1. Introduction

About the inquiry

This report into the regulatory activities of five Commonwealth agencies is based on five Auditor-General reports:
Auditor-General Report No.8 2020–21: Administration of Financial Disclosure Requirements under the Commonwealth Electoral Act
Auditor-General Report No.47 2019–20: Referrals, Assessments and Approvals of Controlled Actions under the Environment Protection and Biodiversity Conservation Act 1999
Auditor-General Report No.48 2019–20: Management of the Australian Government’s Lobbying Code of Conduct - Follow-up Audit
Auditor-General Report No.5 2020–21: Regulation of the National Energy Market
Auditor-General Report No.33 2019–20: Tertiary Education Quality and Standards Agency’s Regulation of Higher Education
This chapter:
briefly discusses regulatory frameworks;
highlights common themes found in the audit reports considered by the Committee in its inquiry; and
outlines the conduct of the inquiry.
Later chapters will consider each entity’s response to the report of their performance audit in more detail.

Regulatory frameworks

The work of regulators is shaped by the frameworks under which they operate. For each regulator there are three primary types of framework:
the Australian Government’s Regulator Performance Framework (the RPF);
the Public Governance, Performance and Accountability Act 2013 (PGPA Act); and
the specific laws, regulations or codes that empower the regulator.

The Regulator Performance Framework

The RPF1 was issued by the Department of the Prime Minister and Cabinet in 2014 and provides guidance to regulators. It defines a regulator as ‘a Government body that administers, monitors or enforces regulation’.2
The RPF specifies six principles that regulators should follow:
regulation should not impede the efficient operation of regulated entities any more than necessary;
communication with regulated entities should be clear, targeted and effective;
actions undertaken by regulators should be proportionate to the regulatory risk being managed;
compliance and monitoring activities should be streamlined and coordinated;
regulators should be open and transparent with regulated entities; and
regulators should actively contribute to the continuous improvement of regulatory frameworks.3
The RPF also imposes obligations of transparency, self-monitoring and reporting on regulators in the interest of community and business confidence:
Measuring and publicly reporting performance will give business, the community and individuals confidence that regulators effectively and flexibly manage risk.4

The PGPA Act

As government entities, regulators are also subject to the PGPA Act.5 The PGPA Act establishes a performance framework for Commonwealth entities which aims to ensure that public resources are managed properly, and that Commonwealth entities meet high standards of governance, performance and accountability.6
In addition, regulators must comply with a range of rules and delegated legislation associated with the PGPA Act, including the PGPA Rule 2014, the Commonwealth Procurement Rules and the Commonwealth Risk Management Policy.7

Enabling legislation of audited entities

Regulators are also empowered by specific frameworks in the form of enabling legislation, regulations, or in the case of non-legislative frameworks, a document such as a Code.

The Australian Electoral Commission

The Australian Electoral Commission (AEC) is authorised to regulate the political donation disclosure scheme by Part XX of the Commonwealth Electoral Act 1918 (the Electoral Act).8
The financial disclosure scheme contained in the Electoral Act was introduced in 1983. The scheme requires specific entities that receive funding, provide funding, or incur electoral expenditure to lodge disclosure returns with the AEC. The scheme thereby intends to assist voters to make judgements based on better knowledge of who funds their political representatives and to what extent.9

The Department of Agriculture, Water and the Environment

The Department of Agriculture, Water and the Environment (DAWE) is empowered to regulate Australia’s natural environment by the Environment Protection and Biodiversity Conservation Act 1999 (the EPBC Act).
The EPBC Act is the centrepiece of Australia’s environmental legislation. The portion of it audited in the ANAO report considered by this inquiry relates to how ‘controlled actions’ (actions which might have a significant impact on areas of environmental significance) are referred to DAWE, how DAWE assesses them, and the conditions under which they may be approved.

The Attorney-General’s Department

The Lobbying Code of Conduct (the Lobbying Code) managed by the Attorney-General’s Department (AGD) differs from the other regulatory schemes considered in this report in that it is not a legislative scheme.
The RPF specifies that regulatory powers should be exercised in proportion to the risk posed by non-compliance. AGD’s enforcement powers include deregistration – that is, removing a lobbyist from the Register of Lobbyists. Having been deregistered, Australian Government officials are not permitted to meet with the lobbyist. However, AGD ‘has no power to compel Government representatives to meet only with registered lobbyists or to report breaches when they become aware of them’.10

The Australian Energy Regulator

The regulation of Australia’s energy generation and delivery is complex, as is the Australian Energy Regulator’s (AER) position and role as a regulator. The AER was created under Part IIIAA of the Competition and Consumer Act 2010 (CCA) and its staff are employed and resourced by the Australian Competition and Consumer Commission (ACCC).
The AER regulates the National Energy Market (NEM) in line with the National Energy Rules (NER). It operates alongside the Australian Energy Market Operator (which manages the day to day operations of the NEM) and the Australian Energy Market Commission (which makes and maintains the NER). The AER regulates the operation of monopoly providers, and regulates energy markets in Australian jurisdictions that have joined the NEM.

The Tertiary Education Quality and Standards Agency

Following the Review of Australian Higher Education (the Bradley Review), the Australian Government established the Tertiary Education Quality and Standards Agency (TEQSA) in 2012. As the national agency for the regulation of higher education, it is responsible for the registration of higher education providers and the accreditation of courses offered by those providers.
Its governing legislation, the Tertiary Education Quality and Standards Agency Act 2011 (TEQSA Act), provides that the agency’s ‘actions must not burden a provider more than is reasonably necessary’. Instead, its key regulatory decisions ‘must be risk-based’ and ‘proportionate to the provider’s actual (or risk of) non-compliance with the relevant standards’.11

Common themes

Each entity included in this report is a regulator in their respective field. To effectively conduct regulatory activities, there are a number of practices and procedures that all entities should adhere to. The five ANAO reports outline a number of these issues, and while later chapters will consider these in greater detail as they relate to each individual entity, it is worthwhile providing a broad overview of the common requirements here.
This includes:
The importance of accurate, well-managed and accessible regulatory information to a regulator’s performance;
Risk-assessment and analysis processes;
Compliance and enforcement practices; and
Internal governance and performance measurement.

Regulatory information

The audit reports highlighted the importance of effective collection, management and use of information to regulators, and also brought to the Committee’s attention weaknesses in this area in a number of audited entities.
By way of a statement of the principle, the ANAO noted that:
Accurate, integrated and reliable information on regulated entities, activities and individuals supports regulators in assessing the risk of non-compliance and the development of targeted compliance and enforcement strategies. It also forms data which can be used as intelligence in planning future compliance strategies.12
In its audits, however, the ANAO identified problems in the way some regulators captured and managed relevant information.
In DAWE’s case, the ANAO found that the regulatory information it gathers is held in multiple IT systems and DAWE’s ability to bring that information together and make use of it ‘is limited by a lack of linkages between systems and data management issues’.13
The ANAO went on to observe that ‘[T]his has resulted in staff checking multiple systems and re-entering information already stored elsewhere’ and that ‘[T]hese limitations increase the risk that the department’s view of regulated entities and compliance risks is not complete and accurate’.14
TEQSA’s use of regulatory information is hampered by issues of timeliness. ANAO noted that much of the data TEQSA relies on to inform its risk assessments is first collected and validated by the Department of Education, Skills and Employment. By the time it is provided to TEQSA it can be as much as two years old, which has obvious and potentially significant impacts on its usefulness and accuracy.15
The ANAO also found that the AEC’s use of regulatory information could be improved through further analysis and cross-checking of the regulatory information it receives:
The AEC does not undertake detailed analysis of the financial information that is provided, cross check information with other internal data sources such as the amount of election funding provided or external data sources such as the ACNC and ROC registers.16

Risk assessment and analysis

Regulatory agencies are required to identify risks facing the entities that they oversee, assess their significance, and take steps to mitigate threats posed. The Regulator Performance Framework outlines the importance of risk:
Comprehensive risk assessment processes are essential to ensuring that resources are targeted to the areas requiring the most attention. A risk-based approach promotes the most efficient use of resources and improves the effectiveness of the regulatory framework through minimising burden on those who are voluntarily compliant and ensuring that enforcement action is proportionate and undertaken only when necessary.17
Implementing risk-assessment processes informed by reliable regulatory information is of great importance to regulators. The audit reports considered by the Committee showed that while some entities had well-established processes at the time of audit, the processes of others were deficient in ways that required reconsideration by the audited entity.
In its report on AGD’s management of the Lobbying Code, the ANAO defined two broad categories of regulatory risk – administrative risk and compliance risk. The first relates to a regulator’s ability to manage the regulatory regime, and the second refers to risks that regulated entities might not be able or willing to comply with the regime.18 Administrative risk is discussed below in the section on internal governance and performance measurement.
In its report on AER’s regulation of energy markets, the ANAO said that while AER had well-developed risk assessment processes, they were not demonstrably linked to its compliance and enforcement program:
The AER did not demonstrate a link between its risk assessments and work program priorities. Without this line of sight it was not clear how the priorities in the annual work programs were selected, or if they were risk-based.19
The ANAO reached a similar conclusion in relation to DAWE’s administration of the EPBC Act:
The regulatory approach to referrals, assessments and approvals has not been informed by an assessment of compliance risk. Strategic compliance risk assessments do not inform regulatory plans.20
The key messages relating to risk management emerging from this inquiry were that risk assessments should be informed by good regulatory information, and that risk settings should be aligned with regulatory objectives.

Compliance and enforcement

Just as good regulatory information feeds into risk assessment, the results of good risk assessment processes will ideally inform a regulator’s compliance and enforcement activity.
The RPF specifies that compliance and enforcement actions undertaken by regulators should be proportionate to the regulatory risk being managed:
Where the risk of non-compliance is high or the consequence of non-compliance significant, there is a higher degree of monitoring. Where the risk of non-compliance is low or the consequences of non-compliance minor, regulators take lighter touch approaches.21
The ANAO described the Lobbying Code as a ‘light touch or principles-based’ regulatory regime, in which ‘regulated entities are simply trusted to adhere to values and principles in a code of conduct’.22 The risk of non-compliance with the Lobbying Code has been considered by agencies to be low and the impact of non-compliance similarly low. Consequently the Code is not legislated and does not confer any enforcement powers on AGD.
By contrast, the risks to the environment of non-compliance with the EPBC Act can be substantial and the risk of regulated entities failing to comply equally so. DAWE’s responsibility to manage those risks is therefore a serious one.
The ANAO assessed DAWE’s regulation of referrals, assessments and approvals under the EPBC Act and found each to be lacking. It found that ‘referrals and assessments are not administered effectively or efficiently’ and that ‘the department is unable to demonstrate that conditions of approval are appropriate’.23
There was a difference of perspective between the ANAO and the AEC with respect to the AEC’s approach to regulation and enforcement. The AEC has consistently adopted an educative approach to non-compliance. Its view is that ‘it remains costly and time-consuming to pursue civil penalties in court’ and that ‘it is also not clear what would be gained by pursuing a civil penalty for minor non-compliance’.24 The ANAO considered that the level of non-compliance and its associated risk justified a more active enforcement program to uphold the intent of the legislation, and that greater use of investigatory powers and penalties should be made.25 The AEC argued that its ‘administration of Part XX of the Electoral Act, in line with its interpretation of the intent of that legislation, does not lead to a view that a more heavy-handed approach to enforcement is warranted’.26 These issues are examined in greater detail later in this report.

Internal governance and performance measurement

Issues of information collection and management, risk assessment, compliance and enforcement are more difficult to manage reliably in the absence of sound internal governance and performance measurement arrangements.
As the ANAO noted in its report on the administration of the EPBC Act:
Sound governance arrangements support effective and efficient regulation. This includes the establishment of frameworks to ensure that efforts are targeted to the level of risk, decisions are made consistently and objectively, and regulators are accountable for achieving their objectives.27
Likewise, in relation to performance measurement, the ANAO said in its report on the Lobbying Code:
An integral part of the regulatory process is assessing the effectiveness of the regulatory arrangement in achieving policy objectives. Such assessments help identify any improvements required to the policy framework, as well as to the administrative performance of the regulator.28
Particular governance issues arising from the inquiry include:
The need for sound strategic planning to inform regulatory objectives and activity;
The need for proper internal oversight and performance monitoring; and
The need for proper documentation of regulatory activities and programs, which is critical to proper performance assessment as well as meeting a regulator’s transparency obligations as laid out in the RPF.
While the Auditor-General’s assessment of the AER’s regulatory performance was positive overall, it did find some weaknesses in governance, in particular with respect to its documentation of planning and strategy:
The AER has two distinct arrangements for external reporting on its performance - the Commonwealth performance framework and the statements of expectations from the COAG Energy Council [now the Energy National Cabinet Reform Committee] and Commonwealth Treasurer. These two frameworks were not well linked, and neither adequately captured the AER’s purposes or provided a clear read from the purposes to the AER’s deliverables.29
The AER implemented its own corporate planning and governance documents in response to this finding and in addition created a strategic plan to guide its activities as a regulator.30
The ANAO documented a number of problems with DAWE’s internal oversight and management processes, and recommended that the department ‘establish and implement a quality assurance framework to assure itself that its procedural guidance is implemented consistently and that the quality of decision-making is appropriate’. The report went on to note that ‘the department has no arrangements to measure its efficiency and the implementation of proposed efficiency improvement measures has not been appropriately tracked’.31
Proper documentation and record-keeping is also a critical element of good governance and permits performance measurement. In its January 2021 ‘audit insights’ publication Administering Regulation, the ANAO noted that:
Appropriate recording of regulatory actions and the rationale for regulatory decisions supports transparency and accountability ... A regulator, through its records, should be able to demonstrate that approval decisions align with requirements and that compliance activity and/or actions undertaken were warranted given risk, the evidence available, the compliance framework developed and legislative powers.32
However, the Committee heard that audited entities have not always met their requirements in terms of record-keeping. In relation to DAWE’s failure to adequately document its administration of environmental approvals, Deputy Auditor-General Rona Mellor said:
… when you’re regulating something as important as this and you’re setting rules within your regulation about what documentation must be kept, it’s because there’s a risk. This is, as many areas of Commonwealth regulation are, a highly contestable space with very strong interests within it. It was very disappointing from an auditor’s perspective to see that rules that were set about good record keeping and documentation around decision-making actually hamstrung us in proceeding down some of the audit routes that we would have done. You come to dead ends when there’s nothing there.33
Further and more detailed discussion of these issues will be contained in later chapters as it relates to each audited entity.

Conduct of the inquiry

The Joint Committee of Public Accounts and Audit has a statutory responsibility to examine all reports of the Auditor-General presented to the Australian Parliament (as per Section 8(c) of the Public Accounts and Audit Committee Act 1951).
On 11 November 2020 the Committee resolved to inquire into five Auditor-General reports examining the performance of regulatory bodies.
On 17 November 2020, the Committee issued a media release announcing the inquiry and inviting submissions from interested parties. The Committee also invited submissions from the agencies included in the Auditor-General reports considered.
The inquiry received nine submissions and seven supplementary submissions, which are listed at Appendix A.
A public hearing was held on 4 March 2021. A list of witnesses and organisations that appeared is at Appendix B. A transcript of the public hearing is available in HTML and PDF formats on the inquiry website.

  • 1
    Department of Prime Minister and Cabinet, Regulator Performance Framework, https://www.pmc.gov.au/resource-centre/regulation/regulator-performance-framework, accessed 27 April 2021.
  • 2
    Regulator Performance Framework, p. 2.
  • 3
    Regulator Performance Framework, pp. 16-27.
  • 4
    Regulator Performance Framework, p. 2.
  • 5
    Public Governance, Performance and Accountability Act 2013, https://www.legislation.gov.au/Series/C2013A00123, accessed 27 April 2021.
  • 6
    Public Governance, Performance and Accountability Act 2013, Section 5.
  • 7
    Australian National Audit Office, Submission 9, p. 1.
  • 8
    Commonwealth Electoral Act 1918, https://www.legislation.gov.au/Series/C1918A0002, accessed 27 April 2021.
  • 9
    Auditor-General Report No. 8 2020–21, p. 7
  • 10
    Auditor-General Report No. 48 2019-20, p. 19.
  • 11
    Auditor-General Report No 33 2019-20, p. 17.
  • 12
    Australian National Audit Office, Submission 9, p. 3.
  • 13
    Auditor-General Report No. 47 2019–20, p. 23.
  • 14
    Auditor-General Report No. 47 2019–20, p. 24.
  • 15
    Auditor-General Report No. 33 2019–20, p. 24.
  • 16
    Auditor-General Report No. 8 2020–21, p. 48.
  • 17
    Regulator Performance Framework, p. 20.
  • 18
    Auditor-General Report No. 48 2019-20, p. 40.
  • 19
    Auditor-General Report No. 5 2020–21, p. 93.
  • 20
    Auditor-General Report No. 47 2019–20, p. 9
  • 21
    Regulator Performance Framework, p. 20.
  • 22
    Auditor-General Report No. 48 2019-20, pp. 18-19.
  • 23
    Auditor-General Report No. 47 2019–20, p. 8.
  • 24
    Australian Electoral Commission, Submission 7, p. 4.
  • 25
    Auditor-General Report No. 8 2020–21, p. 57.
  • 26
    Auditor-General Report No. 8 2020–21, p. 62.
  • 27
    Auditor-General Report No. 47 2019–20, p. 20.
  • 28
    Auditor-General Report No. 48 2019-20, p. 47.
  • 29
    Auditor-General Report No. 5 2020–21, p. 11.
  • 30
    Australian Energy Regulator, Submission 2, p. 2.
  • 31
    Auditor-General Report No. 47 2019–20, p. 49.
  • 32
    Australian National Audit Office, Administering Regulation, January 2021, https://www.anao.gov.au/work/audit-insights/administering-regulation, accessed 10 May 2021.
  • 33
    Ms Rona Mellor PSM, Deputy Auditor-General, Committee Hansard, 4 March 2021, p. 41.

 |  Contents  |