report to services australia

Planned Outage

We are making important updates to our systems from 8:00 pm Wednesday 10 April 2024 to 11:00 pm Wednesday 10 April 2024 (AEST). Access may be affected during this time. We apologise for any inconvenience.

Problem loading mint-content-page app.

Things aren't going well... have you tried refreshing the page and are you using an up to date browser? If so, and you still see this message, please contact us and we'll help you out.

You've been on this page for at least 10 minutes.

For your security, we'll sign you out of myGov in 5 minutes.

Manage your payments

Keeping your details up to date \r\n.

If you get a payment from Services Australia, you need to tell them about any changes in your circumstances. These can include changes to your:

employment status
income estimate
contact details.

Find out more about change of circumstances for different payments on the Services Australia website.

Income support payments

There are extra things you need to do if you get an income support payment.

Find out what’s considered an  income support payment  on the Services Australia website.

Reporting your income

You need to keep reporting your and your partner’s income to Services Australia every 2 weeks.

Find out more about  employment income reporting  on the Services Australia website.

Working credit

Some income support payments let you build up Working Credit while you work. Working Credit lets you earn more income before your income support payment is reduced, or stops.

If you use all your Working Credit and your income is above the cut off point, your payments may stop. Your income cut off point will depend on the income support payment you’re getting.

Find out more about  Working Credit  on the Services Australia website.

Tax implications

If you get a government payment or allowance, you may need to pay income tax on your payments. These payments are not taxed automatically. Details of most government payments will be pre-filled in your tax return if you lodge online or use a tax agent.

Always check the pre-filled information against your own records and add any missing details. Find out more about  government payments and allowances  and pre-filled details on the Australian Taxation Office website.

You can also find out more about  paying tax on your payment  on the Services Australia website.

Cancelling a payment

Get the steps on  cancelling your payment online  on the Services Australia website.

If you can’t cancel online, call your  payment line  on the Services Australia website.

Keeping your details up to date

Find out what’s considered an income support payment on the Services Australia website.

Find out more about employment income reporting on the Services Australia website.

Find out more about Working Credit on the Services Australia website.

Always check the pre-filled information against your own records and add any missing details. Find out more about government payments and allowances and pre-filled details on the Australian Taxation Office website.

You can also find out more about paying tax on your payment on the Services Australia website.

Get the steps on cancelling your payment online on the Services Australia website.

If you can’t cancel online, call your payment line on the Services Australia website.

Thank you for your feedback

Australian Government Department of Health and Aged Care

Reporting incorrect billing, claiming, or suspected fraud

We protect the integrity of health programs by making sure that correct payments are made for the right services. If you think a doctor or pharmacist has charged you, or claimed for, a service or product you didn’t receive, let us know here.

What to report to us

Let us know if you think someone has claimed a Medicare or Pharmaceutical benefit incorrectly. This may include claiming for a service which was not provided, or not meeting the requirements for claiming.

The kinds of payment concerns to report to us include:

Medicare benefits via the Medicare Benefits Schedule (MBS) .
Pharmaceutical benefits via the Pharmaceutical Benefits Scheme (PBS) .
Child Dental Benefits Schedule ( CDBS) payments.
Payments for through incentive programs including the Practice Incentive Program (PIP) and Workforce Incentive Program (WIP) .
COVID-19 vaccination issues related to the charging of out of pocket costs, or the billing of additional Medicare items in general practice.
Charging for COVID-19 vaccinations by general practices.

We accept tip-offs about:

doctors, pharmacists, dentists and allied health professionals such as physiotherapists
pharmacies, medical practices, hospitals and administrative staff.

If you see a name you don't know on your Medicare statement

Your Medicare statement includes a list of Medicare services which have been claimed, and the practitioner who claimed the service.

Most of us recognise our doctor’s name, so it’s not unusual to be concerned if you see a name you don’t recognise on your Medicare statement.

If this happens, consider whether you might have had a service, such as an eye test, pathology, or diagnostic imaging, from someone other than your usual provider. Pathology tests are claimed by the medical practitioner who reports the result, not the person who collected the sample.

What to report to someone else

There are some things we can’t investigate.

You can report these things to other authorities:

Reports about fake vaccine certificates – submit these to Services Australia ( Proof of COVID-19 vaccinations for businesses - Running a business - Services Australia )
Reports about patient safety or harm – submit these to the Australian Health Practitioner Regulation Agency (AHPRA) .
Rude, racist, inappropriate professional conduct, not listening, dismissive service quality or interaction issues (also AHPRA) .
Suspected Medicare, pharmaceutical or Centrelink fraud by a member of the public (not a health provider or their employee) – This includes concerns about stolen Medicare cards or that you have been advised that your Medicare details have been affected by the Optus breach – submit these to Services Australia .
Concerns about aged care services – submit these to the Aged Care Quality and Safety Commission (ACQSC) .
Medicine on-selling by a member of the public – contact your state police.
Claims made to your private health insurer – report to your own health insurance fund.
COVID-19 vaccination issues in pharmacies: submit these to the Pharmacy Program Administrator PPA tip-off form .

How to submit a tip-off

You don’t have to give us your details when you submit a tip-off.

But it helps if you do, so we can contact you for more information if we need it.

If you want to make a report, call our hotline.

Report health provider fraud against health programs

Or, if you can’t call the hotline, use our tip-off form .

Is there anything wrong with this page?

Help us improve health.gov.au

If you would like a response please use the enquiries form instead.

ATO Community
Legal Database
What's New

Log in to ATO online services

Access secure services, view your details and lodge online.

Other components of your STP reporting

There are components you need to report through STP that relate to employees themselves.

Last updated 14 November 2023

What other components are

There are components you need to report through STP that influence the amount you pay to an employee but relate to the employee themselves rather than the kind of payment they are receiving.

For these components, you don't need to include an income type or country code in your STP report.

These components are:

child support

The reporting of deductions does not change under STP Phase 2.

There are 2 deduction types you can report:

union and professional association fees (deduction type F)
workplace giving (deduction type W).

Union and professional association fees (deduction type F)

You should only report union fees and professional association fees deducted from payroll as deduction type F.

No other post-tax deductions can be reported as deduction type F.

Workplace giving (deduction type W)

When an employee has asked you to collect money from their pay to donate, you may have set it up as a:

salary sacrifice arrangement
workplace giving deduction.

You should only report workplace giving deductions as deduction type W. Don't include salary sacrifice contributions to a charity . These are reported as Salary Sacrifice Type O (other employee benefits) .

The workplace giving deductions you report as deduction type W include:

to reduce the amount of PAYG withholding from the employee's pay to account for the deduction
not to reduce the amount of PAYG withholding from the employee's pay.
where you have not established a formal workplace giving program but make a post-tax deduction from the employee's pay to donate to their nominated Deductible Gift Recipient (DGR).

Child support reporting

If your STP solution offers the functionality, you can choose to report child support amounts through STP. If you do so you:

won't need to report those amounts separately to Services Australia
must still pay the required amounts to Services Australia using the payment information specified in the Child Support notice issued to you. Do not pay child support amounts to us.

If you can't or choose not to use STP to report child support amounts then you must continue to report directly to Services Australia using your existing reporting channels.

There are 3 kinds of child support amounts:

Child Support Deductions which are made according to a deduction notice. These can be reported through STP.
Child Support Garnishees which are made according to a garnishee notice. These can be reported through STP.
employee-initiated child support amounts when there is no notice . These cannot be reported through STP.

Special rules apply if you are making corrections to child support garnishee or child support deduction amounts.

Child Support Deductions (deduction type D)

If you received a notice titled ‘Notice to commence Child Support Deductions’ or ‘Change to your Child Support Deductions’, these are deduction notices issued under section 45 of the Child Support (Registration and Collection) Act 1988 . This type of notice requires an employer to deduct a fixed dollar amount each pay period. Rules for protected earnings amounts External Link apply to these deductions.

Report these amounts in your STP report as a Child Support Deduction (deduction type D).

When you have not been able to deduct the full amount from the employee's pay

Sometimes there may be situations where you:

haven't deducted the full amount from the employee's pay
couldn't deduct at all.

These situations can include when the:

protected earnings amount reduces the amount available to deduct
employee was not paid for that pay period.
have made a deduction report the amount you have deducted
couldn't deduct any amount from the employee's pay, report this to Services Australia using an alternative child support reporting channel External Link .

Some STP-enabled solutions may offer additional functionality that allows you to tell Services Australia about these employees by including them in your STP reporting with unchanged YTD child support amounts. If you use this functionality you do not need to report separately to Services Australia.

When an employee leaves

A notice from the Child Support Registrar requires you to deduct from an employee's pay. If that employee leaves, you must tell Services Australia by including their cessation date and cessation reason in your STP report.

Child Support Garnishees (deduction type G)

If you receive a notice titled ‘Notice to pay money directly to the Child Support Registrar pursuant to section 72A’, this is a garnishee notice issued under section 72A of the Child Support (Registration and Collection) Act 1988 . This type of notice requires an employer to garnishee either a:

percentage of the employee’s income
fixed amount each pay.

These deductions are not subject to the rules about protected earnings amounts External Link .

You should report these amounts in your STP report as a Child Support Garnishee (deduction type G).

If you have been unable to garnishee the full amount under the garnishee notice (for example, because the employee was not paid), you do not need to tell Services Australia separately. This is different to Child Support Deductions.

Employee-initiated child support amounts

Your employee may have made arrangements with you to pay child support amounts even though you have not received a notice from the Child Support Registrar.

These employee-initiated child support amounts must not be reported through STP.

Starting to report child support amounts through STP

There are a number of things you need to do before you can report child support amounts through STP:

Check whether your payroll solution offers child support reporting functionality. If it does, make sure you understand the functionality that is offered. For example, if an employee is not paid during a pay period, your payroll solution may not have the functionality to use STP to report that you did not deduct.
through STP
separately (when required) using an alternative child support reporting channel External Link .
Decide when you will lodge your first STP report that includes child support amounts.
The pay period you have set up in the product doesn’t match the pay period you use when paying your employees.
Pay codes for employee-initiated deductions (which are not reportable) are mapped to report as Child Support Deductions or Child Support Garnishees.
Pay codes for Child Support Deductions or Child Support Garnishees are not mapped to the correct deduction type for STP reporting.
Contact Services Australia to confirm your garnishee payment details, such as the payment reference number you use when you pay amounts to them. These details may change when you start reporting Child Support Garnishee amounts through STP.
Tell Services Australia your starting YTD child support deduction balances.
Lodge your first STP report that includes child support amounts.

Telling Services Australia your starting YTD child support deduction balances

As STP reporting uses YTD amounts for the financial year, Services Australia need to know your starting YTD balances. They will use this information to:

compare your reporting for each pay period
work out your pay period child support amounts.

You'll only need to tell Services Australia your YTD starting balances once.

To tell Services Australia what your starting YTD child support balances are, use one of the following methods.

Example: telling Services Australia your starting YTD balances

Linh has decided to start reporting child support amounts for their employees through STP in February. They need to tell Services Australia the starting YTD child support balances for their employees.

They have decided to use the Overlapped Reporting method and their STP report for the last pay period in the month will be the first that includes child support amounts.

Linh processes the pay as normal and sends their STP report (including the child support YTD balances) to the ATO. The ATO will provide the Child Support YTD balances to Services Australia so that they know what Linh’s starting YTD balances are.

A Child support deductions report form (CS4964) is completed, covering:

each pay in February before they started to include child support amounts in the STP report
the current pay (which has included the child support starting YTD balances in the STP reporting).

They send the CS4964 form directly to Services Australia so that the child support deductions can be processed.

The overlap of the STP report and the Child support form CS4964 covers the last pay of the month meaning that:

Services Australia can use the CS4964 form to process Linh’s child support amounts, because there is no earlier STP reporting to compare it to
Linh has told Services Australia the starting YTD balances so that from the next pay period (the first pay in March) they only need to use STP to report for child support.

Reportable employer super contributions and reportable fringe benefit amounts

You can report an employee's reportable fringe benefits amounts (RFBA) reportable employer super contributions (RESC) through STP.

The reporting rules for RFBA and RESC have not changed with STP Phase 2.

How to report RESC and RFBA through STP

You only report RFBA amounts if the total taxable value of certain fringe benefits you provided to your employee exceeds $2,000 for the FBT year (1 April – 31 March).

If you choose to report this information, you may provide YTD RFBA and RESC either:

through a pay event (if the information is available in payroll) throughout the financial year, or
through an update event throughout the financial year.

This can be at any time up until the due date to make the declaration that you have finalised your reporting for that employee for the financial year.

Once you’ve reported an amount, you should continue to report the amount in all following pay events, even if the YTD amounts remain the same.

If you can't (or choose not to) provide RFBA or RESC through STP, you must provide this information on a payment summary to the employee and provide us with a payment summary annual report. The payment summary must not include amounts reported through STP.

Relationship between reporting RESC and RFBA, and salary sacrifice amounts

Often the amounts you report as salary sacrifice super (salary sacrifice type S) are also considered reportable employer super contributions (RESC) . However, there are other contributions you may make to super for an employee that are RESC but not salary sacrificed.

Similarly, reportable fringe benefits amounts (RFBA) may be related to the amounts you report as salary sacrifice other benefits (salary sacrifice type O) but can differ because:

benefits an employee receives from salary sacrificing may not also be RFBA
benefits an employee receives may be RFBA but were not obtained from salary sacrificing
actions, such as employee contributions, may change the value of RFBA relative to the salary sacrifice.

When reporting RESC and RFBA through STP, you need to ensure you understand the relationship between reporting RESC and salary sacrifice type S , and the relationship between reporting RFBA and salary sacrifice type O so that you can report correctly.

Example 1: RESC and salary sacrifice type S

Jackie earns $60,000 per annum. During the employment process she negotiated an extra 2% ($1,200) super above the super guarantee (SG) rate. Because Jackie negotiated with her employer to pay extra super this must be reported as RESC.

Jackie has also decided to salary sacrifice $10,000 into super.

This is reported in STP Phase 2 as:

Gross $60,000
Salary sacrifice type S (super): $10,000
RESC $11,200.

The RESC value is higher than the salary sacrifice type S because it includes:

the salary sacrifice amount of $10,000
the extra $1,200 of employer super she negotiated.

Example 2: RFBA and salary sacrifice type O

Ross earns $80,000 per annum. Instead of carrying his heavy laptop, he has decided to salary sacrifice a tablet worth $2,000 which will be primarily used for work purposes.

Gross $80,000
Salary sacrifice type O (other employee benefits): $2,000

The tablet is reported as Salary sacrifice type O because all salary sacrifice items are reported in STP Phase 2. However, because the tablet is being used primarily for work purposes it is not subject to FBT, so is not reported as RFBA.

Reporting super

You must include information about your employees’ super entitlements.

You must continue to report and pay your employees' super entitlements through your existing SuperStream solution (including the Small Business Superannuation Clearing House ). This has not changed with STP Phase 2.

You must report either:

your YTD employer super liability for each employee in the STP report (super type L)
the YTD ordinary time earnings (OTE) for each employee in the STP report (super type O).

If your payroll solution allows you can also report both.

There are some circumstances where it may not be clear what to report such as where your:

YTD employer super liability or your employee’s OTE is zero – report zero
employees are entitled to receive super contributions above the minimum super guarantee (SG) liability – report this higher amount if you can't separately identify these in your payroll solution
employee is a member of a defined benefit fund and you make super contributions for the employee – report this amount if it is available in your payroll system. This would usually correspond to the YTD amount shown on the employee’s payslip. Otherwise, report zero as the super liability amount.

Skip to navigation
Skip to main content

About the Department

Simplified Income Reporting for Income Support Recipients

Please note: the Social Services and Other Legislation Amendment (Simplifying Income Reporting and Other Measures) Act 2020 commenced on 7 December 2020.

Income support recipients now report the gross amount paid to them during their reporting period, instead of calculating the amount of income they will earn.

Further information can be found at the Services Australia website .

The Australian Government is improving and simplifying the way that employment income is reported and assessed for social security purposes. These changes make reporting easier for payment recipients, meaning people receive the right amount of income support and are less likely to incur a debt.

The Social Services and Other Legislation Amendment (Simplifying Income Report and other Measures) Act 2020 (the Act) passed Parliament on 2 March 2020 receiving Royal Assent on 6 March 2020.

The Act commenced on 7 December 2020.

The Act was originally scheduled to commence on 1 July 2020. However, due to the impacts of the coronavirus pandemic, the start date was delayed until 7 December 2020. The Australian Government passed the Coronavirus Economic Response Package Omnibus Act 2020 on 23 March 2020 which contained amendments to the Simplifying Income Reporting and Other Measures Act 2020 to defer implementation for up to 12 months, to commence either by Government proclamation or on 1 July 2021.The Governor-General made the proclamation on 23 July 2020 setting a commencement of 7 December 2020.

Services Australia conducted communication activities to advise customers of the changes in the lead up to 7 December 2020.

Prior to 7 December 2020, payment recipients had to make a calculation to report their, or their partner’s, gross earnings based on the number and value of shifts they have worked. This could often end up being different to what they were actually paid.

Under this change, people can now refer to their or their partner’s payslip in order to report their gross employment income to Centrelink. This makes reporting easier so that people get the right amount of payment.

This change affects anyone who has to report their employment income for social security purposes, including partners of payment recipients. Affected payments include:

Age Pension
Carer Payment
Disability Support Pension
Farm Household Allowance
Jobseeker Payment
Partner Allowance
Parenting Payment (single and partnered)
Special Benefit
Status Resolution Support Services
Widow Allowance
Youth Allowance.

These changes also facilitate the use of Single Touch Payroll data to pre-fill recipients' income reporting tool with their employer's name and employment income.

The Australian Taxation Office will provide Centrelink with Single Touch Payroll data, where an individual has been established as a mutual client. This information will be used to assist people to report their employment income.

From mid September 2020, the data has been used to pre-fill payment recipients’ employer information. As employers progressively start reporting the Single Touch Payroll expanded dataset over time, recipients will start to see their income also pre-filled through their usual reporting channel. People will still be responsible for reporting their income and making sure the information is correct. They will have the ability to review, update or add additional employment details before finalising their report to Centrelink.

Last updated: 4 August 2022 - 10:33am

Read documents in your language

Chinese - traditional

If you need more translations, please contact us via: 1300 362 072 or [email protected]

Services Australia

We consider complaints about Australian Government agencies, including Services Australia. We are independent, impartial and our service is free. It is important that you read the information below before you make a complaint.

What we do:

We can investigate complaints about Services Australia (this includes Centrelink, Child Support and Medicare).
We consider all complaints but not all complaints proceed to an investigation.
We will always contact you in response to your complaint and give you reasons for our decisions.
We may suggest other options available to you.
We can make suggestions and recommendations to Services Australia about a better way of doing things.

What we cannot do:

We cannot advocate for you or give you legal or similar advice.
We cannot direct Services Australia to take action or change a decision.

If you want Services Australia to change a decision, you can ask them to review the decision that was originally made. Timeframes may apply depending on the type of review you are seeking.

Almost all decisions can be reviewed, for example, if Services Australia:

says you owe a debt
rejects your claim
reduces, suspends or cancels your payment
makes a Child Support decision you disagree with.

If you still disagree with a decision by Services Australia after it has been reviewed, you may be able to ask the Administrative Appeals Tribunal to review the decision . Timeframes may apply depending on the type of review you are seeking

Before you complain to us

You should try to resolve the complaint with Services Australia before you contact us. This is usually the fastest way to resolve a complaint. We suggest contacting Services Australia online, but you can also contact Services Australia by phone, in writing or in person.

Allow Services Australia 10 business days to respond to your complaint. If you are not satisfied with Services Australia’s response to your complaint, you can contact us .

How to make a complaint to us

Submit our online complaint form (preferred)
Call us on 1300 362 072
Contact us through the National Relay Service .
If you are a non-English speaking person, we can help through the Translating and Interpreter Service (TIS) on 131 450.

See our Contact Us page for other ways to make a complaint to us.

This site uses cookies to analyse traffic, remember your preferences, and optimise your experience.

Portal login

Report and recover from scams

This rating relates to the complexity of the advice and information provided on the page.

Content written for

I’ve been scammed. what should i do .

Below are the steps that you should take, depending on your situation.

You think a scammer has targeted you, but you didn’t give them your details or money

Report the scam to National Anti-Scam Centre - Scamwatch .
Report the scam account to the social media or other platform they used to engage with you.
If it looks like a scammer is impersonating an Australian business, contact the fair trading organisation in your state or territory.
If you have opened a link on your computer, or followed instructions on how to install a software, you may have installed something malicious. Uninstall the program and run a full antivirus scan to check for anomalies.
If you have received a message on a work laptop or phone, contact your IT department and let them know.

You’ve been scammed and lost money

Immediately report the transaction(s) to your bank or financial institution.
Complete a report through ReportCyber .
Stop all communication with the offender.
Change your passwords to secure your online accounts. Visit IDCARE for advice on securing your accounts online.

You think a scammer has stolen your personal information

Contact your financial institution to secure your financial accounts.
Check idcare.org for advice on securing your accounts online.
Contact any other services that use your personal identity documents (e.g. ATO or Services Australia) to secure your accounts.
Make yourself a harder target: Secure your social media and other personal accounts, such as your email.
Change the passwords to any other accounts you think the scammer may have accessed, or to which they now have access. This could include banking, superannuation and email accounts. You should prioritise changing the passwords of any account that reused the same password as the compromised accounts.
Contact a credit reporting agency to see if any attempts to open accounts in your name have been made. For information on how to select an agency, visit IDCARE .

Do you suspect that you have been hacked, or may be a victim of a scam? Check our ‘ Have you been hacked ’ guidance on how to spot red flags, and solutions specific to your situation.

Resources for scam victims

You're not alone. Anyone can be a target of an online scam. First, you should make a record of the key details of the scam. This includes what happened, when it happened, who contacted you, and how you responded.

If someone has stolen your money or identity, contact these agencies to report it, get help, and protect yourself from further harm.

Not sure what type of scam it was?

Learn more about scams , and use our ‘ Have you been hacked’ tool for more information on what to do.

Who should I contact?

Asd's acsc reportcyber.

Report cybercrimes, security incidents and abuse through ReportCyber . Your report helps to disrupt crime operations and makes Australia more secure. If your money and/or identity is at risk, also notify the relevant services below.

Your financial institution

Contact your bank or credit union immediately if you’ve sent money to a scammer. They may be able to close your account or stop a transaction. Make sure you call them using their official phone number, not the one in the scam message.

National Anti-Scam Centre - Scamwatch

Report online scams to National Anti-Scam Centre - Scamwatch . Your report helps to warn people about current scams and disrupt them where possible. You’ll need to provide details of the scam, such as a screenshot or text of the email or text.

Services Australia

Contact the Services Australia Scams and Identity Theft Helpdesk . They can provide support if you’ve opened links in fake messages or sent personal details to someone pretending to be from myGov, Medicare, Centrelink or Child Support.

Contact IDCARE if your information is at risk from a data breach. They’re a national identity and cyber support service for individuals and organisations.

Australian Taxation Office

Contact the ATO if someone has stolen your personal or business identity. You must report all tax-related security issues to the ATO.

Australian Securities and Investments Commission

Contact ASIC to report financial misconduct, such as superannuation and crypto-asset scams. ASIC the national corporate regulator.

Need more support?

For help with all types of threats, visit our report and recover page.

If you still need help, call our hotline 24/7 on 1300 CYBER1 (1300 292 371).

More information

Recognise and report scams.

Learn how to spot scams and test your knowledge.

Protect yourself from scams

Find out about different scam messages so you can be more prepared.

Thanks for your feedback!

Make a report

The information below can help you report child safety concerns, including child sexual abuse. You can report child sexual abuse no matter how long ago it occurred.

Information relating to child safety and protection may bring up strong feelings. Remember, you are not alone. If you need assistance or support, our Get support page provides a list of dedicated services.

The National Office for Child Safety (the National Office) provides national leadership to develop and deliver national policies and strategies to increase children's safety and prevent harm to them, with a particular focus on child sexual abuse.

The National Office does not investigate criminal matters, deliver child protection services or provide direct support services. However, help is available - contact details for police, state and territory child protection agencies are listed below.

Non-English speakers can access these services through the Translating and Interpreting Services (TIS) by calling 131 450 . TIS is available 24/7.

If you are deaf and/or find it hard hearing or speaking with people who use a phone, the National Relay Service (NRS) can help you. The NRS is available 24/7.

How to report a crime

Report a crime.

If you need to report a crime contact your local police on 131 444 or call Crimestoppers on 1800 333 000 .

In an emergency, call Triple Zero ( 000 ).

Report online child abuse material

To report online child sexual abuse, including child sexual abuse material, please contact the Australian Centre to Counter Child Exploitation using the Report Abuse button.

You can also report illegal content, including online child sexual exploitation and abuse material, to the eSafety Commissioner .

Report to child protection agencies

Protecting Australia’s children is everybody’s business. If you suspect a child or young person is at risk of harm, abuse or neglect you can contact your relevant state or territory child protection agency.

State and territory contact details

Australian capital territory.

Phone: 1300 556 729

How to make a report: Provide Information about Child Abuse and Neglect - Community Services

New South Wales

Phone: 132 111
How to make a report: Reporting a Child at Risk

Northern Territory

Phone: 1800 700 250
How to make a report: Report Child Abuse
Phone: Regional Intake Services , after hours: 1800 177 135
How to make a report: Reporting Child Abuse

South Australia

Phone: 131 478
How to make a report: Reporting Child Abuse
Phone: 1800 000 123
How to make a report: Child Protection Notification Form
Phone: Child Protection Contact , after hours: 13 12 78

Western Australia

Phone: 1800 273 889
How to make a report: Reporting Your Concern

Eligibility
Support Agencies
Session reports
Change of circumstances
Program review
First Nations children can get more hours of subsidised care
List of registered child care software

Session reports for previous financial years

Providing care to relatives
Third-party payment of gap fees
Overpayments and debts
Balancing Child Care Subsidy
About the child wellbeing subsidy
Identifying a child at risk
Examples to help you understand when a child is at risk
Talking with the family
Establishing eligibility for child wellbeing
Reporting obligations
Issuing a child wellbeing certificate
Applying for a child wellbeing determination
Grandparents
Temporary financial hardship
Transition to work
Special circumstances grant
Priority areas for disadvantaged and vulnerable communities grant
Community Child Care Fund restricted grant review
Notification of serious incidents
Restricted grant: notification of Work Health and Safety incidents
Connected Beginnings sites
Priority areas for limited supply grant
Business support
Inclusion Support Portal
Inclusion Development Fund
Inclusion Support Program review
Inclusion Agencies
About the approval process
Check your eligibility
Get ready to apply
Submit your application
After you apply
Add, remove or relocate a service
Suspension of approvals
Family Assistance Law
Persons with management or control obligations
Persons with management or control by organisation type
Fit and proper
Working with children checks
Inducement and advertising at your service
Electronic payment of gap fees
Financial reporting obligations for large providers
Stakeholder content kit: Infringements
Family Assistance Law civil penalty provisions
What to do if you get a section 158 notice
Compliance Pilot
Children who are on holiday
Educators who are not providing care
Caring for relatives – the less than 50% rule
Entitlement to CCS or ACCS when caring for own children or siblings
Charging fees
Fit and proper person
Background checks
Reporting actual attendance times
Past enforcement action registers
Collecting gap fees
Support by region
Emergency support by region
National Children’s Education and Care Workforce Strategy
Paid practicum subsidy
Practicum exchange
Professional development subsidy
Stakeholder kit: professional development for early childhood workforce
Support for early childhood teachers and educators
Educator discounts
Finding staff
Approved learning frameworks
Expert advisory group
Preschool Outcomes Measure
Preschool Reform Funding Agreement
Previous funding arrangements
National vision for early childhood education and care frequently asked questions
Early Years Strategy
Australian Competition and Consumer Commission child care price inquiry
Productivity Commission inquiry into ECEC
December quarter 2023
September quarter 2023
June quarter 2023
March quarter 2023
December quarter 2022
September quarter 2022
June quarter 2022
March quarter 2022
December quarter 2021
September quarter 2021
June quarter 2021
March quarter 2021
December quarter 2020
September quarter 2020
March quarter 2020
December quarter 2019
September quarter 2019
June quarter 2019
March quarter 2019
December quarter 2018
Financial year 2018-19
September quarter 2018
2021 results
2016 results
Stakeholder kit: Early Childhood Education and Care National Workforce Census – approved providers
Stakeholder kit: Early Childhood Education and Care National Workforce Census – preschools
2013 results
2010 results
Pre-2010 results
Australian Early Development Census
Case Study: Lady Gowrie Tasmania pathway to traineeship program
Case study: From the Ground Up
Case study: Jenny’s Early Learning Centre’s Bendigo Traineeships
Case study: Ngroo Education Aboriginal Corporation, western Sydney
Online learning
Provider tool kit
Announcements

Providers must apply to submit, update or withdraw session reports from a previous financial year.

When we’ll approve access

We only permit changes in limited circumstances. When assessing your application, we’ll consider:

if you’re correcting an inaccurate enrolment notice, attendance record or fee error
whether the change will impact on an individual’s CCS entitlement
whether there is an acceptable reason for the change being requested in a subsequent financial year
whether the application and proposed change contain accurate and complete information
whether you have provided relevant evidence to support the change.

Types of evidence

Evidence to support an application may include:

attendance records
statements of entitlement
enrolments or Complying Written Arrangements
evidence of casual bookings
proof of actual attendance
receipts of gap fee payments.

The below scenarios will help you determine whether an application is appropriate. Please read them before applying.

The parent or carer claiming CCS changes

You must ensure your enrolments and session reports correctly identify the individual who is claiming CCS for each child.

Families should let you know if their personal circumstances change, including if the individual claiming CCS changes. You must then update their enrolment details once notified of the change.

If a family does not inform of a change in circumstances, it is their responsibility to resolve any issues regarding CCS payments and fee reductions with Services Australia.

You should not update or withdraw session reports from a previous financial year based on a request from a family.

Parent A is identified as the CCS claimant on a child’s enrolment.

Parent A has told you that parent B has been paying child care fees for the last financial year. They would like their session reports to be backdated to reflect parent B as the CCS claimant.

As the child’s enrolment lists parent A as the CCS claimant, and the family did not advise you of any changes during the previous financial year, you should not apply to update or withdraw the session reports.

You are only required to change the enrolment to reflect parent B as the CCS claimant on the day you are notified of the change.

Several months ago, the family completed a new enrolment form with parent B as the new CCS claimant. You failed to update the enrolment details to parent B and continued to submit session reports with parent A as the claimant.

In this example, you may apply to update session reports from a previous financial year as you did not update the enrolment details at the time of notification.

A family’s CCS entitlement changes

You should not update or withdraw session reports from a previous financial year if a family informs you that their entitlement to CCS has changed.

Services Australia will adjust a family’s CCS entitlement for a previous financial year as part of the CCS balancing process .

A parent at your service has received a notification from Services Australia that the number of hours they were entitled to CCS for a period in the previous financial year has increased from 36 to 100 hours per fortnight.

The parent asks you to resubmit their session reports to reflect the extra CCS hours they were entitled to.

In this scenario, you should not apply to update or withdraw the session reports. This is because Services Australia will adjust the family’s entitlement when they balance their payment.

You should direct the family to Services Australia if they have questions about CCS balancing.

You submit session reports in bulk

It is common practice to submit session reports for multiple children in bulk or batches.

If you discover you’ve made an error on an individual child’s session report, you do not need to apply to update or withdraw the entire batch.

You should only request to update or withdraw the session reports for the individual child where the error was made.

More information

If you need more information about session reports, please contact the CCS Provider Helpdesk on 1300 667 276 or email [email protected]

International edition
Australia edition
Europe edition

Australian government spent $52m more on welfare calculator after finding a more effective alternative

Services Australia paid Infosys almost $200m over four years before technology was written off as a failure

Get our morning and afternoon news emails , free app or daily news podcast

The federal government spent $52m on a failing welfare calculator even after being told there was a more accurate, simple and reliable option available.

In all, Services Australia paid $191m over four years to the multinational company Infosys for a calculator that processed only 784 aged care claims before being written off as a failure in late July.

The technology would have determined whether applicants were eligible for welfare payments and how much they should be paid, though not to process them automatically without further checks.

In December 2021, the department began canvassing other models, since the Infosys technology was not developing successfully.

Documents obtained by the independent senator David Pocock reveal that 12 months before the Infosys project was scrapped, an alternative model by the company SecureFast had been tested and judged a “solution”, with a much higher success rate.

But after a detailed report on SecureFast was delivered to Services Australia in August 2022, the department spent a further $52.5m on the calculator designed by Infosys, before abandoning it.

The SecureFast system, which used technology produced by a smaller Canberra-based company, has not subsequently been tested further.

Pocock said the report showed “the procurement system was broken”.

“This report shows the government knew another firm existed that was capable of building the entitlement calculation engine, but the government doubled down with a further $52m to the original supplier,” Pocock said.

The report found SecureFast could deliver the calculator at “a greater pace and level of assurance for accurate processing of entitlements within acceptable business timeframes”.

It also found SecureFast would allow Services Australia to “significantly streamline its delivery of the entitlement calculation engine using significantly fewer businesses and technical resources”.

It was “foreseeable that the solution will continue to provide the level of performance required”, the report said.

A Services Australia spokesperson said the department was already “well into” the project by the time the report on SecureFast was finalised in August 2022, but it had not fully tested the Infosys option, “which we had committed to”.

“At that stage, we were still in the process of verifying under real world circumstances.

“Ultimately, our testing showed the project was far more complex than originally forecast,” the spokesperson said. “We are analysing all learnings from the projects and considering next steps.”

In March this year, a review by a former senior public servant, Ian Watt, found the Infosys contract with Services Australia warranted “ further investigation due to inconsistencies with the commonwealth procurement rules or good practice ”.

In September, the Infosys contract was one of several referred to the national anti-corruption commission by the audit committee, which did not make any findings in relation to the conduct of any individuals.

Infosys has defended its work and told Guardian Australia it was awarded the contract after “a 14-month-long stringent government procurement process”.

“We are proud of the work we do for the government of Australia and other Australian clients, and we are committed to the highest level of compliance, integrity and ethical business practices across all markets in which we operate,” a spokesperson said.

Australian politics

Report on Government Services 2023

The Report on Government Services (RoGS) provides information on the equity, effectiveness and efficiency of government services in Australia. The 2023 RoGS was progressively released between 24 January and 7 February 2023. A mid-year data update aims to improve the timeliness of information in the RoGS and was released on 6 June 2023. The mid-year release provides new data for a sub-set of indicators in the following sections:

LATEST UPDATE 6 JUNE 2023

Early childhood education and care (part B, section 3)
School education (part B, section 4)
Vocational education and training (part B, section 5)
Police services (part C, section 6)
Housing (part G, section 18)

Impact of COVID-19 on data in the 2023 Report

COVID‑19 may affect data in this Report in a number of ways. This includes in respect of:

actual performance — that is, the impact of COVID‑19 on service delivery between 2020 and 2022 which is reflected in indicator data
the collection and processing of data — that is, the ability of data providers to undertake data collection and process results for inclusion in the Report (regardless of the time period of the data).

For affected data, the impacts of various restrictions introduced from March 2020 have been identified and noted in relevant sections. The impacts predominately related to changes in service inputs, outputs and outcomes, but did not change the comparability of any indicators in this Report. For some service areas, impacts on the 2021 Report have not recurred in later reports. For example, NAPLAN testing was not conducted in 2020 (data reported in section 4 - School education) but resumed in 2021. In other areas, (such as Part E - Health), the impacts of COVID-19 and governments’ responses continue to be seen in data.

The Steering Committee will continue to monitor the impact of COVID-19 on future editions of this Report.

A guide is provided which outlines how to access the RoGS material:

Guide: How to find what you need in RoGS (PDF - 298 Kb)

A Approach to performance reporting

Part A includes an introduction to the Report on Government Services 2023, Statistical context for the service-specific parts B to G, the Glossary and the Acronyms and abbreviations list.

B Child care, education and training

Part B includes performance reporting for Early childhood education and care (ECEC), School education and Vocational education and training (VET).

Part C includes performance reporting for Police services, Courts and Corrective services.

D Emergency management

Part D includes performance reporting for Emergency services for fire and other events.

Part E includes performance reporting for Primary and community health, Ambulance services, Public hospitals and Services for mental health.

F Community services

Part F includes performance reporting for Aged care services, Services for people with disability, Child protection services and Youth justice services.

G Housing and homelessness

Part G includes performance reporting for Housing and Homelessness services.

Publications feedback

We value your comments about this publication and encourage you to provide feedback.

Submit publications feedback

Handling of personal information: Services Australia (formerly Department of Human Services) Annual Investment Income Report (AIIR) data matching program

Part 1: executive summary.

1.1 This report outlines the findings of the Office of the Australian Information Commissioner’s (OAIC) privacy assessment of the Department of Human Services’ (DHS – now known as Services Australia) [1] handling of personal information under the Privacy Act 1988 (Cth), conducted in September 2019.

1.2 This assessment was conducted under s 33C(1)(a) of the Privacy Act, which allows the OAIC to assess whether an entity maintains and handles the personal information it holds in accordance with the Australian Privacy Principles (APPs).

1.3 The scope of this assessment considered whether DHS’s handling of personal information, for the purposes of the Annual Investment Income Report data matching program (AIIR program), was done in accordance with APP 1.2 (open and transparent management of personal information), APP 5 (notification of the collection of personal information) and APP 12 (access to personal information). While this assessment predominantly focussed on the enhanced AIIR program from 2018, the OAIC considered the original AIIR program prior to 2018 where relevant to the overall end-to-end data matching process.

1.4 The assessment found that DHS has taken steps to document its information handling policies, practices and procedures, notify individuals of the collection of personal information and allow access to personal information held by the department. However, the OAIC also identified privacy risks associated with the AIIR program and made four recommendations in the report to address these risks.

1.5 The OAIC recommends that DHS:

reviews its risk management processes for the AIIR program to ensure that all privacy and information security risks are appropriately monitored, identified, treated, recorded and reported to senior management
regularly reviews and revises its cyber security policy documentation, such as the Cyber Security Incident Response Plan, to ensure that it is up-to-date, and accurately reflects current practices and language used in the Privacy Act
reviews and updates its privacy documentation to formalise the relationship between the Privacy and Cyber Security teams, as well as the roles and responsibilities of each area, in the event of an eligible data breach or a cyber security incident
as part of its scheduled review of the AIIR program protocol, identifies if any additional information should be included in the protocol, consistent with the department’s obligations under APP 1.2 and the OAIC’s Guidelines on Data Matching in Australian Government Administration (Data Matching Guidelines). Should these details be considered sensitive in nature, the OAIC suggests that DHS considers also creating an internal, more detailed version of the protocol for auditing, monitoring and quality control purposes.

Part 2: Introduction

2.1 Data matching brings together at least two data sets that contain personal information from different sources and compares those data sets with the intention of producing a match. [2] Agencies must comply with the Privacy Act, when undertaking data matching related activities. In addition to their Privacy Act obligations, agencies such as DHS that conduct data matching activities can voluntarily adopt the OAIC’s Guidelines on Data Matching in Australian Government Administration.

2.2 The OAIC was funded to provide regulatory oversight of privacy implications arising from DHS’s increasing data matching activities using new methodologies for the period from 1 January 2016 to 30 June 2019. This funding is part of the ‘Enhanced Welfare Payment Integrity – non-employment income data matching’ 2015-16 budget measure.

2.3 DHS undertakes a range of compliance activities through data matching programs to ensure ongoing eligibility for entitlements and to maintain the integrity of customer payments and services.

2.4 DHS conducts a number of data matching programs to determine whether a customer’s payments are accurate. These programs are based on the type of income customers earn or the payments they receive. Information about an individual’s income, when combined with other information such as name and address, is personal information for the purposes of the Privacy Act.

Overview of the AIIR program

2.5 The purpose of the AIIR program is to identify DHS customers who do not declare or under-declare their financial investments, resulting in the receipt of incorrect welfare payments. DHS may undertake administrative or investigative action where discrepancies are identified between DHS and ATO data.

2.6 The AIIR program matches investment income information sourced from the ATO’s AIIR file (which is collected from third party organisations such as banks, investment companies and share subscriber lists) with information that DHS collects from welfare recipients about their income. The AIIR program focusses on two types of investment income:

interest bearing (savings) accounts
term deposits.

Collectively, these two types of investment income will be referred to as ‘bank interest’ throughout this report.

2.7 The original AIIR program commenced in January 2012 as a result of the ‘Fraud Prevention and Compliance – Improving Compliance with Income Reporting’ budget measure in 2011-2012 (2011-12 budget measure). AIIR reviews were conducted from 2012 to 2017. No AIIR reviews were initiated in 2018 because at that time DHS was, as part of its Compliance Modernisation Programme, looking at including ‘bank interest’ data matching as an extension of the original AIIR program. [3]

2.8 From 2018, DHS began work to improve the data-matching and risk identification of the original AIIR program by using two ATO data sources to identify discrepancies:

Annual Investment Income Report data
bank interest data sourced from personal income tax returns which individuals report to the ATO.

2.9 References to the AIIR program in this report will refer to the enhanced AIIR program that has been in place since 2018, unless specified. However, the OAIC may refer to the original AIIR program prior to 2018 in this report where relevant to the overall end-to-end data matching process.

Data matching process

2.10 DHS exchanges data with the ATO twice a year under the AIIR program, using a secure link. The ATO’s handling of personal information was outside the scope of this assessment.

2.11 Under this data exchange, DHS provides its customer records to the ATO for identity matching. In particular, DHS provides the ATO with the following data items for identity matching purposes:

DHS Customer Reference Number
full name (including any known aliases
full address, including historical addresses
date of birth.

2.12 The ATO uses its proprietary software to identity match DHS’s customer information with ATO records. The ATO then provides DHS with the identity matched AIIR data. The ATO only provides DHS with high confidence matches, which are produced when all the above data items are matched to a taxpayer in the ATO systems.

2.13 The identity matched data is then sent to DHS and is stored in DHS’s SAP HANA system. The ICT (SAP Data Services) team within the Professional Services Branch (based in Adelaide) uses an automated process to validate the data received. This involves applying business rules which verify such matters as correct format and ensuring data is present in all mandatory fields. Any identified discrepancies, such as mismatches or multiple matches, are checked manually.

2.14 Once this validation process has taken place, the SAP Fraud Management system applies a series of risk rules to identify customers who have an asset discrepancy by comparing the investment amounts they have declared to DHS with an estimated investment amount derived from the bank interest income recorded in the validated data from the ATO. Customers identified with a discrepancy are assigned a risk score and are loaded into the Selection Intervention Management System (SIMS). Exclusions and filters are then manually applied to exclude customers that are flagged with particular markers, including customers who are identified as deceased, and customers who may be considered vulnerable, in accordance with departmental and ministerial direction.

2.15 The Case Selection, Planning and Engagement team manages the risk rules applied by the SAP Fraud management system. Customers who fall in the ‘very high’ and ‘high’ risk categories were selected for compliance review under the AIIR program at the time of this assessment.

Notification and compliance review process

2.16 DHS’s Compliance Management Centre (CMC) manually triggers the initiation notification letter to customers who have been selected for compliance action. The notification letter is issued based on the customer’s preferred method of correspondence, which can be in the form of a secure online letter (known as secure online messaging – SOM) through DHS’s self-service Centrelink portal (which is linked to myGov) or via registered post. The customer has 28 days to provide a response, upon confirmed receipt of the initiation letter. The reminder notifications are not triggered without a confirmed response to the initiation letter.

2.17 In the case where the initiation letter has been issued via SOM, the letter may be re-issued via registered post if the customer has not confirmed receipt of the original letter within 14 days of the SOM being issued. Customers will also be issued reminder electronic messaging if they are registered to receive electronic messaging.

2.18 Upon receipt of the initiation and/or reminder letter, the customer may verify their information over the phone with a DHS compliance officer using the number provided in the letter or upload documents online through myGov. DHS may engage a third party, such as a bank, if the customer is unsure or unable to provide DHS with the appropriate bank interest information. Emails are currently not used for any part of the compliance activity.

2.19 Where the customer does not respond to either letters, DHS will attempt to contact the customer twice, by phone, after 28 days have lapsed. After two failed attempts, DHS may:

suspend payment where a customer is currently in receipt of an income support payment. In this event the customer will be sent a suspension notification, which notifies the customer that their payment has been suspended
engage a third party to request the confirmation of the customer’s income and asset details to address the matched information.

2.20 If the customer contacts DHS after the suspension of payment and provides further information which supports the receipt of welfare payments, DHS will cancel the suspension and backdate any payments owed to the customer.

2.21 DHS advised that there is no automated compliance system applied to the AIIR program’s compliance review process. There is no requirement for AIIR program related customers to review and then confirm or amend their information online as part of the compliance process. The only online component of the AIIR program is the option for DHS customers to receive paperless correspondence or customers required to upload information online where a verbal update provided by the customer over the phone does not align with DHS records and there is no valid explanation for any discrepancy identified by the department.

Outcome of the compliance review

2.22 Since the commencement of the enhanced AIIR program in 2018-19, approximately 500,000 to 600,000 records are matched each year.

2.23 From 1 July 2018 to 30 June 2019, as part of testing the effectiveness of the enhanced matching process, DHS completed 2,140 compliance interventions, which resulted in 924 debts being raised.

2.24 DHS advised that the amount of debt raised is consistent with other compliance programs.

Part 3: Findings

Our approach.

3.1 The key findings of the assessment are set out below under the following headings:

Implementing practices, procedures and systems to ensure APP compliance

Notification of collection of personal information, access to personal information.

3.2 For each issue, we have outlined a summary of the OAIC’s observations, the privacy risks arising from these observations, followed by recommendations or suggestions to address those risks.

3.3 As part of this assessment the OAIC has considered the:

APP Guidelines , which outline the mandatory requirements of the APPs, the way in which the OAIC will interpret the APPs and matters the OAIC may take into account when exercising functions and powers under the Privacy Act
OAIC’s Guidelines on Data Matching in Australian Government Administration (Data Matching Guidelines), which aim to assist Australian Government agencies to use data matching as an administrative tool in a way that complies with the APPs and the Privacy Act and is consistent with good privacy practice.

3.4 In the AIIR program protocol, DHS states that it complies with the OAIC’s Data Matching Guidelines. [4]

3.5 APP 1.2 requires an entity to take reasonable steps to implement practices, procedures and systems that will:

ensure that the entity complies with the APPs; and
enable the entity to deal with privacy related enquiries or complaints from individuals.

3.6 All Australian Government agencies, including DHS, also need to comply with the Australian Government Agencies Privacy Code (the Code) which commenced on 1 July 2018. The Code sets out specific requirements and key practical steps regarding privacy governance and personal information management, that agencies must take as part of complying with APP 1.2.

3.7 The OAIC did not consider the majority of DHS’s agency-wide obligations under the Code during this assessment, such as privacy training and DHS’s privacy management plan given these have been covered in previous data matching assessments. [5]

3.8 In relation to DHS’s obligations under APP 1.2, this assessment focussed on the AIIR program’s:

governance arrangements
risk management
internal policies, practices and procedures.

Governance, culture and training

3.9 DHS has established clear procedures for oversight, accountability and lines of authority for decisions regarding the AIIR program.

3.10 The Case Selection Planning and Engagement Section (CSPE Section), within the Compliance Programme Branch, is responsible for the day-to-day governance functions of the data matching compliance programs at DHS, which includes the AIIR program. The responsibilities include decisions on priorities in data matching activities and managing the flow-on impacts. There are various teams within the CSPE Section, including the Compliance Programme Management team and Case Selection teams, which monitor the selection processes and the outcome of reviews where a customer is contacted following a data match.

3.11 The Compliance Programme Management team leader (the Chair) chairs fortnightly Programme Risk Advisory Group (PRAG) meetings where issues that relate to any data matching compliance programs are raised, tracked and recorded in a register. The PRAG was established to provide advice and assurance to senior management on the progress against the achievements of the department’s compliance activities and includes representation from various teams within the Compliance Assurance Division. Risks associated with data matching compliance programs, such as the AIIR program, are reported by the Case Selection team through the PRAG process. Risks are assessed on a case by case basis and the Chair is responsible for communicating or escalating information on how compliance programs are tracking to senior management.

3.12 Data quality issues are generally raised during meetings and discussions with relevant stakeholders. Systemic issues are raised with CSPE and ICT for review and advice. Depending on the scale, nature and sensitivity of the data and how the data is reported, the Operational Privacy Section (Privacy team) would generally be contacted for advice and escalated to senior management if required.

3.13 Aside from the initial validation of the data received from the ATO which is carried out by DHS’s ICT team, most of the AIIR program’s data matching processes since 2018 are conducted by systems maintained by the ICT team, using business rules managed by the Compliance Programme Branch. The original AIIR program, prior to 2018, was managed within the Branch.

3.14 Data exchanges between DHS and the ATO involving the AIIR program are governed by the Data Management Forum (Forum), with representation from both departments, who meet on a quarterly basis. The Forum reports to the Governance Committee, also known as the Consultative Forum, comprised of more senior executive members who undertake joint six-monthly meetings. [6]

3.15 DHS does not provide specific training for staff who undertake data matching activities. All DHS staff undertake SIMS training before they are granted access to the system. All training for staff who are involved in AIIR data matching is delivered on the job by experienced staff who have the relevant security role to access SIMS. With every major change to systems, the department advises all staff through internal communication strategies. Where relevant to their work, DHS staff may also receive Statistical Analysis System training, which allows staff to run queries on datasets to resolve discrepancies in the matched data.

3.16 DHS has established procedures for oversight, communication and accountability for decisions regarding personal information handled within the AIIR program. Training and awareness activities help to ensure that all staff are aware of their privacy and security obligations. The OAIC did not identify any privacy risks in relation to the AIIR program’s governance, privacy culture or training.

Risk management

3.17 The implementation of privacy and security risk management processes is integral to establishing robust and effective privacy and security practices, procedures and systems. These risk management processes allow an entity to identify, assess, treat and monitor any privacy risks related to its activities. Good privacy risk management informs and triggers changes to practices, procedures and systems to better manage privacy risks.

3.18 The OAIC encourages entities to conduct an information security risk assessment, in conjunction with a privacy impact assessment (PIA), to identify and evaluate information security risks, including threats and vulnerabilities, and the potential impacts of these risks to information (including personal information) handled by an entity.

3.19 DHS has a number of information registers which describe the authority for holding customer information, such as under a Memorandum of Understanding (MOU) agreement and/or social security legislation. Each business team is responsible for their respective information registers and conduct regular reviews on the control of information. The information register is used to document all data exchange activities undertaken by DHS, including the AIIR program. DHS intends to consolidate all data exchanges to create a central repository.

3.20 DHS staff must undertake a formal registration process when they initiate a new program or project. Once a new project or program is registered, the project owner liaises with the Privacy team for advice on whether a privacy threshold assessment (PTA) or PIA is required (discussed below).

ICT security risk assessments

3.21 DHS relies on internal ICT systems to conduct its data matching activities. According to DHS system accreditation policies, the system owner manages the ICT security reviews for a given project and is responsible for ensuring system security documents remains up-to-date.

3.22 Depending on the scale of a project, the Project Manager would engage with the Cyber Security team to assess if an ICT security risk assessment needs to be completed. The Cyber Security team will be consulted if there are any changes to aspects of a project’s security or the handling of personal information. The team will also be involved if a PIA is conducted and the subsequent recommendations involve cyber security risks.

3.23 DHS provided the OAIC with an information security risk assessment, which was conducted in 2011 to establish whether a full security threat and risk assessment needed to be undertaken. The scope of the assessment was on the 2011-12 budget measure and was not specific to the AIIR program. The OAIC found the assessment to be lacking in detail with regards to the analysis of information security risks. For example, it was identified that some DHS staff will require privileged access across a range of information including customer and financial data, but there was no consideration of the potential risks and/or mitigation strategies such as additional access controls that may be required. There were also no recommendations to advise if a formal security threat and risk assessment needed to be undertaken. During fieldwork, DHS advised that the 2011 security risk assessment is outdated and does not accurately reflect its current security posture which they advised reflects the Australian Cyber Security Centre’s security standards. [7] The OAIC requested more recent documentation to support its ICT security risk assessment processes, particularly in relation to the AIIR program, but this was not provided.

3.24 DHS appears to have some processes in place to assist with the management of security risks associated with the systems used for its data matching programs. However, the OAIC did not review any current ICT security risk assessment specific to the AIIR program. Based on the limited documentation provided to the OAIC, there is a medium privacy risk that DHS has not properly considered the cyber security risks associated with the AIIR program.

3.25 Therefore, the OAIC recommends that DHS reviews its risk management processes for the AIIR program to ensure that all privacy and information security risks are appropriately monitored, identified, treated, recorded and reported to senior management.

Recommendation 1

The OAIC recommends that DHS reviews its risk management processes for the AIIR program to ensure that all privacy and information security risks are appropriately monitored, identified, treated, recorded and reported to senior management.

Privacy threshold assessments (PTAs) and privacy impact assessments (PIAs)

3.26 APP 1.2 outlines the requirements for entities to manage personal information in an open and transparent way. This includes embedding good privacy practices into an entity’s risk management strategies, such as conducting a PIA at the early stage of a proposal’s development to assist an entity to identify any personal information security risks and the reasonable steps that could be taken to protect personal information.

3.27 DHS’s Operational Privacy Policy (OPP) [8] requires its staff to undertake a PTA for all new projects, and for any other activities that involve changes to the way DHS manages (i.e. collects, discloses, stores or uses) any personal information.

3.28 Paragraph 11 of the OPP states that if the PTA identifies that the project or activity involves a significant change to DHS’s management of the personal information involved or might have a significant impact on the privacy of individuals, a PIA is required. DHS’s Privacy team is consulted on whether PTAs and/or PIAs need to be conducted.

3.29 DHS outsources all PIAs to external providers. DHS’s legal team coordinates the completion of a PIA by acting as a liaison between a DHS National Manager who is the executive member responsible for the compliance program and the private sector company that undertakes the PIA.

3.30 DHS’s senior management must sign-off to accept the recommendations in the PIA. A formal closure process is also required where the responsible Project Manager must sign-off to confirm that all the recommendations in the PIA have been implemented.

3.31 DHS conducted a PTA prior to the commencement of the enhanced AIIR program in 2018. The OAIC was provided with a copy of the PTA. The PTA outlines the types of personal, sensitive and/or protected information that are collected by the department and stipulates that the enhanced program does not involve new ways of identifying or accessing personal information. The PTA assessment process concluded that a PIA was not required as the PTA found the project did not involve significant changes to the way in which the department would collect, use, disclose or store personal information, that are likely to have a significant impact on the privacy of its customers.

3.32 Given DHS’s data matching activities under the AIIR program involve the handling of large volumes of personal and sensitive information, the OAIC encourages DHS to continue to conduct PTAs, and if necessary, a PIA, if changes are proposed to the AIIR program in the future.

Internal policies, practices and procedures

3.33 Entities should document the internal policies, practices and procedures they use to handle personal information. This documentation should outline the privacy measures that are in place to manage the risks and threats to personal information. These documents should be regularly reviewed and updated to ensure they reflect the entity’s current acts and practices.

3.34 DHS has a range of department-wide and program-specific policies and procedures, that are relevant to the handling of personal information under the AIIR program. This includes internal policies and procedures used by DHS staff to initiate, assess and finalise compliance reviews, as well as engage with customers who enquire about the AIIR program. For example, staff must follow documented steps in order to check and verify the identity of a caller before access to their personal information is granted. DHS staff must also fully explain and document all of their decisions and/or actions on the customer’s record.

3.35 The OAIC found that DHS’s operational procedures regarding the AIIR program were up-to-date and reviewed within the last six months. However, it is not clear how regularly internal reviews are conducted nor when the next review is expected to occur. The OAIC suggests that DHS schedules regular reviews of its internal documentation to ensure the continued effectiveness and appropriateness of its policies, practices and procedures. This could be done annually or after any major change to the AIIR program or relevant legislation.

Managing customer enquiries or complaints

3.36 Under APP 1.2, an APP entity is required to take reasonable steps to deal with enquiries or complaints from individuals about the entity’s compliance with the APPs or Code.

3.37 DHS has a number of internal policies and procedures in place to manage customer enquiries or complaints about the AIIR program. The OAIC reviewed the operational procedures DHS uses when a customer requests further explanation of a compliance intervention decision. These procedures apply to AIIR reviews, as do department-wide operational policies and procedures relating to the handling of customer complaints and feedback.

3.38 For all enquiries or complaints about the AIIR program, the first point of contact is DHS’s dedicated compliance telephone line, which is provided to the customer in each of the initiation, reminder and suspension of payment letters. The letters also provide a link to DHS’s feedback webpage if the customer chooses to make an enquiry or complaint online.

3.39 Once an AIIR program related enquiry or complaint is received, a DHS compliance officer will engage with the customer and provide an explanation of the decision, as well as correct any errors identified during the conversation. If the customer is not satisfied with the explanation and cannot provide any new information or evidence, they can request a quality check of the decision. A subject matter expert would be assigned to check the information provided by the customer against DHS’s records and contact the customer to discuss and/or explain the decision.

3.40 If the customer indicates that they have additional information to provide which was not considered as part of the initial review (either in the form of documented evidence or verbal evidence over the phone), DHS conducts a reassessment or review, which is independent from the initial review and decision-making process.

3.41 DHS customers can request a formal review of the case if they are not satisfied with the outcome of the quality check or if they disagree with the outcome of the decision. In those circumstances, the matter will be referred to an authorised review officer for a formal review. The debt recovery process is placed on hold while the review takes place.

3.42 DHS uses department-wide policies and procedures to manage general customer feedback and complaints in relation to the AIIR program. DHS has operational procedures in place for assessing the type of feedback received from customers and attempt to resolve any customer complaints at first contact. More complex or sensitive matters, such as a complaint about unauthorised disclosure of personal information under the AIIR program, are escalated and finalised by specialist complaints staff. DHS customer complaints about the AIIR program are triaged and specific enquiries about the AIIR program will be referred to the relevant team in the Compliance Programme Branch. Escalations may be referred to the Privacy team for further assessment.

3.43 DHS’s customer complaints and feedback policy states that the department aims to finalise and respond to complaints within 10 working days. If DHS takes longer than that to respond, DHS staff are advised to update the customer about the progress of their complaint at least every five working days after acknowledgement of their complaint.

3.44 The OAIC did not identify any privacy risks with the department’s handling of customer enquiries and complaints specific to the AIIR program.

Data breach response documentation

3.45 In the event of a data breach, having a response plan that includes procedures and clear lines of authority can assist an entity to contain the breach and manage the response. Ensuring that staff (including contractors) are aware of the plan and understand the importance of reporting breaches is essential for the plan to be effective.

3.46 DHS’s Privacy team is currently responsible for assessing and reporting all eligible data breaches that would fall under the Notifiable Data Breach scheme (NDB scheme) [9] and cyber security incidents. DHS informed the OAIC that DHS did not identify any data breaches or cyber security incidents in relation to its data matching activities, at the time of this assessment.

3.47 DHS’s Privacy Incident Response Plan (PIRP) sets out the roles and responsibilities of relevant DHS teams as well as procedures to be followed in the event of a suspected or alleged privacy breach, or a data breach that is reportable under the NDB scheme.

3.48 DHS’s PIRP includes procedures and clear lines of authority when reporting and escalating privacy incidents. The PIRP also sets out how the plan will apply to various types of data breaches, processes to notify the public or individuals under the NDB scheme and circumstances where external entities, such as the OAIC, may need to be involved. However, it is not clear if the PIRP is regularly tested or reviewed post-breach. The OAIC suggests that DHS regularly tests and reviews the PIRP to assess the effectiveness of the plan.

3.49 The OAIC also reviewed DHS’s Cyber Security Incident Response Plan, which contains references to personally identifiable information (PII), rather than personal information (PI) as defined in s 6 of the Privacy Act. The use of the term PII, which is narrower than the definition in the Privacy Act, could lead to a failure to protect personal information where such information is not considered to be PII but would fit the definition of personal information in s 6 of the Privacy Act. The reference to the Privacy and Information Release team is also outdated as it had been renamed the Operational Privacy Section a few years ago.

3.50 Because DHS’s cyber security documentation is not completely up-to-date, there is a medium privacy risk that DHS’s internal documentation may not accurately reflect current information handling practices. The OAIC recommends that DHS regularly reviews and revises its cyber security policy documentation, such as the Cyber Security Incident Response Plan, to ensure that they are up-to-date, and accurately reflect current practices and language used in the Privacy Act.

Recommendation 2

The OAIC recommends that DHS regularly reviews and revises its cyber security policy documentation, such as the Cyber Security Incident Response Plan, to ensure that they are up-to-date, and accurately reflect current practices and language used in the Privacy Act.

3.51 In the event that a cyber security incident involves personal information processed by the AIIR program, DHS advised that the Privacy and Cyber Security teams liaise with each other to resolve the issue. While both teams have their independent Incident Response Plans, the Privacy team’s Incident Response Plan would prevail where there is a conflict. However, while communication between the Privacy and Cyber Security teams appear to occur at an operational level, there is limited documentation which formalises the communication channels. The Cyber Security team’s Incident Response Plan references the General Counsel from the Privacy team in the event of a breach that impacts on DHS staff or customer information, but the Cyber Security team is not listed as a stakeholder in the PIRP.

3.52 This represents a medium risk that appropriate action and escalation processes are not followed in the event of a cyber security incident or eligible data breach where both privacy and cyber security areas may be impacted. The OAIC recommends that DHS reviews and updates its privacy documentation to formalise the relationship between the Privacy and Cyber Security teams, as well as roles and responsibilities of each area, in the event of an eligible data breach or cyber security incident.

Recommendation 3

The OAIC recommends that DHS reviews and updates its privacy documentation to formalise the relationship between the Privacy and Cyber Security teams, as well as roles and responsibilities of each area, in the event of an eligible data breach or cyber security incident.

Program protocol

3.53 Under APP 1, entities are required to manage personal information in an open and transparent manner. This requirement is also emphasised in the OAIC’s Data Matching Guidelines to ensure that entities provide a level of transparency and accountability for their data matching programs. Guideline 3 of the Data Matching Guidelines states that before commencing a data matching program, the primary user agency should:

prepare a program protocol
provide a copy of the program protocol to the OAIC
make the program protocol publicly available.

3.54 Guideline 4 of the Data Matching Guidelines suggests the matching agency details the technical standards for governing the conduct of the data matching program in a report which should clearly document information about the data matching techniques to be used in the data matching program. [10] By having a clearly written and informative program protocol, entities will be able to inform the public about the existence and nature of the data matching program [11] and demonstrate their transparency and accountability obligations.

3.55 At the time of the assessment, DHS had published a copy of its 2017 AIIR data matching protocol on its website. [12] However, DHS does not appear to have uploaded the most up-to-date protocol online, as the OAIC was provided a draft copy of an updated AIIR program protocol for review as part of the assessment. While the updated protocol provides customers with an overview of the data matching program and how customers’ personal information is used in the program, it does not fully meet the requirements outlined in the OAIC’s Data Matching Guidelines.

3.56 Specifically, details regarding the use of business rules and filtering should be expanded in existing text of the program protocol and in a technical standards report attached to the protocol, to provide a clearer explanation of the data processes once the matched data is collected from the ATO. DHS also advised during the assessment that a pilot was conducted prior to the commencement of the AIIR program. However, this is not mentioned in the program protocol. [13]

3.57 As noted above, while the program protocol is an external document, published to provide the community with information on DHS’s data matching activities under the AIIR program, it is also a vital source of corporate knowledge to ensure departmental consistency. An up-to-date and accurate program protocol is also important for directing DHS staff on how personal information is handled under the AIIR program. There is a medium risk that DHS may lose corporate knowledge and staff will not follow appropriate procedures if DHS fails to accurately document their internal AIIR program processes in detail. By clearly articulating their data matching processes in the protocol and attached technical standards report, DHS can ensure that they have documented this corporate knowledge to prevent losing it in the future and maintain continuity for staff within the AIIR program.

3.58 The OAIC acknowledges that adding additional information into the protocol will need to be considered carefully, as there may be issues of confidentiality or sensitivity. With these considerations in mind, the OAIC recommends that DHS, as part of its scheduled review of the AIIR program protocol, identifies if any additional information should be included in the protocol, consistent with the department’s obligations under APP 1.2 and the OAIC’s Data Matching Guidelines.

3.59 To address any concerns DHS may have around the confidentiality or sensitivity of data matching processes, the OAIC suggests that there may be value in creating an internal version of this protocol, which would expand on the technical aspects of the program. The internal protocol can be used for auditing, monitoring and quality control purposes.

3.60 Guideline 5 of the Data Matching Guidelines states that before an entity carries out or participates in a data matching program, the entity should take reasonable steps to ensure public notice of the proposed program is given. DHS did not notify the public about the AIIR program by publishing a notice in the Government Gazette prior to the program’s commencement. As the program protocol is published on the DHS website, there is a low risk that DHS customers have not been appropriately notified. The OAIC suggests that when DHS updates the program protocol, it notifies the public of its updated program protocol in the Government Gazette.

Recommendation 4

The OAIC recommends that DHS, as part of its scheduled review of the AIIR program protocol, identifies if any additional information should be included in the protocol, consistent with the department’s obligations under APP 1.2 and the OAIC’s Guidelines on Data Matching in Australian Government Administration (Data Matching Guidelines). Should these details be considered sensitive in nature, the OAIC suggests that DHS considers also creating an internal, more detailed version of the protocol for auditing, monitoring and quality control purposes.

3.61 APP 5 requires an entity that collects personal information (including sensitive information) about an individual to take reasonable steps either to notify the individual of certain matters or to ensure the individual is aware of those matters. An APP entity must take these reasonable steps before, at, or as soon as practicable after it collects the personal information.

3.62 The matters that an individual must be notified about are listed in APP 5.2 and include:

the APP entity’s identity and contact details
the fact and circumstances of collection
whether the collection is required or authorised by law
the purposes of collection
the consequences if personal information is not collected
the entity’s usual disclosures of personal information of the kind collected by the entity
information about the entity’s APP Privacy Policy
whether the entity is likely to disclose personal information to overseas recipients, and if practicable, the countries where they are located.

3.63 For the purposes of the AIIR program, DHS collects information from customers during various stages of contact with the department and various forms of contact, including through telephone, collection forms or online.

3.64 New customers provide information to DHS when they claim welfare payments and the information is usually collected through hard copy application forms or online forms. The initial collection includes personal information such as the declaration of income and assets, and proof of identity information, which includes the customer’s full name, address and marital status. A privacy notice is also provided at this point, which requires the customer’s signature to acknowledge that the notice has been read.

Collection of personal information – notification letters

3.65 Under the AIIR program, DHS customers receive APP 5 collection notices on the back of the initiation and reminder letters which request further information on bank interest received by customers to accurately assess their circumstances. DHS provided the OAIC with template letters to customers used for the AIIR program.

3.66 The collection notice in both the initiation and reminder letters states that DHS undertakes data matching activities in line with the OAIC’s Data Matching Guidelines and provides a list of agencies that DHS works with to conduct data matching. Both letters also provide information about how customers can provide feedback or lodge a complaint, a short paragraph on DHS’s privacy obligations and a link to DHS’s privacy webpage [14] where customers can find further information.

3.67 DHS attempts to encourage customers to engage with the department and provide additional information to accurately assess their circumstances by not outlining in the initiation letter the consequences of customers not providing their personal information (i.e. the suspension of payments). Only the reminder letter refers to the suspension of payments if the customer does not engage with DHS.

3.68 APP 5.2 provides that individuals must be notified about an entity’s privacy policy, amongst other matters. DHS provides notification in both the initiation and reminder letters before the collection of personal information, in accordance with the requirements of APP 5. DHS’s general privacy webpage is linked in both notification letters and provides a description of why customer information is collected, used and shared.

3.69 The OAIC did not identify any privacy risks related to APP 5 in relation the collection notices in DHS’s notification letters for the AIIR program.

Collection of personal information - telephone

3.70 DHS may verbally collect information from customers who contact DHS over the phone, following the receipt of an initiation, reminder and/or suspension of payment letter from DHS.

3.71 At the beginning of the call, there is a recorded message that notifies the customers of the collection of their personal information and that the conversation will be recorded. DHS’s operational procedures also state that the compliance officer must inform the customer that the call may be recorded for quality assurance and training purposes. Prior to disclosing any information, the compliance office will authenticate the customer, which must include checking the customer’s current address and telephone number. More information about the authentication process is discussed at paragraphs 3.83-3.86.

3.72 Once authenticated, the compliance officer will explain to the customer why they have been selected for compliance review under the AIIR program. The customer will be asked to confirm the accuracy of the bank interest income and to provide a verbal update to ensure that DHS records are accurate.

3.73 Where the customer provides a verbal update, the compliance officer will record, assess and determine the validity of the updates. If the verbal update is deemed acceptable, the compliance officer will finalise the review process and document the outcome in DHS records. If the verbal update does not align with DHS records and there is no valid explanation for the discrepancy, then the information is deemed insufficient and the customer is required to provide documented evidence online.

3.74 The OAIC did not identify any privacy risks in relation to DHS’s collection notice used over the phone for the AIIR program.

Collection of personal information - online

3.75 For customers who choose to engage with DHS online or are required to provide documented evidence to validate their bank interest income, information is collected when customers upload documents through myGov. The OAIC was provided with screenshots of the Centrelink portal’s (which is linked to myGov) review screen which is seen by the customer prior to the uploading of any documents. On the screen it states that customers must declare that they ‘have read and accept the privacy statement’ amongst others, prior to submitting any documentation.

3.76 Under the ‘Terms of use’ section on the Centrelink portal, DHS provides a brief summary to inform customers that their information is collected to process applications, payments or services. Customers are also notified that information is shared with other parties where the customer has agreed or required by law.

3.77 DHS notifies the public about the AIIR program by publishing the program protocol on its website, in accordance with Guideline 5 of the Data Matching Guidelines. Guideline 5.3 states that a ‘public notice of the data match activity is considered a ‘reasonable’ step for an agency to take to satisfy APP 5 obligations’.

3.78 DHS also has a dedicated webpage which explains bank interest reviews conducted under the enhanced AIIR program to its customers. [15] The webpage provides information about why personal information, such as bank information, may be collected by DHS, how the information may be used by the department as well as contact numbers for the customer to receive further assistance regarding the data matching program.

3.79 The OAIC did not identify any privacy risks in relation to DHS’s online collection notices associated with the AIIR program.

3.80 APP 12 requires an APP entity that holds personal information about an individual to give the individual access to that information on request. APP 12 also sets out minimum access requirements, including the time period for responding to an access request, how access is to be given, and that a written notice, including the reasons for the refusal, must be given to the individual if access is refused.

3.81 DHS customers can view some of their personal information, such as payments, on the Centrelink portal through myGov or visit a service centre in person.

3.82 DHS customers can also lodge a formal Freedom of Information (FOI) request to seek access to their personal information held by DHS. The OAIC did not review the FOI channel to access personal information in this assessment.

Verifying an individual’s identity before providing access to personal information

3.83 All customers undergo a proof of record ownership (PORO) process to prove their identity and select the checkbox to declare that they have read and accept the privacy statement prior to accessing any information online. DHS provided screenshots of the customer view of the authentication process on myGov. The customer’s identity is authenticated when they first access myGov. Once this occurs, they can access their Centrelink portal without further authentication. The customer authenticates into myGov by either:

entering their username/email, password and answering a secret question, or
entering their username/email, password and entering a one-time SMS code sent to their mobile phone.

3.84 Customers are asked to provide photo identification (photo ID) when they visit a service centre in person. Customers who have photo ID are often not asked additional PORO questions. Customers without photo ID will be asked to confirm their name, date of birth and address. DHS service officers may ask additional questions if there are doubts about the customer’s identity.

3.85 Customers who contact DHS via telephone also need to pass the PORO process, if they did not enrol or cannot be identified using a telephone access code or voice authentication.

3.86 The OAIC reviewed the operational procedure used by DHS telephone staff to authenticate a customer’s identity, as well as the PORO points matrix which outlines the value of each question that a customer correctly answers to prove their identity. Customers must successfully answer a combination of questions, totalling 100 points to pass PORO. DHS’s internal procedure notes that the name, date of birth and Centrelink reference number alone are not sufficient to verify a customer as these details may be known to a third party, such as the customer’s partner. Consequently, telephone staff are instructed to ask additional PORO questions. Sometimes customers place a password on their account as an additional access control mechanism, and they will need to provide the password in addition to the usual PORO process when identifying themselves over the phone.

3.87 The OAIC did not identify any privacy risks in relation to the steps which DHS takes to verify a customer’s identity prior to granting them access to personal information online, in person or over the phone.

APP 12 minimum access requirements

3.88 DHS advised that it responds to a customer’s access request within 30 days, in accordance with APP 12.4(a)(i), which requires that an agency respond to a request for access within 30 calendar days.

3.89 APP 12.4(b) stipulates that an APP entity must give access to personal information in the manner requested by the individual if it is reasonable and practicable to do so. DHS customers receive access to their personal information either in hard copy or through an online link to the system. DHS does not send personal information via email due to privacy and security concerns.

3.90 DHS does not impose an access charge to customers (which is consistent with APP 12.7), unless the request for access is made through the formal FOI channel.

3.91 Depending on the type of information requested, DHS may deny the access request in full or in part through written notification, where required or authorised by the Freedom of Information Act 1982 . DHS’s FOI team also has regard to Chapter 12 of the APP guidelines when considering the grounds to decline an access request for personal information.

3.92 APP 12.9 provides that if an agency refuses to give access, or to give access in the manner requested by the individual, the agency must give the individual a written notice. DHS advised that it outline the reasons for the declined request, the department’s decision making processes, and additional information on how the individual could appeal the decision in its written response.

3.93 While DHS has regard to relevant legislation and the OAIC’s APP guidance material when assessing access requests by customers, DHS does not maintain any internal guidance that lists the grounds on which access requests for personal information can be declined by the department. The lack of internal policies or procedures which guide the decision-making process represents a low risk that decisions to grant or deny requests may not be consistently applied by DHS officers. Given some access requests to personal information may be complex and may require staff to exercise discretion, the OAIC suggests that DHS develops an internal policy or procedure to guide staff when deciding whether to grant or deny a personal information access request. The OAIC also suggests that DHS regularly reviews and updates its internal documentation to ensure its continued effectiveness, particularly as practices and legislative requirements evolve.

Handling of access requests by telephone

3.94 If a customer contacts DHS via telephone to enquire about the use of their personal information in the AIIR program, DHS staff will provide a general overview of the data matching process. Depending on the nature of the enquiry, the matter may be escalated to technical support, an onsite manager, and eventually through to the relevant team in the Compliance Programme Branch.

3.95 All requests to access personal information are assessed on a case by case basis by DHS staff, including contractors, who are trained to address enquiries. In addition to the mandatory privacy and security training, DHS's contact centre staff also receive training about confirming an individual's identity. DHS conducts internal privacy audits through phone recordings and monitoring to ensure that staff are following the correct procedures.

3.96 APP 5.2(g) provides that an entity should take reasonable steps, in its privacy policy, to notify an individual of how they may access their personal information. DHS notifies customers using their online channel of their entitlement to access their personal information through its privacy policy or through the direct link on DHS’s homepage. However, customers who engage with DHS about the AIIR program over the phone or via post are not notified of their rights to access their personal information.

3.97 The OAIC reviewed the operational procedures and notification letters sent to DHS customers; neither of which mentioned access to personal information. Given most DHS customers have access to myGov, this represents a low risk that customers who do not have access to the internet will be unaware of their rights to access their information. The OAIC suggests that DHS expands the communication channels to notify individuals of their right to access their personal information during phone calls with customers by including a section in the contact centre’s operational procedures, as well as in the notification letters sent to customers.

Part 4: Recommendations and responses

Oaic recommendation.

4.1 The OAIC recommends that DHS reviews its risk management processes for the AIIR program to ensure that all privacy and information security risks are appropriately monitored, identified, treated, recorded and reported to senior management.

Response by DHS to the recommendation

4.2 Agreed. Services Australia will review the risk management process for the enhanced AIIR program.

4.3 The OAIC recommends that DHS regularly reviews and revises its cyber security policy documentation, such as the Cyber Security Incident Response Plan, to ensure that they are up-to-date, and accurately reflect current practices and language used in the Privacy Act.

4.4 Services Australia accepts this recommendation to regularly review and revise its cyber security policy documentation to ensure that they are up-to-date, and accurately reflect current practices and language used in the Privacy Act. Services Australia’s Cyber Security Incident Management Plan was updated in December 2019.

4.5 The OAIC recommends that DHS reviews and updates its privacy documentation to formalise the relationship between the Privacy and Cyber Security teams, as well as roles and responsibilities of each area, in the event of an eligible data breach or cyber security incident.

4.6 Services Australia accepts this recommendation. Services Australia has formalised the relationship between Cyber Security and Privacy teams, including documenting the relationship between the two areas and the roles and responsibilities of each area in the event of a cyber-security incident or eligible data breach.

4.7 The OAIC recommends that DHS, as part of its scheduled review of the AIIR program protocol, identifies if any additional information should be included in the protocol, consistent with the department’s obligations under APP 1.2 and the OAIC’s Guidelines on Data Matching in Australian Government Administration (Data Matching Guidelines). Should these details be considered sensitive in nature, the OAIC suggests that DHS considers also creating an internal, more detailed version of the protocol for auditing, monitoring and quality control purposes.

4.8 Agreed. Services Australia are currently developing a new program protocol for this data matching activity and will work with OAIC throughout that development process. The program protocol will be published before these activities are fully commenced. In addition, Services Australia is undertaking a process of review of all program protocols, including the business rules and technical information, to ensure these documents clearly outline the objectives of each program, while remaining aligned to the APPs and the OAIC Guidelines on Data Matching in Australian Government Administration.

Part 5: Description of assessment

Objective and scope of the assessment.

5.1 This assessment was conducted under s 33C(1)(a) of the Privacy Act, which allows the OAIC to assess whether an entity maintains and handles the personal information it holds in accordance with the APPs.

5.2 The objective of this assessment was to determine whether DHS maintains personal information, under the AIIR program, in accordance with its obligations under the APPs.

5.3 The scope of this assessment was limited to DHS’s handling of personal information against the requirements of APP 1.2 (open and transparent management of personal information), APP 5 (notification of the collection of personal information) and APP 12 (access to personal information). Specifically, the assessment examined whether DHS:

is taking reasonable steps to implement practices, procedures and systems in accordance with APP 1.2, with the focus on the AIIR program’s governance arrangements, risk management and internal policies, practices and procedures, to avoid duplication with DHS’s department-wide obligations which have been covered in previous data matching assessments of DHS
is taking reasonable steps under APP 5 when collecting information from individuals under the AIIR program
manages requests for access to personal information handled in the context of the AIIR program in accordance with APP 12.

5.4 This assessment considered both the original pre-2018 data matching program as well as the data matching processes and procedures under the enhanced AIIR program from 2018. However, the assessment predominantly focusses on the enhanced AIIR program from 2018-19 (now known as the Bank Interest program) as there are currently no reviews being initiated under the pre-2018 program. The OAIC examined notification letters and other related documentation regarding or relevant to the Bank Interest program as a part of the APP 5 and 12 components of this assessment.

Privacy risks

5.5 Where the OAIC identified privacy risks and considered those risks to be high or medium risks, according to OAIC guidance (Appendix A refers), the OAIC made recommendations to DHS about how to address those risks. These recommendations are set out in Part 4 of this report.

5.6 The OAIC assessments are conducted as a ‘point in time’ assessment; that is, our observations and opinion are only applicable to the time period in which the assessment was undertaken.

5.7 For more information about privacy risk ratings, refer to the OAIC’s ‘Risk based assessments – privacy risk guidance’. Chapter 7 of the OAIC’s Guide to privacy regulatory action provides further detail on this approach.

Timing, location and assessment techniques

5.8 The OAIC conducted a risk-based assessment of DHS’s AIIR program and focussed on identifying privacy risks to the effective handling of personal information in its relation to the APPs.

5.9 The assessment involved the following:

review of relevant policies and procedures provided by DHS
fieldwork, which included interviewing key members of staff at DHS’s office in Canberra on 3 and 4 September 2019.

5.10 The OAIC publishes final assessment reports in full, or in an abridged version, on its website. All or part of an assessment report may be withheld from publication due to statutory secrecy provisions, privacy, confidentiality, security or privilege. This report has been published in full.

Appendix A: Privacy risk guidance

[1] For the purposes of this report, Services Australia is referred to as DHS as this was the department’s name at the time of the assessment..

[2] Office of the Australian Information Commissioner’s Guidelines on Data Matching in Australian Government Administration , June 2014, Key terms section (accessed on 21 November 2019).

[3] At the time of fieldwork, DHS was developing a separate program protocol for the bank interest component of the AIIR program. .

[4] Department of Human Services, AIIR program protocol , 2017, p. 3 (accessed on 21 November 2019) .

[5] DHS’s department-wide privacy training and its privacy management plan are discussed in the OAIC’s assessment of DHS’s NEIDM data matching program , available on the OAIC’s website (accessed on 16 March 2020). .

[6] DHS’s governance arrangements for data exchanges with the ATO are discussed in the OAIC’s assessment of DHS’s NEIDM data matching program , available on the OAIC’s website (accessed on 16 March 2020).

[7] Australian Cyber Security Centre outlines a number of mitigation strategies, known as the Essential Eight, to assist organisations in protecting their systems against cyber security incidents. For more information, see https://www.cyber.gov.au/publications/essential-eight-explained (accessed 27 January 2020).

[8] Version 4 – approved 17 May 2018.

[9] Under the NDB scheme, which commenced in February 2018, any organisation or agency the Privacy Act covers must notify affected individuals and the OAIC when a data breach is likely to result in serious harm to an individual whose personal information is involved. More information can be found at https://www.oaic.gov.au/privacy/notifiable-data-breaches/about-the-notifiable-data-breaches-scheme/ .

[10] Details to be included in a technical standards report are set out in Appendix B of the Guidelines and include (amongst other things): the description of data used during the matching process; matching techniques used in the data matching program, for example the matching algorithm used; and the risks posed by the matching program.

[11] See Guideline 3.3 of the Data Matching Guidelines.

[12] 2017 AIIR data matching protocol available at: https://www.servicesaustralia.gov.au/organisations/about-us/publications-and-resources/centrelink-data-matching-activities#a2 (accessed 16 March 2020).

[13] Under Guideline 3.4, entities should disclose information about any pilot testing conducted on the data matching program in the program protocol.

[14] https://www.servicesaustralia.gov.au/individuals/privacy (accessed on 16 March 2020).

[15] For more information, visit the bank interest income reviews for the compliance program webpage.

Terms and conditions
Privacy policy
Accessibility

Monday to Thursday 10 am to 4 pm (AEST/AEDT)

Acknowledgement of Country

The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.

Reports and publications

Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.

View reports and publications

The aim of audit insights is to communicate lessons from our audit work to make it easier for people working within the Australian public sector to apply those lessons.

View ANAO Insights

Work program

The ANAO work program outlines potential and in-progress work across financial statement and performance audit.

View the work program

Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.

View Careers

The Australian National Audit Office (ANAO) is a specialist public sector practice providing a range of audit and assurance services to the Parliament and Commonwealth entities.

Effectiveness of the Management of Contractors — Services Australia

Please direct enquiries through our contact page .

Effectiveness of the Management of Contractors — Department of Defence (tabled performance audit report)

Audit snapshot

Why did we do this audit.

The Australian Public Service (APS) workforce strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS personnel. The approach adopted by the APS has been the subject of ongoing parliamentary interest.
This is one of a series of three performance audits undertaken to provide independent assurance to Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce.
Services Australia has defined 11 types of contingent workforce (seven types of non-agency personnel, two types of non-APS personnel and two types of secondee). The contingent workforce with the characteristics of a ‘contractor’ include contractors and labour hire.
The top two contractor activities reported by Services Australia in 2021 were ‘Information Technology’, and ‘Service Delivery’.

What did we find?

Services Australia has established largely fit-for-purpose policies and processes for the management of contractors and can demonstrate the effectiveness of some but not all aspects of its arrangements. There remains scope to improve the effectiveness of mandatory training arrangements and implementation of aspects of Policy 12 of the Protective Security Policy Framework (PSPF) relating to the eligibility and suitability of personnel.

What did we recommend?

The Auditor-General made three recommendations aimed at: improving the effectiveness of mandatory training arrangements; aligning the personnel security policy with Supporting Requirement 1(c) of PSPF Policy 12; and obtaining assurance that PSPF Policy 12 has been addressed, particularly where temporary access provisions are used to address the need for rapid recruitment.

Services Australia’s APS workforce at 30 June 2021 (headcount).

Services Australia’s contingent workforce at 30 June 2021 (headcount).

Contractor workforce at 30 June 2021 (headcount). Represents 9.7 per cent of the combined APS and contingent workforce.

Summary and recommendations

1. The Australian Public Service Commission (APSC) has reported that as at 31 December 2021, the Australian Public Service (APS) employed 155,796 people across 97 APS agencies. 1 APS employees are employed under the Public Service Act 1999 (the PS Act), which establishes the APS and is the basis of the regulatory framework applying to it. 2

2. APS agencies can, and do, utilise a mixed workforce of APS and non-APS personnel to deliver their purposes. Non-APS personnel include contractors and consultants. Department of Finance (Finance) guidance indicates that the difference between a contract for services and a contract for consultancy services ‘generally depends on the nature of the services and the level of direction and control over the work that is performed to develop the output.’ 3

3. Workforce planning and management is the responsibility of each APS agency head. In the APS Workforce Strategy 2025 , the APSC has stated that:

Ensuring agencies take a structured approach to the use of non-APS employees—including considering where work would be best delivered by an APS employee—and knowledge transfer and capability uplift arrangements is a key element of successful mixed workforce models, which are already being used by agencies across the APS. 4

4. Additionally, the APSC has published guidance in the form of Guiding principles for agencies when considering the use of SES contractors 5 relating to the use of contractors in APS Senior Executive Service (SES) roles. 6 Similar guidance has not been issued for entities when considering the use of contractors for non-SES level roles.

5. The engagement and management of non-APS personnel occurs through procurement action by entities and their contract management processes, rather than the PS Act. These decisions must consider:

the Commonwealth Procurement Rules (CPRs), which establish the whole-of-government procurement framework, including mandatory rules with which officials must comply when performing duties related to procurement;
the Protective Security Policy Framework (PSPF), which sets out government protective security policy across the following outcomes: security governance, information security, physical security and personnel security 7 ; and
entity-specific procurement and contract management arrangements which may be contained in Accountable Authority Instructions (AAIs) made under section 20A of the Public Governance, Performance and Accountability Act 2013 (the PGPA Act, which is the basis of the Australian Government’s finance law) and in entity policies and guidelines.

6. Services Australia has advised the Parliament that as at 30 June 2021, its workforce included 4269 contractors, representing 9.7 per cent of the combined APS and contingent workforce. 8 Services Australia’s contractor workforce performs work in most parts of the entity.

Rationale for undertaking the audit

7. The APS workforce strategy states that the APS will continue to deploy a flexible approach to resourcing that strikes a balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers are used to deliver outcomes within agencies. In this context, the strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS workers. The approach adopted by the APS and its agencies has been the subject of ongoing parliamentary interest, with a number of reviews and parliamentary committee inquiries undertaken in recent years. 9

8. This audit is one of a series of three performance audits undertaken to provide independent assurance to the Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. Services Australia was selected as one of the APS agencies in this audit series as it is a large and regular user of non-APS personnel. The other audits in this series review the management of contractors by the Department of Defence and Department of Veterans’ Affairs.

Audit objective and criteria

9. The objective of the audit was to examine the effectiveness of Services Australia’s arrangements for the management of contractors.

10. To form a conclusion against the audit objective, the following high-level criteria were adopted.

Has Services Australia established a fit-for-purpose framework for the use of contractors?
Does Services Australia have fit-for-purpose arrangements for the engagement of contractors?
Has Services Australia established fit-for-purpose arrangements for the management of contractors?

11. Services Australia has established largely fit-for-purpose policies and processes for the management of contractors and can demonstrate the effectiveness of some but not all aspects of its arrangements. There remains scope to improve the effectiveness of mandatory training arrangements and implementation of aspects of Policy 12 of the Protective Security Policy Framework (PSPF) relating to the eligibility and suitability of personnel.

12. Services Australia has established a fit-for-purpose framework for the use of contractors. At the agency level there is guidance which provides clarity regarding the different personnel types, including contractors. Guidance has been developed to assist the largest users of contractors within the agency — its service delivery and ICT areas — determine whether there is an operational requirement for the use of contractors.

13. Services Australia has established largely fit-for-purpose arrangements for the engagement of contractors. Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. Services Australia has established mandatory induction training and systems to monitor and report on the completion of induction training by its entire workforce. The effectiveness of training arrangements is reduced by contractors’ training completion rates and shortcomings in processes to ensure contractors and their managers are aware of mandatory induction training. Services Australia has established policy and processes to support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, the key exception being the requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm. By enacting temporary access provisions pending the outcome of pre-engagement eligibility and suitability checks, there is a risk that Services Australia has not met PSPF Policy 12 requirements where there is no assurance process to ensure satisfactory completion of the required checks within a reasonable timeframe.

14. Services Australia has established largely fit-for-purpose arrangements for the management of contractors. Services Australia has clearly documented its requirements and expectations regarding the management and oversight (supervision) of contractors and has established responsibilities for managing completion at the business area level. Arrangements (policy, processes and monitoring) for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel and PSPF Policy 14: Separating personnel have been largely established. With regards to PSPF Policy 14, risks have been identified regarding the effectiveness of agency controls for removing separating individuals’ systems access in a timely way.

Supporting findings

Framework for using contractors.

15. Services Australia’s guidance provides clarity regarding the different personnel types, including contractors. (See paragraphs 2. 3–2 .5 )

16. In its provision of guidance on determining whether there is an operational requirement for the use of contractors, Services Australia has focused on the largest users of contractors within the agency — its service delivery and ICT areas. Services Australia has developed arrangements to support workforce planning in its service delivery and ICT workforces which include workforce strategies intended to guide decisions on workforce supply, including for the use of contractors. Decisions to use contractors in all parts of Services Australia’s business are guided by the agency’s Average Staffing Level cap and internal budget allocations. (See paragraphs 2. 6–2 .11 )

Arrangements for engaging contractors

17. Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. For the nine contracts for the engagement of contractors reviewed by the ANAO (engaging 30 per cent of the contractor personnel engaged by Services Australia as of 31 October 2021) all contracts: stated that the supplier must ensure that its personnel comply with all procedures and guidelines required by Services Australia; and included references to applicable agency policies, procedures and guidelines. There was some variability in the terms and conditions of the contracts selected for review, with five ICT contracts not including performance standards. An internal audit from August 2020 states that Services Australia has accepted the risks associated with a lack of performance indicators in the ICT contracts. (See paragraphs 3. 3–3 .14 )

18. Services Australia has largely fit-for-purpose arrangements for inducting contractors, with the completion of mandatory training by its non-APS personnel recorded through monthly reporting. The effectiveness of the arrangements is limited due to low completion rates for mandatory induction and refresher training for contractors, and shortcomings in processes to ensure that contractors complete training. Monthly training reports examined by the ANAO showed that of the contractors engaged by the agency as at 28 February 2022, 34.7 per cent had completed the mandatory induction modules — with a further 28.3 per cent of contractors deemed ‘induction compliant’ by Services Australia — and 32.2 per cent had completed the 2022 mandatory refresher program. Services Australia advised the ANAO that as at 30 April 2022, 39.3 per cent of contractors had completed the mandatory induction modules — with a further 27.0 per cent of contractors deemed ‘induction compliant’ — and 48.8 per cent of contractors had completed the 2022 mandatory refresher program. (See paragraphs 3. 15–3 .35 )

19. Services Australia has established policies and processes that support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, except for PSPF Policy 12 Supporting Requirement 1(c), which relates to obtaining individuals’ agreement to comply with the government’s policies, standards, protocols and guidelines that safeguard resources from harm. Services Australia has enacted temporary access provisions in its personnel security policy ‘to enable rapid recruitment to meet the high service demand generated by COVID-19’ and to manage the 2022 east coast flood emergency and other priorities. There is scope for Services Australia to strengthen its assurance activities to ensure that the mandatory requirements of PSPF Policy 12 have been met, particularly when personnel have already been granted temporary access to Australian Government resources (people, information and assets). (See paragraphs 3. 38–3 .60 )

Arrangements for managing contractors

20. Services Australia has clearly documented its requirements and expectations regarding the management and oversight of contractors. Agency requirements and expectations for contract managers are documented in the Accountable Authority Instructions, the Contract Management Framework and in policies, procedures and guidance. Contract managers are required to undertake mandatory training, with training requirements tailored to the overall risk rating of the contract to be managed. Services Australia requires business areas to ensure that appropriate training has been undertaken but has not established arrangements that provide agency-wide assurance that contract managers have completed the mandatory training. (See paragraphs 4. 3–4 .13 )

21. Services Australia has largely established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel . Services Australia has established policies that support the implementation of PSPF Policy 13 for contractors that address all aspects of the core PSPF requirement. All nine contracts examined by the ANAO included clauses requiring ongoing compliance with Services Australia’s security policies and procedures. In addition, guidance has been established for contract managers around assessing and managing the ongoing suitability of contractors and sharing relevant information of security concern, including forms for reporting security incidents. Where contract periods are greater than three years, Services Australia has no agency-wide assurance that its mandatory requirement for triennial eligibility and suitability checks for contractors is being met. Services Australia has identified opportunities to strengthen arrangements to support compliance with PSPF Policy 13. (See paragraphs 4. 14–4 .20 )

22. Services Australia has established arrangements for the separation of contractors to support compliance with PSPF Policy 14: Separating personnel , including relevant policies and processes, however there is scope for implementation to be more effective. In the nine contracts examined by the ANAO, Services Australia included clauses requiring contractors to comply with Services Australia policies and processes that support compliance with PSPF Policy 14. ANAO testing identified risks in the effectiveness of Services Australia’s ICT controls for removing separating individuals’ systems access in a timely way. Services Australia’s monitoring and reporting on compliance with PSPF Policy 14 has identified that there is further work to be done and identified a range of activities to improve compliance around separating personnel, including strengthening the assurance process for the timely removal of separating individuals’ access to agency systems. (See paragraphs 4. 21–4 .29 )

Recommendations

Recommendation no. 1

Paragraph 3.35

Services Australia ensure that:

contractors and managers of contractors are aware of their responsibilities regarding mandatory induction training requirements; and
contractors complete mandatory induction training.

Services Australia response: Agreed.

Recommendation no. 2

Paragraph 3.45

Services Australia update its personnel security policy to include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12.

Recommendation no. 3

Paragraph 3.60

Services Australia strengthen arrangements to obtain assurance that PSPF Policy 12 requirements have been met, particularly to ensure the eligibility and suitability of its personnel who have been granted temporary access to Australian Government resources (people, information and assets).

Services Australia response: Agreed .

Summary of entity responses

23. Services Australia’s summary response is provided below and its full response is included at Appendix 1. An extract of this report was sent to the APSC. The APSC’s summary response is provided below and its full response is included at Appendix 1.

Services Australia’s summary response

Services Australia (the agency) welcomes this report, and considers that the recommendations will assist in improving our arrangements for the management of contractors. Changes to the agency’s workforce size and composition reflect government priorities, Budget measures, service delivery demands, ongoing efficiencies and natural attrition. In this context, strong agency capability is essential in delivering on government commitments and transforming the organisation. It is positive that the ANAO has found the agency has a fit-for-purpose framework for the use of contractors, particularly in respect to the guidance that is in place for those groups that are the largest users of contractors, service delivery and ICT.

APSC’s summary response

The Australian Public Service Commission (APSC) acknowledges the extract of the Proposed Audit Report on the ‘Effectiveness of the Management of Contractors’ provided for comment.

The APSC recognises the importance of robust workforce planning through implementation of the APS Workforce Strategy 2025 . This includes strengthening APS capability, and the strategic use of mixed models of employment, to ensure agencies achieve their outcomes.

Whilst no recommendations are directed toward the APSC, the Commission will consider any relevant findings following the audit’s completion.

24. At Appendix 2, there is a summary of improvements that were observed by the ANAO during the course of the audit.

Key messages and observations

25. This is one of a series of three performance audits undertaken to provide independent assurance to Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. As well as Services Australia, the ANAO has examined the effectiveness of the management of contractors by the Department of Defence 10 and the Department of Veterans’ Affairs. 11

26. Chapter 5 of this audit report sets out high-level observations and key messages for all Australian Public Service agencies following the ANAO’s examination of the three selected agencies’ management of contractors. The observations focus on: data availability and transparency issues relating to the contractor workforce; and the application of ethical and personnel security requirements to the contractor workforce.

1. Background

Introduction.

1.1 The Australian Public Service Commission (APSC) has reported that as at 31 December 2021, the Australian Public Service (APS) employed 155,796 people across 97 APS agencies. 12 APS employees are employed under the Public Service Act 1999 (the PS Act), which establishes the APS and is the basis of the regulatory framework applying to it. 13

1.2 APS agencies can, and do, utilise a mixed workforce of APS and non-APS personnel to deliver their purposes. Non-APS personnel include contractors and consultants. Department of Finance (Finance) guidance indicates that the difference between a contract for services and a contract for consultancy services ‘generally depends on the nature of the services and the level of direction and control over the work that is performed to develop the output.’ 14

1.3 In summary, Finance’s guidance states that services performed by a contractor are under the supervision of the entity, which specifies how the work is to be undertaken and has control over the final form of any resulting output. The output of a contractor is produced on behalf of the entity and the output is generally regarded as an entity product. In contrast, performance of consultancy services is left largely up to the discretion and professional expertise of the consultant, performance is without the entity’s direct supervision, and the output reflects the independent views or findings of the consultant. While the output of a consultant is produced for the entity, the output may not belong to the entity. Box 1 below sets out the contract characteristics, identified in Finance guidance, that help entities distinguish between contractors and consultants.

Source: Department of Finance, Contract Characteristics, available from https://www.finance.gov.au/government/procurement/buying-australian-government/contract-characteristics [accessed 20 January 2022].

1.4 Workforce planning and management is the responsibility of each APS agency head. In the APS Workforce Strategy 2025 , in respect to the mix between APS and non-APS personnel, the APSC has stated that:

The APS continues to deploy a flexible approach to resourcing that strikes the balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers collaborate to deliver outcomes within agencies.

A mixed workforce approach will continue to be a feature of APS workforce planning. Non-APS workers, when used effectively in appropriate circumstances, can provide significant benefits to agencies and help them achieve their outcomes. Non-APS workers can also provide access to specialist and in-demand skills to supplement the APS workforce in peak times in business cycles. There will be a need for APS agencies to access skills, capability or capacity differently, including through contractors and consultants, or through external partnerships with academia or industry. There may also be a need to engage with industry to develop skills and capabilities to drive delivery of programs across the service. The use of non-APS employees, including labour hire, contractors and consultants, brings different opportunities and risks for APS agencies to manage. Agencies relying on mixed workforce arrangements need to take an integrated approach to workforce planning that includes and best utilises their non-APS workers. This is particularly important where key deliverables are specifically reliant on this non-APS workforce.

Ensuring agencies take a structured approach to the use of non-APS employees—including considering where work would be best delivered by an APS employee—and knowledge transfer and capability uplift arrangements is a key element of successful mixed workforce models, which are already being used by agencies across the APS.

A professional public service harnesses skills, expertise and capacity from a variety of sources to deliver services as priorities arise. We must focus on understanding and removing barriers to external mobility and encouraging the mobilisation of skills from both across and outside the APS. 15

1.5 In addition, the APSC has published guidance relating to the use of contractors in APS Senior Executive Service (SES) roles. 16 In its Guiding principles for agencies when considering the use of SES contractors 17 , the APSC states that:

To meet their business needs, agency heads have the flexibility to engage individuals by the most appropriate means to ensure their agency is best placed to deliver for the Australian public. These guiding principles are designed to assist agencies when considering the appropriateness of using a contractor for a Senior Executive Service (SES) equivalent role and to ensure that appropriate governance arrangements are in place.

For the purposes of these principles, an ‘SES contractor’ is an SES-equivalent (e.g. equivalent work value, duties, responsibility, and accountability), contracted by an APS agency via a recruitment agency or third party as an integrated part of the agency’s senior leadership workforce. That is, the agency will have no direct employment relationship under the PS Act with the SES contractor.

1.6 The APSC has stated that the purpose of the principles is ‘to provide APS agencies with considerations when seeking to go beyond the APS employment framework for senior executive capabilities’. 18 Box 2 below sets out the considerations identified in the APSC guidance.

Source: Australian Public Service Commission, Guiding principles for agencies when considering the use of SES contractors, 14 May 2021, paragraphs 5–7 , available from https://www.apsc.gov.au/working-aps/aps-employees-and-managers/senior-executive-service-ses/senior-executive-service-ses/contractors-senior-executive-service [accessed 3 December 2021].

1.7 The APSC guidance states that the APSC will collect data on SES contractors, and that for the purposes of reporting, an SES contractor is a person undertaking SES equivalent work who is not engaged under the PS Act or an agency’s enabling legislation. 19 As at 8 March 2022 the APSC had not published data on SES contractors. The APSC advised the ANAO on 3 March 2022 that there were 40 SES contractors in the APS as at 31 October 2021.

1.8 The APSC has not issued guiding principles for the use of non-SES contractors in APS agencies. 20

1.9 The APSC and Finance guidance may be supplemented at the entity-level by internal guidance on the different personnel types and how to decide whether there is an operational requirement for the use of non-APS personnel such as contractors.

1.10 The engagement and management of non-APS personnel occurs through procurement action by entities and their contract management processes, rather than the PS Act. The Commonwealth Procurement Rules (CPRs) establish the whole-of-government procurement framework, including mandatory rules with which officials must comply when performing duties related to procurement. Entity-specific procurement and contract management arrangements may also be contained in Accountable Authority Instructions (AAIs) made under section 20A of the Public Governance, Performance and Accountability Act 2013 (the PGPA Act, which is the basis of the Australian Government’s finance law) and in entity policies and guidelines. Contract managers must implement applicable internal requirements and the CPRs and associated requirements set by the Department of Finance. Non-APS personnel must comply with their contractual obligations and any applicable management, oversight and behavioural requirements.

1.11 Non-APS personnel may be ‘officials’ under section 13 of the PGPA Act, in which case they must comply with the finance law in addition to their contractual obligations and applicable entity requirements. 21 The finance law includes the PGPA Act, the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule), entity AAIs, and other legal and policy frameworks — including the whole-of-government procurement, grants, advertising and risk management frameworks. All personnel exercising delegated power under the PGPA Act or other legislation must also comply with the requirements attaching to those delegations.

1.12 Entities’ management of their non-APS personnel is subject to the Protective Security Policy Framework (PSPF), which sets out government protective security policy across the following outcomes: security governance, information security, physical security and personnel security. 22 The PSPF policies under the ‘personnel security’ outcome outline how to screen and vet personnel and contractors to assess their eligibility and suitability. They also cover how to assess the ongoing suitability of entity personnel to access government resources and how to manage personnel separation. 23 Entity compliance with the three personnel security policies under the PSPF ‘ensures its employees and contractors are suitable to access Australian Government resources, and meet an appropriate standard of integrity and honesty’. 24 The policies and their core requirements are outlined in Figure 1.1 below.

Figure 1.1: PSPF personnel security policies and core requirements

An explanation of three different PSPF policies.

Source: Protective Policy Security Framework, Personnel security, available from https://www.protectivesecurity.gov.au/policies/personnel-security [accessed 3 December 2021].

1.13 Under the PSPF, all agencies must develop their own protective security policies and processes. Services Australia publishes its security policies and procedures on its intranet.

Reviews and inquiries into the APS’s use of contractors

2015 report of the independent review of whole-of-government internal regulation.

1.14 The 2015 Independent Review of Whole-of-Government Internal Regulation (the Belcher Review) 25 observed the impact of a number of APS legislative and reporting requirements 26 , which the review considered to have:

created a recruiting environment where entities tend to engage staff through a particular employment category that may not align with their business needs. For example: … contractors hired individually, or through firms, are excluded from ASL [average staffing level] and headcount reporting. While a valid engagement option, it may present longer term issues regarding organisational capacity and knowledge management, and may be a more expensive option in the longer run. 27

1.15 Box 3 below contains an excerpt from a Parliamentary Library research paper on public sector staffing and resourcing, which addresses the ASL concept and related issues. 28

Note a: ANAO comment: the APSC has stated that ‘ASL counts staff for the time they work. For example, a full-time employee is counted as one ASL, while a part time employee who works three full days per week contributes 0.6 of an ASL. The ASL averages staffing over an annual period. It is not a point in time calculation.’ See Appendix 3 of this audit.

Source: Philip Hamilton, Public sector staffing and resourcing (Staffing, contractors and consultancies), Parliamentary Library Research Publications, October 2020, available from: https://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/rp/BudgetReview202021/PublicSectorStaffingResourcing [accessed 27 January 2022].

2019 report of the Independent Review of the APS

1.16 The 2019 Our Public Service, Our Future: Independent Review of the Australian Public Service (the Thodey Review) also considered the non-APS workforce. 29 The Thodey Review commented that:

Labour contractors and consultants are increasingly being used to perform work that has previously been core in-house capability, such as program management. Over the past five years, spending on contractors and consultants has significantly increased while spending on APS employee expenses has remained steady. 30

1.17 The Thodey Review published data (see Figure 1.2 below) based on submissions to the Joint Committee of Public Accounts and Audit (JCPAA) Inquiry into Australian Government Contract Reporting – Inquiry based on Auditor-General’s report No. 19 ( 2017–18 ). 31 The Thodey Review stated that submissions to the JCPAA inquiry ‘revealed that [the] spend on contractors more than doubled across a sample of 24 agencies between 2012–13 and 2016–17 .’ 32

Figure 1.2: Thodey Review — percentage change in spend on employees, labour contractors and consultancy contract notices

The figure is taken directly from the Thodey Review report. The figure shows that between 2012–13 and 2016–17, expenditure on labour contractors and consultants had increased on 2012–13 levels, while expenditure on APS employees had remained largely steady.

Source: Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service, p. 186.

1.18 The Thodey Review further observed that:

The use of labour contractors and consultancy services warrants specific discussion. About a quarter of the submissions [to the review] commented on their use. Most expressed concern about the growing size of the APS’s external workforce and the negative effect on in-house capability. Data on this topic, as is the case with many APS-wide workforce matters, are not gathered or analysed centrally and are often inadequate. For example, the number of contractors and consultants working for the APS is not counted and data on expenditure are inconsistently collected across the service. Data insights that would shed light on whether contractors or consultants met objectives are not routinely aggregated. This makes it difficult to assess the value of external providers relative to in-house employees or to infer the effect on APS capability. 33

There is clearly benefit in the APS leveraging the best external capability. It is not possible to have expertise in everything in-house and external providers can be the most efficient way of delivering the best advice, services or support. But the use of external capability needs to be strategic and well-informed, meaning that the APS: makes decisions on the use of external capability by reference to a whole-of-service workforce strategy that identifies the core capabilities the APS should invest in building in-house – with external capability used to perform non-core or variable work activity; manages use of external capability closely, from the contract design stage through to performance of the prescribed tasks; and ensures that all arrangements lead to a transfer of knowledge to the APS. At all stages the APS should be focused on achieving value for money and better outcomes.

The APS needs to find the right balance between retaining and developing core in-house capability and leveraging external capability to ensure a sustainable and efficient operating model for the decades ahead. To do this effectively, two traditionally autonomous parts of agencies — HR and procurement — must work closely together. 34

October 2021 second interim report of the Senate Select Committee on Job Security

1.19 In October 2021, the Senate Select Committee on Job Security released its second interim report, Insecurity in publicly-funded jobs . 35 The report examined employment arrangements across the public sector. Drawing on the Thodey Review and JCPAA inquiry, the committee stated that:

the utilisation of labour contractors and consultants has increased markedly in recent years. Across a sample of 24 agencies, spending on contractors has more than doubled over the period between 2012–13 and 2016–17 . Furthermore, information sourced from AusTender indicated that the total value of consultant contracts across the APS increased from $386 million to $545 million during the same four year period. 36

1.20 In common with the Thodey Review 37 , the committee was critical of data collection relating to the non-APS workforce:

Neither the Australian Public Service Commission (APSC), nor the Department of Finance, was able to confirm how many people engaged through labour hire or other external contracting arrangements are working within the Australian Public Service. This data is not collected, and neither agency provided an explanation for why this is the case. 38

1.21 The committee made the following recommendation on this matter:

The committee recommends that the Australian Government requires: the Australian Public Service Commission to collect and publish agency and service-wide data on the Government’s utilisation of contractors, consultants, and labour hire workers; the Department of Finance to regularly collect and publish service-wide expenditure data on contractors, consultants, and labour hire workers, including the cost differential between direct employment and external employment; and labour-hire firms to disclose disaggregated pay rates and employee conditions. 39

November 2021 report on the Senate Finance and Public Administration References Committee Inquiry into the Current Capability of the APS

1.22 In November 2021 the Senate Finance and Public Administration References Committee reported on its Inquiry into the Current Capability of the Australian Public Service. 40 The matter referred to the committee for inquiry and report was as follows 41 :

The current capability of the Australian Public Service (APS) with particular reference to:

(a) the APS’ digital and data capability, including co-ordination, infrastructure and workforce;

(b) whether APS transformation and modernisation projects initiated since the 2014 Budget have achieved their objectives;

(c) the APS workforce; and

(d) any other related matters.

1.23 The committee drew on data in the Thodey Review 42 and JCPAA inquiry 43 , and in an effort to ascertain the scale of labour hire usage across the APS 44 , requested staffing profile information from agencies across all portfolios. 45 The committee observed that:

The responses received indicated that agencies had differing methods of collecting data, and that many agencies did not collect data that allowed them to disaggregate the numbers of labour hire workers from other contractors.

For example, some agencies advised that their recordkeeping systems did not or could not differentiate between contractors directly procured by the agency (e.g. independent contractors), and workers procured through labour hire firms. 46

1.24 The committee made 13 recommendations, including the following recommendations on data collection and reporting:

the annual employee census conducted by the APSC ahead of the State of the Service report be expanded to include all labour hire staff who have been engaged on behalf of the APS in that calendar year (recommendation 5);
the APSC collect and publish standardised agency and service-wide data on the Australian Government’s utilisation of contractors, consultants, and labour hire workers (recommendation 6); and
the Department of Finance regularly collect and publish annually service-wide expenditure data on contractors, consultants, and labour hire workers, including the cost differential between direct employment and external employment for each role (recommendation 8).

Services Australia’s workforce

1.25 Services Australia is an Executive Agency established under subsection 65(1) of the Public Service Act 1999 . 47 In its 2020–21 annual report, Services Australia states that it:

designs, develops, delivers, coordinates and monitors government services and payments relating to social security, child support, students, families, aged care and health programs. We provide advice to government on the delivery of these services and payments, and collaborate with other agencies, providers and businesses to provide convenient, accessible and efficient services to individuals, families and communities. 48

1.26 Among the agency’s key functions are the delivery of Centrelink social security payments and services, the administration of Medicare, and assistance with child support arrangements between separated parents. To deliver its key activities, Services Australia has an approved workforce allocation for APS resources in the Portfolio Budget Statements (PBS). The actual APS workforce is reported in Services Australia’s annual report each year. Table 1.1 below sets out Services Australia’s workforce allocation and utilisation over three years.

Table 1.1: Services Australia’s budgeted and actual APS workforce

Note a: Budget Estimate data is sourced from Services Australia’s Portfolio Budget Statements (PBS). Services Australia defines these figures as ‘The average number of employees receiving salary/wages (or compensation in lieu of salary/wages) over a financial year, with adjustments for casual and part-time employees to show the full-time equivalent.’

Note b: Actual workforce data is sourced from Services Australia’s annual reports, reported as FTE (over the financial year). This differs from the figures in Table 1.2 which are reported by headcount.

Source: Services Australia Portfolio Budget Statements and annual reports 2018–19 , 2019–20 and 2020–21 .

1.27 Services Australia’s 2019–23 Strategic Workforce Plan identifies that determining an appropriate workforce mix (including the non-APS workforce) is an important element of maintaining a flexible, capable and connected workforce across the country to deliver its outcomes. In addition to its APS workforce, Services Australia has defined 11 types (cohorts) of contingent workforce. These are: student placement; system access only; contractor; labour hire; consultant; interpreter; service staff; outsourced (staff); APS secondee; non-APS secondee; and partner.

1.28 Box 4 below sets out the workforce definitions used by Services Australia that have the characteristics of a ‘contractor’ discussed in paragraphs 1.2–1.3 and Box 1.

Source: Services Australia, Contingent workforce resources definitions intranet page, 16 July 2020. Services Australia’s definition of a consultant is ‘A party whose services under the contract meet the Department of Finance’s criteria for a consultancy’.

1.29 This audit has focused on Services Australia’s workforce resources engaged as ‘contractors’ and ‘labour hire’. Service’s Australia’s definitions in Box 4 state that these persons are supplied ‘to do work in and as part of the operations of the agency’. 49 In contrast, for ‘service staff’ and ‘outsourced’ staff, Services Australia’s definitions state that the agency does not direct the performance of the persons supplied under the contract and the agency has limited control over who or how many persons are provided to deliver the services. Contractors and labour hire personnel perform work in all parts of the operations of the agency and Services Australia maintains responsibility for performance. 50

Contractor numbers in Services Australia

1.30 Table 1.2 below sets out Services Australia’s APS and contingent workforce headcounts over three years. It includes the agency’s contractor workforce headcount as advised to the Senate Finance and Public Administration References Committee in the context of the committee’s Inquiry into the Current Capability of the APS (discussed in paragraphs 1.22–1.24).

Table 1.2: Services Australia’s workforce headcount

Note a: Services Australia annual reports 2018–19 , 2019–20 and 2020–21 .

Note b: See definitions in Box 4. The contractor headcount is the number of individuals categorised as ‘labour hire’ or ‘contractor’ in Services Australia’s ‘Contingent Workforce’ report. The ‘Contingent Workforce’ report is extracted from Services Australia’s Human Resource management system. The report identifies individuals that are not engaged by Services Australia as APS employees who have access to Services Australia’s systems.

Note c: As acknowledged in Box 4, non-APS consultants were included in the ‘outsourced staff’ personnel type up to 31 March 2021 and due to the qualifications over these figures, they have not been included in the table.

Note d: Other contingent workforce headcount is the number of individuals categorised as ‘outsourced staff’ or ‘service staff’ in Services Australia’s ‘Contingent Workforce’ report. Services Australia advised the ANAO in June 2022 that ‘Consistent with the definitions in Box 4, outsourced staff and service staff are not reported as headcount, this is because these contracts for this personnel type are a fee-for-service arrangement, whereby they provide for workload seconds and do not translate directly to headcount as this is not specified in the arrangements. The Service Delivery Partners that provide outsourced staff, determine the workforce number required to meet the pre-determined workload.’

Note e: As noted in paragraph 1.27, Services Australia has 11 types (cohorts) of contingent workforce. The contingent workforce figure in this table includes five of these cohorts: contractor, labour hire, consultant, service staff, and outsourced (staff).

Source: Services Australia annual reports 2018–19 and 2019–20 and Services Australia records and advice to ANAO.

1.31 Further information on the characteristics of Services Australia’s 4269 contractor personnel as at 30 June 2021 is at Appendix 4, including the organisational group they worked in and their length of service.

Previous audits and reports

1.32 Agencies’ management of their contracted workforce is considered when necessary in the conduct of ANAO audit and assurance work. Examples of ANAO performance audits which have considered the management of a contracted workforce include:

Auditor-General Report No.2 2017–18 Defence’s Management of Materiel Sustainment 51 ;
Auditor-General Report No.38 2017–18 Mitigating Insider Threats through Personnel Security 52 ;
Auditor-General Report No.28 2018–19 Management of Smart Centre’s Centrelink Telephone Services — Follow-up 53 ;
Auditor-General Report No.1 2021–22 Defence’s Administration of Enabling Services — Enterprise Resource Planning Program: Tranche 1 54 ;
Auditor-General Report No.4 2021–22 Defence’s Contract Administration — Defence Industry Security Program 55 ; and
Auditor-General Report No.6 2021–22 Management of the Civil Maritime Surveillance Services Contract. 56

1.33 The ANAO has prepared two information reports on procurement activity in the Australian public sector, which have included publicly available information on consultants:

Auditor-General Report No.19 2017–18 Australian Government Procurement Contract Reporting ; and
Auditor-General Report No.27 2019–20 Australian Government Procurement Contract Reporting Update .

1.34 These information reports presented publicly available data from public sector procurement activity in a number of ways. 57 The publicly available data includes entity reporting on contracts relating to consultancies, including consultancy contract value.

1.35 The APS workforce strategy states that the APS will continue to deploy a flexible approach to resourcing that strikes a balance between a core workforce of permanent public servants and the selective use of external expertise. This will mean a continuing mixed workforce approach, where APS employees and non-APS workers are used to deliver outcomes within agencies. In this context, the strategy highlights the value of ensuring that agencies take a structured approach to the use of non-APS employees. The approach adopted by the APS and its agencies has been the subject of ongoing parliamentary interest, with a number of reviews and parliamentary committee inquiries undertaken in recent years, discussed above at paragraphs 1.14–1.24.

1.36 This audit is one of a series of three performance audits undertaken to provide independent assurance to the Parliament on whether entities have established an effective framework for the management of the contracted element of their workforce. Services Australia was selected as one of the APS agencies in this audit series as it is a large and regular user of non-APS personnel. The other audits in this series review the management of contractors by the Department of Defence and the Department of Veterans’ Affairs.

Audit objective, criteria and scope

1.37 The objective of the audit was to examine the effectiveness of Services Australia’s arrangements for the management of contractors.

1.38 To form a conclusion against the audit objective, the following high-level criteria were adopted.

1.39 The audit examined Services Australia’s framework of policies, plans, processes and guidance that apply to its use, engagement and day-to-day management of contractors.

1.40 The audit did not examine:

the specific procurement arrangements through which particular contractors are engaged, or the assessment of the value-for-money aspect of specific decisions to engage such personnel instead of APS personnel;
performance management in terms of specific contracted deliverables as this is part of the management of a contract; or
the vetting process for contractors undertaken by the Australian Government Security Vetting Agency (AGSVA).

Audit methodology

1.41 Audit procedures included discussions with relevant Services Australia personnel and an examination of the following Services Australia documentation.

Plans, forecasts and management decisions about Services Australia’s workforce use.
Guidance available to assist officials’ decision making on whether to engage a contractor instead of an APS resource, including the information to be provided to delegates regarding such choices.
Nine contracts, used to engage 30 per cent of the contractors engaged in the agency as at 31 October 2021. 58 These contracts were examined to establish whether they included clauses to require contracted personnel to comply with Services Australia’s policies and procedures, undertake training, and to meet performance standards. The contracts were identified in two stages. Four contracts were identified as bulk labour hire contracts for service delivery personnel, based on management representations from Services Australia. Five contracts were identified as the top five contracts by number of personnel engaged for Service’s Australia’s ICT workforce.
Mandatory training requirements, procedures and completion reports for induction.
Policies, procedures and reporting that supports Services Australia’s compliance with PSPF policies 12–14 that relate to the onboarding, ongoing management (including where staff move within the entity) and offboarding of contracted staff.
Management reports as evidence of the application of Services Australia’s framework for the management of contractors.

1.42 The audit was open to contributions from the public. The ANAO received and considered one submission.

1.43 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $318,474.

1.44 The team members for this audit were Natalie Whiteley, Kim Murray, Hugh Balgarnie and Sally Ramsey.

2. Framework for using contractors

Areas examined.

This chapter examines whether Services Australia has established a fit-for-purpose framework for the use of contractors.

Services Australia has established a fit-for-purpose framework for the use of contractors. At the agency level there is guidance which provides clarity regarding the different personnel types, including contractors. Guidance has been developed to assist the largest users of contractors within the agency — its service delivery and ICT areas — determine whether there is an operational requirement for the use of contractors.

2.1 As discussed in paragraph 1.4, the APS Workforce Strategy 2025 released by the Australian Public Service Commission (APSC), identifies that an important element of successful mixed workforce models is a ‘structured approach to the use of non-APS employees’, which includes Australian Public Service (APS) agencies ‘considering where work would be best delivered by an APS employee’. The strategy also states that:

The use of non-APS employees, including labour hire, contractors and consultants, brings different opportunities and risks for APS agencies to manage. Agencies relying on mixed workforce arrangements need to take an integrated approach to workforce planning that includes and best utilises their non-APS workers. This is particularly important where key deliverables are specifically reliant on this non-APS workforce. 59

2.2 This chapter considers the framework established by Services Australia to guide decisions to use contractors. The ANAO examined whether guidance had been developed and issued by Services Australia, that:

provided clarity about the different personnel types that are utilised as Services Australia’s external workforce, including the definition of ‘contractor’, so the most appropriate option is selected for a particular role; and
assisted officials to determine whether there is an operational requirement for the use of contractors to support the efficient and effective use of resources.

Does Services Australia’s guidance provide clarity regarding the different personnel types, including contractors?

Services Australia’s guidance provides clarity regarding the different personnel types, including contractors.

2.3 Services Australia has provided internal guidance regarding the different personnel types. This guidance is accessible on Services Australia’s intranet, on a dedicated webpage, and includes the definitions for the 11 types of contingent workforce resources utilised by the agency. These are: student placement; system access only; contractor; labour hire; consultant; interpreter; service staff; outsourced (staff); APS secondee; non-APS secondee; and partner.

2.4 Services Australia’s ‘Contingent workforce resources definitions’ intranet page defines the ‘contractor’ and ‘labour hire’ personnel types as follows:

A person is a contractor if: the person has been supplied to the agency by the person’s own company or another company to do work in and as part of the operations of the agency the person is supplied to the agency pursuant to a contract the contract specifies the person will supply their labour. Excludes persons supplied through a labour-hire company or the labour- hire panel.

Labour hire

A person is a labour hire worker if: the person has been supplied to the agency by a labour hire company, via a labour hire panel, to do work in and as part of the operations of the agency the person has been supplied to the agency pursuant to a contract the contract specifies the person will supply their labour.

2.5 As noted in paragraph 1.29, this audit has focused on Services Australia’s workforce resources engaged as contractors and labour hire, and refers to these collectively as ‘contractors’.

Does Services Australia provide guidance on determining whether there is an operational requirement for the use of contractors?

In its provision of guidance on determining whether there is an operational requirement for the use of contractors, Services Australia has focused on the largest users of contractors within the agency — its service delivery and ICT areas. Services Australia has developed arrangements to support workforce planning in its service delivery and ICT workforces which include workforce strategies intended to guide decisions on workforce supply, including for the use of contractors. Decisions to use contractors in all parts of Services Australia’s business are guided by the agency’s Average Staffing Level (ASL) cap and internal budget allocations.

2.6 Services Australia’s Strategic Workforce Plan ( 2019–2023 ) recognises its non-APS workforce as part of its workforce mix. The workforce plan identifies that determining an appropriate workforce mix (including contractors) is an important element of maintaining a flexible, capable, and connected workforce across the country to deliver its outcomes.

2.7 An October 2021 brief to Services Australia’s Chief Operating Officer states that:

Work is underway to understand the optimal combination of workforce supply types to meet the capacity, capability and affordability requirements of the Agency. This work includes comparing costs of different workforce supply types, identifying and planning for benefits to be realised through transformation initiatives, and our workforce affordability in the short and medium term. Different combinations of supply types impact differently on capacity, capability, and budget 60

2.8 To support the delivery of its Strategic Workforce Plan, during 2020 and 2021 Services Australia developed organisational arrangements to support workforce planning for service delivery 61 and for elements of its ICT workforces. These areas are the largest users of contractors within the agency. Services Australia has reported that 3716 (87 per cent) of the 4269 contractors it engaged as at 30 June 2021 62 were engaged in either the Technology Services Group (2289 personnel) or in service delivery (1427 personnel). 63

Organisational arrangements to support workforce planning

2.9 The arrangements developed by Services Australia to support workforce planning in its service delivery and ICT workforces include workforce strategies intended to guide decisions on workforce supply, including for the use of contractors. These arrangements are discussed in Box 5 (the service delivery workforce) and Box 6 (the ICT workforce).

Note a: The committee provides advice to Services Australia’s Executive Committee on matters related to enterprise-wide risks, issues and operations to ensure effective day-to-day running of the agency.

Note b: Services Australia describes Tier 1 functions as basic support and processing, where services are a short single interaction such as self-service advice or processing a simple claim (for example, proof of identify or residential address updates). Services Australia describes Tier 2 functions as mid-level query/claim, where specialised support is provided to customers that need it, and customers receive advice from customer cohort teams. This might include services that require follow up (for example, additional income information) or extended interactions such as a multiple process service (for example, applying for payments and services to help with the cost of raising a child).

Note c: Services Australia advised the ANAO in March 2022 that ‘during emergency responses such as COVID-19 and natural disasters, the agency makes decisions about which core functions can be paused or slowed whilst the associated staff deliver essential services to the Australian community. Staff who undertake data analysis functions have been diverted to critical surge priorities, and workforce mix-related analysis is recommenced as surge requirements are reduced’.

Source: ANAO analysis of Services Australia documentation.

2.10 In January 2022, Services Australia informed the ANAO that similar work to develop workforce strategies has not been done in the remaining Services Australia groups because of the smaller non-APS footprint in those groups. Services Australia further informed the ANAO that its refresh of Services Australia’s current Strategic Workforce Plan, planned for later in 2022, will consider whether similar approaches could be applied across the agency.

2.11 Services Australia advised the ANAO in November 2021 that decisions to engage contractors are made within the context of the agency’s: Average Staffing Level (ASL) cap; and internal budget allocations to operational areas, that can be used to purchase, among other things, the services of contractors/labour hire.

3. Arrangements for engaging contractors

This chapter examines whether Services Australia has fit-for-purpose arrangements for the engagement of contractors.

Services Australia has established largely fit-for-purpose arrangements for the engagement of contractors. Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. Services Australia has established mandatory induction training and systems to monitor and report on the completion of induction training by its entire workforce. The effectiveness of training arrangements is reduced by contractors’ training completion rates and shortcomings in processes to ensure contractors and their managers are aware of mandatory induction training. Services Australia has established policy and processes to support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, the key exception being the requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm. By enacting temporary access provisions pending the outcome of pre-engagement eligibility and suitability checks, there is a risk that Services Australia has not met PSPF Policy 12 requirements where there is no assurance process to ensure satisfactory completion of the required checks within a reasonable timeframe.

The ANAO made three recommendations aimed at: improving the effectiveness of mandatory training arrangements; aligning Services Australia’s personnel security policy with Supporting Requirement 1(c) of PSPF Policy 12; and obtaining assurance that PSPF Policy 12 has been addressed, particularly where Services Australia has used temporary access provisions to address the need for rapid recruitment.

3.1 Services Australia’s contracting templates, induction arrangements and arrangements to support compliance with Protective Security Policy Framework (PSPF) Policy 12: Eligibility and suitability of personnel are the primary mechanisms through which the agency ensures that contractors are obliged to comply with Services Australia’s policies and Commonwealth legislation, understand these obligations, and are suitable to access Services Australia’s information.

3.2 This chapter considers the arrangements established by Services Australia for engaging contractors. To form a view on the fitness-for-purpose of Services Australia’s arrangements for engaging contractors, the ANAO examined a sample of contracts that Services Australia has used to engage contractors. Well-designed contracts and clauses help operationalise requirements and assist officials to consistently apply them at the point of engagement. They also document the expectations placed on contractors and provide a basis for managing non-compliance. Nine contracts (engaging 30 per cent of the contractors engaged in the agency as at 31 October 2021) were reviewed to establish whether they included clauses requiring the contracted personnel to meet performance standards and to comply with Services Australia’s policies and Commonwealth legislation. In addition, the ANAO examined:

the induction arrangements established to help contractors understand what their responsibilities are and how to meet their obligations when working for Services Australia; and
the policies and processes in place to ensure that the eligibility and suitability of contractors to access Australian Government resources has been established at engagement as required by PSPF Policy 12: Eligibility and suitability of personnel. 64 Monitoring and reporting on compliance with the policy was also examined.

Does Services Australia have a contracting suite that is tailored for the use of contractors?

Services Australia has in place a contracting suite that is tailored for the use of contractors and has established centrally managed processes for preparing contracts, including when it engages contractors. For the nine contracts for the engagement of contractors reviewed by the ANAO (engaging 30 per cent of the contractor personnel engaged by Services Australia as of 31 October 2021) all contracts: stated that the supplier must ensure that its personnel comply with all procedures and guidelines required by Services Australia; and included references to applicable agency policies, procedures and guidelines. There was some variability in the terms and conditions of the contracts selected for review, with the five ICT contracts not including performance standards. An internal audit from August 2020 states that Services Australia has accepted the risks associated with a lack of performance indicators in the ICT contracts.

3.3 The engagement of a contractor is a procurement process and requires the establishment of a contract between Services Australia and the contractor or the contractor’s employer. Services Australia has established centrally managed processes for preparing contracts, including when it engages contractors. Services Australia undertakes the following process for drafting contracts for contractor personnel.

The relevant business area raises a new request or variation in the relevant online purchasing and procurement system.
The Procurement Partnering team (non-ICT procurement) or Technology Sourcing Branch (ICT procurement) reviews the request and supporting documentation and creates the work order or variation.
The work order or variation and supporting documentation is provided to the business area for approval by the delegate.

3.4 Services Australia’s procurement policy is set out in its Accountable Authority Instructions (AAIs). The AAIs and procurement, contract and contract management policies and procedures, and contacts for assistance are available on its intranet.

3.5 As discussed in paragraph 1.29, contractors are engaged by Services Australia ‘to do work in and as part of the operations of the agency’, that is, to work in roles usually subject to the Australian Public Service (APS) Code of Conduct and APS Values. Services Australia has set out, in internal policies, the behavioural requirements and expectations that contractors are expected to meet when working with the agency. These policies include: security; privacy; fraud; workplace health and safety; and conduct and behaviour.

3.6 The ANAO chose to examine the largest (by personnel number) contracts that Services Australia uses to engage personnel as contractors in its service delivery workforce 65 and ICT workforce, to determine whether the contracts included clauses that require the contracted personnel to comply with Services Australia’s policies and procedures, and to meet performance standards.

3.7 The ANAO chose to examine contracts within Services Australia’s service delivery workforce and ICT workforce because these workforces were the two largest users of contractors within Services Australia, based on the contractor data provided by Services Australia to the ANAO. Collectively they engaged 3716 (87 per cent) of the 4269 contractors engaged by the agency as at 30 June 2021. 66

3.8 The ANAO selected nine contracts for review, comprising four service delivery contracts and five ICT contracts (Table 3.1 below). 67 The selected contracts covered 1508 (30 per cent) of the 5032 contractor personnel in the agency as at 31 October 2021.

Table 3.1: Nine Services Australia contracts for the engagement of contractors examined by the ANAO

Note a: Contract value as reported on AusTender at 16 February 2022.

Note b: The two Chandler Macleod contracts cover the provision of contractors for different job profiles.

Note c: The two Modis contracts cover the provision of different specified personnel.

Source: ANAO analysis of Services Australia documents.

Analysis of selected contracts

3.9 All nine contracts examined by the ANAO included a requirement for the supplier to ensure that its personnel comply with all procedures and guidelines required by Services Australia.

3.10 The four service delivery contracts state that Services Australia will make the listed policies, procedures and guidelines accessible to personnel on the intranet during the contract term, noting that Services Australia may add or amend such policies, procedures and guidelines. Further, these contracts state that it is the responsibility of contractor personnel to keep abreast of changes made to Services Australia’s policies, procedures and guidelines. 68

3.11 The five ICT contracts include references to applicable policies, procedures, and guidelines including ‘those policies, procedures, and guidelines published on’ Services Australia’s intranet. These contracts also require the suppliers to ensure that the personnel supplied to Services Australia under the contract comply with these procedures and guidelines, and that the personnel uphold the values and behave in a manner that is consistent with the APS Values and APS Code of Conduct, as applicable to their work in connection with the contract.

3.12 The four services delivery contracts require the Labour Hire Supplier to ensure that their contractor personnel meet Services Australia’s core performance standards 69 that apply to APS staff performing these roles, or meet performance standards as defined in the contract. The five ICT contracts do not contain any performance standards or indicators for the work to be performed under the contract. In March 2022, Services Australia advised the ANAO that:

The management of an ICT contractor’s performance is the responsibility of their line manager, performed according to the Agency’s Guide for Managers: Labour Hire, page 8 ‘Managing labour hire behaviours and performance’. Contract performance actions, including termination of a contractor’s engagement, are undertaken when line managers notify Technology Sourcing of a performance issue with an ICT contractor. Performance reviews are conducted by the business area prior to the exercise of any extension option.

Managers and team leaders are responsible for identifying any behavioural or performance issues with the contractor that do not align with performance expectations and service standards. Individual contractor performance is assessed against the specified role and level listed in the work order, using the Service Australia job statements for the role/level as the performance measures. The contractor must follow the directions and instructions of the supervisor in the performance of the duties. The supervisor manages this performance, including approval of timesheets. It is expected that a manager or team leader will have direct conversations with a contractor regarding any performance issues (for example, instances of inappropriate language, dress, cultural insensitivity, or being out of adherence for scheduled activities).

3.13 An August 2020 internal audit report into Services Australia’s management of ICT contractors identified a lack of performance measures in the Technology Services Group’s contracts examined as part of that audit. The audit finding stated that:

A lack of clear up-front performance requirements included in contracts (in the form of KPIs, or other outcomes) creates a risk that the department will be less able to achieve and demonstrate value-for-money in contract delivery.

3.14 In response to the internal audit finding, the Senior Responsible Officer within Technology Services Group accepted the risks associated with a lack of performance requirements in contracts and noted that the:

current process is for the most part aligned with HR policy and work level standards and is able to demonstrate value-for-money has been achieved.

Does Services Australia have fit-for-purpose arrangements for inducting contractors?

Services Australia has largely fit-for-purpose arrangements for inducting contractors, with the completion of mandatory training by its non-APS personnel recorded through monthly reporting. The effectiveness of the arrangements is limited due to low completion rates for mandatory induction and refresher training for contractors, and shortcomings in processes to ensure that contractors complete training. Monthly training reports examined by the ANAO showed that of the contractors engaged by the agency as at 28 February 2022, 34.7 per cent had completed the mandatory induction modules — with a further 28.3 per cent of contractors deemed ‘induction compliant’ by Services Australia — and 32.2 per cent had completed the 2022 mandatory refresher program. Services Australia advised the ANAO that as at 30 April 2022, 39.3 per cent of contractors had completed the mandatory induction modules — with a further 27.0 per cent of contractors deemed ‘induction compliant’ — and 48.8 per cent of contractors had completed the 2022 mandatory refresher program.

3.15 The induction process for contractors engaged in Services Australia is outlined in the agency’s targeted guidance for ‘Engaging Contractors and Labour Hire Staff’. This includes:

a mandatory induction program that includes online training modules on the agency’s value and culture, work health and safety, security, privacy and fraud awareness; and
a mandatory refresher program to be completed every two years.

3.16 Services Australia’s intranet includes guidance on the Mandatory Induction Program. The intranet page states that:

The Mandatory Induction Program: is mandatory for all new staff who have access to our sites or systems is designed to be self-directed, with manager support to reinforce key learning should be completed within the first week of commencement can also be used as a refresher for staff returning from long term leave.

3.17 The intranet page advises that:

The [mandatory induction] program must be completed by all new staff to the agency. This includes ongoing, non-ongoing and irregular and intermittent (casual) employees, and labour hire and contractor staff.

3.18 All staff in Services Australia (APS and non-APS) are also required to complete the Mandatory Refresher Program. The program was launched in 2019–20 and the next iteration of the program was released in February 2022. 70

3.19 Completion of the online mandatory induction and mandatory refresher programs is monitored through the agency’s Learning Management System.

3.20 Services Australia advised the ANAO in March 2022 of the induction requirements for contractors who are engaged with the agency:

All contractors are required to undertake the full Induction program on their first commencement with Services Australia.

If a contractor leaves us and then is re-engaged, their manager may require them to re-do the Induction Program, depending on how long they have been away from the organisation. However there is no specific policy around this.

Contractors returning to the organisation would also be doing the next Mandatory Refresher Program as appropriate as well, covering many of the Induction Program’s key messages.

3.21 All nine contracts examined by the ANAO (listed in Table 3.1 above), include clauses that require contracted personnel to undertake mandatory induction training, though the specificity of those clauses differed between the nine contracts.

3.22 In addition to mandatory induction training, Services Australia’s guide for managers on labour hire outlines additional training requirements that may be required:

Each business area of Services Australia that engages LH [Labour Hire] staff will need to determine any additional technical training requirements of these staff. 71 Business areas are responsible for providing this training, in consultation with Services Australia’s learning and development team.

The LH providers may be responsible for delivery of non-technical training to their LH staff where contractually required. This may be delivered using training packages provided by Services Australia. Some of these products could relate to service delivery skills, values and behaviour, and managing aggressive behaviours.

Attendance at non-technical training will be monitored and reported to Services Australia by the LH provider. The LH provider may be contractually required to ensure that non-technical training is completed prior to the commencement of technical training.

Mandatory induction and refresher programs

3.23 The ANAO reviewed the content of the agency’s mandatory induction and mandatory refresher programs to assess the extent to which expected behaviours and standards from relevant Services Australia policies were covered by the training. The ANAO compared the content in the mandatory induction and refresher programs against the mandatory policies applicable to contractors. The results of the ANAO analysis are summarised below in Table 3.2.

Table 3.2: ANAO analysis of Services Australia’s mandatory induction and refresher training for contractors — coverage of contractor obligations

Note a: Ticks in this table indicate that the training course includes material covering the expected behaviours and standards from relevant Services Australia policies.

Note b: There was partial coverage of personnel security policy in the mandatory security induction training. The security training did not cover the obligations of separating individuals, such as the removal of their systems access, the return of agency assets, and their continuing obligations to safeguard agency and Australian Government resources after leaving the agency. Services Australia advised the ANAO in March 2022 that: ‘Security induction and mandatory refresher training focuses on topics considered the most relevant for new or existing employees. Separation obligations are most appropriately covered off at the time the employee is about to leave the agency. Managers and supervisors play a key role initiating removal of the separating employee’s system access and return of agency assets and advising the employee of their ongoing security obligations.’

Source: ANAO analysis of Services Australia documentation.

Monitoring completion of mandatory induction requirements by contractors

3.24 Services Australia’s guidance states that:

All staff have a responsibility to complete the [mandatory induction] program, however it is the manager/supervisor’s responsibility to ensure that their staff member knows how to access the program and that it is completed.

3.25 Services Australia produces a standard monthly learning report on online training completed by its personnel (including APS and non-APS personnel). In addition, Services Australia’s policy states that:

Reports for the mandatory refresher program are sent out monthly and cascaded to Divisions and Branches. The report includes a staff listing of who has and has not completed the MRP [Mandatory Refresher Program].

3.26 Table 3.3 (below) illustrates, for the 4944 contractors in Services Australia’s workforce as at 28 February 2022:

the number and percentage of contractors who completed all five modules of the mandatory induction program; and
the number and percentage of contractors who completed the two 2019–2021 mandatory refresher program modules, and the 2022 Mandatory Refresher Program.

Table 3.3: Completion and compliance rates for induction and mandatory refresher training for the 4944 contractors in Services Australia’s workforce as at 28 February 2022

Note a: Contractors who had completed all of the five Mandatory Induction Program Modules listed in Table 3.2: Our Values, Work Health and Safety, Security, Privacy and Fraud.

Source: ANAO analysis of Services Australia data.

3.27 As illustrated in Table 3.3, of the 4944 contractors in Services Australia’s workforce as at 28 February 2022, around a third had completed the mandatory induction program and the 2022 mandatory refresher program (34.7 per cent and 32.2 per cent respectively). Just over half had completed the 2019–2021 mandatory refresher program modules 1 and 2 (58.5 per cent and 57.6 per cent respectively).

3.28 In addition to the 1716 contractors (34.7 per cent) who completed all the mandatory induction program modules, Services Australia deemed that another 1397 contractors (28.3 per cent of the 4944 contractors in Services Australia’s workforce as at 28 February 2022) were ‘induction compliant’. Services Australia advised the ANAO in April 2022 that these contractors were deemed to be induction compliant without having to complete the induction training. On this basis, a total of 3113 contractors (62.9 per cent) had met induction training requirements. Services Australia was unable to provide evidence of the decisions that contractors were deemed to be compliant with mandatory induction training without having completed the Mandatory Induction Program or Mandatory Refresher Program. Services Australia advised the ANAO in June 2022 that it had ‘updated internal processes by introducing a decision register for recording of such decisions’.

3.29 Services Australia further advised the ANAO that for the 4851 contractors in the agency’s workforce as at 30 April 2022:

3213 (39.3 per cent) had completed the mandatory induction program (with a further 27.0 per cent deemed to be ‘induction compliant’); and
2365 (48.8 per cent) had completed the mandatory refresher program.

Services Australia’s internal audit report on Blended Workforce Management

3.30 Services Australia’s June 2021 internal audit report on Blended Workforce Management identified a lack of clarity in responsibility for ensuring that staff complete mandatory training:

Managers are responsible for ensuring that individuals within their business area have completed mandatory training requirements, however, there can be a lack of clarity regarding who is responsible where the agency staff on-boarding personnel is different to the Manager providing day-to-day oversight.

3.31 The internal audit report also found that:

automated notifications are not provided for contractors, including to alert them to requirements to complete on-boarding training and mandatory refresher programs. Consequently, there is a reliance on agency personnel often involved in the on-boarding process to make contractors aware of training requirements and follow-up completion.

3.32 Services Australia’s Audit and Risk Committee considered the audit report in October 2021 and requested that management provide the committee with a report on how Services Australia is addressing the audit findings. The June 2022 Audit and Risk Committee papers noted that the Chief Operating Officer would provide a report at the August 2022 meeting detailing the agency’s people strategy, including cost, composition, labour market and future modelling.

3.33 The low completion and compliance rates for the mandatory induction program (see Table 3.3) and internal audit findings of shortcomings in agency processes for alerting contractors of training requirements (paragraph 3.31), indicate that contractors may not always be made aware of the expected behaviours and standards that Services Australia requires of its personnel. The internal audit also indicates that managers may not be aware of their responsibilities regarding the completion of training by contracted personnel.

3.34 Services Australia, as part of its considerations on how to respond to the June 2021 internal audit on blended workforce management, should establish how it can ensure that contractors complete mandatory induction training to mitigate the risk that its contracted personnel are uninformed or unable to perform their roles effectively.

Recommendation no.1

3.35 Services Australia ensure that:

3.36 The agency has implemented governance processes around enterprise mandatory training that includes a communication plan, and regular monthly Executive and business area reporting on the completion rates of the Mandatory Induction Program and the Mandatory Refresher Program.

3.37 A communications plan to support the Mandatory Induction Program and Mandatory Refresher Program 2022 has been implemented to ensure that all staff and managers are aware of their responsibilities regarding these programs. There are also internal online resources dedicated to the Mandatory Induction Program and the Mandatory Refresher Program. The agency’s workforce can access these online resources to obtain up to date information on the programs, at any given t ime.

Has Services Australia established arrangements for the engagement of contractors that support compliance with PSPF Policy 12: Eligibility and suitability of personnel?

Services Australia has established policies and processes that support compliance with the majority of core requirements of PSPF Policy 12: Eligibility and suitability of personnel when it engages contractors, except for PSPF Policy 12 Supporting Requirement 1(c), which relates to obtaining individuals’ agreement to comply with the government’s policies, standards, protocols and guidelines that safeguard resources from harm. Services Australia has enacted temporary access provisions in its personnel security policy ‘to enable rapid recruitment to meet the high service demand generated by COVID-19’ and to manage the 2022 east coast flood emergency and other priorities. There is scope for Services Australia to strengthen its assurance activities to ensure that the mandatory requirements of PSPF Policy 12 have been met, particularly when personnel have already been granted temporary access to Australian Government resources (people, information and assets).

3.38 Protective Security Policy Framework (PSPF) Policy 12: Eligibility and suitability of personnel 72 sets out ‘the pre-employment screening processes and standardised vetting practices to be undertaken when employing personnel and contractors.’ Policy 12 has the following core requirements:

Each entity must ensure the eligibility and suitability of its personnel who have access to Australian Government resources (people, information and assets).

Entities must use the Australian Government Security Vetting Agency (AGSVA) to conduct vetting, or where authorised, conduct security vetting in a manner consistent with the Personnel Security Vetting Standards.

3.39 The policy states that pre-employment screening is the primary activity used to mitigate an entity’s personnel security risks. Entities may use security clearances where they need additional assurance of the suitability and integrity of personnel. This could be for access to security classified information, or to provide greater assurance for designated positions. Under the policy:

Entities must undertake pre-employment screening, including: verifying a person’s identity using the Document Verification Service 73 ; confirming a person’s eligibility to work in Australia; and obtaining assurance of a person’s suitability to access Australian Government resources, including their agreement to comply with the government’s policies, standards, protocols and guidelines that safeguard resources from harm.

3.40 In its mandatory annual report to the Attorney-General’s Department in 2018–19 , Services Australia self-assessed its security maturity against PSPF Policy 12 requirements as ‘developing’. In its annual reports for 2019–20 and 2020–21 Services Australia lifted its maturity rating for PSPF Policy 12 to ‘managing’. 74

3.41 To form a view on whether Services Australia has established arrangements for the engagement of contractors that support compliance with PSPF Policy 12, the ANAO reviewed Services Australia’s arrangements for:

conducting pre-employment screening and standardised vetting practices when engaging contractors; and
monitoring that PSPF Policy 12 requirements have been addressed when contractors have been engaged.

Arrangements for conducting pre-employment screening and standardised vetting

3.42 Services Australia’s Personnel Security Policy sets out what Services Australia must do to meet PSPF Policy 12. Table 3.4 below outlines the requirements of PSPF Policy 12 that are to be established by Services Australia and the arrangements Services Australia has established for pre-employment screening processes and standardised vetting practices when engaging contractors.

Table 3.4: Services Australia’s policies and processes that apply to contractors and support compliance with the core requirements for PSPF Policy 12: Eligibility and suitability of personnel

Note a: Identified positions are those that the agency assesses as requiring an authorised security clearance. Services Australia advised the ANAO that as at 25 November 2021, 18 per cent of its security assessed positions were filled by contractors.

Source: ANAO assessment of Services Australia documentation.

3.43 As noted in Table 3.4, the agency’s Personnel Security Policy does not include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12. This omission requires attention by Services Australia.

3.44 Services Australia advised the ANAO in March 2022 that:

Every new employee/contractor is required to sign the “Declaration for handling personal information”. This covers information security, privacy and secrecy obligations and this could be expanded to require a more general declaration to comply with the broader range of government policies, standards, protocols and guidelines that safeguard resources from harm. The agency’s exit form requires all exiting staff to make a number of declarations prior to leaving the agency including they understand their ongoing obligation to protect Australian Government resources under the Criminal Code, Public Service Act 1999 and other relevant legislation.

Recommendation no.2

3.45 Services Australia update its personnel security policy to include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12.

3.46 The agency will update the personnel security policy and associated procedures in support of the relevant requirements of PSPF Policy 12 .

Arrangements for monitoring and reporting that requirements of PSPF Policy 12 have been addressed when contractors have been engaged

3.47 In October 2021, Services Australia advised the ANAO of its onboarding processes for all personnel (including contractors):

The agency conducts eligibility and suitability screening to assess if individuals are eligible and suitable to have non-public access to the agency’s and the Australian Government’s resources (people, information and assets).

The agency’s eligibility and suitability screening includes: eligibility and suitability checks (also known as pre-engagement checks) eligibility and suitability assessments based on the results of eligibility and suitability checks.

The agency will not grant an individual with non-public access to resources until eligibility and suitability screening has been completed and the agency has determined that individual is eligible and suitable to be granted that access. In exceptional circumstances, temporary access to agency resources may be granted, pending the completion of the eligibility and suitability check process.

3.48 As part of the onboarding process, contractors are to complete a pre-engagement pack that is then uploaded to Services Australia’s onboarding tracker. The agency’s guidance states that the pre-engagement pack should be completed for:

Any individual who may require non-public access to the department’s or shared services agency’s resources (information, buildings, assets, staff and customers), prior to their commencement.

3.49 Services Australia’s policy and procedure documents state that the Onboarding Services team will ensure eligibility and suitability checks are completed prior to system access being granted.

3.50 Services Australia advised the ANAO in June 2022 that to strengthen its assurance arrangements for PSPF Policy 12 in relation to contractors, since 2018 it has established a centralised onboarding team, made systems improvements including the recording of police checks, and further developed:

a regular report for the Onboarding Team to forecast possible future contractor extensions. Over the last 6 months, this report has been enhanced to capture police check information. This has allowed a cleansing exercise that is approximately 60% complete and still underway to ensure accurate and up-to-date pre-engagement pack (PEP) information.

3.51 Services Australia further advised the ANAO that:

In September 2021, the Onboarding Team implemented automation of the extensions processing. The ‘digital worker’ has been developed to always check for a valid police clearance date before extending system access. Any that do not have a valid police check are flagged as exceptions and we contact the business area to request a new PEP to be completed. The PEP must be complete and have a returned result prior to extension being processed by the Onboarding Team.

The Onboarding Team are also working on an automated reminder for non-payroll staff who are nearing the 3 year milestone requesting them to undertake another pre-engagement check. The scoping exercise is nearing completion for the process.

3.52 Services Australia advised the ANAO in March 2022 that, in relation to assurance activities to ensure mandatory requirements under PSPF Policy 12 are met for contractors, ‘the agency does not currently undertake any specific assurance activities to ensure these mandatory requirements have been met’.

Services Australia’s use of temporary access provisions

3.53 Temporary access provisions allow newly engaged individuals to be granted access to agency facilities, systems and resources before Services Australia has finalised its pre-engagement screening process.

3.54 The Attorney-General’s Department guidance for PSPF Policy 12 recommends that:

entities conduct and finalise pre-employment and entity-specific screening after the conclusion of the merit selection process but prior to an offer of employment or contract. The guidance also stipulates that where checks are not completed prior to engagement, it is recommended that entities make the employment or contract conditional on satisfying the required checks within a reasonable timeframe.

3.55 Commencing in March 2020, Services Australia enacted the use of temporary access provisions in its security policy, ‘to enable rapid recruitment to meet the high service demand generated by COVID-19’ and to manage the 2022 east coast flood emergency and other priorities. 75 Services Australia advised the ANAO that temporary access provisions are used after an appropriate risk assessment has been conducted. The ANAO reviewed 22 approval emails for temporary access waiver requests, dating from March 2020 to May 2022. Of the 22 emails reviewed, eight included a risk assessment with the request.

3.56 Services Australia advised the ANAO in June 2022 that:

the agency did not waive the mandatory pre-employment screening or security clearance requirements. Services Australia’s application of temporary access provisions was for the purpose of allowing access to agency resources prior to the completion of the agency’s eligibility and suitability check process. The application of the temporary access provisions is consistent with the PSPF guidance, where there was a condition included that: all pre-engagement packs and all supporting documentation for each individual must be submitted to the on-boarding team within 14 days (earlier if possible) of an individual’s commencement temporary access may subsequently be revoked [if not provided in 14 days].

3.57 Services Australia further advised the ANAO in June 2022 that:

Services Australia temporary access provisions required that individuals submit their pre-engagement pack within a determined number of days of commencement, or their access to agency resources would be suspended. The agency’s onboarding function and/or contract managers monitor the completion and submission of pre-engagement packs and submit and monitor the return of police checks. Where adverse results from the police checks or internal checks are identified for candidates engaged under the temporary access provisions, these individuals are subsequently referred to the Security Branch for an eligibility and suitability assessment to be undertaken. Personnel Security may subsequently request some individuals be suspended from engagement, pending the outcome of the eligibility and suitability assessment.

3.58 In May 2022, Services Australia advised the ANAO that 8077 individuals were onboarded under temporary access provisions after September 2021, including 4825 ‘labour hire/service delivery partner individuals.’ Services Australia was unable to advise the ANAO of the number of individuals, including the number of contractors, that were onboarded under the temporary access provisions up to and including September 2021.

3.59 As noted in paragraphs 3.50–3.51, Services Australia advised the ANAO in June 2022 that it has taken steps to strengthen assurance arrangements around PSPF Policy 12 for contractors, particularly over the last six months.

Recommendation no.3

3.60 Services Australia strengthen arrangements to obtain assurance that PSPF Policy 12 requirements have been met, particularly to ensure the eligibility and suitability of its personnel who have been granted temporary access to Australian Government resources (people, information and assets).

Services Australia’s response: Agreed.

3.61 The agency will strengthen assurance arrangements to ensure the eligibility and suitability of personnel who have received temporary access due to exceptional circumstanc es.

4. Arrangements for managing contractors

This chapter examines whether Services Australia has established fit-for-purpose arrangements for the management of contractors.

Services Australia has established largely fit-for-purpose arrangements for the management of contractors. Services Australia has clearly documented its requirements and expectations regarding the management and oversight (supervision) of contractors and has established responsibilities for managing completion at the business area level. Arrangements (policy, processes and monitoring) for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel and PSPF Policy 14: Separating personnel have been largely established. With regards to PSPF Policy 14, risks have been identified regarding the effectiveness of agency controls for removing separating individuals’ systems access in a timely way.

Areas for improvement

The ANAO identified that there is an opportunity for Services Australia to consolidate aspects of its guidance and supporting documentation available to contract managers, to rationalise the available information and avoid duplication.

4.1 Once engaged by Services Australia, the ongoing management of contractors involves:

day-to-day oversight of the contractor and management of the contract to ensure that contracted outcomes are being delivered as required;
assessment and management of the ongoing suitability of the contractor to access Australian Government resources; and
withdrawing access and managing ongoing risks at the end of the contract.

4.2 The ANAO examined the following to form a view on the fitness-for-purpose of Services Australia’s arrangements for the management of contractors.

Documentation promulgated to officials to inform them of the agency’s requirements and expectations for the management of contractors and the training that was available to support implementation of the guidance.
Policies and processes for ensuring the ongoing suitability of contracted personnel to access Australian Government resources, as required by PSPF Policy 13: Ongoing assessment of personnel , and monitoring and reporting on compliance.
Policies and processes for contracted personnel to have their access withdrawn and to be informed of any ongoing security obligations, as required under PSPF Policy 14: Separating personnel , and monitoring and reporting on compliance.

Has Services Australia clearly documented its requirements and expectations regarding the management and oversight of contractors?

Services Australia has clearly documented its requirements and expectations regarding the management and oversight of contractors. Agency requirements and expectations for contract managers are documented in the Accountable Authority Instructions, the Contract Management Framework and in policies, procedures and guidance. Contract managers are required to undertake mandatory training, with training requirements tailored to the overall risk rating of the contract to be managed. Services Australia requires business areas to ensure that appropriate training has been undertaken but has not established arrangements that provide agency-wide assurance that contract managers have completed the mandatory training.

Framework documenting the requirements and expectations for managers

4.3 Services Australia has documented its requirements and expectations for contract managers in the Accountable Authority Instructions (AAIs) and Contract Management Framework. This information is available on Services Australia’s intranet.

Accountable Authority Instructions

4.4 The responsibilities of Services Australia’s contract managers are set out in the agency’s AAIs, which state that the mandatory responsibilities of contract managers are:

complying with the agency’s contract management framework and guidance;
actively managing the contract including ensuring the contract meets it objectives;
performance monitoring and reporting to ensure the agency obtains value for money; and
identifying, assessing and managing contract risks.

Contract Management Framework

4.5 Services Australia has established a Contract Management Framework for the purpose of providing ‘responsible delegates and Contract Managers with a clear and standardised approach to managing and administering contracts for Services Australia’. 76 The framework outlines the four key elements of contract management in the agency (contract governance, contract administration, performance management and stakeholder management) and the requirements and expectations for contract managers for each of the four elements (illustrated in Figure 4.1).

Figure 4.1: Elements of the contract management framework

Alt text not required, as the figure is explained in paragraph 4.5.

Source: Services Australia.

4.6 Policies, procedures and guidance for managers are available in documents and pages on Services Australia’s intranet. The documents include:

roles and responsibilities of contract managers, which are clearly defined;
standardised policies and processes for managing contracts in the agency;
standardised tools to assist contract managers to fulfil their responsibilities, including around performance monitoring, record management, risk management and tracking the contract budget; and
a range of policies, procedures and guidance on supervising contractors and labour hire personnel including the day-to-day management of induction, performance, security, financial delegations, conduct and behaviour, onboarding and offboarding. 77

4.7 In reviewing the documentation available to managers, the ANAO noted duplication of advice on onboarding, day-to-day management, and offboarding of contractors. There is an opportunity for Services Australia to consolidate aspects of its guidance and supporting documentation available to managers, to rationalise the available information and avoid duplication.

4.8 Services Australia advised the ANAO in March 2022 that:

The Procurement Branch publishes contract management resources under a central contract management homepage on the intranet. The homepage links to relevant tools, templates and guidance to assist staff managing arrangements in line with the contract management framework. Separately, there is a range of published information relating to the day-to-day management of labour hire staff which differs from contract management, though some overlap in information is noted.

4.9 The Procurement Branch will review information applicable to the day-to-day management of labour hire staff and contractors and include links to those policies and procedures on its contract managers homepage that may assist contract managers, including: onboarding processes, HR Policy, and training requirements for contractors. The contract manager may delegate administrative duties for the contract, including the day-to-day management and supervision of contractors, to one or more contract administrators. In February 2022, Services Australia advised the ANAO that in addition to the policies, procedures and guidance outlined in paragraph 4.6 for supervisors of contractors in the agency, it has established governance meetings with suppliers to provide contract assurance and address potential risks that may arise through delegating contract administration. The ANAO did not examine the implementation of these arrangements.

Training for contract managers about managing and oversighting contractors

4.10 Contract managers are required to undertake mandatory training to perform their roles. Services Australia has in place a Contract Management Training Pathway for contract managers, that comprises eLearning and formal training. In addition, the agency planned to develop face-to-face workshops, with work expected to commence in March 2022. 78 Contract administrators, who may be responsible for the day-to-day management and supervision of contractors, can also undertake contract manager training but it is not mandatory.

4.11 Services Australia’s guidance states that these courses are in place to support contract managers in respect to: understanding their responsibilities, planning and assessing supplier performance, communicating with stakeholders, assessing contractual risk, and documenting contract management plans. The mandatory training courses that apply at each contract risk rating level are summarised in Table 4.1 below.

Table 4.1: Mandatory training for contract managers in Services Australia

Note a: The overall risk rating for a contract is determined by the risk assessment of the underlying risks associated with a contract. Services Australia’s Contract Management Framework includes guidance and templates for developing and documenting risk assessments.

Monitoring contract manager training completion rates

4.12 Services Australia advised the ANAO in March 2022 that:

Business areas are responsible to ensure contract managers are appropriately skilled to manage contract deliverables, noting that procurement and contract arrangements are managed centrally by the Procurement Branch for non-ICT procurements and ICT Strategic Sourcing Branch for ICT procurements.

4.13 Services Australia has not established arrangements that provide agency-wide assurance that contract managers have completed the mandatory training.

Feedback from contract managers on available guidance, training and support

4.14 The ANAO sought feedback from 10 contract managers in Services Australia on the effectiveness of the guidance, training and support they are offered to undertake their role. 79 The responses received from contract managers indicated that generally, the policies, procedures, guidance and support they were offered to undertake their role were effective. The contract managers identified opportunities to improve the range of guidance available through: consolidating resources for managing contractors, development of agency-wide policies and guidance; and development of more Human Resources guidance to support the supervision and management of contractors in the agency.

Has Services Australia established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel ?

Services Australia has largely established arrangements for the management of contractors that support compliance with PSPF Policy 13: Ongoing assessment of personnel. Services Australia has established policies that support the implementation of PSPF Policy 13 for contractors that address all aspects of the core PSPF requirement. All nine contracts examined by the ANAO included clauses requiring ongoing compliance with Services Australia’s security policies and procedures. In addition, guidance has been established for contract managers around assessing and managing the ongoing suitability of contractors and sharing relevant information of security concern, including forms for reporting security incidents. Where contract periods are greater than three years, Services Australia has no agency-wide assurance that its mandatory requirement for triennial eligibility and suitability checks for contractors is being met. Services Australia has identified opportunities to strengthen arrangements to support compliance with PSPF Policy 13.

4.15 When personnel (including contractors) are engaged, entities must ensure that the eligibility and suitability requirements that were established prior to commencement continue to be met. This entity responsibility is set out in PSPF Policy 13: Ongoing assessment of personnel. The purpose of the policy is to describe how entities maintain confidence in the suitability of their personnel to access Australian Government resources and manage the risk of malicious or unwitting insiders. The core requirement of PSPF Policy 13 is that ‘each entity must assess and manage the ongoing suitability of its personnel and share relevant information of security concern, where appropriate.’

4.16 In its 2018–19 , 2019–20 and 2020–21 self-assessment of its maturity against PSPF Policy 13 requirements, submitted to the Attorney-General’s Department (AGD), Services Australia rated its maturity level as ‘developing’. 80

Arrangements for assessing and managing the ongoing suitability of contractors and sharing relevant information

4.17 Services Australia’s Personnel Security Policy sets out what the agency must do to meet PSPF Policy 13. Table 4.2 (below) outlines the results of the ANAO’s review of Services Australia’s policies and processes for assessing and managing the ongoing suitability of contractors.

4.18 In summary, Services Australia has established policies and procedures to support compliance with the requirements of PSPF Policy 13. Services Australia’s policies and procedures address all aspects of the core PSPF requirement and apply to all personnel, including contractors. Services Australia has also included clauses, in the nine contracts examined by the ANAO, requiring ongoing compliance with Services Australia’s security policies and processes.

Table 4.2: Services Australia’s policies and processes that apply to contractors and support compliance with the core requirements of PSPF Policy 13: Ongoing assessment of personnel

Note a: Services Australia’s Personnel Security policy defines individuals as: ‘all ongoing and non-ongoing staff and all contractors, labour hire, consultants, third party providers and other government department or agency personnel.’

Note b: In its 2020–21 self-assessment of its maturity against PSPF Policy 13 requirements submitted to AGD, Services Australia reported nil instances of where the accountable authority had waived the citizenship or checkable background requirements for any security clearances sponsored by the entity.

Note c: Services Australia advised the ANAO in March 2022 that: ‘The review of security clearance eligibility waivers is triggered during the PSPF Annual Assessment process – as the agency is required to report on waivers in the annual submission. This level of detail is not included in our personnel security policy.’

Arrangements for monitoring and reporting that the ongoing suitability of contractors has been assessed and managed

4.19 In its 2020–21 PSPF self-assessment report to AGD, Services Australia reported that:

The entity has substantially developed its procedures and systems to assess and manage ongoing suitability of personnel. In the majority of cases, information of security concern for ongoing suitability of personnel is assessed and shared by the entity with relevant shareholders [sic]. Procedures are mostly in place to ensure compliance with security clearance maintenance requirements (where relevant).

4.20 Services Australia also reported that, to lift its security maturity rating for PSPF Policy 13 from ‘developing’ to ‘managing’, the agency planned to take the following actions.

examine and develop policy options to uplift the minimum security requirements in the Personnel Security Policy for all new and existing staff (including contractors) in the agency to a minimum BASELINE security clearance, or other options to manage key risks;
undertake a review of existing security clearance assessed positions across the agency; and
examine and develop options for all individuals to declare significant changes in personal circumstances.
By June 2022, develop ongoing training and awareness programs to communicate staff obligations with regard to security policies and procedures.

4.21 In March 2022, Services Australia informed the ANAO that these activities were progressing, though with some delays due to the agency’s response to the COVID-19 pandemic.

Has Services Australia established arrangements for the separation of contractors that support compliance with PSPF Policy 14: Separating personnel ?

Services Australia has established arrangements for the separation of contractors to support compliance with PSPF Policy 14: Separating personnel , including relevant policies and processes, however there is scope for implementation to be more effective. In the nine contracts examined by the ANAO, Services Australia included clauses requiring contractors to comply with Services Australia policies and processes that support compliance with PSPF Policy 14. ANAO testing identified risks in the effectiveness of Services Australia’s ICT controls for removing separating individuals’ systems access in a timely way. Services Australia’s monitoring and reporting on compliance with PSPF Policy 14 has identified that there is further work to be done and identified a range of activities to improve compliance around separating personnel, including strengthening the assurance process for the timely removal of separating individuals’ access to agency systems.

4.22 When individuals (including contractors) permanently or temporarily leave their employment with an entity, entities are required to take steps to mitigate risks that Australian Government resources will be accessed by individuals without permission or that ongoing security obligations are not met. These requirements are set out in PSPF Policy 14: Separating personnel. Policy 14 states that:

Each entity must ensure that separating personnel:

(a) have their access to Australian Government resources withdrawn;

(b) are informed of any ongoing security obligations.

4.23 In its 2018–19 , 2019–20 and 2020–21 self-assessment of maturity against PSPF Policy 14 requirements, submitted to AGD, Services Australia rated its maturity level as ‘developing’. 81

Arrangements for managing access and ongoing security obligations of separating contractors

4.24 Services Australia’s Personnel Security Policy sets out what the agency must do to meet PSPF Policy 14. Table 4.3 below outlines the results of the ANAO’s review of Services Australia’s policies and processes for managing access and ongoing security obligations of separating contractors.

Table 4.3: Services Australia’s policies and processes that apply to contractors and support compliance with the core requirements of PSPF Policy 14: Separating Personnel

4.25 In summary, Services Australia has established policies and processes to support compliance with the requirements of PSPF Policy 14. Services Australia has also included clauses, in the nine contracts examined by the ANAO, requiring ongoing compliance with Services Australia’s security policies and processes.

Arrangements for monitoring and reporting that the requirements of PSPF Policy 14 have been met when contractors are separating

4.26 In its 2020–21 PSPF self-assessment report to AGD, Services Australia reported that:

Separating personnel in the majority of cases understand their ongoing security obligations and have their access to Australian Government resources withdrawn. Systems and processes are substantially developed to verify consistency of separating personnel practices across the entity.

4.27 In that report, Services Australia also stated that to lift its security maturity rating for PSPF Policy 14 from ‘developing’ to ‘managing’, the agency planned to do the following.

notification to the Chief Security Officer about proposed cessations of employment resulting from alleged misconduct or other adverse reasons prior to separation;
sharing relevant security information for personnel transferring to another Australian Government entity; and
determining when a risk assessment is required to identify security implications for personnel separating from the agency for those who have not been able to complete agency specific separation processes.
By June 2022, further progress activities regarding policies, procedures and technology to ensure access to agency systems and premises is removed appropriately and in a timely manner.

4.28 In March 2022, Services Australia advised the ANAO that ‘these strategies have not progressed as yet due to resources being diverted to priority activities associated with support of Emergency Responses (COVID, fires, floods).’

4.29 ANAO testing of ICT systems controls, conducted as part of the audit of Services Australia’s 2018–19 financial statements, identified instances where separating individuals’ systems access was not removed in a timely way. 83 As at 15 June 2022, the finding remained open.

4.30 Services Australia advised the ANAO in March 2022 that:

The Agency undertook a review of all user terminations for the 2020-21 financial year to address the C3 User Termination finding and determine the business, financial and data risks to the Agency.

The review incorporated the work undertaken in the Agency’s fraud Division and identified all users where the system termination action was completed after the users final working day. Where anomalies where detected further reviews where undertaken to determine if this delay led to any business, financial or data risk impact. The review considered system access, credit card usage and access to secure information held in protected enclave.

No business, financial or data risk issues were identified.

A monthly review process has been implemented by the Agency’s payroll area to ensure any delays to user terminations are reviewed.

5. Observations and key messages on the selected agencies’ management of contractors

This audit is one of a series of three performance audits in which the ANAO has examined the arrangements established by Services Australia, the Department of Veterans’ Affairs (DVA) and the Department of Defence (Defence) for the use, engagement and management of contractors against the same audit objective and criteria.

High-level observations made in this audit series and key messages for all Australian Public Service (APS) agencies are outlined in this chapter. The observations focus on: data availability and transparency issues relating to the contractor workforce; and the application of ethical and personnel security requirements to the contractor workforce.

The Auditor-General has not made recommendations on data availability, transparency and ethical requirements in this audit series, noting that recommendations on these issues were directed to the Australian Public Service Commission (APSC) and/or the Department of Finance (Finance) by committees of the 46 th Parliament and the 2019 Our Public Service, Our Future: Independent Review of the Australian Public Service (the Thodey Review).

Data availability and transparency

5.1 Audit work conducted across Services Australia, DVA and Defence identified different approaches to the collection and collation of data on the non-APS workforce. For example, Services Australia and DVA recorded each contractor or labour hire person in their systems, while Defence conducts an annual census which it advised provides a ‘reasonable estimate’ of the headcount of contractors it engages. The collection method adopted by the audited agencies impacted on their ability to report on the numbers of non-APS personnel – in terms of headcount and/or Full-Time Equivalent (FTE) – at a point in time and with confidence as to the completeness and accuracy of the data.

5.2 Each agency examined by the ANAO had established its own definitions for various non-APS personnel types it procured. 84 A summary of the number of non-APS personnel types that each entity had defined is set out in Table 5.1 below.

Table 5.1: Non-APS personnel types defined by the audited agencies

Source: ANAO analysis of documentation from the Department of Defence, Services Australia and the Department of Veterans’ Affairs. Also see Box 4, Chapter 1 in this audit report and in Auditor-General Report No.43 2021–22 Effectiveness of the Management of Contractors — Department of Defence and Auditor-General Report No.45 2021–22 Effectiveness of the Management of Contractors — Department of Veterans’ Affairs .

5.3 The data reviewed by the ANAO for this audit series (Table 5.2 below) shows that the number of contractors engaged by the audited agencies ranged from 7.4 per cent to 34.1 per cent of the agency’s total workforce. This data, and other information provided to the ANAO, indicates that there are a large number of contractors doing work in and as part of the operations of the audited agencies, alongside APS personnel, as part of a mixed workforce.

Table 5.2: Contractor and total workforce numbers advised by the audited agencies

Note a: Entities do not use the same methods for counting contractors. FTE is a count of all hours worked at a point in time and then converted to the number of full-time staff. ‘Headcount’ is all people employed at the time of the snapshot and includes employees on extended leave. Refer Appendix 3: Measures for reporting on workforce size.

Note b: Includes APS, Australian Defence Force (ADF) and external workforce personnel (including contractors, consultants and other outsourced providers). Defence figures for the number of contractors and total workforce is an estimate.

Source: Department of Defence external workforce census, March 2022 and DVA and Services Australia data as at 30 June 2021. The contractor headcount for Services Australia and DVA is the number of individuals categorised as ‘labour hire’ or ‘contractor’ in Services Australia’s ‘Contingent Workforce’ report. The ‘Contingent Workforce’ report is extracted from Services Australia’s Human Resource management system. The report identifies individuals that are not engaged by DVA/Services Australia as APS employees, who have access to entity systems.

Ethical and personnel security requirements

5.4 In this audit series the ANAO observed that individual agencies determine the extent to which the ethical and integrity frameworks that apply to APS employees (which include the ethical requirements of the Public Service Act 1999 and the resource management requirements of the Public Governance, Performance and Accountability Act 2013) also apply to contractors and other non-APS personnel engaged by the agency. These decisions are captured in, and managed through, contracts rather than through the specialised human resources capabilities that have been established in agencies for the management of APS employees.

5.5 This discretionary approach applies in an agency operating environment where a large number of contractors are doing work in and as part of the operations of APS agencies, alongside APS personnel, as part of a mixed workforce. On that basis, the rationale for a discretionary approach is not clear. 85 One risk of adopting a discretionary approach is that it may give rise to unequal behavioural expectations across personnel types within workplaces, and the risk of inconsistent management of personnel behaviours.

5.6 Across the audited agencies, each agency had established policies and processes for inducting contractors into the behaviours and expectations of the entity and relevant Commonwealth legislation. However, each of the selected agencies had scope to improve assurance about the completion of induction processes by contracted personnel.

5.7 Similarly, each of the audited agencies had mostly established policies and processes to comply with the personnel security requirements reviewed by the ANAO. These were PSPF policies 12–14 relating to the eligibility and suitability of personnel, the ongoing assessment of personnel, and the management of separating personnel. While clear and accessible policies and processes had been established for all personnel types for most requirements, assurance that implementation was effective was limited.

Parliamentary committee and other review recommendations

5.8 The Auditor-General has not made recommendations in this audit series on data collection and reporting relating to the non-APS workforce, and the application of ethical and integrity frameworks to non-APS personnel involved in Australian Government administration.

5.9 Recommendations on these issues were directed to the APSC and/or Finance by committees of the 46th Parliament and the Thodey Review.

5.10 The observations and recommendations of these Parliamentary committees and the Thodey Review are reported at paragraphs 1.14 – 1.24 of this audit report.

5.11 In addition, one part of recommendation 7 of the Thodey Review was that the ‘APSC and Finance ensure that all agencies extend APS integrity requirements to service providers, long-term APS contractors and consultants’. 86 The Review included the following implementation guidance for this recommendation:

Build on current measures — including incorporating the APS Values in contracts — in extending APS integrity arrangements to service providers, long-term APS contractors and consultants. Make APS integrity requirements standard contractual obligations for individuals or organisations accepting payment from the Commonwealth. 87

Key messages from this audit series for all APS agencies

Below is a summary of key messages, including instances of good practice, which have been identified in this series of audits and may be relevant for the operations of other APS agencies.

Procurement

Each audited agency had established guidance to inform the use of contractors. The approach to guiding decisions was unique to each agency. Services Australia’s guidance reflected its workforce planning in the areas of its business that use the most contractors. Defence’s guidance served to draw together the key matters to be considered when engaging a contractor.
Each audited agency had established contracting templates, deeds and clauses to help operationalise agency requirements when engaging non-APS personnel.

Contract management

To support the effective management and supervision of contractors, each audited agency had considered the availability of training and guidance.
Each audited agency had well-designed induction arrangements to assist contractors to understand their workplace obligations and the agency’s cultural and behavioural expectations. Monitoring the completion of induction requirements provides assurance that obligations and expectations are understood.
To be sure that policies and processes have been implemented as expected, assurance arrangements such as the Security Quarterly Action Plan approach established by DVA to check on the implementation of security requirements can assist.

Appendix 1 Entity responses

The response from Services Australia. You can find a summary of the response in the summary and recommendations chapter of this report.

Appendix 2 Performance improvements observed by the ANAO

1. The fact that independent external audit exists, and the accompanying potential for scrutiny, improves performance. Program-level improvements usually occur: in anticipation of ANAO audit activity; during an audit engagement as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

strengthening governance arrangements;
initiating reviews or investigations; and
introducing or revising policies or guidelines.

4. In this context, the below improvements were observed by the ANAO during the course of the audit. It is not clear if these actions and/or the timing of these actions were already planned before this audit commenced. The ANAO has not sought to obtain reasonable assurance over the source of these improvements or whether they have been appropriately implemented.

5. The following performance improvements were observed by the ANAO during the course of this audit:

As discussed in paragraph 2.9, Services Australia has developed workforce strategies to support workforce planning in its service delivery and ICT workforces that are intended to guide decisions on workforce supply, including for the use of contractors. Services Australia advised the ANAO in January 2022 that it is planning to refresh its current Strategic Workforce Plan later in 2022 and will consider where similar approaches could be applied across the rest of the agency (see paragraph 2.10).
As discussed in paragraphs 3.36 and 3.37, Services Australia advised the ANAO that it is developing governance processes around enterprise mandatory training including a communications plan, and monthly reporting on training completion rates.
As discussed in paragraph 3.43, Services Australia’s Personnel Security Policy does not include a requirement to obtain an individual’s agreement to comply with government policies, standards, protocols and guidelines that safeguard resources from harm, as required under Supporting Requirement 1(c) of PSPF Policy 12. Services Australia advised the ANAO in March 2022 that its declaration for handling personal information form ‘could be expanded to require a more general declaration to comply with the broader range of government policies, standards, protocols and guidelines that safeguard resources from harm’ (see paragraph 3.44).
As discussed in paragraphs 3. 50–3 .51 and 3. 56–3 .57, Services Australia advised the ANAO that over the last 6 months, police check information has been included in reporting used to forecast future contractor extensions. Services Australia also advised that since September 2021, it has been checking that existing pre-engagement pack (PEP) information is accurate and up-to-date.

Appendix 3 Measures for reporting on workforce size

1. The Australian Public Service Commission (APSC) provides information on measures used to report on workforce size. 88

2. Each year a ‘snapshot’ of data concerning all Australian Public Service (APS) employees as at 30 June and 31 December is released by the APSC. The data is provided by agencies and is drawn from the Australian Public Service Employment Database. APS employment data includes:

demographic variables including age, gender and work location;
classification level of APS employees, from trainee to Senior Executive Service;
diversity data including voluntary items self-reported by APS staff such as disability status, Indigenous status, and cultural diversity; and
staff movements including engagements, separations and transfers between agencies.

3. The reported size of the APS workforce is a headcount of all people employed at the time of the snapshot. This figure does not adjust for hours worked and it includes any employees who are on extended leave (for 3 months or more), including those on maternity leave and leave without pay.

1. This figure is different to Average Staffing Level (ASL) data provided in the Federal Budget papers. The ASL counts staff for the time they work. For example, a full-time employee is counted as one ASL, while a part time employee who works three full days per week contributes 0.6 of an ASL. The ASL averages staffing over an annual period. It is not a point in time calculation.

2. The Government places a cap on ASL. This is applied across the General Government Sector (which incorporates all of the APS and a range of other government agencies). ASL caps are published in the Federal Budget Papers each year.

3. Another measure of employee numbers used by both private and public sector organisations is Full Time Equivalent (FTE). This is a count of all hours worked at a point in time and then converted to the number of full-time staff. For example, two staff each working 0.6 days per week would be counted as 1.2 FTE.

Appendix 4 Services Australia’s contractor data at 30 June 2021

1. Services Australia’s records indicate that it had 4269 contractors at 30 June 2021. The figures below provide further information about the agency’s contractors including the Services Australia organisational group they worked in, and length of service at 30 June 2021.

2. Figure A.1 below illustrates the 4269 contractors, at 30 June 2021, by Services Australia organisational group.

Figure A.1: Agency contractors at 30 June 2021 by Services Australia organisational group

Source: ANAO analysis of Services Australia data.

3. Figure A.2 illustrates the length of service for the agency’s 4269 contractors. As shown in Figure A.2, based on their most recent contract start date, the largest group of Services Australia’s contractors at 30 June 2021 had been engaged for less than a year (1186 or 42.5 per cent), while 316 (7 per cent) of contractors had been engaged for between five and 10 years.

Figure A.2: Services Australia’s contractors at 30 June 2021 by length of service a

Note a: Services Australia advised the ANAO that its length of service calculation reflects an individual’s most recent continuous period of service with Services Australia, regardless of contract type. For the 48 individuals without a length of service calculation, Services Australia informed the ANAO that the data provided begins from 29 September 2011, and for non-APS personnel that commenced before this date their actual start date is not readily available in the system for the purposes of calculating length of service. Based on this advice, it is possible that the length of service for these 48 individuals was greater than 10 years as at 30 June 2021.

1 Australian Public Service Commission, APS Employment Data 31 December 2021 [Internet], 25 March 2022, available from https://www.apsc.gov.au/employment-data/aps-employment-data-31-december-2021 [accessed 20 May 2022]. The number of APS agencies differs from the total number of Australian Government entities and companies, as not all employ staff under the Public Service Act 1999 . The Department of Finance reported a total of 187 Australian Government entities and companies as at 19 April 2022. See https://www.finance.gov.au/government/managing-commonwealth-resources/structure-australian-government-public-sector/pgpa-act-flipchart-and-list [accessed 10 June 2022].

The APSC data indicates that the number of ongoing (permanent) APS employees as at 31 December 2021 was 136,284. Ongoing employees made up 87.5 per cent of the APS workforce. There were also 19,512 non-ongoing APS employees at 31 December 2021. Non-ongoing employees in the APS are employed for a specified term, or for the duration of a specified task, or to perform duties that are irregular or intermittent (casual). Of all non-ongoing employees at 31 December 2021, 10,816 (55.4 per cent) were employed for a specified term or the duration of a specified task, and 8,696 (44.6 per cent) were employed on a casual basis.

2 Key elements of the framework are the APS Values (set out in section 10 of the PS Act), APS Employment Principles (in section 10A), APS Code of Conduct (in section 13) and the Australian Public Service Commissioner’s Directions about the APS Values and employment matters made under sections 11 and 11A.

3 Department of Finance, Contract Characteristics [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/contract-characteristics [accessed 20 January 2022].

4 Australian Public Service Commission, Delivering for Tomorrow: APS Workforce Strategy 2025 [Internet], 18 March 2021, p. 27, available from https://www.apsc.gov.au/initiatives-and-programs/aps-workforce-strategy-2025 [accessed 6 January 2022].

5 Australian Public Service Commission, Guiding principles for agencies when considering the use of SES contractors [Internet], 14 May 2021, available from https://www.apsc.gov.au/working-aps/aps-employees-and-managers/senior-executive-service-ses/senior-executive-service-ses/contractors-senior-executive-service [accessed 3 December 2021].

6 The SES is established by section 35 of the PS Act, which states that the function of the SES is to provide APS-wide strategic leadership.

7 Attorney-General’s Department, About PSPF [Internet], available from https://www.protectivesecurity.gov.au/about [accessed 27 January 2022].

8 This was Services Australia’s response to a question on notice, from the Chair of the Senate Finance and Public Administration References Committee on 20 July 2021, asked as part of the committee’s inquiry into the Current Capability of the APS.

9 These reviews and inquiries, discussed in Chapter 1 at paragraphs 1.14–1.24, include the: 2015 report of the Independent Review of Whole-of-Government Internal Regulation; 2017 to 2019 Joint Committee of Public Accounts and Audit (JCPAA) Inquiry into Australian Government Contract Reporting — Inquiry based on Auditor-General’s report No. 19 ( 2017–18 ); 2019 report of the Independent Review of the APS; 2021 second interim report of the Senate Select Committee on Job Security; and 2021 report of the Senate Finance and Public Administration References Committee Inquiry into the Current Capability of the APS.

10 See Auditor-General Report No.43 2021–22 Effectiveness of the Management of Contractors — Department of Defence .

11 See Auditor-General Report No.45 2021–22 Effectiveness of the Management of Contractors — Department of Veterans’ Affairs .

12 Australian Public Service Commission, APS Employment Data 31 December 2021 [Internet], 25 March 2022, available from https://www.apsc.gov.au/employment-data/aps-employment-data-31-december-2021 [accessed 20 May 2022]. The number of APS agencies differs from the total number of Australian Government entities and companies, as not all employ staff under the Public Service Act 1999 . The Department of Finance reported a total of 187 Australian Government entities and companies as at 19 April 2022. See https://www.finance.gov.au/government/managing-commonwealth-resources/structure-australian-government-public-sector/pgpa-act-flipchart-and-list [accessed 10 June 2022].

13 Key elements of the framework are the APS Values (set out in section 10 of the PS Act), APS Employment Principles (in section 10A), APS Code of Conduct (in section 13) and the Australian Public Service Commissioner’s Directions about the APS Values and employment matters made under sections 11 and 11A.

14 Department of Finance, Contract Characteristics [Internet], available from https://www.finance.gov.au/government/procurement/buying-australian-government/contract-characteristics [accessed 20 January 2022].

15 Australian Public Service Commission, Delivering for Tomorrow: APS Workforce Strategy 2025 [Internet], 18 March 2021, p. 27, available from https://www.apsc.gov.au/initiatives-and-programs/aps-workforce-strategy-2025 [accessed 6 January 2022].

16 The SES is established by section 35 of the PS Act, which states that the function of the SES is to provide APS wide strategic leadership.

17 Australian Public Service Commission, Guiding principles for agencies when considering the use of SES contractors [Internet], 14 May 2021, available from https://www.apsc.gov.au/working-aps/aps-employees-and-managers/senior-executive-service-ses/senior-executive-service-ses/contractors-senior-executive-service [accessed 3 December 2021].

18 ibid., paragraph 1.

19 ibid., paragraph 8.

20 The APSC advised the ANAO in June 2022 that:

The Commission notes that the procurement of labour hire and contractor services is not considered employment of personnel under the Public Service Act 1999 . Rather, APS agencies must follow the CPRs when procuring these services and seek guidance from the Department of Finance. We note that the report makes multiple references to the Commission not issuing guiding principles for the use of non-SES contractors in APS agencies. As a point of correction, it is not part of the APSC remit to provide guiding principles for the use of non-SES contractors. It is a matter for the Department of Finance and the report should reflect this.

The Australian Public Service Commissioner’s functions include monitoring, reviewing and reporting on effective performance of the APS. The Contractors in the Senior Executive Service (SES) guidance was created in support of this function as the SES provide APS-wide strategic leadership of the highest quality and are responsible for ensuring effective performance, which extends to SES contractors.

21 The definition of an ‘official’ and the duties of officials are discussed in: Department of Finance, General duties of officials: Resource Management Guide No.203 [Internet], November 2016, available from https://www.finance.gov.au/government/managing-commonwealth-resources/general-duties-officials-rmg-203 [accessed 27 January 2022].

22 Attorney-General’s Department, About PSPF [Internet], available from https://www.protectivesecurity.gov.au/about [accessed 27 January 2022].

23 Attorney-General’s Department, Personnel security [Internet], available from https://www.protectivesecurity.gov.au/policies/personnel-security [accessed 27 January 2022].

The applicable PSPF policies are: Policy 12: Eligibility and suitability of personnel; Policy 13: Ongoing assessment of personnel; and Policy 14: Separating personnel.

25 Barbara Belcher, Independent Review of Whole-of-Government Internal Regulation Report to Secretaries Committee on Transformation, Volume 2 Assessment of key regulatory areas [Internet], August 2015, available from https://www.finance.gov.au/sites/default/files/2020-05/independent-review-of-whole-of-government-internal-regulation-volume-2-report.pdf [accessed 7 December 2021].

The review was commissioned to critically assess and recommend modification to government regulations.

26 ibid., p. 154.

27 ibid., p. 156.

28 See also Appendix 3 of this audit on average staffing level and headcount.

29 Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service , 13 December 2019, pp. 185–187 , available from https://www.pmc.gov.au/sites/default/files/publications/independent-review-aps.pdf [accessed 28 January 2022]. The review examined the governing legislation, capability, culture and operating model of the APS.

30 ibid., p. 185.

31 The JCPAA initiated its inquiry in December 2017 to consider Auditor-General Report No.19 2017–18 Australian Government Procurement Contract Reporting . This information report contained ANAO analysis of publicly available data published by the Department of Finance on public sector procurement contracting activity. See the ANAO submission to the inquiry, available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/AGReport19/Submissions [accessed 4 February 2022].

As part of its inquiry the JCPAA requested details of expenditure on contractors, consultants and labour hire workers from selected government entities. The JCPAA asked these entities for the following information in respect to non-consultancy services:

Contractors directly procured by the entity for labour (for the provision of either long or short term additional labour capacity) and on-hire contractors.
A list of the top three categories of work for which contractors have been most frequently engaged, for each of the past five financial years [ 2012–13 , 2013–14 , 2014–15 , 2015–16 , 2016–17 ].
Provide expenditure figures on contractors for each of the past five financial years, including a breakdown of expenditure against the top three categories of work.

Entity responses to the JCPAA are available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/AGReport19/Submissions [accessed 4 February 2022].

The JCPAA issued a statement on 11 April 2019 stating that the committee had decided not to issue a report based on the inquiry. The announcement is available from https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit/AGReport19 [accessed 28 January 2022].

32 Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service , 13 December 2019, p. 186, available from https://www.pmc.gov.au/sites/default/files/publications/independent-review-aps.pdf [accessed 28 January 2022].

33 ibid., p. 185.

34 ibid., p. 187.

35 Senate Select Committee on Job Security, Second interim report: insecurity in publicly-funded jobs [Internet], October 2021, available from https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Job_Security/JobSecurity/Second_Interim_Report [accessed 4 February 2022].

The report is part of a wider inquiry into job security. The committee was established to examine and report on the impact of insecure or precarious employment. The committee’s first interim report (June 2021) examined ‘on-demand platform work’ in Australia. A third interim report (November 2021) examined labour hire and contracting, with a specific focus on the mining, agriculture, transport and distribution sectors. A fourth interim report (February 2022) examined a number of remaining issues such as casual work, and focused on the retail and hospitality sectors. The committee’s final report (March 2022) related to a possible matter of parliamentary privilege.

36 ibid., paragraph 11.14.

ANAO comment: the AusTender data drawn upon by the second interim report was sourced from the Thodey Review. See Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service , 13 December 2019, p. 186.

37 See paragraphs 1.16–1.18 of this audit.

38 Senate Select Committee on Job Security, Second interim report: insecurity in publicly-funded jobs [Internet], October 2021, paragraph 11.13, available from https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Job_Security/JobSecurity/Second_Interim_Report [accessed 4 February 2022]. See also paragraphs 12. 12–12 .15 and 15. 22–15 .25.

39 ibid., paragraph 15.26.

40 Senate Finance and Public Administration References Committee, The current capability of the Australian Public Service (APS) [Internet], November 2021, inquiry page available from https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Finance_and_Public_Administration/CurrentAPSCapabilities [accessed 2 December 2021].

The inquiry examined the current capability of the APS with particular reference to: the APS’ digital and data capability, including co-ordination, infrastructure and workforce; whether APS transformation and modernisation projects initiated since the 2014 Budget have achieved their objectives; the APS workforce; and any other related matters.

41 ibid., paragraph 1.1.

42 ibid., paragraphs 2. 12–2 .19.

43 ibid., paragraphs 5. 28–5 .29.

44 The committee recorded at paragraph 3.61 of its November 2021 report that this followed receipt of APSC advice that the APSC did not collect data on the number of labour hire workers used by agencies to supplement their workforces. The APSC confirmed that it only collected data in relation to public servants and people employed under the PS Act, and that data on labour hire was held by agencies. See Senate Finance and Public Administration References Committee, APS Inc: undermining public sector capability and performance [Internet], November 2021, available from https://parlinfo.aph.gov.au/parlInfo/download/committees/reportsen/024628/toc_pdf/APSIncunderminingpublicsectorcapabilityandperformance.pdf;fileType=application%2Fpdf [accessed 8 February 2022].

45 The committee recorded at paragraph 3.67 of its November 2021 report that it asked for:

The staffing profile for the agency as at 1 July 2021, broken down into: APS ongoing employees: headcount and Average Staffing Level (ASL); APS non-ongoing employees: headcount and ASL; Labour hire staff: headcount and Full-Time Equivalent (FTE); and Other contractors: headcount and FTE. The percentage of staff engaged through labour hire arrangements as a percentage of total agency headcount. The total value of labour hire contracts entered into between 1 January 2021 and 30 June 2021.

46 Senate Finance and Public Administration References Committee, APS Inc: undermining public sector capability and performance [Internet], November 2021, paragraphs 3. 68–3 .69, available from https://parlinfo.aph.gov.au/parlInfo/download/committees/reportsen/024628/toc_pdf/APSIncunderminingpublicsectorcapabilityandperformance.pdf;fileType=application%2Fpdf [accessed 8 February 2022].

47 Services Australia is part of the Social Services portfolio. Its Chief Executive Officer is the Agency Head under the PS Act and the accountable authority under the PGPA Act. As a non-corporate Commonwealth entity under the PGPA Act, Services Australia is not a body corporate.

48 Services Australia, Annual Report 2020–21 [Internet], p. 3, available from https://www.servicesaustralia.gov.au/annual-report-2020-21?context=1 [accessed 8 February 2022].

Services Australia’s Corporate Plan 2021–22 states that the agency’s purpose is: ‘To support Australians by efficiently delivering high quality, accessible services and payments on behalf of government.’ Available from https://www.servicesaustralia.gov.au/corporate-plan?context=1 [accessed 11 February 2022].

49 For the purpose of this audit, both contractors and labour hire are referred to as ‘contractors’ as these two personnel types are contracted personnel engaged pursuant to a contract to perform a role that is part of the operations of the agency. Taken together, these two groups align with the definition of ‘contractor’ used by the Department of Defence, which enables broad comparison of the arrangements for the management of contractors across the three audits in this series.

50 Services Australia advised the ANAO in March 2022 that the job families where labour hire and contractor personnel can work include: Accounting and Finance, Administration, Communication and Marketing, Compliance and Regulation, Data and Research, Human Resources, ICT and Digital Solutions, Information and Knowledge Management, Intelligence, Legal and Parliamentary, Monitoring and Auditing, Policy, Portfolio, Program and Project Management, Science and Health, Service Delivery, and Trades and Labour. Services Australia further advised that Service Delivery Partner contractors are contracted to work in service delivery and therefore can only work in the Service Delivery Job Family.

51 In particular, paragraphs 5. 11–5 .16, as well as Box 5, discussed Defence’s engagement of contracted industry expertise to support implementation of the First Principles Review in relation to sustainment.

52 In particular, paragraphs 2. 77–2 .81 of that report.

53 In particular, paragraph 3.28 and Table 3.3 of that report discussed the Department of Human Services’ arrangements for supporting performance and quality improvements for contracted personnel.

54 In particular, pages 61–66 of the report documented specific probity issues identified in the course of the audit which related to the management of probity in the program, including by contracted personnel, and which required attention.

55 This audit concluded that Defence’s administration of contractual obligations relating to the Defence Industry Security Program were partially effective.

56 The audit examined whether contract managers were appropriately trained and experienced.

57 These information reports were neither an audit nor an assurance review, and no conclusions or opinions were presented.

58 The nine selected contracts comprised: four service delivery workforce contracts that were the four largest (by personnel engaged) contracts for the supply of non-ICT labour hire or contractors, based on Services Australia’s data as at 30 June 2021; and five ICT workforce contracts that were the five largest contracts for the supply of ICT labour hire, based on Services Australia’s advice as at 17 November 2021.

59 Australian Public Service Commission, Delivering for Tomorrow: APS Workforce Strategy 2025 [Internet], 18 March 2021, p. 27, available from https://www.apsc.gov.au/initiatives-and-programs/aps-workforce-strategy-2025 [accessed 6 January 2022].

60 In January 2022, Services Australia advised the ANAO that this work is ongoing, and forms part of the agency’s routine workforce and financial management processes.

The brief also shows that Services Australia has identified, at a high level, the advantages and disadvantages of its various sources of workforce supply, including labour hire. For labour hire, the identified advantages included high flexibility, ability to onboard in a short timeframe and moderate level of effort to manage and maintain, and the identified disadvantages included high cost of procurement, high level of turnover and high-level coordination to onboard and maintain.

61 The service delivery workforce comprises staffing from the following two groups: Customer Service Delivery Group; and Payments and Integrity Group.

62 Headcount as reported by Services Australia to the Senate Finance and Public Administration References Committee in the context of the committee’s Inquiry into the Current Capability of the APS. See paragraph 1.22.

63 Services Australia advised the ANAO that as at 30 April 2022, 4209 (87 per cent) of the 4851 contractors engaged were in the Technology and Digital Programmes (2792 personnel) or in Customer Service Delivery (1417 personnel).

64 The PSPF defines ‘personnel’ as employees and contractors, including secondees and any service providers that an entity engages. See PSPF Policy 12: Eligibility and suitability of personnel , v.2018.3, available from https://www.protectivesecurity.gov.au/publications-library/policy-12-eligibility-and-suitability-personnel [accessed 27 September 2021].

65 As noted in footnote 60, the service delivery workforce comprises staffing from the Customer Service Delivery Group and the Payments and Integrity Group.

66 See Figure A.1 in Appendix 4.

67 The nine selected contracts comprised: four service delivery workforce contracts that were the four largest (by personnel engaged) contracts for the supply of non-ICT contractors, based on Services Australia’s data as at 30 June 2021; and five ICT workforce contracts that were the five largest contracts for the supply of ICT contractors, based on Services Australia’s advice as at 17 November 2021.

68 Services Australia advised the ANAO in March 2022 that: ‘The Agency has the same assurance mechanisms to ensure compliance with policies, procedures, and guidelines for the APS, contractors and labour hire. Labour hire / contractors are supervised and provided with appropriate training to ensure work is delivered in accordance with contract arrangements. If concerns are identified, the relevant supervisor will escalate to the contractor personnel management (e.g. Labour Hire Account Manager/recruitment consultant etc.) or Procurement Branch for remedial action. Procurement Branch works closely with the Intelligence and Investigations Branch within Services Australia for any instances of fraud and unauthorised access. If labour hire / contractors do not comply with policies, procedures and guidelines, the contract arrangement has provisions for termination’.

69 Services Australia’s core performance standards include displaying behaviour consistent with the APS Values and Codes of Conduct.

70 Services Australia releases a new Mandatory Refresher Program every two years.

71 ANAO comment: technical training may include training in the use of ICT systems and tools specific to the role for which the person is engaged.

72 Protective Security Policy Framework (PSPF), Policy 12: Eligibility and suitability of personnel [Internet], v.2018.3, available from https://www.protectivesecurity.gov.au/publications-library/policy-12-eligibility-and-suitability-personnel [accessed 27 September 2021].

73 ANAO comment: the service is a national online system that allows organisations to check whether the biographic information on a customer’s identity documents match with the original record. The service is a secure system that operates 24/7 and matches key details contained on Australian-issued identifying credentials.

74 Under the PSPF maturity assessment model, ‘developing’ means: ‘Substantial implementation of the PSPF. Protective security requirements not fully implemented into business practices.’ ‘Managing’ means: ‘Complete and effective PSPF implementation. Protective security requirements integrated into business practices.’

Source: Attorney-General’s Department, Protective Security Policy Framework Assessment Report 2019–20 [Internet], p. 2, available from https://www.protectivesecurity.gov.au/system/files/2021-06/pspf_2019-20_consolidated_maturity_report.pdf [accessed 9 December 2021].

75 The ANAO reviewed email correspondence showing that in March 2020 the agency had in place processes for the application of temporary access waivers including appropriate approvals.

76 Services Australia’s guidance states that the framework aligns with the Commonwealth Procurement Rules (CPRs), the Accountable Authority Instructions, agency policy and the Australian Government Contract Management Guide issued by the Department of Finance.

77 Within Services Australia, contract managers may not have line management responsibility for the individual contractors provided under the contracts. For example, the four service delivery contracts discussed in paragraphs 3.6–3.12, are managed centrally by Services Australia’s Procurement Branch however, the labour hire staff provided under these arrangements are supervised by the relevant business areas. Source: Services Australia’s advice to the ANAO in March 2022.

78 Services Australia advised the ANAO in January 2022 that the face-to-face workshops would be developed as part of a new contract management training suite, with work planned to commence in March 2022. Services Australia further advised in June 2022 that:

The agency is preparing procurement documentation to approach the market and engage a supplier to develop a new Procurement and Contract Management training suite. This work was delayed due to the redeployment of staff to assist the agency process Pandemic Leave Disaster Payments and Australian Government Disaster Recovery Payments. Implementation of the new training suite is expected to commence in July 2022.

79 The contract managers were suggested by Services Australia.

80 Under the PSPF maturity assessment model, ‘developing’ means: ‘Substantial implementation of the PSPF. Protective security requirements not fully implemented into business practices.’

81 Under the PSPF maturity assessment model, ‘developing’ means: ‘Substantial implementation of the PSPF. Protective security requirements not fully implemented into business practices’.

82 To help business areas manage this requirement, the onboarding team in Services Australia sends automatic reminders to contractors and their line managers six weeks prior to a contract end date to allow for the process of removing system access for separating contractors.

83 The ANAO raised this as a ‘Category C’ finding in its audit of Services Australia’s 2018–19 financial statements. A Category C finding is defined as an issue that poses a low business or financial management risk to the entity; these may include accounting issues that, if not addressed, could pose a moderate risk in the future.

84 See Box 4, Chapter 1 in each audit report.

85 Conversely, the adoption of a discretionary approach for non-APS personnel may suggest that the rationale for the ethical and behavioural frameworks applying to APS employees is historical and may not be considered a fit-for-purpose approach for all workforce types involved in Australian Government administration. In that case there is scope to consider the applicability of relevant frameworks from first principles, for the whole workforce involved in Australian government administration.

86 Department of the Prime Minister and Cabinet, Our Public Service, Our Future: Independent Review of the Australian Public Service [Internet], 13 December 2019, pages 113 and 307, available from https://www.pmc.gov.au/resource-centre/government/independent-review-australian-public-service [accessed 30 May 2022].

87 The Australian Government’s 2019 response to the Thodey Review is available from: https://www.pmc.gov.au/resource-centre/government/delivering-for-australians [accessed 30 May 2022].

88 Australian Public Service Commission, APS Employment Data [Internet], available from https://www.apsc.gov.au/employment-data [accessed 31 May 2022].

Sydney gets a drenching as heavy rain, severe weather forecast for NSW today and tomorrow

It has been a wet and wild day across New South Wales with more extreme weather expected over the weekend.

In Sydney more than 160 millimetres of rain has fallen since 9am on Thursday, its heaviest in 4 years.

More than 45 flood alerts remain active across New South Wales on Friday night after intense rainfall saturated the state with the worst to come overnight.

7:13 AM 7:13 AM Fri 5 Apr 2024 at 7:13am Sydney cops heaviest rainfall in 4 years
7:01 AM 7:01 AM Fri 5 Apr 2024 at 7:01am Six injured in wet-weather crash
6:24 AM 6:24 AM Fri 5 Apr 2024 at 6:24am BOM issues flood warning for Hawkesbury and Nepean rivers

Live updates

Where to find emergency assistance and information.

By Luke Royes

For emergency assistance, contact SES in NSW or QLD on 132 500

If your life is at risk, call Triple-0 (000) immediately

For the latest weather updates visit the Bureau of Meteorology in NSW here

ABC Emergency contains planning and advice, an incident map and more

If you're not sure what to do when there's a flood, here's the best way to plan

Tune in to your local ABC Radio Station

Sydney cops heaviest rainfall in 4 years

By David Hirst

Here's a few facts and figures from our weather boffin Tom Saunders:

Sydney has already received its heaviest rain total in 4 years with more than 160mm since 9am yesterday (highest 48-hour total)
The heaviest rain today has been on the Mid North Coast. Taree with more than 100mm since 9am
A deluge will arrive overnight across parts of Sydney and the Illawarra, Blue Mountains and Hunter leading to severe flash flooding and rapid river rises, including up to 220mm in 6 hours on the Illawarra Escarpment
The torrential falls are part of a broader rain event which is soaking eastern Australia, and has triggered flood watches and warnings from southern Queensland to the NSW South Coast
More than 40 flood watches are current for NSW
The band of torrential rain is moving south and will clear from Sydney by about 8am, clear the Illawarra by late morning and clear from the South Coast by the evening

Six injured in wet-weather crash

Reporting by Adriane Reardon from the ABC South East NSW newsroom.

Six people, including two children, have been taken to hospital with injuries following a crash in wet weather south of Mudgee in the NSW central west.

Emergency services were called to the two-vehicle crash on the Castlereagh Highway, about 2pm today, where a ute and four-wheel drive had collided.

The male passenger in the ute, believed to be in his 60s, was flown to hospital with serious injuries, while the male driver, 55 was taken to Mudgee Hospital.

The driver of the four-wheel drive, a 34-year-old man, was also flown to hospital with serious injuries, while his 32-year-old female passenger was flown to hospital with critical injuries.

Two children in the back-seat, aged two and six, sustained minor injuries and taken to The Children’s Hospital at Westmead for observation.

A crime scene has been established and an investigation is underway.

Flooding at Parramatta River in Sydney's west

ABC photographer Timothy Ailwood is at Parramatta River. He's just filed this pic.

Storm damage to create 'significant work' for SES

NSW SES chief superintendent Dallas Burnes has this afternoon given an update on ABC News 24.

Mr Burnes said storm damage was going to "create more significant work for us".

He said the majority of call-outs had been for leaking roofs and fallen trees and there had been about half a dozen rescues.

Mr Burnes urged people to stay indoors tonight.

"If it's at nighttime and the road is flooded? Do not cross that roadway. You do not know what is under it. "The flood rescues we've undertaken today, the majority related to cars entering floodwater. That puts our volunteers' lives at risk."

Rain and thunderstorms continue in southern Queensland

A south-west Queensland town has shut its flood levee ahead of major flooding, as the Bureau of Meteorology (BOM) forecasts heavy falls for the south-east of the state into the weekend.

Senior forecaster Laura Boekel said rain and thunderstorms would continue today and tomorrow, with possible falls of up to 100 millimetres.

"It's very important to note that in some parts of the south and south-east, we're seeing moisture of the soil and the catchments quite high, so that means catchments, rivers, creeks can respond quite rapidly," she said.

"We could see responses from moderate rainfall this weekend."

BOM issues flood warning for Hawkesbury and Nepean rivers

The people at the Bureau of Meteorology have certainly had a busy day. They've just released another weather update.

Major flooding possible at Menangle and North Richmond from Saturday morning
Moderate flooding possible at Windsor and Putty Road from overnight Friday
Minor flooding likely at Camden Weir, Wallacia Weir, Penrith, Sackville and possible at Lower Portland from Friday evening

Rainfall totals of up to 150mm have been observed in the Hawkesbury Nepean catchment since 9am on Thursday.

Further heavy rainfall is forecast through the catchment for the remainder of Friday and into Saturday.

Minor flooding is likely along the Hawkesbury, Nepean and Colo Rivers from overnight Friday. With the forecast rainfall, further river level rises and moderate to major flooding is possible from Saturday morning along the Hawkesbury and Nepean Rivers.

Transport update for commuters

This is the latest from the Transport Management Centre.

Motorists and public transport passengers are advised to plan ahead and allow plenty of extra travel time due to severe weather in Sydney and surrounding areas.

Wakehurst Parkway is closed in both directions due to flooding between North Narrabeen and Oxford Falls.
Oxford Falls Road is closed in both directions due to flooding between Wakehurst Parkway and Aroona Road.
Other roads where motorists are advised to take extra care due to water on the road include: The Pacific Highway at Pymble, Centenary Drive at Strathfield, Pittwater Road at North Manly and Euston Road at St Peters

On public transport:

Passengers who need to travel on the Sydney Trains network are advised to allow plenty of extra travel time due to severe weather damaging equipment at Redfern, as well as slower boarding times.
Trains are running on all lines but there are some delays and gaps in service.
Plan ahead and avoid travel where possible.
Buses are supplementing trains between Campbelltown and Macarthur, and between Riverstone and Richmond.
Passengers are advised to listen to announcements and check information displays for service updates.
Buses are replacing ferries between Parramatta and Rydalmere due to the weir overflowing.

Parramatta River overflowing

This is the latest from the ABC's Elinya Chenery.

Heavy rainfall has caused minor flooding in Sydney's west this afternoon.

The Parramatta River is overflowing in low lying areas after the water level raised above 2 metres in height.

Areas affected by the flooding include the Parramatta Ferry Wharf and footbridges across the river.

Authorities say further flooding is expected in the area in the coming hours.

Communities on Mid North Coast without power

Some communities along parts of the Bellingen River on the NSW Mid North Coast are completely isolated by flood water and without power.

Residents in the localities of Thora and Darkwood are affected, and NSW SES crews will be undertaking welfare checks.

"We've got some communities there that are completely isolated by floodwater," NSW SES spokesperson Andrew Edmunds said on the ABC statewide drive program.

"They may find themselves without power, water and other essential services."

Isolated residents in those communities are being urged to contact the NSW SES on 132 500 if they need assistance with supplies.

NSW SES advises people not to go outside

The NSW State Emergency Service (SES) is advising people to stay indoors and avoid unnecessary travel as significant rainfall impacts much of the NSW east coast.

A severe storm warning is in place for communities from Gosford in the north, to Batemans Bay in the south, across to Goulburn, with damaging winds and very heavy rain possible. Meanwhile, residents on the Bellingen River at Thora and Darkwood have been advised to prepare for isolation.

Residents in these communities may find themselves cut off by flood water and without power, water and other essential services.

NSW SES Assistant Commissioner Sean Kearns said conditions were likely to worsen over the next few hours.

"There's potential for very large downpours of rain between the Blue Mountains and Narooma, which could lead to life-threatening flash flooding," Assistant Commissioner Kearns said.

The NSW SES said it had responded to more than 800 incidents in the last 24 hours.

Prepare to evacuate alert in Chipping Norton

The NSW SES has issued a prepare to evacuate and watch and act notice for people in low lying areas of eastern parts of Chipping Norton.

Those in the following area are being told to prepare to evacuate due to predicted dangerous flooding:

All properties in the following streets in Chipping Norton:
Newbridge Road between Riverside Road and east to Georges River
Riverside Road between Childs Road and Newbridge Road
Davy Robinson Drive
Rickard Road
Arthur Street

You should monitor the situation and prepare to evacuate so that you can safely evacuate when instructed to do so by NSW SES. There's more detail on Facebook here .

More than 100 flights cancelled at Sydney Airport

The wild weather has not surprisingly caused issues at Sydney Airport with more than 100 flights cancelled through domestic arrivals and departures.

A Sydney Airport spokesperson urged passengers to check with their airline regarding the status of their flight.

Is public transport in Sydney affected by the weather?

Sydney Trains and Ferries asked commuters to take "extra care" as surfaces can be slippery when wet
Transport for NSW is advising to allow for extra travel time on the T1, T2, T3, T8 and T9 train lines due to weather damaging equipment at Redfern
Transport for NSW says there are no significant delays on Sydney's bus network

Hundreds of sandbags at the ready in Gosford

SES NSW volunteers fill sandbags in Gosford while seated under tents.

Hundreds of sandbags are ready and waiting for collection at the NSW SES Gosford depot on the Central Coast in preparation for more rain to come.

Members of the community volunteered their time to help fill the bags today, along with those from the Terrigal Rugby Union Club.

Gosford has received more than 70 millimetres so far today, according to data from the Bureau of Meteorology.

BOM updates flood warning

The Bureau of Meteorology has updated its Flood Watch which now includes major flooding on:

Myall River
Lower Hunter River
Upper Nepean River
Hawkesbury and Lower Nepean River
Georges and Woronora River
Macquarie River to Bathurst

Click here for regular Flood Watch updates from the BOM .

Major delays on state's rail networks

Transport for NSW says there are "major delays" across the Sydney Trains and NSW Trainlink networks because of the heavy rain.

Passengers are advised to avoid non-essential travel.

Buses may supplement some services.

If you do need to travel though, Transport for NSW advises you to allow plenty of extra time.

Flooding impacts Newell Highway

Flooding continues to impact the Newell Highway in the state's north, which remains closed between Boggabilla and Moree.

Motorists travelling north from Moree can take a diversion using the Carnarvon Highway and the Barwon Highway to Goondiwindi.

The southbound diversion is the same in reverse and is also suitable for all vehicles.

The alternate route between the two towns is about 2.5 hours long.

Hawkesbury SES commander says it's a 'waiting game' at the moment

By Millie Roberts

Jessica Kidd from the Sydney newsroom spoke to Kevin Jones from the Hawkesbury SES just then.

He said the volunteers were busily checking equipment and making sure everything was "good to go" as the unit prepared for rain in the Hawkesbury expected tonight.

"We're really at the moment just playing a bit of a waiting game, waiting for the rain to come," he said. "It seems to have not been as bad as they were predicting up on the north coast, but as it comes further south it looks like … there's still a chance that it's going to be a bit more intense."

Mr Jones said the local community is "definitely much more aware" on this occasion after going through "so many floods", which has helped with preparations today.

Power restored to hundreds of buildings in Sydney's CBD

Ausgrid says power has been restored to hundreds of businesses and homes after "significant rainfall" caused a major power outage.

It said 1,300 customers were affected after a substation flooded on Goulburn and Pitt streets.

Power has now been restored to more than 1,250 customers after the water was pumped offsite.

It said the "bulk" of affected customers have their lights back on, but a small number may still be out at this point in time.

Work & Careers
Life & Arts

Become an FT subscriber

Try unlimited access Only $1 for 4 weeks

Then $75 per month. Complete digital access to quality FT journalism on any device. Cancel anytime during your trial.

Global news & analysis
Expert opinion
Special features
FirstFT newsletter
Videos & Podcasts
Android & iOS app
FT Edit app
10 gift articles per month

Explore more offers.

Standard digital.

FT Digital Edition

Premium Digital

Print + premium digital.

Today's FT newspaper for easy reading on any device. This does not include ft.com or FT App access.

10 additional gift articles per month
Global news & analysis
Exclusive FT analysis
Videos & Podcasts
FT App on Android & iOS
Everything in Standard Digital
Premium newsletters
Weekday Print Edition

Essential digital access to quality FT journalism on any device. Pay a year upfront and save 20%.

Everything in Print
Everything in Premium Digital

Complete digital access to quality FT journalism with expert analysis from industry leaders. Pay a year upfront and save 20%.

Terms & Conditions apply

Explore our full range of subscriptions.

Why the ft.

See why over a million readers pay to read the Financial Times.

International Edition

We've detected unusual activity from your computer network

To continue, please click the box below to let us know you're not a robot.

Why did this happen?

Please make sure your browser supports JavaScript and cookies and that you are not blocking them from loading. For more information you can review our Terms of Service and Cookie Policy .

For inquiries related to this message please contact our support team and provide the reference ID below.

Individuals myGov is a simple and secure way to access online government services.
PRODA Log in to access HPOS, Business Hub, Aged Care Provider Portal and a range of other government online services.
Centrelink Business Online
Child Support Business Online
A guide to Australian Government payments
Evaluations and reports
Reports to Parliament
Statistical information and data

Annual reports

Our current and previous annual reports.

You can read our current 2022-23 - Services Australia annual report.

Previous annual reports

You can read previous annual reports for Services Australia (formerly the Department of Human Services). These include the Child Support Agency, Medicare, Centrelink and CRS Australia.

On 27 February 2015 CRS Australia ceased to provide services.

2021-22 - Services Australia
2020-21 - Services Australia
2019-20 - Services Australia

View the annual report archive for more annual reports from Department of Human Services, Centrelink, Child Support, Medicare Australia, CRS Australia and the Health Insurance Commission.

The purpose of the report is to describe Services Australia's activities during 2022-2023.

The purpose of the report is to describe Services Australia's activities during 2021-22.

The purpose of the report is to describe Services Australia's activities during 2020-21.

The purpose of the report is to describe Services Australia's activities during 2019-20.

Previous annual reports for Services Australia (formerly the Department of Human Services), including Child Support, Medicare, Centrelink and CRS Australia.

This information was printed 10 April 2024 from https://www.servicesaustralia.gov.au/annual-reports . It may not include all of the relevant information on this topic. Please consider any relevant site notices at https://www.servicesaustralia.gov.au/site-notices when using this material.

Printed link references

COMMENTS

How to report and manage your payment
You can also report your income by: using the Express Plus Centrelink mobile app. calling 133 276 (13 EARN). You'll need to call us on Centrelink employment services line if any of these apply: you can't update your employment income online. you're not sure how to report your back pay.
How to report your income to Centrelink
Reporting online. To do this, you can use your Centrelink online account or the Express Plus Centrelink mobile app. Our reporting employment income online guide can help you use your online account to report. If you don't need to report regularly, you can tell us about changes to your or your partner's income online.
Employment income reporting
Services Australia acknowledges the Traditional Custodians of the lands we live on. We pay our respects to all Elders, past and present, of all Aboriginal and Torres Strait Islander nations. ABN - 90‍ ‍794‍ ‍605‍ ‍008 ...
Show you did paid work
The most hours you can report at once is 100 hours. If you need to report more, you can do another report. The hours of work you report should be the same as those you've reported, or will report to Services Australia. How to calculate hours worked. Follow these steps to calculate the hours of paid work that you can report each period:
Manage your payments
Keeping your details up to date. If you get a payment from Services Australia, you need to tell them about any changes in your circumstances. These can include changes to your: employment status. income estimate. contact details. Find out more about change of circumstances for different payments on the Services Australia website.
Reporting incorrect billing, claiming, or suspected fraud
You can report these things to other authorities: Reports about fake vaccine certificates - submit these to Services Australia (Proof of COVID-19 vaccinations for businesses - Running a business - Services Australia) Reports about patient safety or harm - submit these to the Australian Health Practitioner Regulation Agency .
Other components of your STP reporting
Services Australia will use the YTD amounts in this STP report as your starting YTD balances. Use your preferred child support reporting channel to report your child support deduction amounts. You must include your child support deductions from the start of the calendar month up to and including the pay period you have sent the STP report for.
Simplified Income Reporting for Income Support Recipients
Services Australia conducted communication activities to advise customers of the changes in the lead up to 7 December 2020. Prior to 7 December 2020, payment recipients had to make a calculation to report their, or their partner's, gross earnings based on the number and value of shifts they have worked.
More than 1 million Services Australia claims yet to be processed
People still waiting. Services Australia chief executive officer David Hazlehurst told Senate estimates that 1.1 million claims had yet to be processed as of December 31. "Reducing this backlog is ...
Services Australia
Contact us if you are not satisfied with Services Australia's response to your complaint. To contact us: Submit our online complaint form (preferred) Call us on 1300 362 072. Contact us through the National Relay Service. If you are a non-English speaking person, we can help through the Translating and Interpreter Service (TIS) on 131 450.
Report and recover from scams
Report online scams to National Anti-Scam Centre - Scamwatch. Your report helps to warn people about current scams and disrupt them where possible. You'll need to provide details of the scam, such as a screenshot or text of the email or text. Services Australia. Contact the Services Australia Scams and Identity Theft Helpdesk. They can ...
Make a report
Non-English speakers can access these services through the Translating and Interpreting Services (TIS) by calling 131 450. TIS is available 24/7. If you are deaf and/or find it hard hearing or speaking with people who use a phone, the National Relay Service (NRS) can help you. The NRS is available 24/7.
When to report your income to Centrelink
You can report online up to 13 days after your reporting date. If you're more than 13 days late, you need to call us on your regular payment line. There are 2 types of reporting: scheduled reporting. unscheduled reporting. If you've linked your Centrelink online account to myGov you can tell us when you start working online.
Session reports for previous financial years
A parent at your service has received a notification from Services Australia that the number of hours they were entitled to CCS for a period in the previous financial year has increased from 36 to 100 hours per fortnight. The parent asks you to resubmit their session reports to reflect the extra CCS hours they were entitled to.
Services Australia
The 'Independent Review of Services Australia and NDIA Procurement and Contracting' report published in March 2023 contains 12 recommendations for Services Australia relating to the use of limited tenders, transparency, ... Services Australia's total budgeted assets for 2023-24 are just under $6.7 billion, with 19 per cent of these ...
Services Australia Notes to And Forming Part of The Financial
As part of the Machinery of Government changes announced on 5 December 2019, Services Australia was established as an Executive Agency within the Social Services portfolio on 1 February 2020. In line with this change, Services Australia's outcome statement has been amended to omit reference to the provision of policy advice, whilst continuing ...
Australian government spent $52m more on welfare calculator after
But after a detailed report on SecureFast was delivered to Services Australia in August 2022, the department spent a further $52.5m on the calculator designed by Infosys, before abandoning it.
Report on Government Services 2023
The Report on Government Services (RoGS) provides information on the equity, effectiveness and efficiency of government services in Australia. The 2023 RoGS was progressively released between 24 January and 7 February 2023. Register to keep informed Impact of COVID-19 on data in the 2023 Report COVID‑19 may affect data in this Report in a ...
Handling of personal information: Services Australia (formerly
For the purposes of this report, Services Australia is referred to as DHS as this was the department's name at the time of the assessment.. [2] Office of the Australian Information Commissioner's Guidelines on Data Matching in Australian Government Administration , June 2014, Key terms section (accessed on 21 November 2019).
Services Australia
Source: Services Australia annual reports 2018-19 and 2019-20 and Services Australia records and advice to ANAO. 1.31 Further information on the characteristics of Services Australia's 4269 contractor personnel as at 30 June 2021 is at Appendix 4, including the organisational group they worked in and their length of service.
Sydney gets a drenching as heavy rain, severe weather forecast for NSW
The heaviest rain today has been on the Mid North Coast. Taree with more than 100mm since 9am. A deluge will arrive overnight across parts of Sydney and the Illawarra, Blue Mountains and Hunter ...
Aukus weighs expanding security pact to deter China in Indo-Pacific
The US, UK and Australia are to begin talks on bringing new members into Aukus as Washington pushes for Japan to be involved in the security pact aimed as a deterrent against China. The Aukus ...
Climate change: New laws to force companies to report on climate
Apr 2, 2024 - 9.21am. Large companies have been given a six-month reprieve to 2025 to include climate-related information in their financial reports under a government plan to encourage ...
Festivals 'in the thick of a real crisis', says Music Australia chief
The number of 18-24 year olds attending music festivals has dropped in the past five years, with a new report warning rising costs and over-policing are key factors.
PDF servicesaustralia.gov.au Annual report 2020-21
About this report The Services Australia 2020-21 Annual Report is a transparent account to the Parliament of Australia and the public of the activities undertaken by the agency throughout the financial year. We report against our planned performance expectations outlined in the Department of Social Services, Portfolio Budget Statements 2020-21,
Spotify (SPOT) to Raise Prices, Introduce New Plans for Books and Music
The streaming giant will increase prices by about $1 to $2 a month in five markets by the end of April, including the UK, Australia and Pakistan, according to people familiar with the matter. It ...
Annual reports
On 27 February 2015 CRS Australia ceased to provide services. 2021-22 - Services Australia; 2020-21 - Services Australia; 2019-20 - Services Australia; View the annual report archive for more annual reports from Department of Human Services, Centrelink, Child Support, Medicare Australia, CRS Australia and the Health Insurance Commission.
Secretary-General Appoints Julie Bishop of Australia ...
5 Apr 2024. Origin. View original. SG/A/2279. United Nations Secretary-General António Guterres announced today the appointment of Julie Bishop of Australia as his Special Envoy on Myanmar. Ms ...

Problem loading mint-content-page app.

Manage your payments

Income support payments

Reporting your income

Working credit

Tax implications

Cancelling a payment

Keeping your details up to date

Thank you for your feedback

Reporting incorrect billing, claiming, or suspected fraud

What to report to us

If you see a name you don't know on your Medicare statement

What to report to someone else

How to submit a tip-off

Report health provider fraud against health programs

Help us improve health.gov.au

Log in to ATO online services

Other components of your STP reporting

What other components are

Union and professional association fees (deduction type F)

Workplace giving (deduction type W)

Child support reporting

Child Support Deductions (deduction type D)

When you have not been able to deduct the full amount from the employee's pay

When an employee leaves

Child Support Garnishees (deduction type G)

Employee-initiated child support amounts

Starting to report child support amounts through STP

Telling Services Australia your starting YTD child support deduction balances

Example: telling Services Australia your starting YTD balances

Reportable employer super contributions and reportable fringe benefit amounts

How to report RESC and RFBA through STP

Relationship between reporting RESC and RFBA, and salary sacrifice amounts

Example 1: RESC and salary sacrifice type S

Example 2: RFBA and salary sacrifice type O

Reporting super

Simplified Income Reporting for Income Support Recipients

Read documents in your language

Services Australia

What we do:

What we cannot do:

Before you complain to us

How to make a complaint to us

Report and recover from scams

Content written for

You think a scammer has targeted you, but you didn’t give them your details or money

You’ve been scammed and lost money

You think a scammer has stolen your personal information

Resources for scam victims

Not sure what type of scam it was?

Who should I contact?

Your financial institution

National Anti-Scam Centre - Scamwatch

Services Australia

Australian Taxation Office

Australian Securities and Investments Commission

Need more support?

More information

Protect yourself from scams

Thanks for your feedback!

Make a report

How to report a crime

Report online child abuse material

Report to child protection agencies

State and territory contact details

New South Wales

Northern Territory

South Australia

Western Australia

Session reports for previous financial years

On this page:

When we’ll approve access

Types of evidence

The parent or carer claiming CCS changes

A family’s CCS entitlement changes

You submit session reports in bulk

More information

Australian government spent $52m more on welfare calculator after finding a more effective alternative

Most viewed

Report on Government Services 2023