Skip to main content

Compliance Risk for Directors of QLD GOCs Using TechOne (2025)

Risk Brief #2502

February, 2025 by Simon Thompson

Overview

Through our work with multiple QLD Government-Owned Corporations (GOCs) using Technology One (TechOne), we have identified a systemic compliance risk where suppliers and contractors are engaged without legal protection every month.

We found that each GOC we worked with recorded hundreds of non-compliant engagements worth millions of dollars per quarter, which were undetected by TechOne and routine accounting audits. This leaves organisations exposed to financial, legal, and operational risks.

Exposure can be initially mitigated for as little as $10,000 and within 4 to 6 weeks—a fraction of the time and cost of investigating a single breach.

Risk Summary

Area of Concern: Financial & Procurement Compliance

TechOne is a financial reporting system, and its standard finance modules do not enforce contract validation. While additional supply chain modules exist to mitigate these risks, the reality is:

1️⃣ Organisations using TechOne are not implementing these modules to enforce procurement compliance. This means it does not verify if:
 Purchase Orders are raised against expired contracts
 Contracts belong to the correct supplier
 Contract spend exceeds authorised limits

2️⃣ Even when implemented, they are not always configured or used correctly, leaving gaps in enforcement.
❌ Suppliers are engaged despite having expired insurances
❌ Contract spend limits are not enforced within the system
❌ Approval workflows do not align with delegation of authority policies

3️⃣ People find workarounds outside the system, such as:

  • Raising POs after work is completed.
  • Submitting an invoice before a PO is raised.
  • Engaging suppliers without proper approvals or valid contracts.
  • Issuing blank POs with no pricing, quantity, or product/service description, allowing unrestricted spending.

Staff turnover and workload pressures increase the likelihood of non-compliant procurement practices, as new or overburdened staff may bypass processes to complete urgent work.

There is an assumption that having systems, policies, and audits in place means the risk is covered. However, data shows that current approaches do not address the root cause:

  1. System controls do not detect procurement actions taken outside of the system, allowing non-compliance to continue.
  2. Traditional audits sample a subset of transactions, but with hundreds of supplier engagements per month, non-compliance can occur frequently without detection.

Likelihood: Certain

Based on our analysis, multiple instances occur every month across every organisation.

Severity: Moderate

By bypassing established procurement processes, your organisation is exposed to contractual, financial, and compliance risks. Engaging suppliers outside of formal agreements means:

  • No contractual protections, leaving the organisation vulnerable in disputes.
  • No guarantee of agreed pricing, service levels, or performance standards.
  • Increased exposure to liability, especially if unverified suppliers provide critical goods or services.

Unchecked, these risks can escalate, leading to financial losses, compliance breaches, and reputational damage.

Impact: of Non-Compliant Procurement Practices

Safety: Unverified Contractors on Critical Infrastructure
  • Unverified contractors may lack proper qualifications, insurance, or WHS compliance.
  • Increased risk of accidents, operational failures, and legal liability.
  • Public safety concerns when working near employees or the public.
Contractual Risk: No Legal Protection
  • Payments on expired or incorrect contracts mean:
    • No enforceable terms for pricing, performance, or liability.
    • Suppliers can overcharge, underdeliver, or ignore SLAs.
    • No legal recourse if a supplier defaults or fails to deliver.
Compliance: QPP Breaches & Audit Risks
  • Non-compliance with QLD Procurement Policy (QPP) leads to:
    • Increased regulatory scrutiny and deeper audits.
    • Potential fines, forced remediation, and reputational damage.
Financial Control: Misreported Spend & Uncontrolled Commitments
  • Lack of visibility into procurement spend affects:
    • Budgeting and forecasting accuracy.
    • Contract spend limits, leading to potential overruns.
    • Higher costs due to inefficiencies and potential fraud.
Personal Accountability: Director & Executive Liability
  • Under the Qd GOC Act 2001 (via the Corporations Act 1993), directors and officers (executives) are personally liable for governance failures via section 180 (duty of care and diligence) even when they don’t have direct knowledge of actions because they failed to investigate.
  • Potential consequences include:
    • Penalties, regulatory action, and disqualification risks.
    • Reputational damage impacting leadership credibility.
Cost Impact: Hidden Inefficiencies & Increased Procurement Costs
  • Uncompetitive pricing and contract leakage increase procurement costs.
  • Manual audits and reactive fixes drive up administrative workload.
  • Long-term cost escalations with no added value to the organisation.

Mitigation Strategies

The best starting point is an independent Procurement Compliance Report which will pin-point the occurances so that you can address them immediately. We conduct these annually for QLD GOCs. The process takes 4 to 6 weeks and costs between $10k and $15k.

The most effective mitigation strategy combines increasing prevention through better systems, processes, and training, while also enhancing reporting to cover all engagements—not just a sample. A continuous feedback loop is ideal to ensure compliance issues are detected, addressed, and prevented from becoming recurring problems.

From easiest to most difficult, you can choose one or a combination of the following strategies, depending on your organisation’s needs, and TechOne configuration.

Reporting & Continuous Monitoring: Detailed Analysis

A) Periodic Comprehensive & Systemised Audit: 

  • External & Independent 
  • Analysis of all supplier engagements against current policies
  • Delivered within 4-6 weeks
  • Cost: $10k – $15k per report (Annual suggested as a minimum)
  • Example: Procurement Compliance Report by Acquire Insights.

B) Constant Reporting: Spend Analysis & Compliance Tool

  • External & Independent 
  • Enables proactive monitoring of all procurement engagements and automates compliance reporting.
  • Identifies cost-saving opportunities that procurement policies exist to create (i.e. pays for service)
  • Setup with 4-6 months
  • Annual cost ~1 FTE
  • Example: SpendSphere.ai by Acquire Insights

Prevention: Strengthening Systems, Processes & Training

C) Process & Training: Increase training on current system use and alignment to policies.

D) System: Implement the TechOne Supply Chain Module (and Use It Correctly)

  • Ensures contract validation and procurement controls are in place.
  • Prevents non-compliant activities at the source.
  • Requires: Proper setup, configuration, and enforcement of system rules.

Next Steps – Which Strategy is Right for You?

To purchase your Procurement Compliance Report or discuss the best mitigation strategy for your organisation, contact our Director, Simon Thompson on 0433 847 909.