Biden promises more union jobs
Front page of Victoria's Herald-Sun

Vic Govt Audit - $35M Unified Security contract breached procurement policies, improper contact with Trades Hall

DJPR did not fully follow its procurement policies and procedures when it engaged a service provider to deliver security services for the Hotel Quarantine Program.

DJPR breached market confidentiality when it contacted Trades Hall to discuss security services for the Hotel Quarantine Program.


3.2 Background

Victorian Government Purchasing Board policy states that during a critical incident, an organisation may adopt streamlined and flexible procurement processes to facilitate an immediate response to an emergency, crisis, or disaster.

COVID-19 Hotel Quarantine Program

On 16 March 2020, in response to the serious public health risk posed by COVID-19, the Victorian Minister for Health declared a State of Emergency under the Public Health and Wellbeing Act 2008. At the time of writing, the declaration is in force until 26 August 2021.

On 27 March 2020, the National Cabinet agreed that, from 11:59 pm on 28 March 2020, all travellers arriving in Australia would undertake mandatory 14-day self isolation at designated facilities.

On the same day, the Victorian Premier announced Victoria would accommodate its returned travellers in 5 000 hotel rooms. The Victorian Government expected the Hotel Quarantine Program to run 24 hours per day, seven days per week, for an indeterminate length of time, and for an indeterminate number of people.

DJPR handled the logistics of the Hotel Quarantine Program. In less than 36 hours, it identified hotels, arranged transport for travellers, and security to staff the Program.

DJPR's procurement policy

DJPR's procurement policy includes provision for management of procurement in the event of an emergency within the meaning of the Emergency Management Act 2013. We present these in Appendix E.

Under section 3.5.2 of DJPR's procurement policy (April 2019), a critical incident is automatic grounds for an exemption from the prescribed tender process. However, minimum record keeping and fundamental requirements in relation to probity remain in place.

State Purchase Contracts

State Purchasing Contracts (SPCs) are centralised contracts the Victorian Government uses to buy common goods and services. An SPC is designed to provide supplier choice and competition through a panel arrangement.

An exemption from a Mandatory SPC (s 3.5.3) and an exemption from the prescribed market approach because of a critical incident (s 3.5.2) are two different exemption processes.

Section 5.1 of DJPR's procurement policy includes information about SPCs and states 'where the scope of a mandatory SPC … satisfactorily meets the procurement needs, these must be used unless an exemption from using the SPC is sought and approved.'

Section 3.5.3 of DJPR's procurement policy explains that an SPC exemption must be 'approved by the Executive Director of Finance and Procurement and the relevant SPC category manager'. The SPC exemption process requires the Project Manager to put forward their rationale for the exemption to a member of the Strategic Procurement Unit, by email. If supported by the Executive Director of Finance and Procurement, the Strategic Procurement Unit will then submit the exemption request to the SPC lead department and advise the Project Manager of the outcome.

DJPR's procurement policy (April 2019) did not provide guidance on using an SPC during a critical incident.

In October 2020, DJPR updated their procurement policy. It now states that 'During a critical incident the department will continue to use State Purchase Contracts (SPCs) and State Purchase Registers (SPRs) where relevant.'

Security Services SPC

The security services SPC (1 February 2018 to 31 January 2022) offers security services for static guarding, patrolling, mail scanning and alarm response, and includes a no less favourable mechanism to protect the pay and condition of security workers. The conditions of its use are mandatory, and it offers five suppliers:

  • G4S Custodial Services
  • MSS Security (MSS)
  • National Protective Services
  • SECUREcorp (Victoria)
  • Wilson Security (Wilson).

DJPR signed a contract, for the delivery of security services to the Hotel Quarantine Program, with MSS, Wilson, and Unified Security Group (Unified). Unified is not on the security services SPC panel.

3.3 What we found


The timeline of events in the decision to establish the Hotel Quarantine Program, engage security services and establish contracts was short. The time from when National Cabinet agreed to establish the Hotel Quarantine Program to the time Unified signed a contract was 13 days.

Figure 3A illustrates the timeline of providing security services for the Hotel Quarantine Program.

FIGURE 3A: Timeline of security services for the Hotel Quarantine Program

DHHS timeline 2A v2.png

Source: VAGO.

DJPR engaged a supplier who was not on the SPC panel for security services

On Friday 27 March 2020, the Deputy Secretary, Delivery and Recovery (COVID 19) asked the Executive Director, Employment and Inclusion, to source security services for the Hotel Quarantine Program.

On the evening of 27 March 2020, DJPR staff considered which security companies they would engage for the Hotel Quarantine Program. In broad terms, they were seeking a company that:

  • was a good employer
  • had access to enough personal protective equipment
  • had the capability and capacity to scale up quickly.

They sought advice from the Employer Engagement Team, who provided the names of four security companies who were 'good employers', in the following order: Wilson, MSS, Unified and Monjons.

DJPR contacted Wilson and Unified. On the morning of Saturday 28 March 2020, Unified was the first to respond.

At a meeting on the morning of 28 March 2020, the Secretary confirmed that DJPR should proceed to engage Unified and Wilson. Unified was engaged to start work on Sunday 29 March 2020.

However, Unified was not on the Victorian Government's SPC panel for security services.

The DJPR staff who identified and engaged Unified told us they became aware of the SPC for security services three days later, on Monday 30 March 2020.

They also told us they had no training in procurement and no previous experience in procuring security services.

On 30 March 2020, DJPR also engaged Wilson and MSS, which are on the SPC panel for security services.

DJPR did not have an exemption from mandatory use of the SPC

On 30 March 2020, DJPR staff considered costings of security companies. They recorded that Unified was more expensive than Wilson and, separately, that SECUREcorp had the lowest rates, and Wilson had the second lowest.

DJPR amended its procurement policy in October 2020, which now requires the department to 'continue to use SPCs during a critical incident, and to complete a post incident brief within 30 days of the engagement.

On the same day, the DJPR staff who engaged Unified discussed the engagement with DJPR's procurement staff.

In line with procedure, a Strategic Procurement Specialist, Corporate Services, asked the Employment and Inclusion team to justify why Unified was engaged outside of the SPC, and to explain the rationale for continuing with them.

The Executive Director, Employment and Inclusion explained, in emails, that DJPR would continue the engagement with Unified because:

  • of the immediate need, and Unified's responsiveness
  • they were already in place
  • they are an Aboriginal-owned and controlled business.

DJPR procurement staff raised concerns that …

Which had the impact of …

So DJPR procurement staff advised that …

DJPR staff had engaged an entity that was not an SPC panel member

a significant risk to individuals and the department/government that is not easily mitigated

it is mandatory (and much simpler) to use the Victorian Government’s standing Security Services Contract for the procurement of the required security services.

While an exemption from using the Security Services Contract would allow Unified to be contracted, neither DJPR nor Department of Treasury and Finance (DTF) procurement recommended this option.

Unified had not undergone a due diligence process and had not agreed to the service standards as set out in the Security Services Contract

security companies on the SPC panel for security services provided the cheapest options

DJPR not seeking quotes from the supplier who provided the best value for money


DJPR and DTF procurement provided advice that DJPR should use entities on the SPC or apply for an exemption from the SPC, with the former being their preferred option.

DJPR staff continued their engagement with Unified to provide security services to the Hotel Quarantine Program.

DJPR asserted their view that an automatic exemption from a prescribed market approach under the critical incident policy meant that clause 3.5.3 did not apply. That is, it was automatically exempt from the mandatory requirements of using the SPC.

DJPR had an exemption from going to market

DJPR did have automatic grounds for an exemption from going to market because a State of Emergency had been declared in Victoria. On 11 August 2020, DJPR prepared a post incident brief noting an exemption from the prescribed competitive procurement process had been approved.

DJPR breached probity when its employee contacted Victorian Trades Hall Council

On 28 March 2020, notes from a meeting that included the Secretary and the Deputy Secretary, Delivery and Recovery (COVID-19), record that the Deputy Secretary, Delivery and Recovery (COVID-19) would ‘call trades hall re 2 companies’.

The Executive Director, Employment and Inclusion asserted that in the week of 30 March 2020, they spent time ‘ensuring that Trades Hall was comfortable with Unified continuing to be engaged on an ongoing basis’. On the same day, in an email, the Deputy Secretary, Delivery and Recovery (COVID-19) referred to some security companies as ‘preferred by Trades [Hall]’ (Wilson, MSS, ISS) and others as not (Unified).

DJPR told us that it is not unusual for them to contact Trades Hall and unions. Although DJPR contacted Trades Hall and the Deputy Secretary, Delivery and Recovery (COVID-19) knows which companies Trades Hall prefer, the information before us does not indicate that the purpose of the contact with Trades Hall was to identify 'preferred firms' for engagement and receive Trades Hall’s approval for the preferred firm. DJPR's use of Unified suggests that DJPR was not seeking approval from Trades Hall.

DJPR asserts that it did not share confidential procurement documents or information from suppliers with Trades Hall. However, when DJPR discussed the identity of security services and their performance with Trades Hall in the context of the Hotel Quarantine Program, it breached the probity principle of securing confidential market engagement information.

A lack of transparency and accountability in procurement

When DJPR engaged security services for the Hotel Quarantine Program it did not:

  • maintain records of the Secretary’s approval for the use of their signature on the Unified contract
  • provide guidance for staff signing contracts remotely
  • declare any conflict of interests in a timely manner
  • disclose the contract within 60 days.
Signing contracts

On 9 April 2020, following a request from the Secretary's executive assistant, the Director, Office of the Secretary, added the Secretary's signature to the Unified contract. When the Director, Office of the Secretary, responded they said they did not feel comfortable witnessing a signature they had added themselves.

In his statement to the Quarantine Board of Inquiry, the Secretary said they gave their authority for the contract to be signed, but no records of their approval have come to our attention.

On 15 April 2020, the Associate Secretary asked the Director, Office of the Secretary to arrange for someone to witness the Secretary's electronic signature. The Director, Office of the Secretary, told us they had no guidance on how to witness documents remotely and witnessed the Secretary’s electronic signature themselves.

Conflict of interest

DJPR's procurement policy requires that all staff involved in procurement activities be briefed on their responsibilities with regard to conflicts of interest, both before and during the procurement process.

DJPR staff did not declare any conflicts of interest when they started the process of engaging security services for the Hotel Quarantine Program. Two staff involved in the procurement later completed DJPR's electronic conflict of interest form. One submitted a form on 15 July 2020 (109 days after Unified started). The other submitted a form on 27 July 2020 (121 days after Unified started). Their managers reviewed the forms on 11 and 12 August 2020, respectively. Both staff members declared they had no conflict of interest in this procurement.

DJPR told us that individuals who are not directly involved in the procurement process do not need to complete a declaration of conflict of interest. They told us, for this reason, neither the Deputy Secretary, Delivery and Recovery (COVID-19) nor the Executive Director, Employment and Inclusion made a declaration of any conflicts. Yet the Executive Director, Employment and Inclusion was integral to the decision to engage Unified between 27 and 30 March 2020.

Contract disclosure requirements

DJPR's procurement policy has a mandatory requirement for contracts with total estimated value equal to, or exceeding, $10 million (GST inclusive) to be fully disclosed on the Contracts Publishing System within 60 days of contract award.

DJPR did not disclose its contract (for hotel quarantine security services provided for 94 days, between 29 March 2020 and 30 June 2020) with Unified on the Buying for Victoria website until 7 September 2020 or 147 days after it awarded the contract. However, DJPR is yet to fully disclose the contract value due to ongoing litigation with Unified (that relates to this contract). Between 20 April 2020 and 31 July 2020, DJPR paid Unified $35.2 million for services provided to the Hotel Quarantine Program. DJPR told us it is yet to reach an agreement for the final contract amount.

3.4 What we recommend

We recommend that the:   Response
Department of Jobs, Precincts and Regions 1. revises its critical incident procurement policy so that it takes into account value for money, accountability and probity, to the extent possible under the circumstances, and includes:
  • accessible information and guidance for staff
  • procurement's role in checking and reviewing procurement decisions and record keeping during and following critical incidents.
2. provides training and communications for staff so that they follow procurement policies and procedures and:
  • implement probity procedures
  • maintain contract confidentiality
  • maintain transparency and accountability in procurement.
  • adhere to contract disclosure requirements
  • declare any potential, perceived or actual conflicts of interest when participating in a procurement.
  • use State Purchase Contracts when available.
3. provides guidance and procedures for staff working remotely to:
  • seek approval (signatures)
  • witness signatures
  • ensure records of approval are maintained.

Back to top