Part 2: Management and accountability
External scrutiny
Privacy
FaCS—privacy
FaCS adopts practices to protect the privacy of the information obtained from people accessing portfolio services.
FaCS has developed assurance processes so it can be confident that Centrelink and the Family Assistance Office have effective mechanisms in place to protect customers' personal information. Centrelink also is bound by the Centrelink privacy guidelines, issued by the minister in June 1999, which complement the current privacy regime, ensure Centrelink fully complies with the principles underlying the Privacy Act 1988, and address privacy issues particular to the Centrelink environment.
FaCS' business partnership agreements with its partner service delivery agencies include mechanisms to allow FaCS to monitor and contribute to the protection of customer privacy. FaCS is a party to the Administrative Law Protocol with the Tax Office, the Health Insurance Commission and Centrelink, which provides for cooperation between the parties for the handling of matters related to privacy and freedom of information. FaCS also maintains a separate memorandum of understanding in its Business Partnership Agreement with Centrelink. As part of the protocols and memorandum, partner service delivery agencies are required to provide FaCS with quarterly reports on privacy, confidentiality and freedom of information matters. Centrelink and FaCS officers meet regularly to discuss and resolve privacy issues.
Liaison with the Privacy Commissioner
FaCS liaises with the Privacy Commissioner on issues concerning policy development relating to social security and family assistance, and on the handling of personal information. FaCS also liaises with the Privacy Commissioner on any complaints received about the department. Complaints about interferences with privacy alleged by customers of FaCS' service delivery agencies are forwarded directly to those agencies to investigate and resolve.
FaCS consulted the Privacy Commissioner on significant privacy issues as they arose. FaCS also participated as a member of the Privacy Contact Officers Network and participated in regular meetings of that network.
Complaints, reports and determinations by the Privacy Commissioner
In 2003–04, one complaint against FaCS was received by the Privacy Commissioner. The complaint concerned an alleged inappropriate disclosure of personal information under Information Privacy Principle 11. Preliminary inquiries were conducted into the complaint under section 42 of the Privacy Act. The complaint was then closed without formal investigation on the grounds that it did not appear that there had been a breach of the Act. FaCS had received no formal complaints from the Office of the Federal Privacy Commissioner in 2002–03.
Privacy compliance and investigations
FaCS considers that any improper use or disclosure of personal information by staff, and soliciting of personal information from staff, would be of serious concern. The confidentiality provisions of legislation that fall under the operational jurisdiction of the FaCS portfolio expressly forbid the release of customer information, except in limited circumstances. FaCS therefore investigates all complaints and allegations of breaches of privacy or confidentiality.
FaCS maintains a memorandum of understanding with Centrelink under which Centrelink investigates alleged breaches of privacy including contraventions of departmental procedures by FaCS staff or service providers. FaCS' Administrative Law Protocol with the Tax Office and the Health Insurance Commission requires those agencies to report to FaCS outcomes of investigations they conduct into alleged breaches of privacy involving the service delivery of family assistance to customers. The Tax Office and Health Insurance Commission are yet to report on any investigations carried out in 2003–04.
Information Privacy Principle 4 provides that a record-keeper ensure that a record containing personal information is protected against loss, unauthorised access, use, modification or disclosure and other misuse. In 2003–04, no complaints were received against FaCS in relation to Information Privacy Principle 4.
Child Support Agency—privacy
CSA has a strong commitment to protecting its clients' privacy, and privacy issues are covered in induction and other staff training programs. Most privacy concerns and potential privacy breaches reported by staff and customers of CSA are resolved internally through a national network of CSA privacy officers.
The Office of the Federal Privacy Commissioner refers child support matters to CSA in the first instance. Most concerns are resolved in this way.
At the start of 2003–04, four formal investigations were in progress into CSA matters by the Office of the Federal Privacy Commissioner. In 2003–04, four new investigations were also commenced, and there were seven matters finalised. In three cases CSA was found to have breached the Privacy Act, resulting in two compensation payments totalling $750. The provision of an apology was considered sufficient to resolve the other matter.
For many years CSA has been a highly active member of the ACT and Australian Government Privacy Contact Officers' network. On behalf of the network, in March 2004 CSA delivered a farewell presentation to retiring Privacy Commissioner, Mr Malcolm Crompton.
Child Support Agency—customer compensation and waiver of debt
In 2003–04, CSA finalised 176 claims and requests made for compensation and waiver of debt, compared with 122 in 2002–03 and 144 in 2001–02. Of the 176 claims finalised, 35 were upheld. CSA paid $30 385.08 in compensation during 2003–04 compared with $45 487 in 2002–03 This comprised $29 825.08 in payments under the Compensation for Detriment due to Defective Administration Scheme, and $560 in payments for legal liability. Debts totalling $17 518.96 were waived by the Parliamentary Secretary to the Minister for Finance.
Complaints to the Ombudsman
FaCS—complaints to the Ombudsman
The Commonwealth Ombudsman received 16 complaints about the department in 2003–04, which is approximately a 36 per cent reduction on the 2002–03 figure of 25 complaints. In certain cases a complaint may contain more than one issue ('complaint issue') requiring investigation. The Ombudsman's office therefore reports on complaint issues received, rather than complaints. During 2003–04, 13 complaints were finalised covering 14 complaint issues with only two of these complaint issues investigated by the Ombudsman. Of the two investigated, one complaint issue of defective administration against FaCS was found. Investigation into the other complaint issue was not continued as the Ombudsman found that further action was not warranted. The Ombudsman exercised his discretion not to investigate six complaint issues, which were referred back to the department.
Child Support Agency—complaints to the Ombudsman
The Ombudsman received 2311 complaints about CSA in 2003–04, compared with 2435 received in the previous year. There were 823 complaints made to the Ombudsman in which the Ombudsman contacted CSA and conducted some investigation of the complaint issues. The difference in the number of complaints received by the Ombudsman about CSA and the number of complaints received from the Ombudsman by CSA is accounted for by the Ombudsman not pursuing an investigation in relation to 60 per cent of all complaints about CSA.
The CSA complaints service continues to be an effective mechanism for resolving parent concerns. In 2003–04, the Ombudsman referred a significant proportion of all complaints made about CSA back to the CSA complaints service without investigating. CSA continues to draw valuable lessons from issues raised through the Ombudsman to effect improvements in the quality of service provided.
Child Support Agency—Ombudsman's 'own motion review'
During the reporting year an 'Own Motion Report into Change of Assessment Decisions' made on the basis of income, earning capacity, property and financial resources was initiated by the Commonwealth Ombudsman.
The investigation involved the examination of eight decisions made between April and October 2002. It included a review of existing guidelines, procedural instructions and other relevant documentation, in addition to the review of each application and decision. In total, 1156 decisions were reviewed.
The key finding is that an overwhelming majority of the decisions reviewed (95 per cent) were assessed as being correct—that is, open to being made by the senior case officer.
The decisions can be categorised as follows:
- 71 per cent were assessed as being a 'good' decision
- 24 per cent were assessed as needing improvement (e.g. better explanation, unclear)
- 5 per cent only were assessed as not reasonably open to the senior case officer to make. (The Ombudsman stated that 'on the information available to us, we considered that it would be likely that, had we received a complaint from one of the parents, we would have suggested that the CSA reconsider the decision'.)
CSA welcomes the Ombudsman's analysis and recommendations as an opportunity to further improve the service provided to parents.
Australian National Audit Office (ANAO) activity
The Auditor-General tabled in Parliament 10 audit reports relevant to departmental operations: one audit examining the department's management of Internet portals; and nine cross-agency audits. The substance of the audit reports is as follows:
No. 7: Recordkeeping in Large Commonwealth Organisations (tabled 24 September 2003)
The objective of this cross-agency audit was to:
- assess whether recordkeeping policies, systems and procedures were in accordance with relevant government policies, legislation, accepted standards and recordkeeping principles, and applicable organisational controls
- identify better practices and recommend any improvements.
Key findings from this audit were that organisations audited met government policies, legislation, accepted standards and principles to varying degrees. However, there was a need for a consistent approach to improving current processes. The audit made several recommendations for better practices for recordkeeping in organisations.
FaCS supports the recommendations in the report and is developing strategies for better recordkeeping, including the implementation of an electronic document management system (EDMS).
No. 11: Annual Performance Reporting (tabled 4 November 2003)
The objective of this cross-agency audit was to determine whether agencies had:
- established a sound annual reporting performance information framework
- developed arrangements to ensure performance information is accurate and coherent
- appropriately analysed performance information in their annual reports.
Key findings from this audit included the following:
- in a number of instances, agencies did not have suitable performance measures relating to the quality of outputs/administered items or effectiveness/impact indicators for outcomes
- the performance information frameworks of many of the agency reports examined were not structured to allow an assessment of the efficiency of agency operations and the cost-effectiveness of outputs delivered
- there was little or no performance information that related to the individual contributions of each agency, and other stakeholders, to the achievement of shared outcomes.
Overall, FaCS is considered to be compliant and has in place the necessary framework to implement the recommendations where relevant.
FaCS agreed with the recommendations.
No. 19: Property Management (tabled 17 December 2003)
The objective of this cross-agency audit was to assess whether the property management function, including the management of leases, was being performed efficiently and was providing an effective level of support for the delivery of the organisations' services (outputs). The audit evaluated property management policies and practices across the following dimensions:
- planning and control
- business processes and practices
- information and performance management.
Key findings from this audit were as follows:
- performance management processes were largely informal and unstructured
- mechanisms and indicators included in contracts for measuring contractors' performance were rarely used
- the performance monitoring practices used by organisations were considered inefficient.
This lack of performance monitoring controls raises the risk of not detecting poor performance in a timely manner and taking appropriate and effective strategies for rectifying problems.
Most of the organisations included in this audit needed to improve processes for the management of property-related service contracts.
FaCS agrees with the findings from this report and is implementing the recommendations, including the development of a strategic property plan with the new service provider and a memorandum of understanding with Centrelink over future office accommodation in the National Office. The new contract with the service provider also provides for an extensive performance framework with bi-annual reviews and evaluation.
No. 24: Agency Management of Special Accounts (tabled 31 January 2004)
The objective of this cross-agency audit was to:
- identify all Special Accounts (and their predecessors) that have existed at sometime during the time since the Financial Management and Accountability Act 1997 (FMA Act) commenced operation on 1 January 1998
- assess the efficiency and effectiveness of the establishment, management and abolition of these Special Accounts
- assess compliance with the legislative requirements (including those of the FMA Act and Finance Minister's Orders promulgated under that Act).
Key findings from this review included the following:
- there is uncertainty about the number and identity of Special Accounts that exist since the introduction of the FMA Act
- agencies need to improve their management of Special Accounts, particularly in the areas of nonreporting and the inaccuracies of the financial disclosures
- there has been noncompliance with a number of legislative requirements.
FaCS agrees with the audit recommendations and has in place the necessary framework to implement the recommendations.
No. 25: Intellectual Property Policies and Practices in Commonwealth Agencies (tabled 5 February 2004)
The objective of this cross-agency audit was to:
- form an opinion on whether Australian Government agencies have systems in place to efficiently, effectively and ethically manage their intellectual property assets
- identify areas for better practice in intellectual property management by those agencies.
The key finding from this audit was that only 30 per cent of agencies had developed specific policies for managing intellectual property.
FaCS was one of several government agencies that agreed with the audit recommendations and have a process in place for the implementation of these recommendations.
No. 27: Management of Internet Portals at the Department of Family and Community Services (tabled 9 February 2004)
The primary objective of this FaCS-specific performance audit was to assess FaCS' management of the Internet portals for which it had responsibility.
The ANAO also included in the audit a web site directed towards youth, The source, which provided many of the services expected of a portal. The audit considered governance structures for the portals; measurement and/or assessment of efficiency and effectiveness; and control factors, such as change management, security, and legal issues.
Key findings from this audit were as follows:
- FaCS had a business case for the development of the portals that identified costs but did not identify any benefits accruing to FaCS from providing the portals. This lack of a robust business case meant that there is no basis for a business driver for further developments.
- the responsibility for departmental structures and budgets relating to the FaCS' portals and The source web site were at an appropriate level. FaCS has developed its three portals to meet the basic level of functionality as required by the Government.
- the absence of a completed eCommunications strategic framework meant that FaCS did not have agreed development plans for the portals.
FaCS agreed with the recommendations and is developing a portal governance framework guideline document, which, when completed, will include proposals for analysing portal usage and managing promotion of the sites; provide for quality assurance; and provide guidelines for risk management and compliance.
No. 35: Compensation Payment and Debt Relief in Special Circumstances (tabled 24 March 2004)
The objective of this cross-agency audit was to:
- assess whether the management of claims for compensation and debt relief under the various discretionary mechanisms for granting relief was in accordance with relevant legislative requirements and Australian Government guidelines
- determine whether the current administrative policies and procedures for the various mechanisms of compensation and debt relief provided for the effective management and reporting of claims made under those mechanisms.
The ANAO concluded that overall the management of compensatory claims was in accordance with relevant legislation and guidelines, and that there were mechanisms in place for proper management of claims.
A key finding from this audit was the need for improvement in consistency and accountability across the mechanisms examined and in the timeliness of payments for claims.
FACS agreed with the relevant recommendations and, in consultation with the CSA, is in the process of implementing the recommendations resulting from this audit.
No. 42: Financial Delegations for the Expenditure of Public Monies in FMA Agencies (tabled 16 April 2004)
The objective of this cross-agency audit was to:
- assess whether financial delegations associated with the expenditure of public monies were determined, applied and managed in accordance with applicable legislation, government policy and applicable controls
- identify better practices and recommend improvements as necessary to current practices.
The key findings of this audit were the following:
- financial delegations were not always being managed in accordance with relevant legislation
- the statutory power for entering contracts, agreements and arrangements was incorrectly referenced in some organisations.
FaCS was one of several government agencies that supported the audit recommendations. FaCS has a process in place for the implementation of these recommendations.
No 55: Management of Protective Security (tabled 23 June 2004)
FaCS was one of four agencies that participated in this cross-agency audit.
The objective of the audit was to assess whether protective security functions in selected organisations were being managed effectively. The audit evaluated the broader management issues associated with protective security.
The key finding from the audit was that not all the audited organisations had, at the time of the audit, sufficient and reliable processes in place for the effective management of their protective security functions. However, at the time of the audit, there were several significant reforms in progress among the audited organisations. The implementation of these reforms is expected to address many of the shortcomings identified by the ANAO.
The ANAO made four recommendations designed to improve the management of protective security functions in all Australian Government organisations.
FaCS, along with the other agencies involved, supported the recommendations. These referred to security planning, security awareness, security risk management and monitoring performance.
In addition, FaCS considers that it already has processes in place to comply with all aspects of the recommendations. FaCS will also take action to explore the viability of introducing further measures to monitor the performance of protective security activities.
FaCS has also established a Protective Security Committee to oversee and monitor the delivery and implementation of the protective security framework across the department.
No 58: Control Structures as Part of the Audit of Financial Statements of Major Australian Government Entities for the Year Ending 30 June 2004 (tabled 30 June 2004)
This report updates the ANAO's assessment of audit findings relating to major entity internal control structures, including governance arrangements, information systems and control procedures through to March 2004. The report represents a summary of findings from the interim phase of the financial statement audit of major government entities for 2003–04.
The ANAO assessed FaCS' potential risk of material misstatement in the 2003–04 financial statements as moderate to high. This is based on the goals, priorities, objectives and strategies deemed necessary to achieve the initiatives established.
The ANAO considers that FaCS has an effective and robust financial reporting system in place through the use of monthly accrual reporting to the Executive Board using analysis of budget data and performance measures (financial and non-financial) in relation to the current financial position.
The ANAO did, however, identify a total of eight areas where reporting of administered financial information could be strengthened.
FaCS supports the findings and has initiated corrective action to ensure that the recommendations are addressed in a timely manner in order to further strengthen the control environment.