This page provides case studies designed to illustrate the considerations that may be relevant in determining whether an issue constitutes significant non-compliance.
In regard to the case studies below, there are a number of potential actions that could be taken in order to mitigate or remedy the non-compliance. The action proposed or taken would depend on the circumstances and would generally need to be proportionate to the non-compliance.
For example, the entity may revise its internal controls and delegations or authorisations, including its accountable authority instructions and/or operational guidance or manuals. It may also take steps to improve staff understanding and capability through education and training to decrease the risk of future non-compliance.
Case Study 1: Non-compliance with the Commonwealth Procurement Rules
In a given financial year, a medium-sized non-corporate Commonwealth entity identified 500 instances of non-compliance with the requirement under the Commonwealth Procurement Rules to report contracts awarded above $10,000 within 42 days on AusTender.
In the context of the Commonwealth this may not be considered significant, being less than 1 percent of all contracts reported on AusTender for the financial year. Furthermore, the contracts were subsequently reported on AusTender.
However, within the context of the individual entity, this could represent a significant non-compliance issue. In determining whether the breaches are significant, the accountable authority may have regard to the volume of contracts undertaken by the entity in a financial year (and the associated monetary value) and whether this is a systemic issue. For example, non-compliance of this size and nature may have been an ongoing issue for the entity over several financial years.
The accountable authority determined that, within the context of the entity, this represented a significant non-compliance issue, as this was a high volume of instances compared with the total number of procurements undertaken by the entity in that financial year. The responsible Minister was notified and the Finance Minister was also notified by letter.
The accountable authority reported these at the end of the financial year as a consolidated report of non-compliance with the Commonwealth Procurement Rules.
The accountable authority also outlined remedial action that would be taken to reduce the risk of reoccurrence, including providing staff training and revising internal controls to reduce the occurrence of non-compliance with the Commonwealth Procurement Rules.
Case Study 2: Intentional misuse of a Commonwealth credit card by an official (fraud)
The internal audit function of a large non-corporate Commonwealth entity identified multiple instances of Commonwealth credit card misuse by an official over a given financial year. The credit card had been used for personal purposes, including non-work-related travel, sporting memberships and entertainment. Internal controls had been designed to prevent spending with a certain category of merchants, however transactions were still identified against this category. Over $50,000 had been spent by the official over the financial year. The misuse was determined to be intentional, and the matter was referred to police for investigation.
Within the context of the individual entity, this could represent a significant non-compliance issue. In determining whether the alleged breaches were significant, the accountable authority had regard to the financial loss and the reputational risks to both the entity and the Commonwealth, and the effectiveness of the entity’s internal controls around credit card oversight and detecting misuse.
Although the police investigation was ongoing, the accountable authority determined that the conduct of the official could be a breach of the general duties of officials, and was significant enough to report at an early stage to their responsible Minister and, given the connection to the management of public resources, the Finance Minister via letter.
The accountable authority provided a high level description of the suspected non-compliance with the finance law to their responsible Minister and the Finance Minister. The description was at a high level so as to avoid any compromise to the integrity of legal processes that may take place.
The fraud charges were proven 12 months later. The accountable authority was not required to write again to the Finance Minister to provide notification of the conclusion and outcome of the investigation.
The accountable authority took remedial action to reduce the risk of reoccurrence, including applying financial caps on credit cards, reviewing blocks on spending categories, and requiring more frequent checks on credit card use.
The entity also complied with fraud reporting requirements, as appropriate. For further information on fraud reporting, refer to RMG-201 Preventing, detecting and dealing with fraud, the Commonwealth Risk Management Policy and the Commonwealth Fraud Control Framework.
Case Study 3: Accidental misuse of a Commonwealth credit card by an official
Several officials of a non-corporate Commonwealth entity identified they had mistakenly used their Commonwealth credit card for personal purposes, including non-work-related travel and personal expenses. The amount spent by each official was small, and the officials self-reported the misuse and repaid the amounts.
The accountable authority determined that this did not constitute significant non-compliance, as the misuse by the officials was determined to be non-intentional, the amounts were relatively low value and promptly repaid, and the accidental misuse did not create a material risk to the entity.
However, action was taken to mitigate the chance of reoccurrence, including staff education and more frequent checks on entity credit cards.
Case Study 4: Misuse of a charge card by a non-official
A large non-corporate Commonwealth entity’s internal audit function identified that a member of the public had obtained an entity fuel card issued to an entity official when it was left behind in a vehicle. The amount fraudulently spent on the card was $50,000 over a 12 month period.
In the context of the entity, this could represent a significant non-compliance issue, with officials breaching their duty to discharge their duties with the degree of care and diligence that a reasonable person would exercise. While internal audit detected the issue, there may also be internal control shortcomings as the loss of the fuel card was not discovered for 12 months and monthly accounts continued to be paid.
The accountable authority determined that this represented a significant non-compliance issue, given the late detection of the fraud, the amount fraudulently spent on the card and reputational risks to both the entity and the Commonwealth. The accountable authority notified their responsible Minister and the Finance Minister.
The accountable authority also provided details on the remedial action taken, which included reviewing internal controls, more frequent checks on entity charge cards and staff education.
Case Study 5: Officials investigated for alleged fraud (not reported to the Finance Minister)
Officials of a corporate Commonwealth entity were investigated on suspicion of improperly using their position to gain a benefit for themselves by engaging in possible criminal activity over an extended period of time.
The accountable authority determined the alleged conduct of the officials may, if proven, be a breach of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) (general duties of officials) and other legislation dealing with criminal offences. The alleged conduct of the officials may also reflect shortcomings in internal controls.
The accountable authority reported the matter to their responsible Minister under section 19(1)(e) of the PGPA Act and took remedial action to reduce the risk of reoccurrence, including reviewing internal controls.
However, the accountable authority determined that while the conduct concerned a breach of duties, there was insufficient connection to resource management (that is, did not involve relevant property or relevant money), and therefore did not report it to the Finance Minister under section 19 of the PGPA Act.
Case Study 6: Unauthorised entry into arrangements involving relevant money by non-officials
A medium-sized non-corporate Commonwealth entity engaged contractors to assist with a project being carried out by the entity. As the entity intended for officials of the entity to oversee the project, the contractors were not prescribed as officials and were not provided with relevant financial delegations to enter arrangements and commit relevant money under the PGPA Act. The contractors were later discovered to have entered arrangements on behalf of the entity and committed over $100,000 of relevant money without the appropriate authority and oversight by entity officials.
This may reflect issues with internal controls (including financial delegations and accountable authority instructions), as non-officials are entering arrangements under the PGPA Act without appropriate legal authority and without sufficient oversight, resulting in financial consequences for the entity.
The accountable authority determined that this represented a significant non-compliance issue in the context of the entity’s operations (given the failure of internal controls, value of the non-compliance and the involvement of relevant money). The responsible Minister was notified and the Finance Minister advised via letter at the same time.
The accountable authority also provided details on remedial action, which included staff training and reviewing internal controls around spending relevant money.
Case Study 7: Shared services – multiple accountable authorities
A Shared Services Centre of Excellence (Hub) provided shared services functions to three Commonwealth entities (clients). As part of their Memorandum of Understanding (MoU) with the Hub, the accountable authorities of the three clients provided specific accountable authority instructions under section 20A of the PGPA Act to the officials of the Hub in relation to the expenditure of relevant money on their behalf. Officials within the Hub were found to have breached the Hub’s and the clients’ accountable authority’s instructions in failing to document evidence in support of credit card transactions in the internal financial system. There were 100 breaches of the requirement across the three clients. Information was subsequently obtained from credit card holders, and there was no financial loss to the entity or Commonwealth.
Because the matter of non-compliance affected multiple entities, each entity’s accountable authority considered whether the non-compliance constituted a significant matter affecting their entity, and whether to notify their minister.
The accountable authority of the Hub decided that there was no systemic failing in the Hub’s system of internal controls, as the issue was detected, there was no financial loss, and the issue appeared to be a “once-off”.
The accountable authority of each client considered that this did not constitute significant non-compliance, as the number of breaches was insignificant compared to the total number of credit card transactions recorded for the financial year for their entity, the non-compliance was quickly identified and remedied and there was no financial loss.
To reduce the risk of reoccurrence, the Hub reviewed and updated their operating procedures. The Hub engaged with each client and reviewed their MoU to ensure it remained fit for purpose. As part of the Hub’s review of their operating procedures, the senior executive of the Hub reminded the Hub officials of their obligations and increased education and monitoring around credit card use.
