180 likes | 330 Views
ASOSAI Working Group On Environmental Auditing. Auditing Climate Change Programs Administration of the National Greenhouse And Energy Reporting Scheme (NGERS) Mark Simpson Executive Director Australian National Audit Office Malaysia 18-20 September 2012. Introduction.
E N D
ASOSAI Working Group On Environmental Auditing Auditing Climate Change ProgramsAdministration of the National Greenhouse And Energy Reporting Scheme (NGERS) Mark SimpsonExecutive DirectorAustralian National Audit OfficeMalaysia18-20 September 2012
Introduction Four audits on climate change: • Audit Report No. 34, 2003–04, Administration of Major Programs, Australian Greenhouse Office; • Audit Report No. 26, 2009–10, Administration of Climate Change Programs; • Audit Report No. 27, 2009–10, Coordination and Reporting of Australia’s Climate Change Measures; and • Audit Report No. 23, 2011–12, Administration of the National Greenhouse and Energy Reporting Scheme – focus of this presentation.
Background and Audit Planning • National Greenhouse and Energy Reporting Act 2007 came into effect 1 July 2008 prior to Carbon Pricing Mechanism 1 July 2012. • Administered by the Australian Government Department of Climate Change and Energy Efficiency. • Single national reporting framework for data relating to greenhouse gas emissions and energy production. • 2011 - 775 corporations met threshold levels of emissions for registration for NGERS, but only 294 liable under Carbon Pricing Mechanism.
Background and context • The 100 corporations with largest direct greenhouse gas emissions (Scope 1) account for over 90% of total direct emissions reported.
Audit objective, scope and criteria • The objective: to assess the effectiveness of DCCEE’s implementation and administration of NGERS. • The audit examined whether DCCEE had: • effectively implemented the scheme; • managed the integrity, security and quality of scheme data; • streamlined reporting arrangements in line with the agreement by governments; and • monitored industry compliance with the provisions of the NGER Act.
Methodology • Review of key implementation risks and core compliance requirements of the NGER Act. • Examined planning, procedural, guidance and support documentation and files, interviewed departmental staff and stakeholders and reviewed the data collection, storage and analysis systems used. • Survey of the top 300 companies listed on the National Greenhouse and Energy Register (using an external service provider) enabled qualitative client data on the efficiency and effectiveness of the implementation process. This was further supported by interviews with a selection of businesses listed on the National Greenhouse and Energy Register. • An expert Information, Communications and Technology (ICT) firm was engaged to assess the security of the NGERS online reporting system in terms of privacy and confidentiality.
Audit conclusions • Substantial and complex undertaking – economy wide regulatory reform. • Challenging operating environment with regular changes in policy direction and a carbon price from July 2012 and an emissions trading scheme in 2015. • Workable scheme – a more accurate measurement of greenhouse gas emissions and energy use compared to previous surveys and programs. • A positive relationship with the majority of registered corporations. Over 50% of corporations indicated tangible benefits have been obtained from measuring their greenhouse gases and energy use.
Nevertheless, key aspects of administration require strengthening These include: • enhancing the integrity of reported greenhouse gas emission and energy use data; • improving data security; • better managing compliance with the regulatory requirements; and • streamlining reporting obligations as intended by COAG.
Data integrity • Data integrity is critical to the objectives of the NGER Act. • While registered corporations prepare and submit reports, DCCEE manages online reporting system and quality control and assurance. • Corporations’ reports – manual spreadsheets, poor record keeping, problems with contractors and the lack of materiality threshold. • Data quality of reports over the first two years of NGERS: • material errors and gaps in the data; • Year 1 (2008‑09) more than half of all reports to the department contained minor mistakes and about 1% had major errors; and • Year 2 (2009‑10) the department undertook a more in-depth validation process on the reports of 545 controlling corporations. Of the 545 reports analysed, 72% contained errors with 17% having serious material errors. • Resubmission process and data quality improvement strategy.
Data security • Strict provisions in the legislation for the Government to protect NGERS data. • ANAO used an IT consultant and conducted a penetration test. • 40 technical recommendations to DCCEE to improve the security. Eight of these recommendations were classified as high priority. Recommendations agreed and being implemented by DCCEE with completion expected by December 2011. • Security concerns related to matters such as: • formalising the security patch management process; • hardening the protection of the servers running online reporting; • limiting administrator access and privileges within the online reporting environment; and • ensuring that there is an adequate security around the network of private service providers with administrator access.
Streamlining Protocol • A Streamlining Protocol was signed by the Prime Minister and State Premiers in July 2009. • Designed to reinforce objective of NGER Act to reduce duplication of reporting and create a single national reporting framework. • No progress with most state governments two years after the Protocol was agreed (only Queensland/Northern Territory & Australian Capital Territory). • Tensions over: • potential conflicts in Commonwealth and state legislation; • controls over the release of sensitive, commercial-in-confidence information; • limited warranties over the quality of data; and • costs involved for state agencies in meeting Commonwealth confidentiality and disclosure standards.
Compliance • Implementation of compliance and audit slower than planned and constrained by limited resources. • DCCEE has been effective in achieving a reasonable level of compliance with registration requirements and in achieving a high rate of reporting. • Late reporting remains a challenge 23% of registered corporations submitting late reports from 2009-10. A total of 43 corporations had not reported at the beginning of June 2011 — seven months after the statutory deadline.
Cost of compliance • 2006 - Regulatory Impact Statement estimates maximum cost of AUD10 000 per corporation. • 2011 - for most corporations capital costs were from AUD5000 and recurrent costs from AUD1500. • The top 100 corporations (in terms of emissions) reported capital costs of up to AUD3 million and recurrent costs up to AUD1.5 million. • Ninety-three corporations (52.8% of respondents) indicated that measuring and reporting had tangible benefits.
Recommendations Three recommendations were made to: • reduce the compliance costs for industry by looking to introduce an appropriate materiality threshold/s for reporting by registered corporations. • address NGERS data sharing and access issues through a forum of relevant stakeholders and complete outstanding memoranda of understanding with data users. • meet the objectives of the Streamlining Protocol by involving relevant state and territory jurisdictions in progressing the agreed objective; and consulting with industry representatives to implement streamlining initiatives and to identify further streamlining opportunities. All recommendations were agreed by the auditee.
Impact and results • Assurance to Parliament that NGERS was a workable scheme to measure and report on greenhouse gas emissions. • Client survey - 70% of corporations rated the support and guidance provided by DCCEE as good to very good. DCCEE now has a benchmark for client surveys in the future. • Over 50% of corporations obtained real benefits from measuring emissions and energy use. Highlighted weaknesses in controls over fuel use and errors in electricity billing. • Data quality assurance and compliance being addressed. • Data security improvements implemented (40 recommendations). • Streamlining of multiple reporting obligations and cost of compliance being addressed.
Challenges • Methodology proved robust and reliable. • Involving private corporations in the audit process through focused survey questions supported the audit findings and bolstered the level of assurance provided to Parliament. • IT security testing had the potential risk of damaging the agency’s IT system. Testing on a clone of the system enabled the risk to be effectively managed. • Having the 40 IT security recommendations implemented prior to tabling also removed the problem of the report highlighting weaknesses in security that could be exploited by third parties.
Lessons learned • Timing of the audit prior to a major new policy assisted in providing an assurance to Parliament and gained the support of DCCEE. This outcome can not always be achieved because of competing priorities, but illustrates that timing can assist in gaining agency acceptance. • Achieving a sufficiently high response rate to surveys is very important to gain meaningful results. Focusing on a small number of key points very important. • Supporting surveys with face-to-face interviews and roundtables was very helpful in building case studies to illustrate systemic points. • Engaging industry can raise the profile of the role of performance audit as a public sector policy tool for improving program delivery.