List of Recommendations

Recommendation 1

2.18

The Committee recommends that the Auditor-General consider conducting a number of additional audits of Australian Government entities focusing on their performance against Protective Security Policy Framework requirements and recommended practices.

Recommendation 2

2.27

The Committee recommends that each of the five entities scrutinised in Audit Report 38 (2017-18) provide a progress report to the Committee, within three months and with an update every twelve months, on their implementation of the recommendations from the Audit Report and the status of their compliance with the Protective Security Policy Framework.

Recommendation 3

2.33

The Committee recommends that the Department of Defence expedite the ICT2270 Vetting Transformation project and provide to the Committee a progress report and updated timeline on implementation of the replacement ICT system.

Recommendation 4

2.43

The Committee recommends that the Department of Defence establish extra safeguards and quality control measures to ensure that no incidents of sensitive data loss occur prior to operational capability of the new vetting case management system.

Recommendation 5

2.49

The Committee recommends that the Department of Defence prepare a full business case to consider the current and alternative service delivery models, taking account of projected future demand for vetting, the costs, benefits and risks of various approaches, and provide the findings of this to the Committee within 12 months.

Recommendation 6

3.10

The Committee recommends that the Australian National Audit Office consider conducting a follow-up audit in 2019-20, focusing on the department’s implementation of eight agreed ANAO recommendations and considering the department’s entire compliance program.

Recommendation 7

3.14

The Committee recommends that the Department of Home Affairs:

gather an appropriate baseline data set prior to the implementation of Regulatory Management System upgrade in the first quarter of 2019;

monitor and review the outcomes of the upgrade against the baseline data set, particularly whether data quality is improving; and

either prioritise an additional upgrade to the Regulatory Management System in order to establish an efficient and effective reporting function, or prioritise the development of the data product suite (as was approved on 10 November 2017) in order to address the limitations to data quality and performance reporting identified in the ANAO report.

Recommendation 8

3.16

The Committee recommends that the Department of Home Affairs report back to the Committee on progress in the implementation of the compliance and enforcement framework in detail, including objectives, timeframes, milestones, lines of responsibility, performance measures, evaluation and reporting arrangements, and further information on the centralised case management system.

Recommendation 9

3.18

The Committee recommends that the Department of Home Affairs report back to the Committee on training undertaken by staff in relation to the Regulatory Management System, and whether improvements to data quality, reliability and accuracy are being measured and achieved.

Recommendation 10

3.23

The Committee recommends that in relation to the learning and development framework, the Department of Home Affairs:

establish a formal monitoring mechanism to provide assurance that all ongoing and new operational staff have undertaken the required qualifications and re‑accreditation; and

consider using the results of the training needs analysis from February 2017 as baseline data in the monitoring and evaluation of the learning and development framework.

Recommendation 11

3.25

The Committee recommends that the Department of Home Affairs report back to the Committee on the implementation of performance measures for passenger screening, including:

the outcomes of the trial implementation period of performance measures with industry participants; and

the department’s target date for full implementation of performance measures.

| Contents |