why a relevant supervisor or person approving travel did not also take an interest in staff travel acquittals, Defence explained that although a delegate might have overall management responsibility, the primary responsibility lies with the individual to acquit their travel.18 Their does not appear to be any independent verification or spot checks to confirm that a transaction was validly acquitted:

There is a requirement to acquit your transactions, which requires you to log into the system and look at them… the duties of officials requires them to put the right due diligence in to checking that their accounts are correct.19

3.23 The committee was concerned about what this example illustrated for the overall system for monitoring acquittals. It appeared there was no mechanism or 'red flag' to prompt an internal audit review of the transaction even when, as in this case, the rationale put forward was that it was likely the transaction was contrary to Defence policy guidelines. The main concern is that Defence's Acting Chief Finance Officer and the First Assistant Secretary, Financial Services, did not know of the irregularity until it was raised by the ANOA audit, and even then, Defence did not investigate the matter further when it was brought to its attention.

3.24 Defence responded that it ran a range of checks on both purchase and travel cards, looked for unusual transactions, blocked merchants, unusual amounts and

17 Mr David Spouse, First Assistant Secretary Financial Services Department of Defence, Committee Hansard, 6 April 2017, p. 20.

18 This reflects the historical devolution of administrative responsibilities to the individual to secure administrative efficiencies under the 'shared services' model, arising, at a Commonwealth level, from the Financial Management Accountabilities Act 1997, and specifically, for Defence, under the 1996 Defence Efficiency Review and subsequent Defence Reform Program, as noted at Chapter 2.

19 Mr David Spouse, First Assistant Secretary Financial Services Department of Defence, Committee Hansard, 6 April 2017, p. 21.

14

places, and used techniques unique to Defence because of 'the nature of the business'.20 However, the committee was not reassured by Defence's claim that because there was 'no evidence of fraud' in the majority of cases, the system was working.21

3.25 The examples illustrated by the audit and raised by the committee suggested otherwise. Defence had not adequately responded to criticism that 'a very high number of transactions… are signed off by the individual incurring expenses', with essentially no other checks on the integrity of the transactions.22 The cost of advancing cash to Defence personnel for travel incurred over $880,000 in interest charges to the Department. The committee was not reassured why Defence persisted with such a risky practice, especially in the absence of independent checks on travel acquittals. The committee did not find Defence's repeated explanation that because cash was ' a longstanding and…very popular part of people's conditions of service' persuasive, nor that the cost to the Commonwealth was justified.23

Controls on access to cash advances on purchase cards

3.26 The committee was concerned by the ANAO audit's findings in relation to the absence of controls over the authorisation of cash access on purchase cards. Cash withdrawn on a purchase card is an advance of relevant money under the PGPA and requires authorisation under the Defence Accountable Authority Instructions. Until the audit, the card supplier had issued access to cash at the request of cardholders and without confirming the approval/authorisation of the relevant Defence delegate.

3.27 Defence advised the committee that authorisation to access cash now requires the written approval of the relevant Group or ADF Services CFO based on a justified business case.24 This change was introduced as part of the new governance arrangements introduced following the audit. The committee was satisfied that this oversight had been addressed. However, it remained concerned by the interest charges generated by cash advances and the potential this represented for waste of Commonwealth monies.

3.28 The ANAO tested a small sample of cash withdrawals using purchase cards and found multiple withdrawals of substantial amounts to pay merchants for goods and services. There were numerous examples identified by the audit of cash

20 Mr David Spouse, First Assistant Secretary Financial Services Department of Defence, Committee Hansard, 6 April 2017, p. 21.

21 Mr David Spouse, First Assistant Secretary Financial Services Department of Defence, Committee Hansard, 6 April 2017, p. 21.

22 Senator Gallacher, Committee Chair, Committee Hansard, 6 April 2017, p. 23.

23 Mr David Spouse, First Assistant Secretary Financial Services Department of Defence, Committee Hansard, 6 April 2017, p. 24.

24 Department of Defence, Submission 1, see also Committee Hansard 6 April 2017, p. 4.

15

withdrawals on purchase cards where card use was not consistent with Defence policy. The hearing with Defence highlighted one particular example of concern.25

3.29 The audit uncovered one case which showed a series of three cash withdrawals of $99,999 by the same Defence official on the same day to pay the same supplier. The audit revealed that these were part of a succession of cash withdrawals to the value of $879,000 over 10 days by the same official. After being alerted by the audit, Defence investigated the card holder's purchasing activities further. It found that the cardholder had withdrawn over $1.147 million to pay suppliers, primarily to purchase rations for a planned military training exercise in Queensland.26 These transactions were electronic transfers rather than physical cash withdrawals. Defence advised that such transactions are identified and treated as cash withdrawals by the bank and in reports received by Defence. These specific transactions attracted interest as a cash advance of $18,278.27

3.30 When questioned by the committee, Defence acknowledged that this case was an instance of bad decision-making by the individual concerned:

The person who was running that part of the exercise, in terms of rations and other sorts of provision for the exercise and making payments, decided, without the right sort of advice and without seeking advice, for instance, from the CFO or the finance team, that it would be a good idea to make those payments through electronic funds transfers - through credit card - rather than in our usual way of paying those sorts of account by raising a purchase order and paying through an invoice, which would have been our advice.28

3.31 Defence explained that whilst an individual had clearly made a 'bad decision', the subsequent internal investigation by Defence's audit team showed that the purchase was within approvals and therefore appropriate.29 The individual had merely chosen the wrong method of payment, rather than engaging in any fraudulent activity. While Defence admitted that the transactions were a breach of policy and bad administration, it told the committee on a number of occasions that the purchase fell within the approvals process.30

25 These are listed in Appendix 5 of the ANAO report, and include: cash withdrawals of various amounts without evidence of prior approval or supporting receipts; instances where amounts were repaid when ANAO requested supporting documentation; travel allowances withdrawn on the purchase card; cash withdrawn or invoices paid before delegate approval was obtained; CMS expense summary reports not signed by the cardholder or CMS supervisor; and risks such as the co-location of cards and their PINs, which were subsequently stolen and cash accessed; cash withdrawn and receipts claimed to have been stolen.

26 Committee Hansard, 6 April 201, p. 5.

27 ANAO Report, 2016, p40.

28 Mr David Spouse, First Assistant Secretary, Financial Services, Department of Defence, Committee Hansard, 6 April 2017, p. 5.

29 Mr David Spouse, First Assistant Secretary, Financial Services, Department of Defence, Committee Hansard, 6 April 2017, p. 5.

30 Committee Hansard, 6 April 2017, p. 6.

16

3.32 The committee's concerns with this example cover three main issues:

(a) the lack of controls to prevent this choice of payment method for an event that was both 'predicted and predictable', rather than 'unusual or an emergency' circumstance;31

(b) an apparent lack of regard for departmental 'policy, procedures and guidelines…or prudent practice' given the interest charges generated by the choice of payment method;32 and

(c) whether the Department had taken steps to both prevent this kind of 'bad decision' occurring again and to ensure that if it did, Defence would know about it through its own analytics, rather than rely on a subsequent audit to uncover the irregularity.

3.33 Defence explained to the committee that as a result of their internal investigations the department had taken a range of steps, both with the specific contract management cell and for the specific individual concerned:

[Defence has] updated their standard operating procedures...instigated training such as carrying out basic procurement, consolidation of complex procurement, management of contracts, effective contract management and operational contract management..(and undertook)...internal reviews of contracting processes. The official involved has undertaken a number of additional courses such as 'managing money in accordance with the rules', 'accountability', 'your responsibility', 'completing procurement forms', 'responsive record keeping' and 'objective use of training'.33

3.34 Defence, however, confirmed that its analytics would not have uncovered this irregularity through existing processes, explaining, somewhat inconsistently, that as 'there was no fraud' the transactions would not have attracted attention under Defence's administrative processes.34

The role of the independent reviewer

3.35 The committee drew Defence's attention to its concern over the risk posed by the absence of an independent 'second person' check in the acquittals process. At the time of the ANO audit, one on the key controls which Defence relied on to ensure cash advances on purchase cards were acquitted appropriately was the independent review—or second person check—between the cardholder and their CMS supervisor. The ANAO had independently identified from the literature that a 'second-person check' or independent review to verify a transaction was considered by the audit

31 Senator Gallacher, Committee Chair, Committee Hansard, 6 April 2017, p. 6.

32 Committee Hansard, 6 April 2017, p. 6.

33 Mrs Meryl Clarke, Assistant Secretary, Fraud Control, Department of Defence, Committee Hansard, 6 April 2017, p. 7.

34 Mrs Meryl Clarke, Assistant Secretary, Fraud Control, Department of Defence, Committee Hansard, 6 April 2017, p. 7.

17

industry to be one of the most effective controls available to ensure the proper use of relevant monies.35

3.36 Yet, the ANAO found that this control was no longer in use by Defence. The opportunity for authentic verification of the high volume of transactions in Defence's unique work environment introduced a range of challenges which were not being adequately addressed. Chief amongst these concerns were:

• the routine process for authorising the independent reviewer permits the card holder to designate their own supervisor, increasing the risk of collusion or fraud between individuals;

• a designated supervisor may be both distant from and unfamiliar with the actual nature of the work for which the claimed transaction occurred, making it difficult to challenge a transaction's authenticity; and

• a designated supervisor was commonly junior in status to the card holder

who undertook the transaction.

3.37 These last two concerns made it difficult, in practice, to dispute a transaction which the card holder had accepted.

3.38 Whilst Defence sought to address these concerns in the new governance framework for credit cards introduced in response to the audit, the specific provisions addressing the independent reviewer (the CMS Supervisor) controls subsequently disappeared from the governance framework attached to Defence's written submission to the inquiry.36 It appears that Defence has now removed this control from its processes.37 The control has been removed even though Defence's submission to this inquiry indicates that the risk of unauthorised use of a Defence credit card remains.

3.39 The Enterprise Wide Defence Credit Card Fraud Risk Assessment notes that the 'Card Management Supervisor acquittal' is scheduled to be removed with the introduction of automated transaction loads.38 Defence will instead, implement forensic, exception-based reporting to mitigate the risk.39 However, in a second attachment to the Defence submission, the Credit Card and Defence Financial Risk Controls Framework Work Plan for 2016-2017, says that:

35 Communication between the Secretariat and Dr Rowland (ANAO) in response to Questions on Notice inquiries, 12 April 2017.

36 See ANAO Report, 2016, Appendix 3, which advises: No.8 All credit cards are to be validated by a CMS Supervisor; and No 9: CMS Supervisors are deterred by the Group CFOs (or their delegate). These provisions were removed from the Governance Framework submitted in Submission 1, Department of Defence, Attachment B.

37 Communication between the Secretariat and Dr Rowland (ANAO) in response to Questions on Notice inquiries, 12 April 2017; it is understood that this control was removed as a result of Belcher Red Tape review. Defence is yet to respond to Questions on Notice on this matter.

38 Submission 1 Department of Defence, Attachment C: Enterprise Wide Risk Defence Credit Card Fraud Risk Assessment, Row 2.2.

39 The Fraud Risk Assessment schedules the control changes to take effect from 15 October 2016.

18

With the imminent removal of the requirement for CMS Supervisors to approve transactions in the CMS system, it has been directed that additional tests need to be developed to provide assurance over the transactions. One of these is a commitment to test every card at least once per year. This will add significant workload and requires additional resources and support.40

3.40 Defence is yet to advise whether additional resources and support have been assigned to implement the forensic, exception-based reporting, which Defence has asserted will mitigate the risk of removing one of the industry-recognised best practice controls.

Detective controls on purchase cards

3.41 Whilst the purchase card is subject to many of the same concerns canvassed regarding the travel cards, the inquiry highlighted three areas of concerns over the rigor of detective controls in relation to purchase cards:

(a) the payment of traffic infringements in contravention of Defence policy;

(b) expenditure inconsistent with AusTender guidelines; and

(c) seasonal patterns to spending which may indicate potential waste or poor planning.

Traffic infringements

3.42 Defence policy states that drivers are personally liable for all fines or penalties for traffic and driving infringements and offences imposed by civilian police and state and territory authorities arising out of use of a Defence vehicle. However, in its review of purchase card transactions, the ANAO audit found fifty transactions to the value of $35,000 where Defence paid fines to a state or territory authority for traffic infringements such as driving in a T-way or speeding in a school zone. There were also instances where Defence not only paid the initial infringement fine, but also paid subsequent fines imposed when fines were not paid by due dates because drivers were not identified and nominated by Defence.

3.43 The Defence Fraud Control Directorate reported that the reasons given by individuals or their work units for non-payment of fines include that the infringements occurred during charity events (implying that members were contributing as official representatives of Defence and thus the obligation to pay the fine referred back to the department); that local base instructions ‘did not advise’ Defence drivers not to drive in a T-way; and that the identified member was visiting a fellow Defence member in hospital due to an injury sustained during a workplace incident and therefore, the oversighting officer felt that Defence should carry the fine.

3.44 At ANAO’s instigation, Defence identified 119 traffic infringements paid by purchase cards between July 2012 and November 2015. Consequently, Defence's First Assistant Secretary, Audit and Fraud Control, wrote to the Chiefs of Services in January 2016 seeking an ‘assessment of the effectiveness of the management of traffic

40 Department of Defence, Submission 1, Attachment G: Credit Card and Defence Financial Risk Controls Framework Work Plan, dated 12 October 2016, p5.

19

fines’. Defence assured the audit team that it had 'strengthened its analytics function' and would ‘monitor relevant merchant categories' including examining cash withdrawals and traffic fines on a monthly basis.

3.45 During the inquiry, Defence agreed that the fact that a number of drivers who incurred fines were not identified was unacceptable. Defence advised that all infringements reported by the audit had been investigated, with reimbursement or other remediation effected in all but 15 such infringements.

Inconsistencies with AusTender

3.46 Since 2007 all Commonwealth entities are required to publish details of procurement contracts and entity agreements above the value of $10,000 and report these within 42 days. The ANAO audit reviewed Defence's largest 100 payments, ranging between $97,000 and $691,700 on the purchase card. It found numerous examples where procurement appeared to be inconsistent or contrary to the AusTender guidelines. These included issues such as:

(a) contract values reported on AusTender are incorrect;

(b) reporting occurs outside the timeframe;

(c) payments are incorrectly blocked from AusTender by CMS users;

(d) payments are not reported on AusTender;

(e) payments are recorded under the wrong supplier; and

(f) 1000 pairs of Purchase Card payments, which, on face value, should have been reported to AusTender were not because they were split into amounts less than $10,000.

3.47 It has previously come to light during an estimates hearing in October 2016 that a Defence staff member had purchased a large number of pairs of boots at a cost of $160,000 through a series of multiple transactions under $10,000 on his purchase

card. Investigations revealed that it was an authorised purchase by the logistics officer who had purchased the boots for the use of Duntroon staff. The committee was concerned that the series of multiple transactions, each just below $10,000, over a short space of time and totalling a significant sum of money, did not trigger any 'red flags' in Defence's system.

Seasonal patterns of expenditure

3.48 The ANAO audit identified seasonal patterns of expenditure for goods and services in May-June of each financial year, with corresponding evidence of requests to increase credit card limits which enabled card holders to exhaust budget allocations before the end of year financial cut-off. This was justified as routine expenses, such as regular utilities payments, stationery and furniture. Whilst the purchases may have been in accord with authorised approvals, the pattern of seasonal spending, in conjunction with one-off increases in card limits, indicated this could be a routine practice to exhaust budget allocations as the financial year drew to a close. There was also a suggestion that the payments were split to avoid Austender requirements.

20

3.49 The audit finding raised questions for the Committee about the efficiency and effectiveness of annual planning and expenditure, which Defence at the hearing was unable to address with confidence. When questioned by the Committee on the audit findings, Defence challenged the audit's interpretation that seasonality on card purchases was common, or, if it occurred, indicated an intention to exhaust budget allocations before the end of financial year in ways that were not economic or inefficient.

3.50 Defence claimed that the 'seasonality in purchase cards follows the natural ups and down in the business cycle'.41 Further, the Acting CFO explained: 'even if there may be a spike in the level of expenditure in those last few months…it is in low value items…86% of the transactions on defence purchasing card are for $2,000 or less.'42

3.51 Rather than reassuring the committee, Defence's responses reinforced the committee's concern about Defence's approach to credit card expenditure. As the Chair, Senator Gallacher, indicated:

I would have thought that would have meant that fraud control, risk processes, algorithm and analytics would have been in place since 2009 and we would not be having this inquiry. But they were not put in place in 2009 and in 2016, we saw an audit report which raised really big questions about those other 14 percent of transactions.43

3.52 The Defence acting CFO asserted that despite the audit's findings, Defence did have controls in place, noting that:

I appreciate that we spend more on credit cards ...but... as a percentage of our entire spend as a department, it is actually only two percent of our entire appropriation in any given year.44

3.53 This did not reassure the Committee Chair, who pointed out:

I think that you should have the strongest and the best controls of any department because you do more of it. You should have the algorithms; you should have the analytics. You should have the credit card issues giving you top services because you are paying them a fee.45

3.54 In an attempt to reassure the Committee, Defence indicated that, following the audit, Defence had introduced a rolling program and monthly analytics. In this process, Defence routinely review all purchases to ensure they are made with the requisite approval to make sure that purchases are cost-effective within a budgeted

41 Mr David Spouse, First Assistant Secretary Financial Services, Department of Defence, Committee Hansard, 6 April 2017, p. 11.

42 Ms Diamond, Acting Chief Finance Officer, Department of Defence, Committee Hansard, 6 April 2017, p.11.

43 Senator Gallacher, Committee Chair, Committee Hansard, 6 April 2017, p. 11.

44 Ms Diamond, Acting Chief Finance Officer, Department of Defence, Committee Hansard, 6 April 2017, p. 12.

45 Senator Gallacher, Committee Chair, Committee Hansard, 6 April 2017, p. 13.

21

plan. Had Defence found any expenditure which 'we considered did not represent a cost-effective way of doing business or that perhaps represented people trying to rush with undue haste to spend their budget, we would investigate that'.46

3.55 When asked by the Committee to explain the particular circumstances outlined in the audit report in relation to the matter of seasonality, Defence advised that they had not investigated the matter, even though the ANAO report had brought it to their attention over a year ago.

E-tickets and Cabcharge Fastcards

3.56 Whilst the Defence travel card is the preferred mode of payment for travel, Defence policy allows Cabcharge and E-tickets to be used in defined and limited circumstances.47 Defence policy requires that the use of Cabcharge FastCard and E-tickets is limited to recruits, trainees, students and members under 18years of age. Apart from these users, it is expected that all Defence personnel will use the travel card for taxi fares and car hire. The benefit to Defence and the Commonwealth of using the travel card is that there is no administrative surcharge fee.

3.57 Whilst expenditure against Cabcharge Fastcard and E-tickets is not high (less than $4500 for the three years covered by the audit), the ANAO found that Defence had not exercised adequate control over the issuing or use of FastCards or E-tickets. The audit found that there was no system in place, and little capacity to routinely monitor and manage the risk presented by the use of these cards.

3.58 The ANAO report found that central units in Defence did not know who Defence had issued Cabcharge to, how many or when. Although Defence decided to terminate Cabcharge ‘some years ago’, ‘a number’ remained on issue at the time of the audit.48 Defence did not know how many e-ticket accounts it held with Cabcharge even though the ANAO identified records of 261,158 taxi trips at a total cost of $16.28m over the three years of the audit. In addition, some 303 accounts were opened without proper authority, in contravention of Commonwealth policy that only a person delegated by the Finance minister may enter into a borrowing arrangement on behalf of the Commonwealth.

3.59 Defence admitted to the ANAO that there were concerns over a number of high-cost fares and the lack of justification for their use. Identified issues included:

(a) the use of E-tickets used when travel cards could have been used, with the 100 most expensive taxi fares incurred on e-tickets;

(b) the costs of these fares ranged between $425 and $840 for single fares; and

46 Mr Spouse, First Assistant Secretary Financial Services, Department of Defence, Committee Hansard, 6 April 2017, pp 15-16.

47 Cabcharge Fast cards are considered a credit card, as is the E-ticket, although the latter is technically a voucher but is recognised as credit by Defence’s Accountable Authority Instructions. ANAO Report, 2016, p.40.

48 ANAO Report, 2016, p. 42.

22

(c) a select group of 12 taxis each undertook 500 or more trips for Defence, many of them over long distances and at unusual hours.

3.60 The committee did not receive a clear explanation of these matters from Defence.

Fuel cards

3.61 The committee took an interest in the management of fuel cards, in light of the now-notorious instance of fraud, at a cost of $585,000 to the Commonwealth arising through inadvertent access to two fuel cards, gained by a person outside Defence, from a vehicle first garaged for repairs, then sold. This history framed the committee's exploration of issues around fuel card management and use, and the risk of fraud.

3.62 The ANAO audit found that the new arrangements under the whole of government fleet supply contract have allowed Defence to implement improved controls over its management and use of fuel cards. Whilst Defence's past management, as measured by overfill of fuel tanks and the frequency of odometer readings, reflected an 'ill-disciplined approach', the audit reported signs of (possible) improvements based on the odometer readings drawn between November 2015 and January 2016.49 Although the number and volume of overfills was substantial in 2014-2015, it ‘declined in the last six months of available records’.

3.63 Defence advised the committee that with the movement to new arrangements with SG Fleet, they have now instituted routine training on the use of fuel cards; and that a 'red flag' or exception report, is triggered by irregularities in the operation of the vehicle fleet. Defence was also able to reassure that committee that it had investigated and remedied the majority of outstanding traffic infringements which the ANAO audit had identified as paid by Defence cards in contravention of Defence policy.

3.64 Defence reassured the committee that controls had been implemented under the new arrangements with the SG Fleet, which had led to improvements. This included the introduction of daily exception reports, triggered by more than three suspicious overfills per vehicle, which requires the responsible unit transport supervisor to explain the discrepancy in writing. This, alongside the introduction of PINs for each fuel card (assigned to a vehicle) and work tickets for staff assigned to a vehicle, had strengthened Defence's capacity to identify and detect misuse or fraud. In addition to implementing new controls, Joint Logistics is also developing a series of training programs in collaboration with the Defence Learning Branch, which will be standardised across Defence.

Governance framework 3.65 As outlined in Chapter 1, Defence is subject to the PGPA, which establishes the responsibilities and duties of all non-corporate Commonwealth entities to ensure the proper use of relevant monies. As the largest and most well-resourced entity in the

49 Although it cautions against optimism, suggesting this may reflect seasonal low point in activity. ANAO Report, 2016, p.52

23

Commonwealth, the task facing Defence in its management of the financial resources at its disposal is considerable.

3.66 Good governance in the public sector comprises both performance and compliance. It encompasses how the entity manages its overall performance and the delivery of goods, services and programs—as well as how it ensures it meets the requirements of the law, regulations, published standards and community expectations of probity, accountability and openness.50

3.67 As the policy guidance set by the Commonwealth resource management framework acknowledges:

Public sector governance encompasses leadership, direction, control and accountability, and assists an entity to achieve its outcomes in a way that enhances confidence in the entity, its decisions and its actions. Good public sector governance is about getting the right things done in the best possible way, and delivering that standard of performance on a sustainable basis.51

New credit card governance framework

3.68 In response to the emerging audit findings, Defence introduced new governance arrangements for credit and other transaction cards. The primary intent was to improve monitoring and control arrangements.52 Defence also advised the ANAO, after the final audit was complete, that it 'now undertakes a range of analytical activities to investigate expenditure on a regular basis, including forensic accounting work and a newly developed credit card work program'.53 The ANAO audit noted that the introduction of new governance arrangements would 'require ongoing senior leadership attention to firmly establish'.

3.69 There were three related issues. Firstly, the audit identified many examples of card use contrary to Defence policy and procedures—yet none of these were identified by Defence's routine monitoring and analytics. Secondly, many of these shortcomings in card use identified by the audit could be traced to risks already identified, either internally or externally, sometimes years earlier. Yet, Defence had not put in place the recommended or agreed changes until compelled to do so by the audit findings. And thirdly, there were instances cited by the ANAO audit which indicated that Defence had reported to the Senate (or Parliament) that such changes had been introduced when the changes had not been implemented at the time the ANAO completed the audit. Often, it was not until the ANAO audit raised concerns that Defence instigated changes.

50 Department of Finance, Resource Management Guide No.001, Commonwealth Resource Management Framework Companion, 2015, p.5.

51 Department of Finance, Resource Management Guide No.001, Commonwealth Resource Management Framework Companion, 2015, p. 33, para.190.

52 ANAO Report, 2016, p7; see also Appendix 3: New arrangements for credit card governance in Defence, p66, January 2016; and see also Department of Defence Submission 1, Attachment B Department of Defence Credit Card Governance January 2016

53 ANAO Report, 2016, p. 7.

24

Defence's response to card use contrary to Defence policy and procedures

3.70 A majority of issues raised by the inquiry related to occasions where individuals, with or without authority, used a card in ways which were contrary to Defence, or Commonwealth, policy and procedures.

3.71 On more than one occasion during the hearing, Defence argued that, although the matters raised by the committee appear to demonstrate card use which is outside or contrary to Defence policy and procedures, this was not the case. For example, in a discussion about controls to block specific merchants, an official asserted that Defence was 'unique' and that staff often undertook activities that 'can appear to be perhaps, some sort of recreational activity quite often related to training and development and those sorts of transactions' but are 'perfectly within the guidelines' in venues, such as golf clubs, that 'corporate entities or other government departments might find unusual'. And in fact, 'we have not found anything that you would put into the fraudulent or suspected category'.

3.72 In relation to the $1.147 million purchase of rations for a planned military training exercise which incurred interest charges of $18,278, Defence repeatedly asserted that it was simply 'an inappropriate choice of payment method…a bad decision by an individual'. In this case, the committee was not reassured by Defence's explanation. Even if the choice of payment method was not fraudulent, the question remains whether it was an appropriate use of public money.

3.73 As the Commonwealth resource management framework advises, the government has a responsibility to ensure resources are allocated efficiently and effectively because it is handling taxpayers' money.54 This responsibility is devolved across all government entities, including Defence, through the Public Governance Act (PGPA). It is the responsibility of all officials working in Defence to apply practices and procedures in their day to day operations which meet the governance standards set by the PGPA.55

3.74 To achieve these standards, there needs to be effective training for individuals as well as strong organisational leadership in place. Whilst the recommendations of the First Principles Review clearly address the leadership of Defence, the instances reported by the ANAO audit where cards appeared to be used either in ignorance of, or disregard for, Defence policy and procedures point to the need for Defence to strengthen the level of information and training for individuals issued with a credit or transaction card.

3.75 While the role of training and education was outside the scope of the ANAO audit, the Defence submission advised that a training program around the use of credit and other transaction cards is in place and that information on obligations and

54 Department of Finance, Commonwealth Resource Management Framework Companion, 2015, p.6, para 8.

55 Department of Finance, Commonwealth Resource Management Framework Companion, 2015, p.5, para.5.

25

responsibilities, particularly the prevention of fraud, is provided routinely through the Defence newsletter, Ethics matters.

3.76 Defence advised the committee that a new training program on fuel cards had been one of the key strategies implemented to strengthen the effective application of controls around fuel cards and fleet management.

Vulnerability to Fraud

3.77 Whilst the ANAO audit did not identify specific instances of fraud, it did refer some cases to the Defence Fraud Control and Investigation Branch for further investigation. The audit also expressed concern at Defence's level of exposure to fraud, given the absence of effective controls and the lack of rigor in Defence's monitoring systems.56 The Australian Payments Clearing Association provided additional information to the inquiry which shows an increase in 'Card Not Present' or virtual card fraud in Australia.57 The Australian Institute of Criminology also provided evidence to the inquiry on the level of fraud identified within Commonwealth entities.58 This evidence suggests that, given the identified lack of rigour and absence of effective controls, Defence is vulnerable, particularly in relation to CNP fraud. As the largest Commonwealth agency in relation to expenditure through credit cards, this is a risk to manage. 59

3.78 The committee sought clarification from Defence's Military Justice Directorate on the processes and options available for bringing disciplinary or other charges related to the misuse of credit and other transaction cards. The Director of Military Justice is an independent statutory role, which reports quarterly to the Minister and the Service Chiefs.

3.79 The committee was particularly interested in the deterrence value represented by publicising convictions. The inquiry was advised that the Military Justice Court is a public court and its cause lists, although not as open as a civilian list, are publicised by the Registrar through the services newsletters. The Director's annual reports, which record annual convictions, are submitted to parliament and are available publicly.

56 These referred particularly to the use of E-tickets, such as high use of select taxis, multiple expensive fares and 'small hours' travel, See ANAO report 2016, p51; and a series of payments on purchase cards for traffic infringements, ANAO Report, 2016, p. 38.

57 Australian Payments Clearing Association, Australian Payments Fraud: Details and Data, 2016.

58 Russell G Smith, Penny Jorna, Australian Institute of Criminology, Statistical Report 01: Fraud against the Commonwealth: Report to Government, 2014.

59 The committee was advised by the Military Justice Directorate that six convictions had been reported to Parliament in 2016 - see Brig. Woodward, Director, Military Prosecutions, Department of Defence, Committee Hansard, 6 April 2017, p.28; ANAO advised Defence reported 5 cases to Parliament [House of Representatives, Questions in Writing, Department of Defence: Instances of Fraud or Theft (Question No. 1771) 2 February 2016], in 2014-2015 using the Defence Travel Card, ANAO Report, 2016, p. 30.

26

3.80 The Directorate advised the inquiry that the number of convictions for fraud were comparatively low and most of the convictions in the previous year related to fraud for allowances and benefits rather than credit and transaction card use. The Director was of the view that the extent of card fraud was low, possibly because of the amount of training on ethics and fraud prevention.

Triggers for change

3.81 There were a number of occasions identified by the ANAO audit where, despite Defence's own identification of risk, proposed changes to manage risk did not eventuate. For example, the audit found that Defence had identified an array of risks and proposed various controls in its 2009 fraud control plan, yet it was not until the ANAO audit in 2016 identified shortcomings arising from these very risks that Defence implemented controls, through its new governance framework, to address them.60

3.82 When the committee asked Defence to explain why controls were not instituted until 2016, when risk had been identified in 2009, Defence was unable to provide an explanation. In response to a question about why a risk identified in 2009 was not addressed until 2016, a Defence official responded:

I am not aware. I was not involved. And Ms Diamond was not involved in the administration of credit cards at that time. What we have done is this: we reacted during the development of the audit report to strengthen the controls, to review the limits and to put in place the sorts of measures we now have.61

3.83 This was not the only occasion where Defence was reluctant to take responsibility for shortcomings identified by the ANAO audit. There was more than one instance where Defence had made assurances to the Senate that it had undertaken change, yet the audit found that changes had not been put in place. For example, Defence had advised a supplementary estimates hearing as early as November 2013 that card merchant blockings had been put in place. However, as outlined by the audit, merchant blocking was not established until after the audit presented its findings in 2016.

3.84 Another example related to fuel card management. Defence advised the Senate (in June 2015) that ‘an arms-length’ assurance framework, which included compliance testing, had been in place since April 2015. However, the ANAO audit found that the effectiveness of the framework could not be determined until it was tested across all bases—which did not begin until September 2015 and was scheduled for completion by June 2016.

60 The strategies included the introduction of the blocks on merchant categories; inactive card cancellation; and actively monitoring card credit limits, and in some cases, lowering 'default' card limits.

61 Mr David Spouse, First Assistant Secretary Financial Services, Department of Defence, Committee Hansard, 6 April 2017, p. 2.

27

3.85 One major challenge for Defence is overcoming a history of institutional inertia when it involves implementing significant organisational change. As the First Principles Review acknowledged:

The current organisational model and processes are complicated, slow and inefficient in an environment which requires simplicity, greater agility and timely delivery. Waste, inefficiency and rework are palpable. Defence is suffering from a proliferation of structures, processes and systems with unclear accountabilities. These in turn cause institutionalised waste, delayed decisions, flawed execution, duplication, a change-resistant bureaucracy, over-escalation of issues for decision and low engagement levels amongst employees.62

3.86 Whilst the First Principles Review acknowledged that it had not considered the transactional work, such as that encompassed by credit and other transaction cards, the review did observe:

Our experience, as well as others we have spoken to, suggest that routine administrative transactions such as travel, accounts payable and computer support involve unnecessary dense manual processes and rework. Poor processes have clearly been established and inefficiencies abound. Such transactional work, especially when it is poorly done, is a distraction from the Defence mission.63

3.87 The Review's observations, and the principles on which they are based, are as relevant to the governance of credit and other transaction cards as they are to Defence's investment in its defence capability.

62 Department of Defence, First Principles Review: Creating One Defence, 2015, p.13.

63 Department of Defence, First Principles Review: Creating One Defence, 2015, p.50.

28

Chapter 4

Committee view and recommendations 4.1 There is no doubt that the monies spent by Defence on credit and other transaction cards can be too easily overshadowed by the magnitude of its total budget of $32.337 billion. The committee observed throughout the inquiry that the $550 million spent by Defence on operational costs through credit and other transaction cards in 2014-15 is a substantial amount of public monies, noting that access to such privileges as credit and other transaction cards also brings responsibility.

4.2 Defence must demonstrate and pursue a proactive, rigorous and systemic approach to its management of credit and other transaction cards to maintain the confidence of the community and the Parliament. Unfortunately, the committee is not convinced that Defence has put in place the systems and controls to instil confidence in its management of credit and other transaction cards.

4.3 The committee is firmly of the view that irrespective of the size and scope of Defence's resource management, the principles of good governance enshrined in the Public Governance Act (PGPA) apply equally to Defence's management of credit and other transaction cards and the resources it dedicates to achieving a substantial defence capability. This includes the effective, efficient, economic and ethical use of all resources to achieve organisational performance.

4.4 As noted earlier, the devolution of responsibilities to individuals arose through implementation of the recommendations of the Defence Efficiency Review in 1996, in an effort to secure administrative efficiencies through engaging responsibility at the individual levels at which activity occurs. Yet, as noted, a review of the Defence Reform Program in 2001 signalled caution even then, about the actual efficiencies these reforms would generate in the long-term.

4.5 The committee appreciates that moving from a centrally-focused administration to the devolved responsibilities required to reach the standards set by the PGPA presents challenges for an organisation of Defence's size and scale. However, the committee is of the view that it is precisely because of Defence's size and scale that it should be setting a standard of excellence in financial management and accountability across the Commonwealth.

4.6 The committee also notes that a reduction in unit administrative staff (who used to conduct reconciliations) was one of the intended cost saving outcomes of the DER and DRP but that as with many such “efficiency measures”, it has had unintended consequences. When Government imposes future efficiency measures and Defence implements them, lessons such as this (as well as the opportunity cost of highly qualified engineers and other senior personnel spending their time doing a clerical work rather than their core duty) must be considered when assessing whether the measures do in fact represent value for money in the medium to long term.

4.7 The evidence from the inquiry pointed to the need for Defence to put in place systems to manage monies consistent with Defence's duties and responsibilities under

30

the standards set by the PGPA. Yet this inquiry has illustrated shortcomings in Defence's acknowledgement of its responsibility to manage its resources to meet those standards. Whilst fraud prevention and investigation is absolutely necessary, it is not enough, particularly as Defence moves towards a projected investment of 2 per cent of Australia's GDP by 2020.

4.8 During the hearing with Defence, the officials defended irregularities identified by the Australian National Audit Office (ANAO) audit report with the argument that no fraud had occurred or been detected. Yet many of the irregularities, explained by individual bad decision-making or contrary to Defence policy, incurred a significant cost through waste and poor use of economic resources. The challenge for Defence is to find an appropriate balance between the unique operational parameters of a large, varied and mobile workforce which requires ready and frequent access to cash, and the responsibility for ensuring those resources are used sensibly.

4.9 The committee is of the view there needs to be a stronger commitment by Defence to identify and resolve the irregularities and ensure the ANAO report's recommendations are fully implemented. To this end, the committee is of the view that the ANAO should undertake further regular performance audits to monitor Defence's management of credit and other transaction cards and the implementation of its recommendations.

4.10 The committee is also aware that Defence's management of credit and other transaction cards would be a matter of interest to the Joint Committee of Public Accounts and Audit (JCPAA), particularly in light of its ongoing oversight role of the PGPA.

Recommendation 1

4.11 The committee recommends that the Minister for Defence directs the Australian National Audit Office to undertake biennial performance audits of the Department of Defence's management of credit and other transaction cards to ensure:

(a) recommendations from the 2015-16 performance audit are implemented in full; and

(b) Defence complies with performance standards set by the Public Governance, Performance and Accountability Act 2013.

Recommendation 2

4.12 The committee recommends that the Joint Committee of Public Accounts and Audit include the Department of Defence's management of credit and other transaction cards and its compliance with the Public Governance, Performance

and Accountability Act 2013, as part of its ongoing work program.

Controls on credit and other transaction cards 4.13 Although the committee accepts that Defence is implementing a new policy on card activation, it was concerned that Defence appeared lax about implementing such controls in the past, even when its own Fraud Control Plans recognised the risk was present.

31

4.14 The committee supported Defence's move to finally implement a more rigorous approach to merchant blocking. But the committee was not satisfied with Defence's responses during the inquiry. The committee required additional information from Defence to explain how $15,000 was spent over eight years using travel cards on a category which was supposedly blocked; and a further $3.3 million was spent using purchase cards in the same category without any blocks in place. The committee wanted to know how transactions in blocked categories could be accepted for payment without triggering 'red flags' in Defence's own monitoring systems. Defence is yet to provide this information to the committee.

4.15 Defence was unable to advise the committee whether, or how often, travel was not conducted in accordance with approvals and over-payments reimbursed accordingly. The committee asked Defence to provide this information but it was not made available before this report was finalised.

4.16 The committee was concerned that Defence's response to the apparent 'seasonality' of end of financial year payments, and the ensuing increases to card limits, reflected a disregard for efficient and effective resource management. Sound and rigorous corporate planning and performance is essential to ensure resources are spent wisely.

4.17 During the hearing with Defence, officials did not adequately respond to the committee's concern that a very high number of transactions are signed off by the individual incurring the expenses, with no other checks on the integrity of the transactions.

4.18 Although Defence expanded on the controls in place to acquit travel allowances, the committee was not reassured that there was sufficient rigour to the processes to ensure that travel approvals were always appropriately acquitted. The after-travel certification process relied primarily on an individual's verification that travel had been conducted in accordance with the approval. The extent of Defence's reliance on card holder verification of transactions or auto-acceptance of transactions led, in the committee's view, to a softness in the acquittals process which is unacceptable.

4.19 According to the ANAO audit, the cost of advancing cash to Defence personnel for travel during 2014-15 was nearly $900,000 in interest charged to the Department. The committee is concerned that Defence persists with this practice, especially in the absence of independent checks on travel acquittals. The committee did not find Defence's rationale for cash advances persuasive and is of the view that the cost to the Commonwealth is unacceptable. Defence's argument that the interest generated by cash advances is justified because cash advances are a condition of members' employment does not reflect best practice in the public and private sectors and should be re-examined.

4.20 The committee was surprised by Defence's apparent inability to accept the inherent financial risks associated with cash advances through the lens of Defence's obligations under the PGPA. This concern related to both the physical and virtual use of travel and purchase cards. The committee was not persuaded by Defence's

32

explanation that the interest generated through cash advances, on either travel or purchase cards, could be justified as a reasonable cost to the Commonwealth.

4.21 Whilst some of these concerns could be allayed through the implementation of more rigorous controls and stronger performance management, the committee formed the view that the use of credit cards for cash advances and the opportunity for independent verification of the integrity of transactions for both travel and purchase cards should be re-examined by Defence in collaboration with the Department of Finance and the ANAO. This is particularly pertinent in light of the expectation that the Department of Finance will re-tender arrangements for credit and other transaction cards across whole-of-government in the next 12 months.

Recommendation 3

4.22 The committee recommends that the Department of Defence re-examine the use of credit cards for cash advances and their acquittal processes, including independent verification of transactions for travel and purchase cards, in collaboration with the Department of Finance and the Australian National Audit Office.

Taxis and car hire

4.23 The committee accepts that Defence requires access to some form of Cabcharge vouchers and e-tickets for the use of recruits and trainees, particularly those below the age of 18 years. During the inquiry, the committee sought reassurance that Defence had in place processes which would ensure that personnel incurring taxi and car hire costs made proper use of public money and used taxis at public expense only for official purposes and where it is the most cost effective means of travel, and with due consideration for security, reliability and access. This reassurance was not provided to the committee.

4.24 The committee was also concerned by the evidence contained in the ANAO report of irregularities including the high use of specific individual taxis, multiple expensive taxi fares and 'small hours' travel. The committee asked Defence to investigate the specific situations cited in the ANAO report.

Recommendation 4

4.25 The committee recommends that the Department of Defence ensure that it fully addresses the issues identified in the Australian National Audit Office audit report on the use of taxis and car hire, including:

(a) ensuring adequate controls are in place to effectively manage taxi and car hire for those unable to use the Defence travel card; and

(b) investigating the high use of specific individual taxis, multiple expensive taxi fares and 'small hours' travel. The results of this investigation should be made publicly available on the Defence website.

Fuel cards management

4.26 The committee was encouraged by Defence's advice on the steps taken to investigate and redress outstanding traffic infringements and improve fleet

33

management, including reducing the risk of fuel fraud. The committee welcomed the opportunity for updated information, when available, on the outcomes of the review of fuel management arrangements currently underway.

Governance framework 4.27 The committee commends the changes arising from the introduction of the new governance framework under the PGPA. The committee acknowledges, however, that the evidence indicates Defence still has much work to do to strengthen the effectiveness of controls and fully implement the findings of the ANAO audit.

4.28 Lack of accountability in relation to Defence's proper use of relevant monies was a major concern for the committee during the inquiry. The committee is concerned by examples which show an individual's use of a credit card was not consistent with Defence or Commonwealth policy. Too often, irregularities in credit card use suggested either a disregard for, or intention to circumvent, Defence policy. Yet these irregularities did not trigger any 'red flags' in Defence's management systems.

4.29 Some instances, such as the occasion where over $1.1 million was spent on provisions for a major military exercise, resulting in interest charges of $18,278 to the Commonwealth taxpayer, are of major concern.

4.30 The committee recognises that Defence has taken steps to implement the recommendations of the ANAO audit. However, the committee believes it is critical that Defence continues to engage in the management of credit and other transaction cards and attend to the risks identified by the ANAO audit. A key step which Defence should take is to share its experiences with the Department of Finance as it scopes the new arrangements for the forthcoming whole-of-government tender in relation to travel cards.

4.31 Beyond the new arrangements for travel cards, it is important that Defence take steps to ensure that its governance of credit and other transaction cards also aligns with the move to a stronger performance-oriented culture under the changes instigated through the One Defence business model.

4.32 The ANAO audit did not identify actual occasions of fraud. The audit did, however, find that in the absence of effective controls Defence remains vulnerable to the risk of fraud, especially in a payments environment which is moving increasingly towards the use of virtual cards. Despite evidence of convictions for fraud in military jurisdictions, the committee is of the view that this information is not readily available publicly. Any deterrence value across the Defence community arising from awareness of such convictions may therefore be limited.

Recommendation 5

4.33 The committee recommends that the Department of Defence be more transparent in reporting disciplinary action taken against individuals found to have committed credit card fraud, whether steps taken are administrative or judicial in nature. This should include publishing the outcomes of disciplinary or criminal action on the Defence website and in service newspapers.

34

4.34 The extent of instances where the use of cards indicates either a disregard or ignorance of Defence policy and procedures raises questions about the effectiveness of current programs for education, training and communication across Defence. While the committee did not receive evidence on the effectiveness of Defence's training and education programs around the use of credit and other transaction cards, the committee is of the view that Defence should be doing more to educate its workforce in this area. Specifically, Defence should strengthen its education programs to ensure that officers issued with a credit card receive clear written and verbal directives regarding their obligations and responsibilities in using Commonwealth resources.

Recommendation 6

4.35 The committee recommends that the Department of Defence evaluate its current training, education and information programs in relation to the use of credit and other transaction cards to ensure compliance with the performance standards set by the Public Governance, Performance and Accountability Act 2013.

Senator Alex Gallacher Chair

Appendix 1

Submissions

1. Department of Defence

2. Michael Wunderlich

36

Appendix 2

Tabled documents and Additional information

Tabled documents

1. Opening statement from the Australian Institute of Criminology, tabled at public hearing held on 7 March 2017.

2. 'Facilitating Supplier Payment Through Payment Card: resource management guide no. 416.' tabled by Department of Finance at a public hearing held on 7 March 2017.

Additional information

1. 'Proposals for an optimal system of assurance and audit', Department of Defence, received 3 April 2017.

2. Smith, Russell G., and Penny Jorna, Australian Institute of Criminology, Statistical Report 01: Fraud against the Commonwealth: Report to Government 2014.

3. Australian Payments Clearing Association, Australian Payments Fraud Details and Data, 2016.

4. Australian National Audit Office, Defence's Management of Credit and other Transaction Cards, Report No.33 2015-16, Performance Audit, 2016.

Answers to questions on notice

1. Australian National Audit Office - response to question on notice from a public hearing held on 7 March 2017.

2. Department of Finance - response to questions on notice from a public hearing held on 7 March 2017.

3. Department of Finance - Attachment: 'Statement of requirements, travel and related card services' - response to questions on notice from a public hearing held on 7 March 2017.

4. Department of Finance - Attachment: 'Travel and Related cards tender' - response to questions on notice from a public hearing held on 7 March 2017.

5. Department of Finance - supplementary response to questions on notice from a public hearing held on 7 March 2017.

38

Appendix 3

Public hearings

Tuesday 7 March 2017

Australian National Audit Office

Dr Tom Ioannou, Group Executive Director, Performance Audit Services Group

Dr David Rowlands, Senior Director, Performance Audit Services Group

Department of Finance

Mr John Sheridan, First Assistant Secretary, Technology and Procurement, Commercial and Government Services

Ms Thea Daniel, Assistant Secretary, Governance and Public Management Reform Taskforce, Governance and APS Transformation

Attorney-General's Department

Mr Andrew Rice, Assistant Secretary, Identity and Protective Security Policy Branch

Mr Andrew Lawrence, Senior Legal Officer, Protective Security and Fraud, Identity and Protective Security Branch

Australian Institute of Criminology

Dr Rick Brown, Deputy Director Research

Dr Russell Smith, Principal Criminologist

Thursday 6 April 2017

Department of Defence

Ms Angela Diamond, Acting Chief Finance Officer

Mr Tom Clarke, First Assistant Secretary Audit and Fraud Control

Mr David Spouse, First Assistant Secretary, Financial Services

Mrs Meryl Clarke, Assistant Secretary, Fraud Control

Ms Leonie Neiberding, Director Financial Operations

Major General David Mulhall, DFC, AM, CSC, Commander Joint Logistics

Brigadier Jennifer Woodward, CSC, Director, Military Prosecutions

40

Appendix 4

Relevant Excerpts from the Public Governance Performance and Accountability Act 2013

1.1 The Public Governance, Performance and Accountability Act 2013, is the cornerstone of the public management reform agenda which aims to modernise the resource management framework of the Australian government to support high quality resource management and performance. The PGPA 2013 is the first Stage, Stage 2 & 3 are progressing. Stage 2 focuses on the enhanced Commonwealth performance framework; and Stage 3 builds on Stages 1&2 to explore specific elements of the resources management framework. 1

1.2 Cascading down from the Act are the facilitating rules and guidelines including, Commonwealth Procurement Rules: Achieving Value for Money, (revised) 1 March 2017; and the supporting guidelines, Facilitating Supplier Payment through Payment Card, Resource Management Guide No 416, November 2016.

1.3 Under the PGPA, the accountable authority is the Secretary or Chief Executive who has responsibility for and control over the entity's operations.2 The accountable authority will establish internal controls and risk management systems to ensure that officials use and mange public resources properly, to achieve the purpose of the entities, and do not impose unnecessary red tape and resource learning module.3

1.4 The PGPA establishes "whole of system concepts, standards and requirements that apply to all entities in the Commonwealth", including a "…common standard for proper use (efficient, effective economical and ethical) that applies to the use and management of all public resources, no matter whose hands they are in."4

1.5 All four elements need to be considered when looking at the proper use of relevant resources.5 The official’s consideration must extend to whether the management of resources is:

1 See https://www.legislation.gov.au/Details/C2016C00414 at www.legislation.gov.au

2 Resource Management Guide No.200

3 See http://www.finance.gov.au/publications/elearning/resource-management/crm-module1/a001_module_1_4.2._accountable_authorities.html

4 Australian Government, Department of Finance, Resource Management Guide No.001, Commonwealth Resource Management Framework Companion, November 2015, p23

5 Australian Government, Department of Finance, Resource Management Guide No.001, Commonwealth Resource Management Framework Companion, November 2015, p48-49

42

(a) Efficient: the proposed commitment is the most suitable way to deliver the desired result; opportunities for abuse, mismanagement, error, fraud, omissions and other irregularities can be minimised.

(b) Effective: the proposed commitment is going to produce the desired result taking into account the purpose and objectives of the entity or program (as set out in entity's corporate plan).

(c) Economical: avoids waste; is the best cost option to deliver expected results; can be met from available resources or appropriations.

(d) Ethical: the proposed commitment is consistent with the core beliefs and values of society; complies with general duties of officials in s25-29 of PGPA Act.6

1.6 The PGPA requires Defence, as a non-corporate commonwealth entity to manage the risks associated with the proper use of (relevant) monies through

o Ensuring officials understand their duties and responsibilities for the proper use of monies

o Identifying and establishing enterprise-wide means to manage that risk through internal controls.

o Reporting on performance in the exercise of those controls.7

1.7 The Act prescribes the adoption of internal controls which “should promote proper use of relevant money” by:

o aligning the internal financial delegations and authorisations in the entities with clear instructions on the policies and rules that officials must adhere to;

o addressing the risk associated with the use of relevant money in the entity; and

o clarifying any other requirement that apply to the use of relevant money.8

6 Section 25-29 describes a Commonwealth official’s duties and responsibilities as follows: s25: a duty of care and diligence; s26: a duty to act honestly in good faith and for a proper purpose; s27: a duty in relation use of position; s28: a duty in relation to use of information; and s29: a duty to disclose interests

7 Australian Government, Department of Finance, Resource Management Guide No.001, Commonwealth Resource Management Framework Companion, November 2015, p3 and PART 2 for more details.

8 Australian Government, Department of Finance, Resource Management Guide No.001, Commonwealth Resource Management Framework Companion, November 2015, p48-49