On 2 October 2020, a publicly listed Brisbane company, TechnologyOne, was successfully sued in the Federal Court of Australia by its former Victorian Regional Manager (RM). The Court upheld the former employee’s unfair dismissal claim under the Fair Work Act and awarded him compensation of $5.2 million for his future economic loss, including foregone salary and share options. The orders made by the presiding Judge, Justice Kerr, also included penalties of $40,000 for the company and $7,000 for its Chairman.
Some of the company’s sales staff had made complaints about the former RM’s treatment of them. The RM had also made several complaints to the company alleging bullying by his managers. The company’s HR Manager recommended investigation of all these complaints, but her advice was not acted upon.
Although, at one point, the Chairman asked the company’s CEO if dismissing the Regional Manager, based on hearsay, was the “right thing to do”, the termination went ahead. The Court criticised and penalised the Chairman for his part in the decision-making process.
The Court’s decision emphasises that employees have a legally enforceable right to complain about alleged mistreatment or bullying, and that employers must take all complaints seriously and investigate them appropriately. Failure to do so is action contrary to the Fair Work Act and can result in substantial financial penalties and significant damage to organisational and/or personal reputations.
In this case, the facts indicate that a fair and independent investigation of the complaints made by and against the former RM would have led to better outcomes for all concerned. It is also possible that early intervention and alternative resolution strategies may have dealt with the conflicts that arose in the company’s Victorian Sales Team before they led to formal complaints.
How can Centium help?
Investigations
We have 10 highly qualified and very experienced workplace investigators. Our methodology ensures our investigations demonstrate procedural fairness. We treat all parties to matters with respect and our reports are clear, comprehensive and will withstand any test.
Advice
Our Ethical Conduct & Investigations team can assist with advice on how to deal with complaints either by investigation or alternative resolution strategies. We are always happy to provide free no-obligation advice on these matters.
To find out more about our Ethical Conduct & Investigations service, click here.
The Payment Card Industry Data Security Standard (PCI DSS) details security requirements for members, merchants and service providers that store, process or transmit cardholder data. It originally began as five different programs from five credit card schemes who all had similar intentions: To create an additional level of protection for consumers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data.
However, while the intentions were similar, the standards of the five schemes often conflicted. This created an unreasonable burden – and increased security risk – for merchants.
The Payment Card Industry Security Standards Council (PCI SSC) was formed as a neutral body to address conflicts among the credit card schemes in developing a single standard, releasing the PCI DSS in December 2004.
But that’s not where the trouble ended. Today, many merchants are still unclear about their responsibilities and requirements under PCI DSS, leaving them at an increased risk of being found non-compliant and facing hefty fines. Today, we’re clearing up the most common myths and misconceptions, so you can be sure your business is protecting your customers’ privacy and your financial health.
The big cost of non-compliance
Although the individual credit card schemes are now aligned under one standard, it is still common for merchants not to know what the policy actually states. There are many challenges or barriers that can inhibit correct understanding of the PCI DSS Standards, including:
If cardholder data is compromised and an organisation is found to be non-compliant (or has not completed a PCI DSS compliance assessment), they could face significant PCI compliance penalties. This could have a major effect on cash flow, financial health and/or reputational damage.
Even though it is the responsibility of issuers and acquirers (e.g. banks) to ensure all of their service providers, merchants and merchants’ service providers comply with the PCI DSS requirements, it is ultimately the merchants who wear the cost of non-compliance. While the payment brands may fine an acquiring bank for PCI compliance violations, the banks will most likely pass this fine along until it eventually hits the merchant and service providers.
While penalties are not openly discussed, they can be between $5,000 to $100,000 per month. An amount that can have serious, long-term effects on small to medium size businesses.
Beyond fines, there are a broad range of consequences associated with breaching the regulations, including:
It is the responsibility of every organisation to know their PCI DSS obligations, implement controls and assess PCI compliance annually.
The requirements of merchants and service providers under PCI DSS are determined by your ‘level’ which is set by your amount of annual transactions. To find out what level you fall under, visit this link.
Common Misconceptions about PCI DSS
Information overload, misinterpretations and misinformation are rife when it comes to the PCI DSS. Here, we’re laying out both the misconceptions and facts.
Misconception 1: Outsourcing card processing makes e-commerce merchants compliant
Fact: Outsourcing all processing of cardholder data may simplify the PCI compliance. However, it does not automatically provide compliance.
Merchants must ensure that all third parties handling storage, processing, and/or the transmission of cardholder data are PCI DSS compliant. Merchants must maintain and implement policies and procedures to manage service providers with whom cardholder data is shared, or that could affect the security of cardholder data.
There is a requirement to conduct an annual self-assessment against the applicable Self-Assessment Questionnaire (SAQ). The exception is Level 1 merchants that must undergo a full PCI Report on Compliance (RoC).
Misconception 2: We are a small merchant who only allows a handful of card types, so we do not need PCI
Fact: Merchants must be PCI complaint if they take non-cash payment through any of these five cards:
Misconception 3: PCI DSS is applicable for credit card data only
Fact: Any payment card, including credit, debit, prepaid, stored value, gift or chip, that shows the logo of one of the PCI Security Standards Council’s five founding payment brands, is required to be protected as prescribed by the PCI DSS.
Misconception 4: I can wait for PCI compliance until my acquirer/bank asks me to do it or until my business grows
Fact: The PCI DSS applies to all business sizes, and waiting could be costly. The penalty and compensation costs levied by the banks could be substantial, particularly if a business is compromised and found to be non-compliant. Businesses are responsible for making sure that they are aware of their PCI compliance obligations.
Misconception 5: We did not sign anything saying that we would be PCI compliant, so we do not need to be compliant
Fact: When a business opens a merchant account with an acquirer or bank, the agreement says that VISA / MasterCard / Other Regulations must be adhered to. As such, businesses are required to implement and regularly assess their PCI controls.
Misconception 6: PCI applies to bank account data too
Fact: PCI DSS applies to the protection of cardholder data (Primary Account Number (PAN), cardholder name, service code and expiration date) and sensitive authentication data (full track data from the magnetic stripe or equivalent data on the chip, CAV2/CVC2/CVV2/CID, and PIN/PIN block), from payment cards from any of the founding PCI payment.
Bank account data, such as branch identification numbers, bank account numbers, sort codes, routing numbers, etc., are not considered payment card data. As such, PCI DSS does not apply to this information.
However, if a bank account number is also a PAN or contains the PAN, then PCI DSS applies.
Misconception 7: PCI DSS does not apply to “hot cards,” expired, cancelled or invalid card account numbers
Fact: PCI DSS applies to any Primary Account Number (PAN), including active, expired, or cancelled PAN, except where the organisation can provide documentation which confirms that the PAN is inactive or otherwise disabled, and no longer poses a fraud risk to the payment system. However, if the PAN is later reactivated, PCI DSS again applies.
Misconception 8: PCI requires us to hire a Qualified Security Assessor (QSA)
Fact: Many merchants have complex IT environments, so they hire a QSA to undertake an on-site security assessment as required by PCI DSS. Engagement of a QSA also makes it easier to develop and get approval for compensating controls.
However, PCI DSS provides the option of doing an internal assessment with internal sign-off if the business’ acquirer and/or merchant bank agrees. In this context, mid-sized and smaller merchants may use a Self-Assessment Questionnaire (SAQ) to assess themselves. This is usually best done by an information security professional.
Misconception 9: You must be PCI compliant with most, not all, criteria
Fact: The pass mark for PCI is 100 per cent. If a business fails even one of the criteria, they are not PCI compliant. The logic is that failure to achieve even one of the requirements means that a business is failing to meet a basic standard for handling cardholder information.
Misconception 10: We have internal corporate credit cards used by employees for company purchases like travel or office supplies, so we do not come under the scope of PCI DSS
Fact: PCI DSS applies to any entity that stores, processes, or transmits cardholder data.
In those instances where a business holds cardholder data relating to their own corporate cards, there may still be a need to validate compliance. This is determined by each payment brand individually.
It is suggested that business contact applicable payment brands directly for more information.
Misconception 11: As per PCI DSS, quarterly vulnerability scans mean that we can perform vulnerability scans at any time during the quarter
Fact: The intent of “quarterly” vulnerability scans, as defined in PCI DSS Requirement 11.2, is to conduct them as close to three months apart as possible, to ensure vulnerabilities are identified and addressed in a timely manner. To meet this requirement, a business is required to complete their internal and external scans, and perform any required remediation, every three months.
Three months, or 90 days, is considered the maximum amount of time that should be allowed to pass between quarterly vulnerability scans. If unforeseen circumstances occur that impact a business’ ability to complete scheduled scans, every effort should be made to perform scans as soon as possible (e.g. within a day or two) of the scheduled scan date.
Where a business has advance notice of factors that may delay scans or impede their ability to address vulnerabilities (e.g. scheduled system downtime, or predefined no-change windows that prevent system updates), the entity should strive to schedule scans before the 90 day period is reached.
In the case of legitimate technical or documented business constraints, and where the business has sufficiently implemented other controls to mitigate the risk associated with not meeting the requirement, the business may use a Compensating Controls Worksheet to document how they have addressed the intent of Requirement 11.2.
Simplify PCI DSS with expert input and advice
While it’s not always easy to understand, it’s in every merchant’s best interest to remain PCI DSS compliant. The risks and costs of a mistake far outweigh the resources required for compliance.
The best way to avoid the above misconceptions and PCI fines and penalties, is to involve qualified PCI DSS professionals that can help your organisation to understand its PCI DSS obligations correctly and assist with cost-effective and optimal compliance.
Centium has extensive experience partnering with clients to achieve their PCI DSS compliance. As a leading cyber security audit firm, our QSA professionals will guide you in definition and reduction of your scope, support and implementation, as well as an assessment of your PCI environment in accordance with PCI DSS requirements.
For assistance with PCI DSS compliance or accessing a QSA, click here.
Mayoral elections must be held this month for Mayors elected in September 2018. While many incumbent Mayors will be re-elected, newly elected Mayors may face a steep learning curve. A one year term across 2020-21 will have its leadership challenges, including the runup to elections in September 2021. Council needs to ensure that elected members have the skills and expertise required to fulfil their roles, and independent expert advisors can provide them with neutral, high quality advice. Does your Mayor:
A Challenging Role
Mayors have an important role in leading the Council and the community to achieve outcomes for their local areas. They need skills and expertise in a range of fields in order to be effective:
About Centium
Centium’s expert advisors can support your Mayors with the challenges of their role. We have a highly skilled, experienced and multi-faceted team of local government, governance and compliance specialists who can provide newly elected Mayors with advice and support to achieve their agendas.
Our advisory service will be tailored to the needs and interests of your Mayor, we can provide you with a fixed quote or by the hour, and our experts can work remotely or travel to your Council:
Chris Wheeler
Expertise: Ethical conduct
Previous Experience: NSW Deputy Ombudsman
Elizabeth Wall
Expertise: Code of meeting practice
Previous Experience: Senior Manager Governance (various councils)
Sarah Artist
Expertise: Strategy and performance
Previous Experience: Local Government NSW and UTS Centre for Local Government
Simone Schwarz
Expertise: Community and communications
Previous Experience: Senior Manager Community (various councils)
For further information or to discuss your Mayor’s requirements please contact Sarah Artist – Manager Strategy and Engagement on 0409 830 283 or sarah.artist@centium.com.au
On 2 September 2020, the Civil and Administrative Tribunal of New South Wales (NCAT) affirmed a decision by Georges River Council to release a Report of a 2015 independent investigation report by IAB Services (IAB) concerning a Councillor’s alleged breaches of the former Hurstville City Council Code of Conduct.
The IAB Report found that a Councillor had breached the Hurstville City Council’s Code of Conduct. Hurstville City Council, however, found that the allegations were ‘not made out’.
NCAT found that Hurstville City Council did not have authority to make a finding that the allegations were ‘not made out’ and that Council's role in the process was to determine whether a sanction was to be imposed in relation to the findings.
Hurstville City Council went into administration early in 2016 and was soon afterwards amalgamated with Kogarah City Council to become Georges River Council.
In August 2019, Georges River Council received a Government Information Public Access (GIPA) application to release the IAB Report. Although the Councillor who was the subject of the Report objected, Georges River Council decided to release the Report, considering that the public interest in disclosing the information contained in the Report outweighed the public interest considerations against its disclosure.
The Councillor applied to NCAT for an order to set aside Georges River Council’s decision to release the IAB Report.
The NCAT decision in the matter included the following:
‘The IAB Report’s conclusion was that the Applicant committed multiple breaches of the Code of Conduct. I agree with the Respondent that the disclosure of information related to internal decision-making processes of the Council is consistent with the object of the GIPA Act to facilitate responsible and representative democratic government by opening government information to the public. This is even more so in the case of documents which relate to allegations of misconduct in public office. In my view, the weight to be given to this consideration in favour of the release of the IAB Report, far outweighs the identified considerations against disclosure.
It follows that, in my view, the correct and preferable decision is to release the IAB Report to the access applicant, subject to the redaction of information that identifies the complainant. This is the decision that was taken by the Respondent. Accordingly, the decision under review should be affirmed’.
It is important to note that NCAT was only affirming Georges River Council’s decision to release the IAB Report, and did not go to the content of the investigation itself.
The matter investigated in the IAB investigation was reported in the Sydney Morning Herald on 9 September 2020. To access the full NCAT decision
How Centium Can Help
Investigations
We are on current panels to provide high-quality investigation services to 100 councils throughout NSW.
Advice
Our expert team, which includes senior governance specialists, lawyers and former Deputy NSW Ombudsman Chris Wheeler, advises councils on dealing with code of conduct complaints.
Training
We have developed two eLearning Modules (Foundation and Refresher) based on the Model Code that educate and reinforce expected conduct and behaviour messages to councillors and staff in an accessible and enjoyable way.
We also conduct tailored Code of Conduct face to face training to councillors, members of Executive teams, and all other council staff. This training can be done in councils’ facilities or via online platforms such as Zoom or Microsoft Teams.
The Office of Local Government (OLG) has made amendments to the Model Code of Conduct for Local Councils in NSW (the Code) and the Procedures for the Administration of the Model Code of Conduct for Local Councils in NSW (the Procedures).
Both documents have been prescribed under the Local Government (General) Regulation 2005 and take effect immediately.
Centium has undertaken a detailed comparison between the 2018 and 2020 Model Code and Procedures – click here to review the amendments.
Summary of amendments to the Procedures
The Procedures have been amended in response to the decision by the Supreme Court in the matter of Cornish v Secretary, Department of Planning, Industry and Environment [2019] NSWSC 1134 (Cornish). In short, Cornish found that the only disciplinary power available to councils under the Local Government Act 1993 (the Act) for code of conduct breaches by councillors, was the power to censure councillors formally. This power did not extend to other measures such as directing participation in training, counselling, directing the person to apologise, and making the finding of inappropriate conduct public.
 | In the amended Procedures councils have the following options when taking disciplinary action against councillors for breaches of their codes of conduct under the new Procedures: 1. that a councillor be formally censured for the breach under section 440G of the Local Government Act 1993 (the Act), or 2. that a councillor be formally censured for a breach under section 440G and the matter referred to OLG for further disciplinary action under the misconduct provisions of the Act. |
 | The process for censuring councillors for breaches of the code of conduct has been significantly strengthened to ensure councillors are made publicly accountable to their electors for their conduct |
 | Councillors may seek to avoid public censure for breaches of the code of conduct by voluntarily agreeing to undergo training or counselling, to apologise for their conduct or to give undertakings not to repeat their conduct before the investigator finalises their report to the council. |
 | Investigators are required to consult with OLG before recommending the referral of matters to ensure the conduct in question is sufficiently serious to warrant disciplinary action for misconduct and that there is sufficient evidence of the breach to allow OLG to take further disciplinary action. |
 | Other amendments to the Procedures are to: 1. allow panels of conduct reviewers to be appointed without a resolution of the council, and 2. allow the referral of investigators' reports to OLG for action under the misconduct provisions of the Act where the council will not have a quorum to deal with the matter. |
Summary of amendments to the Model Code
Minor amendments have been made to the Model Code, mainly in relation to gifts and benefits in response to feedback from some councils.
 | The amendments to the gifts and benefits provisions: 1. lift the $50 cap on the value of gifts that may be accepted to $100 2. clarify that items with a value of $10 or less are not "gifts or benefits" for the purposes of the Model Code and do not need to be disclosed 3. clarify that benefits and facilities provided by councils (as opposed to third parties) to staff and councillors are not "gifts or benefits" for the purposes of the Model Code, and 4. remove the cap on the value of meals and refreshments that may be accepted by council officials in conjunction with the performance of their official duties. It is open to councils to retain the existing $50 cap or to impose another cap that is lower than $100. |
| Other amendments to the Model Code are to: 1. remove as a breach, failure to comply with a council resolution requiring action in relation to a code of conduct breach (because it is now redundant) 2. update the language used to describe the various heads of discrimination in clause 3.6 to reflect more contemporary standards 3. include in the definition of council committee and council committee members, members of audit, risk and improvement committees (ARICs) in anticipation of the commencement of the requirement for all councils to appoint an ARIC following the next local government elections. |
How Centium Can Help
Training
We have developed two eLearning Modules (Foundation and Refresher) based on the Model Code that educate and reinforce expected conduct and behaviour messages to staff in an accessible and enjoyable way. Our Modules are currently being revised to reflect the above amendments and will be available shortly. They will be available to councils who have purchased the current modules free of charge.
We also conduct tailored Code of Conduct face to face training to councillors, members of Executive teams, and all other council staff. This training can be done in councils’ facilities or via online platforms such as Zoom or Microsoft Teams.
Governance Framework Review
We assist councils to maintain and continually improve good governance by reviewing and providing recommendations for improvement on existing Governance Frameworks. This includes reviewing authority matrices, developing and revising policies and procedures, reviewing decision-making practices and documentation, developing and reviewing Fraud and Corruption Control Plans, and conducting Fraud and Corruption ‘Health Checks’.
Investigations
We are on current panels to provide high quality investigation services to 100 councils throughout NSW. Our expert team, which includes senior governance specialists, lawyers and former Deputy NSW Ombudsman Chris Wheeler, will continue to assist councils in dealing with code of conduct complaints under the amended regulation.
Major cyber attacks continue to impact businesses and their customers, with the May 2021 breach of the personal information of 4.5 million Indian Air passengers a case in point. Given the heavy reliance on IT and current working from home arrangements, the following questions are critical for every organisation’s planning, response and recovery:
An IT Incident Response Plan enables the timely, consistent, and appropriate response to suspected and confirmed security incidents, in order to protect information and assets and minimise harm to individuals / entities that may be affected by the incident.
Such plans are also intended to promote consistency in the way that an organisation prepares for and responds to a security incident, by documenting roles and responsibilities, risk assessment and escalation procedures, and notification requirements.
Learn more about IT Incident Response Plans and their benefits.
Like Business Continuity Plans, IT Incident Response Plans should also be regularly tested to ensure that all key stakeholders (usually within the IT team) understand exactly what to do, when to do it, and how take appropriate action.
Simulation testing also increases security situational awareness, facilitates team discussion regarding appropriate incident responses, and identifies gaps and issues in existing IT Incident Response Plans.
Centium has extensive experience partnering with clients to raise cyber security awareness, identify and manage cyber and IT risks, and build resilience. Our ISO 270001 Lead Auditors are highly skilled at translating technical concepts into practical plans and procedures.
We also have a proven track record facilitating scenario tests that enable organisations to quickly realise and address gaps in existing planning documents.
Our approach allows your staff to actively participate in facilitated scenarios and role plays, while we independently observe proceedings. At the end of the workshop, we will debrief with the team, and provide a report on our findings and opportunities for improvement.
For more information, please contact Scott Thomson, Director of Cyber & IT on 0412 562 797 or scott.thomson@centium.com.au.
Explore Centium's proven cyber security and resilience services for small and medium Government organisations.
In his COVID-19 message earlier this year, exiting NSW Ombudsman Michael Barnes stated that the rule of law, norms of reasoned decision-making, and respect for human rights do not become optional, even in times of crisis. In the current time when extraordinary measures are being taken by public authorities to keep us all safe, it is even more important to encourage people to come forward if they have knowledge of wrongdoing.
In its recent report on managing corrupt conduct during COVID-19, ICAC has also highlighted new corruption and fraud risks that are associated with periods of disruption and economic downturn. Some of these risks include:
The report also drew attention to the risks associated with working from home and recommended that agencies consider the following ways to address these risks.
 | Managers should make occasional telephone or video conference contact with their staff. Complete isolation from management and team norms can breed absenteeism and lapses in judgement |
 | Prohibit staff from allowing family members to use agency hardware and systems and ask staff to refrain from using their home printer for confidential agency documents |
 | Remind staff not to use social media to post photographs of their home office or work station |
 | Make a record of agency IT equipment and other valuables that staff have borrowed to use from home |
 | Establish protocols for using electronic signatures, especially if staff are used to papers forms and giving approval by applying a written signature |
Most public officials are acutely aware that the citizens of NSW are relying on their honesty and diligence in the current environment. In this challenging and constantly evolving environment, we all need to be live to corruption and fraud risks, and to know when and how to report wrongdoing.
You can encourage staff to report wrongdoing by reminding them of:
How Centium Can Help
Our expert team, which includes senior governance specialists, lawyers and former Deputy NSW Ombudsman Chris Wheeler, can review your internal reporting and complaint handling systems to ensure their compliance with legislation and best practice. We can also investigate current PIDs and analyse previously received PIDs to identify systemic issues that may require improvement and/or training opportunities for frontline staff and complaint recipients. We also provide an anonymous whistleblower service.
From: Freight & Trade Alliance (FTA) / Australian Peak Shippers (APSA) Association Weekly Report 2020/29
Centium is assisting (FTA)/APSA members to achieve business continuity in international trade in the Post-COVID 19 world.
Sustainable businesses need to anticipate and adapt to continuous change. This entails preparing for and being well placed to quickly recover from present and possible threats and disruption.
Recent events have shown that organisations must adapt to a world that has changed in ways and on a scale that we never could have earlier imagined. Businesses need to become more agile and find new ways of thinking and behaving so they can readily adapt to this dynamic environment.
Some food for thought:
 | Do you have systems and processes in place to recover all of your company equipment as staff start returning to the office (e.g. computers, monitors, laptops, etc.)? |
 | How are you maintaining contact with your staff to ensure that they are well and remain on-task? Ongoing isolation from the workplace could result in mistakes, lapses in productivity and absenteeism. |
 | How are you maintaining oversight over company purchasing, procurement, payroll expenses, payables, receivables, etc., if everybody is working from home? |
 | What lessons have you learned from the COVID-19 experience? How are you going to adapt to new ways of working that blend working from the "office" and home? |
 | If there was another major incident in six-twelve months' time, have you developed and documented a business continuity framework that factors in lessons learnt and ensures a rapid response? |
Don't let lack of planning and preparation cause you delays next time! Centium can help you to identify your risks and develop practical solutions to minimise costs to your business.
Centium has formed a strategic alliance with Freight & Trade Alliance (FTA) and the Australian Peak Shippers Association (APSA) to assist importers, exporters and international logistics providers in implementing best practice business operations, including business continuity.
Importantly, Centium’s support services ideally place businesses involved in global trade to obtain and / or and retain accreditation to the Australian Trusted Trader (ATT) program. Centium has developed a facilitated Self-Assessment Questionnaire (SAQ) that enables entities wishing to be accredited by the ABF to undertake a pre-accreditation.
We also provide business continuity, IT disaster recovery and cyber security services to a range of organisations.
In rebuilding our website we have reached out to and taken on board feedback from a wide variety of our clients, colleagues, stakeholders and staff about how to make the website more user friendly and easier to navigate.
We invite you to visit our new site and then also to regularly check back in to the Latest News section on the home page, which will be regularly updated with thought leadership and other insightful articles.
We also welcome your feedback as to how we can continually improve the site.
Council finances are under pressure, and income from rates is a vital component of a good revenue strategy to:
1. Economic impacts of Covid-19, droughts and bushfires
Councils have experienced a significant drop in revenue due to the economic impacts of Covid-19, and some are also still recovering from extraordinary circumstances due to drought and bushfires. Councils can plan to increase their rates for the next financial year in accordance with processes in their state associated with allowable increases.
2. Harmonisation across your rating structure
Benchmarking surrounding LGAs using comparative data may expose disparaties that Councils can address by adjusting the rating burden across their rating structures. Merged Councils may also be looking to rationalise the categories and subcategories across their areas.
3. Hardship provisions
Hardship provisions applied to Council rate collection can support vulnerable members of the community during difficult economic times.
Centium can:
Centium has extensive experience in assisting Councils with their revenue and rating strategy. Find out more here.
The Australian National Audit Office (ANAO) published an article on “Management of Conflicts of Interest in Procurement Activity and Grants Programs” in late June 2020. The article provides an insight into key messages from the ANAO performance audit about the management of conflicts of interest by Australian Government entities in relation to procurement activity and grants programs.
The report suggests that a conflict of interest occurs where a person’s personal interests, affiliations or relationship prejudices impact on their impartiality, or might be perceived by a reasonable person as potentially prejudicing their impartiality, or result in an incompatibility with the duties owed to the entity undertaking a procurement or administering grants.
The Australian Public Service (APS) Code of Conduct, the Public Services Act 1999, the Public Governance, Performance and Accountability Act 2013 (PGPA) Act, Public Governance, Performance and Accountability Rule 2014, the Commonwealth Grant Rules and Guidelines (CGRGs) and the Commonwealth Procurement Rules (CPRs) have provisions relating to conflicts of interest and require that persons must disclose details of any material personal interest.
Click here, for the complete article published by ANAO.
Centium has vast, hands-on expertise with regards to procurement and probity matters, especially in assisting agencies to manage conflicts of interest management.
Centium can provide:
We would be pleased to work with our existing and new clients to share our experiences and/or discuss specific issues relating to procurement, grants administration and/or conflict of interest management. For more information regarding our probity advisory services, please contract Howard Elliott, Director Probity & Procurement or Penny Corkill, Director Risk & Assurance.
Our Clients
