The Joint Committee of Public Accounts and Audit (JCPAA) inquiry into Australian Government Security Arrangements was based on the following Australian National Audit Office (ANAO) reports:
No. 38 (2017-18), Mitigating Insider Threats through Personnel Security
No. 43 (2017-18), Domestic Passenger Screening – Follow‑Up
Mitigating Insider Threats through Personnel Security
Personnel security, a component of the Australian Government’s Protective Security Policy Framework (PSPF), aims to mitigate insider threats by assessing the eligibility and suitability of individuals accessing government resources. The Australian Government Security Vetting Agency (AGSVA), based in the Department of Defence, administers personnel security vetting.
A previous audit concluded that the performance of centralised vetting had been mixed, and improved efficiency and cost effectiveness were not evident.
This audit aimed to examine vetting performance and the implementation of more recent personnel security reforms.
The Audit Report found that the effectiveness of personnel security arrangements was reduced as AGSVA had not implemented the Australian Government’s policy direction to share identified personnel security risk information with client entities.
The Audit Report examined the development and implementation of personnel security plans, policies and procedures across several government entities, finding that compliance varied greatly.
The Committee noted that the five entities examined had accepted the Audit Report recommendations, with implementation mostly complete or well underway. The Committee recommends that the five audited entities report back to the JCPAA on the implementation of the recommendations from the Audit Report and compliance with the PSPF.
Considering that AGSVA administers personnel security vetting services for more than 150 Commonwealth and state government agencies, the sample of five entities examined in the Audit Report may not be representative of what is actually happening across all agencies or entities. The Committee recommends that the Auditor-General consider further audits into the performance of a significant proportion of the 150 Australian Government agencies against the PSPF requirements.
Audit Report 38 identified significant issues concerning AGSVA’s information systems. AGSVA stated that the current system does not meet its business needs. Although the development and implementation of a replacement system has begun, there is still a substantial wait for any initial operating capability and a fully operational system is some five years away. Inefficient processes and poor data quality, as well as the extensive exchange of information outside of a secure environment, will continue until the new system is in place. The Committee recommends that the Department of Defence move to have a new vetting case management system in place as soon as possible. The Committee also recommends that Defence provide a progress report and timeline for the implementation of the new vetting case management system.
Domestic Passenger Screening – Follow‑Up
The Department of Home Affairs undertakes domestic passenger screening in order to prevent prohibited items such as weapons and explosives being carried onto aircrafts. Screening needs to be conducted efficiently and must meet legislated and regulatory requirements.
The ANAO previously tabled Auditor‑General Report No. 5 (2016-17), Passenger Screening at Domestic Airports on 31 August 2016. This audit made five recommendations aimed at improving the department’s (then, the Department of Infrastructure and Regional Development) regulatory performance. In 2017‑18, the ANAO undertook a follow‑up audit to examine the extent to which the Department of Home Affairs (the department) had implemented the five recommendations of the previous audit.
The follow‑up audit concluded that as at March 2018, the department had implemented one and partially implemented four of the five recommendations from the previous audit. The ANAO stated that although the department had made progress, it was not yet ‘well placed to provide assurance that passenger screening is effective and that screening authorities comply with the Regulations’.
The department has acknowledged that the compliance data in its information technology systems has been challenging and that ‘the ease of use of the system is not perfect’. Although the department has made improvements, the Committee’s view is that the recurrent issues around quality of data and the use of manual processes for analysis and reporting will continue to impact on the department’s ability to provide assurance that robust data and efficient reporting is informing passenger screening and compliance activities.
The department has commenced implementation of the compliance and enforcement framework with an initial focus on staff capability training. The Committee noted the three‑year timeframe for implementation, which may be extended by a further 12 to 24 months, and recommended that the department report back to the Committee with more detailed information regarding the implementation timeframes and milestones.
The department commenced delivering the learning and development program in February 2018, with all staff to be appropriately qualified by the start of 2019. The Committee noted concerns regarding the monitoring and evaluation component and the baseline data available for the learning and development framework, and subsequently made two recommendations.
The Committee is concerned by the department’s slow progress in developing and implementing performance measures for passenger screening. The department’s advice at the September 2018 public hearing regarding the timeframe for implementation is different to the timeframe initially reported by the ANAO, further undermining the Committee’s confidence that performance measures will be implemented in a timely manner. The Committee has recommended that the department report back on the implementation timeframes.