The Audit Office of NSW has released its report regarding the management of high value contracts by HealthShare NSW. The audit examined whether HealthShare NSW, as part of NSW Health, has the required contract management capability to effectively manage goods and services contracts valued over $250,000.
The audit found that HealthShare is not applying the capability needed to effectively manage high-value goods and services contracts. Consequently, the value for money or savings it achieves when it negotiates contracts is at risk of being eroded over the life of these contracts.
Specifically, the Audit Office found that HealthShare:
Finally, the review confirmed that HealthShare’s contract
management practices were limited by inadequate performance monitoring.
WHAT YOU NEED TO DO
Effective contract management is essential for all organisations to ensure contracts are delivering the goods and services expected, and achieving value for money, safety and quality.
There are substantial reputational and financial risks for organisations that do not manage their contracts well. Consequences could include financial loss, unmanaged and increasing costs, bad media coverage, loss of stakeholder confidence and/or unrealised goods, services and assets.
Good practice contract management includes, as a minimum, the following management controls:
The Audit Office report should prompt all public sector agencies (including Local Councils) to review their controls over contract management. And while many agencies may not manage high-value contracts (i.e. over $250,000), the findings of the report are relevant for all contracts of material value given an agency’s size and context.
HOW CENTIUM CAN HELP
This report should act as a call to action for all Agencies regarding the importance of maintaining strong controls over contract management, especially given the reputational and financial risks associated with ineffective contract management.
As such, it may be opportune to consider a contract management audit (or even a follow-up audit) to confirm the effectiveness of internal controls.
As experienced auditors of contract management in a wide variety of organisations we would be pleased to assist in this regard. Centium would also be available to review and provide expert advice on your related frameworks and systems, for example, those relating to procurement, asset management and/or project management. We invite you to reach out to our highly qualified Risk & Assurance Directors Penelope Corkill. We would also invite you to check out information regarding our clients, recent success stories, and other service lines on our website. And please – follow us on LinkedIn
DFSI (DCS) has produced revised Property Acquisition Standards, that apply to all acquiring authorities in NSW, including General Purpose and County Councils. These standards establish key requirements for all agencies that undertake acquisitions under the Land Acquisition (Just Terms Compensation) Act 1991, including increasing the consistency and transparency of the compulsory acquisition process across all acquiring authorities.
Councils must apply these standards when undertaking acquisitions under the Land Acquisition (Just Terms Compensation) Act 1991.
Council staff and consultants engaged by councils who are involved in the acquisition of land, should be made aware of these revised Property Acquisition Standards.
This means that Council staff and consultants undertaking the acquisition of land, should review their current processes to ensure they comply with the revised Property Acquisition Standards.
According to OLG Circular No 19-16 / 06 August 2019 / A653804, when making an application for approval to acquire land under the Land Acquisition (Just Terms Compensation) Act 1991, Council’s will need to be able to provide evidence they have complied with the revised Property Acquisition Standards, for acquisitions where the Standards apply.
How Centium can help
We can assist our Council clients (and in fact any other acquiring authority e.g. State Government) by reviewing and updating their current processes (including policies and procedures) to ensure they comply with the revised Property Acquisition Standards.
For more information, please reach out to our highly qualified Directors with specialist Local Government knowledge Penelope Corkill.
The NSW Government Delivery & Performance Committee (DAPCO) sits alongside Cabinet and the Expenditure Review Committee (ERC). It is tasked with assessing the digital or data components of every new policy proposal to ensure services are more seamless and uniform. It is part of the Government's pledge of "digital first".
Minister Dominello has described it as a “powerful” new committee, which requires agencies to work through additional processes to secure funding for projects and budget applications., DAPCO sign-off is needed before agencies move forward to Cabinet and the ERC, the government's two other major structures for determining budget priorities. It is comprised of five of the government’s most senior ministers, including Premier Gladys Berejiklian, Treasurer Dominic, and chaired by Minister Dominello himself.
In addition to signing off on policy proposals, the committee will also be tasked with allocating funding from the recently announced whole-of-government $100M digital restart fund. The fund is intended to support IT projects that promote common platforms over the next two years.
How this impacts our clients
Agencies need to submit their proposals and project budget requests via this committee first in order to even be considered to be allowed "through the door" to Cabinet and the ERC. Agencies will need to anticipate the three sets of questions the committee will ask of each proposal that centre around data architecture, digital design and whether the customer was adequately considered:
• Data Architecture: “What is your data architecture? Is it open data? Is it across the five safes or ten safes model? Is it something that can be opened up straight away or is it something that should be locked down because it’s super private? Is it data in real-time?
• Digital Design: What’s the digital design? Has it got a dashboard? Is it in real-time? Is it a dynamic dashboard, like you expect to see with the stock exchange or is it a piece of wallpaper? And what does that dashboard look like? Does it look the same as every other agency? Does it look and feel like one government or does it look like it’s from Mars and Venus?
• Customer: What’s the customer focus or the customer lens? Are we treating the person of our state as a fraction of each department or are we treating them as a whole? Is it a typical, "tell us once" approach to government?
How Centium can help
Data Security and Data Privacy Assessments are two key considerations that can support a positive answer to the Data Architecture questions. For any assistance, contact us.
Section 355 Management Committees are provided under the Local Government Act 1993 for Councils to delegate some of their functions to a Committee of Council. Each Council may have several such Committees managing community facilities or providing advice to Council about such facilities.
Councils appoint members of the community to manage certain Council facilities (examples of such may include community recreation reserves/sports grounds). Section 355 Committees may also be appointed to provide advice to Councils on community needs in specific areas, such as future upgrade of such facilities.
As 'Section 355 Management Committees', these committees operate under the banner of the Council to provide assistance in carrying out some of Council's functions. This may also include aspects of financial management of such facilities they operate on behalf of Council.
Although Section 355 Committee members are community volunteers, they are covered by Council's Code of Conduct and other policies (including adhering to Council's risk management and good governance principles).
This requires Councils to ensure such community members undertake appropriate Code of Conduct training for consistent compliance as community volunteers with Council's conduct requirements and policies.
What Councils need to do
Councils which utilise Section 355 Committees should be ensuring an appropriate level of Code of Conduct awareness training for the community members who make up such Committees, in a similar manner to such training provided to Councillors and staff.
With the introduction of the new Model Code of Conduct, it is timely for Councils to take stock of the extent of Code of Conduct awareness training each of their Section 355 Committees has received (including any such training through effective induction of newly appointed Section 355 Committee members).
In some cases, such necessary Conduct awareness training for Section 355 Committee members may be as a more general training to members but nevertheless needs to ensure each Committee member understands their obligations under Council's Code of Conduct.
Areas that may need particular focus include General Conduct Obligations in personal interactions between Committee members, managing conflicts of interest, and personal benefits, as well as other specified areas of Council's Code of Conduct.
How Centium Can Help
Centium has been supporting a number of Councils in providing professional on-site training for Councillors and staff regarding their Code of Conduct obligations.
Through our extensive Code of Conduct training program for various Councils we note that some Councils have had difficulties in allocating their internal resources to conduct Code of Conduct training and inductions for Sections 355 Committee members (including newly appointed committee members).
Centium's Code of Conduct training provides dedicated resources and ongoing support to Councils (including Regional and Remote Councils) in addressing the Code of Conduct training needs for Section 355 Committee members for Councils across New South Wales.
We incorporate practical case studies in all our Code of Conduct training to ensure a clear understanding and commitment to Councils' conduct requirements and expectations that includes community members who make up Sections 355 Committees.
Centium's resourcing in this area includes our availability to conduct such Code of Conduct training for Section 355 Committee members outside office hours and at geographical locations where such Committees hold their regular Council facilities management meetings.
If you would like to discuss how Centium can assist you in ensuring ongoing effective Code of Conduct training for such community members of your Section 355 Committees please contact Roy Cottam, Director, Ethical Conduct & Investigations
In the 2018 Local Government Risk Report for Australian Local Government, Aon delivered the results of a national risk survey of the sector. Health and safety concerns have all leapt higher (moving up 2 spots to #3 in the top 10 risks) as Councils count the risk and cost of human impact. But many Councils however are missing the chance to take simple steps to reduce human risks – it’s an opportunity to grasp.
The health and safety of workers is of paramount importance to Councils. Poor controls can not only impact the safety and wellbeing of staff, but could result in legal, financial and reputational impacts. Ultimately, this can affect the ability to deliver services to the community. The role diversity and location variables are key factors that shape and impact the shared safety culture prevailing at Councils.
Centium can conduct a paired WHS Systems Audit and Safety Culture Assessment.
What does each ‘arm’ entail?
A WHS Systems Audit assesses compliance against Australian Standard AS/NZS 48012001 delivering an understanding of how Council’s current WHS practices and processes against current legislation and codes of practice. We perform testing to evaluate the operating effectiveness of current key WHS controls, identify areas of good practice as well as opportunities for improvement in relation to controls and the efficiency of processes.
The Safety Culture Assessment we conduct utilises the Hudson Model of Safety Cultures – but we’ve gone much further. Centium have developed a proprietary method for enabling whole-of-Council engagement and testing against 10 key areas of focus mapped back to the Hudson Model of Safety Cultures. It is a well observed phenomena amongst Councils that even great WHS policies and procedures can have low levels of application and uptake. Therefore, testing the safety culture is able to look at factors such as leadership, norms and behaviours enable us to present strategic action projects that inform and complement a compliance audit approach.
The result? A set of agreed management actions derived from the WHS Systems Audit supported by a series of developmental programs focused on improving safety culture in order to embed improvements and new ways of working. For more information, please get in touch with us.
The NSW Government has released a new policy guidance in line with a focus on taking advantage of the opportunities for efficiency enhancement and improved decision making enabled by IoT.
The IoT Policy Guidance provides practical guidance, advice on standards and tools and templates to help organisations effectively develop and manage an IoT-enabled project.
Among other points the guiding principles require building in Cyber Security and Data Privacy considerations into any initiatives, in consideration of the nature of data being collected and used as well as the inherent cyber security vulnerabilities and risks of the connected devices.
The policy has several recommendations to help initiatives build in Security & Privacy by Design including
Details of the policy can be found at https://www.digital.nsw.gov.au/policy/internet-things-iot
Centium’s experts in GRC, Cyber security and IoT / Industrial control devices are currently working with a number of public sector clients in implementing frameworks and conducting compliance audits and assessments as well as Privacy Impact Assessments.
Download the NSW Government’s Internet of Things Policy
Module 1 - The Internet of Things in NSW
For more information please contact us.
APRA has released a discussion paper on its new prudential standard on remuneration (CPS 511).
The standard will operate alongside and supplement the Banking Executive Accountability Regime (BEAR) requirements for Authorised Deposit-Taking Institutions (ADIs) and the future legislative equivalent for Registrable Superannuation Entity (RSE) licensees, life, general and health insurers. It will have far-reaching implications for variable remuneration structures across all APRA-regulated entities.
APRA has indicated it will mandate an expanded range of responsibilities in relation to the remuneration framework, so Boards and Remuneration Committees will need to take note and act.
What's being proposed?
In summary, the following is being proposed:
APRA is seeking submissions by 23 October 2019. A prudential practice guide and reporting and disclosure standards will be developed for consultation in early 2020.
CPS 511 is expected to commence on 1 July 2021, with a deferred commencement date for the private health insurance industry.
How this will impact APRA regulated entities
Regulated entities should review their existing remuneration frameworks so that any new arrangements and practices are consistent with the spirit and intent of the new standard once the final version is released.
As summarised above, the proposed CPS 511 APRA Prudential Standard CPS 511 Remuneration will require significant changes to remuneration arrangements across APRA-regulated entities, including:
This means that APRA-regulated entities will need to:
ADI entities need to consider CPS 511 in the context of the BEAR framework. Further, there are added complexities for RSE licensee, life, general and health insurer entities given that they are awaiting details of the BEAR equivalent to be legislated.
Accountability statements and the accountability map may require updating if responsibilities change as a result of implementing the new prudential standard.
How Centium can help
Centium can help regulated entities prepare by reviewing their existing remuneration frameworks to ensure they are consistent with the spirit and intent of the new standard once the final version is released. We can also help with the drafting / redrafting of accountability statements.
For more information, please contact Penny Corkill, Director. Penny is an experienced HR & OD professional and qualified internal auditor
There is an emerging importance of Smart City/Internet of Things (IoT) cyber security across local government.
Smart cities are comprised of a highly complex, interdependent network of devices, systems, platforms, and users. Smart energy, utilities, water and wastage, parking and automotive, industrial and manufacturing, building automation, e-government and telemedicine, surveillance and public safety are just some of the verticals that vendors and governments need to secure.
Councils too use IoT and Smart City initiatives to provide better services to their LGAs in areas such as Industrial Control Systems (ICS), water and sewer mechanisms (pumps, valves etc), road and asset condition tracking, sprinklers and lights, CCTVs, building management systems and the like. All these devices are internet enabled and hence susceptible to attack.
Smart cities are increasingly under attack by various threats. These include sophisticated cyberattacks on critical infrastructure (water and sewer), bringing industrial control systems (ICS) to a grinding halt, abusing low-power wide area networks (LPWAN) and device communication hijacking, system lockdown threats caused by ransomware, manipulation of sensor data to cause widespread panic (e.g., disaster detection systems) and compromising personally identifiable information (PII), among many others.
Councils need to ensure "security by design" when embarking upon any type of Smart City/IoT initiative.
In practical terms, this means:
For any further info, please contact us
Centium was recently engaged by a large NSW Government agency to assist with the review and re-calculation of their motor vehicle employee salary package reconciliations over the past two years. These vehicles are packaged on a business/private usage basis rather than as novated leases.
We found that:
Over 100 individual vehicle salary package reconciliations were performed resulting in an increase in employee payroll payments. Fortunately for the agency concerned, there was minimal requirement to recover overpaid moneys.
Agencies need to:
How we can help
Centium’s recent recommendations will enhance the efficiency and robustness of the agency’s reconciliation process in future. Accordingly, we can offer our services to provide advice, lend a “fresh set of eyes” and assist with undertaking motor vehicle and/or specialist taxation reconciliations.
For more information, please contact Penny Corkill, Director. Penny is an experienced HR & OD professional and qualified internal auditor.
From 1 July 2019 there are more stringent company requirements under new Commonwealth 'Whistleblower' legislation.
What are the issues?
Organisations are now developing and introducing their own Whistleblower policies to meet legislative requirements with many still 'finding their feet' preparing their policies, practices, training, communications, and record-keeping processes.
What does this mean for you?
There will be many practical issues to work through under the new legislative regime, particularly for organisations that previously did not have strong and defined disclosures policies and practices, but who will now be subject to much more stringent requirements for clear robust Whistleblower Policies and Protections from 1 January 2020.
How Centium Can Help
With Centium's current in-depth experience in advising organisations how to manage their Whistleblower disclosures, we are well positioned to provide detailed practical guidance across meeting the new legislative requirements.
This includes the opportunity for Centium to conduct an independent 'health check' of new Whistleblower policies being drafted, as well as supporting and training the much broader range of employees who may receive Disclosures and the strict confidentiality requirements about this.
Centium offers customized guidance and support for organizations across:
We at Centium can assist you in meeting your obligations under the new legislation, including reviewing your compliance readiness - please contact Roy Cottam Director, Ethical Conduct and Investigations
Community Participation Plans (CPPs) are now mandatory. They need to be prepared by Councils for their LGA to make it clearer and easier for members of the community to understand how they can participate in planning decisions.
They are intended to be high-level documents which describe how and when a planning authority, such as a Council, will engage with its community on the planning functions it performs. They need to explain to community members how they can have their say on planning decisions that could affect their future.
The requirement to give and publicly notify reasons for decisions came into effect on 1 July 2018. However, all applicable NSW planning authorities (e.g. Councils) will be required to have the final version of their CPP in place by 1 December 2019.
Local planning panels and Sydney district and regional planning panels are now required to give written reasons of their decisions and make them publicly available.
What They Need to Contain
At a minimum, CPPs must:
These are only the minimum requirements. Councils can go beyond these if they decide it is appropriate.
The form a CPP should take is not prescribed. It is up to Councils to decide the most appropriate approach.
For example, the CCP could be embedded in an existing Community Strategic Plan or Community Engagement Strategy. These are documents councils are already required to develop under the Local Government Act 1993.
Optionally, Councils could prepare a standalone CPP. Potentially, this could follow the example set and recommended by the Department’s own draft CPP.
However, a CPP CANNOT be embedded in a development control plan. Note that this is where councils have previously included public notification requirements for planning decisions.
CPPs are intended to be "high level". They needn't set out the specific engagement strategies or techniques for each type of planning proposal or project.
The Department of Planning & Environment has released some FAQs as well as webinar content to help local councils create and implement CPPs.
What Councils Need to Do
Time needs to be factored in for exhibition (minimum of 28 days) and local reporting cycles. Therefore, Councils should start acting now by:
How Centium Can Help
Centium can assist Councils in coming up with their first CPP. Our specialists have decades of experience in this area and can help uplift Councils' consultation practices as part of the CPP development process.
For more information you can contact us and also download the following files;
The Department of Planning and Environment Exhibition Draft October 2018
Our Clients
