Section 19 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires, among other things, that accountable authorities of Commonwealth entities notify their responsible Minister, as soon as practicable, of any significant issue that has affected the entity. A significant issue, under section 19 of the PGPA Act, includes significant non-compliance with the finance law.
The Finance Minister requires that accountable authorities also notify the Finance Minister of instances of significant non-compliance with the finance law reported to their responsible Minister.
The guidance below assists entities in reporting significant non-compliance by providing guidance on:
- what constitutes significant non-compliance with the finance law
- the need for accountable authorities to notify their responsible Minister, and the Finance Minister as soon as practicable, of any significant non-compliance with the finance law
- the associated annual reporting requirements.
The guidance was updated in May 2019 to clarify expectations of accountable authorities in reporting significant non-compliance with the finance law. The enhanced guidance:
- clarifies that significant non-compliance involving breaches of the general duties of officials (s.25 to 29 PGPA Act) should only be reported where there is a connection to the management of public resources (defined s.8 PGPA Act)
- clarifies what constitutes ‘significant’ non-compliance with the finance law. It includes a decision-making flow chart at Appendix A, and illustrative case studies
- provides further guidance on the process for reporting significant non-compliance, including a model letter to the Finance Minister at Appendix B
- includes requirements and suggestions for reporting significant non-compliance with the finance law in entities’ annual reports.
Audience
The purpose of this guide is to provide information to Commonwealth entities on how to report significant non-compliance with the finance law under section 19 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act).
Key points
This guide is relevant to officials in non-corporate Commonwealth entities (NCEs) and corporate Commonwealth entities (CCEs) who have compliance responsibilities under the finance law relating to the governance, performance and resource management of their entity. This guidance is not relevant to Commonwealth companies, as Commonwealth companies are not Commonwealth entities for the purposes of the PGPA Act.
Resources
Other relevant publications include:
Relevant legislation
Public Governance, Performance and Accountability Act 2013 (PGPA Act)
Section 8—The Dictionary
In this Act:
finance law means:
- this Act; or
- the rules; or
- any instrument made under this Act; or
- an Appropriation Act.
Section 19—Duty to keep responsible Minister and Finance Minister informed
- The accountable authority of a Commonwealth entity must do the following:
- keep the responsible Minister informed of the activities of the entity and any subsidiaries of the entity;
- give the responsible Minister or the Finance Minister any reports, documents and information in relation to those activities as that Minister requires;
- notify the responsible Minister as soon as practicable after the accountable authority makes a significant decision in relation to the entity or any of its subsidiaries;
- give the responsible Minister reasonable notice if the accountable authority becomes aware of any significant issue that may affect the entity or any of its subsidiaries;
- notify the responsible Minister as soon as practicable after the accountable authority becomes aware of any significant issue that has affected the entity or any of its subsidiaries.
Public Governance, Performance and Accountability Rule 2014 (PGPA Rule)
Public Governance, Performance and Accountability Act 2013 (PGPA Act) Section 8—The Dictionary In this Act: finance law means:
Section 19—Duty to keep responsible Minister and Finance Minister informed
Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) Subdivision A—Annual report for non-corporate Commonwealth entities Section 17AG—Information on management and accountability Corporate governance
… (d) a statement of any significant issue reported to the responsible Minister under paragraph 19(1)(e) of the Act that relates to non‑compliance with the finance law in relation to the entity; (e) if a statement is included under paragraph (d) of this subsection—an outline of the action that has been taken to remedy the non‑compliance. Subdivision B—Annual report for corporate Commonwealth entities Section 17BE—Contents of annual report |
The annual report for a corporate Commonwealth entity for a reporting period must include the following:
|
Key points
- Accountable authorities of Commonwealth entities are required to notify their responsible Minister, as soon as practicable, of any significant issue that has affected the entity or any of its subsidiaries.
- “Significant issues” notifiable to the responsible Minister include significant
non-compliance with the finance law. - The Finance Minister requires that accountable authorities also notify the Finance Minister of instances of significant non-compliance with the finance law reported to their responsible Minister.
- To give effect to this requirement, accountable authorities must notify the Finance Minister of every instance of significant non-compliance with the finance law except where the significant non-compliance involves breaches of the general duties of officials and there is no connection to the management of public resources.
- Annual reports must include a statement of any non-compliance issues notified to the responsible Minister during the reporting period and an outline of the action taken to remedy the non-compliance.
What is the finance law?
- For the purpose of the PGPA Act, ‘finance law’ (as defined in section 8 of the PGPA Act) means:
- the PGPA Act;
- the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule);
- the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (Financial Reporting Rule);
- any instrument made under the PGPA Act, such as:
- the Commonwealth Procurement Rules;
- the Commonwealth Grants Rules and Guidelines;
- accountable authority instructions issued under section 20A PGPA Act;
- determinations establishing special accounts under section 78 PGPA Act;
- government policy orders issued under section 22 PGPA Act;
- delegation instruments made under sections 107-110 PGPA Act;
- an Appropriation Act.
What is “significant” non-compliance with the finance law?
- The term “significant” is not defined and carries its natural meaning (i.e. “noteworthy; important; consequential”). It requires the exercise of judgement to determine whether a particular instance of non-compliance is significant.
- What constitutes significant non-compliance with the finance law is for the accountable authority to determine based on the specific circumstances, the operating context of the entity, and in consultation with the responsible Minister, as appropriate.
- In determining significance, accountable authorities are encouraged to consider:
- materiality—the importance of the issue relative to the entity’s size and operations (including the value and volume of non-compliance);
- occurrence—whether the non-compliance is “one-off” or systemic; and
- risk—whether the issue is likely to be politically sensitive, and the likely or actual impact on the reputation, public perception, financial position or financial sustainability of the entity or that of others (bearing in mind that consequences may be non-financial).
- Significant non-compliance with the finance law would generally include (see also Case Studies):
- high volume, high value and/or systemic instances of non-compliance with the Commonwealth Procurement Rules or the Commonwealth Grants Rules and Guidelines;
- high volume, high value and/or systemic issues reflecting internal control shortcomings (e.g. high volume and/or high value non-compliance with internal approval requirements for arrangements and commitments);
- serious fraudulent activity by officials (e.g. theft, accounting fraud, making or using false documents);
- serious fraudulent activity by non-officials (e.g. independent contractors), reflecting internal control shortcomings; or
- non-compliance issues that have impacted, or are likely to impact, on the entity’s financial sustainability, or likely to be of particular political or public interest.
- In addition, this guidance provides several case studies and Appendix A provides a flow chart that may be useful in deciding whether to report specific instances of
non-compliance. - Officials should also note that non-compliance with the requirements of the finance law may attract a range of criminal, civil or administrative remedies, including under the Public Service Act 1999 and the Crimes Act 1914.
- Your entity may also be subject to additional requirements to report fraud under the Commonwealth Fraud Control Framework. For further information, refer to RMG No. 201: Preventing, detecting and dealing with fraud and the Commonwealth Fraud Control Framework.
What should be reported?
- Section 19 of the PGPA Act requires, among other things, that accountable authorities of Commonwealth entities notify their responsible Minister of any significant issue that has affected or may affect the entity.
- However:
- if a Commonwealth entity has enabling legislation, then subsection 19(1) applies only to the extent that compliance with that subsection is not inconsistent with compliance with that legislation; and
- section 19 is subject to any Commonwealth law that prohibits disclosure of particular information.
- The Finance Minister requires that accountable authorities of Commonwealth entities notify the Finance Minister of any significant non-compliance with the finance law by their entities also reported to their responsible Minister.
- To give effect to this requirement, accountable authorities must notify the Finance Minister of every instance of significant non-compliance with the finance law reported to their responsible Minister, except where the significant non-compliance involves breaches of the general duties of officials and there is no connection to the management of public resources.
Reporting breaches of duties to the Finance Minister
- Where a breach of one or more general duties of officials occurs that is considered to be significant, it must be reported to the Finance Minister where there is also a connection to the management of public resources.
- In determining whether there is a connection between the breach and the management of public resources, relevant considerations are likely to include:
- whether there is a link between the breach and the proper use (i.e. efficient, effective, economical and ethical) of public resources (i.e. relevant money, relevant property and/or appropriations);
- whether the breach reflects shortcomings in the effectiveness of internal controls or systems of risk oversight and management.
- For example, while the misuse of information to obtain a benefit may constitute a breach of a general duty of officials(and potentially fraud) and may be reportable to the responsible Minister where it constitutes significant non-compliance, it would not need to be reported to the Finance Minister under section 19 of the PGPA Act unless there was a connection to the management of public resources.
- Fraudulent activity by non-officials (e.g. independent contractors who have not been prescribed as officials) may also constitute significant non-compliance with the finance law, e.g. where there has been a failure to establish and maintain an appropriate system of internal controls.
What about matters determined not to be “significant” non-compliance?
- Not all matters will be significant enough to warrant reporting. Matters that are not required to be reported include:
- low volumes of instances where grants and procurements are reported late;
- low volume and/or non-systemic instances of non-compliance with the entity’s accountable authority instructions;
- minor instances of non-compliance with the duties of officials where the matter is dealt with by management; and,
- inadvertent credit card misuse that is identified by the relevant official and/or the entity’s system of internal control and repaid.
- While a matter may not be sufficiently significant to report to the responsible Minister and/or the Finance Minister, entities are encouraged to review all incidents of non-compliance as these could indicate internal control problems or the beginning of more systemic issues.
- The identification and reporting of non-compliance could also be used as the basis for improving the efficiency and effectiveness of entity internal controls and increasing awareness and understanding of the PGPA framework. For example, non-significant non-compliance could be brought to the attention of the audit committee to gauge the effectiveness of the internal controls of the entity.
- Audit committees play a key role in the governance of Commonwealth entities. If properly utilised, they can significantly support the accountable authority in meeting their duties and responsibilities under the PGPA Act. The PGPA Rule also requires audit committees to review the appropriateness of the accountable authority’s system of internal control. For further information, refer to RMG No.202: Audit Committees.
Process for reporting significant non-compliance
When to report?
- The responsible Minister must be notified of significant non-compliance as soon as practicable after the accountable authority becomes aware of the issue.
- What constitutes ‘as soon as practicable’ will vary with circumstances and may depend on the nature and risk associated with an instance of significant non-compliance.
- For example, some significant issues necessitate immediate notification (e.g. due to their scale or ramifications) whereas other notifications may be more appropriately grouped together and notified according to a schedule agreed with the responsible Minister.
- The timing of the reporting to the Finance Minister is generally expected to align with the timing of notifications provided to the responsible Minister.
- Fraud may have significant consequences for the entity. Therefore, accountable authorities are encouraged to report suspected fraud that may be significant at an early stage, even where investigations may be ongoing (it is not necessary to report sensitive details). This is to support the provision of sufficient information to support ministers in discharging their responsibilities as members of the government accountable to Parliament and the community, including managing and reporting on Commonwealth spending and risk management (including financial and reputational risks).
Format for reporting to the responsible Minister and the Finance Minister
- The format in which an entity notifies the responsible Minister of significant issues is for the accountable authority to determine, in consultation with their responsible Minister, as appropriate.
- The Finance Minister is to be notified in writing in line with entities’ internal procedures for addressing a minister other than your portfolio minister.
- When notifying the responsible Minister and the Finance Minister, accountable authorities are encouraged to include a description of the nature of the non-compliance with the finance law as it relates to the entity. Accountable authorities are also encouraged to describe the remedial action taken, or proposed to be taken, by the entity to ensure that the effects of the non-compliance have been addressed. This may include the use of measures designed to prevent or reduce similar non-compliance occurring in the future.
- If a matter of non-compliance occurs that affects two or more entities, then each entity’s accountable authority would need to determine whether the non-compliance is a significant matter affecting their entity, and whether to notify their minister. One entity informing a minister of a non-compliance matter would not absolve the accountable authority of another entity from notifying their responsible Minister of the same matter if it were considered significant for their entity.
- When reporting fraud to the Finance Minister, a high level description is sufficient (sensitive details are not necessary). For example:
[Entity] has identified [number] instances of potential fraud which are currently under investigation. The investigation involves [insert brief description, e.g. possible misuse of a Commonwealth credit card over an extended period of time. The quantum of money involved is yet to be determined, however the issue may attract media attention].
- Once reported, the accountable authority is not required to provide progress updates on the matter to the Finance Minister (including once the investigation has concluded). However, the Finance Minister may choose to follow up with the relevant entity to follow the progress.
- The accountable authority would be expected to have processes and systems in place to ensure that an appropriate record of what has been advised to the minister is kept, which would assist the entity in meeting annual reporting requirements under the PGPA Rule.
- The model letter provided (Appendix B) may be used as a guide when preparing letters to the Finance Minister.
Additional reporting in the annual report
- The PGPA Rule requires that Commonwealth entities’ annual reports must include a statement of any significant issues reported to the responsible Minister during the reporting period under paragraph 19(1)(e) of the PGPA Act that relate to non-compliance with the finance law.
- The PGPA Rule also requires that, if such a statement has been included in the annual report, the report must also include an outline of the actions taken to remedy the non-compliance. The format, wording and content of the statement is at the discretion of the accountable authority.
- The level of detail that is included in an annual report will depend on the circumstances and generally would need to be proportionate with the nature and extent of the non-compliance. Entities need to consider the extent of public disclosure that would be appropriate, for example, taking into account the requirements of the Privacy Act 1988 or where disclosing certain information could potentially prejudice investigations or legal action.
- If a matter of non-compliance occurred which affected two or more entities, and resulted in two or more entities notifying their respective ministers, then each entity would need to reference the non-compliance in their annual report.
- When reporting in the annual report, entities may provide additional information to update the status of investigations. For example:
XX instances of possible serious fraud were reported to the responsible Minister during the 20XX-XX reporting period. Of these, XX instances were found not to constitute fraud, XX have been referred to the Australian Federal Police, and XX are under ongoing investigation by the entity.
- It is a matter for accountable authorities as to whether they provide an update on matters reported in previous reporting periods. For example:
[Entity] previously reported that it was investigating an instance of fraud in the 20XX-XX annual report. This investigation was completed in 20XX-XX and did not result in any findings of fraud.
- If an entity has not notified its responsible Minister of any significant non-compliance during the reporting period, it may wish to consider including a comment to that effect in its annual report.
- For further information, refer to:
Case studies
- Below are some case studies designed to illustrate the considerations that may be relevant in determining whether an issue constitutes significant non-compliance.
- In regard to the case studies below, there are a number of potential actions that could be taken in order to mitigate or remedy the non-compliance. The action proposed or taken would depend on the circumstances and would generally need to be proportionate to the non-compliance.
- For example, the entity may revise its internal controls and delegations or authorisations, including its accountable authority instructions and/or operational guidance or manuals. It may also take steps to improve staff understanding and capability through education and training to decrease the risk of future non-compliance.
Case Study 1: Non-compliance with the Commonwealth Procurement Rules In a given financial year, a medium-sized non-corporate Commonwealth entity identified 500 instances of non-compliance with the requirement under the Commonwealth Procurement Rules to report contracts awarded above $10,000 within 42 days on AusTender. In the context of the Commonwealth this may not be considered significant, being less than 1 percent of all contracts reported on AusTender for the financial year. Furthermore, the contracts were subsequently reported on AusTender. However, within the context of the individual entity, this could represent a significant The accountable authority determined that, within the context of the entity, this represented a significant non-compliance issue, as this was a high volume of instances compared with the total number of procurements undertaken by the entity in that financial year. The responsible Minister was notified and the Finance Minister was also notified by letter. As agreed with the responsible Minister, the accountable authority reported these at the end of the financial year as a consolidated report of non-compliance with the Commonwealth Procurement Rules. The accountable authority also outlined remedial action that would be taken to reduce the risk of reoccurrence, including providing staff training and revising internal controls to reduce the occurrence of non-compliance with the Commonwealth Procurement Rules. |
Case Study 2: Intentional misuse of a Commonwealth credit card by an official (fraud) The internal audit function of a large non-corporate Commonwealth entity identified multiple instances of Commonwealth credit card misuse by an official over a given financial year. The credit card had been used for personal purposes, including non-work-related travel, sporting memberships and entertainment. Internal controls had been designed to prevent spending with a certain category of merchants, however transactions were still identified against this category. Over $50,000 had been spent by the official over the financial year. The misuse was determined to be intentional, and the matter was referred to police for investigation. Within the context of the individual entity, this could represent a significant non-compliance issue. In determining whether the alleged breaches were significant, the accountable authority had regard to the financial loss and the reputational risks to both the entity and the Commonwealth (including public perception), and the effectiveness of the entity’s internal controls around credit card oversight and detecting misuse. Although the police investigation was ongoing, the accountable authority determined that the conduct of the official could be a breach of the general duties of officials, and was significant enough to report at an early stage to their responsible Minister and, given the connection to the management of public resources, the Finance Minister via letter. The accountable authority provided a high level description of the suspected The fraud charges were proven 12 months later. The accountable authority was not required to write again to the Finance Minister to provide notification of the conclusion and outcome of the investigation. The accountable authority took remedial action to reduce the risk of reoccurrence, including applying financial caps on credit cards, reviewing blocks on spending categories, and requiring more frequent checks on credit card use. The entity also complied with fraud reporting requirements, as appropriate. For further information on fraud reporting, refer to Resource Management Guide No. 201: Preventing, detecting and dealing with fraud, the Commonwealth Risk Management Policy and the Commonwealth Fraud Control Framework. |
Case Study 3: Accidental misuse of a Commonwealth credit card by an official Several officials of a non-corporate Commonwealth entity identified they had mistakenly used their Commonwealth credit card for personal purposes, including The accountable authority determined that this did not constitute significant However, action was taken to mitigate the chance of reoccurrence, including staff education and more frequent checks on entity credit cards. |
Case Study 4: Misuse of a charge card by a non-official A large non-corporate Commonwealth entity’s internal audit function identified that a member of the public had obtained an entity fuel card issued to an entity official when it was left behind in a vehicle. The amount fraudulently spent on the card was $50,000 over a 12 month period. In the context of the entity, this could represent a significant non-compliance issue, with officials breaching their duty to discharge their duties with the degree of care and diligence that a reasonable person would exercise. While internal audit detected the issue, there may also be internal control shortcomings as the loss of the fuel card was not discovered for 12 months and monthly accounts continued to be paid. The accountable authority determined that this represented a significant non-compliance issue, given the late detection of the fraud, the amount fraudulently spent on the card and reputational risks to both the entity and the Commonwealth (including public perception). The accountable authority notified their responsible Minister and the Finance Minister. The accountable authority also provided details on the remedial action taken, which included reviewing internal controls, more frequent checks on entity charge cards and staff education. |
Case Study 5: Officials investigated for alleged fraud (not reported to the Finance Minister) Officials of a corporate Commonwealth entity were investigated on suspicion of misusing their position and colluding to import illegal goods for personal benefit over an extended period of time. The accountable authority determined the alleged conduct of the officials may, if proven, be a breach of the PGPA Act (general duties of officials) and other legislation dealing with criminal offences. The alleged conduct of the officials may also reflect shortcomings in internal controls and anti-corruption measures. The accountable authority reported the matter to their responsible Minister under section 19(1)(e) of the PGPA Act and took remedial action to reduce the risk of reoccurrence, including reviewing internal controls. However, the accountable authority determined that while the conduct concerned a breach of duties, there was insufficient connection to resource management (i.e. did not involve relevant property or relevant money), and therefore did not report it to the Finance Minister under section 19 of the PGPA Act. |
Case Study 6: Unauthorised entry into arrangements involving relevant money by non-officials A medium-sized non-corporate Commonwealth entity engaged contractors to assist with a project being carried out by the entity. As the entity intended for officials of the entity to oversee the project, the contractors were not prescribed as officials and were not provided with relevant financial delegations to enter arrangements and commit relevant money under the PGPA Act. The contractors were later discovered to have entered arrangements on behalf of the entity and committed over $100,000 of relevant money without the appropriate authority and oversight by entity officials. This may reflect issues with internal controls (including financial delegations and accountable authority instructions), as non-officials are entering arrangements under the PGPA Act without appropriate legal authority and without sufficient oversight, resulting in financial consequences for the entity. The accountable authority determined that this represented a significant non-compliance issue in the context of the entity’s operations (given the failure of internal controls, value of the non-compliance and the involvement of relevant money). The responsible Minister was notified and the Finance Minister advised via letter at the same time. The accountable authority also provided details on remedial action, which included staff training and reviewing internal controls around spending relevant money. |
Case Study 7: Shared services – multiple accountable authorities A Shared Services Centre of Excellence (Hub) provided shared services functions to three Commonwealth entities (clients). As part of their Memorandum of Understanding (MoU) with the Hub, the accountable authorities of the three clients provided specific accountable authority instructions under section 20A of the PGPA Act to the officials of the Hub in relation to the expenditure of relevant money on their behalf. Officials within the Hub were found to have breached the Hub’s and the clients’ accountable authority’s instructions in failing to document evidence in support of credit card transactions in the internal financial system. There were 100 breaches of the requirement across the three clients. Information was subsequently obtained from credit card holders, and there was no financial loss to the entity or Commonwealth. Because the matter of non-compliance affected multiple entities, each entity’s accountable authority considered whether the non-compliance constituted a significant matter affecting their entity, and whether to notify their minister. The accountable authority of the Hub decided that there was no systemic failing in the Hub’s system of internal controls, as the issue was detected, there was no financial loss, and the issue appeared to be a “once-off”. The accountable authority of each client considered that this did not constitute significant non-compliance, as the number of breaches was insignificant compared to the total number of credit card transactions recorded for the financial year for their entity, the non-compliance was quickly identified and remedied and there was no financial loss. To reduce the risk of reoccurrence, the Hub reviewed and updated their operating procedures. The Hub engaged with each client and reviewed their MoU to ensure it remained fit for purpose. As part of the Hub’s review of their operating procedures, the senior executive of the Hub reminded the Hub officials of their obligations and increased education and monitoring around credit card use. |
Appendix A – Flow chart
Appendix B – Model letter to the Finance Minister
This model letter is aimed at assisting accountable authorities and officials supporting accountable authorities in notifying the Finance Minister of instances of significant
non-compliance with the finance law. The model is provided as a guide only. Accountable authorities may choose to develop their own approach or use only part of this model.
Generally, letters will be addressed from the accountable authority or the responsible minister, noting that it may be easier for accountable authorities to brief the responsible Minister and to correspond with the Finance Minister at the same time.
Dear Minister,
In accordance with section 19 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), I am writing to you to advise you of significant non-compliance with the finance law that has affected [entity].
The entity has identified [number] cases of significant non-compliance with the finance law:
1. [description of the significant non-compliance with the finance law]
2. [description of the significant non-compliance with the finance law]
3. [description of the significant non-compliance with the finance law]
A summary of the instances of non-compliance with the finance law and the actions taken to remedy the non-compliance is provided [below/in an attachment].
In addition, the entity will report this breach in its 20XX-XX annual report as required by the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule).
Yours sincerely,