Title Auditor-General—Audit report No. 44 for 2021-22—Performance audit—Effectiveness of the management of contractors—Services Australia: Services Australia
Source Both Chambers
Date 26-07-2022
Parliament No. 47
Tabled in House of Reps 27-07-2022
Tabled in Senate 26-07-2022
Parliamentary Paper Year 2022
Parliamentary Paper No. 181
Paper Type Auditor-General's Report
Disallowable No
Journals Page No. 25
Votes Page No. 68
House of Reps DPL No. 28
System Id publications/tabledpapers/9652502e-31e2-4db9-b128-7ec523896058


Auditor-General—Audit report No. 44 for 2021-22—Performance audit—Effectiveness of the management of contractors—Services Australia: Services Australia

The Auditor-General Auditor-General Report No. 44 2021–22 Performance Audit

Effectiveness of the Management of Contractors — Services Australia

Services Australia

Australian National Audit Office

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

2

© Commonwealth of Australia 2022

ISSN 1036–7632 (Print) ISSN 2203–0352 (Online) ISBN 978-1-76033-757-5 (Print) ISBN 978-1-76033-758-2 (Online)

Except for the content in this document supplied by third parties, the Australian National Audit Office logo, the Commonwealth Coat of Arms, and any material protected by a trade mark, this document is licensed by the Australian National Audit Office for use under the terms of a Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 Australia licence. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/3.0/au/.

You are free to copy and communicate the document in its current form for non-commercial purposes, as long as you attribute the document to the Australian National Audit Office and abide by the other licence terms. You may not alter or adapt the work in any way.

Permission to use material for which the copyright is owned by a third party must be sought from the relevant copyright owner. As far as practicable, such material will be clearly labelled.

For terms of use of the Commonwealth Coat of Arms, visit the It’s an Honour website at https://www.pmc.gov.au/government/its-honour.

Requests and inquiries concerning reproduction and rights should be addressed to:

Senior Executive Director Corporate Management Group Australian National Audit Office GPO Box 707 Canberra ACT 2601

Or via email: communication@anao.gov.au.

Audi

tor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

3

Canber

ra ACT

29 June 2022

Dear Mr President Dear Mr Speaker

In accordance with the authority contained in the Auditor-General Act 1997, I have undertaken an independent performance audit in Services Australia. The report is titled Effectiveness of the Management of Contractors — Services Australia. Pursuant to Senate Standing Order 166 relating to the presentation of documents when the Senate is not sitting, I present the report of this audit to the Parliament.

Following its presentation and receipt, the report will be placed on the Australian National Audit Office’s website — http://www.anao.gov.au.

Yours sincerely

Grant Hehir Auditor-General

The Honourable the President of the Senate The Honourable the Speaker of the House of Representatives Parliament House Canberra ACT

Audi tor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

4

AUD ITING FOR AUSTRALIA

The Auditor-General is head of the Australian National Audit Office (ANAO). The ANAO assists the Auditor-General to carry out his duties under the Auditor-General Act 1997 to undertake performance audits, financial statement audits and assurance reviews of Commonwealth public sector bodies and to provide independent reports and advice for the Parliament, the Australian Government and the community. The aim is to improve Commonwealth public sector administration and accountability.

For further information contact: Australian National Audit Office GPO Box 707 Canberra ACT 2601

Phone: (02) 6203 7300 Email: ag1@anao.gov.au

Auditor-General reports and information about the ANAO are available on our website: http://www.anao.gov.au

Audit team Natalie Whiteley Kim Murray Hugh Balgarnie

Sally Ramsey

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

5

Contents Summary and recommendations .................................................................................................................... 7

Background ............................................................................................................................................... 7

Conclusion ................................................................................................................................................. 9

Supporting findings .................................................................................................................................. 10

Recommendations ................................................................................................................................... 12

Summary of entity responses .................................................................................................................. 12

Key messages and observations ............................................................................................................ 13

Audit findings .............................................................................................................................................. 15

1. Background ............................................................................................................................................. 16

Introduction .............................................................................................................................................. 16

Reviews and inquiries into the APS’s use of contractors ........................................................................ 22

Services Australia’s workforce ................................................................................................................ 29

Previous audits and reports ..................................................................................................................... 32

Rationale for undertaking the audit ......................................................................................................... 33

2. Framework for using contractors ............................................................................................................. 35

Does Services Australia’s guidance provide clarity regarding the different personnel types, including contractors? ........................................................................................................................ 35

Does Services Australia provide guidance on determining whether there is an operational requirement for the use of contractors? ............................................................................................. 36

3. Arrangements for engaging contractors .................................................................................................. 40

Does Services Australia have a contracting suite that is tailored for the use of contractors? ............. 41 Does Services Australia have fit-for-purpose arrangements for inducting contractors? ......................... 44 Has Services Australia established arrangements for the engagement of contractors that support compliance with PSPF Policy 12: Eligibility and suitability of personnel? .......................................... 50

4. Arrangements for managing contractors ................................................................................................. 56

Has Services Australia clearly documented its requirements and expectations regarding the management and oversight of contractors? ....................................................................................... 57

Has Services Australia established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel?................................ 60 Has Services Australia established arrangements for the separation of contractors that support compliance with PSPF Policy 14: Separating personnel? ................................................................. 63

5. Observations and key messages on the selected agencies’ management of contractors ..................... 66 Data availability and transparency .......................................................................................................... 66

Ethical and personnel security requirements .......................................................................................... 68

Parliamentary committee and other review recommendations ............................................................ 69

Key messages from this audit series for all APS agencies .................................................................. 69

Appendices ................................................................................................................................................. 71

Appendix 1 Entity responses ................................................................................................................. 72

Appendix 2 Performance improvements observed by the ANAO .......................................................... 74

Appendix 3 Measures for reporting on workforce size ........................................................................... 76

Appendix 4 Services Australia’s contractor data at 30 June 2021 ........................................................ 77

Auditor-General Report No.44 2021–22 Effectiveness of the Management of Contractors — Services Australia

 The Australian Public Service (APS) workforce

strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS personnel. The approach adopted by the APS has been the subject of ongoing parliamentary interest.

 This is one of a series of three performance

audits undertaken to provide independent assurance to Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce.

 Services Australia has established largely

fit-for-purpose policies and processes for the management of contractors and can demonstrate the effectiveness of some but not all aspects of its arrangements. There remains scope to improve the effectiveness of mandatory training arrangements and implementation of aspects of Policy 12 of the Protective Security Policy Framework (PSPF) relating to the eligibility and suitability of personnel.

 The Auditor-General made three

recommendations aimed at: improving the effectiveness of mandatory training arrangements; aligning the personnel security policy with Supporting Requirement 1(c) of PSPF Policy 12; and obtaining assurance that PSPF Policy 12 has been addressed, particularly where temporary access provisions are used to address the need for rapid recruitment.

 Services Australia has defined 11 types of

contingent workforce (seven types of non-agency personnel, two types of non-APS personnel and two types of secondee). The contingent workforce with the characteristics of a ‘contractor’ include contractors and labour hire.

 The top two contractor activities reported by

Services Australia in 2021 were ‘Information Technology’, and ‘Service Delivery’.

34,049 Services Australia’s APS workforce at 30 June 2021 (headcount).

10,012 Services Australia’s contingent workforce at 30 June 2021 (headcount).

4269

Contractor workforce at 30 June 2021 (headcount). Represents 9.7 per cent of the combined APS and contingent workforce.

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

7

Summary and recommendations

Background 1. The Australian Public Service Commission (APSC) has reported that as at

31 December 2021, the Australian Public Service (APS) employed 155,796 people across 97 APS agencies.1 APS employees are employed under the Public Service Act 1999 (the PS Act), which establishes the APS and is the basis of the regulatory framework applying to it.2

2. APS agencies can, and do, utilise a mixed workforce of APS and non-APS personnel to deliver their purposes. Non-APS personnel include contractors and consultants. Department of Finance (Finance) guidance indicates that the difference between a contract for services and a contract for consultancy services ‘generally depends on the nature of the services and the level of direction and control over the work that is performed to develop the output.’3

3. Workforce planning and management is the responsibility of each APS agency head. In the APS Workforce Strategy 2025, the APSC has stated that:

Ensuring agencies take a structured approach to the use of non-APS employees—including considering where work would be best delivered by an APS employee—and knowledge transfer and capability uplift arrangements is a key element of successful mixed workforce models, which are already being used by agencies across the APS.4

4. Additionally, the APSC has published guidance in the form of Guiding principles for agencies when considering the use of SES contractors5 relating to the use of contractors in APS

1 Australian Public Service Commission, APS Employment Data 31 December 2021 [Internet], 25 March 2022, available from https://www.apsc.gov.au/employment-data/aps-employment-data-31-december-2021 [accessed 20 May 2022]. The number of APS agencies differs from the total number of Australian Government entities and companies, as not all employ staff under the Public Service Act 1999. The Department of Finance reported a total of 187 Australian Government entities and companies as at 19 April 2022. See https://www.finance.gov.au/government/managing-commonwealth-resources/structure-australian-government-public-sector/pgpa-act-flipchart-and-list [accessed 10 June 2022].

The APSC data indicates that the number of ongoing (permanent) APS employees as at 31 December 2021 was 136,284. Ongoing employees made up 87.5 per cent of the APS workforce. There were also 19,512 non-ongoing APS employees at 31 December 2021. Non-ongoing employees in the APS are employed for a specified term, or for the duration of a specified task, or to perform duties that are irregular or intermittent (casual). Of all non-ongoing employees at 31 December 2021, 10,816 (55.4 per cent) were employed for a specified term or the duration of a specified task, and 8,696 (44.6 per cent) were employed on a casual basis. 2 Key elements of the framework are the APS Values (set out in section 10 of the PS Act), APS Employment

Principles (in section 10A), APS Code of Conduct (in section 13) and the Australian Public Service Commissioner’s Directions about the APS Values and employment matters made under sections 11 and 11A. 3 Department of Finance, Contract Characteristics [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/contract-

characteristics [accessed 20 January 2022]. 4 Australian Public Service Commission, Delivering for Tomorrow: APS Workforce Strategy 2025 [Internet], 18 March 2021, p. 27, available from https://www.apsc.gov.au/initiatives-and-programs/aps-workforce-

strategy-2025 [accessed 6 January 2022]. 5 Australian Public Service Commission, Guiding principles for agencies when considering the use of SES contractors [Internet], 14 May 2021, available from https://www.apsc.gov.au/working-aps/aps-employees-

and-managers/senior-executive-service-ses/senior-executive-service-ses/contractors-senior-executive-service [accessed 3 December 2021].

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

8

Senior Executive Service (SES) roles.6 Similar guidance has not been issued for entities when considering the use of contractors for non-SES level roles.

5. The engagement and management of non-APS personnel occurs through procurement action by entities and their contract management processes, rather than the PS Act. These decisions must consider:

• the Commonwealth Procurement Rules (CPRs), which establish the whole-of-government procurement framework, including mandatory rules with which officials must comply when performing duties related to procurement;

• the Protective Security Policy Framework (PSPF), which sets out government protective security policy across the following outcomes: security governance, information security, physical security and personnel security7; and

• entity-specific procurement and contract management arrangements which may be contained in Accountable Authority Instructions (AAIs) made under section 20A of the Public Governance, Performance and Accountability Act 2013 (the PGPA Act, which is the basis of the Australian Government’s finance law) and in entity policies and guidelines.

6. Services Australia has advised the Parliament that as at 30 June 2021, its workforce included 4269 contractors, representing 9.7 per cent of the combined APS and contingent workforce.8 Services Australia’s contractor workforce performs work in most parts of the entity.

Rationale for undertaking the audit

7. The APS workforce strategy states that the APS will continue to deploy a flexible approach to resourcing that strikes a balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers are used to deliver outcomes within agencies. In this context, the strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS workers. The approach adopted by the APS and its agencies has been the subject of ongoing parliamentary interest, with a number of reviews and parliamentary committee inquiries undertaken in recent years.9

8. This audit is one of a series of three performance audits undertaken to provide independent assurance to the Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. Services Australia was selected as one of the APS agencies in this audit series as it is a large and regular user of

6 The SES is established by section 35 of the PS Act, which states that the function of the SES is to provide APS-wide strategic leadership. 7 Attorney-General’s Department, About PSPF [Internet], available from https://www.protectivesecurity.gov.au/about [accessed 27 January 2022]. 8 This was Services Australia’s response to a question on notice, from the Chair of the Senate Finance and

Public Administration References Committee on 20 July 2021, asked as part of the committee’s inquiry into the Current Capability of the APS. 9 These reviews and inquiries, discussed in Chapter 1 at paragraphs 1.14–1.24, include the: 2015 report of the Independent Review of Whole-of-Government Internal Regulation; 2017 to 2019 Joint Committee of Public

Accounts and Audit (JCPAA) Inquiry into Australian Government Contract Reporting — Inquiry based on Auditor-General's report No. 19 (2017–18); 2019 report of the Independent Review of the APS; 2021 second interim report of the Senate Select Committee on Job Security; and 2021 report of the Senate Finance and Public Administration References Committee Inquiry into the Current Capability of the APS.

Summary and recommendations

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

9

non-APS personnel. The other audits in this series review the management of contractors by the Department of Defence and Department of Veterans’ Affairs.

Audit objective and criteria

9. The objective of the audit was to examine the effectiveness of Services Australia’s arrangements for the management of contractors.

10. To form a conclusion against the audit objective, the following high-level criteria were adopted.

• Has Services Australia established a fit-for-purpose framework for the use of contractors?

• Does Services Australia have fit-for-purpose arrangements for the engagement of contractors?

• Has Services Australia established fit-for-purpose arrangements for the management of contractors?

Conclusion 11. Services Australia has established largely fit-for-purpose policies and processes for the management of contractors and can demonstrate the effectiveness of some but not all aspects of its arrangements. There remains scope to improve the effectiveness of mandatory training arrangements and implementation of aspects of Policy 12 of the Protective Security Policy Framework (PSPF) relating to the eligibility and suitability of personnel.

12. Services Australia has established a fit-for-purpose framework for the use of contractors. At the agency level there is guidance which provides clarity regarding the different personnel types, including contractors. Guidance has been developed to assist the largest users of contractors within the agency — its service delivery and ICT areas — determine whether there is an operational requirement for the use of contractors.

13. Services Australia has established largely fit-for-purpose arrangements for the engagement of contractors. Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. Services Australia has established mandatory induction training and systems to monitor and report on the completion of induction training by its entire workforce. The effectiveness of training arrangements is reduced by contractors’ training completion rates and shortcomings in processes to ensure contractors and their managers are aware of mandatory induction training. Services Australia has established policy and processes to support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, the key exception being the requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm. By enacting temporary access provisions pending the outcome of pre-engagement eligibility and suitability checks, there is a risk that Services Australia has not met PSPF Policy 12 requirements where there is no assurance process to ensure satisfactory completion of the required checks within a reasonable timeframe.

14. Services Australia has established largely fit-for-purpose arrangements for the management of contractors. Services Australia has clearly documented its requirements and

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

10

expectations regarding the management and oversight (supervision) of contractors and has established responsibilities for managing completion at the business area level. Arrangements (policy, processes and monitoring) for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel and PSPF Policy 14: Separating personnel have been largely established. With regards to PSPF Policy 14, risks have been identified regarding the effectiveness of agency controls for removing separating individuals’ systems access in a timely way.

Supporting findings

Framework for using contractors

15. Services Australia’s guidance provides clarity regarding the different personnel types, including contractors. (See paragraphs 2.3–2.5)

16. In its provision of guidance on determining whether there is an operational requirement for the use of contractors, Services Australia has focused on the largest users of contractors within the agency — its service delivery and ICT areas. Services Australia has developed arrangements to support workforce planning in its service delivery and ICT workforces which include workforce strategies intended to guide decisions on workforce supply, including for the use of contractors. Decisions to use contractors in all parts of Services Australia’s business are guided by the agency’s Average Staffing Level cap and internal budget allocations. (See paragraphs 2.6–2.11)

Arrangements for engaging contractors

17. Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. For the nine contracts for the engagement of contractors reviewed by the ANAO (engaging 30 per cent of the contractor personnel engaged by Services Australia as of 31 October 2021) all contracts: stated that the supplier must ensure that its personnel comply with all procedures and guidelines required by Services Australia; and included references to applicable agency policies, procedures and guidelines. There was some variability in the terms and conditions of the contracts selected for review, with five ICT contracts not including performance standards. An internal audit from August 2020 states that Services Australia has accepted the risks associated with a lack of performance indicators in the ICT contracts. (See paragraphs 3.3–3.14)

18. Services Australia has largely fit-for-purpose arrangements for inducting contractors, with the completion of mandatory training by its non-APS personnel recorded through monthly reporting. The effectiveness of the arrangements is limited due to low completion rates for mandatory induction and refresher training for contractors, and shortcomings in processes to

ensure that contractors complete training. Monthly training reports examined by the ANAO showed that of the contractors engaged by the agency as at 28 February 2022, 34.7 per cent had completed the mandatory induction modules — with a further 28.3 per cent of contractors deemed ‘induction compliant’ by Services Australia — and 32.2 per cent had completed the 2022 mandatory refresher program. Services Australia advised the ANAO that as at 30 April 2022, 39.3 per cent of contractors had completed the mandatory induction modules — with a

Summary and recommendations

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

11

further 27.0 per cent of contractors deemed ‘induction compliant’ — and 48.8 per cent of contractors had completed the 2022 mandatory refresher program. (See paragraphs 3.15–3.35)

19. Services Australia has established policies and processes that support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, except for PSPF Policy 12 Supporting Requirement 1(c), which relates to obtaining individuals’ agreement to comply with the government’s policies, standards, protocols and guidelines that safeguard resources from harm. Services Australia has enacted temporary access provisions in its personnel security policy ‘to enable rapid recruitment to meet the high service demand generated by COVID-19’ and to manage the 2022 east coast flood emergency and other priorities. There is scope for Services Australia to strengthen its assurance activities to ensure that the mandatory requirements of PSPF Policy 12 have been met, particularly when personnel have already been granted temporary access to Australian Government resources (people, information and assets). (See paragraphs 3.38–3.60)

Arrangements for managing contractors

20. Services Australia has clearly documented its requirements and expectations regarding the management and oversight of contractors. Agency requirements and expectations for contract managers are documented in the Accountable Authority Instructions, the Contract Management Framework and in policies, procedures and guidance. Contract managers are required to undertake mandatory training, with training requirements tailored to the overall risk rating of the contract to be managed. Services Australia requires business areas to ensure that appropriate training has been undertaken but has not established arrangements that provide agency-wide assurance that contract managers have completed the mandatory training. (See paragraphs 4.3–4.13)

21. Services Australia has largely established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel. Services Australia has established policies that support the implementation of PSPF Policy 13 for contractors that address all aspects of the core PSPF requirement. All nine contracts examined by the ANAO included clauses requiring ongoing compliance with Services Australia’s security policies and procedures. In addition, guidance has been established for contract managers around assessing and managing the ongoing suitability of contractors and sharing relevant information of security concern, including forms for reporting security incidents. Where contract periods are greater than three years, Services Australia has no agency-wide assurance that its mandatory requirement for triennial eligibility and suitability checks for contractors is being met. Services Australia has identified opportunities to strengthen arrangements to support compliance with PSPF Policy 13. (See paragraphs 4.14–4.20)

22. Services Australia has established arrangements for the separation of contractors to support compliance with PSPF Policy 14: Separating personnel, including relevant policies and processes, however there is scope for implementation to be more effective. In the nine contracts examined by the ANAO, Services Australia included clauses requiring contractors to comply with Services Australia policies and processes that support compliance with PSPF Policy 14. ANAO testing identified risks in the effectiveness of Services Australia’s ICT controls for removing separating individuals’ systems access in a timely way. Services Australia’s monitoring and reporting on compliance with PSPF Policy 14 has identified that there is further work to be done

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

12

and identified a range of activities to improve compliance around separating personnel, including strengthening the assurance process for the timely removal of separating individuals’ access to agency systems. (See paragraphs 4.21–4.29)

Recommendations

Paragraph 3.35

Services Australia ensure that:

(a) contractors and managers of contractors are aware of their responsibilities regarding mandatory induction training requirements; and (b) contractors complete mandatory induction training.

Services Australia response: Agreed.

Paragraph 3.45

Services Australia update its personnel security policy to include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12.

Services Australia response: Agreed.

Paragraph 3.60

Services Australia strengthen arrangements to obtain assurance that PSPF Policy 12 requirements have been met, particularly to ensure the eligibility and suitability of its personnel who have been granted temporary access to Australian Government resources (people, information and assets).

Services Australia response: Agreed.

Summary of entity responses 23. Services Australia’s summary response is provided below and its full response is included at Appendix 1. An extract of this report was sent to the APSC. The APSC’s summary response is provided below and its full response is included at Appendix 1.

Services Australia’s summary response

Services Australia (the agency) welcomes this report, and considers that the recommendations will assist in improving our arrangements for the management of contractors. Changes to the agency's workforce size and composition reflect government priorities, Budget measures, service delivery demands, ongoing efficiencies and natural attrition. In this context, strong agency capability is essential in delivering on government commitments and transforming the organisation. It is positive that the ANAO has found the agency has a fit-for-purpose framework for the use of contractors, particularly in respect to the guidance that is in place for those groups that are the largest users of contractors, service delivery and ICT.

Summary and recommendations

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

13

APSC’s summary response

The Australian Public Service Commission (APSC) acknowledges the extract of the Proposed Audit Report on the 'Effectiveness of the Management of Contractors' provided for comment.

The APSC recognises the importance of robust workforce planning through implementation of the APS Workforce Strategy 2025. This includes strengthening APS capability, and the strategic use of mixed models of employment, to ensure agencies achieve their outcomes.

Whilst no recommendations are directed toward the APSC, the Commission will consider any relevant findings following the audit's completion.

24. At Appendix 2, there is a summary of improvements that were observed by the ANAO during the course of the audit.

Key messages and observations 25. This is one of a series of three performance audits undertaken to provide independent assurance to Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. As well as Services Australia, the ANAO has examined the effectiveness of the management of contractors by the Department of Defence10 and the Department of Veterans’ Affairs.11

26. Chapter 5 of this audit report sets out high-level observations and key messages for all Australian Public Service agencies following the ANAO’s examination of the three selected agencies’ management of contractors. The observations focus on: data availability and transparency issues relating to the contractor workforce; and the application of ethical and personnel security requirements to the contractor workforce.

10 See Auditor-General Report No.43 2021–22 Effectiveness of the Management of Contractors — Department of Defence. 11 See Auditor-General Report No.45 2021–22 Effectiveness of the Management of Contractors — Department of Veterans’ Affairs.

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

15

Audit findings

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

16

1. Background

Introduction 1.1 The Australian Public Service Commission (APSC) has reported that as at 31 December 2021, the Australian Public Service (APS) employed 155,796 people across 97 APS agencies.12 APS employees are employed under the Public Service Act 1999 (the PS Act), which establishes the APS and is the basis of the regulatory framework applying to it.13

1.2 APS agencies can, and do, utilise a mixed workforce of APS and non-APS personnel to deliver their purposes. Non-APS personnel include contractors and consultants. Department of Finance (Finance) guidance indicates that the difference between a contract for services and a contract for consultancy services ‘generally depends on the nature of the services and the level of direction and control over the work that is performed to develop the output.’14

1.3 In summary, Finance’s guidance states that services performed by a contractor are under the supervision of the entity, which specifies how the work is to be undertaken and has control over the final form of any resulting output. The output of a contractor is produced on behalf of the entity and the output is generally regarded as an entity product. In contrast, performance of consultancy services is left largely up to the discretion and professional expertise of the consultant, performance is without the entity's direct supervision, and the output reflects the independent views or findings of the consultant. While the output of a consultant is produced for the entity, the output may not belong to the entity. Box 1 below sets out the contract characteristics, identified in Finance guidance, that help entities distinguish between contractors and consultants.

12 Australian Public Service Commission, APS Employment Data 31 December 2021 [Internet], 25 March 2022, available from https://www.apsc.gov.au/employment-data/aps-employment-data-31-december-2021 [accessed 20 May 2022]. The number of APS agencies differs from the total number of Australian Government entities and companies, as not all employ staff under the Public Service Act 1999. The Department of Finance reported a total of 187 Australian Government entities and companies as at 19 April 2022. See https://www.finance.gov.au/government/managing-commonwealth-resources/structure-australian-government-public-sector/pgpa-act-flipchart-and-list [accessed 10 June 2022].

The APSC data indicates that the number of ongoing (permanent) APS employees as at 31 December 2021 was 136,284. Ongoing employees made up 87.5 per cent of the APS workforce. There were also 19,512 non-ongoing APS employees at 31 December 2021. Non-ongoing employees in the APS are employed for a specified term, or for the duration of a specified task, or to perform duties that are irregular or intermittent (casual). Of all non-ongoing employees at 31 December 2021, 10,816 (55.4 per cent) were employed for a specified term or the duration of a specified task, and 8,696 (44.6 per cent) were employed on a casual basis. 13 Key elements of the framework are the APS Values (set out in section 10 of the PS Act), APS Employment

Principles (in section 10A), APS Code of Conduct (in section 13) and the Australian Public Service Commissioner’s Directions about the APS Values and employment matters made under sections 11 and 11A. 14 Department of Finance, Contract Characteristics [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/contract-

characteristics [accessed 20 January 2022].

Background

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

17

Box 1: Department of Finance guidance—characteristics of consultancy and non-consultancy contracts

Contractors—characteristics of non-consultancy contracts (only some may apply):

Nature of Services:

• Services performed are the day-to-day duties of the entity – e.g. a recruitment firm providing personnel to fill a temporary vacancy for a personal assistant, or in a program area. The skills required to perform the services would normally be maintained within the entity.

• Involves professional or expert services to implement an existing proposal or strategy – e.g. training specialists to deliver training in line with an existing strategy.

Direction and Control:

• Services are performed under supervision of the entity. The entity specifies how the work is to be undertaken and has control over the final form of any resulting output.

• Professional or expert services provided under non-consultancy contracts are generally delivered without a high level of supervision and direction from the entity, however, the output produced will not necessarily represent the independent views of the service provider – i.e. the entity controls the form of the output.

• The output is being produced on behalf of the entity.

• The output is generally regarded as an entity product.

Integration or Organisation Test:

• Work is an integral part of the entity's business.

Use of Equipment and Premises:

• The entity provides all equipment and supplies.

• The Contractor will usually be engaged to work in the entity's premises.

Remuneration:

• Remuneration is based on the time worked, usually calculated on an hourly rate.

Consultants—characteristics of consultancy contracts

Nature of Services:

• Involves specialist professional knowledge or expertise that may not be maintained in-house.

• There is a need for independent research or assessment.

• Involves development of an intellectual output, e.g. research, evaluation, advice, and recommendations, to assist with entity decision-making.

• Involves a one-off task, a set of tasks or irregular tasks (making employment of permanent staff impractical or undesirable).

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

18

Direction and Control:

• Performance of the services is left largely up to the discretion and professional expertise of the consultant.

• Performance is without the entity's direct supervision.

• The output reflects the independent views or findings of the individual or organisation.

• The output is being produced for the entity.

• The output may not belong to the entity.

Integration or Organisation Test:

• Work performed is an accessory to the entity's business.

Use of Equipment and Premises:

• The Consultant provides their own equipment.

• The Consultant may work from their own premises for some or all of the assignment.

Remuneration:

• Consultancy payments are usually made when agreed milestones are reached or when a task or project is completed.

Source: Department of Finance, Contract Characteristics, available from https://www.finance.gov.au/government/procurement/buying-australian-government/contract-characteristics [accessed 20 January 2022].

1.4 Workforce planning and management is the responsibility of each APS agency head. In the APS Workforce Strategy 2025, in respect to the mix between APS and non-APS personnel, the APSC has stated that:

The APS continues to deploy a flexible approach to resourcing that strikes the balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers collaborate to deliver outcomes within agencies.

A mixed workforce approach will continue to be a feature of APS workforce planning. Non-APS workers, when used effectively in appropriate circumstances, can provide significant benefits to agencies and help them achieve their outcomes. Non-APS workers can also provide access to specialist and in-demand skills to supplement the APS workforce in peak times in business cycles. There will be a need for APS agencies to access skills, capability or capacity differently, including through contractors and consultants, or through external partnerships with academia or industry. There may also be a need to engage with industry to develop skills and capabilities to drive delivery of programs across the service. The use of non-APS employees, including labour hire, contractors

and consultants, brings different opportunities and risks for APS agencies to manage. Agencies relying on mixed workforce arrangements need to take an integrated approach to workforce planning that includes and best utilises their non-APS workers. This is particularly important where key deliverables are specifically reliant on this non-APS workforce.

Ensuring agencies take a structured approach to the use of non-APS employees—including considering where work would be best delivered by an APS employee—and knowledge transfer and capability uplift arrangements is a key element of successful mixed workforce models, which are already being used by agencies across the APS.

Background

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

19

A professional public service harnesses skills, expertise and capacity from a variety of sources to deliver services as priorities arise. We must focus on understanding and removing barriers to external mobility and encouraging the mobilisation of skills from both across and outside the APS.15

1.5 In addition, the APSC has published guidance relating to the use of contractors in APS Senior Executive Service (SES) roles.16 In its Guiding principles for agencies when considering the use of SES contractors17, the APSC states that:

To meet their business needs, agency heads have the flexibility to engage individuals by the most appropriate means to ensure their agency is best placed to deliver for the Australian public. These guiding principles are designed to assist agencies when considering the appropriateness of using a contractor for a Senior Executive Service (SES) equivalent role and to ensure that appropriate governance arrangements are in place.

…

For the purposes of these principles, an ‘SES contractor’ is an SES-equivalent (e.g. equivalent work value, duties, responsibility, and accountability), contracted by an APS agency via a recruitment agency or third party as an integrated part of the agency’s senior leadership workforce. That is, the agency will have no direct employment relationship under the PS Act with the SES contractor.

1.6 The APSC has stated that the purpose of the principles is ‘to provide APS agencies with considerations when seeking to go beyond the APS employment framework for senior executive capabilities’.18 Box 2 below sets out the considerations identified in the APSC guidance.

Box 2: APSC guidance—considerations when using an SES contractor to fill a role

Before using an SES contractor to fill a role, agencies should satisfy themselves that there is a genuine operational requirement for an SES contractor.

• Consideration should be given to the range of employment options available under the PS Act, including temporary employment, before an SES contractor is sourced.

• This includes considering whether the operational requirement is better suited to a short-term consultant (e.g. where a specific skillset is needed for a short time for a single project or deliverable, without integration into the leadership of an agency) or should be filled by an SES employee engaged under the PS Act that is part of the leadership of an agency.

− Agencies should note that section 10A of the PS Act recognises that the usual basis of employment is as an ongoing APS employee.

15 Australian Public Service Commission, Delivering for Tomorrow: APS Workforce Strategy 2025 [Internet], 18 March 2021, p. 27, available from https://www.apsc.gov.au/initiatives-and-programs/aps-workforce-strategy-2025 [accessed 6 January 2022].

16 The SES is established by section 35 of the PS Act, which states that the function of the SES is to provide APS wide strategic leadership. 17 Australian Public Service Commission, Guiding principles for agencies when considering the use of SES contractors [Internet], 14 May 2021, available from https://www.apsc.gov.au/working-aps/aps-employees-

and-managers/senior-executive-service-ses/senior-executive-service-ses/contractors-senior-executive-service [accessed 3 December 2021]. 18 ibid., paragraph 1.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

20

• SES contractors may be required in a range of circumstances, such as where a person holds specialised experience, skills and capabilities unable to be sourced from the market through general recruitment at that point in time.

• In some cases, an agency’s overall business model may require a combination of SES contractors and SES employed under the PS Act as part of their workforce composition.

Agencies should ensure their systems, infrastructure, contracts and governance are appropriate to manage using SES contractors. This includes ensuring that:

• SES contractors are suitably inducted into the agency and provided with all relevant information and training relating to exercising their responsibilities in the role.

• SES contractors understand the ethical obligations of their role. SES contractors should be expected to model and promote the highest standards of ethics and integrity in the unique context of the APS operating environment.

− SES contractors are not employed under the PS Act but should be held to similar standards of behaviour as set out in the APS Values and Code of Conduct.

• SES contractors facilitate and contribute appropriate knowledge transfer and capability growth within the agency.

Under subsection 78(8) of the PS Act, if it is proposed that an SES contractor will exercise delegated functions or powers, consent must be sought from the APS Commissioner before any functions or powers are delegated to the SES contractor.

• Agencies should consider their own internal agency delegations and ensure that they reflect any such powers.

Source: Australian Public Service Commission, Guiding principles for agencies when considering the use of SES contractors, 14 May 2021, paragraphs 5–7, available from https://www.apsc.gov.au/working-aps/aps-employees-and-managers/senior-executive-service-ses/senior-executive-service-ses/contractors-senior-executive-service [accessed 3 December 2021].

1.7 The APSC guidance states that the APSC will collect data on SES contractors, and that for the purposes of reporting, an SES contractor is a person undertaking SES equivalent work who is not engaged under the PS Act or an agency’s enabling legislation.19 As at 8 March 2022 the APSC had not published data on SES contractors. The APSC advised the ANAO on 3 March 2022 that there were 40 SES contractors in the APS as at 31 October 2021.

1.8 The APSC has not issued guiding principles for the use of non-SES contractors in APS agencies.20

19 ibid., paragraph 8. 20 The APSC advised the ANAO in June 2022 that: The Commission notes that the procurement of labour hire and contractor services is not considered employment of personnel under the Public Service Act 1999. Rather, APS agencies must follow the

CPRs when procuring these services and seek guidance from the Department of Finance. We note that the report makes multiple references to the Commission not issuing guiding principles for the use of non-SES contractors in APS agencies. As a point of correction, it is not part of the APSC remit to provide guiding principles for the use of non-SES contractors. It is a matter for the Department of Finance and the report should reflect this. The Australian Public Service Commissioner’s functions include monitoring, reviewing and reporting on effective performance of the APS. The Contractors in the Senior Executive Service (SES) guidance was created in support of this function as the SES provide APS-wide strategic leadership of the highest quality and are responsible for ensuring effective performance, which extends to SES contractors.

Background

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

21

1.9 The APSC and Finance guidance may be supplemented at the entity-level by internal guidance on the different personnel types and how to decide whether there is an operational requirement for the use of non-APS personnel such as contractors.

1.10 The engagement and management of non-APS personnel occurs through procurement action by entities and their contract management processes, rather than the PS Act. The Commonwealth Procurement Rules (CPRs) establish the whole-of-government procurement framework, including mandatory rules with which officials must comply when performing duties related to procurement. Entity-specific procurement and contract management arrangements may also be contained in Accountable Authority Instructions (AAIs) made under section 20A of the Public Governance, Performance and Accountability Act 2013 (the PGPA Act, which is the basis of the

Australian Government’s finance law) and in entity policies and guidelines. Contract managers must implement applicable internal requirements and the CPRs and associated requirements set by the Department of Finance. Non-APS personnel must comply with their contractual obligations and any applicable management, oversight and behavioural requirements.

1.11 Non-APS personnel may be ‘officials’ under section 13 of the PGPA Act, in which case they must comply with the finance law in addition to their contractual obligations and applicable entity requirements.21 The finance law includes the PGPA Act, the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), entity AAIs, and other legal and policy frameworks — including the whole-of-government procurement, grants, advertising and risk management frameworks. All personnel exercising delegated power under the PGPA Act or other legislation must also comply with the requirements attaching to those delegations.

1.12 Entities’ management of their non-APS personnel is subject to the Protective Security Policy Framework (PSPF), which sets out government protective security policy across the following outcomes: security governance, information security, physical security and personnel security.22 The PSPF policies under the ‘personnel security’ outcome outline how to screen and vet personnel and contractors to assess their eligibility and suitability. They also cover how to assess the ongoing suitability of entity personnel to access government resources and how to manage personnel separation.23 Entity compliance with the three personnel security policies under the PSPF ‘ensures its employees and contractors are suitable to access Australian Government resources, and meet an appropriate standard of integrity and honesty’.24 The policies and their core requirements are outlined in Figure 1.1 below.

21 The definition of an ‘official’ and the duties of officials are discussed in: Department of Finance, General duties of officials: Resource Management Guide No.203 [Internet], November 2016, available from https://www.finance.gov.au/government/managing-commonwealth-resources/general-duties-officials-rmg-203 [accessed 27 January 2022]. 22 Attorney-General’s Department, About PSPF [Internet], available from

https://www.protectivesecurity.gov.au/about [accessed 27 January 2022]. 23 Attorney-General’s Department, Personnel security [Internet], available from https://www.protectivesecurity.gov.au/policies/personnel-security [accessed 27 January 2022]. The applicable PSPF policies are: Policy 12: Eligibility and suitability of personnel; Policy 13: Ongoing

assessment of personnel; and Policy 14: Separating personnel. 24 ibid.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

22

Figure 1.1: PSPF personnel security policies and core requirements

Source: Protective Policy Security Framework, Personnel security, available from https://www.protectivesecurity.gov.au/policies/personnel-security [accessed 3 December 2021].

1.13 Under the PSPF, all agencies must develop their own protective security policies and processes. Services Australia publishes its security policies and procedures on its intranet.

Reviews and inquiries into the APS’s use of contractors

2015 report of the Independent Review of Whole-of-Government Internal Regulation

1.14 The 2015 Independent Review of Whole-of-Government Internal Regulation (the Belcher Review)25 observed the impact of a number of APS legislative and reporting requirements26, which the review considered to have:

created a recruiting environment where entities tend to engage staff through a particular employment category that may not align with their business needs. For example: … contractors hired individually, or through firms, are excluded from ASL [average staffing level] and headcount reporting. While a valid engagement option, it may present longer term issues regarding organisational capacity and knowledge management, and may be a more expensive option in the longer run.27

25 Barbara Belcher, Independent Review of Whole-of-Government Internal Regulation Report to Secretaries Committee on Transformation, Volume 2 Assessment of key regulatory areas [Internet], August 2015, available from https://www.finance.gov.au/sites/default/files/2020-05/independent-review-of-whole-of-government-internal-regulation-volume-2-report.pdf [accessed 7 December 2021].

The review was commissioned to critically assess and recommend modification to government regulations. 26 ibid., p. 154. 27 ibid., p. 156.

•Each entity must ensure the eligibility and suitability of its personnel who have access to Australian Government resources (people, information and assets). •Entities must use the Australian Government Security Vetting Agency

to conduct vetting, or where authorised, conduct security vetting in a manner consistent with the Personnel Security Vetting Standards.

PSPF Policy 12: Eligibility and suitability of personnel

•Each entity must assess and manage the ongoing suitability of its personnel and share relevant information of security concern, where appropriate.

PSPF Policy 13: Ongoing assessment of personnel

•Each entity must ensure that separating personnel have their access to Australian Government resources withdrawn, and are informed of any ongoing security obligations.

PSPF Policy 14: Separating personnel

Background

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

23

1.15 Box 3 below contains an excerpt from a Parliamentary Library research paper on public sector staffing and resourcing, which addresses the ASL concept and related issues.28

Box 3: Public sector staffing and resourcing (Staffing, contractors and consultancies)— Parliamentary Library, October 2020—excerpt

When discussing public sector employees, the budget papers use the average staffing level (ASL), a method of counting that adjusts for casual and part-time staff in order to show the average number of full-time equivalent employees. ASL is almost always a lower figure than a headcount of actual employees (the Australian Public Service Commission uses the headcount method).a

In the 2015–16 Budget, the Government undertook to maintain the size of the general government sector (GGS), excluding military and reserves, at around or below the 2006–07 ASL of 167,596. Agency Resourcing: Budget paper No. 4: 2020–21 indicates that this objective has been achieved over the years prior to the COVID-19 pandemic.

Note a: ANAO comment: the APSC has stated that ‘ASL counts staff for the time they work. For example, a full-time employee is counted as one ASL, while a part time employee who works three full days per week contributes 0.6 of an ASL. The ASL averages staffing over an annual period. It is not a point in time calculation.’ See Appendix 3 of this audit. Source: Philip Hamilton, Public sector staffing and resourcing (Staffing, contractors and consultancies), Parliamentary

Library Research Publications, October 2020, available from: https://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/rp/Budge tReview202021/PublicSectorStaffingResourcing [accessed 27 January 2022].

2019 report of the Independent Review of the APS

1.16 The 2019 Our Public Service, Our Future: Independent Review of the Australian Public Service (the Thodey Review) also considered the non-APS workforce.29 The Thodey Review commented that:

Labour contractors and consultants are increasingly being used to perform work that has previously been core in-house capability, such as program management. Over the past five years, spending on contractors and consultants has significantly increased while spending on APS employee expenses has remained steady.30

28 See also Appendix 3 of this audit on average staffing level and headcount. 29 Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service, 13 December 2019, pp. 185–187, available from https://www.pmc.gov.au/sites/default/files/publications/independent-review-aps.pdf [accessed 28 January

2022]. The review examined the governing legislation, capability, culture and operating model of the APS. 30 ibid., p. 185.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

24

1.17 The Thodey Review published data (see Figure 1.2 below) based on submissions to the Joint Committee of Public Accounts and Audit (JCPAA) Inquiry into Australian Government Contract Reporting – Inquiry based on Auditor-General's report No. 19 (2017–18).31 The Thodey Review stated that submissions to the JCPAA inquiry ‘revealed that [the] spend on contractors more than doubled across a sample of 24 agencies between 2012–13 and 2016–17.’32

31 The JCPAA initiated its inquiry in December 2017 to consider Auditor-General Report No.19 2017–18 Australian Government Procurement Contract Reporting. This information report contained ANAO analysis of publicly available data published by the Department of Finance on public sector procurement contracting activity. See the ANAO submission to the inquiry, available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/AGReport1 9/Submissions [accessed 4 February 2022]. As part of its inquiry the JCPAA requested details of expenditure on contractors, consultants and labour hire

workers from selected government entities. The JCPAA asked these entities for the following information in respect to non-consultancy services: • Contractors directly procured by the entity for labour (for the provision of either long or short term additional labour capacity) and on-hire contractors.

• A list of the top three categories of work for which contractors have been most frequently engaged, for each of the past five financial years [2012–13, 2013–14, 2014–15, 2015–16, 2016–17]. • Provide expenditure figures on contractors for each of the past five financial years, including a breakdown of expenditure against the top three categories of work. Entity responses to the JCPAA are available from

https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/AGReport1 9/Submissions [accessed 4 February 2022]. The JCPAA issued a statement on 11 April 2019 stating that the committee had decided not to issue a report based on the inquiry. The announcement is available from

https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/AGReport1 9 [accessed 28 January 2022]. 32 Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service, 13 December 2019, p. 186, available from

https://www.pmc.gov.au/sites/default/files/publications/independent-review-aps.pdf [accessed 28 January 2022].

Background

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

25

Figure 1.2: Thodey Review — percentage change in spend on employees, labour contractors and consultancy contract notices

Source: Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service, p. 186.

1.18 The Thodey Review further observed that:

The use of labour contractors and consultancy services warrants specific discussion. About a quarter of the submissions [to the review] commented on their use. Most expressed concern about the growing size of the APS’s external workforce and the negative effect on in-house capability. Data on this topic, as is the case with many APS-wide workforce matters, are not gathered or analysed centrally and are often inadequate. For example, the number of contractors and consultants working for the APS is not counted and data on expenditure are inconsistently collected across the service. Data insights that would shed light on whether contractors or consultants met objectives are not routinely aggregated. This makes it difficult to assess the value of external providers relative to in-house employees or to infer the effect on APS capability.33

…

There is clearly benefit in the APS leveraging the best external capability. It is not possible to have expertise in everything in-house and external providers can be the most efficient way of delivering the best advice, services or support. But the use of external capability needs to be strategic and well-informed, meaning that the APS:

33 ibid., p. 185.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

26

• makes decisions on the use of external capability by reference to a whole-of-service workforce strategy that identifies the core capabilities the APS should invest in building in-house – with external capability used to perform non-core or variable work activity;

• manages use of external capability closely, from the contract design stage through to performance of the prescribed tasks; and

• ensures that all arrangements lead to a transfer of knowledge to the APS.

At all stages the APS should be focused on achieving value for money and better outcomes.

The APS needs to find the right balance between retaining and developing core in-house capability and leveraging external capability to ensure a sustainable and efficient operating model for the decades ahead. To do this effectively, two traditionally autonomous parts of agencies — HR and procurement — must work closely together.34

October 2021 second interim report of the Senate Select Committee on Job Security

1.19 In October 2021, the Senate Select Committee on Job Security released its second interim report, Insecurity in publicly-funded jobs.35 The report examined employment arrangements across the public sector. Drawing on the Thodey Review and JCPAA inquiry, the committee stated that:

the utilisation of labour contractors and consultants has increased markedly in recent years. Across a sample of 24 agencies, spending on contractors has more than doubled over the period between 2012–13 and 2016–17. Furthermore, information sourced from AusTender indicated that the total value of consultant contracts across the APS increased from $386 million to $545 million during the same four year period.36

1.20 In common with the Thodey Review37, the committee was critical of data collection relating to the non-APS workforce:

Neither the Australian Public Service Commission (APSC), nor the Department of Finance, was able to confirm how many people engaged through labour hire or other external contracting

34 ibid., p. 187. 35 Senate Select Committee on Job Security, Second interim report: insecurity in publicly-funded jobs [Internet], October 2021, available from https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Job_Security/JobSecurity/Second_Inte

rim_Report [accessed 4 February 2022]. The report is part of a wider inquiry into job security. The committee was established to examine and report on the impact of insecure or precarious employment. The committee’s first interim report (June 2021) examined ‘on-demand platform work’ in Australia. A third interim report (November 2021) examined labour

hire and contracting, with a specific focus on the mining, agriculture, transport and distribution sectors. A fourth interim report (February 2022) examined a number of remaining issues such as casual work, and focused on the retail and hospitality sectors. The committee’s final report (March 2022) related to a possible matter of parliamentary privilege. 36 ibid., paragraph 11.14. ANAO comment: the AusTender data drawn upon by the second interim report was sourced from the Thodey

Review. See Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service, 13 December 2019, p. 186. 37 See paragraphs 1.16–1.18 of this audit.

Background

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

27

arrangements are working within the Australian Public Service. This data is not collected, and neither agency provided an explanation for why this is the case.38

1.21 The committee made the following recommendation on this matter:

The committee recommends that the Australian Government requires:

• the Australian Public Service Commission to collect and publish agency and service-wide data on the Government's utilisation of contractors, consultants, and labour hire workers;

• the Department of Finance to regularly collect and publish service-wide expenditure data on contractors, consultants, and labour hire workers, including the cost differential between direct employment and external employment; and

• labour-hire firms to disclose disaggregated pay rates and employee conditions.39

November 2021 report on the Senate Finance and Public Administration References Committee Inquiry into the Current Capability of the APS

1.22 In November 2021 the Senate Finance and Public Administration References Committee reported on its Inquiry into the Current Capability of the Australian Public Service.40 The matter referred to the committee for inquiry and report was as follows41:

The current capability of the Australian Public Service (APS) with particular reference to:

(a) the APS’ digital and data capability, including co-ordination, infrastructure and workforce;

(b) whether APS transformation and modernisation projects initiated since the 2014 Budget have achieved their objectives;

(c) the APS workforce; and

(d) any other related matters.

38 Senate Select Committee on Job Security, Second interim report: insecurity in publicly-funded jobs [Internet], October 2021, paragraph 11.13, available from https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Job_Security/JobSecurity/Second_Inte rim_Report [accessed 4 February 2022]. See also paragraphs 12.12–12.15 and 15.22–15.25. 39 ibid., paragraph 15.26. 40 Senate Finance and Public Administration References Committee, The current capability of the Australian

Public Service (APS) [Internet], November 2021, inquiry page available from https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Finance_and_Public_Administration/C urrentAPSCapabilities [accessed 2 December 2021]. The inquiry examined the current capability of the APS with particular reference to: the APS’ digital and data

capability, including co-ordination, infrastructure and workforce; whether APS transformation and modernisation projects initiated since the 2014 Budget have achieved their objectives; the APS workforce; and any other related matters. 41 ibid., paragraph 1.1.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

28

1.23 The committee drew on data in the Thodey Review42 and JCPAA inquiry43, and in an effort to ascertain the scale of labour hire usage across the APS44, requested staffing profile information from agencies across all portfolios.45 The committee observed that:

The responses received indicated that agencies had differing methods of collecting data, and that many agencies did not collect data that allowed them to disaggregate the numbers of labour hire workers from other contractors.

For example, some agencies advised that their recordkeeping systems did not or could not differentiate between contractors directly procured by the agency (e.g. independent contractors), and workers procured through labour hire firms.46

1.24 The committee made 13 recommendations, including the following recommendations on data collection and reporting:

• the annual employee census conducted by the APSC ahead of the State of the Service report be expanded to include all labour hire staff who have been engaged on behalf of the APS in that calendar year (recommendation 5);

• the APSC collect and publish standardised agency and service-wide data on the Australian Government’s utilisation of contractors, consultants, and labour hire workers (recommendation 6); and

• the Department of Finance regularly collect and publish annually service-wide expenditure data on contractors, consultants, and labour hire workers, including the cost differential between direct employment and external employment for each role (recommendation 8).

42 ibid., paragraphs 2.12–2.19. 43 ibid., paragraphs 5.28–5.29. 44 The committee recorded at paragraph 3.61 of its November 2021 report that this followed receipt of APSC advice that the APSC did not collect data on the number of labour hire workers used by agencies to

supplement their workforces. The APSC confirmed that it only collected data in relation to public servants and people employed under the PS Act, and that data on labour hire was held by agencies. See Senate Finance and Public Administration References Committee, APS Inc: undermining public sector capability and performance [Internet], November 2021, available from https://parlinfo.aph.gov.au/parlInfo/download/committees/reportsen/024628/toc_pdf/APSIncunderminingp ublicsectorcapabilityandperformance.pdf;fileType=application%2Fpdf [accessed 8 February 2022]. 45 The committee recorded at paragraph 3.67 of its November 2021 report that it asked for:

1) The staffing profile for the agency as at 1 July 2021, broken down into: a) APS ongoing employees: headcount and Average Staffing Level (ASL); b) APS non-ongoing employees: headcount and ASL; c) Labour hire staff: headcount and Full-Time Equivalent (FTE); and d) Other contractors: headcount and FTE.

2) The percentage of staff engaged through labour hire arrangements as a percentage of total agency headcount. 3) The total value of labour hire contracts entered into between 1 January 2021 and 30 June 2021. 46 Senate Finance and Public Administration References Committee, APS Inc: undermining public sector

capability and performance [Internet], November 2021, paragraphs 3.68–3.69, available from https://parlinfo.aph.gov.au/parlInfo/download/committees/reportsen/024628/toc_pdf/APSIncunderminingp ublicsectorcapabilityandperformance.pdf;fileType=application%2Fpdf [accessed 8 February 2022].

Background

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

29

Services Australia’s workforce 1.25 Services Australia is an Executive Agency established under subsection 65(1) of the Public Service Act 1999.47 In its 2020–21 annual report, Services Australia states that it:

designs, develops, delivers, coordinates and monitors government services and payments relating to social security, child support, students, families, aged care and health programs. We provide advice to government on the delivery of these services and payments, and collaborate with other agencies, providers and businesses to provide convenient, accessible and efficient services to individuals, families and communities.48

1.26 Among the agency’s key functions are the delivery of Centrelink social security payments and services, the administration of Medicare, and assistance with child support arrangements between separated parents. To deliver its key activities, Services Australia has an approved workforce allocation for APS resources in the Portfolio Budget Statements (PBS). The actual APS workforce is reported in Services Australia’s annual report each year. Table 1.1 below sets out Services Australia’s workforce allocation and utilisation over three years.

Table 1.1: Services Australia’s budgeted and actual APS workforce

APS workforce 2018–19 2019–20 2020–21

Budget estimatea 28,587 26,703 27,637

Actualb 27,529 26,682 27,896

Note a: Budget Estimate data is sourced from Services Australia’s Portfolio Budget Statements (PBS). Services Australia defines these figures as ‘The average number of employees receiving salary/wages (or compensation in lieu of salary/wages) over a financial year, with adjustments for casual and part-time employees to show the full-time equivalent.’ Note b: Actual workforce data is sourced from Services Australia’s annual reports, reported as FTE (over the financial

year). This differs from the figures in Table 1.2 which are reported by headcount. Source: Services Australia Portfolio Budget Statements and annual reports 2018–19, 2019–20 and 2020–21.

1.27 Services Australia’s 2019–23 Strategic Workforce Plan identifies that determining an appropriate workforce mix (including the non-APS workforce) is an important element of maintaining a flexible, capable and connected workforce across the country to deliver its outcomes. In addition to its APS workforce, Services Australia has defined 11 types (cohorts) of contingent workforce. These are: student placement; system access only; contractor; labour hire; consultant; interpreter; service staff; outsourced (staff); APS secondee; non-APS secondee; and partner.

1.28 Box 4 below sets out the workforce definitions used by Services Australia that have the characteristics of a ‘contractor’ discussed in paragraphs 1.2–1.3 and Box 1.

47 Services Australia is part of the Social Services portfolio. Its Chief Executive Officer is the Agency Head under the PS Act and the accountable authority under the PGPA Act. As a non-corporate Commonwealth entity under the PGPA Act, Services Australia is not a body corporate. 48 Services Australia, Annual Report 2020–21 [Internet], p. 3, available from

https://www.servicesaustralia.gov.au/annual-report-2020-21?context=1 [accessed 8 February 2022]. Services Australia’s Corporate Plan 2021–22 states that the agency’s purpose is: ‘To support Australians by efficiently delivering high quality, accessible services and payments on behalf of government.’ Available from https://www.servicesaustralia.gov.au/corporate-plan?context=1 [accessed 11 February 2022].

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

30

Box 4: Definitions of types of workforce resources that have the characteristics of a contractor — Services Australia

Contractor

A person is a contractor if:

• the person has been supplied to the agency by the person’s own company or another company to do work in and as part of the operations of the agency

• the person is supplied to the agency pursuant to a contract

• the contract specifies the person will supply their labour.

Excludes persons supplied through a labour-hire company or the labour- hire panel.

Labour hire

A person is a labour hire worker if:

• the person has been supplied to the agency by a labour hire company, via a labour hire panel, to do work in and as part of the operations of the agency

• the person has been supplied to the agency pursuant to a contract

• the contract specifies the person will supply their labour.

Service staff

A person supplied to the agency pursuant to a contract for services to provide specified services, outcomes or products where the contract does not specify the quantity of labour effort to be delivered. The agency does not direct the performance of the persons supplied under the contract and the agency has limited control over who or how many persons are provided to deliver the services.

The services cannot easily be equated to Full Time Equivalent hours (FTE).

Outsourced (Staff)

A person supplied to the agency under a contract for services, where the contract does specify the quantity of labour effort to be delivered.

The agency does not direct the performance of the persons supplied under the contract, and the agency has limited control over who or how many persons are provided to deliver the service.

The contract for services focuses on the delivery of defined outcomes, services or products. The contract does not specify the individuals who will perform the services or contain specific terms and conditions in relation to the performance of individual workers.

Services Australia advised the ANAO in March 2022 that non-APS consultants are also included in this category for all figures prior to 31 March 2021 due to Human Resource system limitations.

Source: Services Australia, Contingent workforce resources definitions intranet page, 16 July 2020. Services Australia’s definition of a consultant is ‘A party whose services under the contract meet the Department of Finance’s criteria for a consultancy’.

Background

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

31

1.29 This audit has focused on Services Australia’s workforce resources engaged as ‘contractors’ and ‘labour hire’. Service’s Australia’s definitions in Box 4 state that these persons are supplied ‘to do work in and as part of the operations of the agency’.49 In contrast, for ‘service staff’ and ‘outsourced’ staff, Services Australia’s definitions state that the agency does not direct the performance of the persons supplied under the contract and the agency has limited control over who or how many persons are provided to deliver the services. Contractors and labour hire personnel perform work in all parts of the operations of the agency and Services Australia maintains responsibility for performance.50

Contractor numbers in Services Australia

1.30 Table 1.2 below sets out Services Australia’s APS and contingent workforce headcounts over three years. It includes the agency’s contractor workforce headcount as advised to the Senate Finance and Public Administration References Committee in the context of the committee’s Inquiry into the Current Capability of the APS (discussed in paragraphs 1.22–1.24).

Table 1.2: Services Australia’s workforce headcount

Workforce category Headcount at

30 June 2019

Headcount at 30 June 2020

Headcount at 30 June 2021

APS full-time 20,209 19,976 19,466

APS part-time 7882 7573 7466

APS non-ongoing (including casual employees)

2503 4204 7117

Total APS workforcea 30,594 31,753 34,049

Contractorsb 5165 6993 4269

Consultants –c 110 52

Other contingentd 4039 6144 5691

Total contingent workforcee

9,204 13,247 10,012

Note a: Services Australia annual reports 2018–19, 2019–20 and 2020–21. Note b: See definitions in Box 4. The contractor headcount is the number of individuals categorised as ‘labour hire’ or ‘contractor’ in Services Australia’s ‘Contingent Workforce’ report. The ‘Contingent Workforce’ report is extracted from Services Australia’s Human Resource management system. The report identifies individuals

that are not engaged by Services Australia as APS employees who have access to Services Australia’s systems.

49 For the purpose of this audit, both contractors and labour hire are referred to as ‘contractors’ as these two personnel types are contracted personnel engaged pursuant to a contract to perform a role that is part of the operations of the agency. Taken together, these two groups align with the definition of ‘contractor’ used by the Department of Defence, which enables broad comparison of the arrangements for the management of contractors across the three audits in this series. 50 Services Australia advised the ANAO in March 2022 that the job families where labour hire and contractor

personnel can work include: Accounting and Finance, Administration, Communication and Marketing, Compliance and Regulation, Data and Research, Human Resources, ICT and Digital Solutions, Information and Knowledge Management, Intelligence, Legal and Parliamentary, Monitoring and Auditing, Policy, Portfolio, Program and Project Management, Science and Health, Service Delivery, and Trades and Labour. Services Australia further advised that Service Delivery Partner contractors are contracted to work in service delivery

and therefore can only work in the Service Delivery Job Family.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

32

Note c: As acknowledged in Box 4, non-APS consultants were included in the ‘outsourced staff’ personnel type up to 31 March 2021 and due to the qualifications over these figures, they have not been included in the table. Note d: Other contingent workforce headcount is the number of individuals categorised as ‘outsourced staff’ or ‘service staff’ in Services Australia’s ‘Contingent Workforce’ report. Services Australia advised the ANAO in June 2022

that ‘Consistent with the definitions in Box 4, outsourced staff and service staff are not reported as headcount, this is because these contracts for this personnel type are a fee-for-service arrangement, whereby they provide for workload seconds and do not translate directly to headcount as this is not specified in the arrangements. The Service Delivery Partners that provide outsourced staff, determine the workforce number required to meet the pre-determined workload.’ Note e: As noted in paragraph 1.27, Services Australia has 11 types (cohorts) of contingent workforce. The contingent

workforce figure in this table includes five of these cohorts: contractor, labour hire, consultant, service staff, and outsourced (staff). Source: Services Australia annual reports 2018–19 and 2019–20 and Services Australia records and advice to ANAO.

1.31 Further information on the characteristics of Services Australia’s 4269 contractor personnel as at 30 June 2021 is at Appendix 4, including the organisational group they worked in and their length of service.

Previous audits and reports 1.32 Agencies’ management of their contracted workforce is considered when necessary in the conduct of ANAO audit and assurance work. Examples of ANAO performance audits which have considered the management of a contracted workforce include:

• Auditor-General Report No.2 2017–18 Defence’s Management of Materiel Sustainment51;

• Auditor-General Report No.38 2017–18 Mitigating Insider Threats through Personnel Security52;

• Auditor-General Report No.28 2018–19 Management of Smart Centre’s Centrelink Telephone Services — Follow-up53;

• Auditor-General Report No.1 2021–22 Defence’s Administration of Enabling Services — Enterprise Resource Planning Program: Tranche 154;

• Auditor-General Report No.4 2021–22 Defence’s Contract Administration — Defence Industry Security Program55; and

• Auditor-General Report No.6 2021–22 Management of the Civil Maritime Surveillance Services Contract.56

1.33 The ANAO has prepared two information reports on procurement activity in the Australian public sector, which have included publicly available information on consultants:

51 In particular, paragraphs 5.11–5.16, as well as Box 5, discussed Defence’s engagement of contracted industry expertise to support implementation of the First Principles Review in relation to sustainment. 52 In particular, paragraphs 2.77–2.81 of that report. 53 In particular, paragraph 3.28 and Table 3.3 of that report discussed the Department of Human Services’

arrangements for supporting performance and quality improvements for contracted personnel. 54 In particular, pages 61–66 of the report documented specific probity issues identified in the course of the audit which related to the management of probity in the program, including by contracted personnel, and which required attention. 55 This audit concluded that Defence’s administration of contractual obligations relating to the Defence Industry

Security Program were partially effective. 56 The audit examined whether contract managers were appropriately trained and experienced.

Background

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

33

• Auditor-General Report No.19 2017–18 Australian Government Procurement Contract Reporting; and

• Auditor-General Report No.27 2019–20 Australian Government Procurement Contract Reporting Update.

1.34 These information reports presented publicly available data from public sector procurement activity in a number of ways.57 The publicly available data includes entity reporting on contracts relating to consultancies, including consultancy contract value.

Rationale for undertaking the audit 1.35 The APS workforce strategy states that the APS will continue to deploy a flexible approach to resourcing that strikes a balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers are used to deliver outcomes within agencies. In this context, the strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS employees. The approach adopted by the APS and its agencies has been the subject of ongoing parliamentary interest, with a number of reviews and parliamentary committee inquiries undertaken in recent years, discussed above at paragraphs 1.14–1.24.

1.36 This audit is one of a series of three performance audits undertaken to provide independent assurance to the Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. Services Australia was selected as one

of the APS agencies in this audit series as it is a large and regular user of non-APS personnel. The other audits in this series review the management of contractors by the Department of Defence and the Department of Veterans’ Affairs.

Audit objective, criteria and scope

1.37 The objective of the audit was to examine the effectiveness of Services Australia’s arrangements for the management of contractors.

1.38 To form a conclusion against the audit objective, the following high-level criteria were adopted.

• Has Services Australia established a fit-for-purpose framework for the use of contractors?

• Does Services Australia have fit-for-purpose arrangements for the engagement of contractors?

• Has Services Australia established fit-for-purpose arrangements for the management of contractors?

1.39 The audit examined Services Australia’s framework of policies, plans, processes and guidance that apply to its use, engagement and day-to-day management of contractors.

1.40 The audit did not examine:

57 These information reports were neither an audit nor an assurance review, and no conclusions or opinions were presented.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

34

• the specific procurement arrangements through which particular contractors are engaged, or the assessment of the value-for-money aspect of specific decisions to engage such personnel instead of APS personnel;

• performance management in terms of specific contracted deliverables as this is part of the management of a contract; or

• the vetting process for contractors undertaken by the Australian Government Security Vetting Agency (AGSVA).

Audit methodology

1.41 Audit procedures included discussions with relevant Services Australia personnel and an examination of the following Services Australia documentation.

• Plans, forecasts and management decisions about Services Australia’s workforce use.

• Guidance available to assist officials’ decision making on whether to engage a contractor instead of an APS resource, including the information to be provided to delegates regarding such choices.

• Nine contracts, used to engage 30 per cent of the contractors engaged in the agency as at 31 October 2021.58 These contracts were examined to establish whether they included clauses to require contracted personnel to comply with Services Australia’s policies and procedures, undertake training, and to meet performance standards. The contracts were identified in two stages. Four contracts were identified as bulk labour hire contracts for service delivery personnel, based on management representations from Services Australia. Five contracts were identified as the top five contracts by number of personnel engaged for Service’s Australia’s ICT workforce.

• Mandatory training requirements, procedures and completion reports for induction.

• Policies, procedures and reporting that supports Services Australia’s compliance with PSPF policies 12–14 that relate to the onboarding, ongoing management (including where staff move within the entity) and offboarding of contracted staff.

• Management reports as evidence of the application of Services Australia’s framework for the management of contractors.

1.42 The audit was open to contributions from the public. The ANAO received and considered one submission.

1.43 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $318,474.

1.44 The team members for this audit were Natalie Whiteley, Kim Murray, Hugh Balgarnie and Sally Ramsey.

58 The nine selected contracts comprised: four service delivery workforce contracts that were the four largest (by personnel engaged) contracts for the supply of non-ICT labour hire or contractors, based on Services Australia’s data as at 30 June 2021; and five ICT workforce contracts that were the five largest contracts for the supply of ICT labour hire, based on Services Australia’s advice as at 17 November 2021.

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

35

2. Framework for using contractors

Areas examined This chapter examines whether Services Australia has established a fit-for-purpose framework for the use of contractors.

Conclusion Services Australia has established a fit-for-purpose framework for the use of contractors. At the agency level there is guidance which provides clarity regarding the different personnel types, including contractors. Guidance has been developed to assist the largest users of contractors within the agency — its service delivery and ICT areas — determine whether there is an operational requirement for the use of contractors.

2.1 As discussed in paragraph 1.4, the APS Workforce Strategy 2025 released by the Australian Public Service Commission (APSC), identifies that an important element of successful mixed workforce models is a ‘structured approach to the use of non-APS employees’, which includes Australian Public Service (APS) agencies ‘considering where work would be best delivered by an APS employee’. The strategy also states that:

The use of non-APS employees, including labour hire, contractors and consultants, brings different opportunities and risks for APS agencies to manage. Agencies relying on mixed workforce arrangements need to take an integrated approach to workforce planning that includes and best utilises their non-APS workers. This is particularly important where key deliverables are specifically reliant on this non-APS workforce.59

2.2 This chapter considers the framework established by Services Australia to guide decisions to use contractors. The ANAO examined whether guidance had been developed and issued by Services Australia, that:

• provided clarity about the different personnel types that are utilised as Services Australia’s external workforce, including the definition of ‘contractor’, so the most appropriate option is selected for a particular role; and

• assisted officials to determine whether there is an operational requirement for the use of contractors to support the efficient and effective use of resources.

Does Services Australia’s guidance provide clarity regarding the different personnel types, including contractors?

Services Australia’s guidance provides clarity regarding the different personnel types, including contractors.

2.3 Services Australia has provided internal guidance regarding the different personnel types. This guidance is accessible on Services Australia’s intranet, on a dedicated webpage, and includes the definitions for the 11 types of contingent workforce resources utilised by the agency. These are:

59 Australian Public Service Commission, Delivering for Tomorrow: APS Workforce Strategy 2025 [Internet], 18 March 2021, p. 27, available from https://www.apsc.gov.au/initiatives-and-programs/aps-workforce-strategy-2025 [accessed 6 January 2022].

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

36

student placement; system access only; contractor; labour hire; consultant; interpreter; service staff; outsourced (staff); APS secondee; non-APS secondee; and partner.

2.4 Services Australia’s ‘Contingent workforce resources definitions’ intranet page defines the ‘contractor’ and ‘labour hire’ personnel types as follows:

Contractor

A person is a contractor if:

• the person has been supplied to the agency by the person’s own company or another company to do work in and as part of the operations of the agency

• the person is supplied to the agency pursuant to a contract

• the contract specifies the person will supply their labour.

Excludes persons supplied through a labour-hire company or the labour- hire panel.

Labour hire

A person is a labour hire worker if:

• the person has been supplied to the agency by a labour hire company, via a labour hire panel, to do work in and as part of the operations of the agency

• the person has been supplied to the agency pursuant to a contract

• the contract specifies the person will supply their labour.

2.5 As noted in paragraph 1.29, this audit has focused on Services Australia’s workforce resources engaged as contractors and labour hire, and refers to these collectively as ‘contractors’.

Does Services Australia provide guidance on determining whether there is an operational requirement for the use of contractors?

In its provision of guidance on determining whether there is an operational requirement for the use of contractors, Services Australia has focused on the largest users of contractors within the agency — its service delivery and ICT areas. Services Australia has developed arrangements to support workforce planning in its service delivery and ICT workforces which include workforce strategies intended to guide decisions on workforce supply, including for the use of contractors. Decisions to use contractors in all parts of Services Australia’s business are guided by the agency’s Average Staffing Level (ASL) cap and internal budget allocations.

2.6 Services Australia’s Strategic Workforce Plan (2019–2023) recognises its non-APS workforce as part of its workforce mix. The workforce plan identifies that determining an appropriate workforce mix (including contractors) is an important element of maintaining a flexible, capable, and connected workforce across the country to deliver its outcomes.

Framework for using contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

37

2.7 An October 2021 brief to Services Australia’s Chief Operating Officer states that:

Work is underway to understand the optimal combination of workforce supply types to meet the capacity, capability and affordability requirements of the Agency. This work includes comparing costs of different workforce supply types, identifying and planning for benefits to be realised through transformation initiatives, and our workforce affordability in the short and medium term. Different combinations of supply types impact differently on capacity, capability, and budget60

2.8 To support the delivery of its Strategic Workforce Plan, during 2020 and 2021 Services Australia developed organisational arrangements to support workforce planning for service delivery61 and for elements of its ICT workforces. These areas are the largest users of contractors within the agency. Services Australia has reported that 3716 (87 per cent) of the 4269 contractors it engaged as at 30 June 202162 were engaged in either the Technology Services Group (2289 personnel) or in service delivery (1427 personnel).63

Organisational arrangements to support workforce planning

2.9 The arrangements developed by Services Australia to support workforce planning in its service delivery and ICT workforces include workforce strategies intended to guide decisions on workforce supply, including for the use of contractors. These arrangements are discussed in Box 5 (the service delivery workforce) and Box 6 (the ICT workforce).

Box 5: Service Delivery Optimal Workforce Mix (June 2021)

The Service Delivery Optimal Workforce Mix is intended to guide workforce mix decisions, including commercial labour hire arrangements. It is also intended to guide decisions regarding the most effective use of the employee and contractor budgets allocated to the Customer Service Delivery Group and the Payments and Integrity Group.

Services Australia’s Enterprise Business and Risk Committee (EBRC)a approved the Service Delivery Optimal Workforce Mix in June 2021, which included five workforce management principles to guide decisions on whether to hire APS or contractor personnel. The five principles are:

1. The majority of the workforce should comprise of ongoing APS employees.

60 In January 2022, Services Australia advised the ANAO that this work is ongoing, and forms part of the agency’s routine workforce and financial management processes. The brief also shows that Services Australia has identified, at a high level, the advantages and disadvantages of its various sources of workforce supply, including labour hire. For labour hire, the identified advantages

included high flexibility, ability to onboard in a short timeframe and moderate level of effort to manage and maintain, and the identified disadvantages included high cost of procurement, high level of turnover and high-level coordination to onboard and maintain. 61 The service delivery workforce comprises staffing from the following two groups: Customer Service Delivery Group; and Payments and Integrity Group. 62 Headcount as reported by Services Australia to the Senate Finance and Public Administration References Committee in the context of the committee’s Inquiry into the Current Capability of the APS. See paragraph 1.22. 63 Services Australia advised the ANAO that as at 30 April 2022, 4209 (87 per cent) of the 4851 contractors engaged were in the Technology and Digital Programmes (2792 personnel) or in Customer Service Delivery (1417 personnel).

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

38

2. Non-ongoing staff should be used to supplement core functions for specific time periods and as a targeted strategy to access specialised capabilities.

3. Irregular or Intermittent staff should only be used on a casual basis to backfill unexpected vacancies in the core staffing model, meet demand for certain hours of the day, or to provide surge capacity for peak periods or unexpected events.

4. The utilisation of SDP [Service Delivery Partners] and Labour Hire should typically be focused on Tier 1 and/or campaign functions.b

5. SDP and Labour Hire staff should be used for targeted purposes for Tier 2/Tier 2+ functions.b

The EBRC agreed to form a multi-disciplinary team to further evolve the data and analysis informing the Optimal Workforce Mix.

Services Australia provided the following advice to the ANAO in March 2022 in relation to the implementation of the Optimal Workforce Mix:

The Optimal Workforce Mix provides guidance when making decisions about the service delivery workforce (for example recruitment, training, career pathways and commercial labour arrangements) – rather than a definitive position on the constitution of the workforce.

It will therefore not be ‘implemented’ but is an ongoing body of work that informs the agency’s dynamic considerations of its workforce requirements.

The agency does intend to undertake additional analysis to keep developing the evidence base for the Optimal Workforce Mix – however the agency is currently prioritising the critical support for the government’s emergency responses for COVID-19 and the NSW/Queensland Floods.c The intent is for the supplementary analysis to be progressed as the tempo of surge requirements decrease.

Note a: The committee provides advice to Services Australia’s Executive Committee on matters related to enterprise-wide risks, issues and operations to ensure effective day-to-day running of the agency. Note b: Services Australia describes Tier 1 functions as basic support and processing, where services are a short single interaction such as self-service advice or processing a simple claim (for example, proof of identify or

residential address updates). Services Australia describes Tier 2 functions as mid-level query/claim, where specialised support is provided to customers that need it, and customers receive advice from customer cohort teams. This might include services that require follow up (for example, additional income information) or extended interactions such as a multiple process service (for example, applying for payments and services to help with the cost of raising a child). Note c: Services Australia advised the ANAO in March 2022 that ‘during emergency responses such as COVID-19

and natural disasters, the agency makes decisions about which core functions can be paused or slowed whilst the associated staff deliver essential services to the Australian community. Staff who undertake data analysis functions have been diverted to critical surge priorities, and workforce mix-related analysis is recommenced as surge requirements are reduced’. Source: ANAO analysis of Services Australia documentation.

Framework for using contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

39

Box 6: Technology and Digital Programmes Group Workforce Strategy (September 2020)

Services Australia’s Technology and Digital Programmes Group Workforce Strategy adopts a ‘Build, Buy, Borrow and Transition’ model, which states that:

The overarching principles are designed to be embedded into business and planning processes and will provide managers and enabling functions with a guide for workforce related decision making and investments. This framework will be strengthened by the identification of core vs. non-core roles as decisions about which approach to use will vary depending on the capability/role in focus.

In particular, the strategy states that capability should be borrowed when roles are:

• difficult or costly to build internally;

• needed on a short term or supplementary basis;

• require a long lead time to develop internally;

• difficult to build/buy due to low supply/inability to be competitive; or

• affected by ASL cap constraints.

The strategy also proposes a shift in the group’s workforce mix from 50/50 APS/contractor to 70/30 APS/contractor. A workforce sub-strategy document developed in November 2020, states that the group expected to achieve the target 70/30 workforce mix by June 2025. Services Australia documents indicate that in late 2020 the agency’s minister accelerated the time line, requiring the group to meet this target by 2022.

In January 2022, Services Australia informed the ANAO that the Technology and Digital Programmes Group is implementing the strategy.

Services Australia advised the ANAO that the group’s workforce mix as at 28 February 2022 was 54.5 per cent APS and 45.5 per cent contractors (headcount).

In March 2022, Services Australia further advised the ANAO that the group (which was restructured in December 2021):

is establishing a workforce planning function to enable required workforce capacity, capability and mix (APS and contractor) planning for the group. As this planning progresses, a timeframe for the achievement of a 70/30 workforce mix will be agreed.

Source: ANAO analysis of Services Australia documentation.

2.10 In January 2022, Services Australia informed the ANAO that similar work to develop workforce strategies has not been done in the remaining Services Australia groups because of the smaller non-APS footprint in those groups. Services Australia further informed the ANAO that its refresh of Services Australia’s current Strategic Workforce Plan, planned for later in 2022, will consider whether similar approaches could be applied across the agency.

2.11 Services Australia advised the ANAO in November 2021 that decisions to engage contractors are made within the context of the agency’s: Average Staffing Level (ASL) cap; and internal budget allocations to operational areas, that can be used to purchase, among other things, the services of contractors/labour hire.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

40

3. Arrangements for engaging contractors

Areas examined This chapter examines whether Services Australia has fit-for-purpose arrangements for the engagement of contractors.

Conclusion Services Australia has established largely fit-for-purpose arrangements for the engagement of contractors. Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. Services Australia has established mandatory induction training and systems to monitor and report on the completion of induction training by its entire workforce. The effectiveness of training arrangements is reduced by contractors’ training completion rates and shortcomings in processes to ensure contractors and their managers are aware of mandatory induction training. Services Australia has established policy and processes to support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, the key exception being the requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm. By enacting temporary access provisions pending the outcome of pre-engagement eligibility and suitability checks, there is a risk that Services Australia has not met PSPF Policy 12 requirements where there is no assurance process to ensure satisfactory completion of the required checks within a reasonable timeframe.

Recommendations The ANAO made three recommendations aimed at: improving the effectiveness of mandatory training arrangements; aligning Services Australia’s personnel security policy with Supporting Requirement 1(c) of PSPF Policy 12; and obtaining assurance that PSPF Policy 12 has been addressed, particularly where Services Australia has used temporary access provisions to address the need for rapid recruitment.

3.1 Services Australia’s contracting templates, induction arrangements and arrangements to support compliance with Protective Security Policy Framework (PSPF) Policy 12: Eligibility and suitability of personnel are the primary mechanisms through which the agency ensures that contractors are obliged to comply with Services Australia’s policies and Commonwealth legislation, understand these obligations, and are suitable to access Services Australia’s information.

3.2 This chapter considers the arrangements established by Services Australia for engaging contractors. To form a view on the fitness-for-purpose of Services Australia’s arrangements for engaging contractors, the ANAO examined a sample of contracts that Services Australia has used to engage contractors. Well-designed contracts and clauses help operationalise requirements and assist officials to consistently apply them at the point of engagement. They also document the expectations placed on contractors and provide a basis for managing non-compliance. Nine contracts (engaging 30 per cent of the contractors engaged in the agency as at 31 October 2021) were reviewed to establish whether they included clauses requiring the

Arrangements for engaging contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

41

contracted personnel to meet performance standards and to comply with Services Australia’s policies and Commonwealth legislation. In addition, the ANAO examined:

• the induction arrangements established to help contractors understand what their responsibilities are and how to meet their obligations when working for Services Australia; and

• the policies and processes in place to ensure that the eligibility and suitability of contractors to access Australian Government resources has been established at engagement as required by PSPF Policy 12: Eligibility and suitability of personnel.64 Monitoring and reporting on compliance with the policy was also examined.

Does Services Australia have a contracting suite that is tailored for the use of contractors?

Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. For the nine contracts for the engagement of contractors reviewed by the ANAO (engaging 30 per cent of the contractor personnel engaged by Services Australia as of 31 October 2021) all contracts: stated that the supplier must ensure that its personnel comply with all procedures and guidelines required by Services Australia; and included references to applicable agency policies, procedures and guidelines. There was some variability in the terms and conditions of the contracts selected for review, with the five ICT contracts not including performance standards. An internal audit from August 2020 states that Services Australia has accepted the risks associated with a lack of performance indicators in the ICT contracts.

3.3 The engagement of a contractor is a procurement process and requires the establishment of a contract between Services Australia and the contractor or the contractor’s employer. Services Australia has established centrally managed processes for preparing contracts, including when it engages contractors. Services Australia undertakes the following process for drafting contracts for contractor personnel.

• The relevant business area raises a new request or variation in the relevant online purchasing and procurement system.

• The Procurement Partnering team (non-ICT procurement) or Technology Sourcing Branch (ICT procurement) reviews the request and supporting documentation and creates the work order or variation.

• The work order or variation and supporting documentation is provided to the business area for approval by the delegate.

3.4 Services Australia’s procurement policy is set out in its Accountable Authority Instructions (AAIs). The AAIs and procurement, contract and contract management policies and procedures, and contacts for assistance are available on its intranet.

64 The PSPF defines ‘personnel’ as employees and contractors, including secondees and any service providers that an entity engages. See PSPF Policy 12: Eligibility and suitability of personnel, v.2018.3, available from https://www.protectivesecurity.gov.au/publications-library/policy-12-eligibility-and-suitability-personnel [accessed 27 September 2021].

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

42

3.5 As discussed in paragraph 1.29, contractors are engaged by Services Australia ‘to do work in and as part of the operations of the agency’, that is, to work in roles usually subject to the Australian Public Service (APS) Code of Conduct and APS Values. Services Australia has set out, in internal policies, the behavioural requirements and expectations that contractors are expected to meet when working with the agency. These policies include: security; privacy; fraud; workplace health and safety; and conduct and behaviour.

3.6 The ANAO chose to examine the largest (by personnel number) contracts that Services Australia uses to engage personnel as contractors in its service delivery workforce65 and ICT workforce, to determine whether the contracts included clauses that require the contracted personnel to comply with Services Australia’s policies and procedures, and to meet performance standards.

3.7 The ANAO chose to examine contracts within Services Australia’s service delivery workforce and ICT workforce because these workforces were the two largest users of contractors within Services Australia, based on the contractor data provided by Services Australia to the ANAO. Collectively they engaged 3716 (87 per cent) of the 4269 contractors engaged by the agency as at 30 June 2021.66

3.8 The ANAO selected nine contracts for review, comprising four service delivery contracts and five ICT contracts (Table 3.1 below).67 The selected contracts covered 1508 (30 per cent) of the 5032 contractor personnel in the agency as at 31 October 2021.

Table 3.1: Nine Services Australia contracts for the engagement of contractors examined by the ANAO

Supplier and Services Australia group/workforce Contract start

Contract end

Contract value

($million)a

No. of personnel engaged under contract as at 31 October 2021

Service delivery contracts

Adecco 12 Dec 2017 30 Jun 2022 490.78 579

Chandler Macleodb 11 Dec 2017 30 Jun 2022 487.96 268

Chandler Macleodb 27 Nov 2018 30 Jun 2022 25.00 466

Hays 27 Nov 2018 30 Jun 2022 145.00 54

Technology Services Group contracts

Modis (Consulting & Staffing)c 1 Jul 2021 30 Jun 2022 15.97 42

Apis Group P/L 1 Sep 2020 30 Aug 2022 28.66 39

Modis (Consulting & Staffing)c 1 Jul 2021 31 Mar 2023 11.62 24

65 As noted in footnote 61, the service delivery workforce comprises staffing from the Customer Service Delivery Group and the Payments and Integrity Group. 66 See Figure A.1 in Appendix 4. 67 The nine selected contracts comprised: four service delivery workforce contracts that were the four largest

(by personnel engaged) contracts for the supply of non-ICT contractors, based on Services Australia’s data as at 30 June 2021; and five ICT workforce contracts that were the five largest contracts for the supply of ICT contractors, based on Services Australia’s advice as at 17 November 2021.

Arrangements for engaging contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

43

Supplier and Services Australia group/workforce Contract start

Contract end

Contract value

($million)a

No. of personnel engaged under contract as at 31 October 2021

GoSourcing P/L 1 Jul 2021 30 Jun 2022 7.62 21

SYPAQ Systems P/L 1 Jul 2021 30 Jun 2023 7.89 15

Total 1220.50 1508

Note a: Contract value as reported on AusTender at 16 February 2022. Note b: The two Chandler Macleod contracts cover the provision of contractors for different job profiles. Note c: The two Modis contracts cover the provision of different specified personnel. Source: ANAO analysis of Services Australia documents.

Analysis of selected contracts

3.9 All nine contracts examined by the ANAO included a requirement for the supplier to ensure that its personnel comply with all procedures and guidelines required by Services Australia.

3.10 The four service delivery contracts state that Services Australia will make the listed policies, procedures and guidelines accessible to personnel on the intranet during the contract term, noting that Services Australia may add or amend such policies, procedures and guidelines. Further, these contracts state that it is the responsibility of contractor personnel to keep abreast of changes made to Services Australia’s policies, procedures and guidelines.68

3.11 The five ICT contracts include references to applicable policies, procedures, and guidelines including ‘those policies, procedures, and guidelines published on’ Services Australia’s intranet. These contracts also require the suppliers to ensure that the personnel supplied to Services Australia under the contract comply with these procedures and guidelines, and that the personnel uphold the values and behave in a manner that is consistent with the APS Values and APS Code of Conduct, as applicable to their work in connection with the contract.

3.12 The four services delivery contracts require the Labour Hire Supplier to ensure that their contractor personnel meet Services Australia’s core performance standards69 that apply to APS staff performing these roles, or meet performance standards as defined in the contract. The five ICT contracts do not contain any performance standards or indicators for the work to be performed under the contract. In March 2022, Services Australia advised the ANAO that:

The management of an ICT contractor’s performance is the responsibility of their line manager, performed according to the Agency’s Guide for Managers: Labour Hire, page 8 ‘Managing labour hire behaviours and performance’. Contract performance actions, including termination of a

68 Services Australia advised the ANAO in March 2022 that: ‘The Agency has the same assurance mechanisms to ensure compliance with policies, procedures, and guidelines for the APS, contractors and labour hire. Labour hire / contractors are supervised and provided with appropriate training to ensure work is delivered in accordance with contract arrangements. If concerns are identified, the relevant supervisor will escalate to the contractor personnel management (e.g. Labour Hire Account Manager/recruitment consultant etc.) or Procurement Branch for remedial action. Procurement Branch works closely with the Intelligence and Investigations Branch within Services Australia for any instances of fraud and unauthorised access. If labour hire / contractors do not comply with policies, procedures and guidelines, the contract arrangement has provisions for termination’. 69 Services Australia’s core performance standards include displaying behaviour consistent with the APS Values

and Codes of Conduct.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

44

contractor’s engagement, are undertaken when line managers notify Technology Sourcing of a performance issue with an ICT contractor. Performance reviews are conducted by the business area prior to the exercise of any extension option.

Managers and team leaders are responsible for identifying any behavioural or performance issues with the contractor that do not align with performance expectations and service standards. Individual contractor performance is assessed against the specified role and level listed in the work order, using the Service Australia job statements for the role/level as the performance measures. The contractor must follow the directions and instructions of the supervisor in the performance of the duties. The supervisor manages this performance, including approval of timesheets. It is expected that a manager or team leader will have direct conversations with a contractor regarding any performance issues (for example, instances of inappropriate language, dress, cultural insensitivity, or being out of adherence for scheduled activities).

3.13 An August 2020 internal audit report into Services Australia’s management of ICT contractors identified a lack of performance measures in the Technology Services Group’s contracts examined as part of that audit. The audit finding stated that:

A lack of clear up-front performance requirements included in contracts (in the form of KPIs, or other outcomes) creates a risk that the department will be less able to achieve and demonstrate value-for-money in contract delivery.

3.14 In response to the internal audit finding, the Senior Responsible Officer within Technology Services Group accepted the risks associated with a lack of performance requirements in contracts and noted that the:

current process is for the most part aligned with HR policy and work level standards and is able to demonstrate value-for-money has been achieved.

Does Services Australia have fit-for-purpose arrangements for inducting contractors?

Services Australia has largely fit-for-purpose arrangements for inducting contractors, with the completion of mandatory training by its non-APS personnel recorded through monthly reporting. The effectiveness of the arrangements is limited due to low completion rates for mandatory induction and refresher training for contractors, and shortcomings in processes to ensure that contractors complete training. Monthly training reports examined by the ANAO showed that of the contractors engaged by the agency as at 28 February 2022, 34.7 per cent had completed the mandatory induction modules — with a further 28.3 per cent of contractors deemed ‘induction compliant’ by Services Australia — and 32.2 per cent had completed the 2022 mandatory refresher program. Services Australia advised the ANAO that as at 30 April 2022, 39.3 per cent of contractors had completed the mandatory induction modules — with a further 27.0 per cent of contractors deemed ‘induction compliant’ — and 48.8 per cent of contractors had completed the 2022 mandatory refresher program.

3.15 The induction process for contractors engaged in Services Australia is outlined in the agency’s targeted guidance for ‘Engaging Contractors and Labour Hire Staff’. This includes:

• a mandatory induction program that includes online training modules on the agency’s value and culture, work health and safety, security, privacy and fraud awareness; and

• a mandatory refresher program to be completed every two years.

Arrangements for engaging contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

45

3.16 Services Australia’s intranet includes guidance on the Mandatory Induction Program. The intranet page states that:

The Mandatory Induction Program:

• is mandatory for all new staff who have access to our sites or systems

• is designed to be self-directed, with manager support to reinforce key learning

• should be completed within the first week of commencement

• can also be used as a refresher for staff returning from long term leave.

3.17 The intranet page advises that:

The [mandatory induction] program must be completed by all new staff to the agency. This includes ongoing, non-ongoing and irregular and intermittent (casual) employees, and labour hire and contractor staff.

3.18 All staff in Services Australia (APS and non-APS) are also required to complete the Mandatory Refresher Program. The program was launched in 2019–20 and the next iteration of the program was released in February 2022.70

3.19 Completion of the online mandatory induction and mandatory refresher programs is monitored through the agency’s Learning Management System.

3.20 Services Australia advised the ANAO in March 2022 of the induction requirements for contractors who are engaged with the agency:

All contractors are required to undertake the full Induction program on their first commencement with Services Australia.

If a contractor leaves us and then is re-engaged, their manager may require them to re-do the Induction Program, depending on how long they have been away from the organisation. However there is no specific policy around this.

Contractors returning to the organisation would also be doing the next Mandatory Refresher Program as appropriate as well, covering many of the Induction Program’s key messages.

3.21 All nine contracts examined by the ANAO (listed in Table 3.1 above), include clauses that require contracted personnel to undertake mandatory induction training, though the specificity of those clauses differed between the nine contracts.

3.22 In addition to mandatory induction training, Services Australia’s guide for managers on labour hire outlines additional training requirements that may be required:

Each business area of Services Australia that engages LH [Labour Hire] staff will need to determine any additional technical training requirements of these staff.71 Business areas are responsible for providing this training, in consultation with Services Australia’s learning and development team.

…

The LH providers may be responsible for delivery of non-technical training to their LH staff where contractually required. This may be delivered using training packages provided by Services

70 Services Australia releases a new Mandatory Refresher Program every two years. 71 ANAO comment: technical training may include training in the use of ICT systems and tools specific to the role for which the person is engaged.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

46

Australia. Some of these products could relate to service delivery skills, values and behaviour, and managing aggressive behaviours.

Attendance at non-technical training will be monitored and reported to Services Australia by the LH provider. The LH provider may be contractually required to ensure that non-technical training is completed prior to the commencement of technical training.

Mandatory induction and refresher programs

3.23 The ANAO reviewed the content of the agency’s mandatory induction and mandatory refresher programs to assess the extent to which expected behaviours and standards from relevant Services Australia policies were covered by the training. The ANAO compared the content in the mandatory induction and refresher programs against the mandatory policies applicable to contractors. The results of the ANAO analysis are summarised below in Table 3.2.

Table 3.2: ANAO analysis of Services Australia’s mandatory induction and refresher training for contractors — coverage of contractor obligations

Services Australia — mandatory policies for all personnel including contractorsa

Training course

Conduct and Behaviour

Work Health and Safety

Personnel Security

Information Security

Privacy

Fraud and Corruption Conflict of Interest

Mandatory Induction Program

1. Our Values  

2. Work Health and Safety 

3. Security b 

4. Privacy 

5. Fraud  

Mandatory Refresher Program

6. Module 1  

7. Module 2 b    

Note a: Ticks in this table indicate that the training course includes material covering the expected behaviours and standards from relevant Services Australia policies. Note b: There was partial coverage of personnel security policy in the mandatory security induction training. The security training did not cover the obligations of separating individuals, such as the removal of their systems access, the return of agency assets, and their continuing obligations to safeguard agency and Australian Government resources after leaving the agency. Services Australia advised the ANAO in March 2022 that: ‘Security induction and mandatory refresher training focuses on topics

considered the most relevant for new or existing employees. Separation obligations are most appropriately covered off at the time the employee is about to leave the agency. Managers and supervisors play a key role initiating removal of the separating employee’s system access and return of agency assets and advising the employee of their ongoing security obligations.’ Source: ANAO analysis of Services Australia documentation.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

48

Monitoring completion of mandatory induction requirements by contractors

3.24 Services Australia’s guidance states that:

All staff have a responsibility to complete the [mandatory induction] program, however it is the manager/supervisor’s responsibility to ensure that their staff member knows how to access the program and that it is completed.

3.25 Services Australia produces a standard monthly learning report on online training completed by its personnel (including APS and non-APS personnel). In addition, Services Australia’s policy states that:

Reports for the mandatory refresher program are sent out monthly and cascaded to Divisions and Branches. The report includes a staff listing of who has and has not completed the MRP [Mandatory Refresher Program].

3.26 Table 3.3 (below) illustrates, for the 4944 contractors in Services Australia’s workforce as at 28 February 2022:

• the number and percentage of contractors who completed all five modules of the mandatory induction program; and

• the number and percentage of contractors who completed the two 2019–2021 mandatory refresher program modules, and the 2022 Mandatory Refresher Program.

Table 3.3: Completion and compliance rates for induction and mandatory refresher training for the 4944 contractors in Services Australia’s workforce as at 28 February 2022

Induction course Number of contractors

who completed induction

Percentage of contractors who completed induction

Mandatory Induction Program 1716a 34.7%

Mandatory Refresher Program 2022 1591 32.2%

Mandatory Refresher Program 2019–2021 — Training Module 1

2894 58.5%

Mandatory Refresher Training 2019–2021 — Training Module 2

2848 57.6%

Note a: Contractors who had completed all of the five Mandatory Induction Program Modules listed in Table 3.2: Our Values, Work Health and Safety, Security, Privacy and Fraud. Source: ANAO analysis of Services Australia data.

3.27 As illustrated in Table 3.3, of the 4944 contractors in Services Australia’s workforce as at 28 February 2022, around a third had completed the mandatory induction program and the 2022 mandatory refresher program (34.7 per cent and 32.2 per cent respectively). Just over half had completed the 2019–2021 mandatory refresher program modules 1 and 2 (58.5 per cent and 57.6 per cent respectively).

3.28 In addition to the 1716 contractors (34.7 per cent) who completed all the mandatory induction program modules, Services Australia deemed that another 1397 contractors (28.3 per cent of the 4944 contractors in Services Australia’s workforce as at 28 February 2022) were ‘induction compliant’. Services Australia advised the ANAO in April 2022 that these contractors

Arrangements for engaging contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

49

were deemed to be induction compliant without having to complete the induction training. On this basis, a total of 3113 contractors (62.9 per cent) had met induction training requirements. Services Australia was unable to provide evidence of the decisions that contractors were deemed to be compliant with mandatory induction training without having completed the Mandatory Induction Program or Mandatory Refresher Program. Services Australia advised the ANAO in June 2022 that it had ‘updated internal processes by introducing a decision register for recording of such decisions’.

3.29 Services Australia further advised the ANAO that for the 4851 contractors in the agency’s workforce as at 30 April 2022:

• 3213 (39.3 per cent) had completed the mandatory induction program (with a further 27.0 per cent deemed to be ‘induction compliant’); and

• 2365 (48.8 per cent) had completed the mandatory refresher program.

Services Australia’s internal audit report on Blended Workforce Management

3.30 Services Australia’s June 2021 internal audit report on Blended Workforce Management identified a lack of clarity in responsibility for ensuring that staff complete mandatory training:

Managers are responsible for ensuring that individuals within their business area have completed mandatory training requirements, however, there can be a lack of clarity regarding who is responsible where the agency staff on-boarding personnel is different to the Manager providing day-to-day oversight.

3.31 The internal audit report also found that:

automated notifications are not provided for contractors, including to alert them to requirements to complete on-boarding training and mandatory refresher programs. Consequently, there is a reliance on agency personnel often involved in the on-boarding process to make contractors aware of training requirements and follow-up completion.

3.32 Services Australia’s Audit and Risk Committee considered the audit report in October 2021 and requested that management provide the committee with a report on how Services Australia is addressing the audit findings. The June 2022 Audit and Risk Committee papers noted that the Chief Operating Officer would provide a report at the August 2022 meeting detailing the agency’s people strategy, including cost, composition, labour market and future modelling.

3.33 The low completion and compliance rates for the mandatory induction program (see Table 3.3) and internal audit findings of shortcomings in agency processes for alerting contractors of training requirements (paragraph 3.31), indicate that contractors may not always be made aware of the expected behaviours and standards that Services Australia requires of its personnel. The internal audit also indicates that managers may not be aware of their responsibilities regarding the completion of training by contracted personnel.

3.34 Services Australia, as part of its considerations on how to respond to the June 2021 internal audit on blended workforce management, should establish how it can ensure that contractors complete mandatory induction training to mitigate the risk that its contracted personnel are uninformed or unable to perform their roles effectively.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

50

Recommendation no. 1 3.35 Services Australia ensure that:

(a) contractors and managers of contractors are aware of their responsibilities regarding mandatory induction training requirements; and (b) contractors complete mandatory induction training.

Services Australia response: Agreed.

3.36 The agency has implemented governance processes around enterprise mandatory training that includes a communication plan, and regular monthly Executive and business area reporting on the completion rates of the Mandatory Induction Program and the Mandatory Refresher Program.

3.37 A communications plan to support the Mandatory Induction Program and Mandatory Refresher Program 2022 has been implemented to ensure that all staff and managers are aware of their responsibilities regarding these programs. There are also internal online resources dedicated to the Mandatory Induction Program and the Mandatory Refresher Program. The agency's workforce can access these online resources to obtain up to date information on the programs, at any given time.

Has Services Australia established arrangements for the engagement of contractors that support compliance with PSPF Policy 12: Eligibility and suitability of personnel?

Services Australia has established policies and processes that support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, except for PSPF Policy 12 Supporting Requirement 1(c), which relates to obtaining individuals’ agreement to comply with the government’s policies, standards, protocols and guidelines that safeguard resources from harm. Services Australia has enacted temporary access provisions in its personnel security policy ‘to enable rapid recruitment to meet the high service demand generated by COVID-19’ and to manage the 2022 east coast flood emergency and other priorities. There is scope for Services Australia to strengthen its assurance activities to ensure that the mandatory requirements of PSPF Policy 12 have been met, particularly when personnel have already been granted temporary access to Australian Government resources (people, information and assets).

3.38 Protective Security Policy Framework (PSPF) Policy 12: Eligibility and suitability of personnel72 sets out ‘the pre-employment screening processes and standardised vetting practices to be undertaken when employing personnel and contractors.’ Policy 12 has the following core requirements:

72 Protective Security Policy Framework (PSPF), Policy 12: Eligibility and suitability of personnel [Internet], v.2018.3, available from https://www.protectivesecurity.gov.au/publications-library/policy-12-eligibility-and-suitability-personnel [accessed 27 September 2021].

Arrangements for engaging contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

51

Each entity must ensure the eligibility and suitability of its personnel who have access to Australian Government resources (people, information and assets).

Entities must use the Australian Government Security Vetting Agency (AGSVA) to conduct vetting, or where authorised, conduct security vetting in a manner consistent with the Personnel Security Vetting Standards.

3.39 The policy states that pre-employment screening is the primary activity used to mitigate an entity’s personnel security risks. Entities may use security clearances where they need additional assurance of the suitability and integrity of personnel. This could be for access to security classified information, or to provide greater assurance for designated positions. Under the policy:

Entities must undertake pre-employment screening, including:

• verifying a person’s identity using the Document Verification Service73;

• confirming a person’s eligibility to work in Australia; and

• obtaining assurance of a person’s suitability to access Australian Government resources, including their agreement to comply with the government’s policies, standards, protocols and guidelines that safeguard resources from harm.

3.40 In its mandatory annual report to the Attorney-General’s Department in 2018–19, Services Australia self-assessed its security maturity against PSPF Policy 12 requirements as ‘developing’. In its annual reports for 2019–20 and 2020–21 Services Australia lifted its maturity rating for PSPF Policy 12 to ‘managing’.74

3.41 To form a view on whether Services Australia has established arrangements for the engagement of contractors that support compliance with PSPF Policy 12, the ANAO reviewed Services Australia’s arrangements for:

• conducting pre-employment screening and standardised vetting practices when engaging contractors; and

• monitoring that PSPF Policy 12 requirements have been addressed when contractors have been engaged.

Arrangements for conducting pre-employment screening and standardised vetting

3.42 Services Australia’s Personnel Security Policy sets out what Services Australia must do to meet PSPF Policy 12. Table 3.4 below outlines the requirements of PSPF Policy 12 that are to be established by Services Australia and the arrangements Services Australia has established for

73 ANAO comment: the service is a national online system that allows organisations to check whether the biographic information on a customer’s identity documents match with the original record. The service is a secure system that operates 24/7 and matches key details contained on Australian-issued identifying credentials. 74 Under the PSPF maturity assessment model, ‘developing’ means: ‘Substantial implementation of the PSPF.

Protective security requirements not fully implemented into business practices.’ ‘Managing’ means: ‘Complete and effective PSPF implementation. Protective security requirements integrated into business practices.’ Source: Attorney-General’s Department, Protective Security Policy Framework Assessment Report 2019–20 [Internet], p. 2, available from https://www.protectivesecurity.gov.au/system/files/2021-06/pspf_2019-20_consolidated_maturity_report.pdf [accessed 9 December 2021].

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

52

pre-employment screening processes and standardised vetting practices when engaging contractors.

Table 3.4: Services Australia’s policies and processes that apply to contractors and support compliance with the core requirements for PSPF Policy 12: Eligibility and suitability of personnel

PSPF Policy 12 core requirement B.1 Services Australia’s arrangements

Each entity must ensure the eligibility and suitability of its personnel who have access to Australian Government resources (people, information and assets)

Services Australia’s Personnel Security Policy (Chapter 2) outlines the policies and procedures to support compliance with the core requirement, including that:

• individuals must complete and submit necessary documentation to allow the agency to complete eligibility and suitability screening; and

• the agency must ensure that each person working in an identified positiona has a valid security clearance issued by an authorised vetting agency.

Service’s Australia’s Personnel Security Policy does not include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm (as required under PSPF Policy 12 Supporting Requirement 1(c)).

Of the nine contracts examined by the ANAO in paragraphs 3.6 to 3.14, all required the contractors to comply with policies around security and the onboarding of personnel.

Entities must use the Australian Government Security Vetting Agency (AGSVA) to conduct vetting, or where authorised, conduct security vetting in a manner consistent with the Personnel Security Vetting Standards

Services Australia’s Personnel Security Policy (Chapter 5) states that the agency must use AGSVA to conduct vetting for security clearances.

Note a: Identified positions are those that the agency assesses as requiring an authorised security clearance. Services Australia advised the ANAO that as at 25 November 2021, 18 per cent of its security assessed positions were filled by contractors. Source: ANAO assessment of Services Australia documentation.

3.43 As noted in Table 3.4, the agency’s Personnel Security Policy does not include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12. This omission requires attention by Services Australia.

3.44 Services Australia advised the ANAO in March 2022 that:

Every new employee/contractor is required to sign the “Declaration for handling personal information”. This covers information security, privacy and secrecy obligations and this could be expanded to require a more general declaration to comply with the broader range of government policies, standards, protocols and guidelines that safeguard resources from harm. The agency’s exit form requires all exiting staff to make a number of declarations prior to leaving the agency including they understand their ongoing obligation to protect Australian Government resources under the Criminal Code, Public Service Act 1999 and other relevant legislation.

Arrangements for engaging contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

53

Recommendation no. 2 3.45 Services Australia update its personnel security policy to include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12.

Services Australia response: Agreed.

3.46 The agency will update the personnel security policy and associated procedures in support of the relevant requirements of PSPF Policy 12.

Arrangements for monitoring and reporting that requirements of PSPF Policy 12 have been addressed when contractors have been engaged

3.47 In October 2021, Services Australia advised the ANAO of its onboarding processes for all personnel (including contractors):

The agency conducts eligibility and suitability screening to assess if individuals are eligible and suitable to have non-public access to the agency’s and the Australian Government’s resources (people, information and assets).

The agency’s eligibility and suitability screening includes:

• eligibility and suitability checks (also known as pre-engagement checks)

• eligibility and suitability assessments based on the results of eligibility and suitability checks.

The agency will not grant an individual with non-public access to resources until eligibility and suitability screening has been completed and the agency has determined that individual is eligible and suitable to be granted that access. In exceptional circumstances, temporary access to agency resources may be granted, pending the completion of the eligibility and suitability check process.

3.48 As part of the onboarding process, contractors are to complete a pre-engagement pack that is then uploaded to Services Australia’s onboarding tracker. The agency’s guidance states that the pre-engagement pack should be completed for:

Any individual who may require non-public access to the department’s or shared services agency’s resources (information, buildings, assets, staff and customers), prior to their commencement.

3.49 Services Australia’s policy and procedure documents state that the Onboarding Services team will ensure eligibility and suitability checks are completed prior to system access being granted.

3.50 Services Australia advised the ANAO in June 2022 that to strengthen its assurance arrangements for PSPF Policy 12 in relation to contractors, since 2018 it has established a centralised onboarding team, made systems improvements including the recording of police checks, and further developed:

a regular report for the Onboarding Team to forecast possible future contractor extensions. Over the last 6 months, this report has been enhanced to capture police check information. This has allowed a cleansing exercise that is approximately 60% complete and still underway to ensure accurate and up-to-date pre-engagement pack (PEP) information.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

54

3.51 Services Australia further advised the ANAO that:

In September 2021, the Onboarding Team implemented automation of the extensions processing. The ‘digital worker’ has been developed to always check for a valid police clearance date before extending system access. Any that do not have a valid police check are flagged as exceptions and we contact the business area to request a new PEP to be completed. The PEP must be complete and have a returned result prior to extension being processed by the Onboarding Team.

The Onboarding Team are also working on an automated reminder for non-payroll staff who are nearing the 3 year milestone requesting them to undertake another pre-engagement check. The scoping exercise is nearing completion for the process.

3.52 Services Australia advised the ANAO in March 2022 that, in relation to assurance activities to ensure mandatory requirements under PSPF Policy 12 are met for contractors, ‘the agency does not currently undertake any specific assurance activities to ensure these mandatory requirements have been met’.

Services Australia’s use of temporary access provisions

3.53 Temporary access provisions allow newly engaged individuals to be granted access to agency facilities, systems and resources before Services Australia has finalised its pre-engagement screening process.

3.54 The Attorney-General’s Department guidance for PSPF Policy 12 recommends that:

entities conduct and finalise pre-employment and entity-specific screening after the conclusion of the merit selection process but prior to an offer of employment or contract. The guidance also stipulates that where checks are not completed prior to engagement, it is recommended that entities make the employment or contract conditional on satisfying the required checks within a reasonable timeframe.

3.55 Commencing in March 2020, Services Australia enacted the use of temporary access provisions in its security policy, 'to enable rapid recruitment to meet the high service demand generated by COVID-19' and to manage the 2022 east coast flood emergency and other priorities.75 Services Australia advised the ANAO that temporary access provisions are used after an appropriate risk assessment has been conducted. The ANAO reviewed 22 approval emails for temporary access waiver requests, dating from March 2020 to May 2022. Of the 22 emails reviewed, eight included a risk assessment with the request.

3.56 Services Australia advised the ANAO in June 2022 that:

the agency did not waive the mandatory pre-employment screening or security clearance requirements. Services Australia’s application of temporary access provisions was for the purpose of allowing access to agency resources prior to the completion of the agency’s eligibility and suitability check process. The application of the temporary access provisions is consistent with the PSPF guidance, where there was a condition included that:

• all pre-engagement packs and all supporting documentation for each individual must be submitted to the on-boarding team within 14 days (earlier if possible) of an individual’s commencement

75 The ANAO reviewed email correspondence showing that in March 2020 the agency had in place processes for the application of temporary access waivers including appropriate approvals.

Arrangements for engaging contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

55

• temporary access may subsequently be revoked [if not provided in 14 days].

3.57 Services Australia further advised the ANAO in June 2022 that:

Services Australia temporary access provisions required that individuals submit their pre-engagement pack within a determined number of days of commencement, or their access to agency resources would be suspended. The agency’s onboarding function and/or contract managers monitor the completion and submission of pre-engagement packs and submit and monitor the return of police checks. Where adverse results from the police checks or internal checks are identified for candidates engaged under the temporary access provisions, these individuals are subsequently referred to the Security Branch for an eligibility and suitability assessment to be undertaken. Personnel Security may subsequently request some individuals be suspended from engagement, pending the outcome of the eligibility and suitability assessment.

3.58 In May 2022, Services Australia advised the ANAO that 8077 individuals were onboarded under temporary access provisions after September 2021, including 4825 ‘labour hire/service delivery partner individuals.’ Services Australia was unable to advise the ANAO of the number of individuals, including the number of contractors, that were onboarded under the temporary access provisions up to and including September 2021.

3.59 As noted in paragraphs 3.50–3.51, Services Australia advised the ANAO in June 2022 that it has taken steps to strengthen assurance arrangements around PSPF Policy 12 for contractors, particularly over the last six months.

Recommendation no. 3 3.60 Services Australia strengthen arrangements to obtain assurance that PSPF Policy 12 requirements have been met, particularly to ensure the eligibility and suitability of its personnel who have been granted temporary access to Australian Government resources (people, information and assets).

Services Australia’s response: Agreed.

3.61 The agency will strengthen assurance arrangements to ensure the eligibility and suitability of personnel who have received temporary access due to exceptional circumstances.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

56

4. Arrangements for managing contractors

Areas examined This chapter examines whether Services Australia has established fit-for-purpose arrangements for the management of contractors.

Conclusion Services Australia has established largely fit-for-purpose arrangements for the management of contractors. Services Australia has clearly documented its requirements and expectations regarding the management and oversight (supervision) of contractors and has established responsibilities for managing completion at the business area level. Arrangements (policy, processes and monitoring) for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel and PSPF Policy 14: Separating personnel have been largely established. With regards to PSPF Policy 14, risks have been identified regarding the effectiveness of agency controls for removing separating individuals’ systems access in a timely way.

Areas for improvement The ANAO identified that there is an opportunity for Services Australia to consolidate aspects of its guidance and supporting documentation available to contract managers, to rationalise the available information and avoid duplication.

4.1 Once engaged by Services Australia, the ongoing management of contractors involves:

• day-to-day oversight of the contractor and management of the contract to ensure that contracted outcomes are being delivered as required;

• assessment and management of the ongoing suitability of the contractor to access Australian Government resources; and

• withdrawing access and managing ongoing risks at the end of the contract.

4.2 The ANAO examined the following to form a view on the fitness-for-purpose of Services Australia’s arrangements for the management of contractors.

• Documentation promulgated to officials to inform them of the agency’s requirements and expectations for the management of contractors and the training that was available to support implementation of the guidance.

• Policies and processes for ensuring the ongoing suitability of contracted personnel to access Australian Government resources, as required by PSPF Policy 13: Ongoing assessment of personnel, and monitoring and reporting on compliance.

• Policies and processes for contracted personnel to have their access withdrawn and to be informed of any ongoing security obligations, as required under PSPF Policy 14: Separating personnel, and monitoring and reporting on compliance.

Arrangements for managing contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

57

Has Services Australia clearly documented its requirements and expectations regarding the management and oversight of contractors?

Services Australia has clearly documented its requirements and expectations regarding the management and oversight of contractors. Agency requirements and expectations for contract managers are documented in the Accountable Authority Instructions, the Contract Management Framework and in policies, procedures and guidance. Contract managers are required to undertake mandatory training, with training requirements tailored to the overall risk rating of the contract to be managed. Services Australia requires business areas to ensure that appropriate training has been undertaken but has not established arrangements that provide agency-wide assurance that contract managers have completed the mandatory training.

Framework documenting the requirements and expectations for managers

4.3 Services Australia has documented its requirements and expectations for contract managers in the Accountable Authority Instructions (AAIs) and Contract Management Framework. This information is available on Services Australia’s intranet.

Accountable Authority Instructions

4.4 The responsibilities of Services Australia’s contract managers are set out in the agency’s AAIs, which state that the mandatory responsibilities of contract managers are:

• complying with the agency’s contract management framework and guidance;

• actively managing the contract including ensuring the contract meets it objectives;

• performance monitoring and reporting to ensure the agency obtains value for money; and

• identifying, assessing and managing contract risks.

Contract Management Framework

4.5 Services Australia has established a Contract Management Framework for the purpose of providing ‘responsible delegates and Contract Managers with a clear and standardised approach to managing and administering contracts for Services Australia’.76 The framework outlines the four key elements of contract management in the agency (contract governance, contract administration, performance management and stakeholder management) and the requirements and expectations for contract managers for each of the four elements (illustrated in Figure 4.1).

76 Services Australia’s guidance states that the framework aligns with the Commonwealth Procurement Rules (CPRs), the Accountable Authority Instructions, agency policy and the Australian Government Contract Management Guide issued by the Department of Finance.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

58

Figure 4.1: Elements of the contract management framework

Source: Services Australia.

4.6 Policies, procedures and guidance for managers are available in documents and pages on Services Australia’s intranet. The documents include:

• roles and responsibilities of contract managers, which are clearly defined;

• standardised policies and processes for managing contracts in the agency;

• standardised tools to assist contract managers to fulfil their responsibilities, including around performance monitoring, record management, risk management and tracking the contract budget; and

• a range of policies, procedures and guidance on supervising contractors and labour hire personnel including the day-to-day management of induction, performance, security, financial delegations, conduct and behaviour, onboarding and offboarding. 77

4.7 In reviewing the documentation available to managers, the ANAO noted duplication of advice on onboarding, day-to-day management, and offboarding of contractors. There is an opportunity for Services Australia to consolidate aspects of its guidance and supporting documentation available to managers, to rationalise the available information and avoid duplication.

4.8 Services Australia advised the ANAO in March 2022 that:

The Procurement Branch publishes contract management resources under a central contract management homepage on the intranet. The homepage links to relevant tools, templates and

77 Within Services Australia, contract managers may not have line management responsibility for the individual contractors provided under the contracts. For example, the four service delivery contracts discussed in paragraphs 3.6–3.12, are managed centrally by Services Australia’s Procurement Branch however, the labour hire staff provided under these arrangements are supervised by the relevant business areas. Source: Services Australia’s advice to the ANAO in March 2022.

Arrangements for managing contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

59

guidance to assist staff managing arrangements in line with the contract management framework. Separately, there is a range of published information relating to the day-to-day management of labour hire staff which differs from contract management, though some overlap in information is noted.

4.9 The Procurement Branch will review information applicable to the day-to-day management of labour hire staff and contractors and include links to those policies and procedures on its contract managers homepage that may assist contract managers, including: onboarding processes, HR Policy, and training requirements for contractors. The contract manager may delegate administrative duties for the contract, including the day-to-day management and supervision of contractors, to one or more contract administrators. In February 2022, Services Australia advised the ANAO that in addition to the policies, procedures and guidance outlined in paragraph 4.6 for supervisors of contractors in the agency, it has established governance meetings with suppliers to provide contract assurance and address potential risks that may arise through delegating contract administration. The ANAO did not examine the implementation of these arrangements.

Training for contract managers about managing and oversighting contractors

4.10 Contract managers are required to undertake mandatory training to perform their roles. Services Australia has in place a Contract Management Training Pathway for contract managers, that comprises eLearning and formal training. In addition, the agency planned to develop face-to-face workshops, with work expected to commence in March 2022.78 Contract administrators, who may be responsible for the day-to-day management and supervision of contractors, can also undertake contract manager training but it is not mandatory.

4.11 Services Australia’s guidance states that these courses are in place to support contract managers in respect to: understanding their responsibilities, planning and assessing supplier performance, communicating with stakeholders, assessing contractual risk, and documenting contract management plans. The mandatory training courses that apply at each contract risk rating level are summarised in Table 4.1 below.

Table 4.1: Mandatory training for contract managers in Services Australia

Training course and description Contract risk ratinga

Low Medium High

eLearning (online)

Mandatory eLearning for all contract managers provides an overview of the agency’s contract management framework. It covers contract manager responsibilities, assessing contractor performance, stakeholder communication, and planning for contract outcomes.

  

78 Services Australia advised the ANAO in January 2022 that the face-to-face workshops would be developed as part of a new contract management training suite, with work planned to commence in March 2022. Services Australia further advised in June 2022 that: The agency is preparing procurement documentation to approach the market and engage a supplier

to develop a new Procurement and Contract Management training suite. This work was delayed due to the redeployment of staff to assist the agency process Pandemic Leave Disaster Payments and Australian Government Disaster Recovery Payments. Implementation of the new training suite is expected to commence in July 2022.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

60

Training course and description Contract risk ratinga

Low Medium High

Accredited Training

For example:

• Certificate IV in Procurement and Contracting.

• Diploma of Procurement and Contracting.

• Advanced Diploma of Procurement and Contracting.



Note a: The overall risk rating for a contract is determined by the risk assessment of the underlying risks associated with a contract. Services Australia’s Contract Management Framework includes guidance and templates for developing and documenting risk assessments. Source: ANAO analysis of Services Australia documentation.

Monitoring contract manager training completion rates

4.12 Services Australia advised the ANAO in March 2022 that:

Business areas are responsible to ensure contract managers are appropriately skilled to manage contract deliverables, noting that procurement and contract arrangements are managed centrally by the Procurement Branch for non-ICT procurements and ICT Strategic Sourcing Branch for ICT procurements.

4.13 Services Australia has not established arrangements that provide agency-wide assurance that contract managers have completed the mandatory training.

Feedback from contract managers on available guidance, training and support

4.14 The ANAO sought feedback from 10 contract managers in Services Australia on the effectiveness of the guidance, training and support they are offered to undertake their role.79 The responses received from contract managers indicated that generally, the policies, procedures, guidance and support they were offered to undertake their role were effective. The contract managers identified opportunities to improve the range of guidance available through: consolidating resources for managing contractors, development of agency-wide policies and guidance; and development of more Human Resources guidance to support the supervision and management of contractors in the agency.

Has Services Australia established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel?

Services Australia has largely established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel. Services Australia has established policies that support the implementation of PSPF Policy 13 for contractors that address all aspects of the core PSPF requirement. All nine contracts examined by the ANAO included clauses requiring ongoing compliance with Services Australia’s security policies and procedures. In addition, guidance has been established for contract managers around assessing and managing the ongoing suitability of contractors and sharing relevant information of security concern, including forms for reporting security incidents. Where contract periods are

79 The contract managers were suggested by Services Australia.

Arrangements for managing contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

61

greater than three years, Services Australia has no agency-wide assurance that its mandatory requirement for triennial eligibility and suitability checks for contractors is being met. Services Australia has identified opportunities to strengthen arrangements to support compliance with PSPF Policy 13.

4.15 When personnel (including contractors) are engaged, entities must ensure that the eligibility and suitability requirements that were established prior to commencement continue to be met. This entity responsibility is set out in PSPF Policy 13: Ongoing assessment of personnel. The purpose of the policy is to describe how entities maintain confidence in the suitability of their personnel to access Australian Government resources and manage the risk of malicious or unwitting insiders. The core requirement of PSPF Policy 13 is that ‘each entity must assess and manage the ongoing suitability of its personnel and share relevant information of security concern, where appropriate.’

4.16 In its 2018–19, 2019–20 and 2020–21 self-assessment of its maturity against PSPF Policy 13 requirements, submitted to the Attorney-General’s Department (AGD), Services Australia rated its maturity level as ‘developing’.80

Arrangements for assessing and managing the ongoing suitability of contractors and sharing relevant information

4.17 Services Australia’s Personnel Security Policy sets out what the agency must do to meet PSPF Policy 13. Table 4.2 (below) outlines the results of the ANAO’s review of Services Australia’s policies and processes for assessing and managing the ongoing suitability of contractors.

4.18 In summary, Services Australia has established policies and procedures to support compliance with the requirements of PSPF Policy 13. Services Australia’s policies and procedures address all aspects of the core PSPF requirement and apply to all personnel, including contractors. Services Australia has also included clauses, in the nine contracts examined by the ANAO, requiring ongoing compliance with Services Australia’s security policies and processes.

Table 4.2: Services Australia’s policies and processes that apply to contractors and support compliance with the core requirements of PSPF Policy 13: Ongoing assessment of personnel

PSPF Policy 13 core requirement B.1

Services Australia arrangements

Each entity must assess and manage the ongoing suitability of its personnel and share relevant information of security concern, where appropriate.

• Services Australia’s Personnel Security Policy (Chapter 3) sets out the responsibilities of managers in the assessment and management of the ongoing suitability of personnel (including contractors), including:

− to address, manage and report on any behavioural concerns and changes in circumstances of the individualsa they manage, that may pose a security risk to the agency, as soon as they arise. This includes considering the ethics, integrity and conduct of the individual;

80 Under the PSPF maturity assessment model, ‘developing’ means: ‘Substantial implementation of the PSPF. Protective security requirements not fully implemented into business practices.’ Source: Attorney-General’s Department, Protective Security Policy Framework Assessment Report 2019–20 [Internet], p. 2, available from https://www.protectivesecurity.gov.au/system/files/2021-06/pspf_2019-

20_consolidated_maturity_report.pdf [accessed 9 December 2021].

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

62

PSPF Policy 13 core requirement B.1

Services Australia arrangements

− conducting an annual security check on individuals who hold a security clearance;

− reporting on any contacts that individuals may have with others who show a suspicious, persistent or unusual interest in their work or that of the agency, as or when they become aware of it; and

− reporting on security incidents that they witness or become aware of.

• The policy also states that the agency will conduct periodic eligibility and suitability checks for individuals who continue to access agency and Australian Government resources during their time with the agency. The policy sets out the:

− requirements to conduct periodic eligibility and suitability checks for individuals who continue to access agency and Australian Government resources, and outlines the elements of a periodic check; and

− reporting requirements of individuals and managers in relation to the Contact Reporting Scheme, incidents, and changes in personal circumstances.

• Chapter 5 of the policy sets out the requirement to monitor and manage the ongoing suitability of individuals who hold a security clearance, including conducting a review on individuals who hold a security clearance eligibility waiver.b The policy does not specify when this review should be undertaken and how often.c The policy also sets out the responsibilities of the agency for sharing information of security concern and with whom information may be shared.

• Services Australia’s Eligibility and Suitability Procedure mandates checks for contractors every three years, where there is a break in service of more than 12 months, or where a re-assignment of duties changes the inherent requirements of the contractor’s position. In March 2022, Services Australia advised the ANAO that the agency does not undertake any specific assurance activities to ensure these mandatory requirements have been met.

For the nine contracts examined by the ANAO in paragraphs 3.6 to 3.14, all required the contractors to comply with policies on security and access to information and premises.

Note a: Services Australia’s Personnel Security policy defines individuals as: ‘all ongoing and non-ongoing staff and all contractors, labour hire, consultants, third party providers and other government department or agency personnel.’ Note b: In its 2020–21 self-assessment of its maturity against PSPF Policy 13 requirements submitted to AGD,

Services Australia reported nil instances of where the accountable authority had waived the citizenship or checkable background requirements for any security clearances sponsored by the entity. Note c: Services Australia advised the ANAO in March 2022 that: ‘The review of security clearance eligibility waivers is triggered during the PSPF Annual Assessment process – as the agency is required to report on waivers in

the annual submission. This level of detail is not included in our personnel security policy.’ Source: ANAO assessment of Services Australia documentation.

Arrangements for monitoring and reporting that the ongoing suitability of contractors has been assessed and managed

4.19 In its 2020–21 PSPF self-assessment report to AGD, Services Australia reported that:

The entity has substantially developed its procedures and systems to assess and manage ongoing suitability of personnel. In the majority of cases, information of security concern for ongoing

Arrangements for managing contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

63

suitability of personnel is assessed and shared by the entity with relevant shareholders [sic]. Procedures are mostly in place to ensure compliance with security clearance maintenance requirements (where relevant).

4.20 Services Australia also reported that, to lift its security maturity rating for PSPF Policy 13 from ‘developing’ to ‘managing’, the agency planned to take the following actions.

• By October 2021, establish a project team to:

− examine and develop policy options to uplift the minimum security requirements in the Personnel Security Policy for all new and existing staff (including contractors) in the agency to a minimum BASELINE security clearance, or other options to manage key risks;

− undertake a review of existing security clearance assessed positions across the agency; and

− examine and develop options for all individuals to declare significant changes in personal circumstances.

• By June 2022, develop ongoing training and awareness programs to communicate staff obligations with regard to security policies and procedures.

4.21 In March 2022, Services Australia informed the ANAO that these activities were progressing, though with some delays due to the agency’s response to the COVID-19 pandemic.

Has Services Australia established arrangements for the separation of contractors that support compliance with PSPF Policy 14: Separating personnel?

Services Australia has established arrangements for the separation of contractors to support compliance with PSPF Policy 14: Separating personnel, including relevant policies and processes, however there is scope for implementation to be more effective. In the nine contracts examined by the ANAO, Services Australia included clauses requiring contractors to comply with Services Australia policies and processes that support compliance with PSPF Policy 14. ANAO testing identified risks in the effectiveness of Services Australia’s ICT controls for removing separating individuals’ systems access in a timely way. Services Australia’s monitoring and reporting on compliance with PSPF Policy 14 has identified that there is further work to be done and identified a range of activities to improve compliance around separating personnel, including strengthening the assurance process for the timely removal of separating individuals’ access to agency systems.

4.22 When individuals (including contractors) permanently or temporarily leave their employment with an entity, entities are required to take steps to mitigate risks that Australian Government resources will be accessed by individuals without permission or that ongoing security obligations are not met. These requirements are set out in PSPF Policy 14: Separating personnel. Policy 14 states that:

Each entity must ensure that separating personnel:

(a) have their access to Australian Government resources withdrawn;

(b) are informed of any ongoing security obligations.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

64

4.23 In its 2018–19, 2019–20 and 2020–21 self-assessment of maturity against PSPF Policy 14 requirements, submitted to AGD, Services Australia rated its maturity level as ‘developing’.81

Arrangements for managing access and ongoing security obligations of separating contractors

4.24 Services Australia’s Personnel Security Policy sets out what the agency must do to meet PSPF Policy 14. Table 4.3 below outlines the results of the ANAO’s review of Services Australia’s policies and processes for managing access and ongoing security obligations of separating contractors.

Table 4.3: Services Australia’s policies and processes that apply to contractors and support compliance with the core requirements of PSPF Policy 14: Separating Personnel

PSPF Policy 14 requirement B.1

Services Australia’s arrangements

Each entity must ensure that separating personnel:

a) have their access to Australian Government resources withdrawn, and

b) are informed of any ongoing security obligations.

Services Australia’s Personnel Security Policy (Chapter 4: Separating individuals) sets out:

• The responsibilities of the manager to advise the contractor of ongoing security obligations and to obtain acknowledgement of the obligations by signing an exit form.

• The process for withdrawing access to agency resources (including ICT systems/devices and building passes) for separating personnel.

A ‘Leaving the Agency’ checklist has been established which also supports an individual’s compliance with security obligations.

Services Australia informed the ANAO in February 2022 that:

It is the responsibility of individual business areas to ensure that contractors complete an exit form and/or complete the ‘Leaving the Agency Checklist’ when leaving the department … The Exit Forms are uploaded into the SharePoint portal for the Onboarding Team to process (this happens within 24 hours of receipt of the request).82

Each of the nine contracts examined by the ANAO in paragraphs 3.6 to 3.14 required contractors to comply with policies around security and the offboarding of personnel.

Source: ANAO assessment of Services Australia documentation.

4.25 In summary, Services Australia has established policies and processes to support compliance with the requirements of PSPF Policy 14. Services Australia has also included clauses, in the nine contracts examined by the ANAO, requiring ongoing compliance with Services Australia’s security policies and processes.

81 Under the PSPF maturity assessment model, ‘developing’ means: ‘Substantial implementation of the PSPF. Protective security requirements not fully implemented into business practices’. Source: Attorney-General’s Department, Protective Security Policy Framework Assessment Report 2019–20 [Internet], p. 2, available from https://www.protectivesecurity.gov.au/system/files/2021-06/pspf_2019-

20_consolidated_maturity_report.pdf [accessed 9 December 2021]. 82 To help business areas manage this requirement, the onboarding team in Services Australia sends automatic reminders to contractors and their line managers six weeks prior to a contract end date to allow for the process of removing system access for separating contractors.

Arrangements for managing contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

65

Arrangements for monitoring and reporting that the requirements of PSPF Policy 14 have been met when contractors are separating

4.26 In its 2020–21 PSPF self-assessment report to AGD, Services Australia reported that:

Separating personnel in the majority of cases understand their ongoing security obligations and have their access to Australian Government resources withdrawn. Systems and processes are substantially developed to verify consistency of separating personnel practices across the entity.

4.27 In that report, Services Australia also stated that to lift its security maturity rating for PSPF Policy 14 from ‘developing’ to ‘managing’, the agency planned to do the following.

• By December 2022, improve separation policies and procedures to include:

− notification to the Chief Security Officer about proposed cessations of employment resulting from alleged misconduct or other adverse reasons prior to separation;

− sharing relevant security information for personnel transferring to another Australian Government entity; and

− determining when a risk assessment is required to identify security implications for personnel separating from the agency for those who have not been able to complete agency specific separation processes.

• By June 2022, further progress activities regarding policies, procedures and technology to ensure access to agency systems and premises is removed appropriately and in a timely manner.

4.28 In March 2022, Services Australia advised the ANAO that ‘these strategies have not progressed as yet due to resources being diverted to priority activities associated with support of Emergency Responses (COVID, fires, floods).’

4.29 ANAO testing of ICT systems controls, conducted as part of the audit of Services Australia’s 2018–19 financial statements, identified instances where separating individuals’ systems access was not removed in a timely way.83 As at 15 June 2022, the finding remained open.

4.30 Services Australia advised the ANAO in March 2022 that:

The Agency undertook a review of all user terminations for the 2020-21 financial year to address the C3 User Termination finding and determine the business, financial and data risks to the Agency.

The review incorporated the work undertaken in the Agency’s fraud Division and identified all users where the system termination action was completed after the users final working day. Where anomalies where detected further reviews where undertaken to determine if this delay led to any business, financial or data risk impact. The review considered system access, credit card usage and access to secure information held in protected enclave.

No business, financial or data risk issues were identified.

A monthly review process has been implemented by the Agency’s payroll area to ensure any delays to user terminations are reviewed.

83 The ANAO raised this as a ‘Category C’ finding in its audit of Services Australia’s 2018–19 financial statements. A Category C finding is defined as an issue that poses a low business or financial management risk to the entity; these may include accounting issues that, if not addressed, could pose a moderate risk in the future.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

66

5. Observations and key messages on the selected agencies’ management of contractors

Summary This audit is one of a series of three performance audits in which the ANAO has examined the arrangements established by Services Australia, the Department of Veterans’ Affairs (DVA) and the Department of Defence (Defence) for the use, engagement and management of contractors against the same audit objective and criteria.

High-level observations made in this audit series and key messages for all Australian Public Service (APS) agencies are outlined in this chapter. The observations focus on: data availability and transparency issues relating to the contractor workforce; and the application of ethical and personnel security requirements to the contractor workforce.

Recommendations The Auditor-General has not made recommendations on data availability, transparency and ethical requirements in this audit series, noting that recommendations on these issues were directed to the Australian Public Service Commission (APSC) and/or the Department of Finance (Finance) by committees of the 46th Parliament and the 2019 Our Public Service, Our Future: Independent Review of the Australian Public Service (the Thodey Review).

Data availability and transparency

Observations

Data availability

Without a whole-of-APS approach to the collection and collation of data on the non-APS workforce involved in Australian government administration, each APS agency has discretion to define the non-APS personnel types it uses and to decide how data on its non-APS workforce is collected and collated. Variation in the definitions employed by APS agencies and differences in the collection and collation of relevant data means that standardised data is not available to support whole-of-APS reporting on the non-APS workforce.

Transparency

Data availability affects transparency to the Parliament and community on workforce arrangements used by the APS, and the capacity for agency-level and APS-wide workforce planning.

5.1 Audit work conducted across Services Australia, DVA and Defence identified different approaches to the collection and collation of data on the non-APS workforce. For example, Services Australia and DVA recorded each contractor or labour hire person in their systems, while Defence conducts an annual census which it advised provides a ‘reasonable estimate’ of the headcount of contractors it engages. The collection method adopted by the audited agencies impacted on their ability to report on the numbers of non-APS personnel – in terms of headcount and/or Full-Time Equivalent (FTE) – at a point in time and with confidence as to the completeness and accuracy of the data.

Observations and key messages on the selected agencies’ management of contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

67

5.2 Each agency examined by the ANAO had established its own definitions for various non-APS personnel types it procured.84 A summary of the number of non-APS personnel types that each entity had defined is set out in Table 5.1 below.

Table 5.1: Non-APS personnel types defined by the audited agencies

Entity Number and description of non-APS personnel types defined

Defence Three — contractor, consultant, and outsourced service provider.

Services Australia Ten — student placement, systems access only, contractor, labour hire, consultant, interpreter, service staff, outsourced (staff), non-APS secondee, and partner.

DVA Three — independent contractor, consultant, and labour hire.

Source: ANAO analysis of documentation from the Department of Defence, Services Australia and the Department of Veterans’ Affairs. Also see Box 4, Chapter 1 in this audit report and in Auditor-General Report No.43 2021–22 Effectiveness of the Management of Contractors — Department of Defence and Auditor-General Report No.45 2021–22 Effectiveness of the Management of Contractors — Department of Veterans’ Affairs.

5.3 The data reviewed by the ANAO for this audit series (Table 5.2 below) shows that the number of contractors engaged by the audited agencies ranged from 7.4 per cent to 34.1 per cent of the agency’s total workforce. This data, and other information provided to the ANAO, indicates that there are a large number of contractors doing work in and as part of the operations of the audited agencies, alongside APS personnel, as part of a mixed workforce.

Table 5.2: Contractor and total workforce numbers advised by the audited agencies

Entity Workforce reporting

measurea

Number of contractors

Total

workforce

Contractors as a percentage of total workforce

Defence FTE as at 4 March

2022

8311 112,943b 7.4%

Services Australia Headcount as at 30 June 2021 4269 44,061 9.7%

DVA Headcount as at

30 June 2021

1287 3778 34.1%

Note a: Entities do not use the same methods for counting contractors. FTE is a count of all hours worked at a point in time and then converted to the number of full-time staff. ‘Headcount’ is all people employed at the time of the snapshot and includes employees on extended leave. Refer Appendix 3: Measures for reporting on workforce size.

Note b: Includes APS, Australian Defence Force (ADF) and external workforce personnel (including contractors, consultants and other outsourced providers). Defence figures for the number of contractors and total workforce is an estimate. Source: Department of Defence external workforce census, March 2022 and DVA and Services Australia data as at 30

June 2021. The contractor headcount for Services Australia and DVA is the number of individuals categorised as ‘labour hire’ or ‘contractor’ in Services Australia’s ‘Contingent Workforce’ report. The ‘Contingent Workforce’ report is extracted from Services Australia’s Human Resource management system. The report identifies individuals that are not engaged by DVA/Services Australia as APS employees, who have access to entity systems.

84 See Box 4, Chapter 1 in each audit report.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

68

Ethical and personnel security requirements

Observations

Ethical requirements

In the absence of a whole-of-workforce ethical and integrity framework which covers both APS and non-APS personnel, the ethics and behaviours expected of the non-APS workforce involved in Australian government administration are being defined and managed in different ways, at an agency level. This is the case notwithstanding the fact that a large number of contractors are doing work in and as part of the operations of APS agencies, alongside APS personnel, as part of a mixed workforce.

Personnel security requirements

Entities’ management of their non-APS personnel is subject to the Protective Security Policy Framework (PSPF), which sets out government protective security policy outcomes, including for personnel security. To achieve compliance, agencies require a combination of relevant policies and processes, as well as monitoring and reporting arrangements to provide assurance that their policies and processes have been implemented.

5.4 In this audit series the ANAO observed that individual agencies determine the extent to which the ethical and integrity frameworks that apply to APS employees (which include the ethical requirements of the Public Service Act 1999 and the resource management requirements of the Public Governance, Performance and Accountability Act 2013) also apply to contractors and other non-APS personnel engaged by the agency. These decisions are captured in, and managed through, contracts rather than through the specialised human resources capabilities that have been established in agencies for the management of APS employees.

5.5 This discretionary approach applies in an agency operating environment where a large number of contractors are doing work in and as part of the operations of APS agencies, alongside APS personnel, as part of a mixed workforce. On that basis, the rationale for a discretionary approach is not clear.85 One risk of adopting a discretionary approach is that it may give rise to unequal behavioural expectations across personnel types within workplaces, and the risk of inconsistent management of personnel behaviours.

5.6 Across the audited agencies, each agency had established policies and processes for inducting contractors into the behaviours and expectations of the entity and relevant Commonwealth legislation. However, each of the selected agencies had scope to improve assurance about the completion of induction processes by contracted personnel.

5.7 Similarly, each of the audited agencies had mostly established policies and processes to comply with the personnel security requirements reviewed by the ANAO. These were PSPF policies 12–14 relating to the eligibility and suitability of personnel, the ongoing assessment of

85 Conversely, the adoption of a discretionary approach for non-APS personnel may suggest that the rationale for the ethical and behavioural frameworks applying to APS employees is historical and may not be considered a fit-for-purpose approach for all workforce types involved in Australian Government administration. In that case there is scope to consider the applicability of relevant frameworks from first principles, for the whole workforce involved in Australian government administration.

Observations and key messages on the selected agencies’ management of contractors

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

69

personnel, and the management of separating personnel. While clear and accessible policies and processes had been established for all personnel types for most requirements, assurance that implementation was effective was limited.

Parliamentary committee and other review recommendations 5.8 The Auditor-General has not made recommendations in this audit series on data collection and reporting relating to the non-APS workforce, and the application of ethical and integrity frameworks to non-APS personnel involved in Australian Government administration.

5.9 Recommendations on these issues were directed to the APSC and/or Finance by committees of the 46th Parliament and the Thodey Review.

5.10 The observations and recommendations of these Parliamentary committees and the Thodey Review are reported at paragraphs 1.14 – 1.24 of this audit report.

5.11 In addition, one part of recommendation 7 of the Thodey Review was that the ‘APSC and Finance ensure that all agencies extend APS integrity requirements to service providers, long-term APS contractors and consultants’.86 The Review included the following implementation guidance for this recommendation:

• Build on current measures — including incorporating the APS Values in contracts — in extending APS integrity arrangements to service providers, long-term APS contractors and consultants.

• Make APS integrity requirements standard contractual obligations for individuals or organisations accepting payment from the Commonwealth.87

Key messages from this audit series for all APS agencies 5.12 Below is a summary of key messages, including instances of good practice, which have been identified in this series of audits and may be relevant for the operations of other APS agencies.

Procurement • Each audited agency had established guidance to inform the use of contractors. The approach to guiding decisions was unique to each agency. Services Australia’s guidance reflected its workforce planning in the areas of its business that use the most contractors.

Defence’s guidance served to draw together the key matters to be considered when engaging a contractor.

• Each audited agency had established contracting templates, deeds and clauses to help operationalise agency requirements when engaging non-APS personnel.

86 Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service [Internet], 13 December 2019, pages 113 and 307, available from https://www.pmc.gov.au/resource-centre/government/independent-review-australian-public-service [accessed 30 May 2022]. 87 The Australian Government’s 2019 response to the Thodey Review is available from:

https://www.pmc.gov.au/resource-centre/government/delivering-for-australians [accessed 30 May 2022].

Audi

tor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

70

Contract management • To support the effective management and supervision of contractors, each audited agency had considered the availability of training and guidance.

• Each audited agency had well-designed induction arrangements to assist contractors to understand their workplace obligations and the agency’s cultural and behavioural expectations. Monitoring the completion of induction requirements provides assurance that obligations and expectations are understood.

Governance

• To be sure that policies and processes have been implemented as expected, assurance arrangements such as the Security Quarterly Action Plan approach established by DVA to check on the implementation of security requirements can assist.

Gran

t Hehir

Auditor-General

Canberra ACT 29 June 2022

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

71

Appendices

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

72

Appendix 1 Entity responses

Appendix 1

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

73

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

74

Appendix 2 Performance improvements observed by the ANAO

1. The fact that independent external audit exists, and the accompanying potential for scrutiny, improves performance. Program-level improvements usually occur: in anticipation of ANAO audit activity; during an audit engagement as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

• strengthening governance arrangements;

• initiating reviews or investigations; and

• introducing or revising policies or guidelines.

4. In this context, the below improvements were observed by the ANAO during the course of the audit. It is not clear if these actions and/or the timing of these actions were already planned before this audit commenced. The ANAO has not sought to obtain reasonable assurance over the source of these improvements or whether they have been appropriately implemented.

5. The following performance improvements were observed by the ANAO during the course of this audit:

• As discussed in paragraph 2.9, Services Australia has developed workforce strategies to support workforce planning in its service delivery and ICT workforces that are intended to guide decisions on workforce supply, including for the use of contractors. Services Australia advised the ANAO in January 2022 that it is planning to refresh its current Strategic Workforce Plan later in 2022 and will consider where similar approaches could be applied across the rest of the agency (see paragraph 2.10).

• As discussed in paragraphs 3.36 and 3.37, Services Australia advised the ANAO that it is developing governance processes around enterprise mandatory training including a communications plan, and monthly reporting on training completion rates.

• As discussed in paragraph 3.43, Services Australia’s Personnel Security Policy does not include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12. Services Australia advised the ANAO in March 2022 that its declaration for handling personal information form ‘could be expanded to require a more general declaration to comply with the broader range of government policies, standards, protocols and guidelines that safeguard resources from harm’ (see paragraph 3.44).

Appendix 2

Auditor-General Report No. 44 2021–22

Effectiveness of the Management of Contractors — Services Australia

75

• As discussed in paragraphs 3.50–3.51 and 3.56–3.57, Services Australia advised the ANAO that over the last 6 months, police check information has been included in reporting used to forecast future contractor extensions. Services Australia also advised that since September 2021, it has been checking that existing pre-engagement pack (PEP) information is accurate and up-to-date.

Auditor-General Report No. 44 2021–22 Effectiveness of the Management of Contractors — Services Australia

76

Appendix 3 Measures for reporting on workforce size

1. The Australian Public Service Commission (APSC) provides information on measures used to report on workforce size.88

2. Each year a ‘snapshot’ of data concerning all Australian Public Service (APS) employees as at 30 June and 31 December is released by the APSC. The data is provided by agencies and is drawn from the Australian Public Service Employment Database. APS employment data includes:

• demographic variables including age, gender and work location;

• classification level of APS employees, from trainee to Senior Executive Service;

• diversity data including voluntary items self-reported by APS staff such as disability status, Indigenous status, and cultural diversity; and

• staff movements including engagements, separations and transfers between agencies.

3. The reported size of the APS workforce is a headcount of all people employed at the time of the snapshot. This figure does not adjust for hours worked and it includes any employees who are on extended leave (for 3 months or more), including those on maternity leave and leave without pay.

4. This figure is different to Average Staffing Level (ASL) data provided in the Federal Budget papers. The ASL counts staff for the time they work. For example, a full-time employee is counted as one ASL, while a part time employee who works three full days per week contributes 0.6 of an ASL. The ASL averages staffing over an annual period. It is not a point in time calculation.

5. The Government places a cap on ASL. This is applied across the General Government Sector (which incorporates all of the APS and a range of other government agencies). ASL caps are published in the Federal Budget Papers each year.

6. Another measure of employee numbers used by both private and public sector organisations is Full Time Equivalent (FTE). This is a count of all hours worked at a point in time and then converted to the number of full-time staff. For example, two staff each working 0.6 days per week would be counted as 1.2 FTE.

88 Australian Public Service Commission, APS Employment Data [Internet], available from https://www.apsc.gov.au/employment-data [accessed 31 May 2022].

Appendix 4 Services Australia’s contractor data at 30 June 2021

1. Services Australia’s records indicate that it had 4269 contractors at 30 June 2021. The figures below provide further information about the agency’s contractors including the Services Australia organisational group they worked in, and length of service at 30 June 2021.

2. Figure A.1 below illustrates the 4269 contractors, at 30 June 2021, by Services Australia organisational group.

Figure A.1: Agency contractors at 30 June 2021 by Services Australia organisational group

Source: ANAO analysis of Services Australia data.

2,289

993

434

235

173

104

41

0

500

1,000

1,500

2,000

2,500

Technology Services Customer Service Delivery

Payments and Integrity Corporate Enabling Transformation Projects

Strategy and Performance Customer Service Design

3. Figure A.2 illustrates the length of service for the agency’s 4269 contractors. As shown in Figure A.2, based on their most recent contract start date, the largest group of Services Australia’s contractors at 30 June 2021 had been engaged for less than a year (1186 or 42.5 per cent), while 316 (7 per cent) of contractors had been engaged for between five and 10 years.

Figure A.2: Services Australia’s contractors at 30 June 2021 by length of servicea

Note a: Services Australia advised the ANAO that its length of service calculation reflects an individual’s most recent continuous period of service with Services Australia, regardless of contract type. For the 48 individuals without a length of service calculation, Services Australia informed the ANAO that the data provided begins from 29 September 2011, and for non-APS personnel that commenced before this date their actual start date is not readily available in the system for the purposes of calculating length of service. Based on this advice, it is possible that the length of service for these 48 individuals was greater than 10 years as at 30 June 2021. Source: ANAO analysis of Services Australia data.

1,816

938

666

485

316

48

0

200

400

600

800

1,000

1,200

1,400

1,600

1,800

2,000

Less than 1 year 1-2 years 2-3 years 3-5 years 5-10 years Not recorded