Skip to main content
General ProbityProbity

Strengthening Controls on Engagement of Advisors

By October 3, 2023No Comments


A recent and widely reported confidentiality breach by an employee of a large consulting company raises important questions about the controls in place when public sector agencies engage external consultants and advisors. Long-standing assumptions that individuals and organisations would respect confidentiality agreements and foster an ethical work environment have been called into question. This article discusses the need for enhanced controls in engagements between public sector agencies and suppliers.

Key themes.

Previously public sector agencies relied on an assumed high ethically-rich environments within suppliers’ business environments and consequently rated potential breaches of probity controls (for example confidentiality controls, conflict of interest controls) as low risk. This assumption in itself, can no longer be relied upon.
To minimise the risk of probity breaches, public sector agencies should assume, until demonstrated otherwise that:
  1. Suppliers’ staff typically have a low understanding of probity, especially as it applies to dealings with public sector agencies; and
  2. Suppliers’ business environments lack appropriate controls to complement public sector agencies’ probity requirements.
This article discusses some strategies which can be adopted by public sector agencies and by suppliers to assist in the risk mitigation.


The recent and highly public incident involved an individual who breached a confidentiality agreement signed with the Australian Taxation Office (ATO). This breach has significant implications, revealing gaps in the current systems that aim to preserve confidentiality and ethical conduct. While this was the action of an individual, the internal culture within the consulting company appeared to be complicit:
  • It did not detect and correct the breach in a timely manner.
  • The organisational culture appeared to encourage such behaviour.
  • It lacked provisions that encourage internal whistle-blowers to speak out.
  • It compromised transparency and auditability within the firm.
While this recent incident involved a breach of a Confidentiality Agreement, other incidents have identified areas such as:
  • Conflicts of Interest – which include the supplier:
    • providing services to the public sector agency as well as bidders in a market process.
    • providing services to a number of bidders in a market process.
    • has provided services to a public sector agency in an earlier stage of a market process and wants to participate in later stages as a bidder (or part of a bid team).
  • Offers of gifts, inducements including offers of employment, social functions and other hospitality.
Most public sector agencies outline expectations regarding probity, ethical behaviour and confidentiality in documents such as Supplier Code of Conduct and Ethical Business Relationship Statement. They broadly expect suppliers to:
  • Protect and prevent the release of commercial-in-confidence information.
  • Act ethically and comply with all legal requirements.
The increased risk drives the need to design and implement more effective controls. Controls are usually identified as supporting key objectives. These include:
  • Engaging suppliers who have demonstrable probity and ethically rich environments which complement public sector agencies’ probity rich environment.
  • Breaches of probity by engaged suppliers are minimised or can be effectively identified and managed.

Most public sector agencies typically implement probity rich environments through controls in standard business practices and additional transaction specific controls set out in transaction specific Probity Plans.

Currently, though, controls to identify and minimise risk prior to engagement of suppliers have been lacking. The effectiveness of controls within a supplier’s environment should be rigorously verified before engagement – that is, as part of the evaluation criteria. As an evaluation criteria, it can be assessed as “does not meet/meets/exceeds” requirements. It can be scored and therefore contribute to the overall score. Suppliers with environments which are rich in probity and business ethics controls will score better than those whose environments do not and hence improve the supplier’s chances to win a bid. This will provide an incentive to suppliers to (a) put reasonable controls in place; and (b) maintain those controls to an effective working order.

Expected Business Operating Environment Controls

Suppliers should actively promote an ethical business environment within their organisation. Key controls could include:
  • Staff Training:
    This should cover business ethics, probity, handling confidential information, and addressing conflicts of interest at both personal and business levels.
  • Confidentiality Agreement Procedures:
    Effective management of confidentiality agreements (CAs) should be centralized, with senior executives acknowledging all CAs in place.
  • Conflicts of Interest:
    where the conflict exists for individuals from the supplier working on an engagement.
    where the conflict exists for the supplier working multiple but potentially conflicting clients.
  • IT Security:
    Robust IT provisions should be in place to secure confidential information.
  • Whistle-blower Policies:
    Employees should feel safe to report unethical behaviour without fear of retaliation.

Demonstrating Commitment to high levels of Probity

In the immediate future, we see this as simply providing information requested in a returnable schedule, in a similar manner as that provided for ESG, Workplace Safety and similar policy information.
In the future, the Government should also consider an accreditation scheme. Perhaps not to the same level of complexity as ISO 9000 but a simpler approach which can be either self-assessed or assessed by approved providers. This assessment could be similar to the ELM Probity – Supplier Probity Environment Assessment. The ELM Probity – Supplier Probity Environment Assessment is a document and interview-based audit of probity controls within a supplier’s business environment.
Further information about the ELM Probity – Supplier Probity Environment Assessment can be found here Probity Rich Environments.

Supplier Staff Training

Suppliers often provide training to their staff in their specific business environments. In many cases this training takes the form of initial induction training and sometimes is included in the employee’s ongoing performance and development plan. Training and awareness programs for business ethics are a good thing.
Public sector organisations usually have heightened probity environments, especially surrounding financial transactions such as procurement and divestment. This demonstrates a need for supplier staff to become familiar with the controls in those environments and their obligations when providing services within those environments. Suppliers are generally expected to read and understand Probity Plans, Transaction Strategies and similar documents which describe the controls and obligations within specific environments. To do this effectively requires a basic understanding of public sector probity – what it means to the public sector organisation, what suppliers should look for and how suppliers should operate within those probity rich environments.
The ELM Probity – Probity Training for Suppliers to Government is such a course. This course will provide suppliers’ staff with an understanding of public sector requirements for Probity when dealing with suppliers. A good understanding of public sector probity requirements and how best to provide these will help position the supplier organisation as a low-risk provider and demonstrate to the Government that the supplier understands and respects the need for operating in a probity rich environment.


The recent incident serves as a wake-up call for both governmental bodies and suppliers. The effectiveness of current controls like confidentiality agreements must be rigorously scrutinized and updated to safeguard against future lapses. Firms like ELM Probity play a critical role in this landscape, offering solutions to build more secure, transparent, and ethical engagement practices.
It’s not just about putting controls in place; it’s about fostering a culture where those controls are respected and continuously improved.