Report into media allegations of misconduct - September 2011

29 September 2011

Senator the Hon. Joe Ludwig
Minister for Agriculture, Fisheries and Forestry
Senator for Queensland
Parliament House
CANBERRA ACT 2601

Dear Minister

Report regarding allegations of misconduct raised in media articles in week beginning 19 September 2011

As you are aware, the Sydney Morning Herald (SMH) article “Fraud probe snares top bureaucrats” (19 September 2011) and subsequent media articles claim instances of fraud and an allegation of corruption in the Department of Agriculture, Fisheries and Forestry. The articles assert these claims are supported by internal audit reports provided to the SMH’s Mr Linton Besser in response to a Freedom of Information request earlier this year. On 19 September 2011 you requested a full report into all of these allegations. The enclosed report provides some important corrections as well as clarification of the information reported in the media.

There has been no activity that could reasonably or sensibly be described as a “probe” into fraud in the department. The actions referred to in the media are part of the department’s business as usual approach to internal audit control processes—part of the accountability and good management practice seen in any well run business. An outline of the stages of the department’s risk management and assurance processes is included in section 2 of the report.

There is no evidence through assurance and oversight activities that the department is not diligent in its responsibilities to effectively manage Commonwealth funds. The Australian National Audit Office reported no significant findings for the department in its 2010-11 financial statements interim audit report to the Parliament. Contrary to assertions in the media article, I can confirm that the department has made no findings of fraud against a departmental officer during 2008-09 or since. Important clarification and context in relation to the specific assertions in the media is included in section 3 of the report.

Against this backdrop, I believe the media reporting has been misleading and in large part inaccurate. The articles quote figures without context and misrepresent processes in the department. I wrote to the editor of the SMH on 19 September 2011 highlighting the inaccuracies published in the article. It is disappointing that the SMH chose not to correct the record by publishing my letter. We treat our legislative and corporate responsibilities as a priority. I am confident that the department’s processes are robust and that they—in combination with our commitment to continuous improvement—stand the organisation in good stead to continue its solid track record of compliance with legal obligations and government policy.

Yours sincerely

[SIGNED]

Conall O’Connell

Enc.

---

Report into media allegations of misconduct

1. Executive Summary
2. Departmental risk management and assurance processes
   • 2.1  Culture, values and leadership
   • 2.2  Risk management, mitigation and prevention
   • 2.3  Audit and assurance processes and detection
   • 2.4  Feedback and improvement
3. Correction and clarification of specific media claims
   • 3.1  High levels of breaches of the Financial Management and Accountability Act 1997 (FMA Act)
   • 3.2  High levels of investigations involving senior executives/managers
   • 3.3  Inadequate procurement processes (examples relating to travel, extension of legal services contract and a split tender process)
   • 3.4  Control failures within the Australian Quarantine and Inspection Service (AQIS)
4. Conclusion

1. Executive Summary

There has been recent media coverage claiming instances of fraud and an allegation of corruption within the Department of Agriculture, Fisheries and Forestry, beginning with an article by Mr Linton Besser in the Sydney Morning Herald on 19 September 2011 (“Fraud probe snares top bureaucrats”). The articles assert their claims are supported by internal audit reports released under the Freedom of Information Act 1982 (FOI Act) earlier in 2011.

The department is a large and complex organisation. We have a well established risk management culture, processes and management procedures. There has been no “fraud probe” conducted by the department or by the department’s external assurance providers. The actions referred to in the media are part of the department’s business as usual approach to internal audit and management control processes.

The department takes its fraud prevention responsibilities very seriously. Contrary to assertions in the media, the department has made no findings of fraud against a departmental officer during 2008-09 or since.

Importantly, the Australian National Audit Office (ANAO) recently reported no significant findings or control weaknesses for the portfolio in its 2010-11 financial statements interim audit report to the Parliament. The ANAO has recently indicated that this finding will stand for its final report to the Parliament in December 2011.

This report sets the record straight. It provides important context and outlines the department’s solid track record of compliance with legal obligations and government policy.

2. Departmental risk management and assurance processes

There has been no “probe” into fraud in the department. The audit actions referred to in the media are part of the department’s business as usual approach to internal audit control processes—part of accountability and good management practice seen in any well run business. As outlined below, continuing emphasis on the culture of how we operate; a comprehensive approach to risk management; mitigation and assurance processes; and a strong commitment to continuous improvement; all contribute to the department’s strong record of compliance with legal obligations and government policy.

2.1 Culture, values and leadership

Embedding a positive culture of awareness and accountability is a priority for the department. Proactive tools—including training, active assistance and awareness-raising initiatives for new and existing officers—are in place to ensure that staff are aware of, and confident in, the application of their corporate, financial, and regulatory responsibilities.

Corporate direction and leadership from the Executive Management Team and interlocking governance and committee structures provide clear, strategic and operational direction for our organisation. This drives a culture of high performance and disclosure and a commitment to ongoing improvement.

The department’s governance structures work to ensure that clear lines of reporting and accountability are in place throughout the department, including all biosecurity operations in the regions. Staff are aware of their obligations to comply fully with the Australian Public Service Values and Code of Conduct.

2.2 Risk management, mitigation and prevention

The department’s governance frameworks, strategies and systems ensure prevention, and detection when necessary, of any non-compliance with the department’s legal obligations.

The department operates in accordance with the Financial Management and Accountability Act 1997 (FMA Act) and has established financial delegations, Chief Executive’s Instructions (CEIs) and dedicated resources for managing financial responsibilities. The delegations operate as a preventative measure by establishing the financial powers and authorities of individuals working for the department. The CEIs provide instructions on expectations of staff. These instructions are supported by guidance documents, templates and support staff in corporate areas, to help prevent non-compliance with the FMA Act or the department’s other governance obligations.

The department provides training for all staff in the application of the financial framework, their responsibilities under the framework and the consequences of a failure to comply with the framework. Such training includes an introduction to the FMA Act and its regulations, procurement, budget management, use of credit cards and delegations. The department continues to build on its training program for all staff.

The department’s financial systems also play a role in preventing inappropriate activities and managing financial risks. The department’s budgeting systems allow for periodic (not less than monthly) review of budget performance and expenditure; travel management and purchasing systems allow for approvals and reconciliation of expenditure by delegated and authorised individuals; and human resource systems facilitate salary and allowance payments. Financial and other relevant policies and procedures are, wherever possible, reflected in these systems so that they are an additional control over the department’s activities.

2.3 Audit and assurance processes and detection

In addition to the comprehensive external oversight of the department as a Commonwealth agency, the department has implemented a range of activities to support a risk-based assurance strategy across the organisation. This includes the function of internal audit and internal fraud and investigation activities which provide a direct assessment of the effectiveness of our risk management, governance and control systems. In addition, the certificate of compliance, divisional performance reviews and verification and compliance activities, periodically report on the extent to which business processes are compliant with departmental policies. This framework is supplemented by a range of monitoring and management arrangements to detect and report incidents of non‑compliance. The combined outcomes of these activities provide an assessment of the extent to which processes and controls enable the department to conduct our business responsibly and legally.

The certificate of compliance process is an organisation-wide control in relation to an agency’s compliance with the government’s financial framework. The annual certificate of compliance process was implemented by the Department of Finance and Deregulation in 2006-07 and requires each secretary to provide a list of all known non-compliance with the FMA Act and its regulations. Consolidated reporting of results to the Parliament commenced in 2008-09.

The department’s data collection process for non-compliance improves each year. These results of the exercise are reported to the department’s audit committee and used to identify opportunities for continuous improvement and efficiency gains:

• online questionnaires are devolved to middle management (EL2 and EL1) across the department, rather than paper-based per division
• questionnaires are conducted tri-annually, instead of twice a year
• online training is available to all staff.

The department’s process for reporting instances of non-compliance with the FMA Act and its regulations continues to strengthen. Each year more incidences of non-compliance are detected, reflecting an increasing maturity of the department’s processes for checking compliance. These detections provide a focus for training and other awareness-raising actions. The capturing of instances of non-compliance tri‑annually has also facilitated more timely corrective action.

Providing an extra layer of confidence in the department’s current risk management process, the ANAO has only reported one moderate risk (B) finding for the portfolio in 2007-08 or over the years since (this finding related to IT developer access to the production environment and was rectified immediately by the department). As a benchmark, the ANAO reported two significant (A) findings and 48 moderate risk (B) findings for all federal government agencies in 2009-10.

2.4 Feedback and improvement

Through this approach to the early identification of any issues, the department is able to respond quickly to rectify any problems and has the tools in place to ensure targeted and effective organisational improvement.

A full review of the department’s CEIs has been conducted over the past two years. The revised CEIs are presented in a simple, concise format that provides clear instructions for staff, and are supported by additional guidance in the form of ‘All About’ documents. As the CEIs have been progressively refreshed, communication, awareness-raising activities and training have been conducted to ensure staff are aware of the requirements.

A review of delegations is being undertaken, focusing on financial, human resources and biosecurity delegations. The aim of the review is to ensure that all employees have the delegations they need to perform their roles, that they understand what is required of them in exercising their delegations and that they comply with those requirements.

The department continues to identify, in part through the certificate of compliance process, areas for further or improved financial management training. A number of finance training modules are run each month by the corporate finance team. Additional and targeted training is also carried out as required and as requested by divisions.

3. Correction and clarification of specific media claims

A number of specific claims were made in the media that were either false or misleading, particularly given the lack of contextual or benchmarking information included.

3.1 Breaches of the FMA Act

“The details have emerged in internal audit files that show more than 392 breaches of the Financial Management Act or its regulations in the past three years.” (SMH, 19 September 2011)

In 2008-09 and 2009-10, the portfolio accounted for 1.5 per cent (225 instances) and 1.7 per cent (283 instances) of the federal government’s total reported breaches under the FMA Act and its regulations. The department processes over 55 900 claims for payment transactions annually, totalling over $303.5 million. The number of breaches represents a very small fraction of the transactions processed in both absolute and relative terms. All instances of non-compliance are treated seriously, and mitigation and remediation action are taken to ensure staff are made aware of the non-compliance and how to prevent any recurrence.

The 392 breaches reported in the media relate to the department and portfolio agencies for the period 2007-08 through to 2009-10 (see table 1 below for clarification of how this figure appears to have been calculated). The total includes 249 breaches for the department.

Table 1 – Number of reported breaches under the FMA Act and its regulations for DAFF

	2007–08	2008–09	2009–10	2010–11
Department	38*	71*	140	364
Portfolio	n/a	225	283*	Not yet published

Source: Certificates of Compliance
* Note: these numbers equate to the figure of 392 as reported in the media.

The breaches referred to in the media do not relate to fraudulent activity and the majority relate to minor errors of administration. These incidences of non-compliance were overwhelmingly technical in nature, relating for example to anomalies with the payment of salary-sacrificing arrangements or the inadvertent incorrect use of corporate credit cards which has since been rectified.

Some specific examples include:

• salary package providers not using official bank accounts or having the right delegation to draw down public monies from the official bank account (78 instances)
• use of corporate credit cards involving some personal component that was self reported and subsequently repaid (the department has now been advised by the Department of Finance and Deregulation to no longer report in this situation as it does not amount to a breach of the FMA Act) (67 instances)
• the details of approved grants were not published on the department’s website within seven days or contracts were not published on the AUSTENDER website (13 instances).

3.2 Investigations involving senior executives/managers

"Almost 10 per cent of the senior officials running the Department of Agriculture, Fisheries and Forestry were investigated last year for fraud, internal documents show." (SMH, 19 September 2011)

The claim that almost ten per cent of the senior officials running the department were investigated for fraud during the 2009-10 financial year is inaccurate. The department responded to the Australian Institute of Criminology’s Fraud Control Guidelines 2009-10 Annual Reporting Questionnaire by reporting nine allegations of fraud against executive level and senior executive service officers. In 2009-10, the department employed 994.4 full time equivalent staff at these levels (see table 2 below). It should be noted that these nine instances were allegations only – there were no findings of fraud.

Three of the nine allegations of fraud were against senior executive service officers. Two of the allegations related to credit card non-compliance (self reported issues rectified with no cost to the Commonwealth) and one related to an allegation of corruption which was subsequently dismissed after initial enquiries were made.

Table 2 – Fraud Allegations against Executive Level and Senior Executive Service Officers in DAFF in 2009–10

Level	Number of Allegations1	Number of Staff2	Per Cent	Number of Substantiated Allegations3
SES	3	86.6	3.46	0
EL2	3	404.6	0.74	0
EL1	3	503.2	0.60	0
TOTAL	9	994.4	0.91	0

¹ Source: DAFF’s response to the Australian Institute of Criminology’s Fraud Control Guidelines
2009-10 Annual Reporting Questionnaire
² Source: The Department of Agriculture, Fisheries and Forestry 2009-10 Annual Report, Appendix 2, page 185
³ Source: DAFF Fraud, Investigation and Security Team Case Register

In 2009–10 there were 911 active credit cards held by departmental officers. During this period the department received only 12 reports of suspected non-compliance with credit card policy. In all cases it was assessed that the non-compliance was unintended and all funds were recovered. The total value associated with these reports was $2330.26. Commonwealth credit cards are considered by the department to be a cost effective and efficient method of paying smaller accounts and are widely used by staff that travel regularly. Revisions to CEIs in relation to credit card use and travel were carried out during 2010–11, in part based on lessons learned from these unintentional non-compliance issues. 

Where the non-compliance amounts to a breach of a financial delegation, it is reported by the relevant work area under the department’s certificate of compliance arrangements. The ANAO undertook a review of the department’s processes for managing credit cards in 2008. The review made no adverse findings in relation to the management processes. The department’s subsequent review of these processes came in to force recently and the changed internal reporting arrangements have led to a marked reduction in the number of reports in 2011-12.

3.3 Adequacy of procurement processes (examples relating to travel, extension of legal services contract, salary overpayments and a split tender process)

“Perhaps the most alarming were consecutive internal audits of procurement that identified systematic issues...A 2009 audit file noted the ‘high levels of non compliance’...”

“Staff have been...travelling without approval...”

“In November 2009 a legal services contract was extended for 12 months and included a decision to increase its annual value by 42 per cent to $2,817,072. The department requires legal advice for variations worth more than $500,000 but ‘this policy was not complied with’ and there were no documents to show the variation represented value for money.”

“An audit report in March last year said the department was incurring an average monthly bill of $50,000 for salary overpayments, based on a snapshot of the first six months of 2009, with only $25,000 recovered over this period”

“Last year a troubling purchase related to a conference event...which was ‘split into two parts even though the intention was to select a single provider’. This avoided an open tender”
(SMH, 19 September 2011)

The department conducts its procurement operations in accordance with the FMA Act and the Commonwealth Procurement Guidelines. Periodic internal audits and reviews identify issues or inefficiencies in processes or particular activities. Monitoring arrangements and management processes are in place to detect and rectify issues and implement improvements.

The department continues to implement improvements to its procurement practices as a consequence of internal audits conducted in 2008-09 and 2009-10. These improvements include revised and strengthened procurement guidelines and instructions; standard procurement and contracting templates; mandatory protocols regarding legal approval of high value procurements and probity; and mandatory training for officials involved in procurement activities. These improvements are bolstered by the ongoing work of the department’s Procurement Advisory Unit and legal service provider which are available to assist staff in conducting procurement activities.

Travel related issues

The reference to travel without approval comes from three internal audits conducted in 2008 and one in 2010 on regional office compliance, which found several instances of travel being undertaken before it had been formally approved. There has been no suggestion that travel has been taken that has not been approved. There was a further finding in a May 2010 audit relating to instances of inaccurate or incomplete travel approvals or failure to acquit travel within the required time.

To improve compliance and facilitate a more stream lined process with travel policies, the department has implemented an automated travel management system for domestic travel, revised the CEIs relating to travel and introduced new travel check lists.

The department will shortly introduce a computer-assisted audit tool which will provide a further check of all travel transactions for compliance with the department’s travel requirements.

Extension of the legal services contract

In relation to the extension of the department’s legal services contract, the auditors found that the decision to exercise the option to extend the contract for a further 12 months included a decision to substantially vary the contract pricing structure and increase the annual value of the contract by 42 per cent to $2 817 072. Blake Dawson was the department’s principal legal services provider at the time, under a contract that resulted from an open tender process conducted in 2005. The variation to the contract and the increase in the cost of legal services was a consequence of significantly increased demand for legal services following the outbreak of equine influenza, as well as an increase in the agreed blended hourly rate. The variation to the contract was based on a cost assessment that compared Blake Dawson’s fee structure with those of the department’s panel of legal providers.

In 2010-11, the department conducted an approach to the market for legal services and the Australian Government Solicitor was the successful tenderer.

Salary overpayments

The department’s conditions of employment are complex with many regional staff utilising over-time and loading provisions. Salary overpayments occur mainly due to changes in rostered over-time that is entered into the department’s payroll system post payment of salary. There was no suggestion that overpayment of this nature involve any fraudulent activity.

The implementation of a specific clause in the 2009-11 collective agreement (allowing deductions from subsequent pays), enhancement to departmental systems (for example, the recent upgrade of the department’s human resources system) and improvements to human resources procedures, have all contributed to a reduction in the total value of overpayments. Since 2008-09, the balance of overpayments has reduced from $596 000 (as at 30 June 2009) to $254 797 (as at 30 June 2011). The current figure equates to less than 0.01 per cent of the total expenditure of the department on wages and salaries ($336.9 million).

Split tender process

An internal audit conducted in 2010 reported anomalies with procurement processes for separate interpretation and translation services for a joint meeting of the Food and Agriculture Organization of the United Nations and World Health Organization Food Standards Program CODEX Committee on Food Import and Export Inspection and Certification Systems in March 2010. The auditors queried whether the process of obtaining quotes from the same providers for separate translation and interpretation services for a single meeting had the effect of circumventing the requirement under the Commonwealth Procurement Guidelines for an open tender for contracts valued at $80 000 or more.

The same provider was awarded both contracts. The value of each contract was less than $80 000 but the combined value exceeded $100 000. As the relevant line area advised that it would have been unlikely to have selected a different provider for each service for a single event, the auditors found that the procurement should have been conducted as a single exercise and therefore constituted a breach of the guidelines.

In response to the audit finding, the department developed revised procurement guidelines, prepared new procurement templates, introduced additional requirements for legal approval of material contracts, and implemented training activities to build awareness of and compliance with our procurement obligations. In addition, the department’s internal audit team periodically reviews procurement activities to ensure compliance with requirements. The program area changed its processes to comply with the requirements to go to open tender for these services for subsequent meetings.

3.4 Control failures within AQIS

“AQIS staff are poorly trained and confused about their role...”

“A program to randomly inspect quarantine-approved premise, for example, did not work because staff were warned when ‘unannounced audits’ were scheduled.”

“There is ‘inconsistency’ in the way AQIS auditors ‘instigate sanctions’.”
(SMH, 19 September 2011)

In most cases, to import goods, animals, or plants, an application for an import permit must be made by the importer. This is assessed by the department and, on that basis, a permit may be granted subject to any conditions deemed necessary for safe importation, use and disposal of the imported commodities. Permits may contain pre- or post-border treatment conditions for the consignment.

The quarantine process can involve the identification of the post-entry treatments or activity options and allows some to be performed unsupervised by a third party at either:

• a quarantine approved premises (QAP) – where post-entry quarantine treatments or activities may be performed on goods, animals and plants, or
• under a compliance agreement – a legally binding agreement between the Commonwealth and the other party defining actions and responsibilities.

The media article is basing its claims on aspects of a summary of a 2009 internal audit report. At the time of the audit, there were approximately 1500 third parties with compliance agreements subject to between one and three annual audits depending on classification, and approximately 2500 QAPs that are generally subject to two audits each year.

The internal audit made seven recommendations aimed to improve oversight of the management of third party arrangements. In the period since the audit, the department has implemented all recommendations. Significant resources have also been committed to improving the audit of QAPs as well as management and guidance practices. A sanctions and rewards policy has also been developed and is a key component of the current biosecurity reform process.

The department has implemented a management framework to ensure that biosecurity operational staff have access to endorsed instructional material to perform major activities. This framework includes a structured, systematic approach to the planning, development, approval and delivery of documented information for activities and processes performed. The framework is also supported by appropriate governance arrangements and has been designed with reference to the ISO 9001:2008 document control practices. The documented information is used with additional tools and support—such as appropriate training and supervision—and is subject to review and verification. All documentation developed under this framework is stored in a central storage and access point, the Instructional Material Library.

To support the implementation of a positive risk culture, the department has ensured the appropriate resources, tools and training are made available to staff, so there is a consistent and proactive approach to managing biosecurity risk at all levels. Relevant context in relation to each of the assertions reported in the article follows.

Staff training

After the 2009 audit, the department reviewed existing arrangements and, in July 2010, implemented new mandatory auditor training for all staff involved in auditing QAPs. The new auditor training comprises generic auditor competencies, technical training for particular types of facilities and on-the-job assessment.

Unannounced audits

The department’s audit policy requires that audits recorded as ‘unannounced’ are not conducted with advance notice and that, if advance notice is provided, the audit must be regarded and recorded as an ‘announced’ audit. This policy has been re-iterated in guidance provided to staff and is examined during audit verification activities.

Instigation of sanctions

The department now applies a risk-based, compliance management approach to QAPs and their operators. Failures to comply with requirements are classified as minor, major or critical according to the level of biosecurity risk associated with the failure. These non-compliance classifications are specified in instructional material provided to staff.

The department’s policy requires that all non-compliance incidents of a critical nature are now referred to the national office for action and the department applies a consistent policy for audit pass/failure criteria based on the number of minor, major and critical non-compliances detected at audit. The pass/failure rate of audits is tracked and audit rates are increased or decreased according to the compliance history.

4. Conclusion

The department takes its responsibilities in relation to fraud prevention very seriously and, as this report outlines, has robust and well established risk management and assurance processes in place across the organisation. Corporate direction and leadership, along with the positive culture of awareness and accountability, drive the department’s commitment to ongoing improvement and ensures that staff are aware of, and confident in, the application of their corporate, financial and regulatory responsibilities. Strong governance frameworks, strategies and systems ensure prevention, and detection when necessary, of any non-compliance with the department’s legal obligations.

The department rejects the allegations of widespread fraud and corruption made against departmental officers. There was no fraud probe into the department’s operations and this information has come to light as part of the normal business of internal controls and assurance systems maintained by any good organisation. The department believes the media reports have been misleading and in large part inaccurate. Nevertheless, its commitment to ongoing improvement will see that processes and systems are continually strengthened and refined, further supporting the department’s ability to comply with legal obligations and government policy.