Victoria's fraud wake-up call: top agencies still vulnerable to procurement corruption

By Stephen Easton

April 5, 2018

By Jorge Láscar from Australia – Melbourne CBD and the Yarra river as seen from the Eureka Tower, CC BY 2.0

No public servant in Victoria could have missed the whole-of-government warnings following high-profile corruption cases across several portfolios. Two years later, the Victorian auditor-general says enough hasn’t been done.

Andrew Greaves found three agencies with an “elevated risk of fraud and corruption” need to do more to guard against it, after a probe spanning a review period of over two years. 

“While senior executives are endeavouring to build the right culture, more remains to be done to prioritise fraud and corruption control, and to ensure that the fraud and corruption controls in place operate as intended,” according to the new report on fraud and corruption control in Public Transport Victoria, the Melbourne Metro Rail Authority and Major Projects Victoria:

“Unduly protracted delays to finalise and approve Fraud and Corruption Control Policies and Plans, areas of noncompliance with policies, and inadequate record keeping are undermining management’s efforts. They also serve to lessen assurance that major fraud and corruption cannot occur, or will be detected.”

The MPV has since merged with Places Victoria. The findings reflect the many reverberations that have been felt across Victoria’s public sector since the state’s five-year-old corruption watchdog landed on the scene.

Corruption in public transport procurement uncovered by the Independent Broad-based Anti-corruption Commission led to police laying over 100 criminal charges against nine people and one company, the report points out.

Their “high levels of procurement activity and close ties to the private sector” raise the integrity risk in all three agencies, in the auditor-general’s view.

MMRA is an administrative unit in the Department of Economic Development, Jobs, Transport and Resources responsible for getting a new tunnel built. MPV is now part of Development Victoria, which provides “project delivery services and advice to Victorian government departments and agencies working on complex projects of state significance”, according to its website.

Post corruption check-up finds medicine not being taken

The public transport authority, an independent statutory body, had 17 recommendations to implement from IBAC following Operation Fitzroy. The audit found “clear improvement” since then but more work to be done. “Gaps remain” because PTV was slow or inconsistent in implementing six of IBAC’s recommendations, according to the report.

In four cases, the recommended reform was either not undertaken because the agency decided to do something else, or is no longer in place. These include a dedicated internal reviewer (who has since left) to check that procurement controls and policies are being followed, “supplier vetting” controls and another system to make sure that dodgy suppliers who were exposed by IBAC don’t win contracts again in future.

“The only control in place to not re-engage these suppliers was an email to staff listing which suppliers they should not re-engage. PTV has experienced high levels of staff turnover – therefore, a number of current staff would not have received this email,” the report states.

“PTV has not put in place other controls, such as a flag in the CMS or ongoing monitoring of identified suppliers. PTV did not present any evidence that it conducted searches with the Australian Securities and Investments Commission to help identify individuals and companies named in the investigation who may be associated with new companies that PTV has engaged.”

Greaves reports there was no evidence that “consistent spot checks across all levels of procurement expenditure” were being undertaken in line with IBAC’s prescriptions.

In particular, the auditor-general was concerned to find purchases under $25,000 were not subject to conflict-of-interest controls or monitoring of total spending in PTV.

There were also “significant weaknesses” in MPV’s procurement controls, particularly around conflicts of interest, that were especially “concerning” due to its role in delivering big projects.

Supplier vetting was another area of weakness where a “basic opportunity to reduce fraud and corruption risks associated with procurements involving third parties” had been missed. Across the board, guidelines did not go beyond suggesting an Australian Business Number check.

Staff risks, training, support and cultural change

After the merger which saw the former MPV become part of Development Victoria, DEDJTR told the audit office that it wasn’t a “high-risk area warranting internal audit activity” in its view.

Eyebrows were raised:

“These management judgements and resource allocation decisions about MPV were made against a background of significant organisational change.

“In our opinion, this change would only have increased the risks inherent in a business unit that was continuing to manage large procurements, working closely with the private sector and maintaining processes that were separate to those of its department, DEDJTR.”

Of the three agencies, PTV was the most diligent in putting in place a new policy on “fraud, corruption and other losses” and an action plan after this became mandatory in July 2017. The audit also underscores the importance of staff training and awareness, including the need to make it clear that management supports a system that protects whistleblowers.

Public sector commission surveys in 2016 and 2017 have found less than 30% of respondents from DEDJTR felt their employer “promoted” the state’s Protected Disclosure Act as a shield for whistleblowers who report corruption, even though the department makes guidance available.

“IBAC has repeatedly highlighted the need to develop a culture of integrity and notes that public sector officers are ‘best placed’ to identify and report corruption,” the auditors noted, but they found deficiencies in this regard within the sprawling department:

“For example, DEDJTR does not consistently maintain records of attendance at integrity training. There is no record to demonstrate, or readily check, that all staff in positions exposed to high risks of fraud and corruption have received integrity training.

“While the DEDJTR Integrity Services Unit maintains records of completion of online integrity modules, these modules are mandatory only for new starters in DEDJTR.”

Employee screening is another important way of managing integrity risks, as IBAC’s counterpart in New South Wales recently reminded us, but human resources teams were not “fully implementing” the relevant policies and procedures for any of three Victorian agencies.

“Our testing highlighted deficiencies, including the failure to complete and document police checks, reference checks and qualification checks – or to respond appropriately when checks highlight anomalies,” the audit office states.

“The DEDJTR Integrity Services Unit initiated an audit into DEDJTR’s employment screening practices, which confirmed our findings. The audit has been finalised and all the internal audit’s recommendations have been accepted.”

None of the organisations had procedural checks in place to see if staff had failed to declare criminal records in recruitment, or made false claims about their educational qualifications.

Deficiencies in managing conflicts of interest

The audit uncovered instances where MMRA and MPV employees had declared conflicts but “these … were not actively managed, and action plans were not enforced” – while “poor” quality data was recorded in conflict-of-interest registers that would make managing declared interests all the more difficult.

As Greaves reported:

“For example, we found one instance where an executive endorsed the decision to award a $3.9 million contract to a supplier for whom they had previously worked and in which they held shares.

“The executive had previously declared this conflict but the management plan was not enforced.”

MMRA, at least, had strong, documented conflict controls for any purchase over $2000. However, these were yet to be applied to recruitment in any of the agencies, “to guard against hiring based on factors other than merit” in line with the wishes of the secretaries board.

Three quarters of all gifts and benefits received by Major Projects staff came from suppliers, indicating the policy on freebies was not operating properly in the auditor-general’s view. The department’s integrity unit knew of this largesse but could not demonstrate it had taken any action. The report notes it has now strengthened its processes around gifts, benefits and hospitality.

A new data analytics program will help DEDJTR monitor and report on “irregular and inappropriate activity”, which is another area where all three agencies had room for improvement; PTV struggled here due to “an inability to retain skilled data analytics staff” and poor quality data.

Lethargic investigations

“To maintain public trust, the public sector must respond actively to instances of suspected fraud and corruption,” the report notes, and this includes trying to recover what has been stolen where posisble.

The report includes examples of when both the department and PTV did not try to recover losses and did not record the reasons for writing off the losses, even when they ran into the tens of millions in the case of Operation Fitzroy.

When a grant recipient could not adequately explain what it had done with a $65,000 grant, DEDJTR “gave the organisation an opportunity to submit evidence of other services provided to acquit the funding already obtained, instead of seeking recovery” even though it had submitted documents of “questionable authenticity” and serially breached grant conditions.

The department then decided it had not been scammed and didn’t report any loss:

“This position fails to account for DEDJTR’s initial conclusion that it had paid more than $65 000 for services that could not be validated, and relies on the organisation’s agreement to provide other services to the amount paid as detailed above. DEDJTR’s handling of this matter failed to acknowledge the likelihood that fraud had occurred and consider fully the need to recover public funds.”

The Victorian Auditor-General’s Office reminds public agencies that “better practice” in line with the Australian Standard includes having a response team – all three in this case did – as well as a corruption register.

The auditors found “uncategorised, outdated and in some instances inaccurate” information in DEDJTR’s central register which limited its usefulness.

Internal investigations that took place in MMRA and PTV during the audit period were found to be “timely, thorough, well documented and conducted by suitably qualified external contractors where appropriate” – and both demonstrated how they had learned from them.

MPV did not find any fraud or corruption over three financial years from 2014-15 to 2016-17, and the report raises the concern that DEDJTR was not looking hard enough.

The department had been entering assets that could not be found as “disposed” in its accounts “without considering whether they were stolen” but has promised to change its procedures so that when things are lost, the integrity unit considers the possibility of theft.

PTV accepted five new recommendations from the audit, mostly related to assurance of probity in procurement, and promised to address the whole list by September this year.

DEDJTR accepted 11 new recommendations and responded that all would be addressed by work that was already in progress, also due to be completed some time this year.

Top image by Jorge Láscar: Melbourne CBD and the Yarra river as seen from the Eureka Tower, CC BY 2.0: source.

Correction: This article originally stated the audit probe spanned more than 2 years. This referred not the audit work, but period reviewed. The article has been updated to clarify this.

About the author
Inline Feedbacks
View all comments

The essential resource for effective
public sector professionals