Victoria's roads, railways, schools and hospitals form part of $265 billion of non-financial assets that government departments and agencies manage. These assets support the delivery of services that affect all Victorians, so it is important to manage them well. Having up-to-date knowledge of assets and their condition helps government agencies get the best value from their asset-related investments, make good decisions about when to acquire, renew or divest assets, be responsive to changes in demand or use, and provide better services.
Examples of the types and value of Victoria's public assets ($ billion)
Source: VAGO, based on the Treasurer of Victoria's 2017–18 Financial Report.
The Department of Treasury and Finance (DTF) released the Asset Management Accountability Framework (AMAF) in 2016 to replace Sustaining Our Assets, introduced in 2000. The AMAF aims to ensure that Victorian public sector agencies manage their assets efficiently and effectively.
Attestation—a signed statement in an agency's annual report from the head of the organisation to attest to compliance with the requirements of the standing directions under the Financial Management Act 1994.
DTF determined that to improve asset management, agencies need to be more accountable, and made this the core focus of the AMAF. The AMAF makes agency heads—such as government department secretaries—or governing boards accountable for applying the framework and its principles, and for complying with its mandatory requirements.
Secretaries must attest to compliance with the AMAF in their annual reports. The departments' audit committees also have important responsibilities to review departmental compliance assessments and attestations. DTF is the policy owner and is responsible for supporting the AMAF and advising government on compliance across the public sector.
The AMAF sets 41 mandatory requirements that agencies must comply with, but allows flexibility in how they do this based on their operating environment and the criticality and complexity of their assets. The requirements span a range of activities including resourcing, governance, risk management, performance monitoring and information management.
An asset's criticality refers to its importance to delivering services, measured by the consequences if the asset fails or is otherwise incapable of providing the service.
The requirement to apply the AMAF is one of the standing directions made under the Financial Management Act 1994. The Standing Directions of the Minister for Finance 2016 (the standing directions) was the version in place at the time of the 2018 attestation. Agencies must attest to compliance with all standing directions and related instructions in their annual report and disclose any significant issues (material compliance deficiencies) that are likely to impact the agency's or the state's reputation, financial position or financial management. An agency only attests publicly whether it has any significant or material deficiencies—it does not need to attest to non-material deficiencies. If an agency has nothing material to disclose, it must attest that it complies with the standing directions.
A material compliance deficiency is a compliance deficiency that a reasonable person would consider has a material impact on the agency or the state's reputation, financial position or service delivery.
Departments made their first public attestation of compliance with the AMAF at 30 June 2018, in their 2017–18 annual reports. This first audit of compliance with the AMAF focused on how the government departments applied and assured compliance with the framework. As leaders among government agencies, we expect departments to be exemplars in applying government policies.
As the AMAF is new, DTF did not expect departments to fully comply with all 41 mandatory requirements by the time of the 2018 attestation. Our discussions with departments at that time identified that they were still implementing the AMAF. Recognising this, we did not audit compliance with each mandatory requirement. Instead, we audited the approaches departments took to apply the AMAF and provide assurance about the levels of compliance they achieved.
This audit's objective was to determine the reliability of departments' attestations of compliance with the AMAF. The audit included all seven departments in place at the time of the attestation:
- Department of Economic Development, Jobs, Transport and Resources (DEDJTR), which split on 1 January 2019 into the Department of Jobs, Precincts and Regions (DJPR) and the Department of Transport (DoT)
- Department of Education and Training (DET)
- Department of Environment, Land, Water and Planning (DELWP)
- Department of Health and Human Services (DHHS)
- Department of Justice and Regulation (DJR), now renamed as the Department of Justice and Community Safety (DJCS)
- Department of Premier and Cabinet (DPC)
- Department of Treasury and Finance (DTF).
Five departments use reliable approaches to determine the extent to which they comply with the AMAF's mandatory requirements. For the other two departments, their approaches are not detailed enough for them to assess whether they comply given the criticality, complexity and risks of their assets.
DEDJTR and DET demonstrated better practice in how they planned to implement the AMAF and assure compliance. This stems from the active involvement of their senior leaders, who have considered the criticality, risk and complexity of their assets, overseen implementation across the whole of their departments and, most importantly, are motivated to improve asset management as they understand its value to the success of their service delivery.
The remaining departments limited their whole-of-department asset management efforts to addressing compliance gaps ahead of the 2018 attestation. Many find it challenging to understand how best to implement the AMAF and what the right approach looks like. The better practices of DEDJTR and DET provide a good opportunity for them to learn from their peers, and some are already planning further action.
The standing directions guidance allows agencies to focus their compliance efforts on areas they identify as being higher risk, to reduce any unnecessary compliance burden. However, departments and their audit committees cannot readily show how they apply risk-based approaches to their compliance-related activities.
The wording that DTF requires agencies to use in attesting to compliance with the standing directions means that departments' attestations do not accurately reveal how well they are complying with the AMAF. This is because departments must attest that they 'comply' with all aspects of the standing directions collectively, unless they are aware of a 'material deficiency'.
Although DTF has helped the departments to apply the AMAF, there are still inconsistencies in the way departments interpret the AMAF's requirements and their accountability and compliance responsibilities.
AMAF implementation is at an early stage and all departments need to sustain their initial focus and address their asset management improvement needs. This will help departments to make better investment decisions and get more from the assets they need to deliver services over the asset lifecycle.
Applying the AMAF
AMAF implementation approaches
The benefits of a whole-of-department approach to implementing the AMAF include building a consolidated picture of a department's asset management strengths and weaknesses, which helps prioritise and direct effort and monitor progress across the department.
In the lead up to the 2018 attestation, one department—DEDJTR—approached the AMAF as an opportunity to improve the way it managed its assets. DEDJTR planned holistically for what it needed to improve to meet the AMAF's aims and principles. It also assessed whether it had the asset management capability and culture needed to support improvement. DJPR and DoT each adopted this implementation approach when they formed.
DET already had a plan in place to improve its asset management that pre-dated the AMAF.
Of the remaining departments, DHHS did not have a whole-of-department approach to implementing the AMAF. The other departments' implementation approaches focused on filling key gaps in policies and procedures against the mandatory requirements, rather than planning what they needed to embed these policies and procedures as 'business as usual' asset management practices.
An asset class refers to a group of assets that have similar physical and service characteristics. For example, public housing and public prisons are asset classes.
Half of the AMAF's 41 mandatory requirements relate to leadership. We found that senior leaders—deputy secretaries—in three departments were actively involved in driving the AMAF implementation and in overseeing progress and compliance at a whole-of-department or significant asset class level. For example, they led departmental asset management steering committees or provided specific feedback on key asset management documents. These departments had better implementation and compliance assurance approaches than other departments.
All departments have increased focus on asset management because of the AMAF. Actions have included updating policies and procedures, conducting asset stocktakes, creating new asset management positions and improving asset management capability. Since the 2018 attestation, all but one of the departments with a whole-of-department approach to implementing the AMAF have improved their approaches, for example, by revising their implementation plans, governance arrangements or asset management plans.
A whole-of-department asset management plan describes the asset management policy and strategy and outlines the system of policies and procedures that guides asset management across the department.
The plan may comprise one document for departments with simple assets or several whole-of-department documents for those with more complex assets.
Whole-of-department asset management plans
In the lead up to the 2018 attestation, five departments introduced a whole-of-department asset management plan. DET had one before the introduction of the AMAF.
DEDJTR developed its plan to a level that addressed the mandatory requirements relevant to a whole-of-department plan. It included enough information to guide consistent asset management across its asset classes, appropriate to the department's size and the complexity of its asset portfolio.
The strengths of DEDJTR's plan are that it:
- communicates and establishes a shared understanding about the purpose, direction and expectations for asset management across different asset classes
- drives the department to improve capability and change practices in response to identified needs
- highlights the roles of senior leaders in asset management.
DHHS did not have a whole-of-department plan, but developed individual plans for its significant asset classes. It has missed the opportunity to direct and coordinate asset management activities across its different asset classes to achieve its whole-of-department objectives.
The AMAF describes an asset management system as a set of interrelated elements that establish an organisation's asset management policies, objectives, and processes to achieve those objectives.
We identified opportunities for the other departments to improve their plans. Common weaknesses include providing insufficient detail on asset-related risk management and the asset management strategy, or inadequate references to the key policies and procedures that comprise an asset management system.
Departments' 2018 attestations
All departments attested to compliance with the AMAF in their 2017–18 annual reports as part of their attestation of financial management compliance. Two of the seven departments identified material compliance deficiencies related to the AMAF. Although these attestations alert Parliament and the community to the most significant or material compliance deficiencies, several issues reduce their value:
- The attestations do not give a true indication of the level of compliance with the AMAF, because the standing directions require agencies with no material deficiencies to describe themselves as 'compliant' even if they have non-material deficiencies, as all departments did.
- The standing directions require agencies to assess compliance with the AMAF's mandatory requirements, but do not require agencies to use the assessment to inform the attestation. This risks some agencies overlooking potential material deficiencies.
- Not all agencies that disclosed a material deficiency provided information on the asset class to which the deficiency related or why it was considered material.
Departments' checks on compliance
Departmental arrangements for overseeing compliance are sound, but can improve. Approaches commonly include establishing a steering committee or reference group to oversee the AMAF's implementation and using the corporate finance group to coordinate compliance assessment across a department. In departments with the most reliable assurance approaches, senior leaders are involved in the steering committee and in endorsing compliance assessments. Senior leaders have authority to drive reliable and accurate processes and are directly accountable for progress and outcomes.
The standing directions cover 50 financial management topics and include 458 financial management obligations, of which the AMAF is one. Not all obligations apply to every department. Most departments used their existing arrangements for other financial management requirements to assure compliance with the new AMAF requirements. Internal audits of these arrangements identify that they are sound, but we found room for departments to improve the way they apply their arrangements to assure compliance with the AMAF.
Departments should take a risk-based approach to assure compliance across asset classes and to guide the level of evidence needed to do this. They are not doing this or, if they are, they have not documented and communicated their approaches. Some departments considered risk in deciding whether to assess compliance at a whole-of-department level or individually for significant asset classes, but none transparently took a risk-based approach to determine the levels of evidence or frequency of compliance assessments needed across their asset classes.
Two other issues resulted in some departments overstating their levels of compliance:
- There was inadequate evidence or incorrect identification of whether a requirement does or does not apply. For example, most departments consider they comply with the AMAF's requirements where they have evidence that a necessary process exists, without having evidence of how they applied the process.
- There was insufficient verification—only two departments verified their compliance assessments, and both found inaccuracies.
Departments need to better support their staff to make accurate and consistent assessments—for example, through providing templates, guidance and training as needed.
Audit committees' checks on compliance
Each department's audit committee needs to satisfy itself with the veracity of the department's recommended attestation of compliance with the AMAF before the Secretary approves it for the annual report. The committee also needs to review the department's annual assessment of compliance, and review and monitor the department's actions to address any compliance deficiencies. The standing directions encourage committees to take a risk- and evidence-based approach to their review activities.
The seven audit committees all received reports on the AMAF prior to reviewing the 2018 attestations. Audit committees followed one of two different approaches to review the departmental compliance assessment and satisfy themselves about the attestation:
- three audit committees considered whether they needed to check evidence of compliance to do this—the two that decided they needed to, then did so
- the remaining audit committees relied on departmental advice about compliance, the fact that senior managers in the department had endorsed the attestation, and the positive results from internal audits of their financial management compliance processes.
While DEDJTR's audit committee had documented many elements of its approach, none of the audit committees clearly documented how their strategies for reviewing the AMAF compliance assessment and attestation aligned with their asset-related risks. The committees did not record what they reviewed to satisfy themselves about the level of compliance reached or the compliance attestation.
An audit committee's responsibilities span a broad range of departmental risk and financial management activities, including reviewing compliance with the standing directions. This gives committees every reason to take a risk-based approach, but they need to be transparent about the approach they take.
Four audit committees received no information prior to the attestation about the requirements that were rated 'compliant', such as the compliance rating against each mandatory requirement or a description of the evidence substantiating those rated 'compliant'. Instead, the focus of the information they received was on compliance deficiencies. Three committees did not receive a rationale for why the departments determined their deficiencies were not material.
Supporting implementation and compliance
DTF has fulfilled its responsibilities under the AMAF to support the AMAF's implementation. This includes running regular asset management working group meetings for department representatives and producing the Asset Management Accountability Framework Implementation Guidance (the AMAF implementation guidance) in March 2017. DTF has also provided further guidance on specific issues, such as applying the AMAF to intangible assets and determining the materiality of compliance deficiencies.
This audit and DTF's 2018 review of the AMAF's implementation progress found gaps and inconsistencies in how departments interpret and apply the AMAF requirements and the standing directions. While departments remain accountable for applying the AMAF, DTF can provide more support and clarity on these issues. This includes clarifying:
- the relative importance of improving asset management compared to complying with the mandatory requirements
- the need to assess compliance against all 41 mandatory requirements and whether or when agencies are expected to fully comply with the mandatory requirements
- how departments can apply risk-based approaches to assessing compliance with the AMAF
- how agencies should approach the 2020–21 maturity self-assessments
- how it defines the concepts of attestation, compliance, compliance deficiency and material deficiency in the AMAF and the standing directions
- that the attestation only identifies agencies with any material compliance deficiency and does not identify whether agencies are compliant.
Based on the results of this audit, we consider it would be beneficial for DTF to conduct an evidence-based evaluation of the effectiveness of the AMAF after a further period of implementation. An evaluation would determine whether the AMAF is driving stronger leadership and improved asset management, and whether it is achieving its intended outcomes.
DTF's guidance for the standing directions identifies that DTF will oversee the standing directions from 2016–17. DTF has some arrangements in place to do this. One arrangement involves requesting annual summaries from departments about financial management compliance in the department and its portfolio agencies. Inconsistencies in how departments report against these requests limit the value the summaries provide as an oversight mechanism.
We recommend that all departments:
1. assign responsibilities for applying the Asset Management Accountability Framework, improving asset management and assessing compliance to senior leaders in charge of assets (see Sections 2.4 and 3.3)
2. ensure that their Asset Management Accountability Framework implementation focuses on improving asset management practices in addition to delivering remedial actions and achieving compliance (see Section 2.2)
3. adopt and document a risk- and evidence-based approach to assuring compliance with the Asset Management Accountability Framework (see Section 3.3)
4. improve the accuracy of their compliance assessments by ensuring they have appropriate evidence to substantiate compliance and by documenting their rationale for whether or not material compliance deficiencies exist (see Section 3.3).
We recommend that the Department of Environment, Land, Water and Planning and the Department of Justice and Community Safety:
5. assess compliance with the Asset Management Accountability Framework's mandatory requirements separately for each asset class that they identify as having higher significance, criticality, risk or complexity (see Section 3.3).
We recommend that the audit committees of all departments:
6. demonstrate that they are fulfilling their independent review responsibilities under the standing directions by:
- adopting and recording a risk- and evidence-based approach to their Asset Management Accountability Framework review and monitoring responsibilities
- recording the information they rely on to review compliance and how they satisfy themselves with the departmental Asset Management Accountability Framework compliance attestations (see Section 3.4).
We recommend that the Department of Treasury and Finance:
7. review and communicate the purpose of the attestation and ensure any reference to compliance in the wording it requires agencies to use for their attestations aligns with the definition of compliance under the standing directions (see Sections 3.2 and 4.2)
8. support consistent interpretation of the Asset Management Accountability Framework and its requirements by:
- revising the Asset Management Accountability Framework and its implementation guidance and the standing directions guidance to clarify interpretation issues, including those related to:
- the purpose and value of the Asset Management Accountability Framework for improving asset management practices
- the number of mandatory Asset Management Accountability Framework requirements that must be assessed for compliance
- expectations about achieving full compliance with the Asset Management Accountability Framework and how compliance relates to asset management maturity
- how agencies can apply a risk-based approach to their Asset Management Accountability Framework compliance assurance activities
- clarifying and reinforcing audit committees' responsibilities under the Asset Management Accountability Framework and the standing directions to review the annual compliance assessment, the materiality of any compliance deficiencies and the compliance attestation
- providing additional guidance on the maturity assessment well ahead of the 2020–21 deadline, including an optional template for the assessment (see Sections 4.2 and 4.3)
9. work with senior leaders across public sector agencies to reinforce the intent, benefits and accountability requirements of the Asset Management Accountability Framework and target the sharing of good practices with individual agencies to build their understanding of ways to improve asset management and apply risk- and evidence-based approaches to fulfilling their responsibilities (see Sections 2.2, 2.4 and 3.3)
10. identify measures of success for the Asset Management Accountability Framework and, after the 2020–21 attestation, using these to evaluate the framework's effectiveness across the public sector, including the use of compliance and maturity assessments (see Section 4.2)
11. evaluate the effectiveness of the standing directions in improving financial management practices and compliance, and ensure the whole-of-government information it collates on compliance with the standing directions for reporting to the Assistant Treasurer on Asset Management Accountability Framework compliance risks and improvement needs is comparable across agencies and provides the value intended (see Section 4.3).
Responses to recommendations
We consulted with all departments and considered their views when reaching our audit conclusions. As required by section 16(3) of the Audit Act 1994, we gave a draft copy of this report to them and asked for their submissions or comments.
All departments have accepted the recommendations from this audit and have planned actions to address them. The full responses are included in Appendix A.