Compliance Risk for Councilors of QLD Local Councils Using TechnologyOne (2025)

Overview

With the Canterbury-Bankstown Council fraud case still fresh in our minds and reports emerging that industry giant BHP faced a similar issue, procurement fraud is once again in the spotlight—a critical area where non-compliance can go undetected.

Through our work with multiple QLD government organisations using Technology One (TechOne), we have identified a systemic compliance risk where suppliers and contractors are engaged without legal protection every month.

We found that each organisations we worked with recorded hundreds of non-compliant engagements worth millions of dollars per quarter, which were undetected by TechOne and routine accounting audits. This leaves organisations exposed to financial, legal, and operational risks.

Exposure can be initially mitigated for as little as $10,000 and within 4 to 6 weeks—a fraction of the time and cost of investigating a single breach.

Risk Summary

Area of Concern: Financial & Procurement Compliance

TechOne is a financial reporting system, and its standard finance modules do not enforce contract validation. While additional supply chain modules exist to mitigate these risks, the reality is:

1️⃣ Organisations using TechOne are not implementing these modules to enforce procurement compliance. This means it does not verify if:
❌ Purchase Orders are raised against expired contracts
❌ Contracts belong to the correct supplier
❌ Contract spend exceeds authorised limits

2️⃣ Even when implemented, they are not always configured or used correctly, leaving gaps in enforcement.
❌ Suppliers are engaged despite having expired insurances
❌ Contract spend limits are not enforced within the system
❌ Approval workflows do not align with delegation of authority policies

3️⃣ People find workarounds outside the system, such as:

• Raising POs after work is completed.
• Submitting an invoice before a PO is raised.
• Engaging suppliers without proper approvals or valid contracts.
• Issuing blank POs with no pricing, quantity, or product/service description, allowing unrestricted spending.

Staff turnover and workload pressures increase the likelihood of non-compliant procurement practices, as new or overburdened staff may bypass processes to complete urgent work.

There is an assumption that having systems, policies, and audits in place means the risk is covered. However, data shows that current approaches do not address the root cause:

1. System controls do not detect procurement actions taken outside of the system, allowing non-compliance to continue.
2. Traditional audits sample a subset of transactions, but with hundreds of supplier engagements per month, non-compliance can occur frequently without detection.

Likelihood: Certain

Based on our analysis, multiple instances occur every month across every organisation.

Severity: Moderate

By bypassing established procurement processes, your organisation is exposed to contractual, financial, and compliance risks. Engaging suppliers outside of formal agreements means:

• No contractual protections, leaving the organisation vulnerable in disputes.
• No guarantee of agreed pricing, service levels, or performance standards.
• Increased exposure to liability, especially if unverified suppliers provide critical goods or services.

Unchecked, these risks can escalate, leading to financial losses, compliance breaches, and reputational damage.

Impact: of Non-Compliant Procurement Practices

Safety: Unverified Contractors on Critical Infrastructure

• Unverified contractors may lack proper qualifications, insurance, or WHS compliance.
• Increased risk of accidents, operational failures, and legal liability.
• Public safety concerns when working near employees or the public.

Contractual Risk: No Legal Protection

• Payments on expired or incorrect contracts mean:
  • No enforceable terms for pricing, performance, or liability.
  • Suppliers can overcharge, underdeliver, or ignore SLAs.
  • No legal recourse if a supplier defaults or fails to deliver.

Compliance: QPP Breaches & Audit Risks

• Non-compliance with the Local Government Act and misalignment with the QLD Procurement Policy (QPP) leads to:
  • Increased regulatory scrutiny and deeper audits.
  • Potential fines, forced remediation, and reputational damage.

Financial Control: Misreported Spend & Uncontrolled Commitments

• Lack of visibility into procurement spend affects:
  • Budgeting and forecasting accuracy.
  • Contract spend limits, leading to potential overruns.
  • Higher costs due to inefficiencies and potential fraud.

Personal Accountability: Councilor & Executive Liability

• Under the Qld Local Government Act there are key requirements:
  • Section 104: Financial Management Systems
    This mandates adequate measures to ensure compliance and sound contracting principles. 
  • Section 105: Auditing, including internal auditing
    The first requirement is that each local government must establish an efficient and effective internal audit function
    
    
• Potential consequences include:
  • Personally Libable for Funds.
    Under Section 110 (Councillors liable for improper disbursements) Councillors have to personally pay back any money that “is made without the approval of the local government” i.e. outside of the procurement process.
  • Ministerial Scrutiny
    Under Section 116 Recommendation to Minister the Minister can become involved and make findings public if the local government is not complying with the Local Government Act.
  • Sunspension & Supervision
    Under Section 122 Suspending or removing a Councillor the Minister can suspend or remove a Councillor
    
    

Cost Impact: Hidden Inefficiencies & Increased Procurement Costs

• Uncompetitive pricing and contract leakage increase procurement costs.
• Manual audits and reactive fixes drive up administrative workload.
• Long-term cost escalations with no added value to the organisation.

Mitigation Strategies

The best starting point is an independent Procurement Compliance Report which will pin-point the occurances so that you can address them immediately. We conduct these annually for QLD GOCs. The process takes 4 to 6 weeks and costs between $10k and $15k.

The most effective mitigation strategy combines increasing prevention through better systems, processes, and training, while also enhancing reporting to cover all engagements—not just a sample. A continuous feedback loop is ideal to ensure compliance issues are detected, addressed, and prevented from becoming recurring problems.

From easiest to most difficult, you can choose one or a combination of the following strategies, depending on your organisation’s needs, and TechOne configuration.

Reporting & Continuous Monitoring: Detailed Analysis

A) Periodic Comprehensive & Systemised Audit: 

• External & Independent 
• Analysis of all supplier engagements against current policies
• Delivered within 4-6 weeks
• Cost: $10k – $15k per report (Annual suggested as a minimum)
• Example: Procurement Compliance Report by Acquire Insights.

B) Constant Reporting: Spend Analysis & Compliance Tool

• External & Independent 
• Enables proactive monitoring of all procurement engagements and automates compliance reporting.
• Identifies cost-saving opportunities that procurement policies exist to create (i.e. pays for service)
• Setup with 4-6 months
• Annual cost ~$30k
• Example: SpendSphere.ai by Acquire Insights

Prevention: Strengthening Systems, Processes & Training

C) Process & Training: Increase training on current system use and alignment to policies.

D) System: Implement the TechOne Supply Chain Module (and Use It Correctly)

• Ensures contract validation and procurement controls are in place.
• Prevents non-compliant activities at the source.
• Requires: Proper setup, configuration, and enforcement of system rules.

Next Steps – Which Strategy is Right for You?

To purchase your Procurement Compliance Report or discuss the best mitigation strategy for your organisation, contact our Director, Simon Thompson on 0433 847 909.