In Operation Ord and Operation Dunham, IBAC identified systemic failings that were exploited by the actions of a few individuals.
In Operation Ord, IBAC’s investigation focused on allegations that senior officials misappropriated funds from the Department’s budget, through false and inflated invoicing, and arranging payment of inappropriate expenses such as excessive hospitality, travel and personal items. These improper actions and behaviours were possible because of inadequate systems and controls and a culture that excused or ignored breaches of probity and process.
As with Operation Ord, Operation Dunham detailed a prevailing culture of non-compliance among some of the most senior Department officers, which contributed to misconduct, and hindered opportunities to expose and address misconduct.
Operation Dunham exposed improper action and behaviour by senior staff that corrupted the procurement process for a major IT project, the Ultranet. These included the receipt of gifts and travel; improper communications intended to influence the tender process; and a likely attempt to influence the tender evaluation outcome by ‘stacking’ an assessment team with like-minded colleagues.
The main findings of the two investigations were that the Department had:
• a culture of non-compliance, bullying and entitlement
• a lack of accountability, and lack of a culture of integrity in senior leadership
• inadequate controls around procurement
• inadequate governance of risk and major projects
• poor controls for financial management, in the Department and in schools
• incompatible financial systems
• inadequate auditing
The Department accepted IBAC’s recommendations in both special reports for Operation Ord and Operation Dunham.
The Integrity Reform Program (IRP) is the Department’s response to IBAC findings. It goes well beyond preventing corruption to embed a healthy, high-performing and ethical culture in the Department’s corporate workplaces and schools.
The IRP strengthens the three lines of defence. The first line of defence is staff, their environment, systems and culture. In other words, ‘functions that own and manage risk’. The second line oversees and supports the first line to manage risk. The third line is auditing: independent assurance of risk management.