Personnel Security: Due Diligence over Public Service Employees

Tabled: 21 May 2020

2 VPS employee screening

Employment screening is a critical part of personnel security because it helps to ensure that candidates are suitable for VPS roles.

In this Part, we examine all audited agencies’ employment screening policies and procedures, and how DHHS, DPC and DTF implement them.

We also examine if audited agencies are managing COI risks during recruitment.

2.1 Conclusion

All audited agencies have employment screening policies and procedures that minimise the risk of recruiting external candidates who would be unsuitable VPS employees. However, the agencies do not apply this same rigor to candidates who are existing VPS employees. In particular, agencies are not undertaking and/or documenting reference checks for these candidates.

We also found that agencies do not sufficiently focus on identifying and managing COI during recruitment, with panel members not routinely declaring and managing any conflicts prior to interviewing candidates.

These gaps increase the risk of hiring unsuitable candidates and exposes the VPS to fraud and corruption.

VPSC’s VPS-wide pre-employment screening policy is a positive step towards a consistent, better-practice approach. However, it does not cover all employment screening activities detailed in the Standard and it does not provide clear instruction for agencies on all aspects of employment screening.

2.2 Employment screening policies and procedures

Police checks

Policies, procedures and guidance

All audited agencies recognise that police checks, including identity checks, are a key component of employment screening. Agencies can use a third-party provider to conduct police checks or seek accreditation with the Australian Criminal Intelligence Commission to conduct police checks themselves.

Figure 2A summarises the policies, procedures and guidance on police checks for each agency against the Standard’s key recommended elements.

Figure 2A
Policies, procedures and guidance on police checks

Key recommended elements from the Standard

DELWP

DET

DHHS

DJCS

DJPR

DoT

DPC

DTF

VPSC

General information

Authorised body conducts police checks

Third-party

DET

DHHS

DJCS and VicPol

Third-party

Third-party

Third-party

Third-party

Third-party

Consent obtained from candidate prior to police check

Who requires a police check?

External candidates

(a)

(b)

Internal candidates

(c)

Partial(d)

Partial(d)

International candidates(h)

Partial(e)

Partial(e)

Timing of police checks

Complete check before start date(f,g)

Periodic police checks throughout employment

Partial(d)

Partial(d)

(a) For engagements longer than six weeks.
(b) For staff engaged longer than eight weeks and for executive officers engaged for longer than six months.
(c) Mandatory for specific high-risk roles only, such as prison employees.
(d) Not mandatory but may be requested by hiring manager or required for some roles.
(e) Checks done but not documented in policy/procedure.
(f) Except for international police checks.
(g) The Standard recommends completing checks before offer of employment (not the start date) and recognises this is preferable but not always possible.
(h) Police check completed for candidates who have resided overseas for a substantial period of time.
Source: VAGO.

Using third-party providers for police checks

All agencies, except DTF, use the same third-party provider to conduct police checks. Each agency has individual contracts with varying conditions and rates.

Adopting a risk-based approach

The Standard recommends that agencies base employment screening on the level of risk associated with the role. High-risk roles require more extensive screening. This applies equally to external and internal candidates.

However, as shown in Figure 2A, only DET and DJCS’s recruitment policies specifically state that police checks should be conducted for internal candidates. This means that an employee may have a police check at the start of their employment then never have one again, regardless of the time they have worked in the VPS or the various positions they may hold. During the employee’s career, there may be some changes to their criminal history that may result in them being unsuitable for their current role.

DJCS’s policy states that it does not accept previously completed police check certificates from other agencies. This is appropriate, because police certificates are only valid for six months and DJCS has high-risk roles, such as prison officers, that require more detailed checks.

The Standard also recommends that agencies take a risk-based approach by periodically screening employees. This includes conducting periodic police checks throughout a staff member’s employment. We found that no audited agencies are currently doing this.

Keeping records of police checks

VPSC refers to the PROV standard titled Retention and Disposal Authority for Records of Common Administrative Functions, which authorises the disposal of police checks. The PROV standard outlines that police checks may be destroyed six months after they recruit a new employee. PROV provided advice to VAGO that like all disposal actions in their Standards, the six-month time frame is a minimum requirement, meaning that agencies can choose to destroy police check records any time after this period.

We found that agencies have inconsistent practices for disposing of police check records. For example:

  • DET, DHHS and DJCS destroy police check records after three months for roles that are not direct client services
  • DELWP, DJPR, DOT and VPSC’s internal procedures do not specify when to dispose of police check records.

The Australian Criminal Intelligence Commission (ACIC) has accredited DHHS, DET and DJCS to conduct their own police checks. While their practice of destroying police check records after three months complies with the ACIC’s requirements, it is not consistent with the PROV standard. VPSC has agreed to consult with PROV and update their guidelines to provide clear instructions for agencies.

Compliance with police checks at DHHS, DPC and DTF

We examined DHHS, DPC and DTF’s recruitment files and payroll data to determine if these departments complete police checks for new employees in line with their policies and procedures. As shown in Figure 2B, DHHS did so for all new employees, while DPC and DTF did so for the vast majority.

Figure 2B
Police checks for new employees, 1 July 2017 to 30 June 2019

Figure 2B Police checks for new employees, 1 July 2017 to 30 June 2019

Note: Incomplete police checks include those where the selection report or other records did not provide a reason for not requiring a police check.
Note: Analysis of DHHS data included all new employees. DPC and DTF analysis was based on a random sample. See Appendix B Data analysis methodology for details.
Source: VAGO.

Timing of police checks at DHHS, DPC and DET

Completing a police check before a new employee starts ensures that an agency knows the employee’s criminal history before they can access information and resources, and potentially service vulnerable clients. This minimises the agency’s exposure to financial, information and reputational risks, as well as any risks to client safety.

Figure 2C summarises the percentage of police checks completed before an employee's start date at DHHS, DPC and DTF.

Figure 2C
Police checks completed before employee start dates

Figure 2C Police checks completed before employee start dates

Note: Testing period was 1 July 2017 to 30 June 2019. See Appendix B Data analysis methodology for details.
Source: VAGO.

DHHS’s high rate reflects its strong policy and procedural controls. For example, DHHS will not put new employees on the payroll system if they do not have a police check date and receipt number. This is appropriate given that many DHHS jobs are high-risk, such as roles in child protection.

DPC’s results reflect its recruitment policy and procedures, which do not specify that police checks should occur before new employees start.

While this may be appropriate for low-risk roles, it is not consistent with the Standard and should only occur if there is a valid exception. However, DPC has a new draft policy that requires police checks to begin before it sends offers of employment, which should address this issue.

DTF’s policy states that new employees should finalise their police check prior to their start date. However, as shown in Figure 2C, this is often not occurring.

Reference checks

Reference checks allow agencies to confirm the accuracy of a candidate’s employment history and identify any issues with their previous conduct. They also help hiring managers better understand and assess a candidate’s suitability.

Figure 2D summarises the audited agencies’ reference check policies and procedures. All agencies have reference checks as part of their employment screening requirements, although requirements for internal candidates are not always clearly stated. This means that hiring managers may not be aware of an existing employee’s performance and suitability for a role.

Figure 2D
Policies and procedures on reference checks

 

DELWP

DET

DHHS

DJCS

DJPR

DoT

DPC

DTF

VPSC

General information

Reference checks required

At least one referee is a current or recent direct manager/supervisor

Partial(a)

Partial(a)

Partial(b)

Partial(a)

Agency may contact non-nominated referees (with the candidate’s consent)

Not stated(c)

Not stated(c)

Not stated(c)

Reference check template includes a specific question/s on conduct issues

Partial(d)

Partial(d)

Partial(d)

Number of reference checks required

External candidates

2

Not stated(c)

2

2

2(a)

2(a)

2

2

2

Internal candidates

Not stated(c)

Not stated(c)

2

2

2(a)

2(a)

Not stated(c)

1

1–2(e)

(a) Documented in the reference check template or guide, but not in a policy/procedure.
(b) Preferred but not mandatory.
(c) Not documented in employment screening policy/procedure or recruitment and selection policy/procedure.
(d) No specific question on conduct issues but includes questions on professionalism or if the referee would employ them again and why.
(e) At the discretion of VPSC. Depends on how long candidate has been working at VPSC.
Source: VAGO. 

Compliance with reference checks at DHHS, DPC and DTF

We examined a sample of recruitment records at DHHS, DPC and DTF to determine if they complete reference checks in line with their policies and procedures.

We found that overall there is poor compliance with reference checks, as shown in Figure 2E.

Figure 2E
Completion of reference checks, 1 July 2017 to 30 June 2019

Figure 2E Completion of reference checks, 1 July 2017 to 30 June 2019

Note: Reference checks that were marked as complete in the selection report but had no evidence attached were considered incomplete.
Note: See Appendix B Data analysis methodology for details.
Source: VAGO. 

The low compliance rate in Figure 2E is likely caused in part by the poor record keeping practices we found for reference checks at all three agencies:

  • DPC relies on hiring managers to store copies of reference checks, but it does not provide instructions on how to do this.
  • DTF’s reference check template instructs hiring managers to attach reference checks to the selection report. However, this is not occurring, and the new version of the template does not include this prompt.
  • DHHS also instructs hiring managers to attach reference checks to the selection report. While DHHS’s regional divisions complied with this requirement in 94 per cent of our sample files, the central division only complied 7 per cent of the time.

This means reference checks cannot always be found, which is a problem if a candidate challenges a recruitment decision, or if questions arise about an employee’s suitability. It is also likely that at least some of these hires occurred in the absence of reference checks, which misses a vital opportunity in the recruitment process to not only ensure the best candidate is hired but also avoid introducing security risks into the agency.

Role-specific checks

Qualification, accreditation and professional membership checks

Qualification, accreditation and professional membership checks help hiring managers determine if a candidate has the appropriate knowledge and skills to perform a role. We found inconsistent practices across the agencies for these checks. DTF and DELWP did not have a process in place at all, which increases the risk of hiring unqualified staff.

Figure 2F summarises the agencies’ policies and procedures for conducting qualification, accreditation or professional membership checks.

Figure 2F
Policies and procedures for checking qualifications/accreditations/professional membership

Policy requirement

DELWP

DET

DHHS

DJCS

DJPR

DoT

DPC

DTF

VPSC

Requires qualifications check

Partial(a)

(b)

(b)

(b)

(b)

(b)

(b)

(b)

Requires accreditations/ professional membership check

(c)

(b)

Partial(d)

(b)

(b)

(b)

N/A(e)

Requires candidate to provide proof of qualifications/ accreditations/ professional membership

(c)

Verifies qualifications/ accreditations/ professional membership by contacting issuing body

(c)

(f)

Partial(d)

(a) May be required for mandatory qualifications/accreditations/professional memberships.
(b) Required for mandatory qualifications/accreditations/professional memberships only.
(c) Agency advised is done in practice, but not documented in employment screening policy/procedure or recruitment and selection policy/procedure.
(d) Required or conducted but not documented in employment screening policy/procedure or recruitment and selection policy/procedure.
(e) Does not have roles with mandatory professional accreditations/registrations/memberships.
(f) Risk-based; only if there are concerns about the qualification.
Source: VAGO. 

Working with Children Checks

The Working with Children Act 2005 aims to prevent harm to children by ensuring appropriate checks of people who work or volunteer with children. A WWCC involves checking a person’s:

  • criminal history relating to serious sexual, violent and drug offences
  • professional conduct, by checking with registration schemes and panels.

Unlike a police check, a WWCC provides certification of suitability to work with children. It is valid for five years. The WWCC unit at DJCS continuously monitors the status of everyone with a WWCC and notifies employers if they identify any relevant updates or changes to an individual’s criminal history.

The WWCC process involves the following steps:

  • Employees must provide a WWCC receipt number before starting work, as evidence they have applied for a WWCC.
  • Employees must list all organisations they currently work or volunteer for on their WWCC application.
  • Organisations must keep records of the original receipt number and the final assessment notice.
  • Employees must apply for a new WWCC before their current check expires.

We reviewed policies and procedures for audited agencies that have employees who work with children, summarised in Figure 2G.

Figure 2G
WWCC procedures

 

DELWP

DET

DHHS

DJCS

DJPR

Requires current WWCC prior to beginning roles that involve child-related work

Partial(a)

Requests employees to register the agency as their employer with the WWCC unit

Requests employees to register the agency as their employer with the WWCC unit

(a) Required but not documented in employment screening policy/procedure or recruitment and selection policy/procedure.
Source: VAGO. 

Agencies with many employees in child-related work have thorough policies and procedures. We did not see the same strong processes at agencies with small numbers of child-related roles. This is concerning given the potentially serious consequences of unsuitable employees working with children.

We examined DHHS’s processes in more detail and found strong controls to ensure that, where necessary, staff complete or renew WWCCs prior to working with children. DHHS:

  • records WWCC details on its payroll system and employment cannot progress without this information
  • has a dedicated safety screening coordinator, who monitors the status of all WWCCs and conducts monthly compliance reporting.

Eligibility to work checks

Right to work in Australia

All candidates applying for a role in the VPS must be an Australian citizen, permanent resident, or hold a valid work permit or visa. Candidates must declare their right to work in Australia in their application.

Agencies collect a preferred candidate’s proof that they are able to work in Australia as part of the identity and police checks. When a candidate is not an Australian or New Zealand citizen, all agencies, except for DJPR and DTF, have clearly documented procedures to verify visa status through the Australian Department of Home Affairs’ Visa Entitlement Verification Online system. DJPR and DTF do not specify this requirement in their recruitment processing, which increases the risk it will not be done.

Voluntary Departure Package

Victorian public sector agencies can offer a voluntary departure package (VDP) to employees when they require large-scale structural change or employee reductions. Employees who accept this agree to a three-year restriction on re employment in the Victorian public sector.

All candidates applying for a role in the VPS must declare if they have received a VDP in the past three years.

There is currently no WoVG register or checking mechanism for agencies to confirm whether candidates’ attestations on VPDs are correct. Agencies rely on the candidate to accurately disclose this in their application. If fully implemented, the VPS-wide HCM system will help to address this issue by maintaining a single record of a candidate’s past VPS employment.

Instruction and training for hiring managers

Many hiring managers do not routinely engage in recruitment. Agencies must provide detailed, consistent instructions and, where necessary, more formal training to ensure that hiring managers follow the recruitment process, including employment screening.

We found that all agencies provide sufficient instructions online, or in guidance material, to prompt hiring managers to conduct employment screening and reference checks in line with the agency’s policy.

DET, DJCS, DJPR and DPC provide formal recruitment training that includes reference checks. However, only DJPR’s formal training educates hiring managers on employment screening, a critical step in the recruitment process.

All agencies rely on their human resource teams to provide instruction and advice as needed to hiring managers during the recruitment process.  

Only DPC provides guidance to its employees on providing a reference for current or past employees. Although it is not a requirement under the Standard, this signals DPC’s expectations of its staff when acting as a referee, including what information they can disclose.

Monitoring compliance

Monitoring compliance with employment screening helps identify risks and assure an agency that its processes are working.

Most agencies have strong controls to monitor compliance with police checks, but not for other important employment screening activities. In particular, agencies lack monitoring over role-specific checks, such as mandatory qualification checks and executive officer declarations.

Agencies do not have risk-based compliance and quality assurance processes, such as periodic reviews of recruitment files, that cover all aspects of employment screening.

No agency has a comprehensive checklist or process that requires hiring managers to confirm they have completed all relevant employment screening checks.

Without the ability to detect candidates who have not completed all relevant employment screening checks, agencies may employ candidates who are not suitable.

2.3 Managing adverse screening outcomes

The audited agencies do not automatically exclude candidates with an adverse employment screening check result. All agencies, excluding DELWP, have a documented process for assessing an adverse screening outcome, which primarily relates to a candidate with a criminal history. 

To assess an adverse employment screening check, agencies use a panel that typically includes a representative from human resources, an executive director and potentially the hiring manager. The panel assessment considers:

  • the nature, severity and frequency of the offence
  • the length of time since the offence took place
  • whether the candidate committed the offence as a juvenile or as an adult
  • any mitigating or extenuating circumstances
  • the type and severity of any penalty imposed
  • the relevance of the offence to the role they have applied for (for example, an information, financial and safety risk to the agency or the agency’s clients)
  • the candidate’s character since the offence (for example, a steady employment record and favourable references from recent employers).

Based on this assessment, the Secretary, Commissioner or a delegated authority, such as a Deputy Secretary or Executive Director, decides whether the candidate is suitable for employment. At DELWP, DET and DJCS, policies and procedures relating to adverse screening outcomes do not clearly state who is responsible for deciding whether the adverse screening outcome prevents employment. Figure 2H summarises agencies' processes.

Figure 2H
Policies and procedures for managing adverse screening outcomes

Policy requirement

DELWP

DET

DHHS

DJCS

DJPR

DoT

DPC

DTF

VPSC

Documented process to assess adverse screening outcome

Partial(a)

Responsibility for conducting assessment and making a recommendation is clear

Decision-making responsibility clearly stated

Avenues of appeal available to internal and external candidates

Partial(b)

Partial(c)

(a) Process exists but not documented in policy/procedure.
(b) Documented in the Safety Screening Assessment Form, but not in a policy/procedure.
(c) Request for re-confirmation and further checking available if initial result disputed but avenues of appeal for assessment decision not stated in policy/procedure.
Source: VAGO. 

Managing adverse screening outcomes at DHHS, DPC and DTF

We examined whether DHHS, DPC and DTF comply with their policies and procedures relating to adverse screening outcomes. 

Figure 2I shows that DHHS deviated significantly from its procedure in six of the 17 files we reviewed (35 per cent). These files did not have a completed assessment form, which means there is no record of what factors the panel considered, the reason for the final decision and ultimately whether the candidate was suitable for the role. Of these six, five resulted in the candidate not being employed. This creates a risk for DHHS if a candidate contests a decision, or if concerns arise about a hired candidate’s suitability.

DPC followed its procedure in eight out of 10 files we reviewed (80 per cent). In the other two files, DPC’s assessment panel only included two of the three required members.

Figure 2I
Compliance with procedures for managing adverse screening outcomes, 1 July 2017 to 30 June 2019

Figure 2I Compliance with procedures for managing adverse screening outcomes, 1 July 2017 to 30 June 2019

Note: For DHHS we randomly selected a number of files due to a large number of files available. DTF and DPC had smaller numbers of adverse screening outcomes, so we examined all files.
Source: VAGO.

The departments employed some, if not all, of the candidates with an adverse screening outcome, as shown in Figure 2J.

Figure 2J
Adverse screening outcome and employment, 1 July 2017 to 30 June 2019

Figure 2J Adverse screening outcome and employment, 1 July 2017 to 30 June 2019

Note: For DHHS we randomly selected a number of files due to a large number of files available. DTF and DPC had smaller numbers of adverse screening outcomes, so we examined all files.
Source: VAGO.

2.4 VPS-wide employment screening policies

If consistently implemented, VPSC’s VPS-wide pre-employment screening policy will help ensure consistent practices and reduce fraud and corruption risks during recruitment. We outline the key features of the policy below.

Key policy feature

Details

Candidate statutory declaration

This requests the candidate to disclose:

  • termination for misconduct in any previous role
  • history of substantiated misconduct (last seven years for VPS employees and 10 years for executives)
  • involvement in any open misconduct investigations
  • resignation during a misconduct investigation
  • accuracy of their application.

Candidate consent form

This allows the prospective employer to:

  • gather information and check the accuracy of information provided by the candidate
  • contact the candidate’s current and previous employer to verify their employment history, including past conduct and performance.

General employment screening guidance

Guides agencies to:

  • take a risk-based approach to screening when planning recruitment, by considering the inherent requirements and related risks of the role
  • validate candidates’ declarations
  • respond to adverse conduct history.

We found that while the policy intends to set a minimum standard for pre employment screening, it focuses primarily on a candidate’s misconduct history. This is not consistent with the pre-employment screening detailed in the Standard, which covers all aspects of pre-employment screening, such as police, reference and qualification checks. 

VPSC publishes other guidance material related to employment screening, such as its online Guidance for conducting police checks March 2015. However, this guidance, along with VPSC’s recruitment policies and procedures, does not provide an integrated, comprehensive source of information on pre employment screening for agencies. 

We also found that agencies often misinterpret the intent and scope of the policy. We summarise the key gaps and issues with the policy requirements below.

Policy requirement

Gap/issue

Application of policy to internal candidates

The policy clearly states that pre-employment screening requirements are based on the risks and requirements of a position. However, it does not explicitly state that pre-employment screening applies equally to internal and external candidates

Minimum standard for pre-employment screening in the VPS

The policy aims to set a minimum standard for pre-employment screening but focuses primarily on misconduct. Other VPSC guidance on some aspects of pre-employment screening has not been integrated into the policy.

Declarations of past misconduct history

Agencies can use employment termination agreements, known as deeds of release, which can include confidentiality clauses. These clauses can prevent a candidate from disclosing a past misconduct matter. VPSC acknowledges that this can present integrity risks for future employers.  

Currently, candidates can select ‘do not know/cannot answer’ on declarations, but there is limited practical guidance for agencies on how to manage this type of declaration, aside from ensuring they maintain confidentiality.

Validating misconduct declarations

This involves contacting the candidate’s previous employer to make sure their declaration is correct

The revised VPS pre-employment screening policy clearly instructs agencies to take a risk based approach to validating misconduct declarations. However, it does not specify that this includes validating declarations where no history of misconduct has been disclosed.

Candidate’s consent to contact past employers to substantiate employment history and past conduct and performances

Guidance is not clear as to whether this allows prospective employers to contact non nominated referees, or if the consent only relates to validating misconduct declarations.

In September 2019, VPSC established the VPS pre-employment screening implementation working group, to consult with VPS agencies and generate best practice solutions for operational issues related to the policy. The working group has established a central contact point for each agency, which prospective employers can contact to validate a misconduct declaration. This streamlines the process and helps maintain the privacy of individuals involved.

Implementing the VPS executive pre-employment screening policy 

We examined if agencies had implemented the VPS executive pre employment screening policy. At the time of our audit, the policy had been mandatory for all VPS departments for 10 months. 

Only DET, DoT, DPC and VPSC have clearly defined the executive pre employment screening requirements in their recruitment policy and procedures. This creates the risk that the other agencies will not fully implement the executive pre-employment screening policy and they may not know about a candidate’s misconduct history before employing them. 

Compliance with the policy at DHHS, DPC and DTF

We analysed implementation of statutory declaration and consent forms at DHHS, DPC and DTF from 30 October 2018, when the policy began, to 30 June 2019. This involved reviewing 14 recruitment files at DHHS, 17 at DPC and two at DTF.

The departments varied in their level of compliance, as shown in Figure 2K. Overall, 48 per cent of new executives did not complete the statutory declaration and consent form. Of these, more than half were internal candidates. This highlights our finding that the scope of the policy was not clear, as it did not explicitly state that pre-employment screening applied to internal candidates.

Figure 2K
Executives’ completion of statutory declarations and consent forms, 30 October 2018 to 30 June 2019

Figure 2K Executives’ completion of statutory declarations and consent forms, 30 October 2018 to 30 June 2019

Source: VAGO.

2.5 VPS HCM system

The proposed HCM system, which is in the early design phase and scheduled to start implementation in 2020–21, aims to incorporate employment screening requirements into the recruitment process.

If successfully implemented, agencies could use the HCM system to access relevant employment-related information about current and former VPS employees. This could reduce duplication of checks as employees move between agencies. For example, the HCM system could provide a central record of an employee’s:

  • police check date and receipt number
  • reference checks
  • reason for departure
  • eligibility for employment
  • role-specific checks, such as mandatory qualifications and WWCC.

It is important that DPC and the HCM project team continues to work with the VPSC and VPS agencies to ensure the HCM system improves employment screening practice, is consistent with the Standards and VPS-wide policies, and does not create information privacy risks.

2.6 VPS employees with misconduct history

Having accurate information about a candidate’s past performance and conduct is critical to recruiting the right person. This includes information about any involvement in misconduct investigations.  

We assessed the risk of the audited agencies re-employing ex-VPS employees with a misconduct history by:

  • obtaining misconduct data from each audited agency from 1 July 2015 to 30 June 2019. This included employees who were:
    • terminated for misconduct
    • resigned during a misconduct investigation
  • comparing this data against payroll data for each audited agency in 2017–18 and 2018–19 to identify if any of these employees were re employed in this period.

We found that nine of 205 employees (4 per cent) were re-employed in the VPS after being terminated for misconduct or resigning during a misconduct investigation. Figure 2L summarises this. 

Figure 2L
VPS employees re-employed after being terminated for misconduct, or resigning during a misconduct investigation

Figure 2L VPS employees re-employed after being terminated for misconduct, or resigning during a misconduct investigation

Source: VAGO, from data provided by audited agencies.

These findings do not prove that the employees involved provided false or misleading information during recruitment. It is important to note that:

  • until recently, candidates did not have to declare past misconduct matters
  • the candidate may have disclosed their misconduct history during recruitment, and the hiring manager may have assessed that this did not affect their suitability for the role
  • resignation during a misconduct investigation is not prohibited and does not mean that the employee was guilty of the alleged conduct.
Agency-specific practices

Reference checks and the mandatory statutory declarations of misconduct history are the main ways a hiring manager can identify a candidate’s past misconduct. The following agencies have taken further steps to reduce the risk of employing a candidate without identifying any past misconduct. 

DET

DET’s employment limitation policy allows it to restrict an individual’s eligibility for employment with DET. It applies employment limitations on former employees dismissed for substantiated misconduct and those who resign during a misconduct investigation. An employment limitation check can provide an additional layer of assurance that a preferred candidate is suitable for employment.  

DET records employment limitations in its payroll system. Preferred candidates cannot be entered into the payroll system if they have an employment limitation. It is the hiring manager’s responsibility to check with payroll to ensure that a preferred candidate does not have an employment limitation.

DHHS and DJCS

DHHS and DJCS have the following processes to check the misconduct history of current or former employees:

  • DHHS’s referee check template prompts hiring managers to contact the relevant People and Culture team to check for misconduct history.
  • DJCS’s Recruitment Services crosschecks the workplace relations database weekly to identify all candidates who are current or former DJCS employees with instances of misconduct and poor performance recorded.

These processes help hiring managers determine a candidate’s suitability for the role.

2.7 Conflicts of interest during recruitment

Identifying, declaring and managing a COI is necessary to ensure a fair and transparent recruitment process. If recruitment panel members do not declare a COI, their decisions may not be objective. Recent investigations from IBAC and other integrity bodies around Australia have highlighted recruitment as a high risk area for COI.

COI policy and procedures

We reviewed the COI policies and procedures in all audited agencies. We found that all nine agencies had a COI policy that required employees to avoid wherever possible, or identify, declare and manage any COI. 

While all agencies identified recruitment as a high-risk activity in their COI policies, we found that aside from DELWP, this did not translate into thorough recruitment and selection policies and practices that reduce the COI risk. Figure 2M summarises our findings.

Figure 2M
Incorporating COI risks into recruitment and selection process

Policy requirement

DELWP

DET

DHHS

DJCS

DJPR

DoT

DPC

DTF

VPSC

COI risks incorporated into recruitment and selection policies

Partial(a)

Partial(a)

Clear process for selection panels to identify, declare and manage any COI prior to interview stage

Partial

(a) Recruitment policy states processes must be conducted in line with the COI policy but provides no other guidance.
Note: During the audit, DHHS and DPC improved their process for selection panels to identify, declare and manage COI, and they are implementing this revised process.
Source: VAGO, based on information provided by agencies.

Agencies that do not have a clearly documented process for selection panels to follow, increase the risk that a COI will not be identified or declared. Of particular note, only DELWP, DJCS, DPC and VPSC require the selection panel to declare a COI prior to the interview process commencing. The lack of COI controls during recruitment poses a critical integrity risk and is particularly concerning for agencies involved in commercial decisions or large projects.

We were unable to audit compliance with COI policies and procedures at DHHS, DPC and DTF. This is because the three agencies do not have clearly documented processes for selection panels to declare, record and manage any COI.

COI training

Training and instruction provided to managers

We found inconsistent practices across the audited agencies for training managers about COI in recruitment. 

While all nine agencies made their COI policy available online, only DET and DJCS provide COI training that has a focus on recruitment risks. In both these agencies, training modules include specific examples for selection panels to identify, declare and manage any COI during recruitment. These agencies also require at least one member of the selection panel to have received the training and DET requires that each panel member indicate on the selection report whether they have received the training.

DPC is currently reviewing its COI training to include specific recruitment risks and the other agencies either do not provide any formal COI training, or the training does not include a focus on recruitment. 

Back to Top