Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Auditor-General—Audit report No. 34 of 2020-21—Performance audit—Implementation of ANAO and parliamentary committee recommendations — Department of Defence: Department of Defence


Download PDF Download PDF

The Auditor-General Auditor-General Report No. 34 2020-21 Performance Audit

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

Department of Defence

Australian National Audit Office

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

2

© Commonwealth of Australia 2021

ISSN 1036-7632 (Print) ISSN 2203-0352 (Online) ISBN 978-1-76033-638-7 (Print) ISBN 978-1-76033-639-4 (Online)

Except for the content in this document supplied by third parties, the Australian National Audit Office logo, the Commonwealth Coat of Arms, and any material protected by a trade mark, this document is licensed by the Australian National Audit Office for use under the terms of a Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 Australia licence. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/3.0/au/.

You are free to copy and communicate the document in its current form for non-commercial purposes, as long as you attribute the document to the Australian National Audit Office and abide by the other licence terms. You may not alter or adapt the work in any way.

Permission to use material for which the copyright is owned by a third party must be sought from the relevant copyright owner. As far as practicable, such material will be clearly labelled.

For terms of use of the Commonwealth Coat of Arms, visit the It’s an Honour website at https://www.pmc.gov.au/government/its-honour.

Requests and inquiries concerning reproduction and rights should be addressed to:

Senior Executive Director Corporate Management Group Australian National Audit Office GPO Box 707 Canberra ACT 2601

Or via email: communication@anao.gov.au.

A

uditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

3

C

anberra ACT

12 April 2021

Dear Mr President Dear Mr Speaker

In accordance with the authority contained in the Auditor-General Act 1997, I have undertaken an independent performance audit in the Department of Defence. The report is titled Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence. Pursuant to Senate Standing Order 166 relating to the presentation of documents when the Senate is not sitting, I present the report of this audit

to the Parliament.

Following its presentation and receipt, the report will be placed on the Australian National Audit Office’s website — http://www.anao.gov.au.

Yours sincerely

Grant Hehir Auditor-General

The Honourable the President of the Senate The Honourable the Speaker of the House of Representatives Parliament House Canberra ACT

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

4

AUDITING FOR AUSTRALIA

The Auditor-General is head of the Australian National Audit Office (ANAO). The ANAO assists the Auditor-General to carry out his duties under the Auditor-General Act 1997 to undertake performance audits, financial statement audits and assurance reviews of Commonwealth public sector bodies and to provide independent reports and advice for the Parliament, the Australian Government and the community. The aim is to improve Commonwealth public sector administration and accountability.

For further information contact: Australian National Audit Office GPO Box 707 Canberra ACT 2601

Phone: (02) 6203 7300 Email: ag1@anao.gov.au

Auditor-General reports and information about the ANAO are available on our website: http://www.anao.gov.au

Audit team

Grace Guilfoyle Elizabeth Wedgwood James Sheeran Michelle Page

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

5

Contents Summary and recommendations .................................................................................................................... 7

Background ............................................................................................................................................... 7

Conclusion ................................................................................................................................................. 8

Supporting findings .................................................................................................................................... 9

Recommendations ................................................................................................................................... 11

Summary of Department of Defence response ....................................................................................... 11

Key messages from this audit for all Australian Government entities ..................................................... 12

Audit findings .............................................................................................................................................. 15

1. Background ............................................................................................................................................. 16

Introduction .............................................................................................................................................. 16

Previous audits ........................................................................................................................................ 16

Timeliness of responses to parliamentary committees ........................................................................... 18

Rationale for undertaking the audit ......................................................................................................... 22

Audit approach ........................................................................................................................................ 22

2. Governance ............................................................................................................................................. 25

Did Defence have established processes and responsibilities for responding to recommendations? ............................................................................................................................. 25

Did Defence have systems in place to track the implementation of recommendations? ........................ 27 Has Defence established entity-level arrangements to provide the accountable authority with advice and assurance on the implementation of agreed recommendations? .................................... 36 3. Implementation of recommendations ...................................................................................................... 38

Did Defence develop an implementation plan for each of the selected recommendations? .................. 39 Was implementation monitored for each of the selected recommendations? ........................................ 41 Was implementation of the selected recommendations completed in the agreed timeframe? ............... 43 Were the selected ANAO recommendations implemented in full and closed in accordance with

requirements? .................................................................................................................................... 45

Were the selected parliamentary committee recommendations implemented in full and closed in accordance with requirements? ......................................................................................................... 58

Were report back requirements to parliamentary committees satisfied? ................................................ 78

Appendices ................................................................................................................................................. 79

Appendix 1 Department of Defence response ....................................................................................... 80

Appendix 2 Methodology for selecting the audit sample ....................................................................... 82

Appendix 3 ANAO and parliamentary committee recommendations examined in this audit ................ 87 Appendix 4 System controls to maintain complete and accurate data .................................................. 93

Auditor-General Report No.34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

 The appropriate and timely implementation

of agreed recommendations is an important part of realising the full benefit of a parliamentary inquiry or an ANAO performance audit.

 This is the third in a recent series of audits

that examine whether entities have implemented recommendations in line with commitments made to the Parliament.

 The audit examined recommendations

directed to the Department of Defence.

 With respect to the 32 agreed

parliamentary committee and ANAO performance audit recommendations examined in this audit, the ANAO assessed 15 (46.9 per cent) as implemented, six (18.8 per cent) as largely implemented, four (12.5 per cent) as partially implemented and seven (21.9 per cent) as not implemented.

 Defence has appropriate governance

arrangements for responding to, monitoring and implementing ANAO recommendations and partially appropriate governance arrangements for parliamentary committee recommendations.

 The Auditor-General made three

recommendations directed at strengthening guidance, ensuring the implementation of recommendations is subject to periodic risk review and monitoring, and improving the clarity of responses. The Department of Defence agreed to all three recommendations.

 A schedule of outstanding Government

responses to parliamentary committee reports is presented to Parliament at approximately six monthly intervals. Two per cent of Senate committee reports and nine per cent of House of Representatives committee reports were responded to within the agreed timeframe across the Australian Government.

10 out of 18 (56%) Agreed Parliamentary committee recommendations fully or largely implemented by Defence.

11 out of 14 (79%) Agreed ANAO recommendations fully or largely implemented by Defence.

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

7

Summary and recommendations

Background 1. As a department of state and a material entity, the Department of Defence (Defence) regularly receives recommendations as part of parliamentary committee inquiries and external audit activity by the Australian National Audit Office (ANAO).

2. Parliamentary committee inquiries and ANAO performance audits identify risks to the successful delivery of outcomes and generally provide recommendations to address them. Successful implementation of agreed recommendations requires strong senior management oversight and monitoring, with timely implementation approaches, which set clear responsibilities and timelines for addressing the required actions.1

3. Committees of the Australian Parliament, including the Joint Committee of Public Accounts and Audit (JCPAA), consist of members from either or both Houses of Parliament. Parliamentary inquiries are used by committees to ‘investigate specific matters of policy or government administration or performance’.2

4. The purpose of the ANAO is to support accountability and transparency in the Australian Government sector through independent reporting to the Parliament, and thereby contribute to improved public sector performance.3 The ANAO identifies areas where improvements can be made to aspects of public administration and makes specific recommendations to assist public sector entities to improve their program management.4 The primary role of the Auditor-General for Australia is to assist the Parliament in its role of scrutinising the exercise of authority and the expenditure of public funds by the Executive arm of the Commonwealth.5

Rationale for undertaking the audit

5. Reports of parliamentary committees and the ANAO identify risks to the successful delivery of outcomes and areas where administrative or other improvements can be made. The appropriate and timely implementation of agreed recommendations is an important part of realising the full benefit of a parliamentary inquiry or an audit and for demonstrating accountability to the Parliament.6

1 Auditor-General Report No.46 2019-20 Implementation of ANAO and Parliamentary Committee Recommendations—Education and Health Portfolios, p. 14, [Internet], ANAO, available from https://www.anao.gov.au/work/performance-audit/implementation-anao-parliamentary-committee-recommendations-education-health-portfolios, [accessed January 2021].

2 Parliament of Australia, Committees, [Internet], Parliament of Australia, available from https://www.aph.gov.au/Parliamentary_Business/Committees [accessed January 2021]. 3 Australian National Audit Office (ANAO), ANAO Corporate Plan 2020-21 [Internet], ANAO, available from https://www.anao.gov.au/work/corporate/anao-corporate-plan-2020-21 [accessed January 2021]. 4 ibid.

5 Joint Committee of Public Accounts, Report 346: Guarding the Independence of the Auditor-General, October 1996, p. 56. The Committee further commented that the Auditor-General ‘works first and foremost for the Parliament’ (p. 35). 6 Auditor-General Report No.46 2019-20 Implementation of ANAO and Parliamentary Committee

Recommendations—Education and Health Portfolios, p. 20, [Internet].

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

8

6. This is the third in a recent series of audits that highlight whether entities have implemented recommendations in line with commitments made to the Parliament.7

Audit objective and criteria

7. The audit objective was to examine whether the Department of Defence (Defence) implemented a selection of agreed parliamentary committee recommendations and ANAO performance audit recommendations.

8. To form a conclusion against the audit objective, the following high level audit criteria were used:

• Does Defence have appropriate governance arrangements in place to respond to, monitor and implement recommendations?

• Were agreed recommendations effectively implemented?

9. The ANAO reviewed Defence’s implementation of 32 agreed recommendations, comprising 18 parliamentary committee recommendations and 14 ANAO performance audit recommendations. The recommendations of three parliamentary committees were considered for inclusion, on the basis that these committees were most likely to have made recommendations relating to Defence — the Joint Committee of Public Accounts and Audit; the Joint Standing Committee on Foreign Affairs, Defence and Trade; and the Senate Standing Committee on Foreign Affairs, Defence and Trade.

Conclusion 10. With respect to the 32 agreed parliamentary committee and ANAO performance audit recommendations examined in this audit, the ANAO assessed 15 (46.9 per cent) as implemented, six (18.8 per cent) as largely implemented, four (12.5 per cent) as partially implemented and seven (21.9 per cent) as not implemented.

11. Defence has appropriate governance arrangements for responding to, monitoring and implementing ANAO recommendations and partially appropriate governance arrangements for parliamentary committee recommendations. Defence has enterprise-level governance arrangements to provide the accountable authority with advice and assurance on the implementation of agreed ANAO recommendations. Defence recently introduced enterprise-level governance arrangements to provide the accountable authority with advice and assurance on the implementation of agreed parliamentary committee recommendations, with the introduction of an amended Defence Audit and Risk Committee (DARC) charter in August 2020. Defence’s governance arrangements in relation to the implementation of parliamentary committee recommendations remain a work in progress and the department does not yet have in place a full suite of appropriate governance arrangements.

12. The DARC has received status reports on all active ANAO and internal audit recommendations since December 20198, and commenced oversight of the implementation of

7 ANAO performance audits are prepared for presentation to Parliament. Entity agreement to implement a recommendation(s) made in an ANAO audit is therefore a commitment to the Parliament. 8 Prior to December 2019 reporting to DARC was largely limited to high level summary information or information on recommendations that were closed during the period between DARC meetings or classed as overdue. See

paragraph 3.13 for further discussion.

Summary and recommendations

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

9

parliamentary committee recommendations in August 2020 following the amendment to its charter. Prior to the amendment, there was no coordinated enterprise-level reporting on the implementation of parliamentary committee recommendations and Defence activity was focussed on the provision of government responses.

13. For the 18 parliamentary committee recommendations examined in this audit, the ANAO assessed eight as implemented, two as largely implemented, three as partially implemented and five as not implemented (see Table 3.14). For the 14 ANAO recommendations examined, the ANAO assessed seven as implemented, four as largely implemented, one as partially implemented and two as not implemented (see Table 3.3).

Supporting findings

Governance

Did Defence have established processes and responsibilities for responding to recommendations?

14. Defence has established processes and responsibilities for responding to ANAO audit and parliamentary committee recommendations, although not all processes are clearly documented. Guidance supporting the management of responses to ANAO audit recommendations was not always clear, consistent and/or complete; and documentation to support the management of responses to parliamentary committee recommendations was in draft form. Proposed Defence guidance for responding to parliamentary committee recommendations did not reference and was not consistent with parliamentary guidance.

Did Defence have systems in place to track the progress of recommendations?

15. Defence has a system in place to track the implementation of ANAO recommendations but guidance is not always clear, consistent or complete. Defence did not have a system in place to track the implementation of parliamentary committee recommendations. Defence has added a new module to the Parliamentary Document Management System (PDMS)9 that will enable it to track progress of parliamentary committee recommendations and was in the process of preparing related guidance in February 2021.10

Has Defence established entity-level arrangements to provide the accountable authority with advice and assurance on the implementation of agreed recommendations?

16. Defence had enterprise-level governance arrangements to provide the accountable authority with advice and assurance on the implementation of agreed ANAO recommendations. Defence had no enterprise-level governance arrangements to provide the accountable authority with advice and assurance on the implementation of agreed parliamentary committee recommendations, prior to the introduction of an amended DARC charter in August 2020. The ANAO’s review of minutes from the DARC’s September and November 2020 meetings indicates

9 The PDMS is operated by the Department of Finance and offers a whole-of-government parliamentary workflow. It is a digital platform that supports Ministerial level correspondence, briefings and submissions; Parliamentary Questions on Notice; Senate Estimates Briefings and Questions on Notice; Executive level communications; and general communications and media. 10 Defence provided the ANAO with its full suite of updated PDMS guidance on 23 February 2021.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

10

that the DARC has agreed to reporting changes that will support the future provision of advice and assurance on the implementation of agreed parliamentary committee recommendations.

Implementation of recommendations

Did Defence develop an implementation plan for each of the selected recommendations?

17. Defence had implementation plans, known as Management Action Plans (MAPs), for 12 of the 14 ANAO recommendations examined in this audit. Defence did not require implementation plans for parliamentary committee recommendations and consequently none of the 18 parliamentary committee recommendations examined in this audit had an implementation plan.

Was implementation monitored for each of the selected recommendations?

18. Twelve of the 14 ANAO recommendations selected for review were monitored by Defence’s Audit and Fraud Control Division. From December 2019, the DARC has received status reports on all active ANAO and internal audit recommendations although, for some recommendations, information was limited. Prior to this time, reports to the DARC were either summary information or recommendations classified as overdue or closed.

19. The DARC commenced oversight of parliamentary committee recommendations in August 2020.11 Prior to this time, there was no coordinated enterprise-level reporting on the implementation of parliamentary committee recommendations and Defence activity was focussed on the provision of government responses to parliamentary committee recommendations.

Was implementation of the selected recommendations completed in the agreed timeframe?

20. For the 13 ANAO recommendations that had recorded target implementation dates, only three were closed: before the implementation date established in the MAP; or the revised implementation date established after an extension had been granted. The recommendations

closed after the MAP date or revised date were closed an average of 61 days after the implementation date. In seven instances where extensions were sought for the implementation of ANAO recommendations, only one of the extension requests was made in accordance with Defence requirements.

21. For the eight parliamentary committee recommendations where the relevant committee had set an implementation timeframe, three were implemented within that timeframe. Defence did not set implementation timeframes for the remaining 10 parliamentary committee recommendations in the audit sample.

Were the selected ANAO recommendations implemented in full and closed in accordance with requirements?

22. For the 14 ANAO recommendations examined in this audit, the ANAO assessed seven as implemented, four as largely implemented, one as partially implemented and two as not implemented. Defence considered that all 14 ANAO recommendations assessed in this audit had

11 This reporting did not include any of the parliamentary committee recommendations in the ANAO’s sample. Defence did not consider that any of the recommendations in the ANAO sample required further action.

Summary and recommendations

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

11

been implemented. For eight of the ANAO recommendations, the evidence relied on by Defence’s Audit and Fraud Control Division to close the recommendation was insufficient.

Were the selected parliamentary committee recommendations implemented in full and closed in accordance with requirements?

23. For the 18 parliamentary committee recommendations examined in this audit, the ANAO assessed eight as implemented, two as largely implemented, three as partially implemented and five as not implemented. Defence advised the ANAO that 12 recommendations were implemented, three were largely implemented, one was not implemented, and that Defence had not assessed the implementation status of two recommendations.

Were report back requirements to parliamentary committees satisfied?

24. For the ten parliamentary committee recommendations that included a requirement to report back to the relevant committee, Defence fully met the report back requirement in three instances, partially met the requirement in four instances and did not meet the requirement in three instances. For the eight recommendations that set timeframes for reporting back to the relevant committee, Defence met these timeframes in three cases.

Recommendations

Recommendation no. 1 Paragraph 2.42

Defence review and update its guidance suite to support a clear line of sight in Defence processes and responsibilities for responding to and implementing parliamentary committee and ANAO recommendations, consistent with parliamentary committee and ANAO guidance. The response and action taken should address the substance and intent of the recommendation, and be reviewed by the Defence Audit and Risk Committee in accordance with its charter.

Department of Defence response: Agreed.

Recommendation no. 2 Paragraph 3.17

Defence ensure that its implementation of parliamentary committee and ANAO recommendations is subject to periodic risk review, and that this risk review activity is monitored at an enterprise-level by the Defence Audit and Risk Committee.

Department of Defence response: Agreed.

Recommendation no. 3 Paragraph 3.47

When agreeing to a recommendation with qualification, Defence’s response should clearly set out what action will be taken in response to the recommendation, and what part of the recommendation will not be implemented, if any.

Department of Defence response: Agreed.

Summary of Department of Defence response Defence acknowledges the findings contained in the audit report on the Implementation of ANAO and Parliamentary Committee Recommendations in the Department Of Defence and agrees to implement the suggested recommendations for improvement.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

12

Defence would like to highlight the improvements that have been made since the audit commenced in relation to developing an appropriate process for managing the implementation of parliamentary recommendations using the Parliamentary Document Management System (PDMS).

Defence will continue to enhance its suite of guidance for implementing and responding to ANAO and parliamentary committee recommendations to ensure clarity of processes and responsibilities for implementing recommendations. These improvements will assist business areas to ensure actions taken to address recommendations will meet the intent of the relevant recommendations and enable improved oversight of the implementation of ANAO and parliamentary committee recommendations by the Defence Audit and Risk Committee.

Key messages from this audit for all Australian Government entities 25. Below is a summary of key messages, including instances of good practice, which have been identified in this and the previous audits in this series that may be relevant for the operations of other Australian Government entities.

Parliamentary and accountable authority oversight • Tabling of responses to recommendations formalises government or entity commitments to Parliament to implement recommendations. Entities should develop implementation plans that include actions that will ensure the intent of the recommendations is met.

• Effective governance arrangements can help ensure that responses and objectives are delivered, and include clear responsibilities, reporting arrangements and systems that provide the accountable authority with a clear line of sight of implementation and assurance that underlying risks and issues that have been identified are addressed.

• When agreeing to a recommendation with qualification, the response should clearly set out what actions will be taken in response to the recommendation and what part of the recommendation will not be implemented, if any.

Governance and risk management • Accountable authorities should periodically review the functions of audit committees to ensure they are meeting the requirements of the Public Governance, Performance and Accountability Rule 2014 to review the appropriateness of systems of risk management and

oversight and internal controls. The audit committee charter should be updated as necessary to ensure it remains contemporary.

• Governance processes for managing the implementation of recommendations should begin with a clear arrangement for responding to recommendations. This ensures appropriate engagement with the recommendation, ensuring clarity of its intent, and acknowledgment of appropriate and achievable activities to address the identified risks.

• Successful implementation of recommendations requires senior management oversight and implementation planning to set clear responsibilities and timeframes for delivering the agreed action. Successful implementation of recommendations requires fit- for- purpose implementation plans that clearly identify intended actions and set clear responsibilities and timeframes for addressing required actions. Implementation plans should involve key stakeholders.

Summary and recommendations

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

13

• Effective monitoring requires an approach that accurately tracks progress and records the actions of the business area or individual responsible for implementation.

Records management • Records are a critical part of robust knowledge management practices. They support transparency and accountability for past decisions and help inform future decision-making.

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

15

Audit findings

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

16

1. Background

Introduction 1.1 As a department of state and a material entity, the Department of Defence (Defence) regularly receives recommendations as part of parliamentary committee inquiries and external audit activity by the Australian National Audit Office (ANAO).

1.2 Parliamentary committee inquiries and ANAO performance audits identify risks to the successful delivery of outcomes and generally provide recommendations to address them. Successful implementation of agreed recommendations requires strong senior management oversight and monitoring, with timely implementation approaches, which set clear responsibilities and timelines for addressing the required actions.12

1.3 Committees of the Australian Parliament, including the Joint Committee of Public Accounts and Audit (JCPAA), consist of members from either or both Houses of Parliament. Parliamentary inquiries are used by committees to ‘investigate specific matters of policy or government administration or performance’.13

1.4 The purpose of the ANAO is to support accountability and transparency in the Australian Government sector through independent reporting to the Parliament, and thereby contribute to improved public sector performance.14 The ANAO identifies areas where improvements can be made to aspects of public administration and makes specific recommendations to assist public sector entities to improve their program management.15 The primary role of the Auditor-General for Australia is to assist the Parliament in its role of scrutinising the exercise of authority and the expenditure of public funds by the Executive arm of the Commonwealth.16

Previous audits 1.5 This is the third in a series of recent audits that examine the effectiveness of Australian Government entities’ governance arrangements to manage the implementation of agreed

12 Auditor-General Report No.46 2019-20 Implementation of ANAO and Parliamentary Committee Recommendations — Education and Health Portfolios, p 14, [Internet], ANAO, available from https://www.anao.gov.au/work/performance-audit/implementation-anao-parliamentary-committee-recommendations-education-health-portfolios, [accessed January 2021].

13 Parliament of Australia, Committees, [Internet], Parliament of Australia, available from https://www.aph.gov.au/Parliamentary_Business/Committees [accessed January 2021]. 14 Australian National Audit Office (ANAO), ANAO Corporate Plan 2020-21 [Internet], ANAO, available from https://www.anao.gov.au/work/corporate/anao-corporate-plan-2020-21 [accessed January 2021]. 15 ibid.

16 Joint Committee of Public Accounts, Report 346: Guarding the Independence of the Auditor-General, October 1996, p. 56. The Committee further commented that the Auditor-General ‘works first and foremost for the Parliament’ (p. 35).

Background

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

17

recommendations from parliamentary committee inquiry reports and ANAO performance audits, and the extent to which agreed recommendations have been implemented.17

1.6 The first audit in this series outlined the processes for developing and issuing recommendations by parliamentary committee inquiries and by the ANAO, and how entities respond to such recommendations (see paragraphs 1.11 to 1.28 of Auditor-General Report No.6 2019-20). The audit examined the implementation of parliamentary inquiry recommendations and ANAO performance audit recommendations by four entities in the Agriculture and Infrastructure portfolios. The audit concluded that none of the four selected entities demonstrated that they had effectively implemented all agreed recommendations within the scope of the audit.18

1.7 On 7 August 2019, in response to the audit findings in the first report, the Secretary of the Department of the Prime Minister and Cabinet (PM&C) wrote to departmental secretaries encouraging all departments and agencies to:

… finalise government responses to parliamentary committee reports in a timely manner so the Government can table its response to a committee report within the timeframes established through the respective resolutions of the House of Representatives and the Senate … [and] have processes in place to monitor the implementation of recommendations accepted by the Government. This includes Secretaries providing regular updates to their Minister(s) on implementation progress.

1.8 The second report in this audit series examined the implementation parliamentary inquiry recommendations and of ANAO performance audit recommendations by four entities in the Education and Health portfolios. The audit conclusion was that:

Nothing came to the ANAO’s attention that the entities had not implemented applicable parliamentary committee and ANAO recommendations. Entities had implemented all parliamentary committee inquiry recommendations agreed in the period 1 July 2016 to 30 June 2017, but general arrangements for responding to, monitoring and managing recommendations from parliamentary committee inquiries require improvement.19

1.9 In addition to the two previous audits in this current series, a follow-up ANAO audit of Defence’s security vetting services examined the department’s implementation of six agreed recommendations (two parliamentary committee recommendations and four ANAO

17 The first audit in this series was Auditor-General Report No.6 2019-20 Implementation of ANAO and Parliamentary Committee Recommendations. The second was Auditor-General Report No.46 2019-20 Implementation of ANAO and Parliamentary Committee Recommendations — Education and Health Portfolios. Both reports are available on the ANAO website https://www.anao.gov.au, [accessed January 2021]. 18 Auditor-General Report No.6 2019-20 Implementation of ANAO and Parliamentary Committee

Recommendations, p.8, [Internet], ANAO, available from https://www.anao.gov.au/work/performance-audit/implementation-anao-and-parliamentary-committee-recommendations-2019, [accessed January 2021]. 19 Auditor-General Report No.46 2019-20 Implementation of ANAO and Parliamentary Committee Recommendations — Education and Health Portfolios, p. 8, [Internet].

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

18

recommendations).20 The results of the follow-up audit are included in the figures for this broader audit of Defence’s implementation of recommendations.

1.10 The ANAO previously conducted a broad audit of the effectiveness of Defence’s monitoring of the implementation of ANAO and internal audit recommendations in 2012-13.21 That report included two recommendations agreed by Defence. Their implementation is examined in this audit.

1.11 ANAO reports of the implementation of audit recommendations have highlighted the importance of having enterprise governance arrangements and a systematic approach to effectively manage implementation.

Timeliness of responses to parliamentary committees 1.12 Parliamentary committees publish information on their Australian Parliament House webpages relating to the government responses that are received.

1.13 On a six monthly basis, the President of the Senate provides a report to the Senate on the status of government responses to Senate and joint committee reports.22 Similarly, the Speaker of the House of Representatives presents a report to the House about every six months. Tabled reports and government responses to House and joint committee reports are listed, as well as reports for which the House has not received a government response.23 Reports remain on this schedule until a response is received, the relevant committee agrees that a response is no longer expected, or a request to remove an inquiry from the list is received. The listing can be removed following consideration of the reasons put forward for removal and the issuance of a formal resolution by the relevant committee.24

1.14 The reports of the President of the Senate and the Speaker of the House of Representatives also provide information on the number of committee reports and the timeliness of government responses.25

20 Auditor-General Report No.21 2020-21 Delivery of security vetting services follow-up [Internet], ANAO, available from https://www.anao.gov.au/work/performance-audit/delivery-security-vetting-services-follow-up, [accessed January 2021].The audit examined agreed recommendations made in: Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security; the related (confidential) report provided by the Auditor-General to ministers under subsection 37(5) of the Auditor-General Act 1997; and by the Parliament’s Joint Committee of Public Accounts and Audit in Report 479: Australian Government Security Arrangements. 21 Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations [Internet],

ANAO, available from https://www.anao.gov.au/work/performance-audit/defences-implementation-audit-recommendations [accessed January 2021]. 22 Parliament of Australia, President’s report to the Senate on the status of Government responses to Parliamentary Committee reports as at 30 June 2020 [Internet], Parliament of Australia, 2020, available from

www.aph.gov.au/Parliamentary_Business/Committees/Senate/Government_responses [accessed January 2021]. 23 Parliament of Australia, Speaker’s schedule of outstanding Government Responses to Committee reports [Internet], Parliament of Australia, available from www.aph.gov.au/SpeakersSchedule [accessed January 2021]. 24 Entities may request through a committee that a report requiring a government response be removed from

the schedule, with the most common reasons for removal being that the response has been on the schedule for an extended period and during the intervening time, recommendations have already been addressed, implemented or superseded. See Auditor-General Report No.46 2019-20 Implementation of ANAO and Parliamentary Committee Recommendations — Education and Health Portfolios, p 16, [Internet]. 25 JCPAA reports are presented in the reports of both the President and the Speaker.

Background

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

19

1.15 Table 1.1 outlines the key results from the President of the Senate report as at 30 September 2019 and 30 June 2020.26 Responses to these reports are required within three months of the presentation of the report in the Senate and lateness is measured as the months that have passed from the date of report tabling to the reference date (30 September 2019 and 30 June 2020 respectively), minus three months (the period allowed for responding to Senate committee reports).

26 The 30 June 2020 figures reflect the data reported in the President of the Senate report at the time this audit report was prepared. The 30 September 2019 figures reflect the data reported in the last audit in this series (Auditor-General Report No.46 2019-20). Reporting consists of a list of all outstanding responses as at the nominated date.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

20

Table 1.1: Senate — outstanding responses as at 30 September 2019 and 30 June 2020a

Description Amount Percentage Amount Percentage

As at 30 September 2019 As at 30 June 2020

No. of reports with a response

51b 20% 47e 17%

No. of reports with a response that was received within the specified timeframe

10 4% 6 2%

No of reports with a response but received late

41b 16% 40e 15%

No of reports with no response

207c 80% 222f 83%

Total number of reports included in the schedule

258d 100% 269g 100%

Shortest timeframe taken to respond

1 month - < 1 month -

Longest response time where a response was provided

88 months

(7 years and 3 months)

-

49 months

(4 years and 1 month)

-

Latest pending response (not yet received)

197 months

(16 years and 4 months)

-

209 months

(17 years and 5 months)

-

Note a: Table 1.1 shows responses across Australian Government entities. Note b: Total numbers include five partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities. Note c: The time allowed for responding had not yet expired for 25 of the 207 reports with no response. Note d: There were four responses in this report schedule referring to 11 reports of the JCPAA. All responses reported

were late.

Note e: Total numbers include eight partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities. Note f: The time allowed for responding had already expired for all of the 222 reports with no response. Note g: There were six responses in this report schedule referring to 11 reports of the JCPAA (five partial responses).

All responses reported were late. Source: ANAO analysis of Australian Senate reporting.

1.16 Table 1.2 outlines the key results from the Speaker of the House of Representatives report as at 4 December 2019 and 17 June 2020.27 Responses to these reports are required within six

27 The 17 June 2020 figures reflect the data reported in the Speaker of the House of Representatives report at the time this audit report was prepared. The 4 December 2019 figures reflect the data reported in the last audit in this series (Auditor-General Report No.46 2019-20). Reporting consists of a list of all outstanding responses as at the nominated date.

Background

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

21

months from the presentation of the report in the House and lateness is measured as the months that have passed from the date of report tabling to the reference date (4 December 2019 and 17 June 2020 respectively), minus six months (the period allowed for responding to House of Representatives Committee reports).

Table 1.2: House of Representatives — outstanding responses as at 4 December 2019 and 17 June 2020a

Description Amount Percentage Amount Percentage

As at 4 December 2019 As at 17 June 2020

No. of reports with a response

37b 26% 35e 27%

No. of reports with a response that were received within the specified timeframe

12 9% 8 6%

No of reports with a response but received late

25b 18% 27e 21%

No of reports with no response

103c 74% 108f 73%

Total number of reports included in the schedule

140d 100% 143g 100%

Shortest timeframe taken to respond >2 months - <1 month -

Longest response time where a response was provided

88 months

(7 years and 3 months)

-

26 months (2 years and 2 months)

-

Latest pending response (not yet received) 114 months (9 years and 6

months)

-

114 months

(9 years and 6 months)

-

Note a: Table 1.2 shows responses across Australian Government entities. Note b: Total numbers include four partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple entities. Note c: The time allowed for responding had not yet expired for 41 of the 103 reports with no response. Note d: Six of the responses in this report schedule referred to 12 reports of the JCPAA. Five responses, and an

additional three partial responses were reported, of which six were late. Four reports have had no response, all of which were late. Note e: Total numbers include six partial responses. Partial responses occur where responses have been received for some but not all recommendations. This typically occurs where recommendations are directed at multiple

entities.

Note f: The time allowed for responding had not yet expired for 12 of the 108 reports with no response. Note g: There were eight responses in this report schedule referring to 11 reports of the JCPAA (including partial responses). Three responses, and an additional five partial responses were reported, of which seven were late. Three reports have had no response, two of which are late.

Source: ANAO analysis of Australian House of Representatives reporting.

1.17 In summary, very few responses were received within the required timeframe. In particular:

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

22

• of the 269 Senate committee inquiry reports with a response received within the most recent reporting period, two per cent had received a response within the required time frame of three months; and

• of the 143 House of Representative committee inquiry reports within the most recent reporting period, six per cent had received a response within the required time frame of six months.

Rationale for undertaking the audit 1.18 Reports of parliamentary committees and the ANAO identify risks to the successful delivery of outcomes and areas where administrative or other improvements can be made. The appropriate and timely implementation of agreed recommendations is an important part of realising the full benefit of a parliamentary inquiry or an audit and for demonstrating accountability to the Parliament.28

1.19 This is the third in a recent series of audits that highlight whether entities have implemented recommendations in line with commitments made to the Parliament.29

Audit approach

Audit objective, criteria and scope

1.20 The audit objective was to examine whether the Department of Defence (Defence) implemented a selection of agreed parliamentary committee recommendations and ANAO performance audit recommendations.

1.21 To form a conclusion against the audit objective, the following high level audit criteria were used:

• Does Defence have appropriate governance arrangements in place to respond to, monitor and implement recommendations?

• Were agreed recommendations effectively implemented?

1.22 The ANAO reviewed Defence’s implementation of 32 agreed recommendations, comprising 18 parliamentary committee recommendations and 14 ANAO performance audit recommendations. The approach used to select the audit sample is outlined below.

Methodology for selecting the audit sample — key features

Parliamentary committee recommendations

• The recommendations were limited to reports published from 2018 onwards made by the three committees most likely to have recommendations relevant to Defence. These were the:

− Joint Committee of Public Accounts and Audit;

28 Auditor-General Report No.46 2019-20 Implementation of ANAO and Parliamentary Committee Recommendations — Education and Health Portfolios, p. 20, [Internet]. 29 ANAO performance audits are prepared for presentation to Parliament. Entity agreement to implement a recommendation(s) made in an ANAO audit is therefore a commitment to the Parliament.

Background

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

23

− Joint Standing Committee on Foreign Affairs, Defence and Trade; and

− Senate Standing Committee on Foreign Affairs, Defence and Trade.

• Implementation of the recommendation must have been the responsibility of the Department of Defence.

• There must have been a government response that agreed (or agreed in principle/agreed in part) to the recommendation(s). Only responses provided by 31 December 2019 were included.

• Recommendations relating to the parliamentary review of annual reports were excluded as there was already an established process to address such recommendations.

• Recommendations were excluded if they were likely to be examined by the ANAO as part of a separate performance audit, as part of the ANAO’s annual Defence Major Projects Report, or as part of a parliamentary inquiry.

• JCPAA recommendations relating to Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up were included in this audit.

ANAO recommendations

• The recommendations were limited to reports tabled from 2018 onwards.

• Defence must have agreed (or agreed in principle/agreed in part) to the recommendation.

• The tabling of the report must have occurred approximately 12 months (or more) prior to the commencement of this audit.30

• Recommendations were excluded if they were likely to be examined by the ANAO as part of a separate performance audit or as part of the ANAO’s annual Defence Major Projects Report.

1.23 The two recommendations from Auditor-General Report No. 25 2012-13 Defence’s Implementation of Audit Recommendations were included in the audit sample as that was the last ANAO audit that specifically assessed the effectiveness of Defence’s monitoring of the implementation of ANAO and internal audit recommendations.

1.24 ANAO recommendations relating to Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up were included in the audit sample (consistent with the approach to JCPAA recommendations).

1.25 In addition to the above general approach, specific consideration was given to individual recommendations having regard to:

• the total number of recommendations to include in the audit sample;

• the spread of recommendations across reports in the sample period;

• the scope of individual recommendations; and

• the benefit of ensuring a spread of recommendations across different parts of Defence.

30 The audit includes two recommendations from audits that were tabled approximately 11 months before the commencement of this audit. These were included to broaden coverage.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

24

1.26 For details of the rationale for the selection of individual recommendations in the audit sample refer to Appendix 2. For details of the individual recommendations refer to Appendix 3.

1.27 Table 1.3 lists the number of ANAO and parliamentary committee recommendations examined in this audit.31

Table 1.3: Number of ANAO and parliamentary committee recommendations examined

Number of agreed recommendationsa

Entity ANAO Parliamentary inquiry Total

Department of Defence 14 18 32

Note a: This includes ‘agreed’, ‘agreed in principle’, ‘supported’ and ‘supports intent’. Source: ANAO.

Audit methodology

1.28 The audit involved:

• the review of entity documentation such as guidelines, procedures, management reports, audit committee papers, meeting minutes, briefing materials, implementation plans, closure packs and other supporting evidence relating to monitoring progress and reporting against agreed recommendations;

• discussions with relevant entity staff, including internal audit and representatives from the business areas responsible for the implementation of recommendations;

• examining IT system controls and supporting documentation for those systems used by Defence to manage recommendations; and

• engaging with the secretariat from each of the selected parliamentary committees.

1.29 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $466,039.

1.30 The team members for this audit were Grace Guilfoyle, Elizabeth Wedgwood, James Sheeran and Michelle Page.

31 See Appendix 2 of this report for the recommendations examined in this audit.

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

25

2. Governance

Areas examined This chapter examines whether Defence has appropriate governance arrangements in place to respond to, monitor and implement parliamentary committee and ANAO audit recommendations.

Conclusion Defence has appropriate governance arrangements for responding to, monitoring and implementing ANAO recommendations and partially appropriate governance arrangements for parliamentary committee recommendations. Defence has enterprise-level governance arrangements to provide the accountable authority with advice and assurance on the implementation of agreed ANAO recommendations. Defence recently introduced enterprise-level governance arrangements to provide the accountable authority with advice and assurance on the implementation of agreed parliamentary committee recommendations, with the introduction of an amended Defence Audit and Risk Committee (DARC) charter in August 2020. Defence’s governance arrangements in relation to the implementation of parliamentary committee recommendations remain a work in progress and the department does not yet have in place a full suite of appropriate governance arrangements.

Areas for improvement The ANAO made one recommendation directed at Defence reviewing and updating its guidance suite to support a clear line of sight in Defence processes and responsibilities for responding to and implementing recommendations.

2.1 The tabling in Parliament of an agreed response to a parliamentary committee or ANAO audit recommendation is a formal commitment by the government or an entity to implement the recommended action. ANAO audits have previously observed that entities with effective guidance and strong governance arrangements were those that successfully reported implementation of the recommendation.

2.2 This chapter considers whether Defence has appropriate governance arrangements in place to respond to, monitor and implement recommendations, by examining Defence’s internal guidance and governance arrangements for the management of parliamentary committee and ANAO performance audit recommendations.

Did Defence have established processes and responsibilities for responding to recommendations?

Defence has established processes and responsibilities for responding to ANAO audit and parliamentary committee recommendations, although not all processes are clearly documented. Guidance supporting the management of responses to ANAO audit recommendations was not always clear, consistent and/or complete; and documentation to support the management of responses to parliamentary committee recommendations was in draft form. Proposed Defence guidance for responding to parliamentary committee recommendations did not reference, and was not consistent with, parliamentary guidance.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

26

2.3 Two divisions within Defence are responsible for receiving and allocating recommendations, and coordinating responses to ANAO performance audit and parliamentary committee recommendations. These are the:

• Audit and Fraud Control Division (AFCD) for ANAO recommendations; and

• Ministerial and Executive Coordination and Communication (MECC) Division for parliamentary committee recommendations.

2.4 Each division devolves responsibility for responding to recommendations to relevant business areas.

2.5 Defence has processes in place to coordinate responses to ANAO recommendations but not all processes and responsibilities were documented and some documentation lacked clarity and consistency. For example, guidance documents either individually or collectively did not clearly detail all the processes to be followed or the interaction of key personnel and business areas in the management of ANAO audit recommendations.

2.6 Defence documentation relating to its processes to coordinate responses to parliamentary committee recommendations was in draft form.

2.7 At the September 2020 meeting of the Defence Audit and Risk Committee (DARC), MECC advised the committee that, in relation to parliamentary committee recommendations, previous responses submitted by Defence ranged from ‘agreed’, ‘agreed in principle’, ‘agreed in part’, ‘noted’ to ‘disagreed’ and there was no set definition of what each variation meant. MECC committed to developing standard response types and definitions to support effective responses to committee recommendations. MECC developed guidance which was in draft form at the time the ANAO

completed audit fieldwork in December 2020. The draft guidance did not reference, and was inconsistent with, Joint Committee of Public Accounts and Audit (JCPAA) guidance for responding to JCPAA recommendations. For example, the proposed Defence responses of ‘supported’, ‘not

Governance

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

27

supported’ or ‘partially supported’32 did not align with JCPAA guidance that responses state whether a recommendation is ‘agreed’, ‘agreed with qualification’ or ‘not agreed’.33

2.8 Defence advised the ANAO in January 2021 that:

MECC have reconsidered our approach and have decided to retire the previous advice and adopt the JCPAA guidance. All relevant documentation will be updated, and guidance material will be developed for stakeholders. This will also be reported to the DARC in the next update.34

Did Defence have systems in place to track the implementation of recommendations?

Defence has a system in place to track the implementation of ANAO recommendations but guidance is not always clear, consistent or complete. Defence did not have a system in place to track the implementation of parliamentary committee recommendations. Defence has added a new module to the Parliamentary Document Management System (PDMS)a that will enable it to track progress of parliamentary committee recommendations, and was in the process of preparing related guidance in February 2021.b

Note a: The PDMS is operated by the Department of Finance and offers a whole-of-government parliamentary workflow. It is a digital platform that supports: Ministerial level correspondence, briefings and submissions; Parliamentary Questions on Notice; Senate Estimates Briefings and Questions on Notice; Executive level communications; and general communications and media. Note b: Defence provided the ANAO with its full suite of updated PDMS guidance on 23 February 2021.

32 The template for the proposed MECC guidance provided to the DARC outlined three types of response — ‘supported’, ‘not supported’ or ‘partially supported’ — and the following descriptions: • Supported — Defence agrees to the committee’s recommendation without qualification. The supporting statement must clearly articulate the action required by Defence to implement. • Not Supported — Defence does not agree to the committee’s recommendation. The supporting

statement must outline the reasoning for non-support. • Partially supported — Defence agrees to part of the recommendation only. Clearly articulate what is agreed, what is not agreed and why? Any action Defence will take to implement must also be reflected. If no action is to be taken this must also be articulated. This may be appropriate where current Defence

activities meet the committee’s request. The draft template provided to the ANAO (the basis of the proposed guidance) had similar wording to the template provided to the DARC, with the following words removed: if no action is to be taken this must also be articulated. This may be appropriate where current Defence activities meet the committee’s request. 33 JCPAA, A guide to responding to Committee recommendations, [Internet], available at

https://www.aph.gov.au/~/media/02%20Parliamentary%20Business/24%20Committees/244%20Joint%20Co mmittees/JCPAA/Guide%20on%20Govt%20responses/Guide%20on%20Govt%20responses%20and%20execut ive%20minutes.pdf?la=en [accessed January 2021]. The JCPAA guidance specifies that a government or executive response should: • address the substance and intent of each recommendation and related report content; • state whether the recommendation is agreed, agreed with qualification, or not agreed, and explain the

rationale for this position; • outline action taken or planned, and a timeframe to implement each recommendation that is agreed or agreed with qualification; and • address relevant issues concisely and be free of extraneous detail. In respect to the 12 JCPAA recommendations examined in this audit, six Defence responses were consistent

with the JCPAA guidance. 34 On 25 March 2021 Defence advised the ANAO that the advice to the DARC will now be reported in the May 2021 DARC meeting.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

28

2.9 Defence records ANAO audit and parliamentary committee recommendations in standalone data management systems. AFCD uses the Audit Recommendations Management System (ARMS)35 to record ANAO audit recommendations and MECC uses the Whole of Government Parliamentary Document Management System (PDMS) to record parliamentary committee recommendations. AFCD records the implementation status and closure of recommendations in ARMS. Until November 2020, MECC had recorded responses to recommendations but not implementation. MECC is implementing a parliamentary committee module in PDMS to track implementation of recommendations. Defence advised the ANAO in February 2021 that the module was installed and the review of guidance documentation would be finalised by the end of February 2021, with the completed guidance to be presented to the DARC at its March 2021 meeting.36

ANAO recommendations

Arrangements to track the implementation of ANAO audit recommendations

2.10 Defence has arrangements and guidance to track the implementation status and closure of ANAO recommendations, although as discussed in paragraph 2.5 the guidance is not always clear, consistent or complete.37 AFCD records the status and closure of recommendations in ARMS. Responsibility for entering data and updating information on the implementation of ANAO audit recommendations is not clear. AFCD advised the ANAO that Group Audit Coordinators (GACs) and ARMS Contact Officers (ACOs) in business areas play a role in tracking ANAO recommendations. None of the AFCD governance documents provided to the ANAO refer to these activities in respect to ANAO audit recommendations, but they are clearly described for tracking internal audit recommendations. If GACs and ACOs are required to track the implementation of ANAO audit recommendations, Defence can better support them in these roles by providing relevant guidance.

Arrangements for reporting the status of ANAO recommendations

2.11 AFCD reports on the status of recommendations to the Secretary of Defence and Chief of the Defence Force via the DARC. AFCD provides three reports to the DARC:

35 ARMS was developed to monitor and report on the implementation of audit recommendations. ARMS is a Lotus Notes database and contains the following information on internal and ANAO audits for which one or more recommendations have been made: • limited details of completed audits; • copies of audit summaries and final audit reports; • details of all recommendations made in a report (including those that were not agreed); • the organisation that undertook the audit (for example, Defence’s Audit Branch or the ANAO); and • the implementation status of each recommendation and progress comments. 36 Defence provided the ANAO with its full suite of updated PDMS guidance on 23 February 2021. On

25 March 2021 Defence advised the ANAO that guidance would be presented to the DARC in the May 2021 meeting. 37 For example, guidance documents either individually or collectively did not clearly detail all the processes to be followed or the interaction of key personnel and business areas in the management of ANAO audit

recommendations.

Governance

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

29

• a summary report of active and overdue ANAO and internal audit recommendations by Group/Service38;

• ANAO and internal audit recommendations closed during the period; and

• a report on all active ANAO and internal audit recommendations.

2.12 AFCD prepares the first two reports for each DARC meeting39 and, as agreed at the April 2020 meeting of the DARC, the report of all active ANAO and internal audit recommendations is to be presented quarterly. This reporting commenced in July 2020. AFCD governance documents do not explicitly refer to reporting requirements for ANAO audit recommendations or specify a format.

2.13 AFCD reports ‘outstanding’ or overdue recommendations by group to each meeting of the DARC. Recommendations are classified as overdue if the recommendation is past the ‘original agreed closure date’ and does not have an extension in place. The use of the ‘original agreed closure date’ is inconsistent with the directive issued by the Secretary of Defence requiring a 90 day default implementation period for all ANAO recommendations.40 Further, the use of the ‘original agreed closure date’ in combination with an approved extension, extends the timeline for the implementation of recommendations and effectively reduces the number of recommendations categorised as overdue. This has the potential to be misleading to DARC members.

Completeness of Defence’s recording of ANAO audit recommendations

2.14 The ANAO identified that two recommendations from the sample examined as part of this audit were not recorded in ARMS.41 As a consequence Defence has not provided any records of the tracking or implementation of these recommendations to the DARC.

2.15 AFCD commissioned an internal review which examined the effectiveness of Defence’s management of internal and ANAO audit recommendations. The final report issued in March 2020 stated that:

ANAO reports were publicly obtained and reviewed for all audits relating to Defence for the period 1 January 2014 to 30 June 2019. Seven recommendations (1.4 per cent of total recommendations) across three ANAO audits were identified that were not included in ARMS.

38 The Summary of Active ANAO and Internal Audit Recommendations by Group report lists the number of recommendations on time and overdue (in time increments ranging from 1-60 days, 61-90 days, 81-120 days, 121-150 days, and >151 days) by service/group. The report does not identify the individual recommendations or the audits to which they relate. The Summary of Overdue Audit Recommendations by Group identifies the recommendation number, the

report to which it relates, provides brief information on the theme/status of the recommendation (for example ANZAC Class Product Delivery Schedule Recommendation Status: Extension request submitted), and includes the total number of days overdue. Both reports provide limited detail. 39 The DARC charter requires a minimum of six committee meetings annually. 40 Following the release of Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations, the Secretary of Defence issued a directive requiring: a 90 day default implementation period for all ANAO performance audit recommendations; and proposals for extensions to be submitted to the Chief Audit Executive in writing with a waiver to be granted only if there is substantial justification. 41 These were recommendation 1 from Auditor General Report No.40 2018-19 Modernising Army Command and Control — the Land 200 Program and a recommendation from the 2017-18 non-public Auditor-General report on mitigating insider threats through personnel security (see paragraph 2.17).

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

30

2.16 In response to recommendations made as part of the internal review, AFCD advised the July 2020 meeting of the DARC that AFCD had:

• reviewed procedures and developed updated guidance documents for the audit process and for recommendations management. These contain guidance on management directed tasks and disagreed recommendations42; and

• reviewed and updated procedures to ensure that all closed recommendations are quality assured (QA) to ensure closure evidence is sufficient and appropriate. The DARC recommendations process requires all closed recommendations to be identified including showing QA is complete and the action taken.

2.17 Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up identified that non-public ANAO reports and recommendations are not recorded in ARMS as ARMS cannot store information classified above the ‘protected’ level. No AFCD governance document provides guidance on the management of highly classified material.

Approving extensions to ANAO recommendation implementation timeframes

2.18 AFCD has a documented process for, and the option to approve, extensions to the implementation date for an ANAO audit recommendation.43 The ANAO identified that not all extensions are approved in accordance with Defence requirements (refer to paragraph 3.24 for further details).

2.19 AFCD reporting on the implementation of audit recommendations to the DARC includes details of recommendations closed since the previous DARC meeting. For each recommendation this includes the agreed closure date44; any revised agreed closure dates45; and the date closed.46 There is also reporting on the number of times, excluding the original extension, that an extension has been approved.

42 Guidance documents examined by the ANAO subsequent to AFCD’s advice to the DARC retained inconsistencies and lacked clarity in relation to ANAO audit recommendations. In addition, no governance document provided to the ANAO contained direction for disagreeing to a recommendation. 43 Defence’s 2020 Audit Recommendations Management guidance outlines implementation requirements for

ANAO audit recommendations as follows: the default maximum implementation period for all audit recommendations is 90 days. This is 90 days from the date of issue of the final report. If the area responsible considers recommendation closure within this timeframe is not achievable, it can agree a longer period with Audit Branch during the development of the Management Action Plan (MAP) before the Final Report is issued. Completion date extension requests are assessed and approved by FAS AFC. ANAO recommendations are managed by the ANAO Liaison Officer. 44 The agreed closure date is the implementation date approved by AFCD during the development of the

Management Action Plan. 45 The dates reflect any changes made following an approved extension. In the event of more than one extension the report includes all revised dates. 46 The closure date reflects the date AFCD completed its quality assurance review as per AFCD guidance.

Governance

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

31

As discussed in paragraph 2.13, the development of an agreed closure date as a substitute for the 90 day default requirement for implementation, and subsequent extensions, is inconsistent with the Secretary of Defence’s 2013 directive.47

Assessing risk

2.20 Of the three reports AFCD provides to the DARC, two reports (the summary of active/overdue audit recommendations by group, and ANAO and internal audit recommendations closed during the period) include a grading level. The grading level is reported as either:

• Level 1: Significant operational/management deficiencies which have a high materiality or financial/performance risk that requires urgent action, or opportunities to obtain significant performance/resource benefits which should be addressed as a matter of urgency; or

• Level 2: Operational/management deficiencies having medium materiality or financial/performance risk which should be rectified by management in the short term, or an opportunity to obtain performance/resource benefits which should be implemented in the short term.

2.21 The report states that all ANAO audit recommendations are classified as Level 1. Defence’s Audit Branch Recommendations Management (2020) guidance should be amended to include the requirement to assign a grading level to audit recommendations. In addition, there is scope for Defence to review whether all ANAO recommendations should be automatically assigned a Level 1 rating.48

2.22 Defence should ensure its guidance reflects requirements relating to assigning risk to recommendations and review whether automatically assigning a rating of Level 1 to all ANAO recommendations is appropriate.

Closing ANAO recommendations

2.23 Arrangements for closing ANAO recommendations are described in Defence’s Audit Branch Recommendations Management (2020) guidance as follows:

When the necessary actions have been completed, the area responsible submits documentary evidence supporting the closure, through the ANAO Liaison Officer, which is reviewed by Audit and Fraud Control Division (AFCD). If closure is approved by FAS [First Assistant Secretary] AFC, the recommendation is closed on ARMS.

47 Following the release of Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations, the Secretary of Defence issued a directive requiring: • a 90 day default implementation period for all ANAO performance audit recommendations; • proposals for extensions to be submitted to the Chief Audit Executive in writing with a waiver to be

granted only if there is substantial justification; and • the Chief Audit Executive to prepare a monthly agendum paper for the Defence Committee which will make recommendations regarding all outstanding audit matters. A copy of this monthly agendum paper will be forwarded to the Minister for Defence. 48 The requirement to assign a grading level to audit recommendations was noted in Defence’s previous

guidance Audit Recommendations Management Procedures (2019) but was omitted from the guidance applicable at the time of audit fieldwork, Audit Branch Recommendations Management (2020).

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

32

2.24 Defence’s ANAO Recommendation closure fact sheet states:

Why is closure evidence so important?

Audit Branch stores this evidence in a central location (Audit Recommendation Management System) so that when the ANAO returns to examine the closure of recommendations it is clear what has been done to close each recommendation. This includes the formal closure minute signed by the Assistant Secretary Audit.

Will the ANAO really re-examine these recommendations?

Yes. For each audit they perform, the ANAO will always examine any previous, related ANAO or internal Audits. As part of this work, they will question the implementation of any recommendations identified in the audits found.

2.25 The focus in this Defence guidance on future ANAO review misses the principal benefit from preparing and retaining closure evidence, which is to provide a documented basis for Defence decision-makers to decide whether agreed recommendations have been implemented and closure is warranted. There is a further, consequential benefit which flows naturally from good record keeping. It provides a basis for internal review and assurance activity (by the DARC and internal audit), external review by the ANAO, and parliamentary scrutiny.

2.26 AFCD advised the July 2020 meeting of the DARC that a closure pack of evidence will be required from business areas seeking to close ANAO audit recommendations. To provide a level of quality assurance, the closure pack will be reviewed by FAS AFC and, if appropriate, authorised for closure. The intention is that recommendations will continue to appear in reports to DARC until the outcome of the quality assurance process is advised. AFCD governance documents do not include specific reference to closure packs.

2.27 The review commissioned by AFCD (referred to in paragraph 2.15) recommended that AFCD should review closed recommendations in ARMS which did not have appropriate documentation to support their closure. In response, AFCD reported to the July 2020 DARC meeting that:

AFCD will ensure standard processes include the review of all closed recommendations for appropriate documentation to support their closure. AFCD does not intend to review historical recommendations, which pre-date the current policy of 100% quality assurance … Audit Branch has reviewed and updated procedures to ensure that all closed recommendations are Quality assured to ensure closure evidence is sufficient and appropriate. The DARC recommendations reporting process requires all closed recommendations to be identified, including showing QA [quality assurance] is complete and the action taken. The revised procedures for audit process and recommendations management, and a sample DARC report are in the closure pack.

2.28 For eight of the 12 ANAO recommendations that were subject to AFCD’s closure process, the evidence relied on by AFCD to close the recommendation was insufficient. This is discussed further in paragraphs 3.33 and 3.34.

Governance

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

33

Parliamentary committee recommendations

Arrangements to track the implementation of parliamentary committee recommendations and report on their status

2.29 Defence advised the ANAO in July 2020 that:

… there is no formal whole of Defence process for monitoring implementation of agreed parliamentary committee recommendations beyond the initial response to recommendations approved by the Prime Minister for Tabling. Responsibility for action of agreed or specified recommendations sits with the relevant line area.

2.30 An amendment to the DARC Committee Charter in August 2020 required the DARC to review and provide written advice to the Defence Secretary and Chief of the Defence Force on the appropriateness of Defence’s system of internal control by reviewing, in addition to established requirements, parliamentary committee reports and external reviews. To fulfil the committee’s charter, the DARC sought advice from MECC on the tracking of parliamentary committee recommendations.

2.31 At the September 2020 meeting of the DARC, MECC advised that all parliamentary committee responses were tracked in PDMS but this did not extend to monitoring the action(s) taken to implement agreed recommendations. At the November 2020 meeting of the DARC, MECC proposed:

• reporting to the DARC twice each year in April and November; and

• applying a traffic light system to advise the DARC on how progress towards implementation of the recommendations is tracking.

2.32 At the November 2020 meeting of the DARC, MECC also provided the first report on the status (as at 23 October 2020) of parliamentary committee recommendations. The format was structured as follows: Subject; Report Date; Agency Responsibility; Recommendation; Agency Position; Agreed Action; Responsible Area; Implementation Status; Implementation Update and Critical Date. Implementation status for all recommendations was listed as No action required. Defence advised the ANAO that this was because Defence was not the lead entity for any committee recommendation in 2020 and the recommendations listed required no further action by Defence. The report did not include any of the recommendations examined in this audit.

2.33 At the time of audit fieldwork (July-December 2020), guidance documents to support the implementation of the PDMS module and the tracking required under the DARC charter of August 2020 were in draft form. Defence advised the ANAO in early February 2021 that the procedural documentation to support the implementation of the parliamentary committee module would be completed prior to the end of February 2021.49

2.34 Defence advised the ANAO that the Defence Secretary and Chief of the Defence Force provide clearance of the proposed government response and sign the covering submission to the Minister for Defence. This process is described in Defence’s Standard Operating Procedures for Parliamentary Committee Recommendations — which provides guidance for the preparation of submissions to committee inquiries, appearances before committees, and schedules for committee

49 Defence provided the ANAO with its full suite of updated PDMS guidance on 23 February 2021.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

34

inquiries — but no guidance for responding to committee recommendations or monitoring implementation of recommendations. Defence advised the ANAO in January 2021 that this document was under review with completion scheduled for the end of February 2021.50

Completeness of Defence records of parliamentary committee recommendations

2.35 Defence held records in PDMS of all parliamentary committee recommendations included in the ANAO’s sample of recommendations reviewed in this audit.

Documentation of processes for approving extensions to parliamentary committee recommendations

2.36 As discussed in paragraphs 2.13 and 2.18, Defence established a 90 day default implementation period for ANAO recommendations, and a process for seeking extensions to this timeframe. There is no comparable requirement for the implementation of parliamentary committee recommendations, and there were no documented processes for approving extensions for the implementation of parliamentary committee recommendations.

Arrangements for closing parliamentary committee recommendations

2.37 As discussed in this chapter, Defence was developing a number of guidance documents in the course of this audit. Prior to this time there were no requirements for closing parliamentary committee recommendations on the basis of completed implementation action. MECC provided the following advice to the DARC in September 2020 regarding Defence’s approach to closing parliamentary committee recommendations:

Unless recommendations specifically request an action by the department, such as report back in 6 months, the summary statement offered in support of the overarching response (Agreed or Disagreed) is the departmental response, thereby closing out the recommendation. Evidence of the decision making process has been requested where ANAO interpretation of the intent of committee recommendation differs to that of Defence. This divergence is likely to remain. It is worth noting that Defence has not received a request for further information or clarity from the committees on any of the recommendations being examined as part of the [current ANAO] audit.

2.38 Defence provided the ANAO with a draft Committee Recommendation Template which required business areas to detail the action required to meet the agreed response, a schedule of activities and expected timeframes for delivery. It also asked business areas to provide a status update, explanation and proposed new timeframe for action as necessary if timeframes could not be met. It did not include guidance on its completion or reference other sources of guidance. The draft template required approval by the relevant Group Head for activities, estimated schedules and potential extensions. Defence advised the ANAO in January 2021 that the draft template remained under review.51

System controls to maintain complete and accurate data for ANAO and parliamentary committee recommendations

2.39 The ANAO assessed system controls intended to maintain complete and accurate data in ARMS and PDMS. The processes for entering, tracking and closing ANAO audit and parliamentary

50 Defence advised the ANAO 25 March 2021 that the updated guidance provided to ANAO in February 2021 replaces the Standard Operating Procedures for Parliamentary Committee Recommendations. 51 On 25 March 2021 Defence advised the ANAO that the template is still under review.

Governance

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

35

committee recommendations in ARMS and PDMS are highly manual in nature. There are sufficient manual controls provided regular monitoring of user groups is maintained. Limited system enforced controls (IT controls) are in place to maintain the completeness and accuracy of data in ARMS and PDMS. For further details refer to Appendix 4.

Summary

2.40 In summary, Defence has a system in place to track the implementation of ANAO recommendations but Defence guidance is not always clear, consistent or complete. Defence did not have a system in place to track the implementation of parliamentary committee recommendations and has added a new module to PDMS to do so. It is also in the process of preparing related guidance. Defence advised the ANAO in early February 2021 that the procedural documentation to support the PDMS module will be finalised prior to the end of February 2021.52

2.41 Given these findings there is scope for Defence to review and update its guidance suite to support a clear ‘line of sight’ in Defence processes and responsibilities for managing ANAO and parliamentary committee recommendations. A clear ‘line of sight’ would extend from the receipt of an ANAO or parliamentary committee recommendation, through the preparation of the response, the development of an implementation plan to address the recommendation, monitoring the implementation of necessary aspects of the recommendation, the closure of the recommendation once implemented, and related reporting to the DARC and its advice to the accountable authority. Guidance should also be consistent with any parliamentary committee guidance, and Defence responses and implementation activity should address the substance and intent of each recommendation and related report content.

Recommendation no.1 2.42 Defence review and update its guidance suite to support a clear line of sight in Defence processes and responsibilities for responding to and implementing parliamentary committee and ANAO recommendations, consistent with parliamentary committee and ANAO guidance. The response and action taken should address the substance and intent of the recommendation, and be reviewed by the Defence Audit and Risk Committee in accordance with its charter.

Department of Defence response: Agreed.

2.43 Defence agrees to the recommendation.

52 Defence provided the ANAO with its full suite of updated PDMS guidance on 23 February 2021.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

36

Has Defence established entity-level arrangements to provide the accountable authority with advice and assurance on the implementation of agreed recommendations?

Defence had enterprise-level governance arrangements to provide the accountable authority with advice and assurance on the implementation of agreed ANAO recommendations. Defence had no enterprise-level governance arrangements to provide the accountable authority with advice and assurance on the implementation of agreed parliamentary committee recommendations, prior to the introduction of an amended DARC charter in August 2020. The ANAO’s review of minutes from the DARC’s September and November 2020 meetings indicates that the DARC has agreed to reporting changes that will support the future provision of advice and assurance on the implementation of agreed parliamentary committee recommendations.

2.44 The DARC charter (August 2020) requires the committee to review and provide written advice to the Defence Secretary and Chief of the Defence Force (CDF) on the appropriateness of Defence’s system of internal control and provide advice on any specific areas of concern or suggestions for improvement, by reviewing, amongst other things:

… audit arrangements including: ...

… audit reports: reviewing internal audit reports and ANAO performance audits that relate to Defence and providing advice to the Secretary and the CDF on major concerns identified; ...

… audit recommendations: reviewing the implementation of agreed actions relating to recommendations from internal audits and ANAO performance audits that relate to Defence; ...[and]

… parliamentary committee reports and external reviews: the mechanisms for reviewing relevant parliamentary committee reports, external reviews and evaluations of Defence, and reviewing the implementation of any resultant recommendations.

2.45 The DARC charter also requires the chair to report to the Secretary and CDF:

• after each meeting53; and

• as often as necessary but at least once each year, on the operation of the DARC and activities against its responsibilities.

ANAO recommendations

2.46 As indicated in paragraph 2.11, AFCD provides the Secretary, CDF and the DARC with three reports:

• a summary report of active and overdue ANAO and internal audit recommendations by Group/Service;

• ANAO and internal audit recommendations closed during the period; and

• a full report on all active ANAO and internal audit recommendations.54

53 The committee is required to meet at least 6 times per year. Reporting may be verbal or in writing. 54 This report was introduced in December 2019.

Governance

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

37

2.47 Additionally, the Chief Audit Executive (the First Assistant Secretary, Audit and Fraud Control) has direct and unrestricted access to the Secretary, the CDF, senior management and the DARC. For the DARC this includes access both in and out of session, and with the chair and/or individual members.55

2.48 These arrangements, together with the reporting arrangements between the DARC chair, the Secretary and CDF mentioned above, are intended to provide the accountable authority with advice and assurance on the implementation of agreed ANAO recommendations.

Parliamentary committee recommendations

2.49 Following the August 2020 amendment to its charter, the DARC instituted a requirement that a report from MECC be included as a standing item in future committee agendas. As discussed in paragraphs 2.7 and 2.31 to 2.33:

• At the September 2020 DARC meeting, MECC:

− advised the DARC that all parliamentary committee responses were tracked in PDMS but this did not extend to monitoring the action taken to implement agreed recommendations; and

− committed to developing standard response types and definitions to support effective responses to committee recommendations.

• At the November 2020 DARC meeting, MECC:

− proposed: submitting reports twice each year and a traffic light system to be applied to recommendations to advise the DARC on how progress towards implementation of the recommendations is tracking; and

− provided a status report on the implementation of parliamentary committee recommendations for 2020.

2.50 MECC also agreed to provide a report to the DARC following the release of this ANAO performance audit report.

2.51 These new arrangements, together with the reporting arrangements between the DARC chair, the Secretary and CDF mentioned above, are intended to support the future provision of advice and assurance to the accountable authority on the implementation of agreed parliamentary committee recommendations.

55 This is outlined in the Department of Defence Internal Audit Charter.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

38

3. Implementation of recommendations

Areas examined This chapter considers whether Defence effectively implemented agreed recommendations, by examining a sample of 32 agreed recommendations comprising 18 parliamentary committee and 14 ANAO recommendations.

Conclusion The Defence Audit and Risk Committee (DARC) has received status reports on all active ANAO and internal audit recommendations since December 2019, and commenced oversight of the implementation of parliamentary committee recommendations in August 2020 following the amendment to its charter. Prior to this amendment, there was no coordinated enterprise-level reporting on the implementation of parliamentary committee recommendations and Defence activity was focussed on the provision of government responses.

For the 18 parliamentary committee recommendations examined in this audit, the ANAO assessed eight as implemented, two as largely implemented, three as partially implemented and five as not implemented (see Table 3.14). For the 14 ANAO recommendations examined, the ANAO assessed seven as implemented, four as largely implemented, one as partially implemented and two as not implemented (see Table 3.3).

Areas for improvement The ANAO made two recommendations. One was aimed at ensuring that Defence’s implementation of agreed recommendations is subject to periodic risk review and that this risk review activity is monitored at an enterprise-level by the DARC. The second was aimed at ensuring that when agreeing to recommendations with qualification, Defence clearly set out what action will be taken in response to the recommendation, and what part of the recommendation will not be implemented, if any.

The ANAO also identified an opportunity for Defence to strengthen its recommendation closure processes.

3.1 Successful implementation of agreed recommendations requires strong senior management oversight and monitoring, along with timely implementation approaches, with clear responsibilities and timelines for addressing the required actions.56

3.2 This chapter considers whether Defence effectively implemented agreed recommendations within established timeframes, by examining Defence’s planning and monitoring arrangements for a sample of agreed recommendations comprising 14 ANAO and 18 parliamentary committee recommendations.

3.3 The number of ANAO and parliamentary committee recommendations examined in this audit is outlined in Table 3.1. For details of the individual recommendations refer to Appendix 3.

56 Auditor-General Report No.6 2019-20 Implementation of ANAO and Parliamentary Committee Recommendations, [Internet], p.16.

Implementation of recommendations

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

39

Table 3.1: Number of ANAO and parliamentary committee recommendations examined in this audit

Source of recommendation No. examined

ANAO 14

Joint Committee of Public Accounts and Audit (JCPAA) 12

Senate Standing Committee on Foreign Affairs, Defence and Trade (SSCFADT) 5

Joint Standing Committee on Foreign Affairs, Defence and Trade (JSCFADT) 1

Total 32

Source: ANAO.

Did Defence develop an implementation plan for each of the selected recommendations?

Defence had implementation plans, known as Management Action Plans (MAPs), for 12 of the 14 ANAO recommendations examined in this audit. Defence did not require implementation plans for parliamentary committee recommendations and consequently none of the 18 parliamentary committee recommendations examined in this audit had an implementation plan.

3.4 The ANAO Audit Insights product, Implementation of Recommendations, published in November 2019, identified that previous ANAO audits had found that effective implementation of recommendations:

… requires fit-for-purpose implementation plans setting clear responsibilities and timeframes for addressing required actions. Implementation plans should involve key stakeholders. Where implementation plans are not prepared, evidence shows that actions are not always implemented to address the identified issue, or not implemented in a timely way, or not implemented at all.57

ANAO recommendations

3.5 Defence had implementation plans, called Management Action Plans (MAPs), for 12 of the 14 ANAO recommendations examined in this audit. The two recommendations that did not have MAPs were not recorded in Defence’s Audit Recommendation Management System (ARMS) and were not reported to the Defence Audit and Risk Committee (DARC) as would normally occur for

57 ANAO Audit Insights, Implementation of Recommendations, [Internet], ANAO, available from https://www.anao.gov.au/work/audit-insights/implementation-recommendations, [accessed January 2021].

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

40

recommendations made to Defence by the ANAO.58 Where MAPs were in place they contained high level information on who was responsible for implementing the recommendation, the activities that would take place in order to implement the recommendation and an implementation date.59

3.6 Defence requires MAPs to be endorsed by a senior officer from the business area responsible for implementation and, starting in 2018, required them to be accepted by the First Assistant Secretary, Audit and Fraud Control (FAS AFC), who is the head of the business area responsible for ANAO audit recommendations governance. All MAPs in the ANAO’s sample were endorsed by the relevant business area, but for five recommendations there was no evidence of the MAPs being accepted by the FAS AFC.60

Parliamentary committee recommendations

3.7 At the time of audit fieldwork (July to December 2020) Defence did not require implementation plans for parliamentary committee recommendations.

3.8 Defence had developed a draft template for managing parliamentary committee recommendations that, if used, would capture detail similar to that captured in the MAPs and closure reports used in Defence’s management of ANAO recommendations. This draft template

requests information on: the recommendation; Defence’s response; action required to implement; status update (on track / at risk / requires rescheduling); statement and documentation supporting closure; departmental approval; contact officer; and details of consultation. Defence advised the ANAO in January 2021 that:

… there is a body of work underway to operationalise the [Parliamentary Committee] PC Module within PDMS, and this will include incorporation of a range of new, prepopulated templates into the system to ensure the platform is as efficient and user friendly as possible. A new Parliamentary Inquiry Recommendations Template is being produced … which will now be one component of a broader committee recommendation implementation tracking process, via the module. The process will also include provision of guidance material, to support groups and services throughout the actions required during the life cycle of a parliamentary inquiry.

58 The two recommendations without MAPs were recommendation one from Auditor-General Report No.40 2018-19 Modernising Army Command and Control - the Land 200 Program and a recommendation from the 2017-18 non-public Auditor-General report on mitigating insider threats through personnel security. Defence advised the ANAO that the one recommendation contained in the non-public report was not recorded in ARMS because this system cannot store information classified above the protected level. The MAP for the implementation of the ANAO recommendations contained in the public version of that report, Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security, noted that this recommendation was completed. The MAP was signed by the First Assistant Secretary of Defence’s Security and Vetting Service on 25 June 2018. On 9 July 2018, the Assistant Secretary Vetting reported internally to Defence’s Audit and Fraud Control Division that the audit recommendation was implemented and could be closed. 59 While it did not have its own MAP, the recommendation from the non-public Auditor-General report on

mitigating insider threats through personnel security was referred to in the MAP for the three recommendations in the public version of that report, Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security. For the one non-public recommendation, the MAP documented the responsible officers, recommendation actions and implementation date and noted that the recommendation had been completed. 60 The recommendations were: recommendations 1-3 from Auditor-General Report No.38 2017-18 Mitigating

Insider Threats through Personnel Security; recommendation 1 from Auditor-General Report No.30 2018-19 ANZAC Class Frigates — Sustainment; and recommendation 1 from Auditor-General Report No.34 2017-18 Defence’s Implementation of the First Principles Review.

Implementation of recommendations

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

41

Suggestions for improvement

3.9 Including details of the officials responsible for implementing specific recommendations (as required in the MAPs for ANAO recommendations) would further strengthen Defence arrangements for the implementation of parliamentary committee recommendations.

3.10 There would also be benefit in Defence periodically reviewing whether any measures introduced work as intended.

3.11 As noted in Table 3.14 later in this chapter, three parliamentary committee recommendations in the ANAO’s sample were assessed by the ANAO as partially implemented and five were assessed as not implemented. Effective implementation planning, combined with effective monitoring arrangements (discussed below), increases the likelihood of recommendations being effectively implemented.

Was implementation monitored for each of the selected recommendations?

Twelve of the 14 ANAO recommendations selected for review were monitored by Defence’s Audit and Fraud Control Division. From December 2019, the DARC has received status reports on all active ANAO and internal audit recommendations although, for some recommendations, information was limited. Prior to this time, reports to the DARC were either summary information or recommendations classified as overdue or closed.

The DARC commenced oversight of parliamentary committee recommendations in August 2020.a Prior to this time, there was no coordinated enterprise-level reporting on the implementation of parliamentary committee recommendations and Defence activity was focussed on the provision of government responses to parliamentary committee recommendations.

Note a: This reporting did not include any of the parliamentary committee recommendations in the ANAO’s sample. Defence did not consider that any of the recommendations in the ANAO sample required further action.

3.12 The ANAO Audit Insights product, Implementation of Recommendations, published in November 2019, identified that previous ANAO audits had found that:

Effective monitoring requires an approach that accurately tracks progress and records the actions of the business area or individual responsible for implementation. The goal is that those with entity accountability can have a clear line of sight to the implementation of agreed recommendations … Systems should be fit for-purpose, reflecting the size of the entity, the nature of its business and its governance structure.61

ANAO recommendations

3.13 Twelve of the 14 ANAO recommendations selected for review were monitored by Defence’s Audit and Fraud Control Division (AFCD).62 Prior to December 2019 reporting to DARC was largely

61 ANAO Audit Insights, Implementation of Recommendations, [Internet]. 62 The two ANAO recommendations that were not monitored were recommendation 1 from Auditor-General Report No.40 2018-19 Modernising Army Command and Control - the Land 200 Program and the one recommendation from a non-public Auditor-General report on mitigating insider threats through personnel

security.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

42

limited to high level summary information or information on recommendations that were closed during the period between DARC meetings or classed as overdue.63 From December 2019, AFCD reports to the DARC have included a status report on all active ANAO and internal audit recommendations. However these reports often included only brief statements on the status of recommendations (such as ‘work commenced’ on a nominated date or implementation ‘80 per cent complete’), with limited information about what elements had been implemented or any risks stemming from elements not yet implemented. While brief statements of this sort may facilitate the tracking of activity at a high level, it is less useful as an aid to monitoring implementation. There was evidence of reporting to DARC relating to eight recommendations in the ANAO’s sample that had not been closed prior to December 2019.64

3.14 There is no requirement for business areas implementing ANAO recommendations to undertake periodic risk reviews and report these to AFCD or DARC. Given that recommendations are made to improve public administration and the implementation of recommendations can take years, there is merit in recommendations being subject to periodic risk review to ensure that risks relating to implementation or risks identified by the recommendations themselves are monitored and reported on. There was evidence of ongoing consideration of risk for one recommendation in the ANAO sample.65

Parliamentary committee recommendations

3.15 As discussed in chapter 2, at the time of audit fieldwork (July to December 2020) Defence did not have a coordinated enterprise-level process for monitoring implementation of parliamentary committee recommendations. Defence activity was focussed on the provision of government responses to recommendations to the relevant parliamentary committee. DARC received a briefing from MECC in September 2020 and a report on the implementation of parliamentary committee recommendations in November 2020.66

3.16 As discussed in paragraph 3.14, there is no requirement for business areas implementing ANAO recommendations to undertake periodic risk reviews and report these to AFCD or DARC. This is also the case for parliamentary committee recommendations. There is merit in recommendations being subject to periodic risk review, and this risk review activity being monitored at an enterprise-level by the DARC.

63 This did not capture recommendations that were past their initial implementation date but had been granted one or more extensions. See footnotes 8 and 42 for details. 64 In respect to the other six recommendations in the ANAO sample, two were not being tracked by AFCD (see footnote 62 for details) and four had already been closed. The recommendations already closed by

December 2019 included: • recommendation 2 from Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security; • recommendations 1 and 2 from Auditor-General Report 25 2012-13 Defence’s Implementation of Audit

Recommendations; and • recommendation 3 from Auditor-General Report No. 28 2017-18 Defence’s Procurement of Fuels, Petroleum, Oils, Lubricants and Card Services. 65 This was recommendation 1 from Auditor-General Report No.2 2019-20 Defence’s Administration of Travel

Allowances Paid to APS Employees. 66 As indicated in paragraph 2.32 the report did not include any of the recommendations examined in this audit.

Implementation of recommendations

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

43

Recommendation no.2 3.17 Defence ensure that its implementation of parliamentary committee and ANAO recommendations is subject to periodic risk review, and that this risk review activity is monitored at an enterprise-level by the Defence Audit and Risk Committee.

Department of Defence response: Agreed.

3.18 Defence agrees to the recommendation.

Was implementation of the selected recommendations completed in the agreed timeframe?

For the 13 ANAO recommendations that had recorded target implementation dates, only three were closed: before the implementation date established in the MAP; or the revised implementation date established after an extension had been granted. The recommendations closed after the MAP date or revised date were closed an average of 61 days after the implementation date. In seven instances where extensions were sought for the implementation of ANAO recommendations, only one of the extension requests was made in accordance with Defence requirements.

For the eight parliamentary committee recommendations where the relevant committee had set an implementation timeframe, three were implemented within that timeframe. Defence did not set implementation timeframes for the remaining 10 parliamentary committee recommendations in the audit sample.

3.19 Establishing timeframes for implementing recommendations, and meeting them, is an important way entities can ensure recommendations are ultimately implemented and any risks or issues that have led to the recommendations being made are addressed in a timely fashion. As outlined in paragraph 1.7, in August 2019, following the tabling of the first report in this recent series of ANAO audits67, the Secretary of the Department of the Prime Minister and Cabinet wrote to all departmental secretaries encouraging them to respond to parliamentary committee reports in a timely manner.

3.20 For the ANAO recommendations examined in this audit, this section refers to ‘closure’68 rather than ‘implementation’ because, as discussed in paragraphs 3.27 to 3.35, the ANAO considers that a number of closed recommendations have not been fully implemented.69

67 Auditor-General Report No.6 2019-20 Implementation of ANAO and Parliamentary Committee Recommendations [Internet], ANAO, available from https://www.anao.gov.au/work/performance-audit/implementation-anao-and-parliamentary-committee-recommendations-2019, [accessed January 2021].

68 Defence has an established process for the closure of ANAO recommendations. Once the relevant business area considers the recommendation has been implemented, it submits relevant evidence to the FAS AFC, who is responsible for assessing the evidence and, where applicable, approving closure of the recommendation. 69 The ANAO noted that in six cases, recommendations were closed without the business area responsible for

implementation providing sufficient evidence to show that the recommendation had been implemented in full.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

44

3.21 For parliamentary committee recommendations, Defence does not have a default implementation period and timeframes applied only when they were set by parliamentary committees.70 For the selected recommendations, these were the due dates for Defence to report back to a committee with certain information. The ANAO assessed whether Defence reported back within the timeframes set by committees.

ANAO recommendations

3.22 Defence had documented implementation dates for 13 of the 14 ANAO recommendations examined in this audit.71 Where the MAPs outlined multiple actions involved in implementing a recommendation, these dates were typically broken down into separate dates for each action. The ANAO considered that a recommendation could only be considered closed when all actions had been completed. In assessing the timeliness of implementation the ANAO took the latest date in a MAP (or the updated implementation date established if an extension was granted) to be the deadline for implementing the recommendation in its entirety. Defence has a formal process for closing recommendations that requires FAS AFC to approve closure. For the purposes of determining whether a recommendation was closed on time, the ANAO compared the implementation date to the date when closure approval was granted by FAS AFC.

3.23 Of the 13 ANAO recommendations that had documented implementation timeframes, nine were closed after: the original estimated implementation date appearing in the MAP; or the revised implementation date established after an extension had been granted.72 These nine recommendations were closed an average of 61 days after the implementation date.

3.24 As discussed in paragraph 2.18, Defence has documented processes for seeking and granting extensions to estimated completion dates for the implementation of ANAO recommendations. Extension requests were submitted for seven of the recommendations in the

70 As discussed in paragraph 2.18, Defence has a 90 day default implementation period for all ANAO performance audit recommendations. 71 There was no separate MAP for the recommendation from a non-public Auditor-General report, however the implementation date for this recommendation was recorded in the MAP for recommendations from the

public version of that report, Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security. The recommendation with no MAP and no recorded implementation date was recommendation 1 from Auditor-General Report No.40 2018-19 Modernising Army Command and Control - the Land 200 Program. 72 The nine recommendations were:

• recommendation 1 from Auditor-General Report No.2 2019-20 Defence’s Administration of Travel Allowances Paid to APS Employees; • recommendation 1 from Auditor-General Report No. 3 2019-20 Defence’s Quarterly Performance Report on Acquisition and Sustainment; • recommendations 1 and 2 from Auditor-General Report No.31 2018-19 Defence’s Management of its

Projects of Concern; • recommendation 1 from Auditor-General Report No.30 2018-19 ANZAC Class Frigates — Sustainment; • recommendation 1 from Auditor-General Report No.34 2017-18 Defence’s Implementation of the First Principles Review; • recommendation 1 from Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit

Recommendations; and • recommendations 1 and 3 from Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security.

Implementation of recommendations

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

45

ANAO’s sample. At the time that extension requests were submitted for five of the recommendations, there was a requirement to submit extension requests one month prior to the implementation date. This requirement was not met for any of the five extension requests.73

Parliamentary committee recommendations

3.25 When making a recommendation, parliamentary committees will sometimes include a timeframe for implementation. This is common for recommendations involving the provision of additional information or reports to a committee. Where a parliamentary committee has not set a due date for implementation, Defence does not establish its own implementation timeframes for committee recommendations, and there is no default timeframe.74

3.26 Eight of the 18 parliamentary committee recommendations examined in this audit included an implementation timeframe and in all instances this was a timeframe in which Defence was required to report back to the committee with certain information. The specified timeframe was met for three of the eight parliamentary committee recommendations.75

Were the selected ANAO recommendations implemented in full and closed in accordance with requirements?

For the 14 ANAO recommendations examined in this audit, the ANAO assessed seven as implemented, four as largely implemented, one as partially implemented and two as not implemented. Defence considered that all 14 ANAO recommendations assessed in this audit had been implemented. For eight of the ANAO recommendations, the evidence relied on by Defence’s Audit and Fraud Control Division to close the recommendation was insufficient.

3.27 The approach used by the ANAO to assess the implementation status of the 14 selected ANAO recommendations is set out in Table 3.2.76

73 Extension requests that did not meet the requirement to submit extension requests one month prior to the implementation date related to: • recommendations 1 and 2 from Auditor-General Report No.31 2018-19 Defence’s Management of its Projects of Concern; • recommendation 1 from Auditor-General Report No.30 2018-19 ANZAC Class Frigates — Sustainment;

and

• recommendations 1 and 3 from Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security. For the remaining two recommendations (recommendations 1 and 2 from Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations), Defence was unable to provide details of

what the requirements for extension requests were at the time. 74 As previously discussed, there is a 90 day default timeframe for the implementation of ANAO recommendations. 75 These were recommendations 4 and 6 from JCPAA Report 470 and recommendation 3 from JCPAA Report

479. The specified timeframe was not met for: recommendations 1, 2, 3 and 4 from JCPAA Report 475 and recommendation 3 from the SSCFADT report on Impact of Defence training activities and facilities on rural and regional communities. For recommendation 3 from the SSCFADT report, Defence advised the committee that it would report back to the committee later than requested in the recommendation. This report back did not occur. 76 The same approach was adopted for assessing implementation of the selected parliamentary committee

recommendations. Those results are reported in the next section.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

46

Table 3.2: ANAO categorisation of implementation status

Assessment Explanation

Not implemented There is no supporting evidence that the agreed action has been undertaken, or the action taken does not address the intent of the recommendation as agreed.

Partially implemented

The action taken was less extensive than the recommendation agreed as it:

• fell well short of the intent of the recommendation as agreed; and/or

• processes were initiated or implemented but outcomes not achieved.

Largely implemented

The action taken was less extensive than the recommendation as agreed as it:

• fell short of the intent of the recommendation as agreed, and/or

• processes were initiated or implemented and there is evidence there was also action taken to achieve the outcome.

Implemented There is supporting evidence that the agreed action has been undertaken, and the action met the intent of the recommendation as agreed.

Source: ANAO.

3.28 The ANAO reviewed Defence’s implementation of 14 recommendations. Seven of the recommendations in the audit sample were assessed as ‘implemented’, four as ‘largely implemented’, one as ‘partially implemented’ and two as ‘not implemented’.

3.29 Defence considers that all 14 ANAO recommendations examined in this audit have been implemented. Twelve of the 14 recommendations were recorded as implemented in Defence internal systems.77

3.30 Table 3.3 provides a summary of Defence’s and the ANAO’s assessment of the implementation status of the 14 selected ANAO recommendations.

Table 3.3: Summary of Defence and ANAO assessment of implementation status of selected ANAO recommendations

Recommendation Defence

assessment

ANAO

assessment

Recommendation 1 Auditor-General Report No.2 2019-20 Defence’s Administration of Travel Allowances Paid to APS Employees

Implemented Largely

implemented

Recommendation 1 Auditor-General Report No. 3 2019-20 Defence’s Quarterly Performance Report on Acquisition and Sustainment

Implemented Implemented

Recommendation 1 Auditor-General Report No.40 2018-19 Modernising Army Command and Control — the Land 200 Program

Implemented Largely

implemented

Recommendation 1 Auditor-General Report No.31 2018-19 Defence’s Management of its Projects of Concern Implemented Not implemented

77 The two ANAO recommendations that were not recorded in Defence internal systems as implemented were recommendation 1 from Auditor-General Report No.40 2018-19 Modernising Army Command and Control - the Land 200 Program and the one recommendation from a non-public Auditor-General report on mitigating insider threats through personnel security. As discussed in paragraphs 2.14 and 2.17, neither of these recommendation were included in ARMS.

Implementation of recommendations

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

47

Recommendation Defence

assessment

ANAO

assessment

Recommendation 2 Auditor-General Report No.31 2018-19 Defence’s Management of its Projects of Concern Implemented Not implemented

Recommendation 1 Auditor-General Report No.30 2018-19 ANZAC Class Frigates — Sustainment Implemented Implemented

Recommendation 1 Auditor-General Report No.34 2017-18 Defence’s Implementation of the First Principles Review Implemented Implemented

Recommendation 3 Auditor-General Report No. 28 2017-18 Defence’s Procurement of Fuels, Petroleum, Oils, Lubricants, and Card Services

Implemented Implemented

Recommendation 1 Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations Implemented Largely

implemented

Recommendation 2 Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations Implemented Largely

implemented

Recommendation 1 Auditor-General Report No. 38 2017-18 Mitigating Insider Threats through Personnel Security Implemented Implemented

Recommendation 2 Auditor-General Report No. 38 2017-18 Mitigating Insider Threats through Personnel Security Implemented Implemented

Recommendation 3 Auditor-General Report No. 38 2017-18 Mitigating Insider Threats through Personnel Security Implemented Implemented

Recommendation from 2017-18 non-public Auditor-General report on mitigating insider threats through personnel security

Implemented Partially

implemented

Source: ANAO analysis.

3.31 For the two ANAO recommendations assessed by the ANAO as not implemented, the evidence provided to support implementation did not demonstrate that the recommendation had been implemented.78 For the recommendation assessed as partially implemented, there was evidence showing some of the actions to implement the recommendation had been undertaken but there were elements that had not been implemented.79

3.32 The four recommendations assessed by the ANAO as largely implemented were either: not completed in full80; or the changes brought about by implementation of the recommendation were not maintained and there was not clear evidence of a management decision to move on.81

78 Recommendations 1 and 2 from Auditor-General Report No.31 2018-19 Defence’s Management of its Projects of Concern. 79 A recommendation from a 2017-18 non-public Auditor-General report on mitigating insider threats through personnel security. 80 Recommendation 1 from Auditor-General Report No.2 2019-20 Defence’s Administration of Travel

Allowances Paid to APS Employees and recommendation 1 from Auditor-General Report No.40 2018-19 Modernising Army Command and Control — the Land 200 Program. See Tables 3.4 and 3.6 for details. 81 Recommendations 1 and 2 from Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations. See Table 3.11 for details.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

48

3.33 As outlined in paragraph 2.23, before recommendations can be closed, evidence supporting the closure is reviewed by AFCD and closure is approved by the FAS AFC. For eight of the 12 ANAO recommendations that were subject to AFCD’s closure process82, the evidence relied on by AFCD to close the recommendation was insufficient and the ANAO required more detailed information from business areas to determine whether a recommendation had been implemented.83 AFCD advised the DARC, at the committee’s July 2020 meeting, that:

AFCD will ensure standard processes include the review of all closed recommendations for appropriate documentation to support their closure. AFCD does not intend to review historical recommendations, which pre-date the current policy of 100% quality assurance. Audit Branch has reviewed and updated procedures to ensure that all closed recommendations are Quality assured to ensure closure evidence is sufficient and appropriate.

3.34 In respect to the eight recommendations that the ANAO considered to have insufficient evidence to determine whether the recommendation had been implemented, all had been subject to the AFCD closure process.

Opportunity for improvement

3.35 There would be merit in Defence assessing the operation of its recommendation closure processes. This should include ensuring commitments outlined in implementation plans have been met and sufficient evidence is provided to support the statements made. Where there are variances from the implementation plan, explanations for the variance should be provided. AFCD should ensure there is clarity in its guidance as to the extent of review undertaken by AFCD.

3.36 More detailed information on the Defence and ANAO assessments of the implementation status of the selected ANAO recommendations is presented in Table 3.4 to Table 3.13.

82 The two recommendations that were not subject to AFCD’s closure process were recommendation 1 from Auditor-General Report No.40 2018-19 Modernising Army Command and Control — the Land 200 Program and a recommendation from a 2017-18 non-public Auditor-General report on mitigating insider threats through personnel security. 83 The recommendations were:

• recommendation 1 from Auditor-General Report No.2 2019-20 Defence’s Administration of Travel Allowances Paid to APS Employees; • recommendations 1 and 2 from Auditor-General Report No.31 2018-19 Defence’s Management of its Projects of Concern; • recommendation 1 from Auditor-General Report No.30 2018-19 ANZAC Class Frigates — Sustainment; • recommendation 3 from Auditor-General Report No. 28 2017-18 Defence’s Procurement of Fuels,

Petroleum, Oils, Lubricants, and Card Services; • recommendations 1 and 3 from Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security; and • a recommendation from a 2017-18 non-public Auditor-General report on mitigating insider threats

through personnel security.

Table 3.4: Auditor-General Report No. 2 2019-20 Defence’s Administration of Allowances and Entitlements Paid to APS Employees

Recommendation Defence response Defence view of current

status of implementation ANAO assessment of implementation

Recommendation 1

Defence:

a) review its travel guidance material to eliminate duplication and inconsistency and promote compliance with relevant policies and processes; and

b) implement a process that ensures Defence policy relevant to travel is accurately reflected in guidance material and tools.

Agreed. Implemented. Largely implemented

Processes were initiated or implemented and there is evidence there was also action taken to achieve the outcome. However some policies and guidance material were still being reviewed at the time of the audit.

Source: Auditor-General Report No. 2 2019-20 Defence’s Administration of Allowances and Entitlements Paid to APS Employees, p.11, available from https://www.anao.gov.au/work/performance-audit/defence-administration-travel-allowances-paid-to-aps-employees; and ANAO analysis.

Table 3.5: Auditor-General Report No.3 2019-20 Defence’s Quarterly Performance Report on Acquisition and Sustainment

Recommendation Defence response Defence view of current

status of implementation ANAO assessment of implementation

Recommendation 1

Defence improve the Quarterly Performance Report as a tool for senior leaders by reporting on:

a) trend performance data for sustainment products; and

b) emerging candidates for the Projects/Products of Concern list and Products/Projects of Interest list that have been recommended by an Independent Assurance Review or which are under active consideration by senior management.

Agreed. Implemented. Implemented

Implementation was completed in line with the intent of the recommendation.

Source: Auditor-General Report No.3 2019-20 Defence’s Quarterly Performance Report on Acquisition and Sustainment, p.11, available from https://www.anao.gov.au/work/performance-audit/defence-quarterly-performance-report-acquisition-and-sustainment; and ANAO analysis.

Table 3.6: Auditor-General Report No.40 2018-19 Modernising Army Command and Control — the Land 200 Program

Recommendation Defence response Defence view of current

status of implementation ANAO assessment of implementation

Recommendation 1

That Defence assess whether it has the capability to adequately perform the role of Prime Systems Integrator, and provide assurance on this matter to the Capability Manager, Chief of Army.

Defence agrees to this recommendation.

Implemented.

Largely implemented

Defence took steps to implement the recommendation but fell short of implementing it in full. The evidence provided showed that Defence undertook activities to strengthen its Prime Systems Integrator (PSI) capability and briefed the capability manager on the steps taken, however there was no clear evidence of a capability assessment.

Source: Auditor-General Report No.40 2018-19 Modernising Army Command and Control — the Land 200 Program, p.10, available from https://www.anao.gov.au/work/performance-audit/modernising-army-command-and-control-the-land-200-program; and ANAO analysis.

Table 3.7: Auditor-General Report No.31 2018-19 Defence’s Management of its Projects of Concern

Recommendation Defence response Defence view of current

status of implementation ANAO assessment of implementation

Recommendation 1

Defence introduce, as part of its formal policy and procedures, a consistent approach to managing entry to, and exit from, its Projects of Interest [POI] and Projects of Concern [POC] lists. This should reflect Defence’s risk appetite and be made consistent with the new Capability Acquisition and Sustainment Group Risk Model and other, Defence-wide, frameworks for managing risk. To aid transparency, the policy and the list should be made public.

Agreed. Defence agrees to this recommendation noting that Defence will endeavour to provide this formal policy as the Project Management specialist risk discipline is developed as part of the new CASG Risk Model. This work will build on the current quantitative measures against scope, schedule and cost to potentially include lead indicators of project performance. The Defence Projects of Concern list will continue to be made public.

Implemented. Not implemented

There is no evidence that Defence established a clear basis or criteria to ensure a consistent approach to entry to and exit from the Projects of Concern or Projects of Interest lists.

In March 2021 advice to the ANAO Defence listed various considerations relating to its management of entry to, and exit from, its POC list. The considerations included: the role of Defence’s Independent Assurance Review (IAR) process; the role of senior management assessments, including consideration of whether there is commercial leverage to be gained from listing a project as a POC; consultation with the relevant Capability Manager and

Recommendation Defence response Defence view of current

status of implementation ANAO assessment of implementation

industry; and the role of Ministers. These considerations were discussed in Auditor-General Report No.31, and informed the decision to include recommendation 1 in that report.

Defence further advised the ANAO in March 2021 that it considered that implementation was completed in line with the intent of the recommendation and that:

‘For reason of structural and technical complexity, the nature of commercial arrangements, integration and interdependencies designing hard criteria or 'triggers' for entry as a Project of Concern would be absurd. Accommodating such a multiplicity of factors and variables would be experimental. There would be some binominal variables (yes/no) but the categorical variables could extend into the hundreds. This would not deliver a value for money outcome for Defence projects or sustainment. Thus, the IAR process and focussing questions based on project management standards is the best practice.’

Recommendation 2

Defence evaluates its Projects of Concern regime.

Agreed. Implemented. Not implemented

No evidence of an evaluation has been provided to the ANAO.

In March 2021 advice to the ANAO Defence stated that

‘Defence’s Enterprise Committee Structure has oversight of, evaluates and make[s] decisions on issues relevant to Defence, including Major Project governance and reporting.

Recommendation Defence response Defence view of current

status of implementation ANAO assessment of implementation

The strengthened Investment Committee (with full participation of the Department of Prime Minister and Cabinet and the Department of Finance), and the Enterprise Business Committee each have the Charter and authority to evaluate Defence processes. Senior Committees discussed the effectiveness and value of the Project of Concern framework. It was agreed that elevating Projects of Concern is an inevitable part of managing a large complex portfolio. The Project of Concern reporting framework has been expanded across Defence and implemented by the Chief Information Officer Group and Estate and Infrastructure Group, which demonstrates the consideration of the framework by Defence …

The department has evaluated the Project of Concern framework and determined that it is fit for purpose.’

The ANAO does not consider that this activity constitutes a systematic evaluation of the sort intended by the recommendation. Auditor-General Report No.31 stated at paragraph 4.30 that:

‘After a decade or more of operation of this high profile process, Defence has made no systematic assessment of its operation.’

Source: Auditor-General Report No.31 2018-19 Defence’s Management of its Projects of Concern, p.10, available from https://www.anao.gov.au/work/performance-audit/defence-management-its-projects-concern; and ANAO analysis.

Table 3.8: Auditor-General Report No.30 2018-19 ANZAC Class Frigates—Sustainment

Recommendation Defence response Defence view of current status of

implementation

ANAO assessment of implementation

Recommendation 1

Defence update the ANZAC class Product Delivery Schedule of the Navy Materiel Sustainment Agreement to align sustainment plans for the ANZAC class frigates with their operational use and material condition.

Agree. Implemented. Implemented

Implementation was completed in line with the intent of the recommendation.

Source: Auditor-General Report No.30 2018-19 ANZAC Class Frigates — Sustainment, p.11, available from https://www.anao.gov.au/work/performance-audit/anzac-class-frigates-sustainment; and ANAO analysis.

Table 3.9: Auditor-General Report No.34 2017-18 Defence’s implementation of the First Principles Review

Recommendation Defence response Defence view of current status of

implementation

ANAO assessment of implementation

Recommendation 1

That Defence ensures that its evaluation encompasses all of the recommendations of the First Principles Review and seeks to assess whether the intended outcomes of the Review have been achieved.

Agreed. Implemented. Implemented

While a formal evaluation was not completed, Defence’s First Principles Review Oversight Board conducted a review and concluded that Defence had successfully implemented the recommendation of the First Principles Review. The review outcomes were documented.

Source: Auditor-General Report No.34 2017-18 Defence’s implementation of the First Principles Review, p.13, available from https://www.anao.gov.au/work/performance-audit/defence-implementation-first-principles-review; and ANAO analysis.

Table 3.10: Auditor-General Report No.28 2017-18 Defence’s Procurement of Fuels, Petroleum, Oils, Lubricants, and Card Services

Recommendation Defence response Defence view of current status of

implementation

ANAO assessment of implementation

Recommendation 3

To improve the management of its bulk fuel inventory, Defence should implement arrangements to provide assurance that control arrangements are working as intended.

Defence accepts the recommendation. In accordance with the Defence Fuel Transformation Program, Defence will continue to implement changes to the existing Defence controls framework across fuel inventory management to incorporate:

• enhanced physical security measures and accountabilities;

• enhanced assurance for fuel price calculations, uploads and invoice verification;

• centralised monitoring and analysis of fuel transactions, movements and variances; and

• up-to-date integrated tank gauging, metering, automated data capture and real time encrypted communications at Defence fuel installations.

Implemented. Implementeda

Implementation was completed in line with the intent of the recommendation.

Note a: While this recommendation has been assessed as implemented, the ANAO has identified data integrity issues and inconsistencies in reporting and the investigation of variances as part of its financial statement audit of Defence’s fuel inventories. The ANAO continues to review these matters through the financial statement audit process.

Source: Auditor-General Report No.28 2017-18 Defence’s Procurement of Fuels, Petroleum, Oils, Lubricants, and Card Services, p.10, available from https://www.anao.gov.au/work/performance-audit/defence-procurement-fuels-petroleum-oils-lubricants-and-card-services; and ANAO analysis.

Table 3.11: Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations

Recommendation Defence response Defence view of current status of

implementation

ANAO assessment of implementation

Recommendation 1

That, to achieve the full benefit of audit recommendations:

a) Defence reinforce managers’ responsibilities for implementing agreed recommendations; and

b) the Defence Audit and Risk Committee bring to the attention of the Secretary and Chief of the Defence Force, on an exception basis, any recommendations of particular concern that have not been implemented.

Agreed. Defence has commenced action to elevate the importance of timely implementation of audit recommendations. Commencing 18 February 2013, the Chief Audit Executive will be providing, to the Defence Committee on a monthly basis, details of all overdue audit recommendations as well as data on all outstanding recommendations. The Chief Audit Executive will write to all Group Heads and Service Chiefs prior to each applicable Defence Committee meeting, identifying the recommendations both open (not yet completed but not overdue) and those overdue within their Group or Service, seeking detailed explanation from each Responsible Officer as to the reasons for the recommendations remaining overdue. This advice will form the basis of the report to the Defence Committee, which is chaired by the Secretary, and attended by CDF, each Group Head and Service Chief, and will supplement advice provided to the Defence Audit and Risk Committee. Defence considers this additional level of reporting is an effective method of reinforcing manager’s responsibilities for implementing agreed audit recommendations.

Implemented. Largely implemented

The recommendation was implemented. However, the changes brought about by implementation of the recommendation were not maintained and there was not clear evidence of a management decision to move on. For example, Defence’s review of its effectiveness in managing internal and ANAO audit recommendations identified that annual reports for the period 1 July 2014 to 30 June 2019 did not identify recommendations of particular concern that have not been implemented.

Recommendation Defence response Defence view of current status of

implementation

ANAO assessment of implementation

Recommendation 2

That the Defence Audit and Risk Committee [DARC], in accordance with its charter, provide an annual written report to the Secretary and Chief of the Defence Force on the operation and activities of the Committee. The report should include advice on the overall effectiveness of: Defence Groups’ implementation of audit recommendations; and Defence’s monitoring and reporting arrangements.

Agreed. Defence welcomes the recommendation, and in accordance with the DARC Charter, the DARC will provide an annual, written report to the Secretary and Chief of the Defence Force on the operation and activities of the Committee. In addition to the continuing regular reports (either verbal or written) provided by the DARC/DARC Chair following each DARC meeting, this additional report will include advice to the Secretary and CDF on the overall effectiveness of Defence’s implementation of audit recommendations and Defence’s system for monitoring and reporting audit recommendations.

Implemented. Largely implemented

The recommendation was implemented. However, the changes brought about by implementation of the recommendation were not maintained and there was not clear evidence of a management decision to move on. For example, in some years annual reports on the operation and activities of the DARC were not provided to the Secretary and Chief of the Defence Force and in other years the reports did not refer to the effectiveness of implementation of recommendations or Defence’s monitoring and reporting arrangements.

Source: Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations, p. 23, available from https://www.anao.gov.au/work/performance-audit/defences-implementation-audit-recommendations; and ANAO analysis.

Table 3.12: Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security

Recommendation Defence response Defence view of current status

of implementation

ANAO assessment of implementation

Recommendation 1

The Department of Defence, in consultation with the Attorney-General’s Department, establish operational guidelines for, and make appropriate risk-based use of, clearance maintenance requirements.

Agreed. In April 2020, Defence assessed

that it had implemented this recommendation.

Implemented.

Recommendation Defence response Defence view of current status

of implementation

ANAO assessment of implementation

Recommendation 2

The Department of Defence implement the Protective Security Policy Framework requirement to obtain explicit informed consent from clearance subjects to share sensitive personal information with sponsoring entities.

Agreed. In July 2018, Defence assessed

that it had implemented this recommendation.

Implemented.

Recommendation 3

The Attorney-General’s Department and the Department of Defence establish a framework to facilitate the Australian Government Security Vetting Agency providing sponsoring entities with specific information on security concerns and mitigating factors identified through the vetting process.

Agreed. In April 2020, Defence assessed

that it had implemented this recommendation.

Implemented.

Source: Auditor-General Report No.38 2017-18 Mitigating Insider Threats through Personnel Security p.10, available from https://www.anao.gov.au/work/performance-audit/mitigating-insider-threats-through-personnel-security; and ANAO analysis in Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up, available from https://www.anao.gov.au/work/performance-audit/delivery-security-vetting-services-follow-up.

Table 3.13: 2017-18 non-public Auditor-General report on mitigating insider threats through personnel security

Recommendation Defence response Defence view of current status of

implementation

ANAO assessment of implementation

Recommendation contained in the non-public Auditor-General report. Agreed. Implemented.

Recommendation closed on 9 July 2018

Partially implemented.

Discussed in paragraph 15 and pages 28-31 of Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up.

Source: 2017-18 non-public Auditor-General report and ANAO analysis in Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up, available from https://www.anao.gov.au/work/performance-audit/delivery-security-vetting-services-follow-up.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

58

Were the selected parliamentary committee recommendations implemented in full and closed in accordance with requirements?

For the 18 parliamentary committee recommendations examined in this audit, the ANAO assessed eight as implemented, two as largely implemented, three as partially implemented and five as not implemented. Defence advised the ANAO that 12 recommendations were implemented, three were largely implemented, one was not implemented, and that Defence had not assessed the implementation status of two recommendations.

3.37 The ratings used by the ANAO when assessing the implementation status of the 18 selected parliamentary committee recommendations were set out in Table 3.2.

3.38 For the 18 recommendations examined in this audit, a formal closure process was initiated for one recommendation.84 The closure process was undertaken as part of new Defence procedures relating to the implementation of parliamentary committee recommendations, however this process was not completed in full.85 The other 17 recommendations were not subject to a formal closure process.

3.39 The ANAO assessed eight of the 18 selected recommendations as ‘implemented’, two as ‘largely implemented’, three as ‘partially implemented’ and five as ‘not implemented’.

3.40 Defence advised the ANAO during the audit that its assessment was that 12 recommendations were implemented, three were largely implemented, one was not implemented, and that it had not assessed the implementation status of two recommendations.

3.41 Table 3.14 provides a summary of Defence’s and the ANAO’s assessment of the implementation status of the 18 selected parliamentary committee recommendations.

84 This was recommendation 5 from JCPAA Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP. 85 See paragraphs 2.37 and 2.38 for more information on Defence’s parliamentary committee recommendations closure procedures.

Implementation of recommendations

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

59

Table 3.14: Summary of Defence and ANAO assessment of implementation status of selected parliamentary committee recommendations

Recommendation Defence assessment ANAO assessment

Senate Standing Committee on Foreign Affairs, Defence and Trade (SSCFADT)

Use of Quinoline anti-malarial drugs mefloquine and tafenoquine in the Australian Defence Force

Recommendation 1 Implementeda Implemented

Recommendation 2 Implementeda Implemented

Impact of Defence training activities and facilities on rural and regional communities.

Recommendation 2 Largely Implemented Not implemented

Recommendation 3 Not implemented Not implemented

Recommendation 4 Largely Implemented Largely implemented

Joint Standing Committee on Foreign Affairs, Defence and Trade (JSCFADT)

Contestability and Consensus: A Bipartisan Approach to More Effective Parliamentary Engagement with Defence

Recommendation 1 Implemented Not implemented

Joint Committee of Public Accounts and Audit (JCPAA)

Report 470: Defence Sustainment Expenditure Report

Recommendation 2 Implemented Implemented

Recommendation 3 Implemented Implemented

Recommendation 4 Largely Implemented Partially implemented

Recommendation 6 Implemented Not implemented

Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP

Recommendation 1 Implemented Partially implemented

Recommendation 2 Implemented Largely implemented

Recommendation 3 Implemented Implemented

Recommendation 4 Implemented Implemented

Recommendation 5 Implemented Implemented

Recommendation 6 Implemented Not implemented

Report 479: Australian Government Security Arrangements

Recommendation 3 Not assessed Implemented

Recommendation 4 Not assessed Partially implemented

Note a: Defence advised the ANAO that the Human Research Ethics Committee (DDVA HREC) located in the Defence portfolio is a non-statutory committee independent from both Defence and the Department of Veterans’ Affairs (DVA). Defence further advised that due to the committee’s independence, Defence and DVA cannot direct it to implement these recommendations and that is why Defence agreed in principle to the recommendation. Defence considers that it has implemented what it committed to do in the response to the parliamentary committee’s recommendation. Source: ANAO analysis.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

60

3.42 In respect to the four parliamentary committee recommendations assessed by the ANAO as partially implemented:

• three recommendations required Defence to provide a report back to the relevant committee, however the information provided in Defence’s responses was incomplete, not sufficiently detailed or a combination of both86; and

• one response involved implementation measures that were only partly concluded.87

3.43 In respect to the five parliamentary committee recommendations assessed by the ANAO as not implemented:

• Defence decided to not go ahead with implementing two recommendations but the relevant parliamentary committee was not informed of this decision88; and

• for three recommendations89, Defence considered the government response to have constituted implementation of the recommendation and that no further action was required. The ANAO’s assessment was that in each of the three cases the recommendation clearly called for action beyond the government response and that by agreeing or agreeing in principle to the recommendations, but not clearly stating that the action asked for in the recommendation would not be undertaken, Defence did not clearly convey its intentions to the relevant parliamentary committee. In responding to parliamentary committee recommendations, care is required to avoid the risk of ambiguity.

3.44 More detailed information on the Defence and ANAO assessments of the implementation status of the selected parliamentary committee recommendations is presented in Table 3.15 to Table 3.20.

86 Recommendation 4 from JCPAA Report 470: Defence Sustainment Expenditure, and recommendations 1 and 3 from JCPAA Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP. 87 Recommendation 4 from JCPAA Report 479: Australian Government Security Arrangements. 88 These were recommendations 2 and 3 from the SSCFADT report on Impact of Defence training activities and

facilities on rural and regional communities. 89 These were: recommendation 1 from the JSCFADT report on Contestability and Consensus A bipartisan approach to more effective parliamentary engagement with Defence; recommendation 6 from JCPAA Report 470: Defence Sustainment Expenditure; and recommendation 6 from JCPAA Report 475: Defence First

Principles Review, Naval Construction and Mental Health in the AFP.

Table 3.15: Senate Standing Committee on Foreign Affairs, Defence and Trade Report — Use of Quinoline anti-malarial drugs mefloquine and tafenoquine in the Australian Defence Force

Recommendation Government response Defence view

of current status of implementation

ANAO assessment of implementation

Recommendation 1

The committee recommends that the terms of reference of the Departments of Defence and Veterans' Affairs Human Research Ethics Committee be updated to explicitly include consideration that prospective research participants may be vulnerable to perceived coercion to participate.

Recommendation 2

The committee recommends that all members of the Australian Defence Force who are invited to participate in medical research have access to a confidential conversation with an independent participant advocate prior to consenting to participate.

Agreed in principle (both recommendations).

The Government supports recommendations 1 and 2. However, the Departments of Defence and Veterans' Affairs Human Research Ethics Committee (DDVA HREC) is a non-statutory body independent from both Defence and DVA. Its Terms of Reference include its mandate to protect the mental and physical welfare, rights, dignity and safety of research participants and to review human research in accordance with the National Statement, other national guidelines and legislative instruments. The National Statement suggests that researchers should ‘invite potential participants to discuss their participation with someone who is able to support them in making their decision. Where potential participants are especially vulnerable or powerless, consideration should be given to the appointment of a participant advocate’.

Due to its independence, Defence and DVA cannot direct DDVA HREC to implement these recommendations. As indicated in the report, the Surgeon General of the ADF (SGADF) wrote to the Chair of the DDVA HREC on 4 October 2018 to request that the DDVA HREC consider additional measures to ensure participants “are fully informed of all aspects of the studies and that there is no belief created that Command is endorsing or actively encouraging the study”. On 16 January 2019, the SGADF again wrote to the Chair of the DDVA HREC to inform him of the Committee’s recommendations and to request DDVA HREC consider the matters raised.

Defence is currently reviewing its Human and Animal Research Manual and will ensure that these matters are appropriately addressed at the policy level.

Implemented. Implemented (for both recommendations)

For recommendation 1 Defence wrote to the Department of Defence and Veterans' Affairs Human Research Ethics Committee requesting the committee consider additional measures outlined in the government response. The committee did not agree to update its terms of reference but Defence updated its Human and Animal Research Manual to include a definition of voluntary participation (participation that is free from coercion and any other pressure).

For recommendation 2 the requirement for access to an independent participant advocate is reflected in Defence’s revised Human and Animal Research Manual.

Source: Senate Standing Committee on Foreign Affairs, Defence and Trade report, Use of the Quinoline anti-malarial drugs Mefloquine and Tafenoquine in the Australian Defence Force (December 2018) available from https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Foreign_Affairs_Defence_and_Trade/Mefloquine/Report; the associated Government response; and ANAO analysis.

Table 3.16: Senate Standing Committee on Foreign Affairs, Defence and Trade Report — Impact of Defence training activities and facilities on rural and regional communities

Recommendation Government response Defence view of current status

of implementation

ANAO assessment of implementation

Recommendation 2

The committee recommends that Defence conduct a detailed evaluation of the Local Industry Capability Plan [LICP] Pilot which should be made publicly available.

Agree.

The terms of the pilot contracts are such that relevant information will not be readily available until mid-2019. A detailed evaluation will be completed after that time.

Largely implemented.

Defence advised the ANAO that:

An executive decision was made, without the need for a detailed evaluation to inform it, to extend the application of the LICP requirement to all capital works estimated to cost in excess of $7.5m. The application of the LICP was subsequently incorporated in the Defence Industry Participation Policy, which was announced by the Minister for Defence Industry, Senator the Hon Linda Reynolds CSC, on 28 March 2019. In addition to this public announcement Industry is also advised about the LICP through ongoing and routine engagement as well as in Tender Briefs.

Not implemented

No evidence has been provided of a detailed evaluation of the Local Industry Capability Plan Pilot having been done and being publicly available.

Recommendation 3

The committee recommends that Defence provide an update to the committee about its progress to develop the assessment model by 31 August 2018.

Agree in part.

The Defence Industry Participation Policy is still being developed. Defence is aiming to release the policy later in 2018. Given this timeframe, it would be optimal to report back to the committee in the last quarter of 2018, once industry feedback on the Defence Industry Participation Policy has been considered.

The Defence Industry Participation Policy Participation Schedules/Plans to be used for procurements above $4 million and the

Not implemented. Not implemented

Defence advised that it has not reported back to the committee.

Recommendation Government response Defence view of current status

of implementation

ANAO assessment of implementation

Local Industry Capability Plans for major capital facilities above $7.5 million will help strengthen Defence’s assessment of economic benefit when evaluating Defence tenders.

Recommendation 4

The committee recommends that Defence develop general guidance for base commandants to achieve an appropriate level of engagement with the local community which includes ensuring contact points are available to stakeholders in the local community.

Agree.

Defence conducts annual Defence Consultative Forums and Defence Industry Forums with every State and Territory Government. These forums provide an opportunity for major Defence activities and business opportunities to be brought to the attention of the relevant State or Territory Government. The State and Territory Consultative Forums also provide the opportunity for State and Territory Governments to brief Defence on issues of relevance to Defence capability.

In addition, the Centre for Defence Industry Capability and Defence Teaming Centre have strong relationships with the State and Territory Governments, promoting the Australian Government's defence industry and innovation policy and opportunities for local companies. The Centre for Defence Industry Capability run frequent 'Doing business with Defence' events in addition to project specific outreach events.

The above State and Territory level engagements are reinforced through the establishment and maintenance of meaningful local relationships at the regional level as recommended by the Committee. Senior Australian Defence Force Officers and Base Support

Largely implemented. Largely implemented

Defence advised the ANAO that it decided to address this recommendation by requiring all bases to develop a Community Engagement Plan (CEP). A CEP amongst other things, is intended to inform and identify stakeholders and the wider community of planned base activities.

The requirement for all bases to develop a CEP was included in the Joint Framework for Base Accountabilities which launched in February 2019.

Defence advised the ANAO in March 2021 that it is actively engaging with Base leadership to prompt completion of outstanding CEPs by the end of 2021.

Recommendation Government response Defence view of current status

of implementation

ANAO assessment of implementation

Managers working at regional locations are well placed to engage with local communities as they are more easily able to sustain those relationships. Regional Public Affairs offices currently communicate Defence activities through local and wider media outlets.

Defence is committed to establishing and maintaining relationships with local community organisations. Defence, through local Senior Australian Defence Force Officers and other mechanisms , aims to nurture relationships with all communities and organisations to:

• demonstrate Defence as a transparent and supportive member of the local community;

• communicate an integrated message to the broader community about Defence business, employment, training, community opportunities, and how to access those opportunities;

• enable communities, groups, organisations and individuals to provide feedback to Defence; and

• inform the community of major activities including exercises and hazard reduction burns. This is communicated via public notification in local media.

Source: Senate Standing Committee on Foreign Affairs, Defence and Trade report, Impact of Defence training activities and facilities on rural and regional communities (May 2018), available from https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Foreign_Affairs_Defence_and_Trade/Defencetraining; the associated Government response; and ANAO analysis.

Table 3.17: Joint Standing Committee on Foreign Affairs, Defence and Trade — Contestability and Consensus: A Bipartisan Approach to More Effective Parliamentary Engagement with Defence

Recommendation Government response Defence view of current status

of implementation

ANAO assessment of implementation

Recommendation 1

The Committee recommends that the Australian Government investigate measures to improve cooperation and coordination between the Department of Defence and states and territories to encourage constructive competition aimed at delivering the best capability to serve Australia’s national interest.

Agree.

The Department of Defence has an extensive range of contacts with the States and Territories, including cooperation on Defence aid to the civil community, major event planning, counter terrorism coordination and industrial and commercial discussions. Improving the relationships with the States and Territories is an ongoing requirement the Government has placed on Defence.

Implemented.

Defence advised the ANAO that:

The Government noted in the preamble of the Government Response that this Recommendation was Agreed to as this was an ongoing activity. Improving relationships with States and Territories was an existing Government directive. Examples of this were provided to demonstrate how this was already being addressed by Defence.

Not implemented

There is no evidence that Defence investigated measures, pursuant to this recommendation, to improve cooperation and coordination between the Department of Defence and the states and territories.

Source: Joint Standing Committee on Foreign Affairs, Defence and Trade report, Contestability and Consensus A bipartisan approach to more effective parliamentary engagement with Defence (November 2018), available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Foreign_Affairs_Defence_and_Trade/BipartisanDefAgreement/Government_Response; the Australian Government response; and ANAO analysis.

Table 3.18: Joint Committee of Public Accounts and Audit — Report 470: Defence Sustainment Expenditure

Recommendation Government response Defence view of

current status of implementation

ANAO assessment of implementation

Recommendation 2

The Committee recommends that the Department of Defence consolidate information extracted from its Corporate Plan, Portfolio Budget Statements, Portfolio Additional Estimates Statements and Annual Report in one place online in a format that allows for

Agree (summary).

The 2016-17 Annual Performance Statements in the Defence Annual Report 2016-17 consolidate non-financial performance information regarding

sustainment from the Corporate Plan and the Portfolio Budget/Additional Estimates Statements. The Annual Performance Statements are published online and presented in accordance with guidance from the Department of Finance. Additionally, a consolidated list of the top 30 sustainment products by expenditure

Implemented. Implemented

Defence has on its annual report webpage information on the top 30 sustainment expenditure items. Expenditure information is provided in columns for ‘budget estimate’, ‘revised estimate’ and ‘actual expenditure’, thus covering portfolio budget statements, additional estimates and annual report

Recommendation Government response Defence view of

current status of implementation

ANAO assessment of implementation

clear and easy scrutiny of sustainment expenditure. is reported online as supplementary information. Information is published in a format that allows for

clear and easy scrutiny of sustainment expenditure for these projects.

information. The corporate plan has no information on sustainment expenditure so was not included in the reporting despite it being asked for in the recommendation.

Recommendation 3

The Committee recommends that the Department of Defence appropriately signpost to readers of the hard copy/PDF version of the Defence Annual Report that further information is available online, specifying what online information is available.

Agree (summary).

The hard copy/PDF version of the Defence Annual Report 2016-17 included a chapter dedicated to specifying what supplementary information is available online. Appendix B: Supplementary online material includes a consolidated reference to the reports, acquisition, sustainment, facilities and infrastructure information available online.

The online information went live on the same date the Defence Annual Report 2016-17 was presented to the Senate.

Defence will continue to publish a chapter in the Defence Annual Report which signposts to readers instances where further information is available online.

Implemented. Implemented

Appendix B to the 2016-17 Defence annual report provided supplementary online information about performance. This was also done in the 2017-18, 2018-19 and 2019-20 annual reports.

Recommendation 4

The Committee recommends that within six months of the tabling of this report the Department of Defence provide to the Committee: a report on progress in driving First Principles Review reforms; detail of the positive changes that have been realised to date with the implementation of the First Principles Review; an update on the progress of the Systems Program Offices review; a report on progress of the whole-of-life costing model; a report on progress to selecting a

Agree (summary).

Defence has completed the initial two-year implementation period of the First Principles Review and has made considerable progress, having completed 71 of the 75 recommendations that were agreed or agreed-in-principle by the Government.

In completing these recommendations, Defence has implemented significant positive changes that have:

• strengthened the accountability of the Senior Leadership Group;

• created a stronger and more strategic centre which sets the direction for Defence, monitors the organisation's performance and focuses on

Largely implemented.

Partially implemented

The government response addressed the first four dot points in the recommendation but there was no reference to ‘progress to selecting a candidate to run the Major Projects Office’. Defence advised the ANAO that: “There are no records to indicate that an update on the appointment of Manager Major Projects Office was provided to the Committee or that detail a reason for not including an update on this as requested by the committee.” The information

Recommendation Government response Defence view of

current status of implementation

ANAO assessment of implementation

candidate to run the Major Projects Office. providing Government with the best possible advice;

• increased the transparency of capital investment decisions through the redesigned capability development process based on the implementation of a risk-based decision- making framework;

• obtained Government agreement to tailor project approval pathways based on risk rather than financial value;

• improved the quality of advice and decision-making by reducing the number of senior committees;

• enhanced efficiency across the whole-of-government processes that support Government decision-making on Defence capability;

• made it easier for industry to work with Government by streamlining commercial policies and practices; and

• developed and released a revised Defence Australian Public Service Performance Framework which focuses on behavioural expectations and aligns to the One Defence Leadership Behaviours.

Work continues on the four remaining recommendations. Of the four, two recommendations relate to continuing work on Systems Program Office reforms. The Systems Program Office reform process is expected to lead to significant efficiency and effectiveness improvements in Capability Acquisition and Sustainment Group, however, with more than 50 Offices reviewed and over 300 individual reform recommendations identified so far, this program of reform is sizable and complex.

Defence developed a total cost of ownership life cycle costing model that replaced the net personnel

provided in the government response was very high level and did not go into matters of substance in any detail.

Recommendation Government response Defence view of

current status of implementation

ANAO assessment of implementation

operating cost process. The model has been used for all new projects approved by Government since October 2016, with these projects now providing transparency over the total cost of ownership.

Recommendation 6

The Committee recommends that the Department of Defence provide a detailed progress report on behavioural changes that have accompanied improvements in internal performance reporting within six months of the tabling of this report.

Agree (summary).

Through the One Defence Leadership Behaviours and Pathway to Change: Evolving Defence Culture 2017- 22, Defence has increased the focus on leadership, accountability and positive workplace behaviour. This reflects the intent of the First Principles Review in achieving a fundamental change to the performance culture of the organisation.

The One Defence Leadership Behaviours identify the personal behaviours that Defence requires its people to demonstrate, emphasising that individuals at all levels must accept responsibility and accountability for their actions and think clearly about the consequences of their actions for Defence. The One Defence Leadership Behaviours are to underpin all decisions and actions made by Defence personnel, and be aligned with our business practices. They have been incorporated into a range of initiatives across Defence to change behaviour and drive good leadership and management practice, supporting a strong performance culture.

Implemented. Not implemented

The response was not a ‘detailed progress report on behavioural changes’ as requested by the Committee in its recommendation, and does not meet the intent of the recommendation.

Source: JCPAA report 470: Defence Sustainment Expenditure (March 2018), available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/DefenceSustainment/Report_470; Government response to recommendations 1-4 and 6; and ANAO analysis.

Table 3.19: Joint Committee of Public Accounts and Audit — Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP

Recommendation Government response Entity view of

current status of implementation

ANAO assessment of implementation

Recommendation 1

The Committee recommends that the Department of Defence maintain momentum to implement recommendations of the First Principles Review relating to the creation of a strong strategic centre and that the department report to the Committee on progress towards full implementation, including the evaluation framework, within six months of tabling this report.

Agree.

Summary & six month progress report.

Defence has undergone significant transformation, implementing 73 of the 75 recommendations from the First Principles Review, achieving a step change in organisational effectiveness and efficiency.

The two remaining First Principles Review recommendations relate to ongoing Capability Acquisition and Sustainment Group reform across the network of Systems Program Offices. This work is complex, with each Systems Program Offices being reviewed to ensure it is operating as efficiently as possible. These reforms will be closely monitored to ensure demonstrable progress and completion by 2023.

Notwithstanding the significant progress that has been achieved to date, Defence remains committed to the principles at the heart of the First Principles Review, and to building on these foundations. This includes strengthening the strategic centre through implementation of the One Defence business model and embedding the One Defence Leadership Behaviours within all levels of Defence.

To ensure Defence is agile, operationally effective and responsive to Government priorities and the changing strategic environment, Defence will continue to become more outcomes-orientated, and deliver results in the most cost-effective and efficient manner.

To do this, Defence is developing and implementing a continuous reform and improvement agenda over the next three years, which will include monitoring, evaluation and reporting on reform progress. By embedding a continuous improvement culture and maintaining a disciplined focus on our reform priorities, Defence will continue to evolve and adapt to meet Australia's changing strategic circumstances.

Implemented. Partly implemented

The government response provided an update on overall implementation of the FPR recommendations (e.g. 73 of the 75 recommendations implemented and an update on outstanding recommendations). The report back also specifically addressed the ‘strategic centre’ issue.

However, the response was high level and did not refer to the evaluation framework, other than through a general reference to future ‘monitoring, evaluation and reporting on reform progress’.

Recommendation 2

The Committee recommends that the Department of Defence

Agree.

Summary & six month progress report.

Implemented. Largely implemented

The response addresses the first part of the recommendation at length.

report back to the Committee on progress in implementing the recommendations of the First Principles Review relating to enabling services, workforce and behaviour within six months of tabling this report. The Committee also recommends that Department of Defence report back to the Committee on any outcomes identified by implementation of these recommendations.

Defence notes that all First Principles Review recommendations relating to enabling services, workforce and behaviour have been implemented. However, Defence acknowledges the importance of continued reinforcement for these changes and that cultural change in particular is a long-term process.

Enabling Services

The First Principles Review of Defence has been a driver in progressing integrated service delivery across Corporate Enabling functions, to improve collaboration and streamline internal processes for better customer outcomes. Building on the Service Delivery Framework refresh in 2018, seven key integrated service delivery projects have been identified:

• a pilot of integrated customer service centres that consist of all the enabling services at seven Defence sites across Australia. The 'ServiceConnect Hubs' provide face-to-face access to the enabling groups, including Human Resourses and Information and Communication Technology services and support for amenities and estate issues;

• the aim of the hubs is to provide seamless, customer focused service delivery outcomes;

• development of an Interim Incident Management System;

• redesign of the Defence intranet;

• streamlined on-boarding for the Defence workforce;

• integrated off-boarding for the Defence workforce;

• consolidation of forms; and

• a single sign on for Defence systems.

Additionally, the Facilities Infrastructure Program of the Integrated Investment Program has been fully integrated into Defence’s Capability Life Cycle. The Smart Buyer process is undertaken for estate proposals and external expert advice on available disposal options is now included in business cases for disposal of sites.

Workforce

Defence has produced a strategic workforce plan, which was a recommendation of both the Defence White Paper, and the First

The ‘outcomes identified by implementation of these recommendations’ were not explicitly discussed, although there are implicit references in some sections.

Principles Review. This plan provides an in-depth analysis of Defence’s workforce and workplace over a ten year planning horizon.

It considers:

• workforce development and movement;

• focuses on how our workforce can be grown and deployed to improve performance; and

• includes strategies for reshaping and reskilling the workforce.

Defence also has subordinate plans addressing specific workforce risks at the Group, Service and Capability levels, including the development of a strategic workforce plan for both the cyber and intelligence workforces.

Defence has also expanded its Science and Technology Cadetship program across Defence, previously only within Defence Science and Technology Group. The Cadetship program provides Defence with a high performing, early talent pipeline to both develop Defence's Australian Public Service Science, Technology, Engineering and Mathematics (STEM) workforce capability and deliver on Departmental STEM commitments.

We are actively considering the future of the workforce and the desired flexibility (technologically and geographically) that staff will want. In the Australian Public Service, we seek to support men and women on parental leave and our recent Flexible Work Awareness Campaign has provided renewed awareness for supervisors and staff of the range of work arrangements available to suit individual and workplace circumstances. In the Australian Defence Force context, the “Total Workforce Model” provides more flexible career options, including easier transfer between different patterns of service, such as full-time, part-time and permanent part-time.

Workforce - Organisational Layers

Defence has 14 layers and this remains unchanged from the March 2015 First Principles Review baseline. The number of organisational layers reflects the necessity of military rank and command structures. The Australian Defence Force’s military rank structure and layers align to those of Australia's principal allies and coalition partners which aids exchanges and inter-operability. The high integration of military members and Australian Public Service employees in Defence leads to more layers compared with other Australian agencies.

Notwithstanding the impact of the military rank structure on Defence’s organisational layers, concerted effort has been undertaken to streamline and reduce the organisational layers affecting the Australian Public Service workforce and increase management spans of control.

Behaviours

Defence continues to build an environment where leaders at all levels are accountable for a positive culture. Pathway to change: Evolving Defence Culture 2017-22 underpins Defence’s cultural reform agenda. This strategy builds on our experiences from the First Principles Review, and identifies six priority areas for continued improvement:

• leadership accountability;

• capability through inclusion;

• ethics and workplace behaviours;

• health, wellness and safety;

• workplace agility and flexibility; and

• leading and developing integrated teams.

Defence fosters a workplace environment where the expected behaviours are clear and reinforced at every step of a person's employment journey. Even prior to formal recruitment action we are assessing the extent to which an individual’s values align with the organisation. Defence values differences, and demonstrates fair, respectful and inclusive behaviour, with the aim of attracting and retaining the most capable individuals to support us in delivering on our mission. We have:

• developed the One Defence Leadership Behaviours to support our cultural intent;

• embedded these Behaviours throughout people policies and process including recruitment, training, leadership development and performance management;

• changed our approach to performance to focus on how work is delivered;

• focussed on leadership accountability and awareness through role charters, performance conversations, climate data and mandatory 360 degree feedback for senior leaders;

• ensured reward and recognition initiatives are in place so that we can hold out the positive behaviours we wish to reinforce;

• supported more than 1,100 Executive Level employees to attend Leading/or Reform,

• which coaches leaders in driving a high performance culture;

• provided training to ensure staff are aware of unconscious bias and what constitutes culturally appropriate conduct in the workplace (partnering with Special Broadcasting Service); and

• introduced Customer Service Delivery Behaviours to guide and reinforce Defence’s commitment to improving service delivery. They articulate the service delivery culture Defence is working towards and make it clear these behaviours are what Defence wants to be known for.

To the Committee's specific request for feedback on the learnings through implementation, cultural reform and reinforcement is a long, deliberate process and requires ongoing dedicated human and financial resourcing to ensure it can be sustained. Our experience to date highlights the following key components are critical to success:

• integration of consistent cultural reform message across all reform activities and throughout people policies and initiatives;

• senior leaders and mangers walking the talk;

• balance is required between the focus of policies and initiatives to address negative behaviours as well as those which exemplify positive behaviour;

• communication and education must be multi-faceted, across many channels, and continue to evolve and mature as the organisation does; and

• measurement is vital, data must be used from across the organisation to produce strategic intelligence about our progress.

Recommendation 3

The Committee recommends that Department of Defence report back to the Committee after six months

Agree.

Summary & six month progress report.

Capability Acquisition Sustainment Group (CASG) System Program Offices (SPO) are embracing SPO reform, and the completion of SPO reform is expected to be ongoing until 2023. In some instances, lessons learnt from other areas of CASG, or innovative ways of

Implemented. Implemented

The government response addressed the report back requirements in the recommendation but only

of tabling this report with an update on the timeframes for reform of the System Program Offices.

accomplishing SPO reform may change the initial plan for reform, for the better.

Consequently, there is some variability in timeframes for accomplishing SPO reform. CASG manages baselines for SPO reform and collates reporting, on a two monthly basis of the progress of SPO reform.

provided very high level information.

Recommendation 4

The Committee recommends that in relation to the naval construction programs, the Department of Defence report back to the Committee in July 2019 with an update on estimated financial costings that were previously released in the 2016 White Paper.

Agree in principle (summary).

The 2016 Defence Integrated Investment Program provided broad guidance over a 20 year view (based on our understanding at the time of release) of the funding requirements in relation to the naval construction program, with delivery of some of these programs, for instance submarines and frigates, extending beyond this period.

The Department of Defence’s estimates for its $89 billion Naval Construction Programs remain unchanged as at the most recent Integrated Investment Program Bi-Annual review informing the Defence Portfolio Budget Statements 2019-20.

Implemented. Implemented

The Government response addressed the report back requirements of the recommendation.

Recommendation 5

The Committee recommends that the Department of Defence should review its requirements around quality of sustainment costing at the second-gate process and update the Committee on outcomes of this review and any changes necessary to its capability lifecycle manual.

Agree.

Summary 2 September 2019.

As outlined in the Capability Lifecycle Manual, Defence currently meets the Estimates Memorandum 2017/55 requirements set out in Budget Process Operational Rules to provide a 'Total Cost of Ownership' estimate to support Second Pass Government consideration.

Sustainment costs at Second Pass are generally based on tender-quality costs, current capability, and/or longer-term parametric modelling.

Defence is currently undertaking a review of the Capability Lifecycle Manual to further enhance Capability Manager Accountabilities, in accordance with the First Principles Review, to ensure Defence delivers what was approved by Government within budget and scope.

Defence will update the Committee following this review if there are any updates to the Capability Lifecycle Manual.

In November 2020 Defence provided the following updated advice to the committee:

Implemented:

Implemented. Implemented

Defence reviewed and updated the Capability Lifecycle Manual and provided an update to the committee.

The department of Defence has completed the review of the Capability Life Cycle which saw requirements of sustainment costing at the second-gate process. This led to the inclusion of the below paragraphs in the updated CLC Manual (v2.0).

Cost Estimation. 5.41 Costs are estimated for each option to be presented to Government. The cost estimates allow decision-makers to understand and directly compare the whole-of-life costs associated with each option. The financial implications of all Cabinet Submissions must be reviewed and endorsed by DFG before lodgement. The Department of Finance provides advice on the presentation of cost information and reviews costings prior to their submission to Government.

5.42 For most projects costs will be based on high quality evidence, drawn from tenders and other high quality sources and complete cost breakdown structures. Facilities and infrastructure, which require consideration by the Parliamentary Joint Standing Committee on Public Works prior to a Request for Tender being issued, require cost estimates at a P80 confidence level.

Currently the CLC Manual only contains one reference to “tender quality” costs, which does not suggest that this is an obligatory process: 5.45 Industry Solicitation and Evaluation. Defence can formally conduct industry solicitation in order to obtain tender quality information around cost, scope, schedule and Australian Industry Capability.

This Recommendation is now closed.

Recommendation 6

The Committee recommends that the Department of Defence provide a copy of its workforce plan to the Committee and summarise the key mitigation strategies in the plan to meet the workforce requirements of the naval shipbuilding program over

Agree in principle (summary).

The then Minister for Defence, the Hon Christopher Pyne MP, launched the Naval Shipbuilding Strategic Workforce Discussion Paper on 15 February 2019. Submissions on this Discussion Paper were sought by 29 March 2019 to help guide further actions and initiatives to support the development of the naval shipbuilding workforce. This input from businesses and other interested parties will help inform the continuous workforce planning being undertaken in support of the National Naval Shipbuilding Enterprise. The Naval Shipbuilding Strategic Workforce Plan is expected to be finalised later in 2019.

For the Committee's reference, a copy of the Discussion Paper, which includes proposed mitigation strategies to meet naval shipbuilding workforce requirements over the short, medium and long term, can be

Implemented. Not implemented

There is no supporting evidence that the agreed action (provide the Committee with a copy of the workforce plan and a summary of key mitigation strategies in the plan) has been undertaken. While the response to the recommendation was ‘agree in principle’, there was no clear statement in the

Source: Joint Committee of Public Accounts and Audit, Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP, available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/DefenceFirstPrinciples/Report_475; Government response 5 December 2019 and 7 December 2020; and ANAO analysis.

Table 3.20: Joint Committee of Public Accounts and Audit — Report 479: Australian Government Security Arrangements

Recommendation Government response Entity view of

current status of implementation

ANAO assessment of implementation

Recommendation 3

The Committee recommends that the Department of Defence expedite the ICT2270 Vetting Transformation project and provide to the Committee a progress report and updated timeline on implementation of the replacement ICT system.

Agreed with qualification.

Defence is managing the ICT 2270 Vetting Transformation Project to deliver a next-generation vetting system, in-line with industry capability, system requirements and acceptable risk levels.

ICT 2270 received National Security Committee (NSC) first-pass approval on 10 April 2018. Defence is scheduled to return to Government for second-pass consideration in quarter one 2020. To ensure the project is being effectively managed, in addition to normal Defence project management processes, the project is overseen by the inter-departmental AGSVA Governance Board.

Quarter one 2020 consideration allows for finalisation of outstanding procurement and risk reduction activities, robust overall cost assurance, and completion of initial system design.

Defence is currently undertaking cost and system design assurance activities following market engagement that commenced in October 2018. Based on this engagement Defence expects to engage the system integrator following NSC second pass consideration.

Additionally, as part of the broader vetting transformation project, Defence released requests for quote for a project delivery partner. These contracts are expected to be finalised following NSC consideration and will provide specialist expertise needed to assist in the management and delivery of the project.

Delivery of ICT 2270 is being managed in-line with delivery of a Defence wide Case Management System and updates to Defence’s enterprise SAP systems. This is required to avoid duplication of basic case management tools across Defence, and ensure Defence systems can support full ICT 2270

Defence agreed with qualification, noting timing of implementation is subject to Defence project governance review and government approval.

Defence reported to JCPAA on 23 August 2019 with a progress report and timeline, noting delay to initial operating capability but reporting ICT2270 is on track for final operating capability in 2023.

Defence has not assessed the recommendation as implemented or not.

Implemented

Defence has implemented the two process elements of JCPAA recommendation 3 that it agreed to, relating to the progress report and updated implementation timeline.

Defence agreed to implement the recommendation with qualification, meaning that it did not agree to implement the first, substantive, component of the recommendation, to expedite the Vetting Transformation project.

Discussed in paragraph 13 and pages 20-21 of Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up.

the short, medium and long term. found at: http://www.defence.gov.au/NavalShipBuilding/Docs/NavalShipbuilidng

StrategicWorkforceDis cussionPaper.pdf.

response that the action requested in the recommendation would not be undertaken.

Recommendation Government response Entity view of

current status of implementation

ANAO assessment of implementation

functionality. This has resulted in a delay to the Interim Operating Capability, however no impact on the Final Operating Capability timeframe is anticipated.

Recommendation 4

The Committee recommends that the Department of Defence establish extra safeguards and quality control measures to ensure that no incidents of sensitive data loss occur prior to operational capability of the new vetting case management system.

Agreed.

Over the last 12 months Defence has put in place a number of additional measures to strengthen security around vetting information. In 2018, Defence completed a vetting system remediation program that enhanced ICT security controls. The eVetting system (PSAMS2) is now accredited against the Australian Government Information Security Manual.

In April 2019, Defence also strengthened DISP requirements, which all vetting providers must be members of. DISP members are required to apply Defence Security policies, including obtaining certification of physical premises and information systems, and personnel clearances for staff handling classified sensitive information. All DISP members undergo Foreign Ownership Control and Influence (FOCI) checks and are required to provide reporting on security incidents and any FOCI changes.

DISP security requirements are reinforced by the recently established Defence Industry Security Office (DISO) which has responsibility for assuring DISP members’ compliance. DISO conducts reviews and audits of DISP members (including Vetting industry members) to ensure appropriate security policies, systems and compliance regimes are in place.

In addition to the DISO assurance activities AGSVA is prioritising resourcing to increase External Security Vetting Systems (ESVS) panel support staffing to create a new position focused on ESVS ICT security assurance.

AGSVA has undertaken a recent refresh of its ESVS panel, replacing the previous industry vetting panel. The new panel arrangements commenced on 12 August 2019 included increased security, professionalisation and capacity standards by requiring panel members to have a national vetting footprint and have all their vetting staff meet AGSVA-directed training competencies. These higher standards are expected to result in some consolidation of the smaller vetting providers, strengthening ESVS panel members’ capability and proficiency.

Defence reported to JCPAA on 23 August 2019 on activities undertaken by Defence to prevent sensitive data loss.

Defence has not assessed the recommendation as implemented or not.

Partially implemented

Defence reported to the JCPAA in August 2019 that it had put in place measures over the previous 12 months to strengthen the security of vetting information. Implementation of two of these measures had not concluded. Defence did not assess the effectiveness of existing safeguards and quality control measures prior to reporting to the JCPAA.

Discussed in paragraph 14 and pages 22-23 of Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up.

Source: Joint Committee of Public Accounts and Audit, Report 479: Australian Government Security Arrangements (April 2019), available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/PersonnelSecurity/Report_479; Government response 26 August 2019; and ANAO analysis in Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up.

A

uditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

78

Were report back requirements to parliamentary committees satisfied?

For the ten parliamentary committee recommendations that included a requirement to report back to the relevant committee, Defence fully met the report back requirement in three instances, partially met the requirement in four instances and did not meet the requirement in three instances. For the eight recommendations that set timeframes for reporting back to the relevant committee, Defence met these timeframes in three cases.

3.45 Ten of the parliamentary committee recommendations included in this audit required Defence to report back to the relevant committee. The ANAO assessed that in respect to these recommendations, Defence: • met the report back requirements in full for three recommendations90; • did not address all elements of the recommendation, or did not provide a sufficiently

detailed response for four recommendations91; and • did not meet the report back requirements for three recommendations.92 3.

46 Eight of the parliamentary committee recommendations set timeframes for Defence to report back to the relevant committee. Defence reported back within the set timeframe for three of these recommendations.93

Recommendation no.3 3.47 When agreeing to a recommendation with qualification, Defence’s response should clearly set out what action will be taken in response to the recommendation, and what part of the recommendation will not be implemented, if any.

Defence response: Agreed.

3.48 Defence agrees to the recommendation.

Grant Hehir Auditor-General

Canberra ACT 12 April 2021

90 These were: recommendations 4 and 5 from JCPAA Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP; and recommendation 3 from JCPAA Report 479: Australian Government Security Arrangements. 91 These were: recommendation 3 from JCPAA Report 470: Defence Sustainment Expenditure; and

recommendations 1, 2 and 3 from JCPAA Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP. 92 These were: recommendation 3 from the SSCFAT report on Impact of Defence training activities and facilities on rural and regional communities report; recommendation 4 from JCPAA Report 470: Defence Sustainment;

and recommendation 6 from JCPAA Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP. 93 Defence reported back within the required timeframe for: recommendations 4 and 6 from JCPAA Report 470: Defence Sustainment; and recommendation 3 from JCPAA Report 479: Australian Government Security

Arrangements.

A

uditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

79

Appendices

A

uditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

80

Appendix 1 Department of Defence response

Appendix 1

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

81

A

uditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

82

Appendix 2 Methodology for selecting the audit sample

The ANAO adopted the following principles in determining the sample of agreed recommendations to include in the audit.

Parliamentary committee recommendations

General approach

• The recommendations were limited to reports published from 2018 onwards made by the three committees most likely to have recommendations relevant to Defence. These were the:

− Joint Committee of Public Accounts and Audit;

− Joint Standing Committee on Foreign Affairs, Defence and Trade; and

− Senate Standing Committee on Foreign Affairs, Defence and Trade.

• Implementation of the recommendation must have been the responsibility of the Department of Defence.

• There must have been a government response that agreed (or agreed in principle/agreed in part) to the recommendation(s). Only responses provided by 31 December 2019 were included.

• Recommendations relating to the parliamentary review of annual reports were excluded as there was already an established process to address such recommendations.

• Recommendations were excluded if they were likely to be examined by the ANAO as part of a separate performance audit, as part of the ANAO’s annual Defence Major Projects Report, or as part of a parliamentary inquiry.

JCPAA recommendations relating to Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up were included in this audit.

Specific considerations

A list of parliamentary committee reports (prepared by the committees mentioned above) for the period January 2018 to June 201994 is presented in Table A.1. The table outlines the total number of recommendations from each report that were included in the audit sample and the rationale for why some recommendations were excluded.

94 This was to allow Defence approximately 12 months for implementation before the commencement of this audit.

Appendix 2

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

83

Table A.1: Parliamentary committee recommendations included in the audit sample

Parliamentary committee

Parliamentary committee report

Number of agreed recommendations in the report

Number of

recommendations included in the audit sample

Rational for excluding

recommendations (where applicable)

Senate Standing Committee on Foreign Affairs, Defence and Trade (SSCFADT)

Use of the Quinoline anti-malarial drugs Mefloquine and Tafenoquine in the Australian Defence Force

14 2

Eight recommendations were directed to the Department of Veterans’ Affairs (DVA). Two other recommendations that included Defence were primarily directed at DVA.

Implications of climate change for Australia's national security

Not applicable 0

N

o Government response provided by 31 December 2019.

Impact of Defence training activities and facilities on rural and regional communities

9 3

Recommendation 1 was assessed as being too broad in scope to include in this audit. The implementation of recommendations 5 and 6 was not the responsibility of Defence. Recommendations 7-9 were not included to allow a spread of recommendations across different areas of Defence.

Joint Standing Committee on Foreign Affairs, Defence and Trade (JSCFADT)

Contestability and Consensus: A Bipartisan Approach to More Effective Parliamentary Engagement with Defence

1 1 Not applicable.

Inquiry into transition from the Australian Defence Force (ADF)

Not applicable 0

N

o Government response provided by 31 December 2019.

Inquiry into the management of PFAS contamination in and around Defence bases

Not applicable 0

N

o Government response provided by 31 December 2019.

A

uditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

84

Parliamentary committee

Parliamentary committee report

Number of agreed recommendations in the report

Number of

recommendations included in the audit sample

Rational for excluding

recommendations (where applicable)

Joint Committee of Public Accounts and Audit (JCPAA)

Report 470: Defence Sustainment Expenditure

6 4

Recommendation 1 was covered by a subsequent ANAO performance audit (Auditor-General Report No.14 2019- 20 Commonwealth Resource Management Framework and the Clear Read Principle. Recommendation 5 was not directed at Defence.

Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP

6 6 Not applicable.

Report 479: Australian Government Security Arrangements

2 2 Not applicable.

Report 473 Defence Major Projects Report (2016-17)

3 0

JCPAA undertook a subsequent review into the Defence Major Projects Report (tabled 7 December 2020).

Total - 41 18 -

Source: ANAO analysis of parliamentary committee reports in the sample period.

ANAO recommendations

General approach

• The recommendations were limited to reports tabled from 2018 onwards.

• Defence must have agreed (or agreed in principle/agreed in part) to the recommendation.

• The tabling of the report must have occurred approximately 12 months (or more) prior to the commencement of this audit.95

95 The audit includes two recommendations from audits that were tabled approximately 11 months before the commencement of this audit. These were included to broaden coverage.

Appendix 2

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

85

• Recommendations were excluded if they were likely to be examined by the ANAO as part of a separate performance audit or as part of the ANAO’s annual Defence Major Projects Report.

The two recommendations from Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations were included in the audit as that was the last ANAO audit that specifically assessed the effectiveness of Defence’s monitoring of the implementation of ANAO and internal audit recommendations.

ANAO recommendations relating to Auditor-General Report No.21 2020-21 Delivery of Security Vetting Services Follow-up were included in the audit sample (consistent with the approach to JCPAA recommendations discussed above).

Specific considerations

A list of ANAO performance audit reports tabled during the period January 2018 to July 2019 is presented in the table below. The table outlines the total number of recommendation from each audit that were included in the audit sample and the rationale for why some recommendations were excluded.

Table A.2: ANAO audit recommendations included in the audit sample

ANAO audit report

Number of agreed recommendations in the report

Number of agreed recommendations included in the audit sample

Rational for excluding recommendations (where applicable)

Auditor-General Report No. 2 2019-20 Defence’s Administration of Travel Allowances Paid to APS Employees

1 1 Not applicable.

Auditor-General Report No. 3 2019-20 Defence’s Quarterly Performance Report on Acquisition and Sustainment

1 1 Not applicable.

Auditor-General Report No. 40 2018-19 Modernising Army Command and Control — the Land 200 Program

1 1 Not applicable.

Auditor-General Report No. 31 2018-19 Defence’s Management of its Projects of Concern

2 2 Not applicable.

Auditor-General Report No. 30 2018-19 ANZAC Class Frigates — Sustainment

5 1

The recommendation representing the highest risk was selected to ensure a spread of recommendations across different parts of Defence.

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

86

ANAO audit report

Number of agreed recommendations in the report

Number of agreed recommendations included in the audit sample

Rational for excluding recommendations (where applicable)

Auditor-General Report No. 34 2017-18 Defence’s Implementation of the First Principles Review

1 1 Not applicable.

Auditor-General Report No. 28 2017-18 Defence’s Procurement of Fuels, Petroleum, Oils, Lubricants, and Card Services

3 1

The recommendation representing the highest risk was selected to ensure a spread of recommendations across different parts of Defence.

Auditor-General Report No.25 2012-13 Defence’s Implementation of Audit Recommendations

2 2 Not applicable.

Auditor-General Report No. 38 2017-18 Mitigating Insider Threats through Personnel Security

4 4 Not applicable.

Auditor-General Report No.44 2017-18 Defence’s Management of Sustainment Products— Health Materiel and Combat Rations

2 0

These recommendations were not included to ensure a spread of recommendations across different parts of Defence.

Total 22 14 -

Source: ANAO analysis of ANAO audit reports in the sample period.

A

uditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

87

Appendix 3 ANAO and parliamentary committee recommendations examined in this audit

Table A.3: ANAO audit reports

Report title/recommendations Tabling date

Auditor-General Report No. 2 2019-20 Defence’s Administration of Allowances and Entitlements Paid to APS Employees

Recommendation 1

Defence:

a) review its travel guidance material to eliminate duplication and inconsistency and pr

omote compliance with relevant policies and processes; and

b) implement a process that ensures Defence policy relevant to travel is accurately reflected in guidance material and tools.

22 July 2019

Auditor-General Report No. 3 2019-20 Defence’s Quarterly Performance Report on acquisition and sustainment

Recommendation 1

Defence improve the Quarterly Performance Report as a tool for senior leaders by reporting on:

a) trend performance data for sustainment products; and

b) emerging candidates for the Projects/Products of Concern list and P

roducts/Projects of Interest list that have been recommended by an I

ndependent Assurance Review or which are under active consideration by senior management.

23 July 2019

Auditor-General Report No. 40 2018-19 Modernising Army Command and Control — the Land 200 Program

Recommendation 1

That Defence assess whether it has the capability to adequately perform the role of Prime Systems Integrator, and provide assurance on this matter to the Capability Manager, Chief of Army.

23 May 2019

Auditor-General Report No. 31 2018-19 Defence’s Management of its Projects of Concern

Recommendation 1

Defence introduce, as part of its formal policy and procedures, a consistent approach to managing entry to, and exit from, its Projects of Interest and Projects of Concern lists. This should reflect Defence’s risk appetite and be made consistent with the new Capability Acquisition and Sustainment Group Risk Model and other, Defence-wide, frameworks for managing risk. To aid transparency, the policy and the list should be made public.

Recommendation 2

Defence evaluates its Projects of Concern regime.

26 March 2019

Auditor-General Report No. 30 2018-19 ANZAC Class Frigates — Sustainment

Recommendation 1

Defence update the ANZAC class Product Delivery Schedule of the Navy Materiel Sustainment Agreement to align sustainment plans for the ANZAC class frigates with their operational use and material condition.

18 March 2019

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

88

Report title/recommendations Tabling date

Auditor-General Report No. 34 2017-18 Defence’s implementation of the First Principles Review

Recommendation 1

That Defence ensures that its evaluation encompasses all of the recommendations of the First Principles Review and seeks to assess whether the intended outcomes of the Review have been achieved.

17 April 2018

Auditor-General Report No. 28 2017-18 Defence’s Procurement of Fuels, Petroleum, Oils, Lubricants, and Card Services

Recommendation 1

To improve the management of its bulk fuel inventory, Defence should implement arrangements to provide assurance that control arrangements are working as intended.

19 February 2018

Auditor-General Report No. 25 2012-13 Defence’s Implementation of Audit Recommendations

Recommendation 1

That, to achieve the full benefit of audit recommendations: a) Defence reinforce managers’ responsibilities for implementing agreed recommendations; and b) the Defence Audit and Risk Committee bring to the attention of the Secretary and Chief of the Defence Force, on an exception basis, any recommendations of particular concern that have not been implemented.

Recommendation 2

That the Defence Audit and Risk Committee, in accordance with its charter, provide an annual written report to the Secretary and Chief of the Defence Force on the operation and activities of the Committee. The report should include advice on the overall effectiveness of: Defence Groups’ implementation of audit recommendations; and Defence’s monitoring and reporting arrangements.

27 February 2013

Auditor-General Report No. 38 2017-18 Mitigating Insider Threats through Personnel Security

Recommendation 1

The Department of Defence, in consultation with the Attorney-General’s Department, establish operational guidelines for, and make appropriate risk-based use of, clearance maintenance requirements.

Recommendation 2

The Department of Defence implement the Protective Security Policy Framework requirements to obtain explicit informed consent from clearance subjects to share sensitive personal information with sponsoring entities.

Recommendation 3

The Attorney-General’s Department and the Department of Defence establish a framework to facilitate the Australian Government Security Vetting Agency providing sponsoring entities with specific information on security concerns and mitigating factors identified through the vetting process.

Recommendation 4

Recommendation contained in the non-public Auditor-General report.

11 May 2018

Total ANAO audit recommendations: 14

Appendix 3

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

89

Table A.4: Senate Standing Committee on Foreign Affairs, Defence and Trade

Report title/recommendations Tabling date Government

response date

The Inquiry into the use of Quinoline anti-malarial drugs mefloquine and tafenoquine in the Australian Defence Force

Six recommendations made. The following two were examined in the audit.

Recommendation 1 (agreed in principle)

The committee recommends that the terms of reference of the Departments of Defence and Veterans' Affairs Human Research Ethics Committee be updated to explicitly include consideration that prospective research participants may be vulnerable to perceived coercion to participate.

Recommendation 2 (agreed in principle)

The committee recommends that all members of the Australian Defence Force who are invited to participate in medical research have access to a confidential conversation with an independent participant advocate prior to consenting to participate.

6 December 2018 15 March 2019

Impact of Defence training activities and facilities on rural and regional communities

Nine recommendations made. The following five were examined in the audit.

Recommendation 2

The committee recommends that Defence conduct a detailed evaluation of the Local Industry Capability Plan Pilot which should be made publicly available.

Recommendation 3 (agreed in part)

The committee recommends that Defence provide an update to the committee about its progress to develop the assessment model by 31 August 2018.

Recommendation 4

The committee recommends that Defence develop general guidance for base commandants to achieve an appropriate level of engagement with the local community which includes ensuring contact points are available to stakeholders in the local community.

10 May 2018 13 November 2018

Total Senate Standing Committee on Foreign Affairs, Defence and Trade recommendations: 5

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

90

Table A.5: Joint Standing Committee on Foreign Affairs, Defence and Trade

Report title/recommendations Tabling date Government

response date

Contestability and Consensus: A Bipartisan Approach to More Effective Parliamentary Engagement with Defence

Recommendation 1

The Committee recommends that the Australian Government investigate measures to improve cooperation and coordination between the Department of Defence and states and territories to encourage constructive competition aimed at delivering the best capability to serve Australia’s national interest.

November 2018 2 April 2019

Total Joint Standing Committee on Foreign Affairs, Defence and Trade committee recommendations: 1

Table A.6: Joint Committee of Public Accounts and Audit

Report title/recommendations included in audit Tabling date Government response date

Report 470: Defence Sustainment Expenditure

Six recommendations made. The following four were examined in the audit

Recommendation 2

The Committee recommends that the Department of Defence consolidate information extracted from its Corporate Plan, Portfolio Budget Statements, Portfolio Additional Estimates Statements and Annual Report in one place online in a format that allows for clear and easy scrutiny of sustainment expenditure.

Recommendation 3

The Committee recommends that the Department of Defence appropriately signpost to readers of the hard copy/PDF version of the Defence Annual Report that further information is available online, specifying what online information is available.

Recommendation 4

The Committee recommends that within six months of the tabling of this report the Department of Defence provide to the Committee: a report on progress in driving First Principles Review reforms; detail of the positive changes that have been realised to date with the implementation of the First Principles Review; an update on the progress of the Systems Program Offices review; a report on progress of the whole-of-life costing model; a report on progress to selecting a candidate to run the Major Projects Office.

Recommendation 6

The Committee recommends that the Department of Defence provide a detailed progress report on behavioural changes that have accompanied improvements in internal performance reporting within six months of the tabling of this report.

March 2018 9 November

2018

Appendix 3

Auditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

91

Report 475: Defence First Principles Review, Naval Construction and Mental Health in the AFP

Six recommendations made to Defence. All were examined in the audit.

Recommendation 1

The Committee recommends that the Department of Defence maintain momentum to implement recommendations of the First Principles Review relating to the creation of a strong strategic centre and that the department report to the Committee on progress towards full implementation, including the evaluation framework, within six months of tabling this report.

Recommendation 2

The Committee recommends that the Department of Defence report back to the Committee on progress in implementing the recommendations of the First Principles Review relating to enabling services, workforce and behaviour within six months of tabling this report. The Committee also recommends that Department of Defence report back to the Committee on any outcomes identified by implementation of these recommendations.

Recommendation 3

The Committee recommends that Department of Defence report back to the Committee after six months of tabling this report with an update on the timeframes for reform of the System Program Offices.

Recommendation 4 (agreed in principle)

The Committee recommends that in relation to the naval construction programs, the Department of Defence report back to the Committee in July 2019 with an update on estimated financial costings that were previously released in the 2016 White Paper.

Recommendation 5

The Committee recommends that the Department of Defence should review its requirements around quality of sustainment costing at the second-gate process and update the Committee on outcomes of this review and any changes necessary to its capability lifecycle manual.

Recommendation 6 (agreed in principle)

The Committee recommends that the Department of Defence provide a copy of its workforce plan to the Committee and summarise the key mitigation strategies in the plan to meet the workforce requirements of the naval shipbuilding program over the short, medium and long term.

February 2019 2 September 2019

Report 479: Australian Government Security Arrangements

Recommendation 3

The Committee recommends that the Department of Defence expedite the ICT2270 Vetting Transformation project and

April 2019 Multiple from

June 2019 to October 2020

Auditor-General Report No. 34 2020-21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

92

provide to the Committee a progress report and updated timeline on implementation of the replacement ICT system.

Recommendation 4

The Committee recommends that the Department of Defence establish extra safeguard and quality control measures to ensure that no incidents of sensitive data loss occur prior to the operational capacity of the new vetting case management system.

Total Joint Committee of Public Accounts and Audit recommendations: 12

A

uditor-General Report No. 34 2020-21

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

93

Appendix 4 System controls to maintain complete and accurate data

ARMS and PDMS

AFCD advised the ANAO in October 2020 that ANAO audit recommendations are entered into ARMS by different user groups. While access to the system is available to user groups, Defence does not monitor user groups to ensure access is restricted to those officials who require ongoing access. AFCD provided the ANAO with a document, How to Give Access to AMIS and ARMS, which provides technical guidance for providing access to each system. The document provides no guidance on procedural requirements for approving or removing access.

In contrast, the Defence MECC team enters parliamentary committee recommendations into PDMS. PDMS, managed by the Department of Finance, uses role-based access to allow users to perform specific tasks during a ministerial or parliamentary workflow process. Within Defence, the Director of PDMS Training and Support is responsible for managing access to PDMS user groups. PDMS guidance applicable to the parliamentary committee recommendations examined in this audit was being revised and in draft form.

In practice, input to each system is logged with a date, time and username stamp. For each system a version history and data backup is maintained to enable the restoration of earlier versions of recommendations and, in ARMS, Management Action Plans (MAPS). Deletions are possible on ARMS but restricted to the deletion of supporting documents only. For ARMS no manual or guide exists and training to a new team member is delivered on an ad-hoc basis. For PDMS, documentation such as manuals were provided to the ANAO during the audit however these were not endorsed and were in draft form.

A parliamentary committee module was added to PDMS during the audit. The module is intended to enable Defence to track the implementation of parliamentary committee recommendations. Guidance to support the module’s operation — Defence Process Steps for PC Module PDMS; and PDMS Training Handbook — was in draft form in the course of this audit. Defence advised the ANAO in early February 2021 that the procedural documentation to support the implementation of the parliamentary committee module would be completed prior to the end of February 2021.96

96 Defence provided the ANAO with its full suite of updated PDMS guidance on 23 February 2021.