Wednesday, 10 May 2023
Defence Capability Assurance and Oversight Bill 2023; Second Reading
That this bill be now read a second time.
I seek leave to table an explanatory memorandum relating to the bill.
I table an explanatory memorandum and seek leave to have the second reading speech incorporated in Hansard.
The speech read as follows—
The Defence Strategic Update (DSU) 2020 and the Defence Strategic Review (DSR) 2023 detail the strategic circumstances of this decade—and beyond—which require Australia to take timely, risk-informed decisions to establish the military capability necessary to underpin a national defence strategy. This will require the procurement of a wide scope of advanced technology in a compressed timeframe. Australia cannot afford to waste time or money commencing—or attempting to remediate—projects that will not deliver the required military-response-options to Government. If we are to succeed in this rapid build-up of military capability, Defence and Government must have a high degree of confidence in the veracity and completeness of the information they use to make timely, risk informed decisions.
The First Principles Review (2015) in recommending a "Smart buyer" approach, made the assumption that a Test & Evaluation (T&E) capability exists such that Defence can assess "whether risks and interdependencies have been identified and managed". Defence has long had dedicated policies outlining why T&E is important. They define it as a key systems engineering tool to identify risk and inform risk-based decisions, detailing how it should be used in acquisition, sustainment and force generation. Despite the extensive policy and process, Defence has struggled to effectively, objectively and consistently incorporate T&E into decision making across the capability life cycle.
In almost every review of Defence procurement there has been a negative assessment of how Defence employs T&E. Consistent themes include difficulties creating and sustaining an experienced workforce; the lag and surge of experience in projects which makes it difficult to apply effective T&E early in the capability life cycle (e.g.: defining requirements); poor coordination between the various stakeholders in Defence T&E (including industry); poor investment in T&E infrastructure; and, a lack of accountability to ensure that Defence consistently uses T&E effectively to identify, report and manage risk.
This Bill will enact measures that rectify systemic deficiencies—highlighted in a number of Australian National Audit Office (ANAO) and Parliamentary reports—that remain in the current procurement system. It establishes an independent statutory body responsible for assessing the complex risks associated with materiel procurement and sustainment, including but not limited to technical risks pertaining to performance and certification. This body, known as the Defence Capability Assurance Agency (DCAA), will enable the effective and timely acquisition and sustainment of the defence materiel required to underpin a national security strategy.
Before detailing the provisions of this Bill, allow me, in response to feedback on the exposure draft, first outline what it is not.
Some have expressed concern that the Bill might create a new layer of process and red tape, impeding the timely delivery of equipment to the war fighter. To the contrary, this Bill simply ensures that the basic principles of systems engineering—which are already part of defence materiel policy—are implemented effectively by people who have the necessary qualifications and experience to make a comprehensive assessment of risk which is reported in a timely, unbiased, and transparent manner to decision makers.
The Bill is not about outsourcing T&E to industry. Indeed, the Bill highlights the importance of Defence having personnel and entities competent to conduct T&E, building on their recent operational experience. In the aerospace field for example, Defence pays between $1m and $2m for an individual with an operational background to become qualified as a flight test professional and each service—Army, Navy and AirForce—has traditionally maintained specialist T&E units as capability enablers. Across the various defence domains however—including air, land, sea, cyber and more recently, space—the level of investment in training and retaining T&E professionals is not consistent and, in some cases, is non-existent. The Bill creates a framework to close some of these gaps within defence, but also sees value in a partnership with industry as a viable way to maintain depth of expertise in the T&E workforce and the capacity to scale rapidly as circumstances require.
Finally, the existence of an independent quality assurance function is not a new concept nor is it an unnecessary overhead. The medical field provides a useful example. If the task at hand is neurosurgery, then an orthopaedic surgeon, although highly competent with qualifications and experience in the same "generic" profession, would not get the nod from either the Royal Australasian College of Surgeons nor the Medical Board to conduct the surgery. Similarly, the Bill makes the point that someone who is highly competent as a maintenance engineer or operational commander is not automatically the best person to assess technical risk in materiel acquisition and sustainment. Because decision makers need to have a high degree of confidence in the veracity and completeness of the information they base their judgement on, the Bill creates an assurance that the people assessing the risk are competent to undertake that particular task.
Independent quality assurance is also of particular importance when a large Government organisation operates behind valid layers of secrecy such that their performance and compliance with legislation, regulation or policy is not apparent to the tax-payer or the Parliament. The role of the Inspector-General of Intelligence and Security (IGIS) with Australia's national intelligence community is a well-respected and successful assurance framework which provides a good example. Whether focused on workforce competence or intelligent adherence to approved policy, assurance measures guard against the diminution of task-specific competence and professional practice which occurs over time due to posting cycles, financial pressures and the loss of corporate memory. This problem is not unique to defence, as inquiries into the loss of the Space Shuttle Columbia, RAF Nimrod XV230 and the Boeing Max aircraft highlight.
Far from introducing red-tape and unnecessary overheads, the key aim of the Bill is to make matériel procurement faster, better and cheaper within a framework that provides assurance that the weapons systems we acquire will do what we expect them to, will be available for use when required and will be effective against extant and emerging threats. Based on the First Principles Review and actions taken by AUKUS partners in respect to risk assessment, the core principles underpinning the DCAA include:
Independence. The risk identification function must be independent so that assessment is made without bias or influence (intended or unintended). Independence also ensures that the assessor of risk has a voice (NB not a veto) that is heard at each decision-making level of the capability life cycle.
Task-specific competence. Government must ensure personnel with the right training and skills are employed to identify and manage risk. Task-specific competence is a matrix of qualifications and experience that are directly relevant to the task at hand.
Transparency. Previous inquiries highlight that risk assessors working within Defence face various barriers (individual or organisational) that influence whether decision-makers actually get to consider their assessments. Given the costs and national security implications, the taxpayer deserves to know that decisions are being made on the basis of accurate understanding of risk.
Accountability. The DCAA will be underpinned by an audited and enforceable requirement that Defence engages the Agency to evaluate risk across the capability life cycle. DCAA reports are to be specifically included in briefs provided to project managers, Gate reviews, Defence Investment Committee and the National Security Committee of Cabinet.
The DCAA will not duplicate Defence policy relating to T&E but ensure that such policy is implemented consistently and effectively by suitably qualified personnel. Although the DCAA will be responsible for the conduct of T&E, it is not intended that the DCAA will replace T&E entities within Defence where they exist, particularly where T&E intersects with other regulatory frameworks e.g.: airworthiness or seaworthiness. Instead, it is intended that the DCAA will exercise technical control to ensure that existing entities (and those that develop with emerging technology, including where T&E is provided by industry) work to internationally recognised standards for T&E and are supported by Defence with agreed resources.
The DCAA will work with Defence to facilitate an agreed framework to develop and sustain a competent T&E workforce and fit-for-purpose T&E infrastructure. At a strategic level the DCAA will use the Integrated Investment Program (IIP) to provide expert advice regarding the scope and scale of T&E investment required to grow and sustain the people and infrastructure required to enable the objectives of the IIP. The DCAA will provide an input to future updates to the IIP. At the individual project level, the DCAA will work with Defence to agree any variations to T&E required as specific materiel solutions are tendered.
Where an existing Defence T&E entity is the most suitable for a task, it is intended that the entity would be assigned to the DCAA for the conduct of T&E in support of that task—analogous to a military unit being "force assigned" to Joint Operations Command. This allows the DCAA to ensure that T&E is conducted utilising the most effective and efficient workforce that is competent for the task. Where Defence does not have an existing T&E capability (or capacity) relevant to a domain, the DCAA will provide competent T&E personnel who meet the relevant qualifications and experience requirements to undertake the T&E function for a given phase of acquisition. The DCAA will do this through the engagement of other industry personnel or entities, or where appropriate (e.g.: when required at very short notice) from staff working within the DCAA T&E Centre of Excellence.
This Bill provides for an agreement (expected to be long-term in nature) with an Australian industry partner. The industry partner will provide depth of domain expertise to the DCAA and facilitate a consistent, comprehensive approach to T&E across the capability life cycle for all Defence systems and environments via four key functions:
Assurance and accountability will be accomplished by a program of audit to ensure that Defence is engaging and resourcing the DCAA (including Defence T&E entities) in a timely manner as well as responding transparently to the subsequent reporting of any identified risks at all levels of decision making. This function will be accomplished by appropriately skilled and security-cleared staff working as part of a small independent assurance office created by this Bill, to be known as the Inspector-General of Defence Capability Assurance (IGDCA), analogous to the IGIS.
Finally, the legislation creates a Parliamentary Joint Committee on Defence (PJCD) which would have amongst other tasks, oversight of the DCAA. A PJCD was a recommendation of two bi-partisan reports of the Joint Standing Committee on Foreign Affairs, Defence and Trade (JSCFADT) in November 2018 and April 2023. Established along similar lines to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), the PJCD would have the span of functions outlined in the 2018 and 2023 reports, as well as specific oversight over capability acquisition which would include Australia's involvement in AUKUS, and the operation of the DCAA and the IGDCA.
In summary, the DSU2020 and DSR2023 warn that the free world is once again facing the rise of totalitarian powers seeking to use coercive and potentially military measures to impose their will on other nations states. As Australia, along with like-minded partners accelerate our joint efforts to establish the military-response-options required by Government to deter aggression and defend the global rules-based order, we have no time or money to waste. The procurement reforms called for in Chapter 12 of DSR2023 will require effective and timely risk-based decisions which will only be possible if decision makers have a reliable assessment of risk. Despite two decades of internal reform attempts, Defence still struggles to effectively, objectively and consistently maintain a professional T&E workforce of qualified and experienced people, who are appropriately resourced, tasked in a timely manner and whose reports are dealt with in an unbiased and transparent manner.
This Bill implements an assurance framework that provides confidence to the men and women of the ADF, their commanders, the Government and the people of Australia that weapons systems we acquire will do what we expect them to, will be available for use when required and effective against extant and emerging threats.
I commend the Bill to the Senate.