"A
Fairfax Media investigation has obtained access to hundreds of pages
of internal government audit reports that have exposed systemic
weaknesses in the financial controls exercised by Commonwealth agencies.
Such flaws are widely recognised as corruption risks for governments,
but there is no agency specifically charged with investigating graft in
Australia's largest civil service."
Besser reports
today on the Government announcement that $700,000 is to be spent on a ''National Anti-Corruption Plan." A parliamentary integrity commissioner by September 2011 was part of the Government -Greens deal a year ago but is yet to transpire.
The release of internal audit reports raises some interesting FOI issues. The reforms of last year have narrowed the scope for what amounted to broad class exemption claims for these types of documents. As to what makes news once information of this kind is released, good reports unfortunately don't cut it. And a snapshot in time of the situation in an agency two or three years ago won't necessarily convey the full or current picture.
FOI
Besser's access to internal audit reports is probably behind the call by
the
Institute of Internal Auditors (IIA) for a specific conditional FOI exemption for internal audit reports. The IIA claims the
threat of disclosure of audit findings could compromise audits of
governance and risk management. Stephanie Koehn of the Institute said:
".. we are concerned the release of internal audit reports would
seriously undermine public sector governance and the long term integrity
of public administration.” She said in order to report effectively and
accurately, internal auditors relied on the candour of Departmental
staff. She said the IIA was concerned that if information identifying a
Department’s specific risks and weaknesses was released early then the
Department’s staff may be less forthright with the auditors.
Internal audit is about evaluation and improvement in efficiency and effectiveness of business processes. Some reports will contain what could be regarded as sensitive information, for example
the existence of system weaknesses that haven’t been
addressed but could be exploited if widely known, gaps in security
systems etc. Reports are always likely to identify some shortcomings or areas for improvement. The sensitivity of a report will depend on content, the
effect of disclosure and context- the lapse of time since completion for example. As Besser has highlighted audit reports also address issues concerning standards of public administration and use of public money, matters where the public interest in transparency and accountability is strong.
A special FOI exemption for internal audit reports would not seem justified. If FOI disclosure and the impact on candour is the problem, agencies need to do more to reinforce the need and purpose for honest, complete and accurate responses to questions raised by auditors. Do reports usually name names in any event?
As to the current law, in addition to a raft of absolute exemptions some of which for example law enforcement and public safety may apply in particular circumstances,
the FOI act includes a number of conditional exemptions that may be relevant to some content of an internal audit report. They involve balancing the public interest in disclosure and non disclosure.The most relevant is Section 47E which conditionally exempts a document where disclosure would,
or could reasonably be expected to, prejudice or have a substantial
adverse effect on certain listed agency operations.
There are four separate grounds for this conditional exemption:
(a) disclosure could, or be reasonably expected to, prejudice the
effectiveness of procedures or methods for the conduct of tests,
examinations or audits by an agency
(b) disclosure could, or be reasonably expected to, prejudice the
attainment of the objects of particular tests, examinations or audits
conducted or to be conducted by an agency
(c) disclosure would have a substantial adverse effect on the
management or assessment of personnel by the Commonwealth or by an
agency or
(d) disclosure would have a substantial adverse effect on the
proper and efficient conduct of the operations of an agency.
A conditional exemption can only be claimed if, in addition, disclosure on balance would be contrary to the public interest. In the case of reports or parts of reports released to Besser agencies either decided (a) to (d) were not arguable, or if one or more were, that the public interest favoured disclosure.
Perhaps the Australian Information Commissioner’s guidelines regarding s 47E(d) (to which an agency must have regard in reaching a decision on access) had some influence on decisions:
6.111 The predicted effect must bear on the agency’s ‘proper and
efficient’ operations, that is, the agency is undertaking its expected
activities in an expected manner. Where disclosure of the documents
reveals unlawful activities or inefficiencies, this element of the
conditional exemption will not be met and the public interest factors of
accountability and transparency are further weighted towards
disclosure.
Particularly since last November's amendments to the FOI act link new objects - that include "increasing scrutiny, discussion, comment and review of the
Government's activities"-to the public interest considerations in favour of disclosure.
DAFF hasn't to date posted the internal audit reports released on its Disclosure Log but both the Innovation and DBCDE reports and perhaps others (I haven't looked) are available.
Reporting
Internal audit reports provide a snapshot at a a moment in time. A report that everything is fine or needs little improvement is not going to make the news, unfortunately, but proactive publication or posting on the Disclosure Log will get such information out to some who may be interested. A report even a couple of years old can reveal information of continuing significance in terms of
standards of administration. But these reports don't reveal what happened after the
event and whether identified shortcomings have been rectified. Agencies could do themselves a favour by providing additional information that puts a released report in proper context.
On the Herald reports ,the headline on the DAFF story about audits completed in 2008 and 2009 was "Fraud
probe targets top bureaucrats." Headline writers love the present tense.The Department's response to the story published the next day was:
A department spokeswoman said on Monday fraud was taken
very
seriously at the federal agency but pointed out there had been no
investigations as such, only investigations into allegations. "There has
been no fraud probe into the department," she said in a statement on
Monday.
Similarly the Herald article on DBSDE, "Auditors raise probity queries at broadband overseer", was about audits undertaken by KPMG in 2009. If you get beyond the headline to the last paragraph, in respect of at least one of the audits:
A department spokeswoman said KPMG had subsequently confirmed their
recommendations had been implemented, including ''increased guidance
associated with procurement planning … [and] the need for appropriate
risk assessment''.
No comments:
Post a Comment