Operation Andros

In August 2017, IBAC commenced Operation Andros to investigate allegations of corrupt conduct against employees of Emergency Management Victoria (EMV) and its predecessor organisation, the Fire Services Commission (FSC), agencies of the then Department of Justice and Regulation (DJR).

These allegations related to improper procurement processes and failures to declare conflicts of interest.

The Department of Justice and Community Safety (DJCS) replaced the former DJR following machinery of government changes on 1 January 2019.

  • IBAC's investigation did not identify any serious corrupt conduct or criminal offences by any EMV or FSC employee.

    However the investigation did identify organisational issues at EMV regarding:

    • the failure to declare or effectively manage conflicts of interest
    • poor procurement and contract management practices
    • risks associated with record keeping
    • a culture within FSC and EMV where the nature of the emergency management environment was used as a justification to bypass established policies and processes
    • a dual reporting structure that contributed to a lack of clarity around processes, particularly in relation to procurement.
  • IBAC identified opportunities for DJCS and EMV to address vulnerabilities identified in Operation Andros, including in relation to EMV’s conflict of interest framework, procurement and contract management, and EMV’s dual reporting structure.

    In February 2021 DJCS wrote to IBAC outlining the actions it had taken to address the corruption vulnerabilities identified in Operation Andros.

    IBAC publishes responses to our investigations to inform the community about actions agencies advise they are taking, and to share learnings that may help other agencies improve their systems and practices to prevent corruption and misconduct.

DJCS's response

Emergency Management Victoria (EMV) to review and evaluate its conflict of interest framework, including regular audits to identify the completeness and accuracy of disclosures and registers, and checks of whether documented management responses have been properly implemented.

Policy framework and workplace culture

EMV applies the DJCS Conflict of Interest (COI) Policy, which is aligned to the Victorian Public Sector Commission's Guide to applying COI policy principles.

DJCS notes that the COI Policy was in place at the time of the conduct addressed in Operation Andros. However, while this policy and appropriate processes were in place, EMV has since increased its focus on raising awareness and compliance with this policy. As noted in IBAC’s findings, the nature of the emergency management portfolio meant that a sense of urgency could be used to bypass appropriate processes and accountability. Since this time, EMV has undergone significant reform in terms of governance, processes, and cultural change. The appropriate safeguards are in place to ensure the conduct detailed in Operation Andros does not occur again.

Audits and implementation checks

EMV now conducts quarterly reviews of COI documentation for all executive staff. Previously no audits of this information were conducted. EMV also regularly provides information to executives and staff about COI. The manager or supervisor of a staff member registering a COI approves the declaration. The COI Policy and processes apply to all EMV staff and contractors engaged.

EMV to ensure employees comply with its conflict of interest framework, including ensuring:

  • senior leaders, managers and supervisors understand their obligation to model strong integrity behaviours, including in relation to identifying and declaring conflicts of interest
  • senior leaders, managers and supervisors understand their obligation to actively and effectively manage the conflicts of interests of EMV employees and contractors
  • EMV employees and contractors understand their obligations to identify, declare and manage conflicts of interest including avoiding conflicts of interest where possible
  • declarations of conflicts of interest and any associated management plans are recorded, communicated to relevant supervisors, and reviewed as appropriate.

The overall culture of EMV has changed, which has had a significant impact in making it clear that undeclared conflicts or appropriate management of actual or perceived conflicts will not be tolerated.

Declaration and management of COI

EMV senior leaders, managers and supervisors are required to adhere to the DJCS COI Policy and broader Integrity Framework. This includes declaring COI, managing employee and contractor COI, and fostering an appropriate integrity culture.

COI declarations are completed by:

  • panel members on all procurement activities
  • panel members on all recruitment activities
  • as required and when circumstances change. For example, when an individual joins the Country Fire Authority (CFA) as a volunteer, starts a part-time job or has a partner who is employed in the same business unit.

In December 2020, the EMV Planning and Risk team engaged with the HR team, Business Service Coordinators, and other administrative teams regarding the completion of COI declarations. At the same time, the Planning and Risk team also engaged with managers involved in procurement activities to ensure that COI declarations are completed, and details captured on the COI Register.

Use of contractors

EMV complies with the broader DJCS and whole-of-government policy in relation to reducing the use of labour hire unless it meets the specified criteria and is approved by the Secretary. Therefore, there are additional checks and balances in place to ensure staff are not engaged as contractors after the cessation of their employment with EMV.

EMV COI education and engagement activities

On 23 December 2020, the Executive Director of Integrity and Reviews delivered a presentation to the EMV Executive Team on COI.

An all staff presentation by the Director of Integrity and Investigations regarding COI, integrity and fraud was planned for December 2020 and is now being rescheduled to an upcoming staff meeting in early-2021.

EMV is exploring opportunities for an education and information campaign regarding COI and outside employment or volunteer roles. This is planned to include direct communication messages to staff via email. Education would also be targeted at staff who are likely to be decision-makers, such as managers and executive staff.

Opportunities for broader EMV-wide information and communication campaigns promoting integrity in the workplace are also being considered.

Integrity Culture is also consulting with EMV about how to support any training and education opportunities.

EMV to address the corruption vulnerabilities identified in Operation Andros in relation to procurement and contract management, including ensuring:

  • EMV’s current procurement framework and controls are reviewed to identify any risks or inconsistencies with Departmental, whole of government and Victorian Government Purchasing Board policies
  • training for all employees involved in procurement, contract management and financial management effectively covers relevant policies and procedures including the Crisis Procurement Policy, conflict of interest procedures, code of conduct, and the responsibilities of financial delegates
  • robust information management processes are in place to accurately document all procurement activities in an auditable manner and employees understand their obligation to use the Department’s and EMV’s document management systems
  • audits and risk assessments are conducted to help identify system vulnerabilities that may not have been detected through regular monitoring processes
  • employees and suppliers are regularly reminded of their responsibility to report suspected corrupt conduct and how to make a report.

Meeting whole-of-government and DJCS standards

EMV has engaged several professional services and implemented the pre-approval process for these types of engagements (e.g. the Specialist Advisor for Fire Services Reform (FSR) and negotiation services engagement with key stakeholders for the FSR). Existing EMV procurement processes are guided by and are in line with whole-of-government and DJCS policies and standards. This includes (but is not limited to):

  • procurements over $100,000 being approved by the Procurement Approval Board (PAB)
  • appropriate probity processes
  • seeking the appropriate number of quotes for proposed procurement value
  • use of State Purchase Contracts
  • adhering to evaluation requirements
  • completing appropriate documentation
  • seeking appropriate approvals for each procurement.

Management and understanding of COI

COI declarations are now mandatory for all recruitment and procurement panel members, rather than being optional as they were under previous leadership.

There is no requirement for COI forms to be completed routinely as part of the contract management process. However, the obligations are clear that if there is any conflict, or even the potential for perceived conflict, then contract managers must complete the COI declaration. There is compliance with these requirements.

Crisis procurement

EMV have implemented policy and processes for crisis procurement activities whereby activities must directly relate to the crisis (rather than a long-term procurement project), and/or be an immediate need in response to the crisis.

Further to this, the procurement during/for a crisis does not exempt DJCS from its responsibility to manage public funds appropriately. Crisis procurement processes should be undertaken in accordance with the overriding good practice principles of:

  • value for money, accountability, and probity, to the extent that
  • they can be applied given the severity and urgency of the event
  • adopting minimum record-keeping processes
  • adhering to contract disclosure requirements
  • declaring conflicts of interests.

In relation to record-keeping, audit and reporting obligations, all staff utilising the Crisis Procurement Policy must:

  • obtain financial approval before commencing procurement activities related to this crisis with DJCS’ financial approval processes regarding financial delegation level approval still required for the cumulative contract
  • complete the DJCS Crisis Procurement Event Register.

In addition, staff are expected to:

  • complete COI plans and file in the department’s record management system (TRIM)
  • complete the Contract Disclosure Authority Form for contracts more than $100,000 (incl. GST) and provide it to the PAB Team via email
  • create the contract in the electronic contract management system and link/re-link purchase orders to contract
  • file all appropriate documents in TRIM to meet record keeping and audit requirements
  • re-visit the Crisis Procurement Event Register to ensure that any ongoing management activities are underway.

EMV complies with all the controls listed above.

Reviews and checks of procurement controls

A range of measures are designed to ensure appropriate governance, probity, compliance, and integrity measures including:

  • financial thresholds for sourcing and procurement approvals
  • sourcing requirements such as the extent of and process for approaching the market
  • probity planning, processes, and documentation requirement
  • COI declaration and management plans.

Audit and risk

EMV undertakes a separate process to update risks and treatments in addition to the quarterly group-level and critical business-unit level risk registers review and reporting.

EMV maintains a Strategic Risk Register.

EMV undertakes EMV-specific audits. One of the management-agreed actions from a Deloitte internal audit regarding systems and employees being compliant with the EMV Emergency Work Policy was that the Planning and Risk team undertake a periodic audit of the EMV timesheet approval process.

Record keeping

Procurement records are created and maintained at business level and stored in TRIM. EMV complies with the Records Management Policy, Standards and Procedures.

Reporting corrupt conduct and supplier contact

The Integrity Culture team is responsible for DJCS’ Speak Up policy and associated campaign encouraging leaders, staff, contractors and other parties to report any suspected corrupt conduct. DJCS also has a Supplier Code of Conduct, which staff are informed of in integrity communications.

This is part of DJCS’ broader integrity framework that applies to EMV.

Contracts with providers identified in Andros

EMV can confirm that it does not have any current contractual arrangements with the providers identified in Operation Andros.

EMV to review the corruption risks associated with its dual reporting structure identified in Operation Andros and advise IBAC how these risks have been addressed, including ensuring clarity of roles and consistent standards and processes are applied across the operational and the corporate areas of EMV.

Dual reporting and leadership change

EMV notes the corruption risks in the governance structure identified by IBAC. However, considerable reform, governance and culture change has occurred since this time in response to these risks. There have been no subsequent issues encountered in relation to role clarity between the Deputy Secretary/Chief Executive and the Emergency Management Commissioner (EMC).

Where significant decisions are required by the EMC, which have financial or HR impacts, even when this is during a crisis, those decisions are either discussed, referred, or agreed with the Chief Executive. Where it is important that the EMC has visibility of financial or HR matters, his office is briefed prior to final approval by the Chief Executive, Secretary or Minister.

Consistent standards and corporate processes

EMV executives are required to progress all procurement requests through the Director of Corporate Support and Transformation and the Deputy Secretary. This is in addition to complying with the wider DJCS policy on obtaining Secretarial approval on all procurement processes. The additional oversight has led to significant improvements as well as increased awareness and integrity within the new executive group.

In the last 18 months the following processes have been implemented:

  • Deputy Secretary and Secretary pre-approval required prior to the sourcing of professional services
  • Deputy Secretary and Secretary pre-approval prior to the sourcing of contractors/labour hire
  • change in the financial threshold of when a sourcing plan is required
  • implementation of a new system with Procurement Services to record upcoming procurement activities.